Template-Driven AV/EDR Evasion Framework
翻译 - 模板驱动的 AV / EDR 规避框架
Lifetime AMSI bypass
PowerShell Script Obfuscator
JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
HTTP Server serving obfuscated Powershell Scripts/Payloads
Two in one, patch lifetime powershell console, no more etw and amsi!
Expeditus is a loader that executes shellcode on a target Windows system. It combines several offensive techniques in order to attempt to do this with some level of stealth.
This PowerShell script applies a memory patch to bypass the Antimalware Scan Interface (AMSI), allowing unrestricted execution of PowerShell commands.
AMSI ScanBuffer Patch with API Hook poc
Generate obfuscated PowerShell commands using XOR logic with random keys!
Loads a C# binary in memory within powershell profile, patching AMSI + ETW.
Repo containing PowerShell Download Cradles (oneliners)
Generator of techniques to evade AMSI in Windows. It uses random methods to generate code without signatures detectable by Windows Defender. Ideal for security research and AMSI bypass.
Patching AmsiOpenSession by forcing an error branching.
