Template-Driven AV/EDR Evasion Framework
-
Updated
Nov 3, 2023 - Assembly
Template-Driven AV/EDR Evasion Framework
Lifetime AMSI bypass
PowerShell Script Obfuscator
JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
HTTP Server serving obfuscated Powershell Scripts/Payloads
Two in one, patch lifetime powershell console, no more etw and amsi!
Lime Crypter Obfuscator Mod
Expeditus is a loader that executes shellcode on a target Windows system. It combines several offensive techniques in order to attempt to do this with some level of stealth.
This PowerShell script applies a memory patch to bypass the Antimalware Scan Interface (AMSI), allowing unrestricted execution of PowerShell commands.
AMSI ScanBuffer Patch with API Hook poc
Loads a C# binary in memory within powershell profile, patching AMSI + ETW.
Generate obfuscated PowerShell commands using XOR logic with random keys!
Repo containing PowerShell Download Cradles (oneliners)
Patching AmsiOpenSession by forcing an error branching.
Add a description, image, and links to the amsi-evasion topic page so that developers can more easily learn about it.
To associate your repository with the amsi-evasion topic, visit your repo's landing page and select "manage topics."