Two in one, patch lifetime powershell console, no more etw and amsi!
-
Updated
Jun 27, 2024 - Go
Two in one, patch lifetime powershell console, no more etw and amsi!
Generator of https://github.com/TheWover/donut in pure Go. supports compression, AMSI/WLDP/ETW bypass, etc.
code snippet provided demonstrates how to patch the EtwEventWrite function in the ntdll.dll library on Windows using CGO (C Go).
Event Tracing for Windows EDR bypass in Rust
Loads a C# binary in memory within powershell profile, patching AMSI + ETW.
⚡Fileless Stealer written in Python, Powershell Go and C++ languages, with a dedicated web-based GUI builder.
Add a description, image, and links to the etw-bypass topic page so that developers can more easily learn about it.
To associate your repository with the etw-bypass topic, visit your repo's landing page and select "manage topics."