Skip to content
/ AmsiBypass Public

C# PoC implementation for bypassing AMSI via in memory patching

License

GPL-3.0 license
66 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xB455/AmsiBypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
img
img
 
 
Class1.cs
Class1.cs
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

AmsiBypass

C# PoC implementation for bypassing AMSI via in memory patching

Apply memory patching as described by Cyberark here:
https://www.cyberark.com/threat-research-blog/amsi-bypass-redux/

Write-Up on how to weaponize this with PowerShell can be found here:
http://ha.cker.info/weaponizing-amsi-bypass-with-powershell/

PoC execution

  • Build dll
  • Invoke it
  • Apply patch
  • ???
  • Profit!

About

C# PoC implementation for bypassing AMSI via in memory patching

Resources

Readme

License

GPL-3.0 license
Activity

Stars

66 stars

Watchers

2 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1

Languages