amsi

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

A PowerShell armoury for security guys and girls

Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.

CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.

Automated Tool That Generates The Perfect Meterpreter Powershell Payload

JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.

A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs.

A C/C++ implementation of Microsoft's Antimalware Scan Interface

Exploring in-memory execution of .NET

HTTP Server serving obfuscated Powershell Scripts/Payloads

The purpose of this tool is to test the window10 defender protection and also other antivirus protection.

An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

Miscellaneous Code and Docs

Patch AMSI and ETW in remote process via direct syscall

C# project that Reflectively loads .Net assemblies in memory.

Random stuff

This is a port of AMSI.fail,i modify the code to make it C# 5 compatible and can be executed on Windows 10 without installing any extra requirements.AMSI.fail itself generates obfuscated PowerShell snippets that break or disable AMSI for the current process.

🛡️ Convenient .NET Library for Invoking Antimalware Scan Interface (AMSI)