Skip to content
/ AMSI-Bypasses Public

Bypass AMSI by patching AmsiScanBuffer two different ways.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Mister-Joe/AMSI-Bypasses

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
jmp.cs
jmp.cs
 
 
ret.cs
ret.cs
 
 

Repository files navigation

AMSI-Bypasses

Bypass AMSI by patching AmsiScanBuffer two different ways.

Overview

jmp.cs places a mid-function hook in AmsiScanBuffer. A relative jmp instruction is used to jump to the end of the function & return 0 (AMSI_RESULT_CLEAN).

ret.cs places a hook at the beginning of AmsiScanBuffer to return 0 (AMSI_RESULT_CLEAN).

Credits to: Rasta Mouse for some of his code and some of his ideas.

Usage

I'd recommend compiling with Visual Studio and at least .NET 3.5. Use a class library (C# dll) template. Load into PowerShell.exe using your preferred method. Execute with [Bannana]::Peel().

About

Bypass AMSI by patching AmsiScanBuffer two different ways.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages