Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.

A PowerShell armoury for security guys and girls

Analyse your malware to surgically obfuscate it

JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.

CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.

Automated Tool That Generates The Perfect Meterpreter Powershell Payload

A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs.

A C/C++ implementation of Microsoft's Antimalware Scan Interface

Exploring in-memory execution of .NET

An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

HTTP Server serving obfuscated Powershell Scripts/Payloads

The purpose of this tool is to test the window10 defender protection and also other antivirus protection.

Two in one, patch lifetime powershell console, no more etw and amsi!

Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW

Miscellaneous Code and Docs

Patch AMSI and ETW in remote process via direct syscall

Scan strings or files for malware using the Windows Antimalware Scan Interface