{"id":18734366,"url":"https://github.com/uixss/amsi-bypass-powershell","last_synced_at":"2025-04-12T18:32:15.634Z","repository":{"id":258454210,"uuid":"866284900","full_name":"uixss/AMSI-Bypass-Powershell","owner":"uixss","description":"AMSI Bypass - Credits  @ZeroMemoryEx","archived":false,"fork":false,"pushed_at":"2024-10-02T03:31:51.000Z","size":77,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-26T13:21:23.391Z","etag":null,"topics":["offensive","python","red-team"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/uixss.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-02T01:04:10.000Z","updated_at":"2024-11-30T14:17:53.000Z","dependencies_parsed_at":"2024-10-19T05:18:42.226Z","dependency_job_id":null,"html_url":"https://github.com/uixss/AMSI-Bypass-Powershell","commit_stats":null,"previous_names":["uixss/amsi-bypass-powershell"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uixss%2FAMSI-Bypass-Powershell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uixss%2FAMSI-Bypass-Powershell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uixss%2FAMSI-Bypass-Powershell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uixss%2FAMSI-Bypass-Powershell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/uixss","download_url":"https://codeload.github.com/uixss/AMSI-Bypass-Powershell/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248613664,"owners_count":21133565,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["offensive","python","red-team"],"created_at":"2024-11-07T15:13:06.807Z","updated_at":"2025-04-12T18:32:15.402Z","avatar_url":"https://github.com/uixss.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AMSI Bypass\n\nMonitor processes in the system and check if amsi.dllis loaded in the process powershell.exe. If it is detected that amsi.dllIt's loaded, call the second script (amsi.py) to apply the patch.\nMain functions:\n\n### Note:\nThe use of these scripts is intended for educational purposes and security research. Misuse in environments without proper authorization may violate laws or regulations.\n\n\n# Credits\n\nhttps://github.com/ZeroMemoryEx\n\nhttps://github.com/S1lkys/SharpKiller\n\n | 48:85D2 | test rdx, rdx |\n\n | 74 3F | je amsi.7FFAE957C694 |\n\n | 48 : 85C9 | test rcx, rcx |\n\n | 74 3A | je amsi.7FFAE957C694 |\n\n | 48 : 8379 08 00 | cmp qword ptr ds : [rcx + 8] , 0 |\n\n | 74 33 | je amsi.7FFAE957C694 |\n\n- the search pattern will be like this :\n{ 0x48,'?','?', 0x74,'?',0x48,'?' ,'?' ,0x74,'?' ,0x48,'?' ,'?' ,'?' ,'?',0x74,0x33}\n\n![image](https://github.com/ltcflip/amsi-bypass/assets/153377701/3a57f643-2896-49b1-b96f-80e1e7f56852)\n\n# Patch\n\n![image](https://github.com/ltcflip/amsi-bypass/assets/153377701/339ad662-591e-48cd-bab0-adf475d4d1dc)\n\n\n\n## Contributing\nFeel free to submit issues or pull requests to improve the functionality and error handling in these scripts.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuixss%2Famsi-bypass-powershell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuixss%2Famsi-bypass-powershell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuixss%2Famsi-bypass-powershell/lists"}