[Vittlesical]

Hi guys, today i was scrolling on Github and i  saw a repo talks about AMSI bypass, etc so i took a look at the available scripts there and i picked up the implementation for 64bit, and tried it on my windows VM and it was detected, so i decided to obfuscate it and try to run it, and i was able to bypass the amsi and patching the scan functions.
you can find it here: https://github.com/S3cur3Th1sSh1t/Amsi-B...ile#64-bit


visit: https://learn.microsoft.com/en-us/window...ace-portal
to understand what is AMSI


- this is with the obfuscation techniques implemented below

as you can see in the photo i was able to patch the scan function and invoke mimikatz


- this is without the obfuscation 




obfuscation techniques implemented:
- Base64 Encoding
- Simplified Variable Names
- Dynamic Generation

Hidden Content

You must register or login to view this content.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: See you on the other side.

[None]

Good share, S3cur3Th1sSh1t always has great stuff.
I can recommend checking him out on youtube aswell, he got hours of content on AV Evasion w/ Powershell amongst other things which are nice to sit through
/@ScurThsSht/videos

[xzin0vich]

Pretty good share, keep this up

[Vittlesical]

Good share, S3cur3Th1sSh1t always has great stuff.
I can recommend checking him out on youtube aswell, he got hours of content on AV Evasion w/ Powershell amongst other things which are nice to sit through
/@ScurThsSht/videos

he has great stuff indeed
i checked him most of the techniques he explain detected thats why i modified the pwsh script because a lot of kids use it on their vm with cloud protections enabled and everytime they execute it it sends samples to microsoft until they were able to make an update detects it.

---

Pretty good share, keep this up

will do, thanks!

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: See you on the other side.

[qacjdkp3x6y25722]

Great stuff ,let me see the content.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | https://breachforums.rs/Forum-Ban-Appeals if you feel this is incorrect.

[godener]

i was playing with that one also

[fuliye]

Hi guys, today i was scrolling on Github and i  saw a repo talks about AMSI bypass, etc so i took a look at the available scripts there and i picked up the implementation for 64bit, and tried it on my windows VM and it was detected, so i decided to obfuscate it and try to run it, and i was able to bypass the amsi and patching the scan functions.
you can find it here: https://github.com/S3cur3Th1sSh1t/Amsi-B...ile#64-bit


visit: https://learn.microsoft.com/en-us/window...ace-portal
to understand what is AMSI


- this is with the obfuscation techniques implemented below

as you can see in the photo i was able to patch the scan function and invoke mimikatz


- this is without the obfuscation 




obfuscation techniques implemented:
- Base64 Encoding
- Simplified Variable Names
- Dynamic Generation

This tools is very nice thanks for share

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[stevenPeter]

thanks for the share