0xjbb / Amsi-Patch

AMSI ScanBuffer Patch with API Hook poc

amsi amsi-bypass amsi-evasion cpp ethical-hacking hacking redteam redteaming api-hooking

AMSI Patch via API Hooking

It's messy af, its a poc.
x64 in Debug mode with Debugger attached doesn't work, don't know why, don't really care.
scan.cpp is just to invoke the AmsiScanBuffer function for testing.

About

AMSI ScanBuffer Patch with API Hook poc

amsi amsi-bypass amsi-evasion cpp ethical-hacking hacking redteam redteaming api-hooking

Languages

Language:C++ 100.0%