Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

CSS

MATLAB

R

Go

TypeScript

Groovy

Perl

Shell

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Elm

C#

Objective-C

Elixir

Ruby

R

PowerShell

Python

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇳🇵 Nepal

🇦🇬 Antigua and Barbuda

🇨🇿 Czechia

🇳🇿 New Zealand

🇯🇵 Japan

🇲🇶 Martinique

🇬🇺 Guam

🇬🇹 Guatemala

All Countries Compare Countries

cobbr/PSAmsi

Stars
380
Rank 112,766 (Top 3 %)
Language
PowerShell
License
GNU General Publi...
Created about 7 years ago
Updated over 6 years ago

cobbr/PSAmsi

cobbr

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

PSAmsi is a tool for auditing and defeating AMSI signatures.

PSAmsi

PSAmsi is a tool for auditing and defeating AMSI signatures.

It's best utilized in a test environment to quickly create payloads you know will not be detected by a particular AntiMalware Provider, although it can be useful in certain situations outside of a test environment.

When using outside of a test environment, be sure to understand how PSAmsi works, as it can generate AMSI alerts.

Getting Started

Installation instructions and an introduction to using PSAmsi are available in the Wiki.

Disclaimer

You are only authorized to use PSAmsi (and payloads created with PSAmsi) on systems that you have permission to use it on. It was created for research purposes only.

Acknowledgements

A huge thanks to the following people whose code is used by PSAmsi:

Daniel Bohannon (@danielhbohannon) - PSAmsi currently uses Invoke-Obfuscation for all of it's obfuscation. Thanks Daniel!
Matt Graeber (@mattifestation) - PSAmsi uses PSReflect to call the AMSI functions exported from the AMSI dll, while staying in memory. Thanks Matt!

Covenant

Covenant is a collaborative .NET C2 framework for red teamers.

SharpSploit

SharpSploit is a .NET post-exploitation library written in C#

SharpGen

SharpGen is a .NET Core console application that utilizes the Rosyln C# compiler to quickly cross-compile .NET Framework console applications or libraries.

SharpShell

SharpShell is a proof-of-concept offensive C# scripting engine that utilizes the Rosyln C# compiler to quickly cross-compile .NET Framework console applications or libraries.

Elite

Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.

C2Bridge

C2Bridges allow developers to create new custom communication protocols and quickly utilize them within Covenant.

InsecurePowerShellHost

InsecurePowerShellHost is a .NET Core host process for InsecurePowerShell, a version of PowerShell Core v6.0.0 with key security features removed.

Judge

Judge is a tool for scoring/debugging network services on a CCDC (or similar competition) network.

slides

Collection of slide decks from various presentations.

Covenant-wiki

Wiki documentation for the Covenant project.

BlazorExample

cobbr.io