netbiosX/AMSI-Provider netbiosX/AMSI-Provider

  • Stars
    star
    133
  • Rank 272,600 (Top 6 %)
  • Language
    C++
  • License
    Other
  • Created over 3 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
netbiosX/AMSI-Provider
github

netbiosX

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A fake AMSI Provider which can be used for persistence.

AMSI-Provider

A fake AMSI Provider which can be used to gain persistence on a host when a specific text is triggered. By default calc.exe will open.

Usage

The AMSI Provider can be registered with the system by executing the following command from an elevated command prompt:

regsvr32 AmsiProvider.dll

Executing the following from a PowerShell console will open calc.exe:

"pentestlab"

image

Credits

Originally this technique was discovered by b4rtik and more details can be found in the article on his blog. The code sample of the AMSI provider is courtesy of Microsoft and the modifications of the code to b4artik. Since the original code shared was missing some required headers and some functions were not defined I decided to put all of them in a single repository for easy usage.

More Repositories

1

Checklists

Red Teaming & Pentesting checklists for various engagements
2,370
star
2

Default-Credentials

Default usernames and passwords for various systems (VoIP,IPMI,Oracle).
396
star
3

Digital-Signature-Hijack

Binaries, PowerShell scripts and information about Digital Signature Hijacking.
PowerShell
205
star
4

Pentest-Bookmarks

Database of websites for penetration testing
174
star
5

CheatSheets

Commands to perform various activities related to penetration testing and red teaming
20
star
6

Red-Team-CheatSheets

The website version of CheatSheets
9
star
7

iPurpleTeam

Frameworks, Methodologies, Detection Rules and Tooling for establishing a Purple Team program.
7
star
8

Pentest-Scripts

Scripts that can be used in penetration testing engagements.
5
star
9

netbiosX

Config files for my GitHub profile.
3
star
10

Checklists-Website

The website version for checklists project
3
star