Awesome
AmsiBypass
C# PoC implementation for bypassing AMSI via in memory patching
Apply memory patching as described by Cyberark here:
https://www.cyberark.com/threat-research-blog/amsi-bypass-redux/
Write-Up on how to weaponize this with PowerShell can be found here:
http://ha.cker.info/weaponizing-amsi-bypass-with-powershell/
- Build dll
- Invoke it
- Apply patch
- ???
- Profit!