A fake AMSI Provider which can be used for persistence.

Related tags

Miscellaneous AMSI-Provider
Overview

AMSI-Provider

A fake AMSI Provider which can be used to gain persistence on a host when a specific text is triggered. By default calc.exe will open.

Usage

The AMSI Provider can be registered with the system by executing the following command from an elevated command prompt:

regsvr32 AmsiProvider.dll

Executing the following from a PowerShell console will open calc.exe:

"pentestlab"

image

Credits

Originally this technique was discovered by b4rtik and more details can be found in the article on his blog. The code sample of the AMSI provider is courtesy of Microsoft and the modifications of the code to b4artik. Since the original code shared was missing some required headers and some functions were not defined I decided to put all of them in a single repository for easy usage.

You might also like...
GLSL optimizer based on Mesa's GLSL compiler. Used to be used in Unity for mobile shader optimization.

GLSL optimizer ⚠️ As of mid-2016, the project is unlikely to have any significant developments. At Unity we are moving to a different shader compilati

Aras Pranckevičius 1.6k Jan 3, 2023
Two Tribes Engine; the engine which we used to create Toki Tori 2+ and RIVE with

Two Tribes Engine We, Two Tribes, have used this engine for over a decade. It started with early development on the Nintendo DS and ultimately resulte

Two Tribes 122 Nov 28, 2022
CyberVal is a paste of a internal Valorant Cheat which has been used by several providers like LeagueHell, Enduty and several other pasted chairs.

CyberVal CyberVal is a paste of a internal Valorant Cheat which has been used by several providers like LeagueHell, Enduty and several other pasted ch

zeroday 36 Jan 3, 2023
A set of very empty header files that can be used when building apps with Cosmopolitan

cosmo-include A set of very empty header files that can be used when building apps with Cosmopolitan Why? When you build an application with Cosmopoli

null 26 Dec 21, 2022
Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.
Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.

Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.

Pavel Stehule 1.9k Jan 4, 2023
Libft is an individual project at 42 that requires us to re-create some standard C library functions including some additional ones that can be used later to build a library of useful functions for the rest of the program.
Libft is an individual project at 42 that requires us to re-create some standard C library functions including some additional ones that can be used later to build a library of useful functions for the rest of the program.

Libft is an individual project at 42 that requires us to re-create some standard C library functions including some additional ones that can be used later to build a library of useful functions for the rest of the program.

Paulo Rafael Ramalho 0 Jan 1, 2023
The function is based on MQTT. When the original serial of ESP8266/ESP32 cannot be used, it can replace serial print.
The function is based on MQTT. When the original serial of ESP8266/ESP32 cannot be used, it can replace serial print.

MqttPrint and MqttMonitor The function is based on MQTT. When the original serial of ESP8266/ESP32 cannot be used, it can replace serial print. MqttPr

fw-box 4 Sep 28, 2022
A native textfield that can be used in place of Flutter's TextField widget.
A native textfield that can be used in place of Flutter's TextField widget.

Better Textfield A native textfield that can be used in place of Flutter's TextField widget. Demo demo.mp4 Here are some screenshots of the demo app:

Abhay Maurya 1 Sep 13, 2022
Program that can be used for rating user passwords.

Rate_My_Password Program that can be used for rating user passwords. The criteria for rating passwords are: • Has a length of at least 8 characters •

Sabri 1 Dec 28, 2021
Owner
netbiosX
Director of Pentest Laboratories
netbiosX
GitHub
Little Computer 3, or LC-3, is a type of computer educational programming language, an assembly language, which is a type of low-level programming language. It features a relatively simple instruction set, but can be used to write moderately complex assembly programs, and is a viable target for a C compiler. It has a simplified instruction set compared to 'x86', but contains all the main ideas used in modern CPUs.

Little-Computer-3-LC-3 What is LC-3? Little Computer 3, or LC-3, is a type of computer educational programming language, an assembly language, which i

Shreyas Srivastava 1 Oct 25, 2021
The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-source and can be used with OpenOCD as a general-purpose programmer

pico-probe-programmer The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-sou

martijn 22 Oct 15, 2022
An embedded CAN bus sniffer which is able to monitor any of the vehicle internal CAN bus and perform some action by triggering new CAN messages.

An embedded CAN bus sniffer which is able to monitor any of the vehicle internal CAN bus and perform some action by triggering new CAN messages. In this way certain vehicle functionality can be triggered by responding to custom steering wheel button events, or use the vehicle virtual cockpit to display OBD-PIDs values instead of relying on an external display to present new information to the user

null 18 Dec 28, 2022
Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider

Sealighter-TI Combining Sealighter with unpatched exploits and PPLDump to run the Microsoft-Windows-Threat-Intelligence ETW Provider without a signed

pat_h/to/file 58 Dec 26, 2022
Fake bomb for Airsoft

airsoft-bomb Thanks for your visit in this repo. This project was created around 2015, but it didn't have github, and I always distributed it via emai

Samuel Rios Carvalho 3 Nov 26, 2022
A Discord Bot to protect your server from spam, invitations, fake nitro ads and more written in C++

Antispambot An efficient Discord Bot to prevent spam written in C++. Tested on a large discord server and mitigates around 90% spam. Its well commente

Phil 9 Nov 5, 2022
Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Chris Humphries 34 Sep 7, 2022
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

SysmonSimulator SysmonSimulator is an Open source Windows event simulation utility created in C language, that can be used to simulate most of the att

Scarred Monk 744 Dec 25, 2022
ContactGot is an offline desktop app, where clients can leave their info, while an administrator can manage which information they need to gather on certain projects.

ContactGot Contents Description How to use Requirements Engineering Installation Documentation Design Architecture Demonstration 1. Description During

Elizaveta 15 Sep 17, 2022
Iot-Surveillance-Car - This is a IOT Based Surveillance Car which can be controlled, tracked globally as well as its data can be accessed globally

Iot-Surveillance-Car - This is a IOT Based Surveillance Car which can be controlled, tracked globally as well as its data can be accessed globally. The camera on the front of the car can also be monitored globally. It can go anywhere where sim connection is available. 5th Sem Mini project

Rahul Vijan 6 Dec 3, 2022