Microsoft has gone to great lengths to stop common malware from executing and they've done this by developing the Antimalware Scan Interface or AMSI. Yet, threat actors and Red-Teamers alike are still able to bypass this mechanism to execute their malicious scripts. How is this possible? In this episode, I attempt to learn and experiment with 6 AMSI bypass techniques in order to get malicious script execution.
Inadvertently, we also get to experiment with PowerShell script execution restriction techniques. Fun times were generally had by all 😁
[ Ссылка ]
[ Ссылка ]
Follow me on Instagram! [ Ссылка ]
#amsibypass #avevasion #antivirusevastion #antimalwarescaninterface #windowsdefenderbypass #malwaredetectionbypass #redteaming #malware #maliciouspowershell #invokemimikatz
---------------
Chapters
---------------
0:00 Intro
0:27 What is AMSI?
4:10 How AMSI Works
6:40 Demo of AMSI Blocking Malicious Script
7:47 PowerShell Downgrade Bypass
17:18 Base64 Encoding Bypass
20:52 Hooking Bypass
22:12 Memory Patching Bypass
27:42 PowerShell Script Execution Restriction Bypass
38:24 Forcing an Error Bypass
43:09 Registry Key Modification Bypass
44:11 DLL Hijacking Bypass
46:20 Outro
