AmsiBypass

C# PoC implementation for bypassing AMSI via in memory patching

Apply memory patching as described by Cyberark here:
https://www.cyberark.com/threat-research-blog/amsi-bypass-redux/

Write-Up on how to weaponize this with PowerShell can be found here:
http://ha.cker.info/weaponizing-amsi-bypass-with-powershell/

• Build dll
• Invoke it
• Apply patch
• ???
• Profit!