Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@EvilBytecode
EvilBytecode authored Jun 22, 2024
1 parent ca030c5 commit bcc4e13
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,14 @@
# Lifetime-Amsi-EtwPatch
Two in one, patch lifetime powershell console, no more etw and amsi!

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for Windows) and AMSI (Antimalware Scan Interface) protections.

### INFO
The program modifies the PowerShell profile (`Microsoft.PowerShell_profile.ps1`) to apply two patches:

1. **AMSI Patch**: Disables AMSI by modifying the `AmsiScanBuffer` function.
2. **ETW Patch**: Modifies the `EtwEventWrite` function in `ntdll.dll` to prevent event tracing.
3. Sets File attributes to Hidden and System to : `Microsoft.PowerShell_profile.ps1`.

### Effect: Once applied, PowerShell sessions initiated afterward will have AMSI and ETW bypassed.

- Made by codepulze aka evilbytecode.

0 comments on commit bcc4e13

Please sign in to comment.