EXECUTE MALICIOUS CODE in WINDOWS Using AMSI BYPASS Techniques!

Рет қаралды 5,855

Күн бұрын

Microsoft has gone to great lengths to stop common malware from executing and they've done this by developing the Antimalware Scan Interface or AMSI. Yet, threat actors and Red-Teamers alike are still able to bypass this mechanism to execute their malicious scripts. How is this possible? In this episode, I attempt to learn and experiment with 6 AMSI bypass techniques in order to get malicious script execution.
Inadvertently, we also get to experiment with PowerShell script execution restriction techniques. Fun times were generally had by all 😁
pentestlaboratories.com/2021/...
www.netspi.com/blog/technical...
Follow me on Instagram! / daniellowrie_
#amsibypass #avevasion #antivirusevastion #antimalwarescaninterface #windowsdefenderbypass #malwaredetectionbypass #redteaming #malware #maliciouspowershell #invokemimikatz
---------------
Chapters
---------------
0:00 Intro
0:27 What is AMSI?
4:10 How AMSI Works
6:40 Demo of AMSI Blocking Malicious Script
7:47 PowerShell Downgrade Bypass
17:18 Base64 Encoding Bypass
20:52 Hooking Bypass
22:12 Memory Patching Bypass
27:42 PowerShell Script Execution Restriction Bypass
38:24 Forcing an Error Bypass
43:09 Registry Key Modification Bypass
44:11 DLL Hijacking Bypass
46:20 Outro

Пікірлер: 33

@ManeelxAkosAdor 2 ай бұрын

I think when you got to execute the amsi bypass by first time getting a true in the output (min 35), the reason you get the error when running the mimikatz.ps1 is that you have the execution policy set to restricted which will block any script execution from the shell. Awwsome video btw.

@daniellowrie 2 ай бұрын

Thanks for the insights! Glad you enjoyed the video😀 👍

@mpicuser 2 жыл бұрын

Hi Daniel...loved this video. Great content!

@daniellowrie 2 жыл бұрын

Thanks, Joseph! New stuff is about to drop, so keep an eye out for it.

@G0DsLion Жыл бұрын

Best teacher ever!

@daniellowrie Жыл бұрын

Thank you so very much! I'm glad you enjoy my content 😀👍

@subedi1053 3 жыл бұрын

awesome, thanks for the video sir.......

@daniellowrie 3 жыл бұрын

So glad you like it, udaya! Thanks for watching!

@cybersecurehacks 3 жыл бұрын

Another fire video. Love from pakistan mate :)

@daniellowrie 3 жыл бұрын

Glad you liked it! Much love in return!

@georgedrew306 3 жыл бұрын

Let's say it together... "AaaaMmmmSsssIiii Bypass" :D P.S. A fellow Brave user! Love that browser.

@daniellowrie 3 жыл бұрын

It was fun to play around with for sure! And yes. Brave. Just yes

@Green_shorts1234 3 жыл бұрын

I want to start bug bounty how to start I have no idea will make a video on it plz 🙏

@daniellowrie 3 жыл бұрын

It's actually already in my "Cool Ideas for KZfaq" list 😎👍

@kavindudhananjana848 2 жыл бұрын

👍👍👍

@kimsexy 6 ай бұрын

How bypass for assembly load

@daniellowrie 6 ай бұрын

I'm not sure I get you. Could you clarify a bit?

@aksht01 3 жыл бұрын

Sir please come up with ethical hacking series please sir we want it from you so eagerly please sir ❤️

@daniellowrie 3 жыл бұрын

You are tenacious, Akshat! I like that! I'm not sure if I could do a custom course without being in conflict with my content at ITProTV. I'll look into it though 👍.

@aksht01 3 жыл бұрын

@@daniellowrie thanks a lot sir ❤️

@oy9804 3 жыл бұрын

next video Talk about how I can open port on the kali🤔🤔🤔

@daniellowrie 3 жыл бұрын

Just for context, what are you trying to do that requires you to open a port?

@oy9804 3 жыл бұрын

@@daniellowrie I made a payload to trying to do Ethical Hacking for my another phone but It's not working my another phone in the In another network

@daniellowrie 3 жыл бұрын

@@oy9804 to confirm I'm understanding correctly... you have a phone on the same network as your kali box and it CAN connect. You also have another phone on a different network than your kali box and it CAN'T connect. If that's the case, my first thought is a routing issue, or maybe you need to setup port forwarding if you're going over the internet.

@oy9804 3 жыл бұрын

@@daniellowrie yes I want to open a port How can I do that ?

@oy9804 3 жыл бұрын

@@daniellowrie I've seen a lot of videos on KZfaq, but the roads don't work