Bypass AMSI and reflectively inject PE into process

/static/assets/windows-logo.svg
Bypass the Anti-malware scanning interface (AMSI) then load in a powershell script that can perform a reflective DLL/PE load into either a remote or local process. This is useful for loading custom payloads and executing them in memory to bypass local security configurations. Specify a paylod with a custom `payload.uri` fact that contains either a PE or DLL. To load remotely, the binary must be position indepedent (i.e. compiled with -fPIC).
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.1)