In the last post, I provided a quick introduction to the Anti-Malware Scan Interface (AMSI). If you don’t know what AMSI is or how it works, I recommend that you read that post.

In this post, I have listed down various resources and tools that can be leveraged to bypass AMSI.

Note: This is a heavily researched area and there is a lot of great work that has already been published. Through this post, I have attempted to go through most (not all) of that work and summarize it for easier understanding and quick reference.

The techniques to evade AMSI fall in one of the following categories:

• Send obfuscated input to AMSI

• Get AMSI to always mark the input as clean

• Get AMSI to fail or error out

• Avoid using AMSI altogether

Certain articles have listed 7-8 techniques, wherever possible I have taken the liberty to club them together based on their working.

Lets discuss each category in more detail:

1. Send obfuscated input to AMSI - In this technique, the input to AMSI is converted into a format that will appear gibberish to the underlying scanning engine. This can be done by base64 / custom encoding the input, obfuscating, encrypting the input or string manipulation. See technique 2. on this page for a base64 obfuscation demonstration and this article by s3cur3th1ssh1t for a string concatenation demonstration. Obfuscation can be done manually or using tools like, Invoke-Obfuscation, ISE-Steroids or CyberChef. The article by s3cur3th1ssh1t also discusses how to manually modify various AMSI bypass scripts to avoid detection and make them work again.

2. Get AMSI to always mark the input as clean - In this technique, AMSI related functions are patched in memory to always return a clean result irrespective of the input provided. There are multiple ways to do it, such as:

   1. Memory Patching AMSI Bypass by Daniel Duggan

   2. Slightly modifed version of the above technique by FatRodzianko

   3. Replacing AmsiScanBuffer function with a dummy function by Victor Khoury (Vixx) - This technique does not use VirtualProtect API to alter permissions of a memory region.

   4. Hooking AmsiScanBuffer via DLL Injection

   5. and a whole lot of other techniques.

3. Get AMSI to fail or error out - In this technique, the process memory is patched in a way that either crashes AMSI or errors out AMSI, resulting in AMSI not being loaded in the process. There are multiple ways to do it, such as:

   1. Getting AmsiScanBuffer to error out i.e. retrun 0 or this

   2. Getting AmsiOpenSession to error out i.e. return an HRESULT error code

   3. Patching AmsiScanBuffer vai reflection

   4. and a whole lot of other techniques.

4. Avoid using AMSI altogether - In this technique, an alternate mechanism is used which does not load or support AMSI, thus avoiding it altogether. The most common way of doing this by degrading to Powershell v2.0. Powershell v2.0 does not support AMSI so any commands or scripts executed via v2.0 will not trigger AMSI. However, there is a caveat to this technique, version v2.0.50727 of the .NET Framework is required for Powershell v2.0 to work. Besides this version of Powershell may not be compatible with Powershell based tools which depend on functionality found in higher versions of Powershell. Other such techniques include:

   1. Disable AMSI scanning via registry modification.

   2. Neutralize AMSI via DLL Hijacking

With that being covered, lets have a look at tools which automate one or more of the above mentioned techniques:

• AMSI.fail - Generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated.

• Invoke-AmsiBypass (part of Nishang) - This script implements six publicly known methods bypass or avoid AMSI on Windows machines.

• Cobalt Strike BOF - Inject AMSI Bypass - Bypasses AMSI by patching AmsiOpenSession.

• SharpBlock - Implements a patchless technique to bypass AMSI.

Red Team Notes
- The techniques to evade AMSI fall in one of the following categories:
   - Send obfuscated input to AMSI
   - Get AMSI to always mark the input as clean
   - Get AMSI to fail or error out
   - Avoid using AMSI altogether
- Most of techniques are well-known and hence easily detectable. However, they can be modified manually to work in most cases. Read this article by S3cur3th1ssh1t to understand the process of manual modification. 
- There are a few tools available that automate or partially automate the process of bypassing AMSI.  

Follow my journey of 100 Days of Red Team on WhatsApp or Discord.

Below is the recording of the presentation, AMSI & Bypass: Review of Known AMSI Bypass Techniques and Introducing a New One by Maor Korkos, presented at Blackhat Asia, 2022

I will keep updating this post as and when I come across more such tools and techniques. So keep checking back here.