Joe Desimone's Avatar

Joe Desimone

@jdez

Tech Lead, Elastic Security

125
Followers 56
Following 1
Posts 28.11.2023
Joined
Posts Following

Latest posts by Joe Desimone @jdez

Post image Post image Post image

Bypass AMSI by uninitializing the IActiceScript object (zero ptr at 0x3c8). Slightly modified wscript no longer calls into AMSI.

23.01.2025 14:11 ๐Ÿ‘ 2 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0