LightsOut – Generate An Obfuscated DLL That Will Disable AMSI And ETW

LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor

Or even easier, copy powershell to an arbitrary location and side load the DLL!

Greetz/Credit/Further Reference:

  • @RastaMouse for their blog post on patching AMSI:
  • @CCob/EthicalChaos for their blog post on patchless AMSI bypasses via hardware breakpoints:
  • @rad9800 for their code which this tool uses to bypass AMSI and ETW with hardware breakpoints:
Download LightsOut
READ MORE  Unleashing the Power of Incident Reporting: Strengthening Security and Compliance

Post a Comment