Tag

Amsi

2 briefs RSS

AMSI Enable Registry Key Modification for Defense Evasion

Adversaries modify the AmsiEnable registry key to 0 to disable Windows Script AMSI scanning, bypassing AMSI protections for Windows Script Host or JScript execution.

Microsoft Defender XDR +4 defense-evasion amsi registry windows

2r 1t Jan 27, 2024

high advisory

Potential Antimalware Scan Interface Bypass via PowerShell

3 rules 1 TTP

This rule detects PowerShell scripts that attempt to bypass the Antimalware Scan Interface (AMSI) in order to disable scanning and execute malicious PowerShell code undetected.

defense-evasion amsi powershell windows

3r 1t Jan 9, 2024