AMSI Bypass Patcher Written in Go
In-memory AMSI patch implemented in Go for red team operations
Amsi-Go patches the Windows Antimalware Scan Interface (AMSI) directly in memory using Go. The binary compiles with no console window (-H=windowsgui), making it suitable for use in offensive engagements where stealth is required.
- In-Memory Patching — Modifies
AmsiScanBufferat runtime without touching disk - No Console Window — Compiles as a GUI application for stealth
- Stripped Binary — Debug symbols removed for smaller footprint
- Go Native — No CGO dependencies, single static binary
go build -ldflags "-H=windowsgui -s -w" .\main.go| Flag | Purpose |
|---|---|
-H=windowsgui |
No console window on execution |
-s |
Strip symbol table |
-w |
Strip DWARF debug info |
Before Patch — AMSI Active:
After Patch — AMSI Bypassed:
This tool is intended for authorized penetration testing and security research only. Unauthorized use against systems you do not own or have explicit permission to test is illegal. The author assumes no liability for misuse of this software.
For educational and authorized security testing purposes only.