{"id":31321,"date":"2023-11-21T04:30:51","date_gmt":"2023-11-21T04:30:51","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=31321"},"modified":"2023-11-22T04:47:04","modified_gmt":"2023-11-22T04:47:04","slug":"lightsout","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/lightsout\/","title":{"rendered":"LightsOut: Disabling AMSI & ETW with an Obfuscated DLL"},"content":{"rendered":"\n
LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into any process where AMSI or ETW are present (i.e. PowerShell).<\/p>\n\n\n\n
LightsOut is designed to work on Linux systems with python3<\/code> and mingw-w64<\/code> installed. No other dependencies are required.<\/p>\n\n\n\n
Features currently include:<\/strong><\/h2>\n\n\n\n
This tool was designed to be used on pentests, primarily to execute malicious powershell scripts without getting blocked<\/em> by AV\/EDR. Because of this, the tool is very barebones and a lot can be added to improve opsec. Do not expect this tool to completely evade detection by EDR.<\/p>\n\n\n\n
Usage Examples<\/strong><\/h2>\n\n\n\n
You can transfer the output DLL to your target system and load it into powershell various ways. For example, it can be done via P\/Invoke with LoadLibrary:<\/p>\n\n\n\n<\/figure>\n\n\n\n
Or even easier, copy powershell to an arbitrary location and side load the DLL!<\/p>\n\n\n\n<\/figure>\n","protected":false},"excerpt":{"rendered":"
LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into any process where AMSI […]<\/p>\n","protected":false},"author":12,"featured_media":31323,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[737,6321,6052,6325,6423],"class_list":["post-31321","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-et","tag-cybersecurity","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools","tag-lightsout"],"yoast_head":"\n
LightsOut: Disabling AMSI & ETW with an Obfuscated DLL<\/title>\n<meta name=\"description\" content=\"LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/lightsout\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LightsOut: Disabling AMSI & ETW with an Obfuscated DLL\" \/>\n<meta property=\"og:description\" content=\"LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/lightsout\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-21T04:30:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-22T04:47:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/lightsout\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lightsout\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"LightsOut: Disabling AMSI & ETW with an Obfuscated DLL\",\"datePublished\":\"2023-11-21T04:30:51+00:00\",\"dateModified\":\"2023-11-22T04:47:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lightsout\/\"},\"wordCount\":209,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lightsout\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp\",\"keywords\":[\"cybersecurity\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\",\"LightsOut\"],\"articleSection\":[\"Exploitation Tools\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/lightsout\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/lightsout\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/lightsout\/\",\"name\":\"LightsOut: Disabling AMSI & ETW with an Obfuscated DLL\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lightsout\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lightsout\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp\",\"datePublished\":\"2023-11-21T04:30:51+00:00\",\"dateModified\":\"2023-11-22T04:47:04+00:00\",\"description\":\"LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/lightsout\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/lightsout\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LightsOut: Disabling AMSI & ETW with an Obfuscated DLL","description":"LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/lightsout\/","og_locale":"en_US","og_type":"article","og_title":"LightsOut: Disabling AMSI & ETW with an Obfuscated DLL","og_description":"LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing","og_url":"https:\/\/kalilinuxtutorials.com\/lightsout\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2023-11-21T04:30:51+00:00","article_modified_time":"2023-11-22T04:47:04+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/lightsout\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/lightsout\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"LightsOut: Disabling AMSI & ETW with an Obfuscated DLL","datePublished":"2023-11-21T04:30:51+00:00","dateModified":"2023-11-22T04:47:04+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/lightsout\/"},"wordCount":209,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/lightsout\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp","keywords":["cybersecurity","informationsecurity","kalilinux","kalilinuxtools","LightsOut"],"articleSection":["Exploitation Tools"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/lightsout\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/lightsout\/","url":"https:\/\/kalilinuxtutorials.com\/lightsout\/","name":"LightsOut: Disabling AMSI & ETW with an Obfuscated DLL","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/lightsout\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/lightsout\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp","datePublished":"2023-11-21T04:30:51+00:00","dateModified":"2023-11-22T04:47:04+00:00","description":"LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/lightsout\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/lightsout\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":35413,"url":"https:\/\/kalilinuxtutorials.com\/hooka\/","url_meta":{"origin":31321,"position":0},"title":"Hooka : Advanced Shellcode Loader Generation With Enhanced Evasion Techniques","author":"Varshini","date":"December 9, 2024","format":false,"excerpt":"Hooka is able to generate shellcode loaders with multiple capabilities. It is also based on other tools like BokuLoader, Freeze or Shhhloader, and it tries to implement more evasion features. Why in Golang? Why not? Features This tool is able to generate loaders with this features: Multiple shellcode injection techniques:\u2026","rel":"","context":"In "Exploitation Tools"","block_context":{"text":"Exploitation Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/et\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":36768,"url":"https:\/\/kalilinuxtutorials.com\/crimsonedr\/","url_meta":{"origin":31321,"position":1},"title":"CrimsonEDR : A Cutting-Edge Tool For Simulating And Bypassing EDR Systems","author":"Varshini","date":"February 28, 2025","format":false,"excerpt":"CrimsonEDR is an open-source tool developed by Matthias Ossard, designed to simulate the behavior of Endpoint Detection and Response (EDR) systems. It provides a platform for identifying malware patterns and understanding evasion techniques, making it valuable for cybersecurity professionals seeking to enhance their skills in bypassing EDR mechanisms. Key Features\u2026","rel":"","context":"In "Cyber security"","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/CrimsonEDR-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/CrimsonEDR-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/CrimsonEDR-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/CrimsonEDR-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/CrimsonEDR-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/CrimsonEDR-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":24779,"url":"https:\/\/kalilinuxtutorials.com\/nimpackt-v1\/","url_meta":{"origin":31321,"position":2},"title":"NimPackt-v1 : Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit","author":"R K","date":"May 28, 2022","format":false,"excerpt":"NimPackt-v1 is among the worst code I have ever written (I was just starting out learning Nim). Because of this, I started on a full rewrite of NimPackt, dubbed 'NimPackt-NG' (currently still private). With this re-write, I decided to open-source the old branch (\"NimPackt-v1\"). As such, this branch is no\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiPxCQwtniBw65fsASiHVJ58JDW8CA3rOrg1hkQJlW3F6i--_OcKc88kM4yfZp99CSKd48CbaNJWd1T9MwrHkNC7sAJee5zMgRrr8vNwgcKGy4GzJapINyGTu_Th83Dis_iHVGUHwzz1RXT_vnvCQRijcrugbmS9JdpCNhFj0ExNjvr4GgB3qvDrMhQ\/s728\/Nimpackt-Logo-Blacktext%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiPxCQwtniBw65fsASiHVJ58JDW8CA3rOrg1hkQJlW3F6i--_OcKc88kM4yfZp99CSKd48CbaNJWd1T9MwrHkNC7sAJee5zMgRrr8vNwgcKGy4GzJapINyGTu_Th83Dis_iHVGUHwzz1RXT_vnvCQRijcrugbmS9JdpCNhFj0ExNjvr4GgB3qvDrMhQ\/s728\/Nimpackt-Logo-Blacktext%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiPxCQwtniBw65fsASiHVJ58JDW8CA3rOrg1hkQJlW3F6i--_OcKc88kM4yfZp99CSKd48CbaNJWd1T9MwrHkNC7sAJee5zMgRrr8vNwgcKGy4GzJapINyGTu_Th83Dis_iHVGUHwzz1RXT_vnvCQRijcrugbmS9JdpCNhFj0ExNjvr4GgB3qvDrMhQ\/s728\/Nimpackt-Logo-Blacktext%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiPxCQwtniBw65fsASiHVJ58JDW8CA3rOrg1hkQJlW3F6i--_OcKc88kM4yfZp99CSKd48CbaNJWd1T9MwrHkNC7sAJee5zMgRrr8vNwgcKGy4GzJapINyGTu_Th83Dis_iHVGUHwzz1RXT_vnvCQRijcrugbmS9JdpCNhFj0ExNjvr4GgB3qvDrMhQ\/s728\/Nimpackt-Logo-Blacktext%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":13271,"url":"https:\/\/kalilinuxtutorials.com\/charlotte\/","url_meta":{"origin":31321,"position":3},"title":"Charlotte : C++ Fully Undetected Shellcode Launcher","author":"R K","date":"June 10, 2021","format":false,"excerpt":"Charlotte is an c++ fully undetected shellcode launcher . Description 13\/05\/2021:c++ shellcode launcher, fully undetected 0\/26 as of 13th May 2021.dynamic invoking of win32 api functionsXOR encryption of shellcode and function namesrandomised XOR keys and variables per runon Kali Linux, simply 'apt-get install mingw-w64*' and thats it!17\/05\/2021:random strings length and\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":35460,"url":"https:\/\/kalilinuxtutorials.com\/lifetime-amsi-etwpatch\/","url_meta":{"origin":31321,"position":4},"title":"Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections","author":"Varshini","date":"December 18, 2024","format":false,"excerpt":"This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for Windows) and AMSI (Antimalware Scan Interface) protections. In the realm of cybersecurity, evading detection is often as critical as the attack itself. The 'Lifetime-Amsi-EtwPatch' tool is a sophisticated piece of software designed specifically for this\u2026","rel":"","context":"In "Hacking Tools"","block_context":{"text":"Hacking Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/hacking-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgkSokHWcCoxorhOrJP3mWB3HU-eCzqUMsWmThzjWmpjft68IM4hRJZdo6FoTWxg3oHb2x6jE6m47ykRVRMhzOPnDoMv8B5wkmg5lavgHS4tmJoQp65PwlvqGadoodilIz5XnlZ6cylbEEMIpaXfEa3mR_-E7K9iLHTFUpr-ESDTpCznzxzEijVxeNeAD2p\/s1600\/Lifetime-Amsi-EtwPatch.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgkSokHWcCoxorhOrJP3mWB3HU-eCzqUMsWmThzjWmpjft68IM4hRJZdo6FoTWxg3oHb2x6jE6m47ykRVRMhzOPnDoMv8B5wkmg5lavgHS4tmJoQp65PwlvqGadoodilIz5XnlZ6cylbEEMIpaXfEa3mR_-E7K9iLHTFUpr-ESDTpCznzxzEijVxeNeAD2p\/s1600\/Lifetime-Amsi-EtwPatch.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgkSokHWcCoxorhOrJP3mWB3HU-eCzqUMsWmThzjWmpjft68IM4hRJZdo6FoTWxg3oHb2x6jE6m47ykRVRMhzOPnDoMv8B5wkmg5lavgHS4tmJoQp65PwlvqGadoodilIz5XnlZ6cylbEEMIpaXfEa3mR_-E7K9iLHTFUpr-ESDTpCznzxzEijVxeNeAD2p\/s1600\/Lifetime-Amsi-EtwPatch.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgkSokHWcCoxorhOrJP3mWB3HU-eCzqUMsWmThzjWmpjft68IM4hRJZdo6FoTWxg3oHb2x6jE6m47ykRVRMhzOPnDoMv8B5wkmg5lavgHS4tmJoQp65PwlvqGadoodilIz5XnlZ6cylbEEMIpaXfEa3mR_-E7K9iLHTFUpr-ESDTpCznzxzEijVxeNeAD2p\/s1600\/Lifetime-Amsi-EtwPatch.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgkSokHWcCoxorhOrJP3mWB3HU-eCzqUMsWmThzjWmpjft68IM4hRJZdo6FoTWxg3oHb2x6jE6m47ykRVRMhzOPnDoMv8B5wkmg5lavgHS4tmJoQp65PwlvqGadoodilIz5XnlZ6cylbEEMIpaXfEa3mR_-E7K9iLHTFUpr-ESDTpCznzxzEijVxeNeAD2p\/s1600\/Lifetime-Amsi-EtwPatch.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgkSokHWcCoxorhOrJP3mWB3HU-eCzqUMsWmThzjWmpjft68IM4hRJZdo6FoTWxg3oHb2x6jE6m47ykRVRMhzOPnDoMv8B5wkmg5lavgHS4tmJoQp65PwlvqGadoodilIz5XnlZ6cylbEEMIpaXfEa3mR_-E7K9iLHTFUpr-ESDTpCznzxzEijVxeNeAD2p\/s1600\/Lifetime-Amsi-EtwPatch.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":26584,"url":"https:\/\/kalilinuxtutorials.com\/chisel-strike\/","url_meta":{"origin":31321,"position":5},"title":"Chisel-Strike : A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy","author":"R K","date":"August 23, 2022","format":false,"excerpt":"Chisel-Strike is a .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience I found socks4\/socks4a proxies quite slow in comparison to its socks5 counterparts and a lack of implementation of socks5 in most C2 frameworks. There\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj11Yltr9ny8IYBMakte3mjNwuu3ZsNw8zRg2g-Xe1uHTn0ONOB9QrIvdFfVOeV9sD6_8bkgCtEQbF-nk0llBldHOfbnlDtgoJumio5GBk1I6qAjdQjkaQBneuC2_DbL9410N5SeLnlPvSikfTIcxx7SAz2u9pwVegIZYaUeukEr9c4CCacSlVrMWAm\/s728\/Screenshot-2022-07-14-160304%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj11Yltr9ny8IYBMakte3mjNwuu3ZsNw8zRg2g-Xe1uHTn0ONOB9QrIvdFfVOeV9sD6_8bkgCtEQbF-nk0llBldHOfbnlDtgoJumio5GBk1I6qAjdQjkaQBneuC2_DbL9410N5SeLnlPvSikfTIcxx7SAz2u9pwVegIZYaUeukEr9c4CCacSlVrMWAm\/s728\/Screenshot-2022-07-14-160304%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj11Yltr9ny8IYBMakte3mjNwuu3ZsNw8zRg2g-Xe1uHTn0ONOB9QrIvdFfVOeV9sD6_8bkgCtEQbF-nk0llBldHOfbnlDtgoJumio5GBk1I6qAjdQjkaQBneuC2_DbL9410N5SeLnlPvSikfTIcxx7SAz2u9pwVegIZYaUeukEr9c4CCacSlVrMWAm\/s728\/Screenshot-2022-07-14-160304%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj11Yltr9ny8IYBMakte3mjNwuu3ZsNw8zRg2g-Xe1uHTn0ONOB9QrIvdFfVOeV9sD6_8bkgCtEQbF-nk0llBldHOfbnlDtgoJumio5GBk1I6qAjdQjkaQBneuC2_DbL9410N5SeLnlPvSikfTIcxx7SAz2u9pwVegIZYaUeukEr9c4CCacSlVrMWAm\/s728\/Screenshot-2022-07-14-160304%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31321","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=31321"}],"version-history":[{"count":1,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31321\/revisions"}],"predecessor-version":[{"id":31322,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31321\/revisions\/31322"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/31323"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=31321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=31321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=31321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"\/](\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjxFmoxTPVb8iPjrlBRg2XOceST44XRxKGZ6e8tJQJqvSPZn9mmDXClKUYwTT0xdgsUiH4rZBYdDxvarfzUyny_C2Iby0vdfvKby2kgiX1pKgrlHbC6f2gmWIQLhZN5b9G3oFVF6uPfATWyiAGhUl968QmqnzpmW8PSGmuqMF47bTiqg5eU5X6CLd3zhA\/s16000\/242732844-75358813-e1bf-4a2b-8059-d539ac97c510.png\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgVshYkz-UlZ7nv0EfTNr4_EiUy7oIfFPltdjwIDsZ03m0TDZX5Ke__IrUM4b-bAkqGGI_oLT-0YYZUS8iYLkFGF0o8kRh3SSxau-Z2mW8JkbVQ_WeQNi1e_Geihf71fLPM3jk31Ob-4P4U0nHsThFwB-rB6MryZ1kGGCEUmSZrfPSub9Y17V3rD9lzYw\/s16000\/242733093-e79c8cca-5e4e-4fb8-a4b5-4b888006b4cf.png\")
<\/figure>\n","protected":false},"excerpt":{"rendered":"