CHA1NSK1
CHA1NSK1
> That's a really nice analysis tool! Thanks for sharing. You're welcome! You can also add it to repos like PEunion and r77 Rootkit so users can use it to...
> Is this an issue where the `*` character causes PowerShell to malfunction once r77 is installed, or are you suggesting to hide registry value by name using wildcards (`*`)?...
> I can confirm that when r77 is installed, wildcard searches behave differently. When you look at ProcessMonitor, you will see that `RegOpenKey` is used when accessing a key directly....
> I assume you're talking about AMSI within your Powershell process - or in general, not the AMSI bypass of the r77 startup routine? > > If so, then that's...
# Donut Build A modified version of Donut built with `Clang/MSVC`, incorporating the AMSI bypass provided by [maxDcb](https://github.com/maxDcb). The build can be downloaded from the link below: [Download Donut Build](https://github.com/Chainski/donut/releases/tag/DonutBuild)...