From bc0b4f98c458d00b9320342f0552e74963a7f886 Mon Sep 17 00:00:00 2001
From: phulelouch <62769629+phulelouch@users.noreply.github.com>
Date: Wed, 7 Jan 2026 21:01:18 +1100
Subject: [PATCH] Update AMSI bypass recommendations in av-bypass.md

Added recommendation for a new tool (https://amsibypass.com/)  to bypass AMSI signatures, highlighting its features for randomisation and signature avoidance.
---
 src/windows-hardening/av-bypass.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/windows-hardening/av-bypass.md b/src/windows-hardening/av-bypass.md
index e59e8cdff57..9536fe5df93 100644
--- a/src/windows-hardening/av-bypass.md
+++ b/src/windows-hardening/av-bypass.md
@@ -346,6 +346,7 @@ Notes
 - Seen used by loaders executed through LOLBins (e.g., `regsvr32` calling `DllRegisterServer`).
 
 This tools [https://github.com/Flangvik/AMSI.fail](https://github.com/Flangvik/AMSI.fail) also generates script to bypass AMSI.
+Also recommmend this tool [https://amsibypass.com/](https://amsibypass.com/) which also generates script to bypass AMSI that avoid signature by randomized user-defined function, variables, characters expression and applies random character casing to PowerShell keywords to avoid signature.
 
 **Remove the detected signature**