Dumbest AMSI bypass I know so far, but it works: sideloading a fake amsi.dll to a copied version of powershell which simply return S_OK / AMSI_RESULT_CLEAN for every command. I would have thought that there was some kind of signature check upon loading amsi.dll but apparently not pic.twitter.com/Gp8WCDIDd8

— eversinc33 🩸🗡️ (@eversinc33) June 6, 2023