From 016d4e068fefecdff652cb3f79ce44c85b454c9a Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Wed, 16 Feb 2022 23:12:18 +0700
Subject: [PATCH] Add: whydee86/SnD_AMSI to Defense Evasion section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index 18bc976..cb3e3aa 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -2297,6 +2297,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://gitlab.com/theepicpowner/dcom_av_exec">theepicpowner/dcom_av_exec</a></td>
         <td>DCOM_AV_EXEC allows for "diskless" lateral movement to a target on the same network via DCOM. The AV_Bypass_Framework_V3 creates a .NET shellcode runner (output as DLL) which can be used with the DCOM_AV_EXEC tool to bypass antivirus solutions like Microsoft Defender as all shellcode is AES encrypted and executed in memory.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/whydee86/SnD_AMSI">/whydee86/SnD_AMSI</a></td>
+        <td>Start new PowerShell without etw and amsi in pure nim</td>
+    </tr>
 </table>
 
 ## Collection