All Challenges
43 bypass challenges across 5 categories. Each challenge targets a specific weakness in the scanner's detection engine.
Signature Detection Bypass
Defeat the scanner’s static string matching engine that searches for known malware signatures as contiguous byte sequences.
#01 String Splitting
Fragment signature strings into runtime-concatenated parts.
#02 XOR Encoding
Use bitwise XOR to transform signature bytes beyond recognition.
#03 Charcode Construction
Build strings from numeric ASCII character codes.
#04 String Reversal
Store signatures backwards; reverse at runtime.
#05 Environment Variable Abuse
Hide string fragments in OS environment variables.
#06 ROT13 / Caesar Cipher
Apply classical substitution ciphers to evade matching.
#07 Hex Encoding
Represent signature bytes as hexadecimal digit strings.
#08 Format String Replace
Insert noise characters and strip them at runtime.
#09 Type Conversion
Abuse .NET type system and StringBuilder to assemble strings.
#10 UTF-16LE Null Interleaving
Exploit Unicode encoding differences to break byte matching.
#11 Null Byte Insertion
Insert invisible null bytes to split contiguous patterns.
#12 Unicode Homoglyph
Replace ASCII with visually identical Unicode characters.
#13 Zero-Width Characters
Insert invisible Unicode characters that break byte sequences.
#14 Download Cradle
Exploit the scanner's warning-only pattern check design flaw.
Non-Printable Ratio Bypass
Defeat the scanner’s non-printable byte analysis that flags files with >40% non-printable content (for files >= 64 bytes).
#15 Base64 Encoding
Convert binary to 100% printable ASCII characters.
#16 Ratio Padding
Dilute the non-printable ratio with junk printable bytes.
#17 Sub-64 Size Gate
Exploit the 64-byte minimum file size requirement.
#18 Encrypted Payload
Use encryption combined with encoding to pass all checks.
#19 Archive Container
Hide payloads inside archive formats the scanner can't unpack.
Small Executable Bypass
Circumvent the check that flags files smaller than 32 bytes with suspicious extensions.
#20 Size Padding
Add non-functional content to exceed the 32-byte threshold.
#21 Extension Avoidance
Break the dual-condition check by using a non-suspicious extension.
Extension Heuristic Bypass
Exploit weaknesses in the scanner’s extension-based file type detection.
#22 Uncommon Extensions
Use executable extensions not on the hardcoded list.
#23 No Extension
Exploit rfind('.') returning -1 with extensionless files.
#24 Double Extension
Social engineering via hidden extension display behavior.
#25 RTLO Unicode
Right-to-Left Override to visually spoof filenames.
#26 Fullwidth Dot
Unicode fullwidth period invisible to ASCII dot search.
#27 Trailing Dots/Spaces
Exploit NTFS filename normalization behavior.
#28 NTFS ADS
Hide payloads in Alternate Data Streams the scanner ignores.
#29 PE Stub (No Analysis)
Craft a PE executable that passes without structural checks.
#30 Polyglot File
Create files valid in multiple formats simultaneously.
AMSI Bypass
Disable or circumvent the Windows Antimalware Scan Interface through runtime manipulation.
#31 AMSI Init Failed
Manipulate PowerShell's internal AMSI initialization flag.
#32 Memory Patch
Overwrite AmsiScanBuffer to always return clean.
#33 PowerShell Downgrade
Use PSv2 which predates AMSI entirely.
#34 Base64 Encoded Command
Encode payloads for -EncodedCommand to evade file scanning.
#35 COM Server Hijacking
Redirect AMSI to a dummy provider via HKCU COM override.
#36 Obfuscated Reflection
Achieve amsiInitFailed without detectable strings in the script.
#37 CLM Escape
Escape Constrained Language Mode before bypassing AMSI.
#38 Context Corruption
Null the AMSI context handle to force scan failure.
#39 Chunked Execution
Split payload across multiple independently-scanned buffers.
#40 Fileless Assembly
Load .NET assemblies directly into memory without disk I/O.
#41 DLL Path Hijacking
Plant a fake amsi.dll in the DLL search path.
#42 WMI Event Subscription
Execute in wmiprvse.exe via WMI Living-off-the-Land.
#43 ETW Patching
Blind all telemetry by patching EtwEventWrite.