In this blog we will take a look at some more AMSI Bypass techniques. Hooking into AMSI Another way of bypassing AMSI would be to hook an AMSI API and divert the execution to some other code. We can use detours library in C for the sake of simplicity to implement our hooks. Otherwise we can also use direct patching to implement our hooks Hooking AmsiScanBuffer In our example we will use AmsiScanBuffer to hook