In a post-signature world, antivirus engines have evolved — but so have attackers. AMSI is Microsoft’s last line of defense against malicious scripts, while UAC acts as the gatekeeper to elevated execution. What happens when both are bypassed with surgical precision?

In this talk, we’ll venture deep into advanced evasion on Windows, focusing on PowerShell and JScript-based attacks designed to dismantle modern defenses. Through the lens of offensive operations and red team engagements, we’ll explore:

Bypassing AMSI with .NET Reflection in PowerShell

Overwriting AMSI buffers in memory (Wrecking AMSI)

UAC Bypasses that remain effective even against Microsoft Defender's real-time scans

AMSI evasion using JScript and COM-based execution

Each evasion technique will be demonstrated, dissected, and explained — including the underlying memory manipulation, abuse of trusted interfaces, and how attackers ensure persistence under heavy endpoint monitoring.

Alongside these practical payloads, we’ll cover:

Why AMSI is broken by design in certain contexts

The cat-and-mouse game between red teams and Microsoft patches

Defensive techniques to detect these evasions in real-time

This session is not for the faint of heart. It’s for defenders, red teamers, and researchers who want to stay ahead in a game where stealth, not brute force, wins.