[hw] hackerswar v3.0
~ p / amsi-april-2026
search ⌘K
dark
Dispatches | Mar 29, 2026 | 6 min | Medium

Notes on Defender's New AMSI Heuristics

What changed in the April update, and what still works.

JR J.Reyes | Mar 29, 2026 | 6 min

Microsoft pushed an AMSI update on April 14. Three popular evasions stopped working overnight.

  • Dead: classic amsi.dll unhook via VirtualProtect.
  • Dead: hardware-breakpoint patches in PowerShell 5.x.
  • Dead: AmsiScanBuffer return-value tampering with the old offset.
  • Alive: indirect syscalls combined with a fresh offset.

Related

CTF Writeups
Trail of Breadcrumbs
Apr 28, 2026 · 14 min
AI Security
The Quiet Supply Chain
Apr 21, 2026 · 22 min
blog.hackerswar.com 7 posts indexed
php 8.3.30 rendered 3.1ms