top of page
  • Writer's pictureTimmy TSENG

AMON-Eye: Advanced Malware Toolkit


In today's digital world, cyber threats have become increasingly serious, and malware attacks have posed a huge threat to the data security of organizations and individuals. Cobaltstrike is a widely used red team tool, and its anti-virus and intrusion detection system (EDR) bypass capabilities make it one of the most elusive tools for adversaries. AMON-Eye is decompiled, modified, and developed based on Cobaltstrike. It combines different concepts and projects to further improve the attacker's stealth and operability. This article will explore the usage and main functions of AMON-Eye.

1. How to use AMON-Eye The use of AMON-Eye is relatively simple. The attacker only needs to run the AMON-Eye executable file on the victim's system to start the attack. This tool suite provides a simple and intuitive user interface, allowing the operator to easily perform various attack activities.

AMON-Eye's main features

  1. EDR and Anti-Virus Bypass: AMON-Eye uses a range of techniques and methods designed to bypass detection by EDR and anti-virus solutions. This includes the use of encryption and compression techniques to obfuscate malicious code, as well as the use of anti-detection techniques to evade behavioral analysis and virus signatures.

  2. Attack modules: AMON-Eye has multiple built-in attack modules that can perform various attack activities, such as implanting backdoors, executing remote code, breaking system security restrictions, etc. Attackers can select and configure these modules as needed to achieve their attack goals.

  3. Remote Control and Command: AMON-Eye has remote control and command capabilities, enabling attackers to monitor and operate infected systems from a remote location. This allows attackers to flexibly control the course of attack activities while minimizing the risk of being detected and tracked.

  4. Detection evasion: AMON-Eye uses a variety of detection evasion techniques, such as module injection, code reorganization, and zombie processes, which can make malicious code more difficult to detect and block when running on the system.


AMON-Eye is a powerful malware toolkit that is modified and developed based on Cobaltstrike and combines the ideas of multiple technologies and projects. This toolkit is highly stealthy and operational, and attackers can use it to perform various advanced attack activities while bypassing the detection of EDR and anti-virus solutions. However, it should be emphasized that this article is for research and educational purposes only, and it is strictly prohibited to use AMON-Eye for any illegal activities, otherwise you will be held legally responsible.


  1. AMON-Eye GitHub page:

2 views0 comments

Recent Posts

See All

Windows adds a digital signature to exe

Generate a self-signed root certificate makecert -n "CN=Microfost Windows" -r -sv Root.pvk Root.cer This command uses the makecert tool to create a self-signed root certificate with the certificate na


bottom of page