Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆207Mar 30, 2026Updated 3 weeks ago
Alternatives and similar repositories for Unprotect_Submission
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Threadless Process Injection using remote function hooking.☆815Sep 4, 2024Updated last year
- Collection of my own detection rules☆20Jan 6, 2026Updated 3 months ago
- This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…☆445Aug 2, 2023Updated 2 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 3 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…☆46Feb 24, 2023Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 3 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆251Jul 9, 2024Updated last year
- malleable profile generator GUI for Havoc☆55Apr 28, 2023Updated 3 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆724Jul 19, 2023Updated 2 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆535Aug 1, 2022Updated 3 years ago
- ☆84Aug 26, 2024Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Tools and scripts to deploy and manage OpenRelik instances☆16Mar 23, 2026Updated last month
- Living Off The Land Drivers☆1,588Updated this week
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Feb 11, 2024Updated 2 years ago
- Now You See Me, Now You Don't☆1,043Jan 23, 2026Updated 3 months ago
- DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.☆498Nov 29, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆201Jan 13, 2022Updated 4 years ago
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆907Apr 21, 2026Updated last week
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆818Mar 16, 2024Updated 2 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆116Aug 29, 2022Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- ☆35Dec 21, 2023Updated 2 years ago
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆235Apr 17, 2023Updated 3 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆36Nov 12, 2021Updated 4 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆112Feb 8, 2025Updated last year
- Sleep Obfuscation☆834Dec 3, 2023Updated 2 years ago
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆114Oct 11, 2023Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 4 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆147May 6, 2023Updated 2 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆949Jul 20, 2024Updated last year
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- ETW based POC to identify direct and indirect syscalls☆192Apr 19, 2023Updated 3 years ago
- A collection of my public YARA signatures for various malware families☆30Sep 20, 2024Updated last year
- I have documented all of the AMSI patches that I learned till now☆73Nov 4, 2025Updated 5 months ago
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆409Sep 12, 2023Updated 2 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- Beacon Object Files used for Cobalt Strike☆19Jul 18, 2023Updated 2 years ago
- Small and convenient C2 tool for Windows targets☆614Mar 8, 2022Updated 4 years ago