Unprotect-Project / Unprotect_Submission
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆155Updated 2 weeks ago
Alternatives and similar repositories for Unprotect_Submission:
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below
- ☆111Updated 2 weeks ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆137Updated 7 months ago
- A ProcessMonitor visualization application written in rust.☆178Updated last year
- ☆232Updated 2 years ago
- Admin to Kernel code execution using the KSecDD driver☆244Updated 10 months ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆203Updated 2 years ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆322Updated 6 months ago
- Performing Indirect Clean Syscalls☆516Updated last year
- WTSRM☆208Updated 2 years ago
- Tools for analyzing EDR agents☆221Updated 8 months ago
- ☆212Updated last month
- Exploitation of process killer drivers☆197Updated last year
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆206Updated last year
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆108Updated 3 years ago
- ☆155Updated 9 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated 3 weeks ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆114Updated 7 months ago
- Analyse your malware to surgically obfuscate it☆455Updated last week
- Slides & Code snippets for a workshop held @ x33fcon 2024☆253Updated 8 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆385Updated 4 months ago
- Collect Windows telemetry for Maldev☆299Updated 3 weeks ago
- ☆233Updated 9 months ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆633Updated 2 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆229Updated last year
- miscellaneous scripts and programs☆234Updated last month
- Repository of Yara Rules☆100Updated 2 weeks ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆307Updated last year
- ETW based POC to identify direct and indirect syscalls☆180Updated last year
- ☆129Updated last year
- ☆214Updated 2 years ago