Unprotect-Project / Unprotect_SubmissionLinks
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆195Updated 3 weeks ago
Alternatives and similar repositories for Unprotect_Submission
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below
Sorting:
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆165Updated last year
- Python tool to check rootkits in Windows kernel☆201Updated last month
- Collect Windows telemetry for Maldev☆424Updated 3 weeks ago
- ☆114Updated 3 months ago
- A ProcessMonitor visualization application written in rust.☆184Updated 2 years ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆316Updated 2 years ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆219Updated 2 years ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆440Updated 3 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆358Updated 8 months ago
- ☆265Updated 2 years ago
- Vulnerable driver research tool, result and exploit PoCs☆217Updated last year
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆217Updated 3 years ago
- Tools for analyzing EDR agents☆265Updated last year
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆210Updated last year
- Repository of Yara Rules☆123Updated last month
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆353Updated last year
- PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs…☆211Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆271Updated last year
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆234Updated 11 months ago
- Performing Indirect Clean Syscalls☆581Updated 2 years ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆315Updated last year
- Important notes and topics on my journey towards mastering Windows Internals☆409Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆120Updated last year
- BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).☆396Updated last month
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆520Updated last year
- Analyse your malware to surgically obfuscate it☆501Updated 4 months ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti …☆307Updated last year
- Process Injection using Thread Name☆282Updated 5 months ago
- Admin to Kernel code execution using the KSecDD driver☆258Updated last year
- An easily modifiable shellcode template for Windows x64 written in C☆262Updated 2 years ago