Unprotect-Project / Unprotect_Submission
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆158Updated this week
Alternatives and similar repositories for Unprotect_Submission:
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below
- A ProcessMonitor visualization application written in rust.☆177Updated last year
- ☆113Updated last month
- ☆255Updated 2 years ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆141Updated 8 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆207Updated last year
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆310Updated last year
- Admin to Kernel code execution using the KSecDD driver☆244Updated 11 months ago
- Repository of Yara Rules☆103Updated last month
- Collect Windows telemetry for Maldev☆324Updated last month
- WTSRM☆209Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated last month
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆114Updated 8 months ago
- Python tool to check rootkits in Windows kernel☆195Updated last month
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆108Updated 3 years ago
- ☆216Updated 2 months ago
- Tools for analyzing EDR agents☆223Updated 9 months ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆207Updated 2 years ago
- Analyse your malware to surgically obfuscate it☆457Updated last month
- Native Syscalls Shellcode Injector☆266Updated last year
- Finding secrets in kernel and user memory☆115Updated last year
- Source code of exploiting windows API for red teaming series☆148Updated 2 years ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆256Updated 9 months ago
- Exploitation of process killer drivers☆199Updated last year
- Conti Locker source code☆189Updated 3 years ago
- ☆214Updated 2 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆229Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆324Updated 7 months ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆244Updated last year
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆209Updated 5 months ago
- Performing Indirect Clean Syscalls☆526Updated last year