Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆207Mar 30, 2026Updated last week
Alternatives and similar repositories for Unprotect_Submission
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Threadless Process Injection using remote function hooking.☆808Sep 4, 2024Updated last year
- Collection of my own detection rules☆20Jan 6, 2026Updated 3 months ago
- This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…☆445Aug 2, 2023Updated 2 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆174Mar 15, 2023Updated 3 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…☆46Feb 24, 2023Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 3 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆251Jul 9, 2024Updated last year
- malleable profile generator GUI for Havoc☆55Apr 28, 2023Updated 2 years ago
- Living Off The Land Drivers☆1,444Mar 25, 2026Updated 2 weeks ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆720Jul 19, 2023Updated 2 years ago
- ☆84Aug 26, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Tools and scripts to deploy and manage OpenRelik instances☆16Mar 23, 2026Updated 2 weeks ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Feb 11, 2024Updated 2 years ago
- Now You See Me, Now You Don't☆1,040Jan 23, 2026Updated 2 months ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆533Aug 1, 2022Updated 3 years ago
- DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.☆498Nov 29, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆201Jan 13, 2022Updated 4 years ago
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆900Mar 14, 2026Updated 3 weeks ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆812Mar 16, 2024Updated 2 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆115Aug 29, 2022Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- ☆35Dec 21, 2023Updated 2 years ago
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆235Apr 17, 2023Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆36Nov 12, 2021Updated 4 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆112Feb 8, 2025Updated last year
- Sleep Obfuscation☆824Dec 3, 2023Updated 2 years ago
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆114Oct 11, 2023Updated 2 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆938Jul 20, 2024Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 4 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆148May 6, 2023Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- A collection of my public YARA signatures for various malware families☆30Sep 20, 2024Updated last year
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆409Sep 12, 2023Updated 2 years ago
- I have documented all of the AMSI patches that I learned till now☆73Nov 4, 2025Updated 5 months ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- Beacon Object Files used for Cobalt Strike☆19Jul 18, 2023Updated 2 years ago
- Small and convenient C2 tool for Windows targets☆615Mar 8, 2022Updated 4 years ago