Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆207Mar 30, 2026Updated last month
Alternatives and similar repositories for Unprotect_Submission
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Threadless Process Injection using remote function hooking.☆817Sep 4, 2024Updated last year
- Collection of my own detection rules☆20Jan 6, 2026Updated 4 months ago
- This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…☆446Aug 2, 2023Updated 2 years ago
- ☆115Oct 10, 2022Updated 3 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…☆46Feb 24, 2023Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 3 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 3 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆252Jul 9, 2024Updated last year
- malleable profile generator GUI for Havoc☆55Apr 28, 2023Updated 3 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆725Jul 19, 2023Updated 2 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- ☆84Aug 26, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Tools and scripts to deploy and manage OpenRelik instances☆16Mar 23, 2026Updated last month
- Living Off The Land Drivers☆1,620May 5, 2026Updated 2 weeks ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Feb 11, 2024Updated 2 years ago
- Now You See Me, Now You Don't☆1,046Jan 23, 2026Updated 3 months ago
- DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.☆499Nov 29, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- A repository to store community malware research notes and findings.☆15Feb 13, 2026Updated 3 months ago
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆908May 9, 2026Updated last week
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆826Mar 16, 2024Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆116Aug 29, 2022Updated 3 years ago
- ☆35Dec 21, 2023Updated 2 years ago
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆233Apr 17, 2023Updated 3 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆36Nov 12, 2021Updated 4 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆112Feb 8, 2025Updated last year
- Sleep Obfuscation☆837Dec 3, 2023Updated 2 years ago
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆114Oct 11, 2023Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 4 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆147May 6, 2023Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- PoC Implementation of a fully dynamic call stack spoofer☆956Jul 20, 2024Updated last year
- ETW based POC to identify direct and indirect syscalls☆196Apr 19, 2023Updated 3 years ago
- A collection of my public YARA signatures for various malware families☆30Sep 20, 2024Updated last year
- I have documented all of the AMSI patches that I learned till now☆73Nov 4, 2025Updated 6 months ago
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆415Sep 12, 2023Updated 2 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- Beacon Object Files used for Cobalt Strike☆19Jul 18, 2023Updated 2 years ago