Unprotect-Project / Unprotect_SubmissionLinks
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆200Updated 3 months ago
Alternatives and similar repositories for Unprotect_Submission
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below
Sorting:
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆167Updated last year
- Python tool to check rootkits in Windows kernel☆204Updated 4 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆474Updated 6 months ago
- Collect Windows telemetry for Maldev☆450Updated last month
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆224Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆362Updated 10 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆318Updated 2 years ago
- ☆121Updated this week
- Vulnerable driver research tool, result and exploit PoCs☆225Updated 2 years ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆219Updated 3 years ago
- A ProcessMonitor visualization application written in rust.☆183Updated 2 years ago
- ☆268Updated 2 years ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆220Updated last year
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆264Updated last year
- Tools for analyzing EDR agents☆274Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆357Updated last year
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆463Updated 2 years ago
- Process Injection using Thread Name☆286Updated 8 months ago
- Performing Indirect Clean Syscalls☆595Updated 2 years ago
- A small x64 library to load dll's into memory.☆451Updated 2 years ago
- Admin to Kernel code execution using the KSecDD driver☆259Updated last year
- Important notes and topics on my journey towards mastering Windows Internals☆420Updated last year
- Tools and PoCs for Windows syscall investigation.☆368Updated 3 weeks ago
- Yet another variant of Process Hollowing☆424Updated 5 months ago
- An easily modifiable shellcode template for Windows x64 written in C☆275Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆190Updated 2 years ago
- A tutorial on how to write a packer for Windows!☆301Updated 2 years ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆420Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆670Updated 3 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆124Updated last year