Unprotect-Project / Unprotect_Submission
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆154Updated last month
Alternatives and similar repositories for Unprotect_Submission:
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆134Updated 7 months ago
- ☆111Updated this week
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆204Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆115Updated 7 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆333Updated last week
- WTSRM☆207Updated 2 years ago
- Analyse your malware to surgically obfuscate it☆451Updated last month
- ☆231Updated 2 years ago
- A ProcessMonitor visualization application written in rust.☆178Updated last year
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆115Updated last year
- Collect Windows telemetry for Maldev☆298Updated last week
- ETW based POC to identify direct and indirect syscalls☆180Updated last year
- Admin to Kernel code execution using the KSecDD driver☆243Updated 10 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆369Updated 3 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆306Updated last year
- Python tool to check rootkits in Windows kernel☆192Updated 2 weeks ago
- Exploitation of process killer drivers☆196Updated last year
- Tools for analyzing EDR agents☆220Updated 8 months ago
- ☆206Updated 3 weeks ago
- Performing Indirect Clean Syscalls☆514Updated last year
- ☆105Updated 7 months ago
- Repository of Yara Rules☆100Updated this week
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆203Updated 2 years ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆321Updated 6 months ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆105Updated last week
- MalUnpack companion driver☆93Updated 8 months ago
- ☆129Updated last year
- A dynamic unpacking tool☆132Updated last year
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆229Updated last year
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆108Updated 3 years ago