Unprotect-Project / Unprotect_Submission
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆147Updated last week
Alternatives and similar repositories for Unprotect_Submission:
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below
- ☆111Updated last month
- A ProcessMonitor visualization application written in rust.☆176Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆114Updated 6 months ago
- ☆226Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆330Updated 7 months ago
- Admin to Kernel code execution using the KSecDD driver☆244Updated 8 months ago
- WTSRM☆206Updated 2 years ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows.☆200Updated 2 years ago
- A dynamic unpacking tool☆130Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆249Updated 7 months ago
- ETW based POC to identify direct and indirect syscalls☆177Updated last year
- Tools for analyzing EDR agents☆214Updated 7 months ago
- ☆104Updated 6 months ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆233Updated last year
- Exploitation of process killer drivers☆194Updated last year
- Performing Indirect Clean Syscalls☆505Updated last year
- Native Syscalls Shellcode Injector☆264Updated last year
- Collect Windows telemetry for Maldev☆266Updated last week
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆321Updated 5 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆129Updated 5 months ago
- ☆186Updated last week
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆226Updated last year
- EDRSandblast-GodFault☆243Updated last year
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆197Updated last year
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆92Updated 3 years ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆350Updated 2 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆264Updated last year
- Finding secrets in kernel and user memory☆113Updated last year
- ☆154Updated 8 months ago