Unprotect-Project / Unprotect_Submission
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆139Updated this week
Related projects ⓘ
Alternatives and complementary repositories for Unprotect_Submission
- Admin to Kernel code execution using the KSecDD driver☆236Updated 7 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆325Updated 5 months ago
- A ProcessMonitor visualization application written in rust.☆176Updated last year
- ☆111Updated last week
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆194Updated last year
- Performing Indirect Clean Syscalls☆483Updated last year
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆125Updated 4 months ago
- Tools for analyzing EDR agents☆209Updated 5 months ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆434Updated last year
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆343Updated 3 weeks ago
- ☆95Updated 2 years ago
- WTSRM☆199Updated 2 years ago
- EDRSandblast-GodFault☆240Updated last year
- ☆210Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆110Updated 4 months ago
- Exploitation of process killer drivers☆188Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆304Updated 3 months ago
- TartarusGate, Bypassing EDRs☆533Updated 2 years ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆199Updated 2 years ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆301Updated last year
- Source code of exploiting windows API for red teaming series☆146Updated 2 years ago
- For when DLLMain is the only way☆353Updated 3 weeks ago
- Tools and PoCs for Windows syscall investigation.☆354Updated 6 months ago
- A dynamic unpacking tool☆128Updated last year
- Recon 2023 slides and code☆79Updated last year
- Analyse your malware to surgically obfuscate it☆419Updated last year
- ☆103Updated 4 months ago
- Python tool to check rootkits in Windows kernel☆169Updated last week
- simple Windows handle hijacker with a nod to Apxaey for inspiration☆201Updated last year