Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective efforts. By contributing, you’ll help strengthen the project and push the boundaries of what we can achieve together.
☆207Mar 30, 2026Updated 2 months ago
Alternatives and similar repositories for Unprotect_Submission
Users that are interested in Unprotect_Submission are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Threadless Process Injection using remote function hooking.☆817Sep 4, 2024Updated last year
- Collection of my own detection rules☆20Jan 6, 2026Updated 5 months ago
- This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…☆443Aug 2, 2023Updated 2 years ago
- ☆115Oct 10, 2022Updated 3 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆174Mar 15, 2023Updated 3 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…☆46Feb 24, 2023Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 3 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 3 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆254Jul 9, 2024Updated last year
- malleable profile generator GUI for Havoc☆55Apr 28, 2023Updated 3 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆728Jul 19, 2023Updated 2 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- ☆84Aug 26, 2024Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Tools and scripts to deploy and manage OpenRelik instances☆17Mar 23, 2026Updated 2 months ago
- Living Off The Land Drivers☆1,656May 20, 2026Updated 2 weeks ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Feb 11, 2024Updated 2 years ago
- Now You See Me, Now You Don't☆1,053May 22, 2026Updated 2 weeks ago
- DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.☆501Nov 29, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- A repository to store community malware research notes and findings.☆16Feb 13, 2026Updated 3 months ago
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆914May 30, 2026Updated last week
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆828Mar 16, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆116Aug 29, 2022Updated 3 years ago
- ☆35Dec 21, 2023Updated 2 years ago
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆233Apr 17, 2023Updated 3 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆36Nov 12, 2021Updated 4 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆112Feb 8, 2025Updated last year
- Sleep Obfuscation☆834Dec 3, 2023Updated 2 years ago
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆114Oct 11, 2023Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 4 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆147May 6, 2023Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- PoC Implementation of a fully dynamic call stack spoofer☆959Jul 20, 2024Updated last year
- ETW based POC to identify direct and indirect syscalls☆197Apr 19, 2023Updated 3 years ago
- A collection of my public YARA signatures for various malware families☆30Sep 20, 2024Updated last year
- I have documented all of the AMSI patches that I learned till now☆73Nov 4, 2025Updated 7 months ago
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆419Sep 12, 2023Updated 2 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- Beacon Object Files used for Cobalt Strike☆19Jul 18, 2023Updated 2 years ago