fr0gger / unprotectView external linksLinks
Unprotect is a python tool for parsing PE malware and extract evasion techniques.
☆120May 22, 2023Updated 2 years ago
Alternatives and similar repositories for unprotect
Users that are interested in unprotect are comparing it to the libraries listed below
Sorting:
- ☆18Apr 4, 2019Updated 6 years ago
- Notepad++ Syntax Highlighting for Languages Used by Cyber Security Professionals☆14May 31, 2020Updated 5 years ago
- Automatic DLL comment link generation and explaination of the DLL Proxying techniques☆10Aug 19, 2021Updated 4 years ago
- Malware analysis tool based on taint analysis.☆14Jan 29, 2022Updated 4 years ago
- Malware similarity platform with modularity in mind.☆80Jul 18, 2021Updated 4 years ago
- analysis of visual basic code☆46Mar 25, 2018Updated 7 years ago
- Registry hive parsing the async way☆25Oct 29, 2025Updated 3 months ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.☆80May 3, 2023Updated 2 years ago
- Random hunting ordiented yara rules☆98Mar 27, 2023Updated 2 years ago
- Tool to decrypt the configuration of NanoCore and dump all used plugins☆12Dec 8, 2020Updated 5 years ago
- A loadable dll that tracks memory changes, IAT hooks, and dynamically emplaced "JMP" in the x86 host executable.☆12Oct 22, 2023Updated 2 years ago
- Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.☆192Aug 3, 2025Updated 6 months ago
- ☆18Jul 3, 2020Updated 5 years ago
- ☆15Dec 16, 2020Updated 5 years ago
- ☆65Nov 12, 2022Updated 3 years ago
- A list of JARM hashes for different ssl implementations used by some C2/red team tools.☆145Apr 20, 2023Updated 2 years ago
- Ursnif beacon decryptor☆27Mar 20, 2023Updated 2 years ago
- Dynamic Taint Analysis versus Obfuscated Self-Checking☆16Sep 5, 2021Updated 4 years ago
- IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.☆18Nov 16, 2018Updated 7 years ago
- 7 days of Red Teaming TTPs that your favorite tools may use to acheive a post exploitation goal☆18Apr 17, 2021Updated 4 years ago
- Windows Local Privilege Escalation - 0 Day Vulnerability (schtasks.exe) released by @SandboxEscaper :)☆17May 22, 2019Updated 6 years ago
- A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo☆29Jun 11, 2020Updated 5 years ago
- Remote memory library in C++17.☆34May 31, 2018Updated 7 years ago
- Reflective PE loader for DLL injection☆186Oct 12, 2017Updated 8 years ago
- AppXSVC Service race condition - privilege escalation☆30Jul 30, 2019Updated 6 years ago
- PoC designed to evade userland-hooking anti-virus.☆90May 15, 2019Updated 6 years ago
- Trigram database written in C++, suited for malware indexing☆130Jan 26, 2026Updated 2 weeks ago
- Headers for linking your software with ntdll.dll☆15Nov 4, 2020Updated 5 years ago
- ☆78May 24, 2018Updated 7 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆221Jul 10, 2022Updated 3 years ago
- Binee: binary emulation environment☆530Feb 25, 2023Updated 2 years ago
- This project is created for research into antivirus evasion by unhooking.☆18Sep 2, 2021Updated 4 years ago
- ☆15Nov 25, 2021Updated 4 years ago
- Malware Sandbox Emulation in Python @ HITCON 2018☆46Aug 1, 2018Updated 7 years ago
- Import DynamoRIO drcov code coverage data into Ghidra☆44Dec 21, 2023Updated 2 years ago
- YARA malware query accelerator (web frontend)☆437Feb 3, 2026Updated last week
- Import specific data sources into the Sigma generic and open signature format.☆79May 6, 2022Updated 3 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago