fr0gger/Unprotect_Submission fr0gger/Unprotect_Submission

  • Stars
    star
    121
  • Rank 293,924 (Top 6 %)
  • Language
    C++
  • Created over 3 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
fr0gger/Unprotect_Submission
github

fr0gger

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Repository to publish your evasion techniques and contribute to the project

How to contribute to the Unprotect Project?

The Unprotect project is an open-source database that aims to classify malware evasion techniques to strengthen the security in place, but also to understand how malware can bypass security mechanisms. This is a handy resource for the red, blue, and purple teamer.

This project is community-centric so that everyone can contribute to the database. The purpose of this repository is to provide a simple way for the community to contribute to the project. For each contributor, we will add your name in the contributor's section.

Before writing a proposal, we recommend that you review an example.

To add a technique, you can fork this repository, create a folder in the techniques section containing the name of the technique, and add the details. You have a sample model available here. Once you've added your technique, you can PR.

More details on the process of adding, modifying, or updating a technique can be found below.

Adding a new technique to the database

To contribute, you can send a pull request to this repository containing the title of the technique in the PR and including the following. You can also have a look to the template description.

1 - Authorship information

  • Name or Pseudo (required)
  • Twitter handle (not required)
  • Website (not required)
  • Linkedin profile (not required)
  • Email address (not required)

2 - Technique Information (required)

Each submission should include several pieces of information to be reviewed:

  • Technique title (required): the techniques you want to add with a minimum of words
  • Technique category (required): add the category on which your technique is based. Check the list
  • Technique description (required): iInclude as much detail as possible about your technique. Don't worry about grammar, the Unprotect team will review the submission.
  • Additional ressources: include any additional resources relevant to the techniques.

3 - Code snippet (not required but highly recommended)

  • For each technique in the database, we try to document it with a functional POC. It is highly recommended to add it if you have it. The Unprotect team will review and test the code.
  • Code can be written in any language (C/C++, Python, Golang, Powershell, ASM, Delphi...)
  • You can add a small description at the top to mention any specific information such as the library required to run.
  • If you are reusing the code from elsewhere, please add a comment at the beginning of your code that includes the original source.

4 - Detection Rules (not required but highly recommended)

The detection rules part is particularly important to help the community defend itself against these techniques. Although it is not always possible to create detection rules, we strongly encourage you to do your best to add them.

  • Yara rules: Please add the Yara rules related to your technique. If it's yours, add your name in the meta, otherwise keep the original authorship.
  • Sigma rules: Please add the Sigma rules related to your technique. If it's yours, add your name in the meta, otherwise keep the original authorship.
  • Capa rules: Please add the Capa rules related to your technique.If it's yours, add your name in the meta, otherwise keep the original authorship.

Modifying a technique

Sometimes you may have more details on a specific technique or you may notice an error somewhere. You can also have snippets or detection rules.

Please add your modification including the following information:

1 - Authorship information

2 - Title of the techniques to modify

3 - New Description (if required)

4 - Code snippet (if you have it)

5 - Detection rules (if you have it)

Thanks for your contribution!

We created this project to help the infosec community. We hope you like it because we put a lot of effort into it. We have more work in the pipeline and if you're interested, we recommend that you stay on top of future releases by following us:

In the future, we would like to thank our contributors and we are planning some goodies. ;)

You can also send greetings to us if you like this project. <3

More Repositories

1

Awesome-GPT-Agents

A curated list of GPT agents for cybersecurity
4,833
star
2

awesome-ida-x64-olly-plugin

A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.
1,123
star
3

Awesome_Malware_Techniques

This is a repository of resource about Malware techniques
622
star
4

IATelligence

IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
Python
342
star
5

vthunting

Vthunting is a tiny script used to generate report about Virus Total hunting and send it by email, slack or telegram.
Python
156
star
6

jupyter-collection

Collection of Jupyter Notebooks by @fr0gger_
HTML
127
star
7

unprotect

Unprotect is a python tool for parsing PE malware and extract evasion techniques.
Python
107
star
8

RocProtect-V1

Emulating Virtual Environment to stay protected against advanced malware
C++
98
star
9

MalwareMuncher

Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enabling users to conduct malware analysis.
JavaScript
40
star
10

SuperPeHasher

SuperPeHasher is a wrapper for several hash algorithms dedicated to PE file.
Python
27
star
11

Yara-Unprotect

This repository regroups the Yara Rules for the Unprotect Project
YARA
25
star
12

JupyterUniverse

Jupyter Univere is a search engine for all infosec jupyter notebooks
18
star
13

hash.py

hash.py is a python script that calculates a fingerprint (MD5, SHA256, SHA512). The script also allows you to compare two fingerprints to check if it is consistent. It can be used in digital forensics.
Python
10
star
14

Check-Domain-Availability

Tiny script to verify if a domain or a list of domain is available.
Python
9
star
15

shellcode2exe_package

x64 Windows package of the shellcode2exe tool
7
star
16

strings_similarity

This is a short Jupyter Notebook to demonstrate Strings extraction to generate a graph.
Jupyter Notebook
6
star
17

fr0gger

5
star
18

Scripts_and_Snippets

Scripts and Snippets
Python
5
star
19

scapside.py

A scapside.py is a pretty little tool to perform basic network attacks using Scapy
Python
5
star
20

Timer

Gym Timer
C++
2
star
21

Jupyter-Universe

A repository to centralise Jupyter Notebook about Cybersecurity
1
star