Unprotect Navbar Version Logo
  • Home
  • Techniques
  • Scan
  • Resources
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • Avatar Login

Search For Content

Clear

Search Result

15 item(s) found so far for this keyword.

SMB / Named Pipes
Network Evasion icon
Network Evasion

Named Pipes are a feature of the Windows operating system that allow for inter-process communication (IPC) using a pipe metaphor. These are particularly useful in networking scenarios as they can be made accessible over a network and facilitate a client-server model of communication. The SMB (Server Message Block) protocol is commonly used in Windows environments for shared access to files, …

Read more

Process Argument Spoofing
Process Manipulating icon
Process Manipulating

Process Argument Spoofing is a technique used by attackers to hide their true intentions by changing the command line arguments of a process after it has started.

--windows-- This is done by tampering with the Process Environment Block (PEB).

The PEB is a structure in Windows that holds various information about a running process. Within the PEB, there's …

Read more

NixImports
Packers icon
Packers

A .NET malware loader employs API-Hashing and dynamic invocation to circumvent static analysis. NixImports utilizes managed API-Hashing to dynamically determine most of its required functions during runtime. For function resolution, HInvoke needs two specific hashes: typeHash and methodHash, representing the type name and the method's full name, respectively. At runtime, HInvoke scans the entire mscorlib to locate the corresponding type …

Read more

Exfiltration via SMTP
Network Evasion icon
Network Evasion

Exfiltration via SMTP is a technique where attackers leverage the Simple Mail Transfer Protocol (SMTP) to exfiltrate data. This method involves sending stolen data, such as sensitive files or system information, via email to an attacker-controlled email account. By using email traffic, attackers can often bypass traditional network monitoring solutions since SMTP traffic is usually deemed legitimate.

To execute …

Read more

Removing Commands from SELinux Audit Logs
Anti-Forensic icon
Anti-Forensic

SELinux audit logs record all executed commands and policy enforcement actions, including commands like /bin/web, setenforce, mount, and /bin/rm. Using sed -i, attackers delete specific entries from these logs that could reveal the commands they executed. This manipulation ensures that traces of their activity, such as disabling security policies or deleting evidence, are erased from …

Read more
  • 1
  • 2

The #UnprotectProject is brought to you by 🇫🇷 DarkCoderSc and 🇫🇷 fr0gger_

Terms And Conditions | GDPR

Contribute Now