Yet Another Not So Obfuscated LLVM

AV/EDR evasion via direct system calls.

Dive into CPython internals, trying to illustrate every detail of CPython implementation | CPython 源码阅读笔记, 多图展示底层实现细节

分别用R3的0day与R0的0day来干掉杀毒软件

Evading WinDefender ATP credential-theft

A tool for in-depth analysis of USB HID devices communication

AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With …

API Set resolver for Windows

Research on Anti-malware and other related security solutions

Intercepting DeviceControl via WPP

Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

WRK-V1.2-VS-SLN - x64 and x86 - disable optimization for easy debug

build wrk (windows research kernel) using the latest msvc 2019

Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities) to load a unsigned driver

Windows Kernel nt files - To research windows kernel

Windows Kernel win32k files - To research windows kernel

C++ library for creating and updating Microsoft Word (.docx) files.

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI

vanished OpenNT project

Windows Kernel Object Explorer

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

Window Executable file Function tracer using Debugging API

The OpenSource Disassembler

xAnalyzer plugin for x64dbg

Code for the cross platform, single source, OpenDTrace implementation

Idapython script to carve binary for internal RPC structures