Program for determining types of files for Windows, Linux and MacOS.

Driver that uses network sockets to communicate with client and read/ write protected process memory.

📈 A Minecraft server status checker

Ghosting-AMSI

A mapper that maps shellcode into loaded large page drivers

Disk based DMA for ATA and SCSI

x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration

Not mine. Only for saving

Windows memory hacking library

Disks for DMA

Demonstrating 'secure device authentication' using an esp32 running the micropython firmware. This demo leverages a microchip secure element atecc608a and authenticates with Google IoT Core.

Windows Object Explorer 64-bit

Module extending manual mapper

Fumo Loader - All in one kernel-based DLL injector

A very simple C++ library for download pdb, get rva of function, global variable and offset from struct.

Hooking Windows' exception dispatcher to protect process's PML4

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…

nmi stackwalking + module verification

"Service-less" driver loading

Research on obfuscated licensing APIs / CLIP service in the Windows kernel

Reimplementation of Microsoft's Warbird obuscator

An example of how to use Microsoft Windows Warbird technology

Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.

Obfusheader.h is a portable header file for C++14 compile-time obfuscation.

C++17 PE manualmapper

Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow with very detailed explanation.

Windows kernel and user mode emulation.