WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API

pySigma backend and pipeline for Qualys Query Language

PoC for the Untrusted Pointer Dereference in the ks.sys driver

Just Monika

Exploit POC for CVE-2024-36877

Kernel pointers copied to output user mode buffer with ioctl 0x22A014 in the appid.sys driver.

Repository for hosting my research papers

Side-by-side comparison of the Windows and Linux (GNU) Loaders

Implementation of C++ standard libraries in C

A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.

PE bin2bin obfuscator

Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post

VMPilot: A Modern C++ Virtual Machine SDK

Collection of undocumented Windows API declarations.

BlackLotus UEFI Windows Bootkit

Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.

It's React, but in Python

Source of VMProtect (NOT OFFICIALLY)

A dynamic unpacking tool

Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address

Obfuscates all RTTI (Run-time type information) inside a binary

Hook system calls on Windows by using Kaspersky's hypervisor

Utilizes a kernel driver for hooking steams overlay than manual mapping our dll to the games memory. Has a bunch of features like esp and such.