Windows rootkit designed to work with BYOVD exploits

protector & obfuscator & code virtualizer

The Windows Driver Kit C Runtime derivative intended for the Windows user mode and UEFI applications

Develop UEFI applications using EDK II inside Visual Studio

🪅 Windows User Space Emulator

An IDA plugin that eases reversing of binaries that have been code-size-optimized with function outlining

This repository contains an IDA processor for loading and disassembling compiled yara rules.

IDA plugin that allows connecting to third party Lumina servers

Windows Internals Study Notes.

A branch-monitor-based solution for process monitoring.

A collection of LLVM transform and analysis passes to write shellcode in regular C

Deterministic debugging for windows

A simple lexical analyzer built using ANTLR and C++. This project reads an input file, tokenizes its contents using a lexer generated by ANTLR, and outputs the tokens to a specified output file. Le…

Wyrm is a GCC GIMPLE to LLVM IR transpiler

DelphiHelper is a python IDA Pro plugin aiming to help the analysis of x86/x86_64 binaries written in Delphi programming language.

An LR grammar automata generator (yet to be completed)

Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999

A Kernel Driver that can be used for a cheat or malware base to circumvent common cache & structure table checks. PsLoadedModuleList however requires a PG Bypass on (Some) Machines > 22H2 Win10, No…

An x86-64 code virtualizer for VM based obfuscation

My toy llvm pass

An emulation based tool for learning and debugging assembly.

Component Object Model fuzzing

C++ python bytecode disassembler and decompiler

!exploitable Crash Analyzer - MSEC Debugger Extensions

llvm pass demos by using new pas manager