An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!

lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.

A portable device that can spoof/emulate any magnetic stripe, credit card or hotel card "wirelessly", even on standard magstripe (non-NFC/RFID) readers. It can disable Chip&PIN and predict AMEX car…

PatchGuard Research

a tui-style discord theme

Optimized implementation for color-icon-matrix barcodes

Toy scripts for playing with WinDbg JS API

Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using the symbol server.

KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys

manual map unsigned driver over signed memory

Admin to Kernel code execution using the KSecDD driver

GERMY is a Linux Kernel n-day in the N_GSM line discipline

研究和移除各种内核回调,在anti anti cheat的路上越走越远

The stress testing of your PG bypass [old school project]

Analyze PatchGuard

A new method to bypass Patch Guard

keep hooked function in IAT remaining in their original module

Automatically exported from code.google.com/p/scdetective

A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy

Wi-Fi deauthenticator written in python3

Invisible network protocol sniffer

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

This tool calculates tricky canonical huffman histogram for CVE-2023-4863.

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

Spoof Windows Test Signing Mode