Stars
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!
lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
A portable device that can spoof/emulate any magnetic stripe, credit card or hotel card "wirelessly", even on standard magstripe (non-NFC/RFID) readers. It can disable Chip&PIN and predict AMEX car…
Optimized implementation for color-icon-matrix barcodes
Toy scripts for playing with WinDbg JS API
Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using the symbol server.
KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys
manual map unsigned driver over signed memory
Admin to Kernel code execution using the KSecDD driver
GERMY is a Linux Kernel n-day in the N_GSM line discipline
研究和移除各种内核回调,在anti anti cheat的路上越走越远
The stress testing of your PG bypass [old school project]
keep hooked function in IAT remaining in their original module
Automatically exported from code.google.com/p/scdetective
A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
This tool calculates tricky canonical huffman histogram for CVE-2023-4863.
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.