Deobfuscation via optimization with usage of LLVM IR and parsing assembly.

Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book

Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com

IDA plugin for UEFI firmware analysis and reverse engineering automation

Hyper-V Research is trendy now

Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity

Admin to Kernel code execution using the KSecDD driver

Hyper-V Research is trendy now

Tools for interacting with authentication packages using their individual message protocols

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

This project aims to facilitate the conversion of Visual Studio to CMake projects.

State-of-the-art native debugging tool

Useful scripts for WinDbg using the debugger data model

Experimental Windows x64 Kernel Rootkit.

PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.

A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls

kubernetes rootkit

Windows inside a Docker container.

Easy encrypt/decrypt data with TPM

Kernel Address Space Layout Derandomization (KASLD) - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing K…

call gates as stable comunication channel for NT x86 and Linux x86_64

[WIP] A forked version of LLVM that prioritizes MSVC compatibility. This version is tailored for Windows users.

Simple x86/x64 Assembler/Disassembler/Emulator

Portable Executable reversing tool with a friendly GUI

Proof of concept code for the Spectre CPU exploit.

LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.