bsoddreams
Follow
Starred repositories
A bare minimum hypervisor on AMD and Intel processors for learners.
Live Variable Analysis with Haskell
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
Project template for single-window GUI apps using Dear ImGui
Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book
Static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
out-of-tree llvm obfuscation pass plugin (dynamically loadable by rustc). || rust toolchain with obfuscation llvm pass.
A command line utility to display dependency tree of the installed Python packages
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com
Reimplementation of Microsoft's Warbird obuscator
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding.
Pure Python parser for Windows Event Log files (.evtx)
Deobfuscation of Semi-Linear Mixed Boolean-Arithmetic Expressions
C and C++ compiler frontend using PASTA to parse code, and VAST to represent the code as MLIR.
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
aiDAPal is an IDA Pro plugin that uses a locally running LLM that has been fine-tuned for Hex-Rays pseudocode to assist with code analysis.
Extracted Yara rules from Windows Defender mpavbase and mpasbase
An llvm pretty printer inspired by the haskell llvm binding