Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Scripts to build a trimmed-down Windows 11 image.

Symbol Recovery Tool for Nuitka Binaries

The multi-platform memory acquisition tool.

Static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.

Collection of Volatility3 symbols, generated against Linux and macOS kernels.

Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)

Symbolic Execution Over Processor Traces

A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts

Shiva is a programmable dynamic linker for loading ELF microprograms

A cross-platform detour library written in Rust

PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

Events from all manifest-based and mof-based ETW providers across Windows 10 versions

Tunnel TCP connections through a file

Galah: An LLM-powered web honeypot. Wasting attackers' time with faker-than-ever HTTP responses!

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

The Linux Kernel Module Programming Guide (updated for 5.0+ kernels)

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files

JSON Web Token implementation in Python

firecracker-containerd enables containerd to manage containers as Firecracker microVMs

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

Go compiler for small places. Microcontrollers, WebAssembly (WASM/WASI), and command-line tools. Based on LLVM.

The interactive graphing library for Python ✨ This project now includes Plotly Express!

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

Deobfuscation via optimization with usage of LLVM IR and parsing assembly.

Browse emulated browsers connected to old web sites in your browser!

Lock, Stock, and Two Smoking MicroVMs. Create and manage the lifecycle of MicroVMs backed by containerd.

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

This project aims at simplifying Windows API import recovery on arbitrary memory dumps