Collection of hypervisor detections

Tonutils is a high-level object-oriented library for Python designed to facilitate interactions with the TON blockchain.

User interface for recording and managing ETW traces

GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows)

SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.

Windows KASLR bypass using prefetch side-channel

Kernel ReClassEx

Windows kernel hacking framework, driver template, hypervisor and API written on C++

PoC Anti-Rootkit/Anti-Cheat Driver.

Unreal source explained, based on profilers.

This repository delves into the Enhanced Anti-Cheat (EAC) system, examining both the paid EAC and the free EOC versions. It offers comprehensive code resources and the EAC Software Development Kit …

UEFI shim loader

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

Reversing EasyAntiCheat.

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings

nmi stackwalking + module verification

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

etw hook (syscall/infinity hook) compatible with the latest Windows version of PG

Small driver that uses alternative syscalls feature (the project is still under development).

IDA Plugin to automatically identify and set enums for standard functions

IDApython Scripts for Analyzing Golang Binaries

ELF file viewer/editor for Windows, Linux and MacOS.

Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities