Lists (21)
Sort Name ascending (A-Z)
app_download
clang/llvm
compiler
cve-poc
edr/bypass
fuzzing
gsm
gsm/lte
IDA-Plugins
kernel
libraries
malware/rootkit
notes
Obfuscation
PatchDiff
red-team
SecToolDev
Tools
virt
VulDriver
winternals
Stars
An attempt to port David Beazley's PLY to RPython, and give it a cooler API.
Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.
An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE & PG to map the unsigned driver.
Dump content of PDB files (program databases) in JSON, XML, SQLite3, CSV etc.
a tool used to analyze and monitor in named pipes
Reverse engineering winapi function loadlibrary.
Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.
Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
Uses ghidra to find all ETW write metadata for each API in a PE file
Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com
RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows
PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.
A language service built atop Clang
Microsoft Windows DLL Export Browser (Enumerate Exports, COM Methods and Properties) with Advanced Search Features.
DLLHSC - DLL Hijack SCanner a tool to assist with the discovery of suitable candidates for DLL Hijacking
x64 Registration-Free In-Process COM Automation Server.
A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.
Translate virtual addresses to physical addresses from usermode.