An attempt to port David Beazley's PLY to RPython, and give it a cooler API.

Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.

An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE & PG to map the unsigned driver.

Independent hikari

Dump content of PDB files (program databases) in JSON, XML, SQLite3, CSV etc.

a tool used to analyze and monitor in named pipes

Reverse engineering winapi function loadlibrary.

Show all mapped memory in a process

Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.

Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar

Uses ghidra to find all ETW write metadata for each API in a PE file

Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com

Signature maker plugin for IDA 8.x and 9.x

LLVM Obfuscation Pass

RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows

C++ Extended Template Library

Win32 API Experimental(or Extension) features

PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.

A language service built atop Clang

Sample WinDbg extension

Microsoft Windows DLL Export Browser (Enumerate Exports, COM Methods and Properties) with Advanced Search Features.

DLLHSC - DLL Hijack SCanner a tool to assist with the discovery of suitable candidates for DLL Hijacking

x64 Registration-Free In-Process COM Automation Server.

DLL Hijacking Detection Tool

PoC kernel to usermode injection

A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.

Translate virtual addresses to physical addresses from usermode.