A little tool to play with Windows security

A tiny immediate-mode UI library

Fast and lightweight x86/x86-64 disassembler and code generation library

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

Compiler for the C3 language

State-of-the-art native debugging tools

Memory Debugger for Windows, Linux, Mac, and Android

BlackLotus UEFI Windows Bootkit

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Windows Object Explorer 64-bit

proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC

Access without a real handle

Literally, the perfect injector.

Minimalistic VT-x hypervisor with hooks

The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support

Internals information about Hyper-V

Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

Evade sysmon and windows event logging

UEFI bootkit for driver manual mapping

kernel mode anti cheat

Executes PowerShell from an unmanaged process

The Definitive Guide To Process Cloning on Windows

Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)

Ferris Sweep ZMK Configuration

A simple program to hook the current process to identify the manual syscall executions on windows

Lightweight type-1 hypervisor offering a foundation for building advanced security-focused functionality.

Windows inline hooking tool.

Document ETW providers

PEI stage backdoor for UEFI compatible firmware