WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API

Guest lecture about modern DRM analysis at Ruhr-Universität Bochum.

SimpleVisor is a simple, portable, Intel VT-x hypervisor with two specific goals: using the least amount of assembly code (10 lines), and having the smallest amount of VMX-related code to support d…

Hypervisor with EPT hooking support.

📱 objection - runtime mobile exploration

Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!

Known attacks on Elliptic Curve Cryptography

Low-latency machine code generation

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

Mixed Boolean Arithmetic Simplification using E-Graphs

Windows Dependencies

64-bit, position-independent implant template for Windows in Rust.

A modern C++ scope guard that is easy to use but hard to misuse.

A collection of links related to Linux kernel security and exploitation

🪅 Windows User Space Emulator

The Ultimate Information Gathering Toolkit

Dex to Java decompiler

A Dynamic Binary Instrumentation framework based on LLVM.

MBA deobfuscator via Program Synthesis and Term Rewriting

VMProtect 2.x-3.x x64 Import Deobfuscator

Titan is a VMProtect devirtualizer

After IDA Pro: Things to do after installing IDA Pro

aiDAPal is an IDA Pro plugin that uses a locally running LLM that has been fine-tuned for Hex-Rays pseudocode to assist with code analysis.

Python bindings for LLVM auto-generated from the LLVM-C API

Private exe protector

R.I.P. 😔

Efficient general mixed boolean-arithmetic (MBA) simplifier

Deobfuscation of Semi-Linear Mixed Boolean-Arithmetic Expressions

STOKE: A stochastic superoptimizer and program synthesizer

Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com