Cap'n Proto serialization/RPC system - Python bindings

HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion

Debugger Anti-Detection Benchmark

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…

A driver that hooks C: volume using symbolic link callback to track all FS access to the volume

A Bochs-based instrumentation performing kernel memory taint tracking to detect disclosure of uninitialized memory to ring 3

weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.

Defeating Windows User Account Control

Old mitigation-bounty code that was applicable to edge before it use webkit/chrome

Chakra Type Confusions - PoCs of Edge's legacy JS engine vulnerabilities that inject code into the JIT process

A tool that is used to hunt vulnerabilities in x64 WDM drivers

State of the art DLL injector that took 20 minutes to make

Run Mixtral-8x7B models in Colab or consumer desktops

ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.

Mimikatz implementation in pure Python

Nidhogg is an all-in-one simple to use windows kernel rootkit.

Signtool for expired certificates

Windows memory hacking library

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments…

Resolve DOS MZ executable symbols at runtime

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 20…

Time Travel Debugging IDA plugin

CaveCarver - PE backdooring tool which utilizes and automates code cave technique

A simple and beautiful text diff viewer component made with Diff and React.

View SQLite file online

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

(⌐■_■) - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.

Interact with your documents using the power of GPT, 100% privately, no data leaks

Resources for Windows exploit development