Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).

ETW version of PAINT (Process Attribution In Network Traffic)

The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.

A Bochs-based instrumentation project designed to log kernel memory references, to identify "double fetches" and other OS vulnerabilities

Automated Adversary Emulation Platform

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team p…

Quarkslab Bindiffer but not only !

Platform that enables Windows driver development in Rust. Developed by Surface.

Useful scripts for WinDbg using the debugger data model

A library to develop kernel level Windows payloads for post HVCI era

Reverse engineering software using a full system simulator

The FLARE team's open-source extension to add Python 3 scripting to Ghidra.

PoCs and tools for investigation of Windows process execution techniques

Pyhidra is a Python library that provides direct access to the Ghidra API within a native CPython interpreter using jpype.

A Windows kernel dump C++ parser library with Python 3 bindings.

Client for PPP+TLS VPN tunnel services

DEFCON 27 workshop - Modern Debugging with WinDbg Preview

https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/

A lightweight dynamic instrumentation library

A tabbed UI for Microsoft's Hyper-V

Static Binary Instrumentation tool for Windows x64 executables

Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows

Collection of various malicious functionality to aid in malware development

IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).

Ghidra Headless Python VScode Skeleton with Devcontainer Super Powers

Windows kernel and user mode emulation.

Generation of diagrams like flowcharts or sequence diagrams from text in a similar manner as markdown

Source code of a multiple series of tutorials about the hypervisor. Available at: https://rayanfam.com/tutorials