Obfuscator-llvm Control Flow Flattening Deobfuscator

A Node.js module for decrypting and encrypting Akamai v3 sensor data.

QDrant docker-compose deployment with basic auth/nginx proxy

UEFI shim loader

Native API header files for the System Informer project.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

The Minimal LZMA (minlzma) project aims to provide a minimalistic, cross-platform, highly commented, standards-compliant C library (minlzlib) for decompressing LZMA2-encapsulated compressed data in…

CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.

A simple rootkit to hide a process

Process Doppelgänging

An evil RAT (Remote Administration Tool) for macOS / OS X.

Stealth DLL injector

A General Purpose DLL & Code Injection Utility

Devestating and awesome Linux X86_64 ELF Virus

Code injection by hijacking threads in Windows 32-bit applications

Walking the callstack in windows applications

VMProtect 3.x Anti-debug Method Improved

Avoidz tool to bypass most A.V softwares

Windows API tracer for malware (oldname: unitracer)

AMD64 PE Emulator in Python.

Library to load a DLL from memory.

Abusing SpeedFan driver ability of physical memory manipulation

This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemory.

Ghetto user mode emulation of Windows kernel drivers.

A C/C++ implementation of Microsoft's Antimalware Scan Interface

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

Demos of various injection techniques found in malware