Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

Inject custom scripts into the Deezer Desktop Application

Hooking KPRCB IdlePreselect function to gain execution inside PID 0.

ntoskrnl .data hooks for UM-KM communication

Now You See Me, Now You Don't

Yet Another Sig Scanner

A library to develop kernel level Windows payloads for post HVCI era

Original C Implementation of the Hell's Gate VX Technique

xigmapper is a driver manual mapper that loads your driver before Vanguard, but after critical system infrastructure has been set up, allowing you to write your bypass without worrying about the in…

A somewhat wide collection of various kernelmode-usermode communication methods in one repository (mainly just for learning purposes).

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

X64 RPM/WPM driver

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow with very detailed explanation.

The FLARE team's open-source tool to identify capabilities in executable files.

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities

poc for CVE-2024-38063 (RCE in tcpip.sys)

Process Injection using Thread Name

pySigma SentinelOne PowerQuery backend

Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.

EDR Lab for Experimentation Purposes

Firefox theme with Edge like auto-hide vertical tab bar and minimalism design. Powerd by Sidebery.

There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable an…

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer