Terminal music player with Soulseek integration, MusicBrainz tagging, Last.fm scrobbling, and radio mode. Built with Go and Bubble Tea.

Proxy system that routes traffic through Cloudflare Workers for IP rotation and anonymity

NTS Radio downloader and metadata parser

EDR-Redir : a tool used to redirect the EDR's folder to another location.

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

Inject custom scripts/plugins into the Deezer Desktop Application

Hooking KPRCB IdlePreselect function to gain execution inside PID 0.

ntoskrnl .data hooks for UM-KM communication

Now You See Me, Now You Don't

Yet Another Sig Scanner

A library to develop kernel level Windows payloads for post HVCI era

Original C Implementation of the Hell's Gate VX Technique

xigmapper is a driver manual mapper that loads your driver before Vanguard, but after critical system infrastructure has been set up, allowing you to write your bypass without worrying about the in…

A somewhat wide collection of various kernelmode-usermode communication methods in one repository (mainly just for learning purposes).

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

X64 RPM/WPM driver

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow with very detailed explanation.

The FLARE team's open-source tool to identify capabilities in executable files.

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities

poc for CVE-2024-38063 (RCE in tcpip.sys)

Process Injection using Thread Name

pySigma SentinelOne PowerQuery backend

Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.