Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)

KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch/skci.dll hijack) and PP/PPL manipulation for LSASS memory dumping on modern Windows with HVCI/VBS.

Defeating Windows User Account Control

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.

EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.

This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.

A Windows kernel driver simulating hardware HID mouse and accompanying client application

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Enhanced and security-focused fork of Signal.

🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and usability.

A patch to hide qemu itself, bypass mhyprot,EAC,nProtect / VMProtect,VProtect, Themida, Enigma Protector,Safegine Shielden

kASLR bypass technique on Intel CPUs.

Various techniques used to bypass SMEP in the Windows Kernel.

PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

A feature-rich command-line audio/video downloader

Writing a hypervisor in 1,000 lines.

NativeCompressions is the native binding and high-level API of ZStandard, LZ4 and OpenZL compression library for .NET and Unity.

Rewrite and obfuscate code in compiled binaries

Runtime Hyper-V Hijacking with DDMA

BetterBahn is an open-source project that aims to improve the train travel experience in germany. The current focus is on split-ticketing. However, further functions are planned to follow in the fu…

Modular and extensible library for Virtual Machine Introspection

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

This is a demonstration of how anti-cheats can evolve to gather original disk serials hidden behind RAID0.

A Zygisk module to hide root.

An intel x64/VT-x type 1 hypervisor

patch eft functions to allow for offline matches without battleye running

dynamic binary instrumentation, analysis, and patching framework

Checksec, but for Windows: static detection of security mitigations in executables