A small library to modify all page-table levels of all processes from user space for x86_64 and ARMv8.

Browse Page Tables on Windows (Page Table Viewer)

RpcView is a free tool to explore and decompile Microsoft RPC interfaces

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

EDK II

A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container

Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)

WNF Utilities 4 Newbies (WNFUN)

Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.

PDB file inspection tool

Python scripts for reverse engineering.

Research on Windows Kernel Executive Callback Objects

FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints.

Simple x86-64 VT-x Hypervisor with EPT Hooking

Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

Customizable Linux Persistence Tool for Security Research and Detection Engineering.

A Linux Auditd rule set mapped to MITRE's Attack Framework

Transform Linux Audit logs for SIEM usage

Guest services for eryph

Virtual Trust Level (VTL 1) secure call tracing

Windows 11 24H2-25H2 Runtime PatchGuard Bypass

Demonstrate calling a kernel function and handle process creation callback against HVCI

A simple hypervisor demonstrating the use of the Intel VT-rp (redirect protection) technology.

SSDE is a collection of utilities that help in having Windows load your custom signed kernel drivers when Secure Boot is on and you own the system's platform key, instead of using test mode.

Monitoring and controlling kernel API calls with stealth hook using EPT

Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls

MemProcFS

NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other mean…

Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unauthorized modifications to the Windows kernel. The analysis is…