Simple Kernelmode DLL Injector with Manual mapping

"Bypassing" HVCI via donor PFN swaps to modify read-only code pages. Call chained kernel functions (kCET and SLAT support), modify read-only code pages, and more.

AV/EDR evasion via direct system calls.

PPLReaper is a Windows kernel driver + userland companion tool designed to inspect and manipulate Protected Process Light (PPL) attributes at runtime.

Creation of multiple Malware tools consisting of evasion, enumeration and exploitation

x64 Windows kernel driver mapper, inject unsigned driver using anycall

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months …

A small tool for rapid enumeration of CPUID, and MSR fields.

Modular Shellcode Loader in C++

A backup program for disk arrays. It stores parity information of your data and it recovers from up to six disk failures

Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)

Visual Studio Code icon pack – no fuss, distinguishable icons for programmers with tired eyes.

SeRestorePrivilege to SYSTEM

A re-implementation of the RenderWare Graphics engine

NuDB: A fast key/value insert-only database for SSD drives in C++11

A mapper that maps shellcode into loaded large page drivers

A Kernel Driver that can be used for a cheat or malware base to circumvent common cache & structure table checks. PsLoadedModuleList however requires a PG Bypass on (Some) Machines > 22H2 Win10, No…

Communicate between user-mode and kernel-mode through a swapped QWORD pointer argument.

AdaptixC2 is a highly modular advanced redteam toolkit

RunPE implementation with multiple evasive techniques (1)

Lightweight and Simple 3D Open Source Physics Engine in C++

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Some simple code to learn about how to access the Windows network stack using polling and \Device\Afd

A Runtime Crypter in C for Linux ELF binaries.

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

malloc / free replacement for unmanaged, linear memory situations (e.g. WASM, embedded devices...)

PoC kernel to usermode injection

From 2011: Quickly search for files in NTFS volumes parsing the Master File Table (MFT). A decent amount of how NTFS and MFT work was painstakingly reverse-engineered since it's undocumented.

Fast and minimalist 3D viewer.

A double-to-string conversion algorithm based on Schubfach and yy