Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities) to load a unsigned driver

React Native VM (Hermes Bytecode Library) in C

Simple template for using Remill on Windows/Linux/macos.

LLVM based static binary analysis framework

A pure Python HTML5 parser that just works. No C extensions to compile. No system dependencies to install. No complex API to learn.

Deobfuscation via optimization with usage of LLVM IR and parsing assembly.

Linux Kernel Rookit Hooking Mechanism

Code proving a 25-year blind spot in all disassemblers. PoC for Intel x64/x86 “ghost instructions.”

Android Ptrace Inject for all ABIs and all APIs. Help you inject Shared Library on Android.

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering.

Workshop on firmware reverse engineering

Inject a shared library into a process using ptrace

An IDA Pro plugin that display cross-references to functions or variables across the entire binary in Hex-Rays pseudocode

Build-Your-Own Ransomware: Python demo implementation (vibe coded)

FastVM TinyCC (TCC) Mirror for Cuik's tb2c backend

IDA 9.0 plugin for decrypting strings encrypted by garble.

A x86_64 software emulator

xAnalyzer plugin for x64dbg

A Zygisk module to hide root.

ZMQ and Messagepack Powered Remote Automation Plugin for x64dbg

x86 virtualization abstraction framework

HardwareID Spoofer using kernelmode

Learn AI and LLMs from scratch using free resources

A minimal LLM chat app that runs entirely in your browser