Open-source KVM software

BlackHole is a modern macOS audio loopback driver that allows applications to pass audio to other applications with zero additional latency.

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…

Small and highly portable detection tests based on MITRE's ATT&CK.

Legacy mirror of Darwin Kernel. Replaced by https://github.com/apple-oss-distributions/xnu

Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and th…

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)

A repository for learning various heap exploitation techniques.

Defeating Windows User Account Control

Fast Desktop Switching Device

Linux namespaces and seccomp-bpf sandbox

HAProxy Load Balancer's development branch (mirror of git.haproxy.org)

A Linux version of the Procmon Sysinternals tool

MemProcFS

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

Checkpoint/Restore tool

State-of-the-art native debugging tools

Simple (relatively) things allowing you to dig a bit deeper than usual.

eBPF implementation that runs on top of Windows

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

A Linux version of the ProcDump Sysinternals tool

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digi…

MachOView fork

Windows Internals Book 7th edition Tools

Hiding kernel-driver for x86/x64.

Source code of a multiple series of tutorials about the hypervisor. Available at: https://rayanfam.com/tutorials

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.