Stars
x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
PolyEngine is an evasive PE packer designed for CTF challenges and low-level Windows security education. It focuses on bypassing EDR and AV heuristics through a layered stack of in-memory execution…
Windows kernel hacking framework, driver template, hypervisor and API written on C++
Windows kernel driver demonstrating kernel-to-usermode communication via shared memory sections
usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to p…
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox
A complete computer science study plan to become a software engineer.
Automatic Exploit Generation with LLMs
LummaC2 extracted binaries by reversing & LummaC2 Stealer Analysis
This is a repo of my previous BEKernelDriver but updated to add better protections and a more detailed setup. also with a good bit of code cleanup.
Keyauth Loader + Kernel Injector
Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.
Driver loader for bypassing Windows x64 Driver Signature Enforcement
Driver that uses network sockets to communicate with client and read/ write protected process memory.
Malware Configuration And Payload Extraction
Maintained by the ANY.RUN team, this repository provides YARA rules to help detect and classify various malware families and other malicious artifacts.
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.