A binary-compatible unikernel

ddi - Dynamic Dalvik Instrumentation Toolkit

CVE-2022-0185

zer0m0n driver for cuckoo sandbox

Lua in kernel-mode because why not.

rVMI - A New Paradigm For Full System Analysis

Cisco Talos MBR Filter Driver

linux elf injector for x86 x86_64 arm arm64

OffensivePH - use old Process Hacker driver to bypass several user-mode access controls

A guide for emulating macOS arm64e on an x86-based host.

These are highly unstable, buggy, incomplete plugins that are not included with Process Hacker by default.

Driver Module Framework

Set of Dynamic Binary Instrumentation and visualization tools for execution traces.

BSD socket API on steroids

a virtual black hole file system that behaves like /dev/null

OpenSGX

Manticore is a research operating system, written in Rust.

Simple easy to use C and python debugging framework for OSX

A simple auditing utility for macOS

A secure application sandbox built with modern Linux sandboxing features - no longer actively developed, but still works fine, use bubblewrap if you need more functionality

PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

libsinsp, libscap, the kernel module driver, and the eBPF driver sources

The Linux port of the Sysinternals Sysmon tool.

minimal freestanding C library for bare-metal i386 development

The ultimate hooking library

Go packages built on go-tpm providing a high-level API for using TPMs

Document ETW providers

Recon 2015 Presentation from Alex Ionescu

Falcon LLM ggml framework with CPU and GPU support

monitor macOS for malicious activity