A quick port of lwIP running on top of BareMetal.

Determine if the WebClient Service (WebDAV) is running on a remote system

Fuzz and Detect "Use After Free" vulnerability in win32k.sys ( Heap based )

A branch-monitor-based solution for process monitoring.

Examples of using BPF ring buffer APIs

Source-code based coverage for eBPF programs actually running in the Linux kernel

Transform vmlinuz into a fully debuggable vmlinux that can be used with /proc/kcore

Implementation of the SMM rootkit "The Watcher"

It's pointy and it hurts!

Command line tool for scanning streams within office documents plus xor db attack

XNU Rootkit Framework

Driver Initial Reconnaissance Tool

A small unit testing framework for C

Tool to view and create Microsoft shim database files (SDB).

Multi-purpose proof-of-concept tool based on CPU-Z CVE-2017-15303

Freestanding OCaml runtime

Simple example of a Mach-O parser

🐝 BPFBox 📦 Exploring process confinement in eBPF

Kernel Address Space Layout Randomization (KASLR) Recovery Software

Use YARA rules on Time Travel Debugging traces

Enumerate Windows Defender threat families and dump their names according category

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port thi…

Intercept arbitrary functions at run-time, without knowing their typedefs

A JIT compiler for Brainfuck running on x86_64 UEFI

EFI DXE Emulator and Interactive Debugger

Linux Kernel module providing TLS, identity and running WASM

C++

Stealth's 64bit injectso port