Demonstrates that NvAPI_D3D11_WksReadScanout (undocumented, interface 0xBCB1C536) can read the GPU scanout buffer directly, bypassing any overlay or render-target protection that anti-cheat softwar…

WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API

A library to manipulate physical memory from usermode.

An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume threads

different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

Convert 32-bit x86 programs to 64-bit x86-64 on macOS.

Windows Kernel inject (no module no thread)

Whole-Program Reverse Engineering with GPT-3

driver manual mapper powered by https://github.com/estimated1337/lenovo_exec

Call stack spoofing for Rust

The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.

Windows Kernel Driver Development in C# with Windows Driver Kit (WDK)

DiaryJournal.Net is an open source and free desktop and laptop software from Tushar Jain for all kinds of writers, book and story writing, educational, notes keeping, journal and diary. for latest …

Alternative Shellcode Execution Via Callbacks

Collection of remote authentication triggers in C#

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, and Online KMS activation methods, along with advanced troubleshooting.

Play lunar lander in you windows file copy dialog

Samples for the article "Interception and modifying TCP connections from kernel on Windows and Linux systems"

Tiny driver patch to allow kernel callbacks to work on Win10 21h1

Parsing gigabytes of JSON per second : used by Facebook/Meta Velox, the Node.js runtime, ClickHouse, WatermelonDB, Apache Doris, Milvus, StarRocks

A small POC to make defender useless by removing its token privileges and lowering the token integrity

Simple EFI runtime driver that hooks GetVariable function and returns data expected by Windows to make it think that it's running with secure boot enabled (faking secure boot)

C# Kernel Mode Driver example using NativeAOT

A mini x86-64 assembler.

x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration