A single CLAUDE.md file to improve Claude Code behavior, derived from Andrej Karpathy's observations on LLM coding pitfalls.

PowerShell implementation for AD CS

15-stage Windows malware development & analysis course in Rust. Red team builds it, blue team detects it. All 15 binaries achieved 0/76 on VirusTotal.

A practical DFIR-focused cheatsheet for identifying, collecting, triaging, and reviewing macOS persistence mechanisms, with acquisition-aware guidance for disk artifacts, live state, required privi…

DPI bypass tool - eBPF on Linux, TUN on macOS/Windows.

Make beautiful isometric infrastructure diagrams

Zorya: Automated Concolic Execution Engine optimized for Go Binaries analysis, using Ghidra's P-Code as IR, and written in Rust.

vLLM Metal plugin powered by mlx-swift — high-performance LLM inference on Apple Silicon

Open WebUI Desktop 🌐

OpenRefine is a free, open source power tool for working with messy data and improving it

A modern syscall tracer built on eBPF. Think strace, but with a real TUI, smart filters, TLS decryption, and output that's actually readable.

Multiplatform MEMORY.DMP analysis tool with a WinDbg flavor

AI analyzer for Hayabusa results.

⚡ Native MLX Swift LLM inference server for Apple Silicon. OpenAI-compatible API, SSD streaming for 100B+ MoE models, TurboQuant KV cache compression, MACOS + iOS iPhone app.

WinDbg x64 extension that disassembles live functions and uses an LLM to produce verified pseudocode.

DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.

Free, open-source macOS cleaner. CleanMyMac alternative with zero telemetry. Native SwiftUI, scheduled auto-cleaning, Xcode/Homebrew/system cache cleanup. MIT licensed.

A programmable MITM proxy that intercepts HTTP/HTTPS traffic so you don't have to guess what your app is doing. Forward & reverse modes, TLS interception, TUI, terminal, and web GUI.

Docker Crash Course: How to containerize your favorite security tools

A little tool to play with Windows security

Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR solutions and Kernel-level monitors like Falco (eBPF). It l…

linux, kernel, rootkit, educational, cybersecurity

Lossless DFlash speculative decoding for MLX on Apple Silicon

simple POC of a linux kernel module posing as a rootkit to stealthly hook its syscalls

Exact speculative decoding on Apple Silicon, powered by MLX.

Abusing Some Defects in KSLD Ark driver