Bootkit sample for firmware attack

Disable PatchGuard and Driver Signature Enforcement at boot time

Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023]

Quickly find differences and similarities in disassembled code

Use YARA rules on Time Travel Debugging traces

Time Travel Debugging IDA plugin

Dear ImGui: Bloat-free Graphical User interface for C++ with minimal dependencies

Detection in the form of Yara, Snort and ClamAV signatures.

Useful scripts for WinDbg using the debugger data model

Cross-platform Rust rewrite of the GNU coreutils

Ceph is a distributed object, block, and file storage platform

An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.

Graphical remote desktop solution

Cross-platform tool that allows browsing and extracting C and C++ type declarations from PDB files.

Explore how Unix-like OS (Linux, BSD, macOS...) modify MACB timestamps and check against POSIX (non-)compliance

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

An implementation of the NTFS filesystem in a Rust crate, usable from firmware level up to user-mode.

Multi Layer Archive – A pure Rust archive format with encryption, compression, digital signatures, and post-quantum cryptography

C++11 library that provides several new or lesser-known containers, like flat_map/set, small_map/set, static_map/set, small_vector, static_vector, and many more.

Compiles JSON into static constexpr C++ data structures with nlohmann::json API

Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

Forensics artefact collection tool for systems running Microsoft Windows

Kaitai Struct: compiler to translate .ksy => .cpp / .cs / .dot / .go / .java / .js / .lua / .nim / .php / .pm / .py / .rb / .rs

Super timeline all the things

Rapidly Search and Hunt through Windows Forensic Artefacts

Dumper for Windows SuperFetch files (Ag*.db)

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

Simple (relatively) things allowing you to dig a bit deeper than usual.