Windows Analysis and Research Toolkit

A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory.

A Proof-of-Concept (POC) demonstration of Windows token impersonation techniques for educational and security research purposes.

MAC address spoofer using NSI completion routine hooking

Thread priority based throttling system thats budget-based

Minimalist was a spoofing driver using a Registry Callback inspired by me

.data ptr swapper for newer win32k versions. (Supports Windows 11)

Abusing AsusBiosIoDrv64.sys to gain kernel and process physical/virtual memory access.

A cross-platform library of very useful functions and classes

Shellcode injection using the Windows Debugging API

Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in user-mode.

Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing executed inside a controlled safety-net environment.

Non HVCI Block listed - Microsoft signed driver exploited to kill AV/EDR's processes

Main DroneEngage Unit Component

PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.

Hercules Anti-Cheat | Homemade Usermode and Kernelmode Anti-Cheat

awesome llvm security [Welcome to PR]

Windows Kernel-Mode Keylogger - Educational rootkit driver intercepting keyboard IRPs for UDP logging. Demonstrates stealth persistence, privilege escalation & IRP hooking for offensive security re…

Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by surgically patching SeCiCallbacks via native subsystem. Inclu…

Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.

A Windows Kernel Driver Emulator base on Unicorn, Kernel Memory Dump and some of native environment

Windows Anti-Rootkit Tool

Collect Windows telemetry for Maldev

An experimental i386 CPU emulator designed to explore how a processor fetches, decodes, and executes instructions in real mode.

A simple UM + KM example of how to bypass EAC CR3

Dynamic shellcode loader with sophisticated evasion capabilities

Windows 11 24H2 Runtime PatchGuard Bypass

A custom tool to unpack VMProtect-obfuscated executables and restore the original binary