Leaked Mirai Source Code for Research/IoC Development Purposes

Windows Commando VM Packer

PWN

A structured explanation of CVE-2026-31431 (Copy Fail), connecting the three kernel changes that introduced the vulnerability and enabled its exploitation.

This repository will contain all code developed for the Corelan Exploit Development Tutorials (YouTube Collab).

Read and Write process memory with this ioctl driver base. This is great for free cheats and learning kernel.

The samples referenced in my book, Evasive Malware (No starch Press)

Slides and materials for the workshop "Reversing a (not-so-) Simple Rust Loader" at Ringzer0 COUNTERMEASURE 2025.

Beginner, advanced, expert level Rust training material

Collection of block cipher algorithms written in pure Rust

A collection of malware families and malware samples which use the Rust programming language.

A comprehensive guide and practical implementation of Message Queues (MsgQ) as an Inter-process Communication (IPC) technique.This repository walks through the creation, utilization, and management…

Collection of Windows Privilege Escalation (Analyse/PoC/Exploit)

Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

Slides for Reverse Engineering 101 in 20 minutes as presented at Pancakes Con

PoC kernel to usermode injection

Shellcode injection using the Windows Debugging API

Learn how to create Rubber Ducky-style USB implants with the Digispark Attiny85. Step-by-step setup, payload development and troubleshooting.

Starter pack for learning how to develop Kernel-Mode rootkits: basic proof-of-concepts, development environment configuration, and step-by-step resources to begin coding low-level rootkit component…

An ESXI image in docker

🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.

ESXi Advanced and Kernel Settings

Windows KASLR bypass using prefetch side-channel

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

Defensive Linux rootkit via LD_PRELOAD library call interception. Focused on stealthy, non-disruptive monitoring of attacker behavior.

Reverse Engineering and Malware Analysis Roadmap

CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 - LPE(Windows 11) winning bug.

Disable PatchGuard and Driver Signature Enforcement at boot time