The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by Windows 10 Redstone 5 (1809), through a set of libraries and …

Reference implementation of the TCG Trusted Platform Module 2.0 specification.

zer0m0n driver for cuckoo sandbox

Research on Windows Kernel Executive Callback Objects

Network Testing Tools for testing the Linux network stack

A stateless, high-performance NAT-like proxy that attaches to the XDP hook in the Linux kernel using (e)BPF for fast packet processing. This proxy forwards packets based on configurable rules and p…

The libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)

Minimal RarVM Toolchain

Minimal but useful Lua bindings to the Windows API

An example driver for Windows that shows how to set-up some basic components of the Windows Filtering Platform

Exploitation of process killer drivers

A turn-based co-petetive multiplayer game

CVE-2024-30090 - LPE PoC

1DS C++ SDK

Enumerate Windows Defender threat families and dump their names according category

The Windows Research Kernel v1.2 contains the sources for the core of the Windows (NTOS) kernel and a build environment for a kernel that will run on x86 (Windows Server 2003 Service Pack 1) and AM…

Protects deletion of files with a specified extension using a kernel-mode driver.

Practical P-Code examples

This is a simple driver with x64 inline assembly

Partially emulated HACK PC from primitive logic gates (in C)

proof-of-concept example of using eBPF to Monitor for eBPF Map tampering

Windows OS Internals Curriculum Resource Kit ACADEMIC

sandbox demo

eBPF experiments

windows kernel research. there are some notes or comments of the wrk source.