Highlights
- Pro
Stars
Windows Research Kernel Source Code
Kernel mode WinDbg extension and PoCs for token privilege investigation.
Source code for the DEF CON 30 CTF Qualifiers.
Unofficial Common Log File System (CLFS) Documentation
A collection of links related to VMware escape exploits
An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.
Hex-Rays Decompiler plugin for better code navigation
Hexrays Toolbox - Find code patterns within the Hexrays ctree
A library to develop kernel level Windows payloads for post HVCI era
A blazing fast™ multithreaded ROP Gadget finder. ropper / ropgadget alternative (currently x86 only)
Knowledge base of exploit mitigations available across numerous operating systems, architectures and applications and versions.
🗃 Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more...
bata24 / gef
Forked from hugsy/gefGEF - GDB Enhanced Features for exploit devs & reversers
ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
eBPF implementation that runs on top of Windows
A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques
Security Research from the Microsoft Security Response Center (MSRC)
A little WinDbg extension to help dump the state of Win32k Type Isolation structures.
Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android
Driver demonstrating how to register a DPC to asynchronously wait on an object
pwn++ is a Windows & Linux library oriented for exploit dev but mostly used to play with modern C++ features
A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)