llvm powered deobfuscation of a vm-based protection

Use GitHub Actions to build BinDiff 8 and BinExport 12 for various IDA Pro 9.x on Windows, macOS, and Linux.

x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform

Evasion by machine code de-optimization.

Learnings about windows Internals

Windows Lua binaries with LuaRocks and some external dependencies

Lua binary module to Access Microsoft(R) Windows(R) Registry

LuaRocks is the package manager for the Lua programming language.

Model Context Protocol for WinDBG

Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)

Document intricacies of using WinDBG to aid Rust project development

AV/EDR Lab environment setup references to help in Malware development

Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.

Some notes about my Windows Kernel journey

Red Team Kernel Module

Weaponizing Gigabyte driver for priv escalation and bypass PPL

The blue-merle package enhances anonymity and reduces forensic traceability of the GL-E750 Mudi 4G mobile wi-fi router

Lua scripting plugin for IDA Pro - automate reverse engineering and interact with IDA's SDK through Lua scripts

BYOVD: Use 360 ​​WFP driver to block EDR/XDR network connection.

Structor is a Hex-Rays plugin that synthesizes C structures from raw pointer arithmetic.

A beautiful, idiomatic and less frustrating IDA C++ SDK.

Advanced PoC & Research for CVE-2026-0828 (Safetica) and CVE-2025-7771 (ThrottleStop). Analysis of BYOVD (Bring Your Own Vulnerable Driver) TTPs for Ring 0 process termination and physical memory R…

Bypass User Account Control by manipulating tokens

Call 32bit NtDLL API directly from WoW64 Layer

CIL (MSIL) Disassembler Written In Pure C/C++. Rewrite from Mono Project

Fuzzing tutorial with easy-to-learn labs 🚀

Basic utilities for executing, reading and writing 64-bit data in a 32-bit WoW64 process