The Kernel Vulnerability Capabilities (KVC) framework provides advanced Windows security research tools with ring-0 kernel access. Designed for legitimate penetration testing and security research,…

Defeating Windows User Account Control

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.

EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.

This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.

A Windows kernel driver simulating hardware HID mouse and accompanying client application

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Enhanced and security-focused fork of Signal.

🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and usability.

A patch to hide qemu itself, bypass mhyprot,EAC,nProtect / VMProtect,VProtect, Themida, Enigma Protector,Safegine Shielden

kASLR bypass technique on Intel CPUs.

Various techniques used to bypass SMEP in the Windows Kernel.

PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

A feature-rich command-line audio/video downloader

Writing a hypervisor in 1,000 lines.

NativeCompressions is the native binding and high-level API of ZStandard, LZ4 and OpenZL compression library for .NET and Unity.

Rewrite and obfuscate code in compiled binaries

Runtime Hyper-V Hijacking with DDMA

Modular and extensible library for Virtual Machine Introspection

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

This is a demonstration of how anti-cheats can evolve to gather original disk serials hidden behind RAID0.

A Zygisk module to hide root.

An intel x64/VT-x type 1 hypervisor

patch eft functions to allow for offline matches without battleye running

dynamic binary instrumentation, analysis, and patching framework

Checksec, but for Windows: static detection of security mitigations in executables

A Rust crate for creating and managing system call filters, providing a safe and ergonomic interface for controlling access to system resources at the kernel level.