Main DroneEngage Unit Component

Hercules Anti-Cheat | Homemade Usermode and Kernelmode Anti-Cheat

awesome llvm security [Welcome to PR]

Windows Kernel-Mode Keylogger - Educational rootkit driver intercepting keyboard IRPs for UDP logging. Demonstrates stealth persistence, privilege escalation & IRP hooking for offensive security re…

Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by surgically patching SeCiCallbacks via native subsystem. Inclu…

Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.

A Windows Kernel Driver Emulator base on Unicorn, Kernel Memory Dump and some of native environment

Windows Anti-Rootkit Tool

Collect Windows telemetry for Maldev

An experimental i386 CPU emulator designed to explore how a processor fetches, decodes, and executes instructions in real mode.

Dynamic shellcode loader with sophisticated evasion capabilities

Windows 11 24H2 Runtime PatchGuard Bypass

手动上传官网的VMwareWorkstation安装包

USTA is a C++ project that implements a lightweight mechanism for hooking critical syscalls in user space

This is an advanced Windows loader framework designed for stealthy code injection, anti-analysis, and evasion. It combines direct system call invocation, API hashing, anti-analysis techniques, and …

Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when attackers disable standard process notify callbacks.

硬件序列管理者

A simple emulator for Windows designed for reverse engineering, testing binary files, and execution logging.

LLVM Pass Plugin for obfuscating imported/resolved functions using `GetProcAddress` (x64)

Inject unsigned DLL into Protected Process Light (PPL)

（communication detected）a kernel driver for game cheater. includes read&write memory / key&mouse simulator / kernel DWM render / process hider / kernel remote call / force delete file / remote thre…

Kairos is a next-generation, red-team-oriented Windows kernel defense neutralization framework. It combines traditional runtime patching with UEFI persistence, hypervisor-level surveillance, and Se…

A Windows library for doing things you probably shouldn’t be doing with processes, tokens, and system calls.

Hooking KPRCB IdlePreselect function to gain execution inside PID 0.

EncryptIAT

Reports on Driver, LSASS and other security services mitigations