微信好友关系一键检测，基于微信ipad协议，看看有没有朋友偷偷删掉或者拉黑你

the LLM vulnerability scanner

PUBG External physx dynamic model

This is an EfiGuard BootLoader that can boot EfiGuard from Usermode with no USB or Setup as a Single Executable with automatic File Dumping using Bytes.

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

🪝 Different aproaches to detecting EPT hooks

The first Computer Emergency Response Tools (CERT) for young people ;) 　　　　　　　　　　　　　　　　　　　　　　年轻人的第一款应急响应工具 ；）

a zeekctl plugin that helps configure MALLOC_CONF for profiling

🪅 Windows User Space Emulator

在线检测您是否在使用 Clash

Capture frames of any game using OBS.

reverse engineering of bedaisy.sys (battleyes kernel driver) - Aki2k/BEDaisy

C++17 PE manualmapper

Monitor and profiler powered by eBPF to monitor network traffic, and diagnose CPU and network performance.

Gathers system and per process statistics

my first hypervisor.

The universal proxy platform

mimalloc is a compact general purpose allocator with excellent performance.

Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!

The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.

A C compiler targeting an artistically pleasing nightmare for reverse engineers

VMUnprotect.Dumper can dynamically untamper VMProtected Assembly.

process-watcher is a Go language library for observing the life cycle of system processes.

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

Library for lifting machine code to LLVM bitcode

Lift machine code to performant LLVM IR

Deobfuscation via optimization with usage of LLVM IR and parsing assembly.

A wireshark plugin to instrument ETW

Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar