kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x

通つう过System令れい牌ぱい获取UIAccess

A temporary solution of privacy protection window on Win10. The privacy protection window is a window that covers all other windows besides taskbar and start menu.

Command-line tool for ETW tracing on files and real-time events

A portable, simple zip library written in C

Xst Reader is an open source viewer for Microsoft Outlook’s .ost and .pst files, written entirely in C#. To download an executable of the current version, go to the releases tab.

DLL and Injector for dumping UWP applications at run-time to bypass encrypted file system protection.

Bindings for Microsoft WinDBG TTD

The Windows Kernel Programming book samples

WinDivert: Windows Packet Divert

a monitoring windows driver calls kernel api tools

a Windows kernel Pdb parsing and downloading library that running purely in kernel mode without any R3 programs.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Turn off PatchGuard in real time for win7 (7600) ~ later

Mhy Exp (exploit signed driver)

PoC exploiting Aligned Chunk Confusion on Windows kernel Segment Heap

A tool to elevate privilege with Windows Tokens

LoadLibrary for offensive operations

Repo for counting stars and contributing. Press F to pay respect to glorious developers.