Macro-header for compile-time C obfuscation (tcc, win x86/x64)

✅ No need to run ✅ Pyarmor 8.0 - latest 9.1.1 ✅ Universal ✅ Statically convert obfuscated scripts to disassembly and (experimentally) source code.

Flutter Mobile Application Reverse Engineering Tool

An in-game UI for exploring, debugging and modifying IL2CPP and Mono Unity games.

Different aproaches to detecting EPT hooks

eBPF implementation that runs on top of Windows

🪅 Windows User Space Emulator

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Vmware Hardened VM detection mitigation loader (anti anti-vm)

State-of-the-art native debugging tools

Hook system calls, context switches, page faults and more.

A C++ header-only HTTP/HTTPS server and client library

Makes IDA (most versions) to crash upon opening it.

Fix VMProtect Import Protection

VMP 3.X decrypt iat

MemProcFS

Fix VMProtect3 IAT

Fast and lightweight x86/x86-64 disassembler and code generation library

VMProtect 2.x-3.x x64 Import Deobfuscator

Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.

A Python Package For Reverse Engineering.

A deobfuscator for PyArmor.

WFP Traffic Redirection Driver is used to redirect NIC traffic on network layer and framing layer, based on Windows Filtering Platform (WFP).

.NET deobfuscator and unpacker.

The Windows Kernel Programming book samples

a Windows kernel Pdb parsing and downloading library that running purely in kernel mode without any R3 programs.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Communicate between user-mode and kernel-mode through a swapped QWORD pointer argument.

Kernel-Mode extended version of https://github.com/microsoft/Detours