09/2021 reversal of EasyAntiCheat driver

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Saving _xeroxz‘PTM

Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.

Virtual and physical memory hacking library using gigabyte vulnerable driver

My documentation for Rust game

A bunch of certificates from the Hacking Team leak

Scrape GrayHat Warefare for leaked code signing certificates. Outputs certificate hashes to crack with JtR

Process Hollowing (Malware Technique)

manual map unsigned driver over signed memory

Reversing EasyAntiCheat.

Use RTCore64 to map your driver on windows 11.

Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

A very simple C++ library for download pdb, get rva of function, global variable and offset from struct.

Kernel Driver Utility

PoC EFI runtime driver for memory r/w & kdmapper fork

Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.

usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to p…

x64 Dynamic Reverse Engineering Toolkit