A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)

Nixpkgs overlays for PCILeech, MemProcFS, LeechCore

macFUSE umbrella repository

基于Memprocfs和Volatility的可视化内存取证工具

A pice to usb3.0 artix-7 FPGA card with M.2 M-Key interface, support pcileech and riffa and etc...

The RIFFA development repository

pcileech-fpga with wireless card emulation

A library for patching, replacing and decorating .NET and Mono methods during runtime

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.

c-library wrapper around the rust pdb crate

A parser for Microsoft PDB (Program Database) debugging information

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

Super Mario World (SNES) Widescreen Project

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Simple & Stupid Filesystem (Using FUSE)

A library for PCIe Transaction Layer

Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets.

IPC scripts for access to Intel CRBUS

Hyper-V Research is trendy now

A library to read/write memory to Windows on KVM

Builds and parses PCIe Transport Layer Packets (TLPs)

Provides io.ReadWriter interface for a PCIe screamer device

A basic CS:GO ESP utilising DMA and HDMI-Overlay

The sample DXE runtime driver demonstrating how to program DMA remapping.

Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSigners

A fast, hackable and simple x64 VT-x hypervisor for Windows and Linux. Builtin userspace sandbox and introspection engine.

barq: The AWS Cloud Post Exploitation framework!

Registry hive parsing the async way