Pinned Repositories
adeleg
Active Directory delegation management tool
evtq
Windows eventlog formatting, live fetching and querying utility in C
libiris
libiris is a (work in progress) cross-platform sandboxing library
lsobj
Lists all visible objects in the Windows kernel object namespace, a command-line WinObj
muslkl
A unikernel builder based on MUSL + LKL, designed to run any vanilla application inside an SGX enclave
ntsec
Standalone tool to explore the security model of Windows and its NT kernel. Use it to introspect privilege assignments and access right assignments, enumerate attack surfaces from the point of view of a sandboxed process, etc.
seccomp-analyze
A seccomp BPF filter verifier written in Prolog, to parse, analyze and list system calls and arguments allowed by a given filter.
tpm-otp
A minimal tool that communicates with your TPM during boot, to display a one-time password and prove bootchain integrity.
win32k-mitigation
A test project to try the new win32k.sys system call filtering mitigation in Windows 10
winsddl
Windows Security Descriptor Definition Language (SDDL) parser and formatter
mtth-bfft's Repositories
mtth-bfft/adeleg
Active Directory delegation management tool
mtth-bfft/ntsec
Standalone tool to explore the security model of Windows and its NT kernel. Use it to introspect privilege assignments and access right assignments, enumerate attack surfaces from the point of view of a sandboxed process, etc.
mtth-bfft/evtq
Windows eventlog formatting, live fetching and querying utility in C
mtth-bfft/winsddl
Windows Security Descriptor Definition Language (SDDL) parser and formatter
mtth-bfft/libiris
libiris is a (work in progress) cross-platform sandboxing library
mtth-bfft/win32k-mitigation
A test project to try the new win32k.sys system call filtering mitigation in Windows 10
mtth-bfft/captrace
Lists capabilities used by processes on your system as they are requested, to assist in the task of creating custom hardened profiles for containers and sandboxes.
mtth-bfft/dracut-dropbear-unlock
A minimalist dracut module that allows you to remotely unlock an encrypted root partition during boot.
mtth-bfft/tristitude
A simple process security policy enumerator. This project has been superseded by https://github.com/mtth-bfft/ntsec , which now has the same functionalities and many more :)
mtth-bfft/windows-service
Minimal Windows service boilerplate
mtth-bfft/kblist
Windows Update website crawler to list security updates by version and type (cumulative/non-cumulative)
mtth-bfft/nt-object-types
Toy project to explore the NT kernel's object types and their security access rights
mtth-bfft/seccomp-dump
A small utility to fetch the seccomp BPF filter used by a thread from the kernel, and disassemble/study it
mtth-bfft/windows-service-dll
Minimal Windows service boilerplate packaged as DLL
mtth-bfft/seccomp-analyze
A seccomp BPF filter verifier written in Prolog, to parse, analyze and list system calls and arguments allowed by a given filter.
mtth-bfft/dyndnsmon
Live monitor for failed dynamic DNS updates on Windows Server
mtth-bfft/ipc-benchmarks
Benchmarks for various IPC mechanisms on various OSes
mtth-bfft/repadmin-parser
Minimal Python parser for Microsoft's repadmin replication metadata listings
mtth-bfft/sandboxing-pocs
Various not-for-production proofs of concept around sandboxing
mtth-bfft/authz-sys
Rust FFI bindings for Microsoft's AuthZ API
mtth-bfft/dotfiles
.files, sensible default configuration files and customisations that I use on all my machines
mtth-bfft/impacket
Impacket is a collection of Python classes for working with network protocols.
mtth-bfft/libiris-core
mtth-bfft/libiris-integration-tests
mtth-bfft/libiris-ipc
mtth-bfft/libiris-policy
mtth-bfft/MLA
Multi Layer Archive - A pure rust encrypted and compressed archive file format
mtth-bfft/rust-brotli
Brotli compressor and decompressor written in rust that optionally avoids the stdlib
mtth-bfft/seccomp-sys
low-level bindings to libseccomp
mtth-bfft/tinyxml2
TinyXML2 is a simple, small, efficient, C++ XML parser that can be easily integrated into other programs.