Pinned Repositories
bobalkkagi
Themida 3.x unpacking, unwrapping and devirtualization(future)
drvmap
driver mapper / capcom wrapper
EagleVM
WIP Native code virtualizer for x64 binaries
evil-mhyprot-cli
A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.
execution-trace-viewer
Tool for viewing and analyzing execution traces
gdrv-loader
Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities) to load a unsigned driver
HyperHide
Hypervisor based anti anti debug plugin for x64dbg
injdrv
proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
KsDumper
Dumping processes using the power of kernel space !
schnabel0776's Repositories
schnabel0776/bobalkkagi
Themida 3.x unpacking, unwrapping and devirtualization(future)
schnabel0776/drvmap
driver mapper / capcom wrapper
schnabel0776/EagleVM
WIP Native code virtualizer for x64 binaries
schnabel0776/evil-mhyprot-cli
A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.
schnabel0776/execution-trace-viewer
Tool for viewing and analyzing execution traces
schnabel0776/gdrv-loader
Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities) to load a unsigned driver
schnabel0776/HyperHide
Hypervisor based anti anti debug plugin for x64dbg
schnabel0776/injdrv
proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
schnabel0776/KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
schnabel0776/KsDumper
Dumping processes using the power of kernel space !
schnabel0776/NVDrv
Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
schnabel0776/PongoOS
pongoOS
schnabel0776/pyc2bytecode
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
schnabel0776/qiling
Qiling Advanced Binary Emulation Framework
schnabel0776/titan
Titan is a VMProtect devirtualizer
schnabel0776/VirtualKD-Redux
VirtualKD-Redux - A revival and modernization of VirtualKD
schnabel0776/vmp_runner
A general solution to simulate execution of virtualized instructions (vmprotect/themida, etc.).
schnabel0776/vmpdump
A dynamic VMP dumper and import fixer, powered by VTIL.
schnabel0776/VMProtect-devirtualization
Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.
schnabel0776/VMUnprotect
VMUnprotect can dynamically log and manipulate calls from virtualized methods by VMProtect.
schnabel0776/VMUnprotect.Dumper
VMUnprotect.Dumper can dynamically untamper VMProtected Assembly.
schnabel0776/volatility3
Volatility 3.0 development
schnabel0776/x64dbg_TraceExecLoggerPlugin
x64dbg plugin to log executions
schnabel0776/x86-Code-Virtualizer
x86 Binary Code Virtualization Tool