xsh3llsh0ck

RE, Win Kernel, UEFI (DXE/PEI/SMM), Vüln Researcher.

Positive Technologies Svalbard

Pinned Repositories

Avast-Reverse-Engineering
Pseudocodes of various Avast antivirus files are collected here. (DLL, SYS)! Abandoned collaboration with @colby57
Language:C++1 0 00
Calamity
Example of using Windows Platform Binary Table (WPBT)
Language:C15 1 03
Deadwing
SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.
Language:C76 3 010
KernelBeep
HalMakeBeep
Language:C1 3 12
MilkBox
Tool to dump EFI runtime drivers.
Language:C35 3 04
MiniMemoryDumper
A small program written in C + WinAPI that allows you to dump processes via PID.
Language:C3 2 03
PicoHook
Small driver that uses alternative syscalls feature (the project is still under development).
Language:C15 1 01
recycle-bin-themes
Silly icons for the Windows Recycle Bin
Language:PowerShell1 0 00
ResilienceKit
Another UEFI runtime bootkit
Language:C28 3 06
smm
alternative smm driver for ryzen motherboards
Language:C1 0 00

xsh3llsh0ck's Repositories

xsh3llsh0ck/Deadwing
SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.
Language:C7710
xsh3llsh0ck/xsh3llsh0ck
11
xsh3llsh0ck/PicoHook
Small driver that uses alternative syscalls feature (the project is still under development).
Language:C151
xsh3llsh0ck/MilkBox
Tool to dump EFI runtime drivers.
Language:C354
xsh3llsh0ck/smm
alternative smm driver for ryzen motherboards
1
xsh3llsh0ck/Calamity
Example of using Windows Platform Binary Table (WPBT)
Language:C153
xsh3llsh0ck/ResilienceKit
Another UEFI runtime bootkit
Language:C286
xsh3llsh0ck/Avast-Reverse-Engineering
Pseudocodes of various Avast antivirus files are collected here. (DLL, SYS)! Abandoned collaboration with @colby57
1
xsh3llsh0ck/TheSleeper
Custom analog of Sleep function from WinAPI.
Language:C11
xsh3llsh0ck/winrev
Some reverse-engineered things from windows internals
Language:C13
xsh3llsh0ck/minhook
The Minimalistic x86/x64 API Hooking Library for Windows
xsh3llsh0ck/MiniMemoryDumper
A small program written in C + WinAPI that allows you to dump processes via PID.
Language:C33
xsh3llsh0ck/KernelBeep
HalMakeBeep
Language:C12
xsh3llsh0ck/recycle-bin-themes
Silly icons for the Windows Recycle Bin
1
xsh3llsh0ck/AFLplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
xsh3llsh0ck/DummyDevice
Language:C2
xsh3llsh0ck/core_analyzer
A power tool to debug memory-related issues

xsh3llsh0ck

Pinned Repositories

Avast-Reverse-Engineering

Calamity

Deadwing

KernelBeep

MilkBox

MiniMemoryDumper

PicoHook

recycle-bin-themes

ResilienceKit

smm

xsh3llsh0ck's Repositories

xsh3llsh0ck/Deadwing

xsh3llsh0ck/xsh3llsh0ck

xsh3llsh0ck/PicoHook

xsh3llsh0ck/MilkBox

xsh3llsh0ck/smm

xsh3llsh0ck/Calamity

xsh3llsh0ck/ResilienceKit

xsh3llsh0ck/Avast-Reverse-Engineering

xsh3llsh0ck/TheSleeper

xsh3llsh0ck/winrev

xsh3llsh0ck/minhook

xsh3llsh0ck/MiniMemoryDumper

xsh3llsh0ck/KernelBeep

xsh3llsh0ck/recycle-bin-themes

xsh3llsh0ck/AFLplusplus

xsh3llsh0ck/DummyDevice

xsh3llsh0ck/core_analyzer