SMDA is a minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps.

Decompiler, deminifier and deobfuscator for Bun-compiled standalone JavaScript binaries

Charles Proxy MCP server with live capture and structured traffic analysis

Playstation 2 Static Recompiler & Runtime Tool to make native PC ports

Shellcode Compiler

Next-generation JavaScript analysis tooling

A tool for ROP gadget extraction and mutation in bulk across multiple PE binaries, powered by rp++ through librp.

A reverse-engineering agent for IDA Pro and Binary Ninja

A talk about finding your own path to vulnerability research and your first CVE.

Technical blog posts on low-level software research, focusing on anti-cheat systems and game security. Topics include reverse engineering, kernel-level analysis, memory manipulation, and other deep…

OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agent…

Network monitoring tool that maps process-to-network connections, identifies cloud providers, and detects beaconing activity. Zero-flag agent binary for deployment, aggregation server, offline ASN …

Training neural networks on Apple Neural Engine via reverse-engineered private APIs

Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL privilege

Browser automation CLI for AI agents

Headless Binary Ninja MCP server — giving AI agents deep reverse-engineering capabilities via 180 tools.

Scan signatures and netvars. Dumps header files, cheat tables and ReClass files.

This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness

Real-time global intelligence dashboard — AI-powered news aggregation, geopolitical monitoring, and infrastructure tracking in a unified situational awareness interface

Implementation of KlezVirus' silent moonwalk approach for payloads

Binary lifter and deobfuscator using remill for x86_64 Windows binaries

Compiled .NET 8 PowerShell deobfuscation sandbox — hosts the PS engine to intercept malware execution

Run a 1-billion parameter LLM on a $10 board with 256MB RAM

Overview of MS Defender

Windows Error Reporting ALPC Elevation of Privilege (CVE-2026-20817) - Proof-of-Concept exploit demonstrating local privilege escalation via WER service.

NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other mean…

A PE dumper for processes protected by user mode anti-tamper solutions (hyperion, theia, etc.)

A dnSpy extension to aid reversing of obfuscated assemblies

A cross-platform C++ framework for building Windows shellcode