Ahora57

RaceCondition

sample bypass anti-anti-debug tool by race condition

Unabomber

Improved VMP Idea(detect anti-anti-debug tools by bug)

HypervisorCheckR0

Just check hypervisor in ring0

KernelDebugCheck

VMP_UTIL

PoC over some VMP features

MAJESTY-technologies

Old example driver for application protection

Anti_suspend

Detect suspend you process

BadDBGException

Hide thread from debugger

BadHook

Sample find really syscall number use brute-force and return ntstatus

BSOD

Yea, another bsod from ring3

CRC

CRC secthion

GetKernelBaseEx

Get ntoskrnl base without NTAPI

MyGetProcAddress

Wrapper MmGetSystemRoutineAddress

Baltica-29

VMP anti-anti-vm improved

HyperHide

Hypervisor based anti anti debug plugin for x64dbg

SCP-SL-reverse

Reverse meme AC

Syscall

Get & call syscall(x64 only)

ApiWrapper

Some api wrapper for ring0

crc_help

make a remote duplicate memory

nvidia-overlay-renderer

my own implementation cz yes

papa_woods

Get syscall number by map ntdll

uEmu

Tiny cute emulator plugin for IDA based on unicorn.

Ahora57

autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

flare-floss

FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.

KDU

Kernel Driver Utility

libmhyprot

A static library, wrapper for mhyprot vulnerable driver, execute exploits and tests

reactos

A free Windows-compatible Operating System

restincode

A memorial site for Hackers and Infosec people who have passed

stegcloak

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐