hrbust86

HookMsrBySVM

hook msr by amd svm

SvmNest

a frame of amd-v svm nest

awesome-windows-kernel-security-development

hidden

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

Kernel-Bridge

Windows kernel hacking framework, driver template, hypervisor and API written on C++

processhacker

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

al-khaser

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

AlleyWind

An advanced Win32-based and open-sourced utility that helps you to manage system's windows

ClangOnWindows

Source code for my blog post:

crc

crc16/crc32/crc64

DdiMon

Monitoring and controlling kernel API calls with stealth hook using EPT

EfiGuard

Disable PatchGuard and DSE at boot time

file-windows

File and Libmagic build with Visual Studio

haxm

Intel® Hardware Accelerated Execution Manager (Intel® HAXM)

HEU_KMS_Activator

kHypervisor

kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x

mimikatz

A little tool to play with Windows security

obfuscator

Obfuscator-LLVM

Based on LLVM 6.0 with Ollvm & Armariris

passthrough-minifilter-driver

Windows mini-filter-driver. Blocks the access to USB drives.

SimpleSvmHook

SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.

Syscall-Monitor

Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+

test

test

VirtualKD-Redux

VirtualKD-Redux - A revival and modernization of VirtualKD

vs-obfuscation

LLVM Obfuscator / constexpr / PEB CALL API

wmi-static-spoofer

Spoofing the Windows 10 HDD/diskdrive serialnumber from kernel without hooking