KPP bypass with alternative syscall pipeline. Contribute to HexilionLabs/AltSys development by creating an account on GitHub.

Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot. - ethereal-vx/Antivirus-Artifacts

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

Dive into how LLMs and pyghidra-mcp accelerate reverse engineering by tracing a UAF vulnerability in CLFS through a patch diff.

Walkthrough of how to embed frida scripts in apps to distribute proper mods. Supports frida 17+.

Okay, so you’ve built your first kernel module, but now you want to make it do something cool - something like altering the behaviour of the running kernel. The way we do this is by function hooking, but the question is - how do we know which functions to…

As cheesy as the title sounds, I promise it cannot beat the cheesiness of the technique I’ll be telling you about in this post. The morning I saw Mark …

This blog explains how attackers use direct syscalls to overcome most EDR solutions, by first discussing the conventional Windows syscall flow and how most EDR solutions monitor those calls.

x64dbg plugin for simple spoofing of CPUID instruction behavior - jonatan1024/CpuidSpoofer

fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing) - ttdennis/fpicker

Deeply technical zine. And it's free.