Windows paravirtualized drivers for QEMU\KVM

Writing & Making Operating System and Kernel parts so simple like Hello World Programs, Starting from writing Bootloaders, Hello World Kernel, GDT, IDT, Terminal, Keyboard/Mouse, Memory Manager, HDD ATA R/W, VGA/VESA Graphics

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

Linux kernel driver for Wacom devices

kernel mode anti cheat

protector & obfuscator & code virtualizer

C++ STL in the Windows Kernel with C++ Exception Support

The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracker but has several enhancements. It supports 64-bit versions of Windows (no inline hooks are used, only moodifications to driver object structures are performed) and monitors IRP, FastIo, AddDevice, DriverUnload…

Simple Intel CPU processor tracing on Linux

DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers

RedSails is a Python based post-exploitation project aimed at bypassing host based security monitoring and logging. DerbyCon 2017 Talk: https://www.youtube.com/watch?v=Ul8uPvlOsug

CMake module for building drivers with Windows Development Kit (WDK)

C/C++ Runtime library for system file (Windows Kernel Driver) - Supports Microsoft STL

Windows x64 kernel mode rootkit process hollowing POC.

Tutorial & a blog post that demonstrate how to code a Windows driver to inject a custom DLL into all running processes. I coded it from start to finish using C++ and x86/x64 Assembly language in Microsoft Visual Studio. The solution includes a kernel driver project, a DLL project and a C++ test console project.

Windows Kernel Driver Development in C# with Windows Driver Kit (WDK)

Some usefull info when reverse engineering Kernel Mode Anti-Cheat

DragonBurn is one of the best CS2 kernel mode read only external cheats. It has ton of features, full customization and offsets auto update. Undetected by all anti-cheats except faceit.

A mutation based user mode (ring3) dumb in-memory Windows Kernel (IOCTL) Fuzzer/Logger. This script attach it self to any given process and hooks DeviceIoControl!Kernel32 API and try to log or fuzz all I/O Control code I/O Buffer pointer, I/O buffer length that process sends to any Kernel driver.

Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.