๐ zero-fucks-given infosec research | info: ๐ keybase.io/d_olex
s6_pcie_microblaze. PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
876ThinkPwn. Started as arbitrary System Management Mode code execution exploit for Lenovo ThinkPad model line, ended as exploit for industry-wide 0day vulnerability in machines of many vendors
707SmmBackdoor. First open source and publicly available System Management Mode backdoor for UEFI based platforms. Good as general purpose playground for various SMM experiments.
626MicroBackdoor. Small and convenient C2 tool for Windows targets
615KernelForge. A library to develop kernel level Windows payloads for post HVCI era
517openreil. Open source library that implements translator and tools for REIL (Reverse Engineering Intermediate Language)
511WindowsRegistryRootkit. Kernel rootkit, that lives inside the Windows registry values data
507SmmBackdoorNg. Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks
374fwexpl. PC firmware exploitation tool and library
262PeiBackdoor. PEI stage backdoor for UEFI compatible firmware
229ioctlfuzzer. Automatically exported from code.google.com/p/ioctlfuzzer
175UEFI_boot_script_expl. CHIPSEC module that exploits UEFI boot script table vulnerability
138pico_dma. Autonomous pre-boot DMA attack hardware implant for M.2 slot based on PicoEVB development board
103DrvHide-PoC. Hidden kernel mode code execution for bypassing modern anti-rootkits.
84smram_parse. System Management RAM analysis tool
83PTBypass-PoC. Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.
80IDA-VMware-GDB. Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub
79Aptiocalypsis. Arbitrary SMM code execution exploit for industry-wide 0day vulnerability in AMI Aptio based firmwares
78qc_debug_monitor. Debug messages monitor for Qualcomm cellular modems
75zc_pcie_dma. DMA attacks over PCI Express based on Xilinx Zynq-7000 series SoC
73Code-coverage-analysis-tools. Code coverage analysis tools for the PIN Toolkit
60secretnet_expl. LPE exploits for Secret Net and Secret Net Studio
54MsFontsFuzz. OpenType font file format fuzzer for Windows
53DbgCb. Engine for communication with remote kernel debugger (KD, WinDbg) from drivers and applications
37SimpleUnpacker. Simple tool for unpacking packed/protected malware executables.
32prl_guest_to_host. Guest to host VM escape exploit for Parallels Desktop
28IDA-UbiGraph. IDA Pro plug-in and tools for displaying 3D graphs of procedures using UbiGraph
25efiXplorer. IDA plugin for UEFI firmware analysis and reverse engineering automation
15r0ak. r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems
11vmlinux-to-elf. A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
5capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml)
5blog. Stuff for blog.cr4.sh website
5masscan. TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
5PowerShell-Suite. My musings with PowerShell
3portage. Portage Package Manager - this is just a mirror, see https://wiki.gentoo.org/wiki/Project:Portage#Contributing_to_Portage
2chipsec. Platform Security Assessment Framework
2