Low-level software engineer with strong expertise in Assembly, C, and C++, specializing in kernel-mode development, and system-level programming.
kvc. KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulation for LSASS memory dumping on modern Windows with HVCI/VBS.
294KernelResearchKit. Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by surgically patching SeCiCallbacks via native subsystem. Includes anti-loop protection and dual-path architecture. Windows 11 25H2 driver signature enforcement bypass
245BootBypass. Advanced native-mode utility for bypassing DSE and HVCI. Implements smart SeCiCallbacks patching and independent management of Memory Integrity settings. Operating as a subsystem:native app, it ensures early-phase control and environment preparation for security research and driver development.
58Watermark_Remover. Windows watermark remover using IAT hooking and COM CLSID proxy injection. Patches shell32.dll via TrustedInstaller to intercept ExtTextOutW, LoadStringW, DrawTextWithGlow and more (removes evaluation, test-mode and activation strings). Pure MASM x64 (no CRT), ~30 KB. Reversible.
49CmdT. The world's smallest TrustedInstaller launcher ~30KB of pure x64/x86 assembly. Hybrid CLI/GUI in one binary. Full NT privilege elevation (34 privileges), token caching, .lnk resolution via COM, drag-and-drop with UIPI bypass. Zero CRT dependency.
44WinDefCtl. Command-line utility to completely halt, disable, and neutralize Windows Defender and Tamper Protection. Bypasses forced UAC and GUI requirements in Windows 11 (supports 26H1). Features invisible execution and automatic privilege handling. Essential tool for sysadmins and security researchers.
43Chess. Lightweight chess engine written in modern C++20 with pure WinAPI. No dependencies, runs even in Windows Recovery Environment.
39WSAPatch. Fix for Windows Subsystem for Android crashing within seconds of launch on Windows 11 26H1 and 25H2. Patches WsaClient.exe to bypass a broken AppUriHandler API call. Works with WSABuilds by MustardChef. Assembly x64 - pure WinAPI, no dependencies.
31KvcForensic. Windows/Linux LSA credential extractor for lsass.dmp minidumps. Targets Windows 11 24H2/25H2/26H1 and Windows Server 2025. Pure Win32, no DbgHelp, no dependencies. Extracts MSV, WDigest, Kerberos, CredMan, DPAPI. AES-CFB128 and 3DES-CBC decryption via BCrypt
30FileRecoveryTool. Professional file recovery tool for Windows. Recovers deleted files from NTFS/FAT32/exFAT via MFT scanning, USN Journal analysis & file carving. Pure Win32 API + Modern C++. Zero dependencies. Ultra-lightweight native binary. Multi-threaded architecture with responsive GUI. Direct disk access for maximum performance.
25kvcKiller. Advanced AV/EDR Killer: Specialized Antivirus & Windows Defender killer for security professionals. Utilizes kernel-level IOCTLs for process termination and IFEO registry techniques to prevent service recovery. Offers deterministic x64 builds, SCM-based restoration, and a modern Win32 UI. Built for researching process protection and EDR bypasses
22Tetris. A lightweight, high-performance Tetris implementation in pure MASM Assembly for Windows 11. Features 7-bag randomizer, GDI double-buffering, registry-based persistence, and zero external dependencies. Final binary: <20 KB. Demonstrates low-level Win32 API programming with optimized memory management and direct OS integration.
15minesweeper. Pure C WinAPI Minesweeper — vector GDI rendering, no bitmap resources. 1-byte bitmasked grid, BFS flood-fill, O(1) victory detection. ~33 KB binary
15VaultGuard. Folder & file protection via kernel FSFilter minifilter - pure x64 MASM assembly, zero CRT, ~ 60 KB. Hide, lock, set read-only or block execution at kernel level. Windows 11 GUI with Dark Mode + Mica, fully scriptable CLI, drag & drop with .lnk resolution, per-process trusted bypass. No installer, no runtime dependencies.
15KeyboardKit. Windows Kernel-Mode Keylogger - Educational rootkit driver intercepting keyboard IRPs for UDP logging. Demonstrates stealth persistence, privilege escalation & IRP hooking for offensive security research and defensive analysis.
14sftp. Total Commander SFTP/SCP/PHP/LAN plugin. Transfers files on restricted servers via shell fallback (cat/dd/base64), PHP Agent (HTTP, HMAC-SHA256 PSK-authenticated), LAN Pair (Win-to-Win), native PPK v2/v3, Jump Host, when no standard SFTP/SCP access. On Windows, allows copying, modifying, and managing protected files that require TI privileges.
14notepad. High-performance Notepad clone written in pure Assembly (MASM) for Windows 11. Bypasses C Runtime (CRT) to interact directly with Win32 API. Features x64/x86 support, manual memory management, and low-level message loops. A perfect reference for systems programmers exploring the PE format and bare-metal Windows development.
13KernelLeaker. Defeats Windows x64 KASLR via cache timing side-channels using prefetch instruction analysis. Achieves 100% success on Intel i7-9750H through statistical noise filtering and microarchitectural timing signatures. Educational research tool demonstrating MMU timing leakage - Intel/AMD vendor-specific implementations included.
8regedit. Regedit Commander — native Win32 registry editor (C/C++, x64) with dual-pane keyboard-first workflow, TrustedInstaller-aware access, hive-level backup/restore via RegReplaceKey, Find All with regex, live key monitor, diff compare, and undo/redo. Pre-release build.
5KittyPasswordDecryptor. KiTTY password decryptor for Windows. Decrypts nbcrypt/bcrypt base64 passwords from KiTTY session files. Win32 GUI with dark mode and MICA backdrop, CLI mode, CSV/JSON export, recursive Sessions folder scan. C++23, x64/x86, static CRT, no VC++ Redistributable.
5CVE-2026-31431. CVE-2026-31431 is a bug in the handling of scatter-gather I/O operations and page cache references in the Linux kernel cryptographic subsystem — specifically in the AF_ALG socket implementation for AEAD algorithms (crypto/af_alg.c, crypto/aead.c).
5ForceIO. ForceIO: Standalone no-CRT C tool for minifilter-bypass file operations (delete/move/copy) on Windows 11. Routes kernel I/O below WdFilter.sys via WHCP-signed IObitUnlocker.sys. Atomic ephemeral SCM sessions, FDI/LZX in-memory decompression from application icon, build-time PE overlay checksum bypass. Full RE writeup with source and binaries
5UnderVolter. Native UEFI/EFI utility for Intel CPU power management (2nd-15th Gen). Direct MSR/MMIO access for undervolting, power limits, and V/F curves. Features built-in NVRAM patching (CFG/OC Lock) for Plundervolt research and Secure Boot SelfEnroll with embedded root CA. Bare-metal, self-contained, and driven by UnderVolter.ini. No OS required.
4kpc. Project moved to github.com/wesmar/kvc - KVC Framework
1