Android 14 kernel exploit for Pixel7/8 Pro

AV/EDR evasion via direct system calls.

State-of-the-art native debugging tools

Lift machine code to performant LLVM IR

Code deobfuscation framework to simplify Mixed Boolean-Arithmetic (MBA) expressions

C++17 PE manualmapper

x64 manualmapper with kernel elevation and thread hijacking capabilities

Resources of the "Dissecting mobile native code packers. A case study." Zimperium's blogpost.

Windows tool for dumping malware PE files from memory back to disk for analysis.

Python snippets for Ghidra's Program and Decompiler APIs

The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by Windows 10 Redstone 5 (1809), through a set of libraries and …

Ghidra RE scripts

Build a database of libc offsets to simplify exploitation