FastAPI Best Practices and Conventions we used at our startup

Simple (relatively) things allowing you to dig a bit deeper than usual.

GraphFuzz is an experimental framework for building structure-aware, library API fuzzers.

QASan is a custom QEMU 3.1.1 that detects memory errors in the guest using AddressSanitizer.

Tools for fuzzing RDP

A Collection of Chrome Sandbox Escape POCs/Exploits for learning

IDApython Scripts for Analyzing Golang Binaries

A Coverage Explorer for Reverse Engineers

Push-button installer of macOS Catalina, Mojave, and High Sierra guests in Virtualbox on x86 CPUs for Windows, Linux, and macOS

The exploit generator CRAX++ is CRAX with a plugin system, s2e 2.0 upgrade, dynamic ROP, code selection, and I/O states (HITCON 2022)

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring.

fuzzing + concolic = fuzzolic :)

Linux kernel module implementation & exploitation (pwn) labs.

A Trace Explorer for Reverse Engineers

CTF solve scripts. Some writeups on my blog, others on my gist. Check the challenge directories for links.

kernel-pwn and writeup collection

Project for learning V8 internals

Source code and exploits for some 35c3ctf challenges.

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

Kernel Fuzzer for Xen Project (KF/x) - Hypervisor-based fuzzing using Xen VM forking, VMI & AFL

Super Fast Concolic Execution Engine based on Source Code Taint Tracing

The best tool for finding one gadget RCE in libc.so.6

A True Instrumentable Binary Emulation Framework

Tools to set up a quick macOS VM in QEMU, accelerated by KVM.

Repo for storing CTF related stuff (Writeups, etc.)

A framework provides an interface to monitor and control fuzzers

A self-hosted Fuzzing-As-A-Service platform