Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub / tandasat 77 Repositories

Engineer and trainer

tandasat/barevisor

A bare minimum hypervisor on AMD and Intel processors for learners.

Language: Rust - Size: 11.3 MB - Last synced at: 3 days ago - Pushed at: 2 months ago - Stars: 260 - Forks: 13

tandasat/tandasat.github.io

Language: HTML - Size: 24.3 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 19 - Forks: 1

tandasat/HyperPlatform

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

Language: C++ - Size: 7.62 MB - Last synced at: 4 days ago - Pushed at: over 1 year ago - Stars: 1,605 - Forks: 421

tandasat/SimpleSvm

A minimalistic educational hypervisor for Windows on AMD processors.

Language: C++ - Size: 117 KB - Last synced at: 14 days ago - Pushed at: about 2 months ago - Stars: 393 - Forks: 63

tandasat/DdiMon

Monitoring and controlling kernel API calls with stealth hook using EPT

Language: C++ - Size: 4.62 MB - Last synced at: 13 days ago - Pushed at: over 3 years ago - Stars: 1,233 - Forks: 334

tandasat/PgResarch

PatchGuard Research

Language: C++ - Size: 979 KB - Last synced at: 16 days ago - Pushed at: over 6 years ago - Stars: 298 - Forks: 113

tandasat/HelloSmm

This is an instruction to run your own SMM code.

Language: C - Size: 1.21 MB - Last synced at: 17 days ago - Pushed at: about 4 years ago - Stars: 102 - Forks: 6

tandasat/SimpleSvmHook

SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.

Language: C++ - Size: 438 KB - Last synced at: 18 days ago - Pushed at: about 4 years ago - Stars: 379 - Forks: 74

tandasat/DotNetHooking

Sample use cases of the .NET native code hooking technique

Language: C# - Size: 1.43 MB - Last synced at: 18 days ago - Pushed at: about 7 years ago - Stars: 210 - Forks: 53

tandasat/Hypervisor-101-in-Rust

The materials of "Hypervisor 101 in Rust", a one-day long course, to quickly learn hardware-assisted virtualization technology and its application for high-performance fuzzing on Intel/AMD processors.

Language: Rust - Size: 15.6 MB - Last synced at: 19 days ago - Pushed at: 7 months ago - Stars: 1,039 - Forks: 72

tandasat/MiniVisorPkg

The research UEFI hypervisor that supports booting an operating system.

Language: C - Size: 6.08 MB - Last synced at: 21 days ago - Pushed at: 8 months ago - Stars: 597 - Forks: 88

tandasat/Hello-VT-rp

A simple hypervisor demonstrating the use of the Intel VT-rp (redirect protection) technology.

Language: Rust - Size: 15.9 MB - Last synced at: 17 days ago - Pushed at: about 1 year ago - Stars: 104 - Forks: 10

tandasat/blog

Language: Ruby - Size: 2.96 MB - Last synced at: 23 days ago - Pushed at: 23 days ago - Stars: 4 - Forks: 1

tandasat/WPBT-Builder

The simple UEFI application to create a Windows Platform Binary Table (WPBT) from the UEFI shell.

Language: C - Size: 2.75 MB - Last synced at: 17 days ago - Pushed at: over 3 years ago - Stars: 108 - Forks: 22

tandasat/HelloAmdHvPkg

HelloAmdHvPkg is a type-1 research hypervisor for AMD processors.

Language: C - Size: 52.7 KB - Last synced at: 17 days ago - Pushed at: almost 5 years ago - Stars: 89 - Forks: 22

tandasat/recon2024_demo

Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No test signing mode is required.

Language: C++ - Size: 1.59 MB - Last synced at: 6 days ago - Pushed at: 10 months ago - Stars: 16 - Forks: 4

tandasat/meow

nyā

Language: C++ - Size: 1.56 MB - Last synced at: 17 days ago - Pushed at: over 9 years ago - Stars: 72 - Forks: 19

tandasat/RemoteWriteMonitor

A tool to help malware analysts tell that the sample is injecting code into other process.

Language: C++ - Size: 262 KB - Last synced at: 17 days ago - Pushed at: over 9 years ago - Stars: 77 - Forks: 41

tandasat/CVE-2023-36427

Report and exploit of CVE-2023-36427

Language: C++ - Size: 14.6 KB - Last synced at: 17 days ago - Pushed at: over 1 year ago - Stars: 91 - Forks: 17

tandasat/SmmExploit

The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.

Size: 568 KB - Last synced at: about 1 month ago - Pushed at: about 4 years ago - Stars: 138 - Forks: 25

tandasat/DeviceOpener

A command line tool to check if a specified device is accessible.

Language: C++ - Size: 277 KB - Last synced at: 17 days ago - Pushed at: about 11 years ago - Stars: 11 - Forks: 6

tandasat/CheckSDL

A tool evaluates security configurations of a given PE based on SDL without source code

Language: C++ - Size: 305 KB - Last synced at: 17 days ago - Pushed at: almost 11 years ago - Stars: 14 - Forks: 9

tandasat/Scavenger

A minifilter driver preserves all modified and deleted files.

Language: C - Size: 246 KB - Last synced at: 17 days ago - Pushed at: almost 10 years ago - Stars: 81 - Forks: 34

tandasat/cs_driver

A sample project for using Capstone from a driver in Visual Studio 2015

Language: C - Size: 162 KB - Last synced at: 17 days ago - Pushed at: almost 9 years ago - Stars: 34 - Forks: 19

tandasat/CVE-2014-0816

CVE-2014-0816

Language: C++ - Size: 712 KB - Last synced at: 17 days ago - Pushed at: over 8 years ago - Stars: 25 - Forks: 11

tandasat/DebugLogger

A software driver that lets you log kernel-mode debug output into a file on Windows.

Language: C++ - Size: 217 KB - Last synced at: 17 days ago - Pushed at: almost 7 years ago - Stars: 102 - Forks: 31

tandasat/CVE-2022-25949

A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.

Language: C++ - Size: 9.77 KB - Last synced at: 17 days ago - Pushed at: about 3 years ago - Stars: 38 - Forks: 11

tandasat/ExploitCapcom

This is a standalone exploit for a vulnerable feature in Capcom.sys

Language: C++ - Size: 131 KB - Last synced at: 19 days ago - Pushed at: over 2 years ago - Stars: 297 - Forks: 95

tandasat/GuardMon

Hypervisor based tool for monitoring system register accesses.

Language: C++ - Size: 109 KB - Last synced at: 17 days ago - Pushed at: over 6 years ago - Stars: 143 - Forks: 71

tandasat/UEFI-BIOS-Security

Security Camp 2021 & GCC 2022

Size: 6.14 MB - Last synced at: 15 days ago - Pushed at: almost 3 years ago - Stars: 110 - Forks: 14

tandasat/WinIoCtlDecoder

IDA Plugin which decodes Windows Device I/O control code into DeviceType, FunctionCode, AccessType and MethodType.

Language: Python - Size: 63.5 KB - Last synced at: 17 days ago - Pushed at: over 1 year ago - Stars: 108 - Forks: 27

tandasat/kraft_dinner

Tool to dump UEFI runtime drivers implementing runtime services for Windows

Language: C - Size: 241 KB - Last synced at: 17 days ago - Pushed at: over 4 years ago - Stars: 96 - Forks: 14

tandasat/EopMon

Elevation of privilege detector based on HyperPlatform

Language: C++ - Size: 26.4 KB - Last synced at: 17 days ago - Pushed at: about 8 years ago - Stars: 120 - Forks: 35

tandasat/scripts_for_RE

Python scripts for reverse engineering.

Language: Python - Size: 1.09 MB - Last synced at: 18 days ago - Pushed at: almost 4 years ago - Stars: 182 - Forks: 52

tandasat/DrvLoader

A command line tool to load and unload a device driver.

Language: C++ - Size: 176 KB - Last synced at: 17 days ago - Pushed at: almost 8 years ago - Stars: 47 - Forks: 21

tandasat/HelloIommuPkg

The sample DXE runtime driver demonstrating how to program DMA remapping.

Language: C - Size: 17.6 KB - Last synced at: 17 days ago - Pushed at: over 1 year ago - Stars: 58 - Forks: 13

tandasat/MemoryMon

Detecting execution of kernel memory where is not backed by any image file

Language: C++ - Size: 215 KB - Last synced at: 13 days ago - Pushed at: almost 7 years ago - Stars: 256 - Forks: 98

tandasat/Sushi

a Japanese food keeps you sane

Language: C++ - Size: 351 KB - Last synced at: 17 days ago - Pushed at: over 9 years ago - Stars: 119 - Forks: 23

tandasat/UefiVarMonitor

The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.

Language: C - Size: 2.26 MB - Last synced at: 17 days ago - Pushed at: over 4 years ago - Stars: 138 - Forks: 18

tandasat/FU_Hypervisor

A hypervisor hiding user-mode memory using EPT

Language: C - Size: 4.82 MB - Last synced at: 17 days ago - Pushed at: about 7 years ago - Stars: 106 - Forks: 43

tandasat/DumpVTable

Generates a Python script to give public interface names in an ActiveX file to an IDB file.

Language: C++ - Size: 299 KB - Last synced at: 17 days ago - Pushed at: almost 4 years ago - Stars: 48 - Forks: 18

tandasat/win32_debugout

Shows debug strings on DebubView from an attached process by win32_remote.exe.

Language: C++ - Size: 160 KB - Last synced at: 17 days ago - Pushed at: over 11 years ago - Stars: 9 - Forks: 3

tandasat/findpg

Windbg extension to find PatchGuard pages

Language: C++ - Size: 359 KB - Last synced at: 17 days ago - Pushed at: almost 11 years ago - Stars: 118 - Forks: 44

tandasat/ScopedResource

Scoped Resource - Generic RAII Wrapper for the Standard Library by Peter Sommerlad and Andrew L. Sandoval

Language: C++ - Size: 125 KB - Last synced at: 17 days ago - Pushed at: over 10 years ago - Stars: 9 - Forks: 3

tandasat/ListWorkItems

Lists work items being queued currently.

Language: C++ - Size: 137 KB - Last synced at: 17 days ago - Pushed at: almost 10 years ago - Stars: 13 - Forks: 3

tandasat/SecRuntimeSample

A sample usege of SecRuntime.dll on Windows Phone

Language: C++ - Size: 258 KB - Last synced at: 17 days ago - Pushed at: almost 10 years ago - Stars: 5 - Forks: 5

tandasat/windbg_init

Windbg Init Script

Size: 160 KB - Last synced at: about 1 month ago - Pushed at: over 9 years ago - Stars: 10 - Forks: 4

tandasat/hyperplatform_log_parser

User-mode program parsing logs created by HyperPlatform

Language: C++ - Size: 1.26 MB - Last synced at: 17 days ago - Pushed at: over 8 years ago - Stars: 18 - Forks: 10

tandasat/ping_vmm

A user-mode program knocking at HyperPlatform's "backdoor"

Language: C++ - Size: 8.79 KB - Last synced at: 17 days ago - Pushed at: about 8 years ago - Stars: 8 - Forks: 11

tandasat/ProjectLoadTimeMonitor

The Visual Studio extension that measures load time of each project when a solution file is opened.

Language: C# - Size: 126 KB - Last synced at: 17 days ago - Pushed at: over 6 years ago - Stars: 17 - Forks: 2

tandasat/List-UEFI-Configuration-Tables

List UEFI Configuration Tables

Language: Rust - Size: 13.7 KB - Last synced at: 17 days ago - Pushed at: 11 months ago - Stars: 10 - Forks: 2

tandasat/hvext

The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.

Language: JavaScript - Size: 123 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 110 - Forks: 13

tandasat/Bochs Fork of bochs-emu/Bochs

Bochs - Cross Platform x86 Emulator Project

Language: C++ - Size: 38.1 MB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 2 - Forks: 0

tandasat/tandasat

Size: 1000 Bytes - Last synced at: about 1 month ago - Pushed at: about 3 years ago - Stars: 2 - Forks: 1

tandasat/solutionloadmanager Fork of kolomiets/solutionloadmanager

Solution Load Manager is a Visual Studio 2010/2012/2013/2015 extension that provides access to project load priority settings. The extension is also available through Visual Studio Gallery

Language: C# - Size: 734 KB - Last synced at: over 1 year ago - Pushed at: over 9 years ago - Stars: 1 - Forks: 0

tandasat/SectorIo Fork of jschicht/SectorIo

Kernel mode driver for writing to physical disk with SL_FORCE_DIRECT_WRITE

Language: C - Size: 117 KB - Last synced at: over 1 year ago - Pushed at: over 10 years ago - Stars: 2 - Forks: 0

tandasat/node-virus Fork of cranic/node-virus

EICAR testing signature for anti-virus testing purpouses.

Language: JavaScript - Size: 125 KB - Last synced at: over 1 year ago - Pushed at: over 11 years ago - Stars: 2 - Forks: 1

tandasat/ksm Fork of asamy/ksm

A really simple and lightweight x64 hypervisor written in C for Windows for Intel processors.

Language: C - Size: 44.9 KB - Last synced at: over 1 year ago - Pushed at: almost 9 years ago - Stars: 7 - Forks: 1

tandasat/smram_parse Fork of Cr4sh/smram_parse

System Management RAM analysis tool

Language: Python - Size: 27.3 KB - Last synced at: over 1 year ago - Pushed at: over 4 years ago - Stars: 3 - Forks: 0

tandasat/rootkit.com Fork of claudiouzelac/rootkit.com

Mirror of users section of rootkit.com

Language: Pascal - Size: 15.2 MB - Last synced at: over 1 year ago - Pushed at: almost 10 years ago - Stars: 5 - Forks: 4

tandasat/ia32-doc Fork of ia32-doc/ia32-doc

IA32-doc is a project which aims to put as many definitions from the Intel Manual into machine-processable format as possible

Language: C - Size: 1.09 MB - Last synced at: over 1 year ago - Pushed at: about 3 years ago - Stars: 17 - Forks: 3

tandasat/Sealighter Fork of pathtofile/Sealighter

Sysmon-Like research tool for ETW

Language: C++ - Size: 287 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0

tandasat/CopyFiles

Copy files onto the IsolatedStorage so that you can download them using IsoStoreSpy.

Language: C# - Size: 352 KB - Last synced at: about 1 month ago - Pushed at: almost 10 years ago - Stars: 3 - Forks: 2

tandasat/PowerShell Fork of PowerShell/PowerShell

PowerShell for every system!

Language: C# - Size: 31.1 MB - Last synced at: over 1 year ago - Pushed at: over 7 years ago - Stars: 4 - Forks: 1

tandasat/processhacker Fork of winsiderss/systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

Language: C - Size: 23.5 MB - Last synced at: over 1 year ago - Pushed at: about 7 years ago - Stars: 8 - Forks: 1

tandasat/DebugViewPP Fork of CobaltFusion/DebugViewPP

DebugView++, collect, view and filter your application logs

Language: C++ - Size: 17.4 MB - Last synced at: over 1 year ago - Pushed at: over 6 years ago - Stars: 5 - Forks: 2

tandasat/hvpp Fork of wbenny/hvpp

hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system

Language: C++ - Size: 370 KB - Last synced at: over 1 year ago - Pushed at: over 6 years ago - Stars: 3 - Forks: 0

tandasat/SimpleVisor Fork of ionescu007/SimpleVisor

SimpleVisor is a simple, portable, Intel VT-x hypervisor with two specific goals: using the least amount of assembly code (10 lines), and having the smallest amount of VMX-related code to support dynamic hyperjacking and unhyperjacking (that is, virtualizing the host state from within the host). It works on Windows and UEFI.

Language: C - Size: 181 KB - Last synced at: over 1 year ago - Pushed at: over 5 years ago - Stars: 4 - Forks: 1

tandasat/WindowsIntelPT Fork of intelpt/WindowsIntelPT

This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows

Language: C++ - Size: 759 KB - Last synced at: over 1 year ago - Pushed at: over 4 years ago - Stars: 4 - Forks: 1

tandasat/capstone Fork of capstone-engine/capstone

Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml)

Language: POV-Ray SDL - Size: 30.1 MB - Last synced at: over 1 year ago - Pushed at: almost 6 years ago - Stars: 13 - Forks: 7

tandasat/efiSeek Fork of DSecurity/efiSeek

Ghidra analyzer for UEFI firmware.

Language: Java - Size: 1.4 MB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 0 - Forks: 0

tandasat/Invoke-Obfuscation Fork of danielbohannon/Invoke-Obfuscation

PowerShell Obfuscator

Language: PowerShell - Size: 468 KB - Last synced at: over 1 year ago - Pushed at: about 6 years ago - Stars: 3 - Forks: 0

tandasat/nishang Fork of samratashok/nishang

Nishang - PowerShell for penetration testing and offensive security.

Language: PowerShell - Size: 2.25 MB - Last synced at: over 1 year ago - Pushed at: over 8 years ago - Stars: 2 - Forks: 1

tandasat/windbg_hilight Fork of yodamaster/windbg_hilight

A windbg plugin to hilight text in Disassembly and Command windows. Support x86 and x64.

Language: C++ - Size: 714 KB - Last synced at: over 1 year ago - Pushed at: almost 11 years ago - Stars: 5 - Forks: 4

tandasat/mylight

Using LED of Samsung Galaxy Ace S5830

Language: Java - Size: 180 KB - Last synced at: about 1 month ago - Pushed at: over 11 years ago - Stars: 2 - Forks: 1

tandasat/docs Fork of dotnet/docs

This repository contains .NET Documentation.

Size: 419 MB - Last synced at: over 1 year ago - Pushed at: over 7 years ago - Stars: 1 - Forks: 0

tandasat/ShowPSAst Fork of lzybkr/ShowPSAst

Simple UI to explore the PowerShell Ast

Language: PowerShell - Size: 3.91 KB - Last synced at: over 1 year ago - Pushed at: almost 8 years ago - Stars: 1 - Forks: 0

tandasat/minhook Fork of TsudaKageyu/minhook

The Minimalistic x86/x64 API Hooking Library for Windows

Language: C - Size: 377 KB - Last synced at: over 1 year ago - Pushed at: almost 9 years ago - Stars: 5 - Forks: 5

tandasat/qb-sync Fork of quarkslab/qb-sync

qb-sync is an open source tool to add some helpful glue between IDA Pro and Windbg. Its core feature is to dynamically synchronize IDA's graph windows with Windbg's position.

Language: C++ - Size: 307 KB - Last synced at: over 1 year ago - Pushed at: over 10 years ago - Stars: 2 - Forks: 2

tandasat/shared

Manages files that are shared with multiple boxes.

Language: VimL - Size: 191 KB - Last synced at: about 1 month ago - Pushed at: almost 10 years ago - Stars: 1 - Forks: 1

tandasat/Gdbinit Fork of gdbinit/Gdbinit

Gdbinit for OS X, iOS and others - x86, x86_64 and ARM

Size: 808 KB - Last synced at: over 1 year ago - Pushed at: about 11 years ago - Stars: 0 - Forks: 0