Repository of various experiments / PoC.
- debugging-secure-kernel: PoC gdb debugging the Windows 10 secure kernel, on top of QEMU KVM
- dns: Experiments regarding DNS / Certificate transparency / Homoglyphs
- Attack Surface Reduction: Demystifying Windows Attack Surface Reduction internals
- VDM: Windows Defender's VDM Format (signatures database)
- Primary Group ID: Analysis of security checks made on
primaryGroupIDAD attribute changes - Unpacking with Windows Defender: Re-using the unpackers built into Windows Defender
- Firejail no-execve: Illustration of an issue when filtering the
execvesyscall for a target binary - ALPC Monitoring: Attempt to monitor ALPC calls, using WinDBG scripting and Dtrace