All reasonably stable tools

A C++ configurable Expression Parser. Useful as a Calculator or for helping you write your own Programming Language

VMProtect source code leak (incomplete, some important files are still missing, but you can still see it as a reference on how to virtualize the code)

Collection of malware source code for a variety of platforms in an array of different programming languages.

Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Yet another remote desktop software

Collect different versions of Crucial modules.

Interactive Delphi Reconstructor

Windows kernel and user mode emulation.

Reliable & unreliable messages over UDP. Robust message fragmentation & reassembly. P2P networking / NAT traversal. Encryption.

Windows memory hacking library

Lua in kernel-mode because why not.

One engine to rule them all

Voice Activity Detector Module Port From WebRTC

A programmable and rootkit-like Windows remote access tool.

Automated malcode analysis system - read more ->

The Python programming language

Disable PatchGuard and DSE at boot time

Hiding kernel-driver for x86/x64.

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

A fully functional DanderSpritz lab in 2 commands

User-mode part of Zerokit platform

Zerokit/GAPZ rootkit (non buildable and only for researching)

Android possessor compatible with Zerokit simple c&c protocol

Zerokit server controller

Analysis and Modification Tool for Executables