We're looking for sponsors, read more»

Experimental Tools

Here you can find our experimental software programs, proof of concepts (PoC’s), prototyped ideas, skeleton frameworks and more. If you would like to use our technology within your products please contact us.


Live Kernel Memory Dump

Live Kernel Memory Dump (LKMD) is an advanced Windows console utility that allows you to dump “live” kernel memory without having to force the system down (like you would with a bugcheck issued). No active kernel debug session is required which...



Monitor and block suspicious processes behaviors to prevent infections by malware, ransomware, and other threats. This tool analyzes parent processes and prevents, for example, MS Word from running cmd.exe or powershell.exe, it prevents ransomware...


Process Permit

Process Permit is a ”skeleton” framework that affords 3rd-party developers the ability to create rules for allowing or denying process creations on Windows NT-based operating systems. The framework can be integrated to fit local and remote rule...


Remote Process Blocker

Remote Process Blocker is a framework that allows for advanced Windows users to intelligently block the execution of a spawning process based on serverside rules. The framework intercepts process creations and will wait for a response (execution...


WOW64 SysCall Monitor

This is a small tool which allows you to spawn a process and monitor all system calls made by the process, this includes all Nt* prefixed system service APIs from the System Service Descriptor Table (SSDT) as well as the System Service Descriptor...



This experimental project allows you to scan in real-time new processes, DLLs and kernel-mode drivers with your custom YARA signatures. If a process, dll or driver matches one YARA rule, it is blocked from loading in the system, preventing a...