We're looking for sponsors, read more»

Experimental Tools

Here you can find our experimental software programs, proof of concepts (PoC’s), prototyped ideas, skeleton frameworks and more. If you would like to use our technology within your products please contact us.

live-kernel-memory-dump

Live Kernel Memory Dump

Live Kernel Memory Dump (LKMD) is an advanced Windows console utility that allows you to dump “live” kernel memory without having to force the system down (like you would with a bugcheck issued). No active kernel debug session is required which...


process-permit

Process Permit

Process Permit is a ”skeleton” framework that affords 3rd-party developers the ability to create rules for allowing or denying process creations on Windows NT-based operating systems. The framework can be integrated to fit local and remote rule...


remote-process-blocker

Remote Process Blocker

Remote Process Blocker is a framework that allows for advanced Windows users to intelligently block the execution of a spawning process based on serverside rules. The framework intercepts process creations and will wait for a response (execution...


wow64-syscall-monitor

WOW64 SysCall Monitor

This is a small tool which allows you to spawn a process and monitor all system calls made by the process, this includes all Nt* prefixed system service APIs from the System Service Descriptor Table (SSDT) as well as the System Service Descriptor...


yaguard

YaGuard

This experimental project allows you to scan in real-time new processes, DLLs and kernel-mode drivers with your custom YARA signatures. If a process, dll or driver matches one YARA rule, it is blocked from loading in the system, preventing a...