Discover @tandasat Open Source projects

Satoshi Tanda (@tandasat)

tandasat

Stars
8,852
Global Rank 2,574 (Top 0.09 %)
Followers 1,679
Following 1
Registered over 12 years ago
Most used languages

C++
54.7 %

C
18.9 %

Rust
7.5 %

C#
5.7 %

Python
3.8 %

HTML
1.9 %

Vim Script
1.9 %

Java
1.9 %

Ruby
1.9 %

JavaScript
1.9 %
Location 🇨🇦 Canada
Country Total Rank 117
Country Ranking

C++
2

C
21

Rust
30

C#
152

Python
464

HTML
680

Vim Script
758

JavaScript
873

Ruby
1,299

Java
4,728

HyperPlatform

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

DdiMon

Monitoring and controlling kernel API calls with stealth hook using EPT

Hypervisor-101-in-Rust

The materials of "Hypervisor 101 in Rust", a one-day long course, to quickly learn hardware-assisted virtualization technology and its application for high-performance fuzzing on Intel/AMD processors.

MiniVisorPkg

The research UEFI hypervisor that supports booting an operating system.

SimpleSvmHook

SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.

SimpleSvm

A minimalistic educational hypervisor for Windows on AMD processors.

PgResarch

PatchGuard Research

ExploitCapcom

This is a standalone exploit for a vulnerable feature in Capcom.sys

MemoryMon

Detecting execution of kernel memory where is not backed by any image file

DotNetHooking

Sample use cases of the .NET native code hooking technique

barevisor

A bare minimum hypervisor on AMD and Intel processors for learners.

scripts_for_RE

Python scripts for reverse engineering.

GuardMon

Hypervisor based tool for monitoring system register accesses.

UefiVarMonitor

The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.

SmmExploit

The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.

hvext

The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.

EopMon

Elevation of privilege detector based on HyperPlatform

Sushi

a Japanese food keeps you sane

findpg

Windbg extension to find PatchGuard pages

UEFI-BIOS-Security

Security Camp 2021 & GCC 2022

WinIoCtlDecoder

IDA Plugin which decodes Windows Device I/O control code into DeviceType, FunctionCode, AccessType and MethodType.

FU_Hypervisor

A hypervisor hiding user-mode memory using EPT

WPBT-Builder

The simple UEFI application to create a Windows Platform Binary Table (WPBT) from the UEFI shell.

HelloSmm

This is an instruction to run your own SMM code.

DebugLogger

A software driver that lets you log kernel-mode debug output into a file on Windows.

Hello-VT-rp

A simple hypervisor demonstrating the use of the Intel VT-rp (redirect protection) technology.

kraft_dinner

Tool to dump UEFI runtime drivers implementing runtime services for Windows

HelloAmdHvPkg

HelloAmdHvPkg is a type-1 research hypervisor for AMD processors.

CVE-2023-36427

Report and exploit of CVE-2023-36427

Scavenger

A minifilter driver preserves all modified and deleted files.

RemoteWriteMonitor

A tool to help malware analysts tell that the sample is injecting code into other process.

meow

HelloIommuPkg

The sample DXE runtime driver demonstrating how to program DMA remapping.

DumpVTable

Generates a Python script to give public interface names in an ActiveX file to an IDB file.

DrvLoader

A command line tool to load and unload a device driver.

CVE-2022-25949

A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.

cs_driver

A sample project for using Capstone from a driver in Visual Studio 2015

CVE-2024-21305

Report and exploit of CVE-2024-21305.

CVE-2014-0816

tandasat.github.io

hyperplatform_log_parser

User-mode program parsing logs created by HyperPlatform

ProjectLoadTimeMonitor

The Visual Studio extension that measures load time of each project when a solution file is opened.

recon2024_demo

Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No test signing mode is required.

CheckSDL

A tool evaluates security configurations of a given PE based on SDL without source code

ListWorkItems

Lists work items being queued currently.

DeviceOpener

A command line tool to check if a specified device is accessible.

List-UEFI-Configuration-Tables

List UEFI Configuration Tables

windbg_init

Windbg Init Script

ScopedResource

Scoped Resource - Generic RAII Wrapper for the Standard Library by Peter Sommerlad and Andrew L. Sandoval

win32_debugout

Shows debug strings on DebubView from an attached process by win32_remote.exe.

ping_vmm

A user-mode program knocking at HyperPlatform's "backdoor"

SecRuntimeSample

A sample usege of SecRuntime.dll on Windows Phone

blog

CopyFiles

Copy files onto the IsolatedStorage so that you can download them using IsoStoreSpy.

mylight

Using LED of Samsung Galaxy Ace S5830

tandasat

shared

Manages files that are shared with multiple boxes.