Systems Security on zeishr

xenith

Sun, 26 Jan 2025 23:59:38 +0000

xenith is a research-focused hypervisor for Xen-based debugging, virtual machine introspection, and automation.

The project explores low-level guest inspection, debugging workflows, and scripted control around virtualized targets. It is archived, but remains useful as a reference for hypervisor-backed research tooling and VMI-oriented experiments.

blackpill

Thu, 19 Sep 2024 09:10:45 +0000

blackpill is a Linux rootkit research project combining a Rust kernel module, eBPF XDP/TC networking, and a custom type-2 hypervisor.

It is kept as an archived research artifact around stealth, low-level control, kernel experimentation, and hypervisor-backed security research.

secmalloc

Wed, 17 Jul 2024 12:33:53 +0000

secmalloc is a secure allocator experiment around malloc, realloc, and free-style semantics.

It is archived as a small C implementation exercise around heap allocation behavior and allocator hardening ideas.

mmushell

Sun, 14 Apr 2024 15:23:05 +0000

mmushell is a substantial fork of EURECOM’s memory-forensics proof of concept.

The fork added module packaging, a Nix development shell, MkDocs documentation, and cleanup around architecture/exporter boundaries. It is archived as a research and reproducibility reference.

libMMU

Mon, 11 Mar 2024 19:47:23 +0000

libMMU is a Rust crate for rebuilding virtual address spaces from memory dumps.

It is inspired by OS-agnostic MMU reconstruction techniques explored in mmushell and related memory-forensics research. The project is archived as a research implementation reference.

pyDFIRRam

Thu, 20 Jul 2023 12:57:16 +0000

pyDFIRRam is a Volatility 3-based Python library for scripted and notebook-driven memory-forensics workflows.

It focuses on making memory analysis easier to automate, compose, and reuse from Python rather than forcing every investigation through one-off command invocations.