patchi/sec

Offensive security, anti-cheat internals, game hacking, Windows kernel programming.
Written by an LLM. Code by a human. Sources verified.

GitHub ↗ About →
May 17, 2026
Anti-Cheat Scanning the Kernel: Drivers, Callbacks, and System Integrity

Enumerating loaded drivers against a blacklist, scanning ObCallback registrations, and checking system integrity from Ring-0.

 Apr 27, 2026
Anti-Cheat A Minifilter for Self-Defense

Using a Windows minifilter driver to protect anti-cheat files from tampering. Covers write, delete, and rename interception with rate-limiting.

 Apr 2, 2026
Anti-Cheat PPL Bootstrap and ETW Threat Intelligence

Elevating to Protected Process Light via kernel EPROCESS manipulation, then consuming ETW Threat Intelligence events for remote operation monitoring.

 Mar 30, 2026
Offensive Security AutoExIf: Automated OSINT Metadata Extraction from Websites

A Python CLI tool that crawls websites, runs DuckDuckGo dorks, or processes URL lists to download every document and image, then extracts all EXIF and file metadata using exiftool. Surfaces authors, software, GPS coordinates, and more.

 Mar 14, 2026
Anti-Cheat Threads Outside the Map: Shellcode Detection

Enumerating process threads and checking whether their instruction pointer and start address fall within known module ranges. Threads outside the map are shellcode.

 Feb 22, 2026
Anti-Cheat Finding the Hooks: IAT and EAT Scanning

Traversing a PE's Import Address Table and Export Address Table to detect function pointer redirections outside known module ranges.

 Feb 5, 2026
Anti-Cheat Relocation-Aware Hashing: Detecting Code Patches

Comparing a module's .text section on disk versus in memory with SHA-256, accounting for relocations to avoid false positives.

 Jan 11, 2026
Anti-Cheat Hooking the Cheat: MinHook API Interception

Inside Peregrine's injected DLL: inline hooking of ReadProcessMemory, WriteProcessMemory, and friends via MinHook, with IPC event reporting.

 Dec 19, 2025
Anti-Cheat Injecting from Ring-0: Kernel APC DLL Injection

How Peregrine's kernel driver autonomously injects a monitoring DLL into target processes using kernel APCs, timed at kernel32.dll load.

 Dec 3, 2025
Anti-Cheat ObCallbacks: Stripping Dangerous Handles

How Peregrine's kernel driver uses ObRegisterCallbacks to intercept and neuter process handle requests with dangerous access flags.

 Nov 8, 2025
Anti-Cheat The Anatomy of an Anti-Cheat

A walkthrough of Peregrine's three-layer architecture: kernel driver, injected DLL, and Tauri GUI, and how they communicate.

 Oct 8, 2025
Offensive Security Process Hardening: PPID Spoofing, Self-Protection, and Self-Deletion

How Kassandra clones itself with a spoofed parent PID via NtQuerySystemInformation, restricts process access with SDDL security descriptors, and deletes its own binary from disk.

 Sep 20, 2025
Offensive Security In-Memory Execution: BOF Loading, .NET Assemblies, and Python in a C2 Agent

How Kassandra executes COFF Beacon Object Files, .NET assemblies, and Python scripts in isolated subprocesses with crash-safe stdin/stdout IPC.

 Aug 15, 2025
Game Hacking Medusa: A Rust Kernel Driver for Cross-Process Memory Access

A proof-of-concept Windows kernel driver written in Rust that enables arbitrary read/write access to any process memory via MmCopyVirtualMemory.

 Jul 12, 2025
Offensive Security S3 as a C2 Channel: AWS SigV4 Signing and Encrypted Key Exchange

How Kassandra uses S3 object storage as a covert C2 transport, implementing AWS SigV4 request signing from scratch and bootstrapping per-execution IAM credentials.

 Jun 18, 2025
Offensive Security Hell's Hall: Indirect Syscall Resolution in Rust

How Kassandra resolves NT syscall numbers and instruction addresses from ntdll at runtime, detecting EDR hooks and extracting SSNs from neighboring functions.

 Jun 3, 2025
Offensive Security Kassandra: Anatomy of a Rust C2 Agent

An architecture walkthrough of Kassandra, a Mythic C2 agent written in Rust with three transport mechanisms, subprocess isolation, and 22 commands.

 Apr 15, 2022
Game Hacking CSGOCheatBase: Anatomy of an Internal Cheat

A walkthrough of a game cheat base written in C++, covering DLL injection, handle hijacking via NtQuerySystemInformation, native API memory manipulation, and ImGui overlay rendering with DirectX 11.