Offensive research tooling
Deep Windows x64 instrumentation, syscall research, evasion analysis, and bespoke tooling that prioritizes stealth and control.
Program focus
Advanced security engineering, end-to-end.
TITAN Softwork Solutions develops offensive and defensive systems as a single engineering program: research, prototyping, and hardening built to withstand real-world analysis.
Resilient defensive systems
Detection engineering, telemetry pipelines, and system hardening engineered for durability under active adversaries.
Blue + Red tooling
A unified pipeline where offensive techniques inform defensive controls, producing tools that are research-grade and operationally relevant.
Open research
Featured TITAN projects
Research tooling and defensive systems from the TITAN Softwork Solutions GitHub organization.
CCGT-Packer
CCGT is a post-build string protection tool for Windows x64 binaries. It scans a compiled executable for eligible strings, encrypts them, and writes a compact metadata table into a dedicated PE section (.ccgtr). At runtime, a lightweight header-only runtime (ccgt_runtime.h) decrypts protected regions before the program uses them.
This approach reduces exposure of sensitive strings in static analysis workflows (strings.exe, YARA, bulk IOC extraction, and casual reverse engineering).
Regera
Regera delivers compile-time string encryption for Rust, backed by AEAD, ChaCha20, and handrolled mutation engines. It turns literals into encrypted blobs at build time and injects tiny decrypt shims at runtime.
Single-value macros return a zeroizing SecretStr, while multi-value macros return owned Strings for ergonomic destructuring.
Vigil
Vigil is a lightweight Windows blue-team telemetry utility that detects untrusted processes accessing protected filesystem resources using kernel ETW.
Leadership
Owner and founder
TITAN is founded and led by dutchpsycho.
Founder
dutchpsycho
Owner and lead engineer for TITAN Softwork Solutions. Research spans offensive engineering, system hardening, and the design of blue-team and red-team tooling that informs defensive controls.
ActiveBreach Engine
ActiveBreach is a fully dynamic direct syscall framework for Windows 10/11 x64, designed as a modern successor to tools like SysWhispers and Hell's Gate. Inspired by MDSEC research on bypassing user-mode hooks, it targets key detection vectors such as static syscall patterns, suspicious call stacks, and hooked API usage.
The Rust implementation features JIT memory encryption, a stringless design, and rotating encrypted stubs.
Community
Discord updates and collaboration
Follow releases, research notes, project updates, and ask questions or get help through the TITAN community hub.
Discord
Follow announcements, releases, and member activity through the TITAN community hub on Discord.
Contact
Inquiries
For project inquiries, research collaboration, or secure tooling work, reach out directly.