0xAlexei/WindowsDefenderTools external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

0xAlexei/WindowsDefenderTools

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/0xAlexei/WindowsDefenderTools)

Close

0xAlexei / WindowsDefenderToolsView on GitHubMore

• External links
• Readme badge

Tools for instrumenting Windows Defender's mpengine.dll

☆319Oct 25, 2018Updated 7 years ago

Alternatives and similar repositories for WindowsDefenderTools

Users that are interested in WindowsDefenderTools are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• hfiref0x / WDExtract

  View on GitHub
  Extract Windows Defender database from vdm files and unpack it
  ☆488Apr 21, 2026Updated 2 months ago
• v-p-b / WindowsDefenderTools

  View on GitHub
  Tools for instrumenting Windows Defender's mpengine.dll
  ☆37Nov 1, 2018Updated 7 years ago
• hfiref0x / MpEnum

  View on GitHub
  Enumerate Windows Defender threat families and dump their names according category
  ☆97Apr 16, 2026Updated 2 months ago
• sam-b / windows_kernel_address_leaks

  View on GitHub
  Examples of leaking Kernel Mode information from User Mode on Windows
  ☆644Jul 7, 2017Updated 8 years ago
• googleprojectzero / sandbox-attacksurface-analysis-tools

  View on GitHub
  Set of tools to analyze Windows sandboxes for exposed attack surface.
  ☆2,303Nov 6, 2025Updated 7 months ago
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• commial / experiments

  View on GitHub
  Expriments
  ☆487Oct 3, 2024Updated last year
• ethereal-vx / Antivirus-Artifacts

  View on GitHub
  Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
  ☆759Nov 16, 2021Updated 4 years ago
• 0xcpu / ExecutiveCallbackObjects

  View on GitHub
  Research on Windows Kernel Executive Callback Objects
  ☆317Feb 22, 2020Updated 6 years ago
• mdsecactivebreach / com_inject

  View on GitHub
  ☆213Apr 5, 2022Updated 4 years ago
• bharadwajyas / ppdump-public

  View on GitHub
  Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…
  ☆25Mar 26, 2020Updated 6 years ago
• IgorKorkin / AllMemPro

  View on GitHub
  AllMemPro
  ☆46Jan 15, 2018Updated 8 years ago
• MartinDrab / IRPMon

  View on GitHub
  The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracke…
  ☆418Dec 27, 2024Updated last year
• rad9800 / VehApiResolve

  View on GitHub
  ☆119Aug 7, 2022Updated 3 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆103Oct 7, 2023Updated 2 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆147Feb 11, 2023Updated 3 years ago
• tyranid / WindowsRpcClients

  View on GitHub
  This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…
  ☆286May 14, 2020Updated 6 years ago
• 0vercl0k / symbolizer

  View on GitHub
  A fast execution trace symbolizer for Windows.
  ☆131May 6, 2024Updated 2 years ago
• MagnetForensics / SwishDbgExt

  View on GitHub
  Incident Response & Digital Forensics Debugging Extension
  ☆398Dec 11, 2018Updated 7 years ago
• nickcano / RelocBonus

  View on GitHub
  An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.
  ☆315Oct 18, 2018Updated 7 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆254Jul 9, 2024Updated last year
• commial / ttd-bindings

  View on GitHub
  Bindings for Microsoft WinDBG TTD
  ☆240Aug 5, 2023Updated 2 years ago
• thesecretclub / SandboxBootkit

  View on GitHub
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆336Oct 13, 2024Updated last year
• OALabs / BlobRunner

  View on GitHub
  Quickly debug shellcode extracted during malware analysis
  ☆637May 23, 2023Updated 3 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• taviso / loadlibrary

  View on GitHub
  Porting Windows Dynamic Link Libraries to Linux
  ☆4,494Apr 10, 2025Updated last year
• aaaddress1 / wowInjector

  View on GitHub
  PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
  ☆164May 27, 2021Updated 5 years ago
• gdabah / win32k-bugs

  View on GitHub
  Dump of win32k POCs for bugs I've found
  ☆379Mar 6, 2022Updated 4 years ago
• FSecureLABS / win_driver_plugin

  View on GitHub
  A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
  ☆439Aug 22, 2018Updated 7 years ago
• googleprojectzero / symboliclink-testing-tools

  View on GitHub
  ☆857Dec 13, 2022Updated 3 years ago
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆214Dec 14, 2023Updated 2 years ago
• sogeti-esec-lab / RPCForge

  View on GitHub
  Windows RPC Python fuzzer
  ☆165Nov 14, 2017Updated 8 years ago
• aaaddress1 / wowGrail

  View on GitHub
  PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
  ☆108May 27, 2021Updated 5 years ago
• BrunoMCBraga / Kernel-Whisperer

  View on GitHub
  ☆29Jan 15, 2021Updated 5 years ago
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• gabriellandau / ShadowStackWalk

  View on GitHub
  Finding Truth in the Shadows
  ☆129Jan 26, 2023Updated 3 years ago
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,366Apr 18, 2026Updated 2 months ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆377May 24, 2022Updated 4 years ago
• pathtofile / PPLRunner

  View on GitHub
  Run Processes as PPL with ELAM
  ☆177Mar 17, 2022Updated 4 years ago
• forrest-orr / phantom-dll-hollower-poc

  View on GitHub
  Phantom DLL hollowing PoC
  ☆374May 23, 2022Updated 4 years ago
• zeroperil / HookDump

  View on GitHub
  Security product hook detection
  ☆329Mar 30, 2021Updated 5 years ago
• blaquee / APCHook

  View on GitHub
  hooking KiUserApcDispatcher
  ☆27Apr 3, 2017Updated 9 years ago