0xAlexei/WindowsDefenderTools external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

0xAlexei/WindowsDefenderTools

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/0xAlexei/WindowsDefenderTools)

Close

0xAlexei / WindowsDefenderToolsView on GitHubMore

• External links
• Readme badge

Tools for instrumenting Windows Defender's mpengine.dll

☆311Oct 25, 2018Updated 7 years ago

Alternatives and similar repositories for WindowsDefenderTools

Users that are interested in WindowsDefenderTools are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• hfiref0x / WDExtract

  View on GitHub
  Extract Windows Defender database from vdm files and unpack it
  ☆476Feb 23, 2026Updated last month
• v-p-b / WindowsDefenderTools

  View on GitHub
  Tools for instrumenting Windows Defender's mpengine.dll
  ☆37Nov 1, 2018Updated 7 years ago
• hfiref0x / MpEnum

  View on GitHub
  Enumerate Windows Defender threat families and dump their names according category
  ☆95May 27, 2019Updated 6 years ago
• sam-b / windows_kernel_address_leaks

  View on GitHub
  Examples of leaking Kernel Mode information from User Mode on Windows
  ☆637Jul 7, 2017Updated 8 years ago
• googleprojectzero / sandbox-attacksurface-analysis-tools

  View on GitHub
  Set of tools to analyze Windows sandboxes for exposed attack surface.
  ☆2,277Nov 6, 2025Updated 5 months ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• commial / experiments

  View on GitHub
  Expriments
  ☆480Oct 3, 2024Updated last year
• ethereal-vx / Antivirus-Artifacts

  View on GitHub
  Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
  ☆759Nov 16, 2021Updated 4 years ago
• 0xcpu / ExecutiveCallbackObjects

  View on GitHub
  Research on Windows Kernel Executive Callback Objects
  ☆316Feb 22, 2020Updated 6 years ago
• mdsecactivebreach / com_inject

  View on GitHub
  ☆209Apr 5, 2022Updated 4 years ago
• bharadwajyas / ppdump-public

  View on GitHub
  Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…
  ☆25Mar 26, 2020Updated 6 years ago
• IgorKorkin / AllMemPro

  View on GitHub
  AllMemPro
  ☆46Jan 15, 2018Updated 8 years ago
• MartinDrab / IRPMon

  View on GitHub
  The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracke…
  ☆412Dec 27, 2024Updated last year
• rad9800 / VehApiResolve

  View on GitHub
  ☆119Aug 7, 2022Updated 3 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆102Oct 7, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆148Feb 11, 2023Updated 3 years ago
• tyranid / WindowsRpcClients

  View on GitHub
  This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…
  ☆285May 14, 2020Updated 5 years ago
• 0vercl0k / symbolizer

  View on GitHub
  A fast execution trace symbolizer for Windows.
  ☆130May 6, 2024Updated last year
• MagnetForensics / SwishDbgExt

  View on GitHub
  Incident Response & Digital Forensics Debugging Extension
  ☆393Dec 11, 2018Updated 7 years ago
• nickcano / RelocBonus

  View on GitHub
  An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.
  ☆314Oct 18, 2018Updated 7 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆250Jul 9, 2024Updated last year
• thesecretclub / SandboxBootkit

  View on GitHub
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆326Oct 13, 2024Updated last year
• commial / ttd-bindings

  View on GitHub
  Bindings for Microsoft WinDBG TTD
  ☆237Aug 5, 2023Updated 2 years ago
• OALabs / BlobRunner

  View on GitHub
  Quickly debug shellcode extracted during malware analysis
  ☆631May 23, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• aaaddress1 / wowInjector

  View on GitHub
  PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
  ☆167May 27, 2021Updated 4 years ago
• gdabah / win32k-bugs

  View on GitHub
  Dump of win32k POCs for bugs I've found
  ☆380Mar 6, 2022Updated 4 years ago
• FSecureLABS / win_driver_plugin

  View on GitHub
  A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
  ☆440Aug 22, 2018Updated 7 years ago
• googleprojectzero / symboliclink-testing-tools

  View on GitHub
  ☆846Dec 13, 2022Updated 3 years ago
• sogeti-esec-lab / RPCForge

  View on GitHub
  Windows RPC Python fuzzer
  ☆165Nov 14, 2017Updated 8 years ago
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆213Dec 14, 2023Updated 2 years ago
• aaaddress1 / wowGrail

  View on GitHub
  PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
  ☆108May 27, 2021Updated 4 years ago
• BrunoMCBraga / Kernel-Whisperer

  View on GitHub
  ☆29Jan 15, 2021Updated 5 years ago
• gabriellandau / ShadowStackWalk

  View on GitHub
  Finding Truth in the Shadows
  ☆126Jan 26, 2023Updated 3 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,345Apr 1, 2026Updated last week
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆378May 24, 2022Updated 3 years ago
• pathtofile / PPLRunner

  View on GitHub
  Run Processes as PPL with ELAM
  ☆177Mar 17, 2022Updated 4 years ago
• forrest-orr / phantom-dll-hollower-poc

  View on GitHub
  Phantom DLL hollowing PoC
  ☆372May 23, 2022Updated 3 years ago
• zeroperil / HookDump

  View on GitHub
  Security product hook detection
  ☆328Mar 30, 2021Updated 5 years ago
• wbenny / injdrv

  View on GitHub
  proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
  ☆1,277May 1, 2024Updated last year
• blaquee / APCHook

  View on GitHub
  hooking KiUserApcDispatcher
  ☆27Apr 3, 2017Updated 9 years ago