Code samples that serve as references for Windows API functions
☆76May 28, 2024Updated last year
Alternatives and similar repositories for WindowsAP1
Users that are interested in WindowsAP1 are comparing it to the libraries listed below
Sorting:
- A practical resource on using open-source tools for Incident Response. This repo shares workflows, tool setups, and steps for responding …☆38Nov 4, 2024Updated last year
- Hardcore Debugging☆935Jan 6, 2026Updated 2 months ago
- Various shellcodes☆12Sep 1, 2020Updated 5 years ago
- ☆253Jun 7, 2025Updated 9 months ago
- ☆17Feb 15, 2022Updated 4 years ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆162Aug 30, 2025Updated 6 months ago
- Repository contains shellcodes made from scratch for intel x86-64 bit Architecture☆12May 6, 2023Updated 2 years ago
- ☆71Mar 8, 2026Updated last week
- Vectored Exception Handling Squared☆31Dec 27, 2025Updated 2 months ago
- RE for champions☆15Mar 10, 2026Updated last week
- A fast execution trace symbolizer for Windows that runs on all major platforms and doesn't depend on any Microsoft libraries.☆101Jan 3, 2026Updated 2 months ago
- Lists all visible objects in the Windows kernel object namespace, a command-line WinObj☆15May 27, 2018Updated 7 years ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 2 months ago
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…☆39Sep 23, 2023Updated 2 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Oct 7, 2020Updated 5 years ago
- Standalone tool to explore the security model of Windows and its NT kernel. Use it to introspect privilege assignments and access right a…☆33May 21, 2019Updated 6 years ago
- Windows AppLocker Driver (appid.sys) LPE☆76Jul 29, 2024Updated last year
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 7 months ago
- Anti-Rootkit Tool for Windows☆12Mar 24, 2025Updated 11 months ago
- Tool for obtaining information about PPL processes☆16Feb 12, 2024Updated 2 years ago
- Convert IDA Type Library `*.til` to Compilable C Header!☆20Mar 9, 2023Updated 3 years ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- A collection of PoCs to do common things in unconventional ways☆121Aug 31, 2025Updated 6 months ago
- A bootkit to bypass Windows login (WIP)☆10Oct 25, 2023Updated 2 years ago
- Demo from the Malware Analysis and Development Webinar☆25Apr 17, 2024Updated last year
- ☆24Jul 15, 2023Updated 2 years ago
- Modified-Thycotic-Secret-Stealer for use with DPAPI and offline Decryption☆19Aug 5, 2022Updated 3 years ago
- Integer overflow in FreeType software, which also affects Chrome☆29Aug 27, 2025Updated 6 months ago
- ☆16Sep 23, 2021Updated 4 years ago
- ☆50Dec 15, 2025Updated 3 months ago
- modern c++ wrapper around the microsoft portable executable file format☆35Nov 22, 2025Updated 3 months ago
- AppLocker Policy Generator☆26Aug 25, 2025Updated 6 months ago
- Offensive toolkit and BloodHound graph creator for DPAPI blobs and master key files☆14Jan 10, 2026Updated 2 months ago
- Administrative Template (ADMX) for Microsoft Defender Attack Surface Reduction (ASR)☆15Jul 7, 2025Updated 8 months ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆229Jul 17, 2024Updated last year
- C++ Assembler with Built-in Mutation Engine☆30Sep 6, 2025Updated 6 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆233Jan 24, 2025Updated last year
- Local SYSTEM auth trigger for relaying☆170Jul 22, 2025Updated 7 months ago
- api-tracer is a tiny (useless) tracer☆17Feb 28, 2023Updated 3 years ago