Code samples that serve as references for Windows API functions
☆76May 28, 2024Updated last year
Alternatives and similar repositories for WindowsAP1
Users that are interested in WindowsAP1 are comparing it to the libraries listed below
Sorting:
- A practical resource on using open-source tools for Incident Response. This repo shares workflows, tool setups, and steps for responding …☆37Nov 4, 2024Updated last year
- Hardcore Debugging☆931Jan 6, 2026Updated last month
- A bootkit to bypass Windows login (WIP)☆10Oct 25, 2023Updated 2 years ago
- ☆252Jun 7, 2025Updated 8 months ago
- Windows AppLocker Driver (appid.sys) LPE☆74Jul 29, 2024Updated last year
- A fast execution trace symbolizer for Windows that runs on all major platforms and doesn't depend on any Microsoft libraries.☆100Jan 3, 2026Updated last month
- ☆17Feb 15, 2022Updated 4 years ago
- ☆16Sep 23, 2021Updated 4 years ago
- ☆50Dec 15, 2025Updated 2 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆162Aug 30, 2025Updated 6 months ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- ☆60Apr 25, 2025Updated 10 months ago
- Modified-Thycotic-Secret-Stealer for use with DPAPI and offline Decryption☆19Aug 5, 2022Updated 3 years ago
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 6 months ago
- Vectored Exception Handling Squared☆29Dec 27, 2025Updated 2 months ago
- ☆22May 24, 2024Updated last year
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆54Dec 30, 2025Updated last month
- Using Windows' own bootloader as a shim to bypass Secure Boot☆225Jul 17, 2024Updated last year
- WinDbg extension written in Rust to dump the CPU / memory state of a running VM☆130Feb 1, 2026Updated 3 weeks ago
- Hooking Windows' exception dispatcher to protect process's PML4☆227Jan 24, 2025Updated last year
- OSED Practice binary☆25Nov 23, 2023Updated 2 years ago
- poc for cve-2025-53772☆46Dec 10, 2025Updated 2 months ago
- an obfuscator based on LLVM which can obfuscate the program execution trajectory☆107Mar 15, 2021Updated 4 years ago
- Shellcode capable of bypassing EAF / IAF mitigations☆28Apr 11, 2023Updated 2 years ago
- AppContainer tools for launching sandboxed win32 apps, changing ACL permissions and learning from ETW traces.☆32May 4, 2025Updated 9 months ago
- Port of zentool to Windows☆27Mar 7, 2025Updated 11 months ago
- Infects PE files with a shellcode☆22Oct 20, 2018Updated 7 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 2 years ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Anti-Rootkit Tool for Windows☆12Mar 24, 2025Updated 11 months ago
- Silent Cleanup UAC Bypass POC☆11Dec 15, 2019Updated 6 years ago
- \ PowerAvails Powershell /☆10Jun 30, 2018Updated 7 years ago
- the classic control panel applet☆21Feb 6, 2026Updated 3 weeks ago
- A tool to sync mythic events with ghostwriter oplog.☆14Nov 21, 2024Updated last year
- adobe reader sandbox utility☆11Aug 7, 2020Updated 5 years ago
- Administrative Template (ADMX) for Microsoft Defender Attack Surface Reduction (ASR)☆14Jul 7, 2025Updated 7 months ago
- ☆11Apr 23, 2019Updated 6 years ago
- A controlled environment for demonstrating and understanding buffer overflow vulnerabilities in web applications. This project is designe…☆25Jan 27, 2025Updated last year
- This directory contains random scripts from threat hunting or malware research☆11Feb 15, 2018Updated 8 years ago