PaddyCahil/windows-api-function-cheatsheets external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

PaddyCahil/windows-api-function-cheatsheets

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/PaddyCahil/windows-api-function-cheatsheets)

Close

PaddyCahil / windows-api-function-cheatsheetsView on GitHubMore

• External links
• Readme badge

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

☆120Nov 22, 2023Updated 2 years ago

Alternatives and similar repositories for windows-api-function-cheatsheets

Users that are interested in windows-api-function-cheatsheets are comparing it to the libraries listed below

• leoanggal1 / CVE-2023-3452-PoC

  View on GitHub
  Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
  ☆16Nov 24, 2023Updated 2 years ago
• 7etsuo / windows-api-function-cheatsheets

  View on GitHub
  A reference of Windows API function calls, including functions for file operations, process management, memory management, thread managem…
  ☆1,438Oct 4, 2024Updated last year
• Faran-17 / EarlyBird-APC-Injection

  View on GitHub
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆35Oct 31, 2023Updated 2 years ago
• s0lst1c3 / SharpFinder

  View on GitHub
  ☆33Apr 7, 2020Updated 5 years ago
• S12cybersecurity / ETWEvasionToolkit

  View on GitHub
  Toolkit of Projects to attack and evade Event Trace for Windows
  ☆26Aug 28, 2025Updated 6 months ago
• hdks-bug / redteam-techniques

  View on GitHub
  Collection of red team techniques.
  ☆67Apr 25, 2025Updated 10 months ago
• Offensive-Panda / .NET_PROFILER_DLL_LOADING

  View on GitHub
  .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…
  ☆46Jul 29, 2024Updated last year
• MythicC2Profiles / websocket

  View on GitHub
  Websocket communications with Push and Poll messages
  ☆20Oct 26, 2025Updated 4 months ago
• splexas / TrampHooker

  View on GitHub
  A mechanism that trampoline hooks functions in x86/x64 systems.
  ☆21Oct 9, 2024Updated last year
• D4rthMaulCop / DarthNetLoader

  View on GitHub
  ☆15Aug 17, 2023Updated 2 years ago
• 0xG00S3 / Hashbreaker

  View on GitHub
  A modern, web-based GUI for Hashcat that provides an intuitive interface for hash cracking operations, featuring real-time monitoring, pe…
  ☆34Mar 5, 2025Updated 11 months ago
• senzee1984 / MutationGate

  View on GitHub
  Use hardware breakpoint to dynamically change SSN in run-time
  ☆279Apr 10, 2024Updated last year
• hashpwn / rules

  View on GitHub
  Top hashpwn rules
  ☆20Dec 12, 2025Updated 2 months ago
• som3canadian / Mythic_NimSyscallPacker_Wrapper

  View on GitHub
  Mythic C2 wrapper for NimSyscallPacker
  ☆25Mar 12, 2025Updated 11 months ago
• NUL0x4C / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆61May 12, 2025Updated 9 months ago
• JayGLXR / RustyMirage

  View on GitHub
  A Rust version of Mirage, a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆38Mar 6, 2025Updated 11 months ago
• wavestone-cdt / Malware-Development-On-Secured-Environment

  View on GitHub
  ☆10Oct 1, 2023Updated 2 years ago
• phishingclub / session-sushi

  View on GitHub
  Zero dependency browser extension for handling import of cookies, Microsoft 365 OAuth tokens, and Graph API interactions.
  ☆23Dec 31, 2025Updated 2 months ago
• BlackSnufkin / HolyGrail

  View on GitHub
  BYOVD hunter to help prioritize windows drivers worth manual analysis
  ☆121Aug 19, 2025Updated 6 months ago
• y-security / stealthguardian

  View on GitHub
  StealthGuardian is a middleware layer that can be combined with adversary simulation tools to verify the resistance, detection level and…
  ☆20Aug 7, 2024Updated last year
• ASP4RUX / bypassEDR-AV

  View on GitHub
  ☆59Nov 13, 2024Updated last year
• SilverPlate3 / GoodKit

  View on GitHub
  Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity
  ☆34Apr 26, 2024Updated last year
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆96Dec 24, 2024Updated last year
• BlackOfWorld / NtCreateUserProcess

  View on GitHub
  A small NtCreateUserProcess PoC that spawns a Command prompt.
  ☆102Aug 25, 2022Updated 3 years ago
• Hubbl3 / ThreatCheck

  View on GitHub
  Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
  ☆11May 17, 2024Updated last year
• purplestormctf / purplestorm-TTPs

  View on GitHub
  A collection of commands, tools, techniques and procedures of the purplestorm ctf team.
  ☆14Mar 20, 2025Updated 11 months ago
• silentwarble / Hannibal

  View on GitHub
  Mythic C2 Agent written in x64 PIC C
  ☆85Jan 29, 2025Updated last year
• sagiol / Terms-of-What

  View on GitHub
  Terms of Use Conditional Access M365 Evilginx Phishlet
  ☆44Jun 23, 2025Updated 8 months ago
• CodeXTF2 / evasion-adventures-files

  View on GitHub
  Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
  ☆31Jan 14, 2023Updated 3 years ago
• rasta-mouse / SpawnWith

  View on GitHub
  ☆109Feb 17, 2025Updated last year
• helviojunior / hookchain

  View on GitHub
  HookChain: A new perspective for Bypassing EDR Solutions
  ☆590Jan 5, 2025Updated last year
• ZeroMemoryEx / Overlord

  View on GitHub
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆82May 23, 2023Updated 2 years ago
• 0x3rhy / BypassCredGuard-BOF

  View on GitHub
  BypassCredGuard CS BOF
  ☆49Jan 23, 2025Updated last year
• nbaertsch / PoolProxy

  View on GitHub
  Proxy function calls through the thread pool with ease
  ☆31Feb 27, 2025Updated last year
• sensepost / mail-in-the-middle

  View on GitHub
  ☆108Nov 7, 2024Updated last year
• Offensive-Panda / NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE

  View on GitHub
  This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCo…
  ☆30Aug 5, 2024Updated last year
• Shrfnt77 / AmsiBypass

  View on GitHub
  Bypassing Amsi using LdrLoadDll
  ☆47Jan 8, 2025Updated last year
• AustinWise / delay-load-mingw

  View on GitHub
  ☆16Dec 20, 2021Updated 4 years ago
• slemire / bof-adopt

  View on GitHub
  BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.
  ☆17Jul 22, 2022Updated 3 years ago