SecTheBit/Windows-Internals external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

SecTheBit/Windows-Internals

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SecTheBit/Windows-Internals)

Close

SecTheBit / Windows-InternalsView on GitHubMore

• External links
• Readme badge

Learnings about windows Internals

☆99Nov 10, 2023Updated 2 years ago

Alternatives and similar repositories for Windows-Internals

Users that are interested in Windows-Internals are comparing it to the libraries listed below

• AlSch092 / ModifyExports

  View on GitHub
  Research of modifying exported function names at runtime (C/C++, Windows)
  ☆18May 28, 2024Updated last year
• Flawww / NtSyscaller

  View on GitHub
  Manually perform syscalls without going through any external API or DLL.
  ☆19Apr 19, 2023Updated 2 years ago
• testanull / SharePoint-not-so-0day

  View on GitHub
  ☆16Mar 26, 2024Updated last year
• Esonhugh / sliver-stage-helper

  View on GitHub
  Let sliver use msf payload!
  ☆25Mar 23, 2025Updated 11 months ago
• connormcgarr / EATGuard

  View on GitHub
  Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)
  ☆115May 21, 2023Updated 2 years ago
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV

  View on GitHub
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆289May 27, 2024Updated last year
• JetP1ane / Artemis

  View on GitHub
  Artemis - C++ Hell's Gate Syscall Implementation
  ☆34Aug 16, 2023Updated 2 years ago
• Cisco-Talos / clamav-fuzz-corpus

  View on GitHub
  Seed Corpus for clamav-devel oss-fuzz integration.
  ☆34Jul 30, 2019Updated 6 years ago
• vportal / HEVD

  View on GitHub
  HackSysExtremeVulnerableDriver exploits for latest Windows 10 version
  ☆26Jan 13, 2026Updated last month
• fortra / hw-call-stack

  View on GitHub
  Use hardware breakpoints to spoof the call stack for both syscalls and API calls
  ☆202Jun 6, 2024Updated last year
• bharadwajyas / ppdump-public

  View on GitHub
  Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…
  ☆25Mar 26, 2020Updated 5 years ago
• AdamOron / PatchGuardBypass

  View on GitHub
  Bypassing PatchGuard on modern x64 systems
  ☆265Apr 9, 2023Updated 2 years ago
• XaFF-XaFF / Black-Angel-Rootkit

  View on GitHub
  Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  ☆674Nov 9, 2023Updated 2 years ago
• slemire / bof-adopt

  View on GitHub
  BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.
  ☆17Jul 22, 2022Updated 3 years ago
• pard0p / CallstackSpoofingPOC

  View on GitHub
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆427Feb 11, 2024Updated 2 years ago
• SaadAhla / BlockOpenHandle

  View on GitHub
  Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…
  ☆173Apr 27, 2023Updated 2 years ago
• maliciousgroup / RDI-SRDI

  View on GitHub
  This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".
  ☆87Apr 11, 2023Updated 2 years ago
• Cracked5pider / LdrLibraryEx

  View on GitHub
  A small x64 library to load dll's into memory.
  ☆457Nov 6, 2023Updated 2 years ago
• RomanRybachek / CVE-2024-20698

  View on GitHub
  Analysis of the vulnerability
  ☆50Jan 23, 2024Updated 2 years ago
• zeroperil / HookDump

  View on GitHub
  Security product hook detection
  ☆327Mar 30, 2021Updated 4 years ago
• connormcgarr / SkBridge

  View on GitHub
  Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1
  ☆76Sep 8, 2025Updated 5 months ago
• Flawww / ObfuscatedJumpGenerator

  View on GitHub
  Dynamically generated obfuscated jumps and/or function calls
  ☆38Apr 19, 2023Updated 2 years ago
• lem0nSec / KBlast

  View on GitHub
  Basic interactive Windows kernel offensive toolkit written in C
  ☆137Sep 20, 2025Updated 5 months ago
• susMdT / fictional-invention

  View on GitHub
  idk man this was the default github name
  ☆35Apr 23, 2023Updated 2 years ago
• NeoMaster831 / rwDriver

  View on GitHub
  Executes Read/Write process memory with `NtQueryCompositionSurfaceStatistics`
  ☆23Feb 10, 2024Updated 2 years ago
• matthieu-hackwitharts / Win32_Offensive_Cheatsheet

  View on GitHub
  Win32 and Kernel abusing techniques for pentesters
  ☆975Sep 3, 2023Updated 2 years ago
• interruptlabs / conferences

  View on GitHub
  ☆38May 31, 2024Updated last year
• Sh0ckFR / API-Hashing

  View on GitHub
  A basic exemple of the API-Hashing method used by Red Teamers but also by malwares developers in C++
  ☆37Jan 10, 2024Updated 2 years ago
• PaddyCahil / windows-api-function-cheatsheets

  View on GitHub
  A reference of Windows API function calls, including functions for file operations, process management, memory management, thread managem…
  ☆120Nov 22, 2023Updated 2 years ago
• Helixo32 / CrimsonEDR

  View on GitHub
  Simulate the behavior of AV/EDR for malware development training.
  ☆561Feb 15, 2024Updated 2 years ago
• MalwareApiLib / MalwareApiLibrary

  View on GitHub
  collection of apis used in malware development
  ☆229Aug 2, 2022Updated 3 years ago
• senzee1984 / MutationGate

  View on GitHub
  Use hardware breakpoint to dynamically change SSN in run-time
  ☆279Apr 10, 2024Updated last year
• Rvn0xsy / Havoc-Agent-Handler

  View on GitHub
  This is a third party agent for Havoc C2 written in golang.
  ☆59Jan 16, 2024Updated 2 years ago
• MythicC2Profiles / websocket

  View on GitHub
  Websocket communications with Push and Poll messages
  ☆20Oct 26, 2025Updated 4 months ago
• D3DXVECTOR2 / NtUserUpdateWindowTrackingInfo

  View on GitHub
  ☆16Jun 20, 2022Updated 3 years ago
• mansk1es / CVE-2024-21111

  View on GitHub
  Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability
  ☆216May 9, 2024Updated last year
• zeze-zeze / NamedPipeMaster

  View on GitHub
  a tool used to analyze and monitor in named pipes
  ☆194Oct 27, 2024Updated last year
• uf0o / windows-ps-callbacks-experiments

  View on GitHub
  Files for http://blog.deniable.org/posts/windows-callbacks/
  ☆77Feb 26, 2022Updated 4 years ago
• synacktiv / Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion

  View on GitHub
  PoC exploiting Aligned Chunk Confusion on Windows kernel Segment Heap
  ☆215Jul 2, 2020Updated 5 years ago