ernw / Windows-Insight
The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.
☆151Updated 4 years ago
Alternatives and similar repositories for Windows-Insight:
Users that are interested in Windows-Insight are comparing it to the libraries listed below
- Documentation and supporting script sample for Windows Exploit Guard☆148Updated 3 years ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Updated 8 years ago
- Driver Initial Reconnaissance Tool☆121Updated 5 years ago
- ☆67Updated 2 years ago
- ☆107Updated 4 years ago
- ☆231Updated 7 years ago
- FLARE Kernel Shellcode Loader☆175Updated 5 years ago
- PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.☆148Updated 5 years ago
- ☆213Updated 6 years ago
- A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service), allowing arbitrary program execution as th…☆98Updated 5 years ago
- Named pipe I/O ETW provider for Windows☆69Updated 4 years ago
- Ruxcon2016 POC Code☆137Updated 8 years ago
- Hyper-V Research is trendy now☆177Updated 9 months ago
- Parsers for custom malware formats ("Funky malware formats")☆93Updated 3 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆286Updated 9 months ago
- WNF Utilities 4 Newbies (WNFUN)☆93Updated 6 years ago
- Another Repo of Malware. Enjoy. <3☆60Updated 5 years ago
- A repository of some of my Windows 10 Device Guard Bypasses☆134Updated 7 years ago
- Just a normal flask web app to understand win32api with code snippets and references.☆72Updated 5 years ago
- Scripts for disassembling VBScript p-code in the memory to aid in exploits analysis☆84Updated 2 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆108Updated 4 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆119Updated 4 years ago
- Tools for instrumenting Windows Defender's mpengine.dll☆292Updated 6 years ago
- Windows Drivers☆97Updated 5 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Updated 4 years ago
- ☆67Updated last year
- Toy scripts for playing with WinDbg JS API☆224Updated 7 months ago
- A command tree based on commands and extensions for Windows Kernel Debugging.☆107Updated 4 years ago
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆261Updated 3 years ago
- Windows NT ioctl bruteforcer and modular fuzzer☆121Updated 6 years ago