ernw / Windows-InsightLinks
The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.
☆149Updated 5 years ago
Alternatives and similar repositories for Windows-Insight
Users that are interested in Windows-Insight are comparing it to the libraries listed below
Sorting:
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Updated 9 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆161Updated 2 months ago
- Driver Initial Reconnaissance Tool☆124Updated 5 years ago
- DotNext 2019 St. Petersburg Talk Demos☆39Updated 6 years ago
- ☆68Updated 3 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- FLARE Kernel Shellcode Loader☆178Updated 6 years ago
- Tool to view and create Microsoft shim database files (SDB).☆118Updated 8 years ago
- Parsers for custom malware formats ("Funky malware formats")☆98Updated 3 years ago
- All TMF files that I extracted from Microsoft PDBs.☆13Updated 6 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆32Updated 5 years ago
- ☆219Updated 7 years ago
- Ruxcon2016 POC Code☆141Updated 9 years ago
- Trace ScriptBlock execution for powershell v2☆41Updated 5 years ago
- Reflective Polymorphism☆108Updated 7 years ago
- PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.☆152Updated 6 years ago
- A C/C++ implementation of Microsoft's Antimalware Scan Interface☆182Updated 7 years ago
- Just a normal flask web app to understand win32api with code snippets and references.☆75Updated 5 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆142Updated 3 years ago
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆264Updated 3 years ago
- Enumerate Windows Defender threat families and dump their names according category☆93Updated 6 years ago
- Another Repo of Malware. Enjoy. <3☆59Updated 6 years ago
- Scripts for disassembling VBScript p-code in the memory to aid in exploits analysis☆86Updated 3 years ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆162Updated 11 months ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆51Updated 6 years ago
- WNF Utilities 4 Newbies (WNFUN)☆97Updated 6 years ago
- ☆124Updated 5 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆78Updated 11 years ago
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆42Updated 6 years ago
- Capa analysis importer for Ghidra.☆63Updated 5 years ago