The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.
☆150May 29, 2020Updated 5 years ago
Alternatives and similar repositories for Windows-Insight
Users that are interested in Windows-Insight are comparing it to the libraries listed below
Sorting:
- This repo contains code of JScript .NET which can be used as alternative to csc.exe to run potentially malicious code, which ships in all…☆13Nov 8, 2019Updated 6 years ago
- Will try to put here slides from now on when I give a talk☆24Oct 11, 2021Updated 4 years ago
- A repository of my presentations☆166Nov 16, 2023Updated 2 years ago
- Virtual Machine Introspection, Tracing & Debugging☆597Feb 22, 2022Updated 4 years ago
- Call arbitrary Windows kernel-mode functions from Python on another machine☆44Sep 17, 2021Updated 4 years ago
- 🔵 Ethereum and BNB (BSC) Mev bot - Arbitrage☆358Mar 4, 2026Updated 2 weeks ago
- Automatic function exporting and linking for fuzzing cross-architecture binaries.☆51Sep 9, 2018Updated 7 years ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Nov 15, 2016Updated 9 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆431May 22, 2020Updated 5 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆332Mar 26, 2024Updated last year
- Simple tool to use LsaManageSidNameMapping get LSA to add or remove SID to name mappings.☆26Oct 25, 2020Updated 5 years ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- Call 32bit NtDLL API directly from WoW64 Layer☆62Nov 18, 2020Updated 5 years ago
- Windbg extension that allows you analyze Control Flow Guard map☆38Oct 7, 2021Updated 4 years ago
- Control Flow Guard Teleportation demo☆23Jul 28, 2019Updated 6 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆38Oct 21, 2020Updated 5 years ago
- ReaCOM has got a lot of tools to use and is related to component object model☆74Feb 3, 2020Updated 6 years ago
- Dump of win32k POCs for bugs I've found☆380Mar 6, 2022Updated 4 years ago
- B-Sides CBR 2018 talk about group policy and Grouper☆38May 3, 2019Updated 6 years ago
- CVE-2019-0708 (BlueKeep)☆111Jul 7, 2020Updated 5 years ago
- A framework to track the evolution of Operating Systems over time☆66Oct 10, 2023Updated 2 years ago
- A hypervisor for fuzzing built with WHVP and Bochs☆380Feb 5, 2019Updated 7 years ago
- ☆135Dec 15, 2019Updated 6 years ago
- UAC Bypass with mmc via alpc☆158Apr 5, 2019Updated 6 years ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆51Apr 9, 2019Updated 6 years ago
- Demos and presentation from SECArmy Village Grayhat 2020☆37Mar 15, 2023Updated 3 years ago
- ☆11Jun 9, 2020Updated 5 years ago
- ☆30Dec 4, 2018Updated 7 years ago
- ☆43Aug 30, 2018Updated 7 years ago
- IDAPro scripts/plugins☆93Feb 26, 2019Updated 7 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆241Nov 6, 2019Updated 6 years ago
- sploit☆67Dec 21, 2019Updated 6 years ago
- ☆46Aug 21, 2019Updated 6 years ago
- scripts/plugins for IDA Pro☆178Jan 10, 2025Updated last year
- Public documents related to my talk "Bypass Windows Exploit Guard ASR" at Offensive Con 2019.☆94Feb 24, 2019Updated 7 years ago
- AppXSvc Arbitrary File Security Descriptor Overwrite EoP�☆20Sep 15, 2019Updated 6 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆169Sep 8, 2025Updated 6 months ago
- ASLR bypass in Chrome version 77☆24Oct 28, 2019Updated 6 years ago
- Research on Windows Kernel Executive Callback Objects☆316Feb 22, 2020Updated 6 years ago