ernw / Windows-Insight
The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.
☆150Updated 4 years ago
Alternatives and similar repositories for Windows-Insight:
Users that are interested in Windows-Insight are comparing it to the libraries listed below
- Documentation and supporting script sample for Windows Exploit Guard☆148Updated 3 years ago
- ☆68Updated 2 years ago
- Driver Initial Reconnaissance Tool☆121Updated 5 years ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Updated 8 years ago
- FLARE Kernel Shellcode Loader☆176Updated 5 years ago
- Hyper-V Research is trendy now☆176Updated 8 months ago
- ☆231Updated 7 years ago
- ☆107Updated 4 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆107Updated 3 years ago
- A repository of some of my Windows 10 Device Guard Bypasses☆133Updated 7 years ago
- ☆213Updated 6 years ago
- Tool to view and create Microsoft shim database files (SDB).☆112Updated 7 years ago
- Parsers for custom malware formats ("Funky malware formats")☆92Updated 3 years ago
- A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service), allowing arbitrary program execution as th…☆98Updated 5 years ago
- Scripts for disassembling VBScript p-code in the memory to aid in exploits analysis☆84Updated 2 years ago
- Windows Drivers☆97Updated 5 years ago
- ☆66Updated last year
- ☆134Updated 5 years ago
- Smart DLL execution for malware analysis in sandbox systems☆141Updated 9 years ago
- The history of Windows Internals via symbols.☆177Updated 3 years ago
- Another Repo of Malware. Enjoy. <3☆60Updated 5 years ago
- A command tree based on commands and extensions for Windows Kernel Debugging.☆106Updated 4 years ago
- This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…☆269Updated 4 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Updated 4 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆30Updated 4 years ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆114Updated 7 years ago
- Advanced Portable Executable File Analyzer And Disassembler 32 & 64 Bit☆99Updated 5 years ago