A local tool for ingesting Windows Patch Tuesday CVEs, diffing patched binaries with Ghidriff and surfacing LLM-generated security analysis through a browser UI
☆55May 19, 2026Updated last month
Alternatives and similar repositories for patchwatch
Users that are interested in patchwatch are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Autonomous Windows POC developer from patchwatch diff reports☆66May 13, 2026Updated 2 months ago
- ☆199Nov 21, 2024Updated last year
- System Call Integrity Layer - experimental security research☆28Apr 14, 2026Updated 3 months ago
- A tool designed to hook into Windows applications and output named (and anonymous?) pipe traffic.☆17Feb 27, 2024Updated 2 years ago
- Windows KASLR bypass using prefetch side-channel☆205Apr 26, 2024Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- The PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver☆49Mar 13, 2026Updated 4 months ago
- Toolset to manipulate RPC clients by finding delayed services and masquerading as them☆114Apr 28, 2026Updated 2 months ago
- Some stuff for PHD2021☆14May 21, 2025Updated last year
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.☆46Jun 18, 2026Updated 3 weeks ago
- CVE-2024-40711-exp☆43Oct 17, 2024Updated last year
- DCOM in memory and fileless lateral movement techniques through .Net deserilization☆272Jun 22, 2026Updated 3 weeks ago
- a tool used to analyze and monitor in named pipes☆199Oct 27, 2024Updated last year
- ☆40Jun 10, 2023Updated 3 years ago
- Windows security research toolkit for LPE, persistence, COM hijacking, and attack surface enumeration.☆204Jun 13, 2026Updated last month
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- Havoc BOF implementation of BYOVD attack to terminate PPL-protected EDR processes using a signed Microsoft kernel driver.☆39Apr 6, 2026Updated 3 months ago
- CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution☆32Jan 13, 2026Updated 6 months ago
- nuke that event log using some epic dinvoke fu☆115May 12, 2021Updated 5 years ago
- Codex-first fork of Anthropic's defending-code-reference-harness for vulnerability discovery and patch validation☆75Jun 6, 2026Updated last month
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated 5 months ago
- WinDbg x64 extension that disassembles live functions and uses an LLM to produce verified pseudocode.☆111Jun 22, 2026Updated 3 weeks ago
- Beacon Object File to Enable Chrome DevTools Protocol (CDP)☆116Jul 1, 2026Updated last week
- Set of PoC to abuse Windows minifilters functionality☆93May 1, 2026Updated 2 months ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Reversed cassandra source code for educational purposes☆28Jul 3, 2026Updated last week
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆97Apr 9, 2026Updated 3 months ago
- Cortex C2 is a Open source Linux C2 inspired by the void link C2 framework☆43May 29, 2026Updated last month
- Bypass WiFi client isolation on Open and WPA2-PSK networks☆44Oct 14, 2025Updated 9 months ago
- Memory protection and randomization tests (not limited to PaX enabled kernels)☆13Mar 5, 2024Updated 2 years ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆20Apr 24, 2023Updated 3 years ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆76Feb 9, 2024Updated 2 years ago
- Stack spoofing Detection for CET processes by comparing shadow and user stacks.☆36May 22, 2026Updated last month
- Windows memory scanner for call stack spoofing detection, unbacked shellcode, injected DLLs and in-memory C2 implants.☆37May 22, 2026Updated last month
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆209May 10, 2026Updated 2 months ago
- An MCP (Model Context Protocol) server that turns all pybag Windows debugger functions into native MCP tools. It lets MCP-compatible clie…☆85May 3, 2026Updated 2 months ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆80Sep 8, 2025Updated 10 months ago
- Collection of slides☆32Aug 20, 2025Updated 10 months ago
- Command and Control Framework using powershell implants☆36Jun 17, 2025Updated last year
- time-based user enum via Basic Auth in Azure against Autodiscover☆35Oct 3, 2024Updated last year
- Tool that gathers a customizable set of ETW telemetry and generates user-defined detections☆54Jan 28, 2026Updated 5 months ago