patrickmatula/Windows-Internals-Learning-Resources external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

patrickmatula/Windows-Internals-Learning-Resources

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/patrickmatula/Windows-Internals-Learning-Resources)

Close

patrickmatula / Windows-Internals-Learning-ResourcesView on GitHubMore

• External links
• Readme badge

☆116Feb 3, 2026Updated last month

Alternatives and similar repositories for Windows-Internals-Learning-Resources

Users that are interested in Windows-Internals-Learning-Resources are comparing it to the libraries listed below

• airbus-cert / ttd2mdmp

  View on GitHub
  Extract data of TTD trace file to a minidump
  ☆31Jul 31, 2023Updated 2 years ago
• Zhuagenborn / Windows-x86-Debugger

  View on GitHub
  🐞 A simple Windows x86 debugging framework written in C++20 that supports software breakpoints and hardware breakpoints. It can be used …
  ☆13Mar 30, 2025Updated 11 months ago
• malsearchs / Static-Reverse-Engineering-SRE

  View on GitHub
  SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool
  ☆57Dec 29, 2024Updated last year
• behnamshamshirsaz / CrackMaster

  View on GitHub
  x86/x64 Ring 0/-2 System Freezer/Debugger
  ☆120May 21, 2025Updated 9 months ago
• AnastasiKro / ALPChecker

  View on GitHub
  ALPChecker - a tool to detect spoofing and blinding attacks on the ALPC interaction
  ☆13Feb 13, 2023Updated 3 years ago
• enkomio / thematrix

  View on GitHub
  a PE Loader and Windows API tracer. Useful in malware analysis.
  ☆143Sep 19, 2022Updated 3 years ago
• ADPunisher / OwnershipStealer

  View on GitHub
  ☆27May 1, 2023Updated 2 years ago
• synacktiv / DLHell

  View on GitHub
  Local & remote Windows DLL Proxying
  ☆169Jun 17, 2024Updated last year
• DebugPrivilege / InsightEngineering

  View on GitHub
  Hardcore Debugging
  ☆933Jan 6, 2026Updated last month
• itaymigdal / LOLSpoof

  View on GitHub
  An interactive shell to spoof some LOLBins command line
  ☆188Jan 27, 2024Updated 2 years ago
• ron-imperva / CVE-2023-22524

  View on GitHub
  Atlassian Companion RCE Vulnerability Proof of Concept
  ☆25Dec 15, 2023Updated 2 years ago
• ElliotKillick / operating-system-design-review

  View on GitHub
  Operating System Design Review: A systematic analysis of modern systems architecture
  ☆338Jan 11, 2026Updated last month
• hugsy / recon_2024_windbg_workshop

  View on GitHub
  ☆74Jul 2, 2024Updated last year
• Tomiwa-Ot / py-amsi

  View on GitHub
  Scan strings or files for malware using the Windows Antimalware Scan Interface
  ☆30Mar 24, 2023Updated 2 years ago
• 0vercl0k / snapshot

  View on GitHub
  WinDbg extension written in Rust to dump the CPU / memory state of a running VM
  ☆130Feb 1, 2026Updated last month
• daem0nc0re / VectorKernel

  View on GitHub
  PoCs for Kernelmode rootkit techniques research.
  ☆432Nov 4, 2025Updated 4 months ago
• YoavLevi / IAT-Tracer

  View on GitHub
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆125Jul 12, 2024Updated last year
• e1abrador / Burp-headerSnipper

  View on GitHub
  Burp extension used to snip any header from all the requests.
  ☆23Nov 12, 2023Updated 2 years ago
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆232Feb 12, 2025Updated last year
• reveng007 / Learning-EDR-and-EDR_Evasion

  View on GitHub
  I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning …
  ☆287Aug 1, 2025Updated 7 months ago
• stevietrouble / haxrs

  View on GitHub
  Cheat Engine alternative written in Rust
  ☆12Nov 15, 2022Updated 3 years ago
• adhikara13 / CVE-2024-3273

  View on GitHub
  Exploit for CVE-2024-3273, supports single and multiple hosts
  ☆13Apr 7, 2024Updated last year
• soheilsec / RT-workshop-2024

  View on GitHub
  فایل ها و فیلم های ورکشاپ ردتیم 2024 با هانت لرن
  ☆32Sep 15, 2024Updated last year
• ergrelet / windiff

  View on GitHub
  Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the …
  ☆355Feb 26, 2026Updated last week
• mandiant / STrace

  View on GitHub
  A DTrace on Windows Reimplementation
  ☆372Feb 3, 2026Updated last month
• therealdreg / ida_vmware_windows_gdb

  View on GitHub
  Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)
  ☆68Aug 11, 2023Updated 2 years ago
• hugsy / modern-cpp-windows-driver-template

  View on GitHub
  Windows driver template, using C++20 & cmake & GithubActions
  ☆25Aug 9, 2024Updated last year
• cpu0x00 / EternelSuspention

  View on GitHub
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆39Jul 12, 2024Updated last year
• ACE-Responder / rpcfirewall-extended-telemetry

  View on GitHub
  ☆15May 3, 2024Updated last year
• SadProcessor / EzETW

  View on GitHub
  Cmdlets for capturing Windows Events
  ☆14Mar 11, 2022Updated 3 years ago
• jonny-jhnson / ETWInspector

  View on GitHub
  ☆181Apr 24, 2025Updated 10 months ago
• 7etsuo / windows-api-function-cheatsheets

  View on GitHub
  A reference of Windows API function calls, including functions for file operations, process management, memory management, thread managem…
  ☆1,442Oct 4, 2024Updated last year
• georgesotiriadis / MalwareDev

  View on GitHub
  ☆84Aug 18, 2022Updated 3 years ago
• florianib / rusty_drivers

  View on GitHub
  BYOVD collection
  ☆24Mar 20, 2024Updated last year
• hackerhouse-opensource / WMIProcessWatcher

  View on GitHub
  A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
  ☆138Feb 2, 2026Updated last month
• nickvourd / Windows-Local-Privilege-Escalation-Cookbook

  View on GitHub
  Windows Local Privilege Escalation Cookbook
  ☆1,281Feb 5, 2026Updated last month
• Bw3ll / sharem

  View on GitHub
  SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…
  ☆479Jun 25, 2025Updated 8 months ago
• thefLink / Hunt-Weird-ImageLoads

  View on GitHub
  Small tool to play with IOCs caused by Imageload events
  ☆44May 14, 2023Updated 2 years ago
• zeze-zeze / NamedPipeMaster

  View on GitHub
  a tool used to analyze and monitor in named pipes
  ☆194Oct 27, 2024Updated last year