patrickmatula / Windows-Internals-Learning-ResourcesLinks
☆103Updated 8 months ago
Alternatives and similar repositories for Windows-Internals-Learning-Resources
Users that are interested in Windows-Internals-Learning-Resources are comparing it to the libraries listed below
Sorting:
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆117Updated last year
- ☆113Updated 3 weeks ago
- A CIA tradecraft technique to asynchronously detect when a process is created using WMI.☆135Updated last year
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- Analyse MSI files for vulnerabilities☆137Updated 11 months ago
- A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by…☆84Updated last year
- ☆107Updated 9 months ago
- Exploit targeting NT kernel in 24H2 Windows Insider Preview☆135Updated last year
- Recon 2023 slides and code☆79Updated 2 years ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆37Updated 5 months ago
- Work in progress experiments with reverse shells, AV bypass and extraction of secrets from memory in C☆39Updated 5 years ago
- ☆67Updated 6 months ago
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆66Updated 3 months ago
- ☆19Updated last month
- ☆37Updated 7 months ago
- Aplos an extremely simple fuzzer for Windows binaries.☆69Updated 5 months ago
- Python tool to check rootkits in Windows kernel☆198Updated 5 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆156Updated last year
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆41Updated 10 months ago
- A dynamic unpacking tool☆137Updated last year
- PowerShell PE Parser☆63Updated last year
- ☆171Updated 3 months ago
- IDA Python scripts☆41Updated 3 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- ☆105Updated last year
- A simple commandline application to automatically decrypt strings from Obfuscator protected binaries☆46Updated last year
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆50Updated last year
- Malware Analysis tools☆26Updated 10 months ago
- ☆118Updated last year
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆100Updated this week