Security Operations for Windows

Searchable repository of Sigma detection rules for threat hunting and SIEM

A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.

A next-generation file integrity monitoring and change detection system

A collection of YARA rules for Windows, Linux, and Other threats.

A modern tool for Windows kernel exploration and observability with a focus on security.

A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.

RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.

A tool that collects and displays user activity and system events on a Windows system.

A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.

Drltrace is a dynamic API calls tracer for Windows and Linux applications.

SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.

SharpAppLocker is a C# tool that retrieves AppLocker application control policies from Windows systems, replicating the Get-AppLockerPolicy PowerShell cmdlet functionality.

A repository to aid Windows threat hunters in looking for common artifacts.

A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.

Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.

A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.

A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.

Open source application for retrieving passwords stored on a local computer with support for various software and platforms.

PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.

A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.

DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.

Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.

A list of Windows privilege escalation techniques, categorized and explained in detail.

A collection of precompiled Windows exploits for privilege escalation.