Security Operations for Windows
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management. Task: Windows
Browse 77 security tools
FEATURED
USE CASES
FIM and config change monitoring tool with baseline deviation detection.
Windows-based email forensics tool for evidence recovery and analysis.
Plugin that decompiles malware PE files into readable C code using hybrid analysis.
Password recovery tool for encrypted ZIP, 7Zip, and RAR archives.
Decrypts EFS-protected files on NTFS volumes across Windows versions.
Password recovery tool for MS Office, WordPerfect, Lotus & other office docs.
Recovers/removes passwords and restrictions from encrypted PDF files.
Remote access and IT support tool for workstation management and diagnostics
Searchable repository of Sigma detection rules for threat hunting and SIEM
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
A modern tool for Windows kernel exploration and observability with a focus on security.