Windows

Venn creates secure enclaves on unmanaged BYOD devices using Blue Border™ technology to visually separate and encrypt work applications and data from personal use.

An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.

A comprehensive guide on utilizing advanced SSH tunneling techniques for network penetration testing and red team engagements, with a focus on Windows environments and firewall bypass methods.

A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.

A next-generation file integrity monitoring and change detection system

A collection of YARA rules for Windows, Linux, and Other threats.

A modern tool for Windows kernel exploration and observability with a focus on security.

A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.

RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.

A tool that collects and displays user activity and system events on a Windows system.

A laser tripwire device that automatically hides windows, locks computers, or executes custom scripts when motion is detected within 120cm range.

A Windows security hardening tool that disables potentially dangerous features in Windows 10/11 and common applications to reduce attack surface for individual users.

A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.

Drltrace is a dynamic API calls tracer for Windows and Linux applications.

SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.

SharpAppLocker is a C# tool that retrieves AppLocker application control policies from Windows systems, replicating the Get-AppLockerPolicy PowerShell cmdlet functionality.

A repository to aid Windows threat hunters in looking for common artifacts.

A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.

Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.

A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.

A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.

Open source application for retrieving passwords stored on a local computer with support for various software and platforms.

PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.

Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.