Windows
Explore 113 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Venn creates secure enclaves on unmanaged BYOD devices using Blue Border™ technology to visually separate and encrypt work applications and data from personal use.
Venn creates secure enclaves on unmanaged BYOD devices using Blue Border™ technology to visually separate and encrypt work applications and data from personal use.
An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.
An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.
A comprehensive guide on utilizing advanced SSH tunneling techniques for network penetration testing and red team engagements, with a focus on Windows environments and firewall bypass methods.
A comprehensive guide on utilizing advanced SSH tunneling techniques for network penetration testing and red team engagements, with a focus on Windows environments and firewall bypass methods.
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
A next-generation file integrity monitoring and change detection system
A next-generation file integrity monitoring and change detection system
A collection of YARA rules for Windows, Linux, and Other threats.
A modern tool for Windows kernel exploration and observability with a focus on security.
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
A tool that collects and displays user activity and system events on a Windows system.
A tool that collects and displays user activity and system events on a Windows system.
A laser tripwire device that automatically hides windows, locks computers, or executes custom scripts when motion is detected within 120cm range.
A laser tripwire device that automatically hides windows, locks computers, or executes custom scripts when motion is detected within 120cm range.
A Windows security hardening tool that disables potentially dangerous features in Windows 10/11 and common applications to reduce attack surface for individual users.
A Windows security hardening tool that disables potentially dangerous features in Windows 10/11 and common applications to reduce attack surface for individual users.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
SharpAppLocker is a C# tool that retrieves AppLocker application control policies from Windows systems, replicating the Get-AppLockerPolicy PowerShell cmdlet functionality.
SharpAppLocker is a C# tool that retrieves AppLocker application control policies from Windows systems, replicating the Get-AppLockerPolicy PowerShell cmdlet functionality.
A repository to aid Windows threat hunters in looking for common artifacts.
A repository to aid Windows threat hunters in looking for common artifacts.
A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.
A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.
Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.
Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.
A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.
A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.
Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
Microsoft BitLocker is a Windows-integrated full volume encryption solution that protects data on devices through disk-level encryption with enterprise deployment and management capabilities.
Microsoft BitLocker is a Windows-integrated full volume encryption solution that protects data on devices through disk-level encryption with enterprise deployment and management capabilities.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.
Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
A list of Windows privilege escalation techniques, categorized and explained in detail.
A list of Windows privilege escalation techniques, categorized and explained in detail.
A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.
A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.
A collection of precompiled Windows exploits for privilege escalation.
A collection of precompiled Windows exploits for privilege escalation.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.
Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
Automated collection tool for incident response triage in Windows systems.
Automated collection tool for incident response triage in Windows systems.
Explores malware interaction with Windows API and methods for detection and prevention.
Explores malware interaction with Windows API and methods for detection and prevention.
CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.
CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A 32-bit assembler level analyzing debugger for Microsoft Windows.
A 32-bit assembler level analyzing debugger for Microsoft Windows.
Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.
Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.
A cross-platform security application that functions as a laptop kill cord, automatically locking or shutting down your computer when physically separated from you via a USB connection.
A cross-platform security application that functions as a laptop kill cord, automatically locking or shutting down your computer when physically separated from you via a USB connection.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.
A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.
A library to access and parse Windows Shortcut File (LNK) format.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
minikube is a local Kubernetes cluster management tool that enables developers to run and test Kubernetes applications on their local machines across multiple operating systems.
minikube is a local Kubernetes cluster management tool that enables developers to run and test Kubernetes applications on their local machines across multiple operating systems.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.
A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
A powerful tool for extracting passwords and performing various Windows security operations.
A powerful tool for extracting passwords and performing various Windows security operations.
A comprehensive utility that shows what programs are configured to run during system bootup or login, and when you start various built-in Windows applications.
A comprehensive utility that shows what programs are configured to run during system bootup or login, and when you start various built-in Windows applications.
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
Compares target's patch levels against Microsoft vulnerability database and detects missing patches.
Compares target's patch levels against Microsoft vulnerability database and detects missing patches.
A browser with XSS detection capabilities
Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.
Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.
A repository providing guidance on collecting security-relevant Windows event logs using Windows Event Forwarding (WEF).
A repository providing guidance on collecting security-relevant Windows event logs using Windows Event Forwarding (WEF).
An automated script that configures Active Directory domains using customizable XML configuration files.
An automated script that configures Active Directory domains using customizable XML configuration files.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Windows event log fast forensics timeline generator and threat hunting tool.
Windows event log fast forensics timeline generator and threat hunting tool.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
Enhances Windows OS security through system modifications and settings adjustments.
Enhances Windows OS security through system modifications and settings adjustments.
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
A discontinued project for Windows system administration that has been archived due to the author's dissatisfaction with the Windows operating system.
A discontinued project for Windows system administration that has been archived due to the author's dissatisfaction with the Windows operating system.
A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.
A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.
A script that validates Group Policy Object audit settings required for proper Microsoft Defender for Endpoint functionality.
A script that validates Group Policy Object audit settings required for proper Microsoft Defender for Endpoint functionality.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
Tool for analyzing Windows Recycle Bin INFO2 file
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
A Sysmon configuration file template with detailed explanations and tutorial-like features.
A Sysmon configuration file template with detailed explanations and tutorial-like features.
A comprehensive cheat sheet for accessing Windows systems from Linux hosts using smbclient and rpcclient tools, covering password management, user and group enumeration, and more.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
APT Simulator is a tool for simulating a compromised system on Windows.
APT Simulator is a tool for simulating a compromised system on Windows.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
A repository containing scripts and configuration files to help administrators implement Microsoft AppLocker for application whitelisting based on NSA security guidelines.
A repository containing scripts and configuration files to help administrators implement Microsoft AppLocker for application whitelisting based on NSA security guidelines.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
A library for working with Windows NT data types, providing access and manipulation functions.
A library for working with Windows NT data types, providing access and manipulation functions.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.
A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
AI-powered assistance feature in Windows for enhanced productivity.
AI-powered assistance feature in Windows for enhanced productivity.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
