Windows

PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.

Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.

A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.

Microsoft BitLocker is a Windows-integrated full volume encryption solution that protects data on devices through disk-level encryption with enterprise deployment and management capabilities.

DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.

Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.

Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.

A list of Windows privilege escalation techniques, categorized and explained in detail.

A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.

A collection of precompiled Windows exploits for privilege escalation.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

Tool for deleting logs on Linux/Windows servers.

A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.

Automated collection tool for incident response triage in Windows systems.

Explores malware interaction with Windows API and methods for detection and prevention.

CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.

A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.

Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.

A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.

A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.

A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.

A 32-bit assembler level analyzing debugger for Microsoft Windows.