Windows

A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.

Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.

A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.

A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.

Open source application for retrieving passwords stored on a local computer with support for various software and platforms.

PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.

Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.

A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.

Microsoft BitLocker is a Windows-integrated full volume encryption solution that protects data on devices through disk-level encryption with enterprise deployment and management capabilities.

DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.

Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.

Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.

A list of Windows privilege escalation techniques, categorized and explained in detail.

A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.

A collection of precompiled Windows exploits for privilege escalation.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

Tool for deleting logs on Linux/Windows servers.

A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.

Automated collection tool for incident response triage in Windows systems.

Explores malware interaction with Windows API and methods for detection and prevention.

CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.

A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.