Windows

Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.

A cross-platform security application that functions as a laptop kill cord, automatically locking or shutting down your computer when physically separated from you via a USB connection.

A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.

A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.

A library to access and parse Windows Shortcut File (LNK) format.

Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.

A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.

A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.

minikube is a local Kubernetes cluster management tool that enables developers to run and test Kubernetes applications on their local machines across multiple operating systems.

FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.

BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.

A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.

A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.

KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.

A powerful tool for extracting passwords and performing various Windows security operations.

A comprehensive utility that shows what programs are configured to run during system bootup or login, and when you start various built-in Windows applications.

PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.

CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.

Compares target's patch levels against Microsoft vulnerability database and detects missing patches.

A browser with XSS detection capabilities

Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.

A repository providing guidance on collecting security-relevant Windows event logs using Windows Event Forwarding (WEF).

An automated script that configures Active Directory domains using customizable XML configuration files.