Windows
Browse 119 windows tools
FEATURED
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
A Sysmon configuration file template with detailed explanations and tutorial-like features.
A Sysmon configuration file template with detailed explanations and tutorial-like features.
A comprehensive cheat sheet for accessing Windows systems from Linux hosts using smbclient and rpcclient tools, covering password management, user and group enumeration, and more.
A comprehensive cheat sheet for accessing Windows systems from Linux hosts using smbclient and rpcclient tools, covering password management, user and group enumeration, and more.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
APT Simulator is a tool for simulating a compromised system on Windows.
APT Simulator is a tool for simulating a compromised system on Windows.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
A repository containing scripts and configuration files to help administrators implement Microsoft AppLocker for application whitelisting based on NSA security guidelines.
A repository containing scripts and configuration files to help administrators implement Microsoft AppLocker for application whitelisting based on NSA security guidelines.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
A library for working with Windows NT data types, providing access and manipulation functions.
A library for working with Windows NT data types, providing access and manipulation functions.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.
A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.
Recorded talks from Hack.lu 2018 covering various cybersecurity topics.
libevt is a library to access and parse Windows Event Log (EVT) files.
libevt is a library to access and parse Windows Event Log (EVT) files.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
AI-powered assistance feature in Windows for enhanced productivity.
AI-powered assistance feature in Windows for enhanced productivity.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
