Windows
Browse 248 windows tools
FEATURED
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
Automated collection tool for incident response triage in Windows systems.
Explores malware interaction with Windows API and methods for detection and prevention.
CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A 32-bit assembler level analyzing debugger for Microsoft Windows.
Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.
A cross-platform security application that functions as a laptop kill cord, automatically locking or shutting down your computer when physically separated from you via a USB connection.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
minikube is a local Kubernetes cluster management tool that enables developers to run and test Kubernetes applications on their local machines across multiple operating systems.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
