snowkoan

followers

following

stars

Stairwell

Ottawa, Canada

https://needleinathreadstack.wordpress.com/

Alnoor's starred repositories

readdirectorychanges

Sample code that goes with "Understanding ReadDirectoryChangesW"

Language:C++MIT11200

wtrace

Command line tracing tool for Windows, based on ETW.

Language:C#MIT66800

icomake

Combine multiple ICO/PNGs into single .ICO file, retaining format of each sub-image, optimizing the order.

Language:C++2800

Kdrill

Python tool to check rootkits in Windows kernel

Language:PythonBSD-3-Clause16200

ETViewer

An alternative to Windows TraceView util

Language:C++GPL-2.01900

ImHex

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Language:C++GPL-2.04442100

sysinternals-source

Language:HTML18200

Koppeling

Adaptive DLL hijacking / dynamic export forwarding

Language:C++GPL-3.072500

x509-cert-testcorpus

X.509 certificate test corpus that was scraped from public TLS servers

Language:PythonCC0-1.0100

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

Language:CMIT966400

auxlib

Full reversing of the Microsoft Auxiliary Windows API Library and ported to C

Language:CMIT2300

ghidra-scripts

A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.

Language:JavaMIT22500

ETW-Almulahaza

ETW-Almulahaza is a consumer python-based tool that help you monitor ETW events of the operating system

Language:PythonApache-2.01200

malware_training_vol1

Materials for Windows Malware Analysis training (volume 1)

Language:Assembly193000

awesome-executable-packing

A curated list of awesome resources related to executable packing

CC0-1.0118000

Backstab

A tool to kill antimalware protected processes

Language:C137400

UmdhGui

Graphical user interface for the UMDH tool

Language:C#MIT800

PoolmonViz

Powershell script to view kernel memory pool information

Language:Python200

WinObjEx64

Windows Object Explorer 64-bit

Language:CBSD-2-Clause163500

AutoHCK

AutoHCK is a tool for automating HCK/HLK testing, doing all the boilerplate steps in the process leaving you with simply choosing which driver you want to test on what os.

Language:RubyBSD-2-Clause2600

yara

The pattern matching swiss knife

Language:CBSD-3-Clause821200

yarGen

yarGen is a generator for YARA rules

Language:PythonNOASSERTION154500

windowskernelprogrammingbook

The Windows Kernel Programming book samples

Language:C++MIT59700

pe-afl

Language:Python23700

docs

documentations, slides decks...

Language:TeX77500

sysmon-modular

A repository of sysmon configuration modules

Language:PowerShellMIT264000

Windows-Containers

Welcome to our Windows Containers GitHub community! Ask questions, report bugs, and suggest features -- let's work together.

Language:PowerShellMIT41600

dotnet-computevirtualization

Sample class library for interfacing with Windows host compute service.

Language:C#MIT13300

lsobj

Lists all visible objects in the Windows kernel object namespace, a command-line WinObj

Language:C1100

ApplicationInspector

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Language:C#MIT423100