windows-internals

There are 24 repositories under windows-internals topic.

• ctftool

  taviso / ctftool

  Interactive CTF Exploration Tool

  reverse-engineeringsecuritywindowswindows-internals
  Language:C 1660
• windows-api-function-cheatsheets

  7etsuo / windows-api-function-cheatsheets

  A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

  windowswindows-apicheatsheetsystems-programmingwindows-10windows-internalssyscallswin32-apiwindows-11malware-analysismalware-researchreverse-engineering
  1380

• daem0nc0re / TangledWinExec

  PoCs and tools for investigation of Windows process execution techniques

  red-teamreverse-engineeringwindbg-extensionwindowswindows-internals
  Language:C# 937
• dumpulator

  mrexodia / dumpulator

  An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

  pythonpython3malware-analysismalware-researchmalware-analyzerunicornminidumpemulatorx64easy-to-usesandboxcross-platformhacktoberfestmalwarereverse-engineeringwindowswindows-internalsdebugging-toolsunpacking
  Language:C 843
• DEFCON-31-Syscalls-Workshop

  VirtualAlllocEx / DEFCON-31-Syscalls-Workshop

  Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

  antivirus-bypassantivirus-evasiondirect-syscallsedr-bypassedr-evasionindirect-syscallsmalware-analysismalware-developmentmalware-development-guideshellcodeshellcode-loadersyscallswindows-internalsworkshop
  Language:C 719
• TokenUniverse

  diversenok / TokenUniverse

  An advanced tool for working with access tokens and Windows security policy.

  access-tokensdelphinative-apisecuritysecurity-toolswindowswindows-internals
  Language:Pascal 618

• AlSch092 / UltimateAntiCheat

  UltimateAnticheat is an open source usermode anti-cheat system made to detect and prevent common attack vectors in game cheating (C++, Windows)

  anti-cheatanti-debuggingwindows-internalsgame-hackinganticheatgame-securitygame-security-toolscode-integritycplusplusgame-cheatgame-cheating-prevention
  Language:C++ 541

• JustasMasiulis / nt_wrapper

  A wrapper library around native windows sytem APIs

  cpp17low-levelmalwaremodern-cppnative-apiobfuscationreverse-engineeringsyscallsystemwindows-internals
  Language:C++ 445

• ayoubfaouzi / windows-internals

  My notes while studying Windows internals

  driver-programmingvirtual-memoryirqldpcio-managerwindows-internals
  Language:C 440

• christophetd / spoofing-office-macro

  :fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.

  office-macroparent-process-spoofingwindows-securityprocess-injectionwindows-internals
  Language:VBA 383

• S1ckB0y1337 / TokenPlayer

  Manipulating and Abusing Windows Access Tokens.

  lateral-movementpentest-toolpost-exploitationtokensuac-bypasswindowswindows-internalswindows-privilege-escalationwindows-security
  Language:C++ 285

• gabriel-sztejnworcel / pipe-intercept

  Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools

  interception-toolsmitmnamed-pipeswindows-internals
  Language:Python 275

• mrexodia / phnt-single-header

  Single header version of System Informer's phnt library.

  nativeprocesshackersdksysteminformerwdkwindowswindows-internalsdebuggersecurity
  Language:CMake 233

• vxcute / WindowsInternals

  Yet another windows internals repo

  windows-internalsreverse-engineering
  Language:C++ 208

• mentebinaria / fundamentos-engenharia-reversa

  Livro: Engenharia Reversa - Fundamentos e Prática

  malware-analysiswindows-internalswindowsreverse-engineeringreversingcwin32assemblywindows-apilivro
  192

• AndreyBazhan / SymStore

  The history of Windows Internals via symbols.

  windowsinternalswindows-internalswindowsinternalskernelsymbolsntoskrnlhalntdll
  Language:C 180
• DLL-Injector

  adamhlt / DLL-Injector

  DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector

  dll-injectiondll-injectorloadlibrarypewinapiwindowswindows-internals
  Language:C++ 167

• diversenok / NtUtilsLibrary

  Delphi library for system programming on Windows using Native API

  delphisystem-programmingwindowswinapinative-apiwindows-ntwindows-internals
  Language:Pascal 134

• lem0nSec / KBlast

  Basic interactive Windows kernel offensive toolkit written in C

  kernelkernel-driverring0windowswindows-internals
  Language:C++ 133

• diversenok / NtTools

  Some random system tools for Windows

  windowswinapintapisystemwindows-internals
  Language:Pascal 115

• Air14 / SymbolicAccess

  Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB

  cpppdbreverse-engineeringwindowswindows-internals
  Language:C++ 110

• DownWithUp / ALPC-Example

  An example of a client and server using Windows' ALPC functions to send and receive data.

  alpclpcwindows-internalswindows-10example-code
  Language:C 107

• ionescu007 / wnfun

  WNF Utilities 4 Newbies (WNFUN)

  windowsinternalswindowsinternalskernelwnfreversingreverse-engineeringwindows-internals
  Language:Python 97
• Manual-DLL-Loader

  adamhlt / Manual-DLL-Loader

  Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually

  dllloadermanualpewinapiwindowswindows-internals
  Language:C++ 95
• PE-Explorer

  adamhlt / PE-Explorer

  PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports

  pepe-analyzerpe-viewerwindowswindows-internals
  Language:C++ 71
• Cave-Finder

  adamhlt / Cave-Finder

  Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files

  codecavecpppewinapiwindowswindows-internals
  Language:C++ 69

• NtRaiseHardError / Dreadnought

  PoC for detecting and dumping code injection (built and extended on UnRunPE)

  code-injectiondll-injectiondll-injection-detectionhookinginjectionmalware-analysismalware-researchpocsecuritywindowswindows-apiwindows-internals
  Language:C++ 58

• yardenshafir / DpcWait

  Driver demonstrating how to register a DPC to asynchronously wait on an object

  debuggingdpcwaitwindowswindows-internalswindows-kernel
  Language:C++ 50
• LoaderWatch

  andrew-boyarshin / LoaderWatch

  Windows 10 PE image loader (LDR) NTDLL component toolbox

  csharploaderntdllwindowswindows-10windows-internals
  Language:C 49

• yardenshafir / conference_talks

  Slides from various conference talks

  conference-talkedrexploitationmitigationwindowswindows-internals
  37

• Cipher7 / havoc-PoolParty

  Windows Thread Pool Injection Havoc Implementation

  bofc2chavocinjectionthread-poolwindowswindows-internals
  Language:Python 32

• Yuragy / HVNC-windows-remote-toolkit

  Remote administration toolkit for windows, based on Hidden VNC: file manager, keystroke logger, powershell

  command-and-controlhidden-desktophvncpost-exploitationpowershellred-team-toolsremote-controlvncwindows-internalsoffscreen-desktopremote-access-toolkitstealth-access
  Language:C++ 29

• DownWithUp / WarbirdExamples

  An example of how to use Microsoft Windows Warbird technology

  encryptionreverse-engineeringwindows-internals
  Language:C 28

• ElliotKillick / ms-devblogs-search

  Microsoft Developer Blogs Search Tool

  automationdevblogmicrosoftreverse-engineeringsearchsearch-toolwindowswindows-internalswindows-reverse-engineeringclicli-toollocal
  Language:Python 24

• Broihon / ProcessInfo

  A class to gather information about a process, its threads and modules.

  reverse-engineeringwindows-internalspe-loader
  Language:C++ 23
• ActiveBreach-Engine

  dutchpsycho / ActiveBreach-Engine

  SysWhispers & HellsGate Successor, SYSCALL Execution Framework using advanced techniques - AV/AntiCheat Evasion

  edr-evasionsyscallsyscall-proxyanti-debughook-bypasslotlminhookntdlloffensive-securityred-teamwindows-internalswinternalsmalware-researchanticheatdetoursdispatcherhooking-framework
  Language:Rust 17