#Windows-internals
Showing 14 of 14 repositories tagged #windows-internals, ranked by stars
Interactive CTF Exploration Tool
Historical Windows temporal memory-state research artifact for studying time-bound memory observations, validation limits, and defensive visibility.
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
An advanced tool for working with access tokens and Windows security policy.
Livro: Engenharia Reversa - Fundamentos e Prática
PoC for detecting and dumping code injection (built and extended on UnRunPE)
A foundational C library for building operationally credible offensive capabilities
Windows infostealer in Rust with polymorphic builds, Hell's Gate syscalls, and compile-time encryption. Educational use only.
A lightweight, self-contained x64 Native API syscall monitor for Windows with a custom inline hook engine and zero external dependencies.
A complete hands-on reference of 46 Windows persistence techniques used by real-world APT groups. Each technique includes MITRE ATT&CK TTP mapping, known threat actor attribution, attack commands, verification steps, and cleanup — organized from No-Admin to Admin level. Built for red teamers, malware analysts, and cybersecurity learners.
VDM sig bypass and additional WinAPI stubs
PoC shellcode injector using clean syscalls to bypass user-mode hooks in ntdll.dll
A modern C++ library for parsing and manipulating Windows Portable Executable (PE) files.