#Windows-internals

Showing 14 of 14 repositories tagged #windows-internals, ranked by stars

taviso
taviso
ctftool

Interactive CTF Exploration Tool

Score
75
★ 1.7k ⑂ 263
C
JLospinoso
JLospinoso
gargoyle

Historical Windows temporal memory-state research artifact for studying time-bound memory observations, validation limits, and defensive visibility.

Score
100
★ 906 ⑂ 114
Python
mrexodia
mrexodia
dumpulator

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

Score
0
★ 868 ⑂ 50
C
VirtualAlllocEx
VirtualAlllocEx
DEFCON-31-Syscalls-Workshop

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

Score
67
★ 765 ⑂ 106 +3/day
C
diversenok
diversenok
TokenUniverse

An advanced tool for working with access tokens and Windows security policy.

Score
92
★ 662 ⑂ 69
Pascal
mentebinaria
mentebinaria
fundamentos-engenharia-reversa

Livro: Engenharia Reversa - Fundamentos e Prática

Score
83
★ 217 ⑂ 41
NtRaiseHardError
NtRaiseHardError
Dreadnought

PoC for detecting and dumping code injection (built and extended on UnRunPE)

Score
17
★ 58 ⑂ 23
C++
youssefnoob003
youssefnoob003
SindriKit

A foundational C library for building operationally credible offensive capabilities

Score
58
★ 49 ⑂ 2 +10/day
C
vibheksoni
vibheksoni
ferrox

Windows infostealer in Rust with polymorphic builds, Hell's Gate syscalls, and compile-time encryption. Educational use only.

Score
50
★ 28 ⑂ 10 +2/day
Rust
zvxhash
zvxhash
void-sniff

A lightweight, self-contained x64 Native API syscall monitor for Windows with a custom inline hook engine and zero external dependencies.

Score
42
★ 26 ⑂ 4
C++
manikandantn68
manikandantn68
window-persistence-Privilege-Escalation

A complete hands-on reference of 46 Windows persistence techniques used by real-world APT groups. Each technique includes MITRE ATT&CK TTP mapping, known threat actor attribution, attack commands, verification steps, and cleanup — organized from No-Admin to Admin level. Built for red teamers, malware analysts, and cybersecurity learners.

Score
33
★ 20 ⑂ 0 +8/day
C
HackingLZ
HackingLZ
loadlibrary-patch-kit

VDM sig bypass and additional WinAPI stubs

Score
25
★ 19 ⑂ 0
Python
vvswift
vvswift
Shellcode-Injector

PoC shellcode injector using clean syscalls to bypass user-mode hooks in ntdll.dll

Score
0
★ 16 ⑂ 3
C
NtProtectVirtualMemory
NtProtectVirtualMemory
PE-Library

A modern C++ library for parsing and manipulating Windows Portable Executable (PE) files.

Score
8
★ 10 ⑂ 1
C++
Related Topics
#reverse-engineering#malware-analysis#windows#security#malware-research#assembly#code-injection#security-research#syscalls#windows-api#hooking#x64

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly