The .NET Project System for Visual Studio

PoCs and tools for investigation of Windows process execution techniques

Scan files or process memory for CobaltStrike beacons and parse their configuration

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

A binary static analysis tool that provides security and correctness results for Windows Portable Executable and *nix ELF binary formats

Visual Studio extension for Rust

CyLR - Live Response Collection Tool

A PowerShell front-end for the Windows debugger engine.

Command line tracing tool for Windows, based on ETW.

Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows.

C# Data Collector for the BloodHound Project, Version 3

View ETW Provider manifest

A proof-of-concept Remote Desktop (RDP) session hijack utility

Extended Process Monitor-like tool based on Event Tracing for Windows

An instruction trace visualisation tool for dynamic program analysis

Monitor activity of any driver

A mobile app for detecting bluetooth gas pump credit card skimmers

An implementation of PSExec in C#

Events from all manifest-based and mof-based ETW providers across Windows 10 versions

Microsoft Diagnostics EventFlow

PDB Downloader - An easier way to download Microsoft's public symbols for Libraries and Executables.

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps …

This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System from 7 to Windows 10.

StandIn is a small .NET35/45 AD post-exploitation toolkit

Log Wizard - a Log Viewer that is easy and fun to use!

C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed

Sample use cases of the .NET native code hooking technique