An index of Windows binaries, including download links for executables such as exe, dll and sys files

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully…

An MCP (Model Context Protocol) server that turns all pybag Windows debugger functions into native MCP tools. It lets MCP-compatible clients (Claude Desktop, Claude Code, Cowork, OpenAI Codex CLI, …

EDR Lab for Experimentation Purposes

Collect Windows telemetry for Maldev

Live ETW-TI event viewer for Windows kernel threat-intelligence telemetry. Research tool for exploring the same signals commercial EDRs rely on.

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

Windows Analysis and Research Toolkit

Call Tree Overviewer

Model Context Protocol for WinDbg.

Incident Response & Digital Forensics Debugging Extension

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

Course materials for Modern Binary Exploitation by RPISEC

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

Lightweight PoC enumerating processes and reading remote PEBs for triage and research.

Concise, hands-on Windows internals, exploitation notes and detection playbooks.

Windows-focused research covering malware, development, anti-detection, exploits, and CTFs.

Winners of the International Obfuscated C Code Contest

Centralized resource for listing and organizing known injection techniques and POCs

For educational purposes only, exhaustive samples of 500+ classic/modern trojan builders including screenshots.

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, and Online KMS activation methods, along with advanced troubleshooting.

The Minimalistic x86/x64 API Hooking Library for Windows

A tutorial on how to write a packer for Windows!

Notes on using the Python bindings for the Unicorn Engine

Inject DLLs into the explorer process using icons

Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.

High Octane Triage Analysis

Script to remove Windows 10 bloatware.