World's fastest and most advanced password recovery utility

A little tool to play with Windows security

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…

This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.

Direct Memory Access (DMA) Attack Software

Defeating Windows User Account Control

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Simple (relatively) things allowing you to dig a bit deeper than usual.

EasyHook - The reinvention of Windows API Hooking

🌴Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

Library to load a DLL from memory.

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

Windows Internals Book 7th edition Tools

Hiding kernel-driver for x86/x64.

Kernel Driver Utility

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

A post exploitation framework designed to operate covertly on heavily monitored environments

Abusing impersonation privileges through the "Printer Bug"

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

The swiss army knife of LSASS dumping

Open-Source Shellcode & PE Packer

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

A series of mini-projects used to learn C for beginners

Windows Event Log Killer

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.