Hook system calls, context switches, page faults and more.

eBPF implementation that runs on top of Windows

C++ wrapper for libzip

Principled, lightweight C/C++ PE parser

A C library for reading, creating, and modifying zip archives.

Freeze (package) Python programs into stand-alone executables

PyInstaller Extractor

Malware Development for Ethical Hackers, published by Packt

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…

CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

Document ETW providers

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.

Sandboxie Plus & Classic

Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practi…

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).