Browser-based HAR extraction tool, portable, self-contained in HTML.

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository…

This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.

Forensics tool for NTFS (parser, mft, bitlocker, deleted files)

A living guide to lesser-known and evasive Windows API abuses used in malware, with practical reverse engineering notes, YARA detections, and behavioral indicators.

This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.

This is the tool to dump the LSASS process on modern Windows 11

A resource containing all the tools each ransomware gangs uses

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

In-Memory PE Loader

Template-Driven AV/EDR Evasion Framework

Code execution/injection technique using DLL PEB module structure manipulation

Command line access to the Registry

RegRipper4.0

A step-by-step walkthrough of how to write a Client and a Driver to communicate with each other and boost the priority of a thread.

A kernel driver to get a Handle to virtually *every* process

Use OCR in Windows quickly and easily with Text Grab. With optional background process and notifications.

Portable file server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file, no deps

AV/EDR Lab environment setup references to help in Malware development

Free Windows Detector Software

Windows API Code Pack 1.1

Provides a .NET wrapper for the Windows Task Scheduler. It aggregates the multiple versions, provides an editor and allows for localization.

Detect virtual machine environments using C#

Adaptive DLL hijacking / dynamic export forwarding

GUI to Manage Software Restriction Policies and harden Windows Home OS

Utility for configuring Windows 10 built-in Defender antivirus settings.

Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using the symbol server.

EDR Lab for Experimentation Purposes