Windows Security
Showing 36 of 41 projects
A Windows security tool for extracting credentials, hashes, and Kerberos tickets from memory and performing various post-exploitation techniques.
A proof-of-concept malware application that implements common anti-analysis techniques to test security tools and sandbox environments.
A high-quality, commented Sysmon configuration template for Windows system monitoring and incident investigation.
A highly customizable USB attack platform for penetration testing, based on a Raspberry Pi Zero.
A PowerShell v2.0+ compatible command and script obfuscation framework for security testing.
A testing tool that detects virtual machines and malware analysis environments using techniques observed in real malware.
A Windows security tool that reduces the attack surface by disabling risky features in Windows, Office, Adobe Reader, and LibreOffice.
A modular repository of Sysmon configuration modules for customizable endpoint detection and logging.
A PowerShell toolkit for attacking, auditing, and securing Microsoft SQL Server environments during penetration tests.
A collection of 200 Windows EVTX event log samples mapped to MITRE ATT&CK techniques for detection testing and threat hunting.
A Windows security tool for real-time adversary tradecraft detection, memory scanning, and forensics via behavior-driven rules.
A deprecated collection of PowerShell tools for offensive security operations and penetration testing.
A PowerShell module for Blue Teams, Incident Responders, and System Administrators to hunt persistence techniques implanted in Windows machines.
An interactive command-line tool for exploring and exploiting the CTF protocol on Windows systems.
Automated configuration guidance for implementing the U.S. Department of Defense's Secure Host Baseline settings on Windows 10 and Windows Server 2016.
A reflective PE packer for in-memory execution of Windows executables to bypass security products.
A collection of Windows Event Forwarding configurations and subscriptions for centralized security event collection and incident detection.
An open-source blue team tool that protects Linux and Windows systems via honeypots, monitoring, and alerting.
A Windows tool that intercepts and kills ransomware processes attempting to delete shadow copies via vssadmin and other system utilities.
Scans files and process memory for Cobalt Strike beacons and extracts their configuration.
A dynamic unpacker for Windows malware that deploys packed executables, waits for payload unpacking, and dumps the extracted code.
A tool for auditing and visualizing control paths in Active Directory to identify privilege escalation and resource access risks.
PowerShell module to check Windows binaries for security features like ASLR, DEP, SafeSEH, and Authenticode.
A PowerShell suite for remote Windows incident response and hunting using CIM/WMI, requiring no agent deployment.
A honeytoken-based tripwire for detecting Active Directory credential theft and privilege escalation attempts.
A PowerShell script for live forensic data acquisition and endpoint lockdown during Windows incident response.
A PowerShell script for live forensic data acquisition and endpoint lockdown during Windows incident response.
A security tool that scans for Windows accessibility tools backdoors via automated RDP sessions.
An open-source blue team tool that protects Linux and Windows operating systems through multiple security methods.
A PowerShell module for remote endpoint threat hunting, scanning for indicators of compromise and collecting system state information.
A C++ Windows malware analysis tool that uses memory and code hooks to detect and extract hidden code from packers.
A Python library for creating adversarial attacks against Windows malware detectors to evaluate their robustness.
Demonstrates various persistence techniques used by malware, including COM hijacking, extension hijacking, and shim injection.
A Windows tool for malware researchers to explore and test anti-debug techniques across modern debuggers.
A curated collection of information and tools for detecting, analyzing, and hunting malware persistence mechanisms across operating systems.
Python implementation of PEiD for detecting packers in Windows PE files using signature databases.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.