Windows Events Attack Samples

Weaponize DLL hijacking easily. Backdoor any function in any DLL.

Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.

A desktop application that checks security-related settings and makes recommendations for improvements without requiring central device management or automated reporting.

🐟 PoC of a VBA macro spawning a process with a spoofed parent and command line.

List of Awesome Windows Security Resources

Manipulating and Abusing Windows Access Tokens.

Windows 11 secure group policy for standalone devices

Run a program as TrustedInstaller (SYSTEM)

Automated CIS Benchmark Compliance Remediation for Windows Server 2019 with Ansible

Enterprise-Grade Security & Privacy Hardening Tool for Windows 11 25H2

Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass

Automated CIS Benchmark Compliance Remediation for Windows Server 2022 with Ansible

A collection of awesome ethical hacking and security related content!

Rust Windows EDR (user-mode, no driver): ETW → Sysmon-style normalization → Sigma/Yara/IOC detection → ECS NDJSON alerts.

I-Espresso is a tool that enables users to generate Portable Executable (PE) files from batch scripts. Leveraging IExpress, it demonstrates how file extension spoofing can be used to evade detection.

Xploitra is a powerful reverse shell payload generator for educational and security testing. It offers customizable payloads with advanced obfuscation and session management, making it ideal for simulating real-world attack scenarios and assessing system security.

EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.

A collection of awesome software, libraries, learning tutorials, documents and books, awesome resources and cool stuff about ARM and Windows Exploitation.

Active Directory Forensic Toolkit : Detect & reconstruct AD attacks from Windows event logs (EVTX)