Windows related tools for various purposes: analysis, exploitation, research, post-ex. #### Reverse Engineering - Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission - https://ghidra-sre.org/ - https://github.com/NationalSecurityAgency/ghidra - IDA Free - https://hex-rays.com/ida-free/ - ImHex - A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. - https://github.com/WerWolv/ImHex - Winbindex - The Windows Binaries Index - https://winbindex.m417z.com/ - VergiliusProject - Kernel YML symbol dumps - https://www.vergiliusproject.com/kernels - https://github.com/VergiliusProject/kernels-data #### Hooking - Fermion - Fermion is an electron application that wraps [frida-node](https://github.com/frida/frida-node) and [monaco-editor](https://microsoft.github.io/monaco-editor/). It offers a fully integrated environment to prototype, test and refine Frida scripts through a single UI - https://github.com/FuzzySecurity/Fermion - API Monitor - API Monitor is a free software that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications. - http://www.rohitab.com/apimonitor #### Research - IONinja - IO Ninja is a professional all-in-one terminal emulator, sniffer, and protocol analyzer. - https://ioninja.com/ - WinObjEx64 - WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. - https://github.com/hfiref0x/WinObjEx64 - moneta - Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs - https://github.com/forrest-orr/moneta - oleviewdotnet - OleViewDotNet is a .NET 4 application to provide a tool which merges the classic SDK tools OleView and Test Container into one application. It allows you to find COM objects through a number of different views (e.g. by CLSID, by ProgID, by server executable), enumerate interfaces on the object and then create an instance and invoke methods. - https://github.com/tyranid/oleviewdotnet - SQLiteBrowser - DB Browser for SQLite - https://sqlitebrowser.org/ - Fiddler - Web debugging proxy for MacOS, Windows, and Linux - Sometimes fiddler is very useful especially combining it with [Postman](https://www.postman.com/) for rapid prototyping - https://www.telerik.com/fiddler - Grepwin - grepWin is a simple search and replace tool which can use [regular expressions](https://en.wikipedia.org/wiki/Regular_expression) to do its job - https://tools.stefankueng.com/grepWin.html