New code snippet that demonstrate the usage of SuspendThread to detect the presence of debuggers.

New code snippet that demonstrate how Malware authors detects the presence of debuggers using both Microsoft Windows API's: FindWindowA and FindWindowW API's.

New code snippet that demonstrate how Malware authors detects the presence of debuggers using both Microsoft Windows API's: FindWindowA and FindWindowW API's.

New code snippet that demonstrate how malware control the Debug flag from a running process PEB (Process Environment Block) in order to detect the presence of a debugger.

This application is an alternative and variant of RunAs and RunAsAttached. It allows to spawn a new terminal session as another user.

The particularity of this project is the ability to transmit and receive commands through network (stdin, stdout and stderr are redirected to network)

This tiny application gives the opportunity to spawn another interactive terminal as another user. New terminal session is spawned detached from caller terminal.

This application allows to run commands as another user (user impersonation) interactively. In contrary of other existing tools, this application won't spawn another terminal session to run commands as another user.

This program demonstrate a serious weakness on default Microsoft Windows configuration. Indeed by default account lockout policy is disabled which may allow a guest account to brute force any available local account (~ 10 000 attempt per second).

Delphi unit that demonstrate how to enumerate DLL exported functions names and addresses through parsing PE Header.