|
|
|
Processed through Paypal No account required. |







| Files | ||||
| File Name | Rating | Downloads | ||
| AlternateStreamView v1.58 AlternateStreamView v1.58 👉 View, copy, export and delete hidden NTFS alternate data streams. AlternateStreamView is a small utility that scans NTFS drives or folders and finds hidden alternate streams stored in the file system. After scanning, you can extract streams to a selected folder, delete unwanted streams, or save the stream list as text, HTML, CSV or XML. Features: • Scan NTFS drives or folders for hidden alternate data streams • View stream name, file name, stream size and related file details • Export selected streams to a folder • Delete unwanted alternate streams • Save results as TXT, HTML, CSV, XML and other report formats • Scan subfolders with optional folder-depth control • Supports file wildcard filtering • Explorer context menu option for checking a single file • Command-line options for scanning and exporting results • Portable utility with no installation required Supported operating systems: • Windows 2000 through Windows 11 • 32-bit and 64-bit systems Supported languages: Arabic, Brazilian Portuguese, Czech, Dutch, Finnish, French, German, Greek, Hungarian, Italian, Japanese, Persian, Polish, Romanian, Russian, Simplified Chinese, Slovak, Spanish, Traditional Chinese, Turkish, Ukrainian, Valencian Changes: v1.58 Updated to stop the file system scan when you press the Esc key. This download is for the Windows 64bit version (very bottom of page). If you need the Windows 32bit version, download here. Click here to visit the author's website. |
![]() |
10,029 | Jun 04, 2026 Nir Sofer |
|
| Attack Surface Analyzer v2.3.299 Attack Surface Analyzer v2.3.299 A Microsoft developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration. Attack Surface Analyzer 1.0 from Microsoft was released in 2012 and is no longer available. Attack Surface Analyzer 1.0 has been valuable to software developers and IT security personnel for years in helping detect key system changes that may occur from software installation. Attack Surface Analyzer 2 is a rewrite from the ground up on .NET Core and is an Open Source project managed by Microsoft. Scenarios 1) Attack Surface Analyzer can help identify potential security risks exposed through changes to services, user accounts, files, network ports, certificate stores, and the system registry. It also includes some support for “live” monitoring of certain system changes (i.e. file system and registry). 2) Another key use for the tool is in ensuring your software development process and products are following best practices for least privilege and reducing the attack surface for your customers by providing evidence, to your security and release teams, that your code does only what it claims. Maintaining customer trust is one reason why it is recommended from the Microsoft SDL Practices. Typical users of ASA: -DevOps Engineers - View changes to the system attack surface introduced when your software is installed. -IT Security Auditors - Evaluate risk presented when third-party software is installed. See How to Run Attack Surface Analyzer. System Requirements Operating System Support ASA is tested on Windows 11, Linux and MacOS systems. No installed pre-requisites or redistributables are required, beyond those of .NET Core. Additional OS compatibility for .NET Core is located here https://github.com/dotnet/core/blob/master/release-notes/3.1/3.1-supported-os.md. This download is for the Windows version. All other download assets are below: MacOS: ASA_macos_2.3.299.zip Linux: ASA_linux_2.3.299.zip NetCore: ASA_netcoreapp_2.3.299.zip Click here ... |
![]() |
5,607 | Jul 11, 2023 Microsoft Corp. |
|
| Chainsaw v2.11.0 Chainsaw v2.11.0 Rapidly Search and Hunt through Windows Event Logs Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows forensic artifacts such as Event Logs and the MFT file. Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules. Features 🎯 Hunt for threats using Sigma detection rules and custom Chainsaw detection rules 🔍 Search and extract forensic artefacts by string matching, and regex patterns 📅 Create execution timelines by analysing Shimcache artefacts and enriching them with Amcache data 💡 Analyse the SRUM database and provide insights about it ⬇️ Dump the raw content of forensic artefacts (MFT, registry hives, ESE databases) ⚡ Lightning fast, written in rust, wrapping the EVTX parser library by @OBenamram 🪶 Clean and lightweight execution and output formats without unnecessary bloat 🔥 Document tagging (detection logic matching) provided by the TAU Engine Library 📑 Output results in a variety of formats, such as ASCII table format, CSV format, and JSON format 💻 Can be run on MacOS, Linux and Windows See the Wiki for usage instructions. Changes v2.11.0 Improvements to the MFT parser, allowing data streams to be extracted, decoded and written to disk. Decoded MFT Datastreams can now be queried via the Search command and via the Hunt Command. This download is for the Windows version (very bottom of page). All other download assets are below: MacOS: chainsaw_x86_64-apple-darwin.zip chainsaw_aarch64-apple-darwin.zip Linux: chainsaw_x86_64-unknown-linux-gnu.tar.gz chainsaw_aarch64-unknown-linux-gnu.tar.gz Other: chainsaw_all_platforms+rules+examples.zip Click here to visit the author's website. |
![]() |
3,248 | Jan 29, 2025 F-Secure Countercept |
|
| Combofix v19.11.4.1 Combofix v19.11.4.1 ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program. Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper. Windows XP/Vista/7/8 32-bit program. Can run on both a 32-bit and 64-bit OS This program works with Windows 8, but not Windows 8.1 at this time and still no Windows 10 support. :( Click here to visit the author's website. |
![]() |
12,841 | Nov 13, 2019 sUBs |
|
| CrowdInspect v1.7.0.0 CrowdInspect v1.7.0.0 A free community tool for Microsoft Windows systems that helps alert you to the presence of potential malware on your network. It is a host-based process inspection tool utilizing multiple sources of information to detect untrusted or malicious process and network-active applications. Beyond simple network connections, CrowdInspect associates the connection entry with the process that is responsible for that activity. CrowdInspect captures process name, the entry’s process ID number, local port, local IP address, remote port, remote IP address and reverse resolved DNS name of the remote IP address. CrowdInspect records details of any entry that is associated with a remote IP address and maintains a chronological list of those accessed. You may click the “Live/History” toolbar button to switch between the regular live process window and the network history list window. Click here to visit the author's website. |
![]() |
3,063 | Nov 09, 2021 CrowdStrike |
|
| HiJackThis+ v3.4.0.17 HiJackThis+ v3.4.0.17 👉 Advanced malware and system hijack diagnostic scanner for Windows. HiJackThis+ is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware, and other unwanted programs. It is a passive scanner that focuses on detecting hijacking methods rather than relying on traditional signature databases, and it can help experienced users inspect browser, startup, registry, policy, task, and other system areas that may have been altered by suspicious software. It also includes a collection of extra tools such as StartupList, Process Manager, Hosts Manager, ADS Spy, uninstall management, file and registry unlockers, a registry key type analyzer, and batch digital signature checking. Features: • Scans Windows for changes made by adware, spyware, malware, and other unwanted programs • Detects hijacking methods instead of depending on signature database updates • Checks many sensitive system areas including startup entries, registry locations, policies, tasks, browser related items, and more • Includes StartupList 2 for expanded startup inspection • Includes Process Manager for reviewing running processes • Includes Hosts Manager for reviewing and resetting the Hosts file • Includes ADS Spy for finding alternate data streams • Includes uninstall management tools • Includes Windows service removal tools • Includes File Unlocker and Registry Key Unlocker • Includes Registry Key Type Analyzer for advanced inspection • Includes batch digital signature checking • Supports backup and fix workflows for detected items • Can be used as a supplemental diagnostic tool alongside a regular antivirus Supported operating systems: • Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11, Windows Server editions, 32-bit, 64-bit Supported languages: English, French, Russian, Spanish, Ukrainian Changes: v3.4.0.17 01-16-25 Updated database of O4. Check if BootExecute is missing or empty. Step towards unifying the addition of new keys to open possibility moving them to the database. Fixed a bug with the inability to clear value of the REG_MULTI_SZ type, previously they were just deleted. ... |
![]() |
3,336 | Apr 20, 2026 Alex Dragokas |
|
| hollows_hunter v0.3.4 hollows_hunter v0.3.4 Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). Hollows Hunter allows you to scan your full system, searching for potentially malicious implants, and extract them for further analysis. It is an application based on PE-sieve (DLL version), so there is a big overlap of the features between those two. They have a similar command-line interface, but while PE-sieve is an engine dedicated to scanning a single process, Hollows Hunter offers many additional features and filters on the top of this base. More information about similarities and differences described here. Start by familiarizing yourself with PE-sieve by reading the PE-sieve's Wiki. Changes: v0.3.4 2-10-22 Updated PE-sieve (v0.3.4): Supported changes in the implementation of /mignore Supported new PE-sieve param: /threads: enabling scan of the threads' callstack . This is another layer of shellcode detection, allowing to capture "sleeping beacons", and others, decrypted just before the execution. This download is for the 64bit version. If you need the 32bit version, download here. Click here to visit the author's website. |
![]() |
4,400 | Feb 11, 2022 HASHEREZADE |
|
| HxD v2.5.0.0 HxD v2.5.0.0 A free hex editor and disk editor for Windows. HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. The easy to use interface offers features such as searching and replacing, exporting, checksums/digests, insertion of byte patterns, a file shredder, concatenation or splitting of files, statistics and much more. Editing works like in a text editor with a focus on a simple and task-oriented operation, as such functions were streamlined to hide differences that are purely technical. For example, drives and memory are presented similar to a file and are shown as a whole, in contrast to a sector/region-limited view that cuts off data which potentially belongs together. Drives and memory can be edited the same way as a regular file including support for undo. In addition memory-sections define a foldable region and inaccessible sections are hidden by default. Furthermore a lot of effort was put into making operations fast and efficient, instead of forcing you to use specialized functions for technical reasons or arbitrarily limiting file sizes. This includes a responsive interface and progress indicators for lengthy operations. Features: • Available as a portable and installable edition • RAM-Editor ▸ To edit the main memory ▸ Memory sections are tagged with data-folds • Disk-Editor (Hard disks, floppy disks, ZIP-disks, USB flash drives, CDs, ...) ▸ RAW reading and writing of disks and drives ... |
![]() |
6,146 | Jan 07, 2026 Maël Hörz |
|
| ImHex v1.36.2 ImHex v1.36.2 A modern hex editor and reverse engineering tool written in pure C++20 using GLFW and Dear ImGui. Features Features • Byte patching • Patch management • Copy bytes as feature -Bytes -Hex string -C, C++, C#, Rust, Python, Java & JavaScript array -ASCII-Art hex view -HTML self-contained div • String and hex search • Colorful highlighting • Goto from start, end and current cursor position Custom C++-like pattern language for parsing highlighting a file's content • Automatic loading based on MIME type • arrays, pointers, structs, unions, enums, bitfields, namespaces, little and big endian support, conditionals and much more! • Useful error messages, syntax highlighting and error marking Doesn't burn out your retinas when used in late-night sessions • Dark mode by default, but a light mode is available as well Data importing • Base64 files • IPS and IPS32 patches Data exporting ... |
![]() |
2,644 | Dec 30, 2024 WerWolv |
|
| Metadefender Client v4.1.20.56 Metadefender Client v4.1.20.56 Metadefender Cloud Client is the most thorough free malware analysis tool available. By running data through Metadefender Cloud, Cloud Client performs a deep endpoint forensic analysis for malware using several unique methods. Look for threats and assess the security state of your endpoint if you think it may be compromised. Methods: Memory Module Multi-Scanning: process and dynamic link library (DLL) analysis using over 40 anti-malware engines Local Anti-malware Analysis: a unique and effective analysis of anti-malware log files Rogue IP Detection: ensuring there are no network connections to a rogue IP address using several IP reputation sources Memory Module Multi-Scanning Running over 40 anti-malware engines that use heuristic detection, Metadefender Cloud Client analyzes all running processes and loaded memory modules. It performs a deep scan, analyzing the DLLs accessed by these processes for malware as well. This results in a deeper analysis than that of other free tools like Process Explorer or VirusTotal. And it does all this quickly – in just a few minutes. When you run it, Metadefender Cloud Client begins scanning all processes and DLL files for any threat. Once the analysis is complete, you’ll see a summary at the top of the window of how many potential threats of all kinds were identified. You’re able to click on each individual result and see the specific processes and DLLs that may be infected. Cloud Client is unique in allowing you to review the results on such a granular level. Highlight a process to see the results of the analysis. Click the arrow next to it in order to see the libraries accessed by the application while it runs. Then, click on individual DLL files to see the threats identified, and which specific anti-malware engines identified them. You can also see a list of potentially infected ... |
![]() |
6,143 | Nov 15, 2019 OPSWAT, Inc. |
|
| Phrozen ADS (Alternate Data Stream) Revealer v1.0.5642 Phrozen ADS (Alternate Data Stream) Revealer v1.0.5642 Phrozen ADS (Alternate Data Stream) Revealer is a Microsoft Windows program, especially designed to reveal possible malicious ADS files in your file system. Since the Alternate Data Stream functionality is only available for NTFS (New Technology File System), the program is able to scan and detect this kind of files only for this type of file system (Physical Hard Drive/Virtual Hard Drive/Physical Removable Device/Virtual Removable Device). If some ADS Files are detected during the scan you then can decide wether or not you want to keep them or to back them up. You can also have a content preview to detect in one glance if it looks legitemate or not. Phrozen ADS Revealer is the perfect tool to sanitize your NTFS file systems against bloated content or hidden malwares. Another great tool to put in your collection and 100% free. What are Alternate Data Stream Alternate data streams allow more than one data stream to be associated with a filename, using the format "filename:streamname" (e.g., "text.txt:extrastream"). NTFS Streams were introduced in Windows NT 3.1, to enable Services for Macintosh (SFM) to store resource forks. Although current versions of Windows Server no longer include SFM, third-party Apple Filing Protocol (AFP) products (such as GroupLogic's ExtremeZ-IP) still use this feature of the file system. Very small ADS (called Zone.Identifier) are added by Internet Explorer and recently by other browsers to mark files downloaded from external sites as possibly unsafe to run; the local shell would then require user confirmation before opening them.[21] When the user indicates that they no longer want this confirmation dialog, this ADS is deleted. Alternate streams are not listed in Windows Explorer, and their size is not included in the file's size. They are ignored when the file is copied or moved ... |
![]() |
6,772 | Nov 15, 2019 PHROZEN SAS |
|
| RunPE Detector v2.0 RunPE Detector v2.0 Phrozen RunPE Detector is a security program, especially designed to detect and defeat some suspicious processes using a generic method. We at Phrozen Software do things differently, more creatively. So, when we set ourselves the task of creating a novel way of detecting, disabling and removing RATs, we didn't want to take the route every other anti-virus company has done before us. Phrozen Software studied the behaviour of RATs and discovered that hackers virtually always use a technique called RunPE. This technique spawns a legitimate process – often the default browser or a Microsoft system process – and replace it with a malicious program code directly in memory. Your computer is thus tricked and treats the malicious code as a legitimate process. The user and his anti-virus program have no idea that his default browser is effectively turned into a virus. RunPE is a technique that is used in several malicious ways. The two most common are : [1] FWB (Firewall Bypass): As its name suggests, this technique is implemented to bypass or disable the Application Firewall or the Firewall rules. Since most malware needs to connect to a remote Command-and-Control (C&C) Server, it needs to connect to the Internet via the Firewall. Since most users are connected to the Internet at home, normally the installed Firewall would prevent the malware from connecting to the Internet. Using the RunPE technique to hijack a legitimate process that is authorized to reach Internet, any malware could subsequently connect to the C&C without being detected by the Firewall. [2] Malware Packer or Crypter: Generally script kiddies – immature hackers - use a well-known type of malware that is already detected by most anti-virus programs. They then try the obfuscate this malware to evade ... |
![]() |
6,969 | Nov 15, 2019 PHROZEN SAS |
|
| SecureMyBit Deny v1.4 SecureMyBit Deny v1.4 SecureMyBit Deny is a simple, light and freeware security tool that permits you to deny execution of scripts that rely on Windows Script Host, perform impairment indicators analysis to detect possible malicious behaviours in analyzed executables, type your text safely against keyloggers, mouseloggers, screenloggers, etc. Then you can monitor your file system for changes and new files, detect processes that are connected to ports commonly used by malware and optimize security settings. (Please note that some antivirus or antimalware programs can detect SecureMyBit Deny as malware, we want to specify that this is a false positive, you can add SecureMyBit Deny to the exclusion list of your antivirus/antimalware). What’s new? Fixed heuristic engine false positive of EXE Analyzer (SecureMyBit Deny.exe) Changed ON/OFF text of File System Monitor button (Thanks @ticklemefeet for the suggestion) Fixed bug in Security Ports Scan Fixed critical bug of Text Editor Anti-Logger Fixed bug in File System Monitor Heuristic engine updated to improve ransomware detection, hash computing, decryption code and registry usage of analyzed EXE Added “Clear log” button to File System Monitor Key Features: Deny scripts execution Make USB read-only Text Editor Anti-Logger Perform EXE analysis Security Ports Scan Monitor File System easily Optimize security settings Terms & Conditions: WE AREN’T ABSOLUTELY RESPONSIBLE FOR ANY KIND OF PROBLEMS, DAMAGES, LOSS OF DATA, LOSS OF FILES OR ANY OTHER KINDS OF PROBLEMS. THE SOFTWARE IS PUBLISHED “AS IS”. THERE MAY BE FALSE POSITIVES IN EXE ANALYZER REPORT(S) BECAUSE OF THE HEURISTIC ANALYSIS. Thank you. SecureMyBit Development Team Compatibility Windows Vista Windows 7 Windows 8/8.1 Windows 10 Special Requirement: Microsoft .NET Framework 4.5 Languages: English SecureMyBit Deny Test: |
![]() |
5,587 | Nov 13, 2019 JM Security |
|
| SigcheckGUI v1.1.3 SigcheckGUI v1.1.3 GUI front-end for sigcheck.exe from Sysinternals. Scans for fake Root Certificates in Windows that malware uses to infect a computer. Supports: Win7 x32,Win7 x64,Win98,WinVista,WinVista x64,WinXP v1.1.3 - 2016-11-04 + SigcheckGUI now handles passed files and folders. (Thanks, zxhtrzdg) + Added "Clear unknown" to the Clear menu. * Changed/added some icons. * Verified SigcheckGUI works with sigcheck.exe v2.54. Click here to visit the author's website. |
![]() |
5,879 | Nov 15, 2019 Jody Holmes |
|
| Simple Software-restriction Policy v2.20 Simple Software-restriction Policy v2.20 A software policy makes a powerful addition to Microsoft Windows' malware protection. In particular, it is more effective against ransomware than traditional approaches to security. If you know about the Linux 'execute permission' bit then you'll understand what this is for. The mode of operation is somewhat different in that execute permission is granted to folders and subfolders rather than individual files, but the intention is the same, to stop undesirable or unknown software from launching unless you OK it. Additionally, it is possible to specify that certain executables (typically browsers and email clients) are run with reduced rights. This is a valuable damage-limitation measure against browser plugin vulns, etc. The protection can be turned off without a reboot whilst installing legitimate software, and will automatically reactivate after a specified time Click here to visit the author's website. |
![]() |
6,177 | Nov 15, 2019 IWR Consultancy |
|
| Tron Script v12.0.8 Tron Script v12.0.8 OlderGeeks.com is an official mirror for Trons Script. A powerful automated collection of batch files that runs multiple cleanup, disinfection and repair tools to help restore poorly running Windows PCs. Tron Script is a free, open-source script that sequences a large collection of well-known Windows cleanup, malware removal, debloat, repair and optimization utilities into a single automated process. Instead of manually running dozens of tools to disinfect, remove bloatware, fix system corruption, reset configurations, clean temporary files and optimize settings, Tron orchestrates these steps in a structured workflow that can handle heavily-infected or unstable machines. It is intended for advanced users and technicians and can take several hours to complete depending on the state of the system. Tron works through stages including prep, temp cleanup, de-bloat, disinfect, repair, patch, optimize and wrap-up, producing comprehensive logs of its actions. The script runs from an elevated Command Prompt and can be customized via command-line switches for different use cases. Features: • Automates a comprehensive suite of cleanup, repair and disinfection tools. • Runs multiple anti-malware engines and system utilities in sequence. • Removes OEM bloatware and unnecessary files. • Repairs corrupted system components (SFC, DISM, registry and file permissions). • Cleans temporary files, event logs, Windows Update cache. • Supports command-line switches to skip or enable specific stages. • Produces detailed run logs for post-analysis. • Useful on difficult-to-fix systems where manual cleanup would be time-consuming. Documentation: Read ALL of the documentation here before using this set of tools. Supported operating systems: • Windows 7 • Windows 8 • Windows 8.1 • Windows 10 • Windows 11 Note: Requires an elevated Command Prompt. Supported languages: • English What Tron Script Actually Contains: Most ... |
![]() |
35,178 | Feb 01, 2026 vocatus |
|
| Showing rows 1 to 16 of 16 | Showing Page 1 of 1 | 1 |
OlderGeeks.com Copyright (c) 2026