Moonlit observatory of research and tooling

MiscResearch

Windows security research for those who come after.

A growing archive of ETW notes, LOLBIN investigations, Windows internals, compatibility research, and supporting tooling.

Explore Research Open Tooling

Moonlight / Dawn

Two ways into the work, depending on what you need.

Research collects findings, decoded behavior, and durable reference material. Tooling holds the scripts, proofs-of-concept, and smaller experiments that grew out of that work.

Moonlight

Research

Research notes organized for deep reading, cross-reference, and later retrieval.

Browse ETW providers, LOLBIN analysis, Windows internals, and field notes through category pages that keep related work together without flattening the archive.

Long-form analysis, category browsing, and notes built to hold up as reference material.

47 notes
5 constellations
51 linked topics

Browse research

Dawn

Tooling

Tooling for experiments, validation, and the pieces that move research into practice.

Open the proof-of-concepts, helper scripts, and smaller utilities that were built alongside the notes and are easier to use when kept close to the underlying research.

Proof-of-concepts, support scripts, and operational experiments shaped by the archive.