This is a comprehensive Windows internals toolkit that gives you both user-mode and kernel-mode visibility into running systems. You get process enumeration, service inspection, network connections, and ETW providers without a driver, but load the KWinSys kernel component and you unlock SSDT hook detection, kernel callback enumeration, and rootkit hunting features. The WinSysServer component lets you inspect remote machines over TCP, which is handy for analyzing VMs from your host. It's built for security research and malware analysis, not production monitoring. The skill includes detailed setup instructions for test signing and driver installation, plus code examples showing how to use the WinSys library directly if you want to script your own analyses instead of using the ImGui interface.
npx skills add https://github.com/aradotso/trending-skills --skill ntwarden-windows-analysis-toolkit