https://github.com/alphaSeclab/windows-security
Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.
https://github.com/alphaSeclab/windows-security
amsi applocker dll pe powershell sysinternal uac windows-defender windows-security
Last synced: 11 months ago
JSON representation
Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.
- Host: GitHub
- URL: https://github.com/alphaSeclab/windows-security
- Owner: alphaSeclab
- Created: 2020-02-20T02:11:21.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2020-02-20T02:32:00.000Z (over 6 years ago)
- Last Synced: 2024-11-16T18:03:10.654Z (over 1 year ago)
- Topics: amsi, applocker, dll, pe, powershell, sysinternal, uac, windows-defender, windows-security
- Homepage:
- Size: 422 KB
- Stars: 487
- Watchers: 20
- Forks: 113
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
- Changelog: history/Windows_20200220102341.json
Awesome Lists containing this project
- awesome-hacking-lists - alphaSeclab/windows-security - Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos. (Others)
README
# [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)
# Windows
- 跟Windows安全有关的资源收集。当前包括的工具个数1100+,并根据功能进行了粗糙的分类。部分工具添加了中文描述。当前包括文章数3300+。
- 此页只包含部分内容. [查看完整版](https://github.com/alphaSeclab/windows-security/blob/master/Readme_full.md)
- [English Version](https://github.com/alphaSeclab/windows-security/blob/master/Readme_en.md)
# 目录
- [PowerShell](#686597a4cff20c60a8e86116cde645fb)
- [PowerSploit](#c65ce176ec6f9bbce520d5b97f4067db) -> [(4)工具](#65a67d0db02390cee295385191ee5ee0) [(12)文章](#0ab243d6d9d07fd24d8aa9a44ea03e89)
- [PSAttack](#7a02de4887610ec52c49e64b95fe1580) -> [(3)工具](#65edc029f91b76eab19a2adb39966d55) [(3)文章](#5f6fc3b3e1eac08f477163970696725e)
- [其他](#f00255b09a7cea498b2672c2c7447a04) -> [(5)工具](#882141dceab035af73809b75c83477f1) [(7)文章](#06d2309e0637f481cdfac132c86142b3)
- [DLL](#89f963773ee87e2af6f9170ee60a7fb2)
- [新添加](#4dcfd9135aa5321b7fa65a88155256f9) -> [(107)工具](#9753a9d52e19c69dc119bf03e9d7c3d2) [(152)文章](#b05f4c5cdfe64e1dde2a3c8556e85827)
- [DLL注入](#3b4617e54405a32290224b729ff9f2b3) -> [(67)工具](#b0d50ee42d53b1f88b32988d34787137) [(69)文章](#1a0b0dab4cdbab08bbdc759bab70dbb6)
- [DLL劫持](#f39e40e340f61ae168b67424baac5cc6) -> [(18)工具](#c9cdcc6f4acbeda6c8ac8f4a1ba1ea6b) [(60)文章](#01e95333e07439ac8326253aa8950b4f)
- [DLL旁加载](#7f17d2efd0021063bd713a1b9ee2f46e) -> [(18)文章](#ec3149509e7612fb1a2126948f141bc0)
- [PE](#620af0d32e6ac1f4a3e97385d4d3efc0)
- [PE解析](#c9d6674c5ab3d9adb7fd295acb7ba7cf) -> [(1)工具](#3cb6b6d0c5f183fc7beed42c26733e39) [(3)文章](#f644a8855d53c26fb4f9799d2733c8c8)
- [工具](#574db8bbaafbee72eeb30e28e2799458) -> [(66)工具](#c364a31b0a48b1a528f728def1d3ca05)
- [文章](#7e890d391fa32df27beb1377a371518b) -> [(131)文章](#bba6a2ee17956c3bd688c16acac5e502)
- [.NET](#b8c834b16722c108f8c30f1b0190f0a1)
- [工具](#d90b60dc79837e06d8ba2a7ee1f109d3)
- [(36) 新添加](#6b8b4bf156e5f973cf0485d45a94f4c4)
- [(5) dnspy](#e26e6693fc840e27099c4363598e02cc)
- [(56) 文章](#2612f712f9363ad0d71fc054c4829396)
- [登录与认证](#5dc38e490615f91e67ffb2f668c5088a)
- [Mimikatz](#360af8f1497fcc2dfd2e32f2b636d718) -> [(13)工具](#17f92a061cc661a040c094c1b3fd32e3) [(128)文章](#c9617bf44965290de6f7b645c15328ea)
- [NTLM](#37557d58c549b4988bf0bb0ada5de975) -> [(36)工具](#6c8194db98591f8f68b790975663bc5a) [(128)文章](#f07067c1b70f9c002838e2f4ab25da7d)
- [Kerberos](#20f86e3e6a4aa7dc1e5a1e3071e0d500) -> [(28)工具](#fbc6987a538d971f3d85b790fbf0c1e1) [(71)文章](#3a746419a4bc22b8a6425b81b6bd4593)
- [Pass-The-Hash](#2e1fd273eb428694a94396509754acb5) -> [(1)工具](#3efc90b9ae87a405e231900020ea33ed) [(52)文章](#5cbd82fde4af3da6516b88c52d2c357a)
- [Pass-The-Ticket](#af48434aafea8db423a9bacef64b1620) -> [(3)文章](#e335ccf1622ee0d95b75a4cbb0af5a32)
- [winglogon.exe](#fe064b8a783e94169307579efcfc5349) -> [(1)工具](#1e77e9449ab3be5cd9977aa55991c897) [(6)文章](#6d3a0fcab4e6b1199600072b17f941b0)
- [LLMNR](#9813233777717d99ef29e2fe63abfefb) -> [(5)工具](#7658d2242abc5b8c24e80a77b3a89321) [(18)文章](#e4227d4373c3aec808349a26c979c522)
- [NetBIOS](#d6fd46f65ce1fe687a92a2da9551d7a9) -> [(2)工具](#e41f70bc9d7ba0f1430bed63e2d9aece) [(17)文章](#ce06393f8c683c74ea341a9ef2b48938)
- [其他](#cd40abc5c7d4b2907b770e53a60ee3ec) -> [(2)工具](#e522f8282206b84cd670cbb658e4bd75)
- [安全防护](#cbdc1e0b908c8f2df368db8bbc65926f)
- [UAC](#40fd1488e4a26ebf908f44fdcedd9675) -> [(41)工具](#02517eda8c2519c564a19219e97d6237) [(139)文章](#90d7d5feb7fd506dc8fd6ee0d7e98285)
- [AppLocker](#184bbacd8b9e08c30cc9ffcee9513f44) -> [(13)工具](#8f1876dff78e80b60d00de25994276d9) [(98)文章](#286317d6d7c1a0578d8f5db940201320)
- [Data Execution Prevention(DEP)](#fa89526db1f9373c57ea4ffa1ac8c39f) -> [(1)工具](#10252fd90a09cb32b4e82497aa79f037) [(68)文章](#5ff9992a2474eb75e2a1b5860d5b87dc)
- [Patch Guard(PG)](#edd6035c85e4ddf47939cc0e21505089) -> [(2)工具](#928f69b989fa9e8ec3436e361f646eac) [(24)文章](#998ed9d8013051b3c7b21b89d189d509)
- [Driver Signature Enforcement(DSE)](#9820fc65cd69d9d295a81cfd90be12fe) -> [(11)工具](#18cbac58652453abbe2ff1aed187d370) [(11)文章](#b2d4a9c239c773d20bd4363a4a4c5d83)
- [Windows Defender](#000972b0f2afd58a699bdceabfc21249) -> [(15)工具](#3296552ba5a3a76e4e1b1c0e1164adde) [(155)文章](#a61cee92890da1a569289b5c1daafb6e)
- [Antimalware Scan Interface(AMSI)](#04b9831a450074392140722cd14df668) -> [(11)工具](#93e309abead4f559486dc29f539869de) [(62)文章](#15a5d4f48f2cd80986bd504c561d4a89)
- [Address Space Layout Randomization(ASLR)](#b1324e23dc1b1314c3674203af4cb147) -> [(12)工具](#92a9071fd688be4888c2fbd493ae2d26) [(124)文章](#530581a7d5ef7c27b168a7f86ff642af)
- [Control Flow Guard](#6fc6d2a82e58d5a0daa258dd87190fe5) -> [(4)工具](#5e156e74fbac1a857251ad7349fa55fe)
- [Control Integrity Guard](#87d619895642fc563b2b31154ade189a) ->
- [其他](#d1798993715e3e3a240884b7ff04b45d) ->
- [MS1X](#7571369f732a6a16dfe727626709f702) -> [(46)工具](#a00506bcb946ba1c14c0747407dd2570) [(7)文章](#e08e4392157e48200f68d6e16e31c524)
- [系统机制](#73aa875eba0a61328cda48b6d2b96135)
- [RDP](#d8eb297358353fd465b9b6914327fc0c)
- [(53) 工具](#f8078be0204bcc6c4b88b389d5e169d7)
- [(70) 文章](#789aa51ac9d9c559e587cbd6ae85af8a)
- [(141) 文章_0](#4ece6a5ac5b1176456fe44100a8b18d7)
- [SMB](#2ccd7ff9d95435e841f8c667dda1338e) -> [(61)工具](#1d122fd6dda9ebbd4ee460facbaf1d4d) [(51)文章](#3832aa4bcf779dc33fed9dcd71129a59)
- [Windows Management Instrumentation(WMI)](#25c0e7fba8e6523c9e60eaea718db391) -> [(37)工具](#a44289a4715b50988ac7cbfc1fca0a92) [(144)文章](#78882a933dbf22785891fe26ea95feb1)
- [Event Tracing for Windows(ETW)](#ac43a3ce5a889d8b18cf22acb6c31a72) -> [(40)工具](#0af4bd8ca0fd27c9381a2d1fa8b71a1f) [(66)文章](#11c4c804569626c1eb02140ba557bb85)
- [Lsass](#fe0ba7bd911de751b4cc28c9e1a6cb28) -> [(7)工具](#94693a3207198ec3c995deb0f38cc22c) [(22)文章](#b8904d923ae77cf3c230ee1e07717572)
- [BitLocker](#5aa94d550d4ead20c77cb4c609378a40) -> [(10)工具](#624af4702d96b0df8f89e6142815f034) [(50)文章](#734243fcb4f539b563072a725e24b75f)
- [NTFS](#645dbf50d2f476c438e48af8c9bcd78c) -> [(21)工具](#64624c6440889198d1c69ab40f1a5cf3) [(73)文章](#a976da792a1490b26da931174e05ee8f)
- [SSDT](#b16c5b961088f60a61567d28844e9224) -> [(11)工具](#59abc34487b51ce7a5383d3f37308eac) [(57)文章](#6d2a886ff4abcae02d0968c17d4adfe2)
- [Windows Registry](#23d474a347ac76b1ba3a1f5b178d5db9) -> [(12)工具](#7e46b2cafccc94889e3ac2722bf6b321) [(18)文章](#bc2ad2bfa13e8f6877934465ea611bf8)
- [Component Object Model(COM)](#9f0ddf6e87cbaabd865deebde52699d4) -> [(1)工具](#77b9b279c18b90c20f672b68cc946da1)
- [Distributed Component Object Model(DCOM)](#798eea99c85b0c02ecbde54172e9e11b) -> [(10)工具](#424a04890b93f5642ee2f69e394c9be8) [(35)文章](#b496048006faecf5545e9eb75072e718)
- [Dynamic Data Exchange(DDE)](#9c0d0ea748ac8de5396932422c6cce10) -> [(5)文章](#5ff2332e36459054c8bf3ccd30480a1a)
- [Compiled HTML Help(CHM)](#b05deb0cee0274fb02b27dd33edb80d1) -> [(4)文章](#a68ed31e2457d7ec9143428d05a8a755)
- [WinSxS](#cd351af78b7ca5139f3ae343ecb0dd9c) -> [(1)工具](#1db8c6803d4c2abbdedc18aee7f85c8d)
- [WoW64](#01210feb166b95c19ba9ac374f06a291) -> [(9)工具](#eb82daa5fe43dfd74bc02c47e2c4afe8) [(28)文章](#c6ca09f3f8597935d70aaf695629dc3a)
- [Background Intelligent Transfer Service(BITS)](#0f805859001b5b52d63a7172bd44cdf6) -> [(2)工具](#b2f8f87055fddd1cf1c2c11401ad4e04)
- [Batch Script(.bat)](#a658066df321965f221208dd00abe422) -> [(12)工具](#b1c6b964c60022c9dcd4ff69072dbda5) [(11)文章](#af21157c602c6800e744db567fd3e43c)
- [DACL](#bf6cc44eeb15bfccaf0bf3750be50e2b) -> [(2)工具](#e7f9728a252a6e224e64a49da24b7312) [(6)文章](#04794a1f53e595fb81288e7f9a3ac1d4)
- [WebDAV](#84f437e82aae8bfcecd2694e04fcf8aa) -> [(11)工具](#eb4696a47c7673522fd42c2a6e7cd8a7) [(26)文章](#869dec888564b2d2d13708bebbcc3f74)
- [Group Policy Object(GPO)](#9c71937ab7d82876aac2c54c150791cc) -> [(1)工具](#578d958b7bb54c88abdf496c6e30647b) [(4)文章](#c468de52ae51e1caca7a00483464dd72)
- [AppInit/AppCert](#6b68cefbacf54a6f75ca2f9018117a33) -> [(4)文章](#296d6cf1fb87b343a3084344c76d59ac)
- [InstallUtil](#8f547f4f2f1e71c746324e72861c43f1) -> [(1)文章](#b05e41c16bfafb2f11a5cab1d79b9460)
- [Image File Execution Option(IFEO)](#70f540d5729edd9eaf458082acdb22bc) -> [(5)文章](#16ffb3bcd11332055eb2adab920dff34)
- [Mshta](#3dc4542422de4f6e2a8ea5d4f36e2481) -> [(6)文章](#ec9ec7966300b8a41b394dd5cfbed4c7)
- [Microsoft HTML Application(HTA)](#8722d46369d07d677ad27d467c45e174) -> [(1)文章](#77e8c723a9f3e2b1df9b7778947c3400)
- [NetShell](#7d3e42507cd5aef335800a1ad2ef81f2) -> [(2)工具](#8be076273c1e4f30dc40065080573125) [(1)文章](#bb3384e6aeb99870a31bc93c01f6a76e)
- [VBScript](#4dad410f6466bbb44dd8f722a98b4542) -> [(9)工具](#cb35c6d81a6e143b6a70680e8ef9e02d) [(59)文章](#8d9d82756a32f13fcba26616b4f9aaf0)
- [VBA](#ded9537532637d9e8cf34103b8074bb9) -> [(16)工具](#80b5cac54622fc99de46e2de95f2d187) [(76)文章](#24e894db7a4d419a9b186cd5546fdcd2)
- [Security Service Provider(SSP)](#fdaecf463cde0ace2baf674360118a19) -> [(8)文章](#ca71d3c8c759ef191253380e005213c0)
- [Scheduled Task](#cbe7925b4695d3f5e9f72f432a6530dc) -> [(6)工具](#f52a95e272df2e86c388e0dd076c4c6f) [(9)文章](#85a4495e6c53b1f5de50d3cf42de1084)
- [Windows Remote Management(WinRM)](#0f90a8ce54f7bff9128b404dbab3d314) -> [(9)工具](#a0fe36873097f6dff84cdd7b3fe52fb2) [(16)文章](#c754ad3133666a921f924a0366fda9e0)
- [Control Panel](#567c09f34e35410dc959657beb4da4d3) -> [(1)工具](#2f0c44bd470537ea2924f941129ec965) [(12)文章](#62bd550f94a11d68207c58a1753479cc)
- [Windows Shortcut File](#6bdc12478a16b13a33c7ecd353f967b1) -> [(8)工具](#4a28a030e4074a0d09d31f9cadf7378f) [(18)文章](#29bf70714f8426a6f7804e277cb7b378)
- [Windows Explorer](#09220acd8a80f802a330028acfd6454d) -> [(27)工具](#70a08a1d4ae425b9c2e2e336b832754a) [(4)文章](#97b6c206893c0d72beebd5c122542933)
- [Application Shim](#4305fed600ce259233802ea6c6626887) -> [(7)文章](#10b9816b4775f22260658eef1d41860a)
- [Squiblydoo](#061272d088606ae0778a04b31f3c0e46) -> [(2)文章](#1bd9e5df8902faae521e1dff195f2dbc)
- [Open Office XML](#29ae3a9557d3c14f79aad2303e6bb828) -> [(1)工具](#177dd1d296e82b2dfad2cdcb2a37be2d)
- [其他](#1c2073da678b183d1872ee62c568e7f5) ->
- [各类软件](#928770b6fa4ff230a685448ae6573e52)
- [MS Internet Explorer](#9bb54db4c51a3d146863d4ce1d36c498) -> [(32)工具](#d1119ba6c8e896a186d925ccac371d59)
- [MS Edge](#9003b6891f28795af6a0f11622ed813b) -> [(19)工具](#ea3a3225108e179d9afe0b6e017dde52) [(51)文章](#0019e616c7579c7151faf531b4a0c771)
- [MS Office](#63479a46662292ab817171322fecfcf4) -> [(17)工具](#40ce3b16876770b8c0bf0e67c0abf1e8) [(190)文章](#0e7bba8c1c7a86374dad4962cb4bfd9f)
- [EMET](#979c4f76c79c7e7a453727c7d6ecd539) -> [(3)工具](#9d5a8c1da43df3879057ee7f1cd48c4e) [(118)文章](#c968b8e10a7f96dfdbea90a85e86c02c)
- [psexec](#98f74e5f893a0c326ef336619bc515c4) -> [(3)工具](#336e94749dba45c45e97e436673d38a0) [(42)文章](#0d2c5f807488fe1e68d9a968d04d2b56)
- [Nltest](#4a17ea9f0555ae7c61b9762fd789b23c) ->
- [CMSTP.exe](#5c1479af60b597303b2a885e92c1e384) ->
- [Rundll32](#cc6df9989a20eb5dd533f032daeca9b3) -> [(1)工具](#1e1be483a674d3e6330b31f0f11dadb5) [(12)文章](#68b21ccc26f1f7877ae8e70a907e67ce)
- [Regsvr32](#3ebe3d66a05d92aed5459ed72f1e3678) -> [(2)工具](#c739394b21b3aad9293b747d7d141956) [(4)文章](#fdd93367db93bf20c10b5dbb6f6e1b0f)
- [Regasm](#70d731a999b1cd69d565e35c98540ec9) ->
- [Regsvcs](#b2008a3c57c0e58f8ea1d03f583eb1c1) ->
- [svchost](#c8596ed2e3d35337492ccffcd5a87027) -> [(1)工具](#1928a187378080b11b7119305b61aad5) [(6)文章](#45a0356bc132fc320e96e8bbb5b340f9)
- [MSBuild](#666aceb7939a7ba06d77a71a2baffeee) -> [(6)工具](#0f3c4b5cdc69b98c87e175ef7bb76396) [(14)文章](#1e5138d2ba592b1886ed23b8d22d2e07)
- [csrss.exe](#6f70488efd1c03c94c309fb6e1e7f28a) -> [(21)文章](#9abd04f5352aa1714ccef5012cc33c6c)
- [其他exe](#65a0235ddaea9da80145fa441eb0af2a) -> [(23)文章](#eceb5b79694c803399b0de795fffc296)
- [SysInternalSuite](#d7a63740447f820c26b938b5bc391ef3)
- [Sysmon](#0fed6a96b28f339611e7b111b8f42c23) -> [(36)工具](#d48f038b58dc921660be221b4e302f70) [(144)文章](#2c8cb7fdf765b9d930569f7c64042d62)
- [Procmon](#dbc42caf465566897ecbb644fed1f271) -> [(4)工具](#518d80dfb8e9dda028d18ace1d3f3981) [(18)文章](#af06263e9a92f6036dc5d4c4b28b9d8c)
- [Autoruns](#7da65659e7e463379d32be654003662c) -> [(7)工具](#c206afa40ed90711b49a572feb1e0c5b) [(17)文章](#23c49d681177101f0f7d15fcd15f2124)
- [ProcessExplorer](#fdae9f5a384a5c230e577ac972be2de4) -> [(14)文章](#1b24c5ac9ca199d0397380f902868c73)
- [其他](#836a3b7a9763957991fce4355439ad06) -> [(5)工具](#17fd6ceec67d0beed0bf54b117218123) [(20)文章](#ed25f17a9dd8092131cf45121e24aa68)
- [工具](#b478e9a9a324c963da11437d18f04998)
- [(84) 新添加的](#f9fad1d4d1f0e871a174f67f63f319d8)
- [(5) Environment&&环境&&配置](#6d2fe834b7662ecdd48c17163f732daf)
- [(8) 内核&&驱动](#c3cda3278305549f4c21df25cbf638a4)
- [(3) 注册表](#920b69cea1fc334bbc21a957dd0d9f6f)
- [(4) 系统调用](#d295182c016bd9c2d5479fe0e98a75df)
- [(13) 其他](#1afda3039b4ab9a3a1f60b179ccb3e76)
- [文章](#3939f5e83ca091402022cb58e0349ab8)
- [(8) 新添加](#8e1344cae6e5f9a33e4e5718a012e292)
***
- [**6448**星][9d] [PS] [powershellmafia/powersploit](https://github.com/PowerShellMafia/PowerSploit) PowerSploit - A PowerShell Post-Exploitation Framework
- [**346**星][1y] [C#] [ghostpack/sharpdump](https://github.com/ghostpack/sharpdump) SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
- [**213**星][3m] [Py] [the-useless-one/pywerview](https://github.com/the-useless-one/pywerview) A (partial) Python rewriting of PowerSploit's PowerView
- 2018.12 [aliyun] [Reel—在HackTheBox上的一次BloodHound & PowerSploit 活动目录渗透](https://xz.aliyun.com/t/3516)
- 2018.11 [bugbountywriteup] [Reel — A BloodHound & PowerSploit Active Directory HackTheBox Walkthrough](https://medium.com/p/3745269b1a16)
- 2018.02 [hackers] [PowerSploit, Part 1: How to Control Nearly any Windows System with Powersploit](https://www.hackers-arise.com/single-post/2018/02/24/PowerSploit-Part-1-How-to-Control-Nearly-any-Windows-System-with-Powersploit)
- 2017.11 [mediaservice] [A patch for PowerSploit’s Invoke-Shellcode.ps1](https://techblog.mediaservice.net/2017/11/a-patch-for-powersploits-invoke-shellcode-ps1/)
- 2017.06 [stealthbits] [Exploiting Weak Active Directory Permissions with PowerSploit](https://blog.stealthbits.com/exploiting-weak-active-directory-permissions-with-powersploit/)
- 2017.04 [freebuf] [说说Powersploit在内网渗透中的使用](http://www.freebuf.com/sectool/131275.html)
- 2017.03 [jpcert] [Malware Leveraging PowerSploit](https://blogs.jpcert.or.jp/en/2017/03/malware-leveraging-powersploit.html)
- 2016.01 [sans] [toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics](https://isc.sans.edu/forums/diary/toolsmith+112+Red+vs+Blue+PowerSploit+vs+PowerForensics/20579/)
- 2016.01 [holisticinfosec] [toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics](https://holisticinfosec.blogspot.com/2016/01/toolsmith-112-red-vs-blue-powersploit.html)
- 2015.05 [leonjza] [jenkins to meterpreter toying with powersploit](https://leonjza.github.io/blog/2015/05/27/jenkins-to-meterpreter-toying-with-powersploit/)
- 2013.04 [freebuf] [PowerSploit+Metasploit=Shells](http://www.freebuf.com/articles/system/8130.html)
- 2012.05 [freebuf] [Post Exploitation工具 – PowerSploit](http://www.freebuf.com/sectool/2514.html)
***
- 2017.07 [freebuf] [PSAttack:一个包含所有的渗透测试用例的攻击型Powershell脚本框架](http://www.freebuf.com/sectool/139910.html)
- 2017.07 [4hou] [PSattack:一个渗透测试中使用的万能框架](http://www.4hou.com/info/news/6149.html)
- 2016.11 [BSidesCHS] [BSidesCHS 2016: "Adding PowerShell to your Arsenal with PSAttack" - Jared Haight](https://www.youtube.com/watch?v=sHAujy9R70M)
***
- [**216**星][23d] [PS] [mkellerman/invoke-commandas](https://github.com/mkellerman/invoke-commandas) Invoke Command As System/Interactive/GMSA/User on Local/Remote machine & returns PSObjects.
- 2020.01 [4sysops] [Invoke-Command: Compensating for slow responding computers](https://4sysops.com/archives/invoke-command-compensating-for-slow-responding-computers/)
- 2019.12 [4sysops] [Invoke-Command: Connecting to computers requiring different credentials](https://4sysops.com/archives/invoke-command-connecting-to-computers-requiring-different-credentials/)
- 2019.12 [4sysops] [Invoke-Command: Dealing with offline computers](https://4sysops.com/archives/invoke-command-dealing-with-offline-computers/)
- 2019.01 [sans] [Start-Process PowerShell - Get Forensic Artifact](https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1492181107.pdf)
- 2018.12 [4sysops] [Running PowerShell remotely as SYSTEM with Invoke-CommandAs](https://4sysops.com/archives/running-powershell-remotely-as-system-with-invoke-commandas/)
- 2013.12 [mikefrobbins] [PowerShell Remoting Error When Trying to use Invoke-Command Against a Domain Controller](http://mikefrobbins.com/2013/12/04/powershell-remoting-error-when-trying-to-use-invoke-command-against-a-domain-controller/)
- 2013.01 [mikefrobbins] [PowerShell Remoting Insanity with AppAssure and the Invoke-Command Cmdlet](http://mikefrobbins.com/2013/01/31/powershell-remoting-insanity-with-appassure-and-the-invoke-command-cmdlet/)
***
- [**2064**星][10d] [C#] [lucasg/dependencies](https://github.com/lucasg/dependencies) A rewrite of the old legacy software "depends.exe" in C# for Windows devs to troubleshoot dll load dependencies issues.
- [**1393**星][12m] [C] [fancycode/memorymodule](https://github.com/fancycode/memorymodule) Library to load a DLL from memory.
- [**1232**星][10d] [C#] [perfare/il2cppdumper](https://github.com/perfare/il2cppdumper) Restore dll from Unity il2cpp binary file (except code)
- [**810**星][10d] [C#] [terminals-origin/terminals](https://github.com/terminals-origin/terminals) Terminals is a secure, multi tab terminal services/remote desktop client. It uses Terminal Services ActiveX Client (mstscax.dll). The project started from the need of controlling multiple connections simultaneously. It is a complete replacement for the mstsc.exe (Terminal Services) client. This is official source moved from Codeplex.
- [**396**星][8m] [C++] [hasherezade/dll_to_exe](https://github.com/hasherezade/dll_to_exe) Converts a DLL into EXE
- [**385**星][19d] [C#] [3f/dllexport](https://github.com/3f/dllexport) .NET DllExport
- 重复区段: [.NET->工具->新添加](#6b8b4bf156e5f973cf0485d45a94f4c4) |
- [**371**星][12d] [PS] [netspi/pesecurity](https://github.com/NetSPI/PESecurity) PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.
- [**255**星][16d] [C++] [wbenny/detoursnt](https://github.com/wbenny/detoursnt) Detours with just single dependency - NTDLL
- [**236**星][21d] [C#] [erfg12/memory.dll](https://github.com/erfg12/memory.dll) C# Hacking library for making PC game trainers.
- [**234**星][1y] [C#] [misaka-mikoto-tech/monohook](https://github.com/Misaka-Mikoto-Tech/MonoHook) hook C# method at runtime without modify dll file (such as UnityEditor.dll)
- [**220**星][2m] [C++] [chuyu-team/mint](https://github.com/Chuyu-Team/MINT) Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
- [**203**星][10d] [C++] [s1lentq/regamedll_cs](https://github.com/s1lentq/regamedll_cs) a result of reverse engineering of original library mod HLDS (build 6153beta) using DWARF debug info embedded into linux version of HLDS, cs.so
- 2016.12 [sensepost] [Rattler:Identifying and Exploiting DLL Preloading Vulnerabilities](https://sensepost.com/blog/2016/rattleridentifying-and-exploiting-dll-preloading-vulnerabilities/)
- 2012.10 [netspi] [Testing Applications for DLL Preloading Vulnerabilities](https://blog.netspi.com/testing-applications-for-dll-preloading-vulnerabilities/)
- 2010.08 [microsoft] [More information about the DLL Preloading remote attack vector](https://msrc-blog.microsoft.com/2010/08/23/more-information-about-the-dll-preloading-remote-attack-vector/)
- 2009.09 [evilcodecave] [DllExportComparer](https://evilcodecave.wordpress.com/2009/09/04/dllexportcomparer/)
- 2009.07 [pediy] [[原创]dll下载器分析](https://bbs.pediy.com/thread-94312.htm)
- 2009.07 [addxorrol] [Poking around MSVIDCTL.DLL](http://addxorrol.blogspot.com/2009/07/poking-around-msvidctldll.html)
- 2009.07 [rapid7] [IE DirectShow (msvidctl.dll) MPEG-2 Metasploit Exploit](https://blog.rapid7.com/2009/07/07/ie-directshow-msvidctldll-mpeg-2-metasploit-exploit/)
- 2009.07 [sans] [0-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks](https://isc.sans.edu/forums/diary/0day+in+Microsoft+DirectShow+msvidctldll+used+in+driveby+attacks/6733/)
- 2009.07 [vexillium] [DllMain and its uncovered possibilites](http://j00ru.vexillium.org/?p=80)
- 2009.07 [vexillium] [DllMain and its uncovered possibilites](https://j00ru.vexillium.org/2009/07/dllmain-and-its-uncovered-possibilites/)
- 2009.06 [pediy] [[原创]使用GCC创建 Windows NT 下的内核DLL](https://bbs.pediy.com/thread-92537.htm)
- 2009.06 [pediy] [[Anti Virus专题]1.7 - 打造DLL内存加载引擎.](https://bbs.pediy.com/thread-90441.htm)
- 2009.05 [pediy] [[原创]dll 全局api hook 一例(附代码)](https://bbs.pediy.com/thread-90109.htm)
- 2009.05 [pediy] [[原创]Fengyue's DLL-Game.exe 加壳流程简单分析](https://bbs.pediy.com/thread-89706.htm)
- 2009.05 [travisgoodspeed] [FET Firmware from MSP430.DLL](http://travisgoodspeed.blogspot.com/2009/05/fet-firmware-from-msp430dll.html)
- 2009.05 [pediy] [[原创]暴风影音2009(Config.dll)ActiveX远程栈溢出漏洞](https://bbs.pediy.com/thread-87617.htm)
- 2009.05 [pediy] [[原创]暴风影音2009(mps.dll)ActiveX远程栈溢出漏洞](https://bbs.pediy.com/thread-87616.htm)
- 2009.04 [pediy] [[求助]windows mobile dll的一个问题](https://bbs.pediy.com/thread-86211.htm)
- 2009.04 [pediy] [不需要依赖dllmain触发的CE注入代码](https://bbs.pediy.com/thread-85899.htm)
- 2009.03 [pediy] [[原创]用DELPHI编写DLL插件为Windows记事本增加各种功能](https://bbs.pediy.com/thread-84730.htm)
***
- [**994**星][1m] [C] [fdiskyou/injectallthethings](https://github.com/fdiskyou/injectallthethings) Seven different DLL injection techniques in one single project.
- [**747**星][7m] [C++] [darthton/xenos](https://github.com/darthton/xenos) Windows DLL 注入器
- [**635**星][3m] [PS] [monoxgas/srdi](https://github.com/monoxgas/srdi) Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
- 2019.06 [aliyun] [Windows 10 Task Scheduler服务DLL注入漏洞分析](https://xz.aliyun.com/t/5286)
- 2018.10 [pediy] [[原创]代替创建用户线程使用ShellCode注入DLL的小技巧](https://bbs.pediy.com/thread-247515.htm)
- 2018.10 [4hou] [如何利用DLL注入绕过Win10勒索软件保护](http://www.4hou.com/technology/13923.html)
- 2018.10 [0x00sec] [Reflective Dll Injection - Any Way to check If a process is already injected?](https://0x00sec.org/t/reflective-dll-injection-any-way-to-check-if-a-process-is-already-injected/8980/)
- 2018.09 [pediy] [[原创]win10_arm64 驱动注入dll 到 arm32程序](https://bbs.pediy.com/thread-247032.htm)
- 2018.08 [freebuf] [sRDI:一款通过Shellcode实现反射型DLL注入的强大工具](http://www.freebuf.com/sectool/181426.html)
- 2018.07 [4hou] [注入系列——DLL注入](http://www.4hou.com/technology/12703.html)
- 2018.06 [0x00sec] [Reflective DLL Injection - AV detects at runtime](https://0x00sec.org/t/reflective-dll-injection-av-detects-at-runtime/7307/)
- 2018.06 [qq] [【游戏漏洞】注入DLL显示游戏窗口](http://gslab.qq.com/article-508-1.html)
- 2017.12 [secist] [Mavinject | Dll Injected](http://www.secist.com/archives/5912.html)
- 2017.12 [secvul] [SSM终结dll注入](https://secvul.com/topics/951.html)
- 2017.10 [nsfocus] [【干货分享】Sandbox技术之DLL注入](http://blog.nsfocus.net/sandbox-technology-dll-injection/)
- 2017.10 [freebuf] [DLL注入新姿势:反射式DLL注入研究](http://www.freebuf.com/articles/system/151161.html)
- 2017.10 [pediy] [[原创]通过Wannacry分析内核shellcode注入dll技术](https://bbs.pediy.com/thread-221756.htm)
- 2017.09 [360] [Dll注入新姿势:SetThreadContext注入](https://www.anquanke.com/post/id/86786/)
- 2017.08 [silentbreaksecurity] [sRDI – Shellcode Reflective DLL Injection](https://silentbreaksecurity.com/srdi-shellcode-reflective-dll-injection/)
- 2017.08 [360] [DLL注入那些事](https://www.anquanke.com/post/id/86671/)
- 2017.08 [freebuf] [系统安全攻防战:DLL注入技术详解](http://www.freebuf.com/articles/system/143640.html)
- 2017.08 [pediy] [[翻译]多种DLL注入技术原理介绍](https://bbs.pediy.com/thread-220405.htm)
- 2017.07 [0x00sec] [Reflective DLL Injection](https://0x00sec.org/t/reflective-dll-injection/3080/)
***
- [**441**星][9m] [Pascal] [mojtabatajik/robber](https://github.com/mojtabatajik/robber) 查找易于发生DLL劫持的可执行文件
- [**327**星][1y] [C++] [anhkgg/superdllhijack](https://github.com/anhkgg/superdllhijack) 一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了
- 2019.06 [4hou] [戴尔预装的SupportAssist组件存在DLL劫持漏洞,全球超过1亿台设备面临网络攻击风险](https://www.4hou.com/vulnerable/18764.html)
- 2019.05 [4hou] [《Lateral Movement — SCM and DLL Hijacking Primer》的利用扩展](https://www.4hou.com/technology/18008.html)
- 2019.04 [3gstudent] [《Lateral Movement — SCM and DLL Hijacking Primer》的利用扩展](https://3gstudent.github.io/3gstudent.github.io/Lateral-Movement-SCM-and-DLL-Hijacking-Primer-%E7%9A%84%E5%88%A9%E7%94%A8%E6%89%A9%E5%B1%95/)
- 2019.04 [3gstudent] [《Lateral Movement — SCM and DLL Hijacking Primer》的利用扩展](https://3gstudent.github.io/3gstudent.github.io/Lateral-Movement-SCM-and-DLL-Hijacking-Primer-%E7%9A%84%E5%88%A9%E7%94%A8%E6%89%A9%E5%B1%95/)
- 2019.04 [specterops] [Lateral Movement — SCM and Dll Hijacking Primer](https://medium.com/p/d2f61e8ab992)
- 2019.01 [sans] [DLL Hijacking Like a Boss!](https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1493862085.pdf)
- 2018.11 [t00ls] [一种通用DLL劫持技术研究](https://www.t00ls.net/articles-48756.html)
- 2018.11 [pediy] [[原创]一种通用DLL劫持技术研究](https://bbs.pediy.com/thread-248050.htm)
- 2018.09 [DoktorCranium] [Understanding how DLL Hijacking works](https://www.youtube.com/watch?v=XADSrZEJdXY)
- 2018.09 [astr0baby] [Understanding how DLL Hijacking works](https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works/)
- 2018.08 [parsiya] [DVTA - Part 5 - Client-side Storage and DLL Hijacking](https://parsiya.net/blog/2018-08-25-dvta-part-5-client-side-storage-and-dll-hijacking/)
- 2018.08 [parsiya] [DVTA - Part 5 - Client-side Storage and DLL Hijacking](https://parsiya.net/blog/2018-08-25-dvta---part-5---client-side-storage-and-dll-hijacking/)
- 2018.06 [cybereason] [Attackers incriminate a signed Oracle process for DLL hijacking, running Mimikatz](https://www.cybereason.com/blog/oracle-mimikatz-dll-hijacking)
- 2018.05 [360] [独辟蹊径:如何通过URL文件实现DLL劫持](https://www.anquanke.com/post/id/145715/)
- 2018.05 [insert] [利用URL文件实现DLL劫持](https://insert-script.blogspot.com/2018/05/dll-hijacking-via-url-files.html)
- 2017.10 [cybereason] [Siofra, a free tool built by Cybereason researcher, exposes DLL hijacking vulnerabilities in Windows programs](https://www.cybereason.com/blog/blog-siofra-free-tool-exposes-dll-hijacking-vulnerabilities-in-windows)
- 2017.08 [securiteam] [SSD Advisory – Dashlane DLL Hijacking](https://blogs.securiteam.com/index.php/archives/3357)
- 2017.05 [4hou] [Windows 下的 7 种 DLL 劫持技术](http://www.4hou.com/technology/4945.html)
- 2017.05 [pediy] [[原创]让代码飞出一段钢琴曲(freepiano小助手)(全局键盘钩子+dll劫持)+有码](https://bbs.pediy.com/thread-217330.htm)
- 2017.03 [pentestlab] [DLL Hijacking](https://pentestlab.blog/2017/03/27/dll-hijacking/)
***
- 2016.04 [hackingarticles] [Hack Remote Windows PC using Office OLE multiple DLL side loading vulnerabilities](http://www.hackingarticles.in/hack-remote-windows-pc-using-office-ole-multiple-dll-side-loading-vulnerabilities/)
- 2015.12 [securify] [DLL side loading vulnerability in VMware Host Guest Client Redirector](https://securify.nl/en/advisory/SFY20151201/dll-side-loading-vulnerability-in-vmware-host-guest-client-redirector.html)
- 2015.11 [securify] [MapsUpdateTask Task DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20151101/mapsupdatetask-task-dll-side-loading-vulnerability.html)
- 2015.11 [securify] [Shutdown UX DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20151102/shutdown-ux-dll-side-loading-vulnerability.html)
- 2015.09 [securify] [HP ToComMsg DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20150902/hp-tocommsg-dll-side-loading-vulnerability.html)
- 2015.09 [securify] [BDA MPEG2 Transport Information Filter DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20150906/bda-mpeg2-transport-information-filter-dll-side-loading-vulnerability.html)
- 2015.09 [securify] [NPS Datastore server DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20150905/nps-datastore-server-dll-side-loading-vulnerability.html)
- 2015.09 [securify] [Windows Mail Find People DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20150904/windows-mail-find-people-dll-side-loading-vulnerability.html)
- 2015.09 [securify] [HP LaserJet Fax Preview DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20150903/hp-laserjet-fax-preview-dll-side-loading-vulnerability.html)
- 2015.09 [securify] [LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities](https://securify.nl/en/advisory/SFY20150901/leadtools-activex-control-multiple-dll-side-loading-vulnerabilities.html)
- 2015.08 [securify] [COM+ Services DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20150801/com_-services-dll-side-loading-vulnerability.html)
- 2015.08 [securify] [Microsoft Visio multiple DLL side loading vulnerabilities](https://securify.nl/en/advisory/SFY20150804/microsoft-visio-multiple-dll-side-loading-vulnerabilities.html)
- 2015.08 [securify] [OLE DB Provider for Oracle multiple DLL side loading vulnerabilities](https://securify.nl/en/advisory/SFY20150806/ole-db-provider-for-oracle-multiple-dll-side-loading-vulnerabilities.html)
- 2015.08 [securify] [Shockwave Flash Object DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20150802/shockwave-flash-object-dll-side-loading-vulnerability.html)
- 2015.08 [securify] [Windows Authentication UI DLL side loading vulnerability](https://securify.nl/en/advisory/SFY20150803/windows-authentication-ui-dll-side-loading-vulnerability.html)
- 2015.08 [securify] [Event Viewer Snapin multiple DLL side loading vulnerabilities](https://securify.nl/en/advisory/SFY20150805/event-viewer-snapin-multiple-dll-side-loading-vulnerabilities.html)
- 2015.06 [securify] [Cisco AnyConnect elevation of privileges via DLL side loading](https://securify.nl/en/advisory/SFY20150601/cisco-anyconnect-elevation-of-privileges-via-dll-side-loading.html)
- 2010.08 [microsoft] [An update on the DLL-preloading remote attack vector](https://msrc-blog.microsoft.com/2010/08/31/an-update-on-the-dll-preloading-remote-attack-vector/)
***
- [**904**星][12d] [Py] [erocarrera/pefile](https://github.com/erocarrera/pefile) PE文件读取、解析工具,Python编写
查看详情
## 特性
- Inspecting headers
- Analysis of sections' data
- Retrieving embedded data
- Reading strings from the resources
- Warnings for suspicious and malformed values
- Support to write to some of the fields and to other parts of the PE, so it's possible to do some basic butchering of PEs
- Packer detection with PEiD’s signatures
- PEiD signature generation
- 2017.09 [] [Binary offsets, virtual addresses and pefile](https://5d4a.wordpress.com/2017/09/21/binary-offsets-virtual-addresses-and-pefile/)
- 2017.03 [] [67,000 cuts with python-pefile](https://0xec.blogspot.com/2017/03/67000-cuts-with-python-pefile.html)
- 2009.05 [pediy] [[原创]利用python+pefile库做PE格式文件的快速开发](https://bbs.pediy.com/thread-89838.htm)
***
- [**693**星][15d] [C] [thewover/donut](https://github.com/thewover/donut) 生成位置无关的shellcode(x86,x64或AMD64 + x86),该shellcode从内存中加载.NET程序集、PE文件和其他Windows有效负载,并使用参数运行它们
- 重复区段: [.NET->工具->新添加](#6b8b4bf156e5f973cf0485d45a94f4c4) |
- [**407**星][2m] [Assembly] [hasherezade/pe_to_shellcode](https://github.com/hasherezade/pe_to_shellcode) Converts PE into a shellcode
- [**399**星][5m] [Jupyter Notebook] [endgameinc/ember](https://github.com/endgameinc/ember) 110万PE文件的数据集合, 可用于训练相关模型. PE文件信息主要包括: SHA256/histogram(直方图)/byteentropy(字节熵)/字符串/PE头信息/段信息/导入表/导出表
- [**372**星][1y] [Assembly] [egebalci/amber](https://github.com/egebalci/amber) 反射式PE加壳器,用于绕过安全产品和缓解措施
- [**342**星][7m] [C] [merces/pev](https://github.com/merces/pev) The PE file analysis toolkit
- [**328**星][2m] [VBA] [itm4n/vba-runpe](https://github.com/itm4n/vba-runpe) A VBA implementation of the RunPE technique or how to bypass application whitelisting.
- [**327**星][1m] [C++] [trailofbits/pe-parse](https://github.com/trailofbits/pe-parse) Principled, lightweight C/C++ PE parser
- [**318**星][20d] [C++] [hasherezade/libpeconv](https://github.com/hasherezade/libpeconv) 用于映射和取消映射PE 文件的库
- [**288**星][9m] [Java] [katjahahn/portex](https://github.com/katjahahn/portex) Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness
***
- 2016.08 [3gstudent] [隐写技巧——在PE文件的数字证书中隐藏Payload](https://3gstudent.github.io/3gstudent.github.io/%E9%9A%90%E5%86%99%E6%8A%80%E5%B7%A7-%E5%9C%A8PE%E6%96%87%E4%BB%B6%E7%9A%84%E6%95%B0%E5%AD%97%E8%AF%81%E4%B9%A6%E4%B8%AD%E9%9A%90%E8%97%8FPayload/)
- 2016.08 [3gstudent] [隐写技巧——在PE文件的数字证书中隐藏Payload](https://3gstudent.github.io/3gstudent.github.io/%E9%9A%90%E5%86%99%E6%8A%80%E5%B7%A7-%E5%9C%A8PE%E6%96%87%E4%BB%B6%E7%9A%84%E6%95%B0%E5%AD%97%E8%AF%81%E4%B9%A6%E4%B8%AD%E9%9A%90%E8%97%8FPayload/)
- 2016.06 [pediy] [[原创]菜鸟对PEid 0.95 Cave 查找功能逆向](https://bbs.pediy.com/thread-211094.htm)
- 2016.06 [mzrst] [Professional PE Explorer – PPEE](https://www.mzrst.com/blog/2016/06/15/pe-explorer/)
- 2016.06 [pediy] [[翻译]Windows PE文件中的数字签名格式](https://bbs.pediy.com/thread-210709.htm)
- 2016.05 [sans] [CVE-2016-2208 Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation](https://isc.sans.edu/forums/diary/CVE20162208+Symantec+Antivirus+Engine+Malformed+PE+Header+Parser+Memory+Access+Violation/21069/)
- 2016.05 [freebuf] [Manalyze:PE文件的静态分析工具](http://www.freebuf.com/sectool/104378.html)
- 2016.04 [cyber] [Presenting PeNet: a native .NET library for analyzing PE Headers with PowerShell](https://cyber.wtf/2016/04/18/presenting-penet-a-native-net-library-for-analyzing-pe-headers-with-powershell/)
- 2016.02 [pediy] [[原创]64位CreateProcess逆向:(三)PE格式的解析与效验](https://bbs.pediy.com/thread-208101.htm)
- 2016.02 [360] [在windows环境下使用Volatility或PE Capture捕捉执行代码(PE/DLL/驱动恶意文件)](https://www.anquanke.com/post/id/83507/)
- 2015.12 [secureallthethings] [Add PE Code Signing to Backdoor Factory (BDF)](http://secureallthethings.blogspot.com/2015/12/add-pe-code-signing-to-backdoor-factory.html)
- 2015.12 [missmalware] [PE Import Analysis for Beginners and Lazy People](http://missmalware.com/2015/12/pe-import-analysis-for-beginners-and-lazy-people/)
- 2015.12 [pediy] [[原创]一个C++的PE文件操作类](https://bbs.pediy.com/thread-206304.htm)
- 2015.12 [pediy] [[原创]通过c++代码给PE文件添加一个区段](https://bbs.pediy.com/thread-206197.htm)
- 2015.11 [securityblog] [FileAlyzer – Analyze files – Read PE information](http://securityblog.gr/2963/filealyzer-analyze-files-read-pe-information/)
- 2015.11 [securityblog] [Read Portable Executable (PE) information](http://securityblog.gr/2960/read-portable-executable-pe-information/)
- 2015.11 [freebuf] [逆向工程(二):从一个简单的实例来了解PE文件](http://www.freebuf.com/articles/system/86596.html)
- 2015.11 [pediy] [[原创][开源]LordPE框架设计之精简版](https://bbs.pediy.com/thread-206136.htm)
- 2015.11 [pediy] [[原创]手查PE重定向](https://bbs.pediy.com/thread-206072.htm)
- 2015.11 [pediy] [[原创][开源]Win32控制台解析PE文件](https://bbs.pediy.com/thread-206060.htm)
***
- [**9528**星][19d] [C#] [icsharpcode/ilspy](https://github.com/icsharpcode/ilspy) .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
- [**3824**星][2m] [C#] [0xd4d/de4dot](https://github.com/0xd4d/de4dot) .NET deobfuscator and unpacker.
- [**3278**星][9m] [JS] [sindresorhus/speed-test](https://github.com/sindresorhus/speed-test) Test your internet connection speed and ping using speedtest.net from the CLI
- [**2526**星][1y] [C#] [yck1509/confuserex](https://github.com/yck1509/confuserex) An open-source, free protector for .NET applications
- [**1811**星][1m] [C#] [sshnet/ssh.net](https://github.com/sshnet/ssh.net) SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.
- [**1696**星][19d] [C#] [jbevain/cecil](https://github.com/jbevain/cecil) C#库, 探查/修改/生成 .NET App/库
- [**1535**星][12d] [C#] [steamre/steamkit](https://github.com/steamre/steamkit) SteamKit2 is a .NET library designed to interoperate with Valve's Steam network. It aims to provide a simple, yet extensible, interface to perform various actions on the network.
- [**1415**星][1y] [C++] [dotnet/llilc](https://github.com/dotnet/llilc) This repo contains LLILC, an LLVM based compiler for .NET Core. It includes a set of cross-platform .NET code generation tools that enables compilation of MSIL byte code to LLVM supported platforms.
- [**1147**星][9d] [C#] [cobbr/covenant](https://github.com/cobbr/covenant) Covenant is a collaborative .NET C2 framework for red teamers.
- [**1135**星][15d] [Boo] [byt3bl33d3r/silenttrinity](https://github.com/byt3bl33d3r/silenttrinity) An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
- [**923**星][12d] [C#] [pwntester/ysoserial.net](https://github.com/pwntester/ysoserial.net) 生成Payload,恶意利用不安全的 .NET 对象反序列化
- [**818**星][12d] [C#] [proxykit/proxykit](https://github.com/proxykit/proxykit) A toolkit to create code-first HTTP reverse proxies on ASP.NET Core
- [**788**星][2m] [C#] [cobbr/sharpsploit](https://github.com/cobbr/sharpsploit) SharpSploit is a .NET post-exploitation library written in C#
- [**728**星][3m] [C#] [obfuscar/obfuscar](https://github.com/obfuscar/obfuscar) Open source obfuscation tool for .NET assemblies
- [**693**星][15d] [C] [thewover/donut](https://github.com/thewover/donut) 生成位置无关的shellcode(x86,x64或AMD64 + x86),该shellcode从内存中加载.NET程序集、PE文件和其他Windows有效负载,并使用参数运行它们
- 重复区段: [PE->工具->工具](#c364a31b0a48b1a528f728def1d3ca05) |
- [**634**星][12d] [HTML] [foxzilla/pxer](https://github.com/foxzilla/pxer) 人人可用的P站爬虫
- [**577**星][10d] [C#] [dabutvin/imgbot](https://github.com/dabutvin/imgbot) An Azure Function solution to crawl through all of your image files in GitHub and losslessly compress them. This will make the file size go down, but leave the dimensions and quality untouched. Once it's done, ImgBot will open a pull request for you to review and merge. help@imgbot.net
- [**546**星][24d] [C#] [crosire/scripthookvdotnet](https://github.com/crosire/scripthookvdotnet) An ASI plugin for Grand Theft Auto V, which allows running scripts written in any .NET language in-game.
- [**536**星][11d] [Go] [timothyye/godns](https://github.com/timothyye/godns) A dynamic DNS client tool, supports AliDNS, Cloudflare, Google Domains, DNSPod, HE.net & DuckDNS, written in Go.
- [**494**星][28d] [C#] [paulbartrum/jurassic](https://github.com/paulbartrum/jurassic) A .NET library to parse and execute JavaScript code.
- [**493**星][1m] [C#] [chmorgan/sharppcap](https://github.com/chmorgan/sharppcap) 用于捕获数据包的跨平台 (Windows, Mac, Linux)库,.NET编写
- [**486**星][28d] [C#] [tyranid/oleviewdotnet](https://github.com/tyranid/oleviewdotnet) OLE/COM查看和检测工具,.NET语言编写
- [**424**星][7m] [Java] [nccgroup/freddy](https://github.com/nccgroup/freddy) 自动识别 Java/.NET 应用程序中的反序列化漏洞
- [**386**星][14d] [C#] [addictedcs/soundfingerprinting](https://github.com/addictedcs/soundfingerprinting) .NET中的音频指纹识别。完全用C#编写的高效的声音指纹识别算法。
- [**385**星][19d] [C#] [3f/dllexport](https://github.com/3f/dllexport) .NET DllExport
- 重复区段: [DLL->新添加->工具](#9753a9d52e19c69dc119bf03e9d7c3d2) |
- [**383**星][2m] [C#] [security-code-scan/security-code-scan](https://github.com/security-code-scan/security-code-scan) Vulnerability Patterns Detector for C# and VB.NET
- [**373**星][9d] [C#] [sonarsource/sonar-dotnet](https://github.com/sonarsource/sonar-dotnet) 用于C#和VB.NET语言的静态代码分析器,用作SonarQube和SonarCloud平台的扩展。
- [**366**星][10m] [JS] [nikolayit/openjudgesystem](https://github.com/nikolayit/openjudgesystem) An open source system for online algorithm competitions for Windows, written in ASP.NET MVC
- [**357**星][10d] [C#] [tmoonlight/nsmartproxy](https://github.com/tmoonlight/nsmartproxy) 内网穿透工具。采用.NET CORE的全异步模式打造
- [**334**星][10d] [Java] [wiglenet/wigle-wifi-wardriving](https://github.com/wiglenet/wigle-wifi-wardriving) Nethugging client for Android, from wigle.net
- [**320**星][1m] [C#] [azuread/azure-activedirectory-library-for-dotnet](https://github.com/azuread/azure-activedirectory-library-for-dotnet) ADAL authentication libraries for .net
- [**316**星][10d] [C#] [dahall/vanara](https://github.com/dahall/vanara) A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.
- [**13163**星][24d] [C#] [0xd4d/dnspy](https://github.com/0xd4d/dnspy) .NET debugger and assembly editor
***
- 2011.11 [pcsxcetrasupport3] [Converting VB Script To VB.Net](https://pcsxcetrasupport3.wordpress.com/2011/11/12/converting-vb-script-to-vb-net/)
- 2011.10 [pediy] [[原创]小小菜鸟爆破IphoneBackupextractor V3.08(.net)](https://bbs.pediy.com/thread-141900.htm)
- 2011.06 [pediy] [[原创][.net]修復不能使用的115网盘地址解析工具](https://bbs.pediy.com/thread-136059.htm)
- 2011.02 [pediy] [[原创]新发现一个简单有效的.net程序破解方法(可破隐藏IL级别的保护)](https://bbs.pediy.com/thread-129272.htm)
- 2010.12 [lowleveldesign] [Writing a .net debugger (part 4) – breakpoints](https://lowleveldesign.org/2010/12/01/writing-a-net-debugger-part-4-breakpoints/)
- 2010.11 [pelock] [.netshrink v2.0](https://www.pelock.com/blog/2010/11/30/netshrink-v2-0/)
- 2010.11 [lowleveldesign] [Writing a .net debugger (part 3) – symbol and source files](https://lowleveldesign.org/2010/11/08/writing-a-net-debugger-part-3-symbol-and-source-files/)
- 2010.11 [sans] [DNSSEC Progress for .com and .net](https://isc.sans.edu/forums/diary/DNSSEC+Progress+for+com+and+net/9883/)
- 2010.10 [lowleveldesign] [Writing a .net debugger (part 2) – handling events and creating wrappers](https://lowleveldesign.org/2010/10/22/writing-a-net-debugger-part-2-handling-events-and-creating-wrappers/)
- 2010.10 [lowleveldesign] [Writing a .net debugger (part 1) – starting the debugging session](https://lowleveldesign.org/2010/10/11/writing-a-net-debugger-part-1-starting-the-debugging-session/)
- 2010.05 [pediy] [[原创].Net内存程序集的DUMP(ProFile篇)](https://bbs.pediy.com/thread-113697.htm)
- 2010.01 [pediy] [[原创].net逆向学习总结系列[2.24更新:.net逆向学习总结002(1)]](https://bbs.pediy.com/thread-104845.htm)
- 2008.06 [pediy] [[原创]请求加精!绕过.Net 2.0强名称验证,解决混合代码无法反编译的问题。](https://bbs.pediy.com/thread-66392.htm)
- 2007.12 [pediy] [[翻译]Win32asm tutorial (Asm.yeah.net)](https://bbs.pediy.com/thread-55784.htm)
- 2007.10 [pediy] [[翻译]].Net 下的保护和逆向工程](https://bbs.pediy.com/thread-52738.htm)
- 2007.07 [pediy] [[原创].Net 2.0 通用反射脱壳机完整版](https://bbs.pediy.com/thread-47729.htm)
- 2007.07 [pediy] [[原创].Net 反射脱壳机核心源代码](https://bbs.pediy.com/thread-47330.htm)
- 2007.05 [pediy] [[原创].net jokeme 2](https://bbs.pediy.com/thread-44933.htm)
- 2007.04 [pediy] [BSPR .net1.1保护壳 内部测试](https://bbs.pediy.com/thread-42077.htm)
- 2007.03 [pediy] [[原创].net的joke me](https://bbs.pediy.com/thread-41424.htm)
***
- [**9161**星][11d] [C] [gentilkiwi/mimikatz](https://github.com/gentilkiwi/mimikatz) A little tool to play with Windows security
- [**802**星][10d] [Py] [skelsec/pypykatz](https://github.com/skelsec/pypykatz) 纯Python实现的Mimikatz
- [**264**星][6m] [C] [portcullislabs/linikatz](https://github.com/portcullislabs/linikatz) UNIX版本的Mimikatz
- [**210**星][2m] [C#] [ghostpack/sharpdpapi](https://github.com/ghostpack/sharpdpapi) SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
- 2020.01 [matterpreter] [Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver](https://posts.specterops.io/mimidrv-in-depth-4d273d19e148)
- 2019.12 [LoiLiangYang] [Access Windows 10 Password with Empire and Mimikatz (Cybersecurity)](https://www.youtube.com/watch?v=saF9epFwzPE)
- 2019.12 [specterops] [Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver](https://medium.com/p/4d273d19e148)
- 2019.11 [sentinelone] [What is Mimikatz? (And Why Is It So Dangerous?)](https://www.sentinelone.com/blog/what-is-mimikatz-and-why-is-it-so-dangerous/)
- 2019.10 [securestate] [No More Mimikatz](https://warroom.rsmus.com/no-more-mimikatz/)
- 2019.07 [4hou] [探索Mimikatz神器之SSP](https://www.4hou.com/system/18912.html)
- 2019.07 [markmotig] [NetKatz, Mimikatz to Hex and Defender groans but shrugs](https://medium.com/p/157fe8d67bdf)
- 2019.07 [4hou] [探索 Mimikatz 神器之 WDigest](https://www.4hou.com/system/18874.html)
- 2019.06 [4hou] [Mimikatz中SSP的使用](https://www.4hou.com/technology/18813.html)
- 2019.06 [4hou] [Mimikatz中sekurlsa::wdigest的实现](https://www.4hou.com/technology/18811.html)
- 2019.06 [HackerSploit] [PowerShell Empire Complete Tutorial For Beginners - Mimikatz & Privilege Escalation](https://www.youtube.com/watch?v=52xkWbDMUUM)
- 2019.06 [vulnerablelife] [Defending Windows Domain Against Mimikatz Attacks](https://vulnerablelife.wordpress.com/2019/06/15/defending-windows-domain-against-mimikatz-attacks/)
- 2019.06 [360] [深入分析Mimikatz:WDigest](https://www.anquanke.com/post/id/180126/)
- 2019.06 [3gstudent] [Mimikatz中SSP的使用](https://3gstudent.github.io/3gstudent.github.io/Mimikatz%E4%B8%ADSSP%E7%9A%84%E4%BD%BF%E7%94%A8/)
- 2019.06 [360] [深入分析Mimikatz:SSP](https://www.anquanke.com/post/id/180001/)
- 2019.06 [xpnsec] [Exploring Mimikatz - Part 2 - SSP](https://blog.xpnsec.com/exploring-mimikatz-part-2/)
- 2019.06 [3gstudent] [Mimikatz中sekurlsa::wdigest的实现](https://3gstudent.github.io/3gstudent.github.io/Mimikatz%E4%B8%ADsekurlsa-wdigest%E7%9A%84%E5%AE%9E%E7%8E%B0/)
- 2019.05 [malcomvetter] [Choose Your Own Red Team Adventure: Mimikatz](https://medium.com/p/58b4d7b856c9)
- 2019.05 [xpnsec] [Exploring Mimikatz - Part 1 - WDigest](https://blog.xpnsec.com/exploring-mimikatz-part-1/)
- 2019.04 [crowdstrike] [Mimikatz in the Wild: Bypassing Signature-Based Detections Using the “AK47 of Cyber”](https://www.crowdstrike.com/blog/credential-theft-mimikatz-techniques/)
***
- [**3097**星][5m] [Py] [spiderlabs/responder](https://github.com/spiderlabs/responder) LLMNR/NBT-NS/MDNS投毒,内置HTTP/SMB/MSSQL/FTP/LDAP认证服务器, 支持NTLMv1/NTLMv2/LMv2
- [**1887**星][1m] [Py] [lgandx/responder](https://github.com/lgandx/responder) LLMNR, NBT-NS, MDNS 投毒工具, 内置 HTTP/SMB/MSSQL/FTP/LDAP 流氓认证服务器,支持 NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP和基础 HTTP认证
- [**781**星][1m] [Py] [lgandx/pcredz](https://github.com/lgandx/pcredz) This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
- [**744**星][1y] [C#] [eladshamir/internal-monologue](https://github.com/eladshamir/internal-monologue) 在不接触LSASS的情况下提取NTLM hash
- [**676**星][1y] [Py] [deepzec/bad-pdf](https://github.com/deepzec/bad-pdf) create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines
- [**256**星][2m] [Py] [evilmog/ntlmv1-multi](https://github.com/evilmog/ntlmv1-multi) 修改NTLMv1/NTLMv1-ESS/MSCHAPv1 Hask, 使其可以在hashcat中用DES模式14000破解
- [**252**星][14d] [PS] [notmedic/netntlmtosilverticket](https://github.com/notmedic/netntlmtosilverticket) SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
- [**250**星][11d] [Ruby] [urbanesec/zackattack](https://github.com/urbanesec/ZackAttack) Unveiled at DEF CON 20, NTLM Relaying to ALL THE THINGS!
- 2019.11 [4hou] [NTLM 中继攻击的几种非主流玩法](https://www.4hou.com/system/21543.html)
- 2019.10 [4hou] [NTLM攻击两例](https://www.4hou.com/info/news/21163.html)
- 2019.09 [pentestlab] [Microsoft Exchange – NTLM Relay](https://pentestlab.blog/2019/09/09/microsoft-exchange-ntlm-relay/)
- 2019.08 [vulnerability0lab] [Windows 10 Net NTLMv2 Credentials Steal with Excel](https://www.youtube.com/watch?v=z5Ki2G579-Y)
- 2019.06 [freebuf] [CVE-2019-1040 Windows NTLM篡改漏洞分析](https://www.freebuf.com/vuls/206169.html)
- 2019.06 [technicalsyn] [Eternalrelayx.py — Non-Admin NTLM Relaying & ETERNALBLUE Exploitation](https://medium.com/p/dab9e2b97337)
- 2019.06 [tencent] [Windows NTLM认证(CVE-2019-1040)漏洞预警](https://s.tencent.com/research/bsafe/738.html)
- 2019.06 [4hou] [微软NTLM协议曝出巨大漏洞,现有安全保护措施也无用!](https://www.4hou.com/vulnerable/18512.html)
- 2019.06 [preempt] [Security Advisory: Critical Vulnerabilities in NTLM Allow Remote Code Execution and Cloud Resources Compromise](https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm)
- 2019.03 [nsfocus] [【M01N】资源约束委派和NTLM Relaying的组合拳接管域内任意主机系统权限](http://blog.nsfocus.net/combination-resource-constrained-delegation-ntlm-relaying-takes-privileges-host-system-domain/)
- 2019.03 [4hou] [结合NTLM中继和Kerberos委派实现域成员机器的提权](https://www.4hou.com/technology/16626.html)
- 2019.03 [venus] [利用 Exchange SSRF 漏洞和 NTLM 中继沦陷域控](https://paper.seebug.org/833/)
- 2019.03 [knownsec] [利用 Exchange SSRF 漏洞和 NTLM 中继沦陷域控](http://blog.knownsec.com/2019/03/%e5%88%a9%e7%94%a8-exchange-ssrf-%e6%bc%8f%e6%b4%9e%e5%92%8c-ntlm-%e4%b8%ad%e7%bb%a7%e6%b2%a6%e9%99%b7%e5%9f%9f%e6%8e%a7/)
- 2019.01 [sans] [Relaying Exchange?s NTLM authentication to domain admin (and more)](https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/)
- 2019.01 [ironcastle] [CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks](https://www.ironcastle.net/certcc-reports-microsoft-exchange-2013-and-newer-are-vulnerable-to-ntlm-relay-attacks/)
- 2019.01 [evi1cg] [Remote NTLM relaying through CS](https://evi1cg.me/archives/Remote_NTLM_relaying_through_CS.html)
- 2019.01 [freebuf] [Windows环境中使用Responder获取NTLMv2哈希并利用](https://www.freebuf.com/articles/system/194549.html)
- 2019.01 [4hou] [通过web应用中的文件下载漏洞窃取NTLMv2哈希](http://www.4hou.com/system/15391.html)
- 2018.12 [hitbsecconf] [#HITB2018DXB D2T2: NTLM Relay Is Dead, Long Live NTLM Relay - Jianing Wang and Junyu Zhou](https://www.youtube.com/watch?v=gyR3RQEpfxU)
- 2018.12 [ZeroNights] [Jianing Wang, Junyu Zhou - Ntlm Relay Reloaded: Attack methods you do not know](https://www.youtube.com/watch?v=BrSS_0a0vzQ)
***
- [**728**星][19d] [C#] [ghostpack/rubeus](https://github.com/ghostpack/rubeus) 原始Kerberos交互和滥用,C#编写
- [**617**星][3m] [C] [gentilkiwi/kekeo](https://github.com/gentilkiwi/kekeo) 玩弄 Windows Kerberos 的工具箱
- [**593**星][7m] [Py] [nidem/kerberoast](https://github.com/nidem/kerberoast) 一系列用于攻击MS Kerberos实现的工具
- [**376**星][12d] [Go] [jcmturner/gokrb5](https://github.com/jcmturner/gokrb5) Pure Go Kerberos library for clients and services
- [**354**星][2m] [Go] [ropnop/kerbrute](https://github.com/ropnop/kerbrute) A tool to perform Kerberos pre-auth bruteforcing
- [**236**星][27d] [Py] [dirkjanm/krbrelayx](https://github.com/dirkjanm/krbrelayx) Kerberos unconstrained delegation abuse toolkit
- 2020.02 [aliyun] [域渗透——Kerberos委派攻击](https://xz.aliyun.com/t/7217)
- 2020.01 [stealthbits] [What is Kerberos Delegation? An Overview of Kerberos Delegation](https://blog.stealthbits.com/what-is-kerberos-delegation-an-overview-of-kerberos-delegation/)
- 2020.01 [3gstudent] [渗透技巧——通过Kerberos pre-auth进行用户枚举和口令爆破](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E9%80%9A%E8%BF%87Kerberos-pre-auth%E8%BF%9B%E8%A1%8C%E7%94%A8%E6%88%B7%E6%9E%9A%E4%B8%BE%E5%92%8C%E5%8F%A3%E4%BB%A4%E7%88%86%E7%A0%B4/)
- 2019.10 [4hou] [Kerberos中继攻击:滥用无约束委派(下)](https://www.4hou.com/web/19303.html)
- 2019.09 [4hou] [Kerberos中继攻击:滥用无约束委派(上)](https://www.4hou.com/web/19302.html)
- 2019.07 [4hou] [Kerberos 委派攻击原理之 S4U2 利用详解](https://www.4hou.com/system/18825.html)
- 2019.06 [stealthbits] [What is the Kerberos PAC?](https://blog.stealthbits.com/what-is-the-kerberos-pac/)
- 2019.05 [andreafortuna] [Some thoughts about Kerberos Golden Tickets](https://www.andreafortuna.org/2019/05/29/some-thoughts-about-kerberos-silver-tickets/)
- 2019.05 [improsec] [The mind-blowing Kerberos "Use Any Authentication Protocol" Delegation](https://improsec.com/tech-blog/the-mind-blowing-kerberos-use-any-authentication-protocol-delegation)
- 2019.05 [aliyun] [Kerberos Security](https://xz.aliyun.com/t/5004)
- 2019.03 [freebuf] [Kerberos协议探索系列之委派篇](https://www.freebuf.com/articles/system/198381.html)
- 2019.03 [tarlogic] [Kerberos (I): How does Kerberos work? – Theory](https://www.tarlogic.com/en/blog/how-kerberos-works/)
- 2019.03 [360] [Kerberos协议探索系列之委派篇](https://www.anquanke.com/post/id/173477/)
- 2019.03 [ironcastle] [Special Webcast: Purple Kerberos: Current attack strategies & defenses – March 11, 2019 1:00pm US/Eastern](https://www.ironcastle.net/special-webcast-purple-kerberos-current-attack-strategies-defenses-march-11-2019-100pm-us-eastern/)
- 2019.03 [freebuf] [Kerberos协议探索系列之票据篇](https://www.freebuf.com/articles/system/197160.html)
- 2019.03 [360] [Kerberos协议探索系列之票据篇](https://www.anquanke.com/post/id/172900/)
- 2019.03 [freebuf] [Kerberos协议探索系列之扫描与爆破篇](https://www.freebuf.com/articles/system/196434.html)
- 2019.02 [360] [Kerberos协议探索系列之扫描与爆破篇](https://www.anquanke.com/post/id/171552/)
- 2019.01 [f5] [Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos](https://devcentral.f5.com/articles/troubleshooting-kerberos-constrained-delegation-strong-encryption-types-allowed-for-kerberos-33250)
- 2019.01 [sans] [Attacking Kerberos](https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1493862736.pdf)
***
- 2020.01 [aliyun] [深入研究Pass-the-Hash攻击与防御](https://xz.aliyun.com/t/7051)
- 2019.08 [infosecinstitute] [MITRE ATT&CK vulnerability spotlight: Pass-the-hash](https://resources.infosecinstitute.com/mitre-attck-spotlight-pass-the-hash/)
- 2019.04 [4hou] [高级域渗透技术之传递哈希已死-LocalAccountTokenFilterPolicy万岁](https://www.4hou.com/technology/17668.html)
- 2019.03 [freebuf] [如何检测Pass-the-Hash攻击?](https://www.freebuf.com/articles/system/197660.html)
- 2019.03 [tevora] [About Windows Process/Thread Tokens and Pass The Hash](https://threat.tevora.com/windows-process-and-thread-tokens-primer/)
- 2019.02 [stealthbits] [How to Detect Overpass-the-Hash Attacks](https://blog.stealthbits.com/how-to-detect-overpass-the-hash-attacks/)
- 2019.02 [swordshield] [Phantom Users: Deception and Pass the Hash Attacks](https://www.swordshield.com/blog/phantom-users-deception-and-pass-the-hash-attacks/)
- 2019.02 [swordshield] [Phantom Users: Deception and Pass the Hash Attacks](https://www.swordshield.com/blog/deception-and-pass-the-hash/)
- 2019.02 [stealthbits] [How to Detect Pass-the-Hash Attacks](https://blog.stealthbits.com/how-to-detect-pass-the-hash-attacks/)
- 2018.08 [stealthbits] [Deploying Pass-the-Hash Honeypots](https://blog.stealthbits.com/deploying-pass-the-hash-honeypots/)
- 2018.07 [stealthbits] [使用蜜罐检测 Pass-the-Hash 攻击](https://blog.stealthbits.com/detecting-pass-the-hash-honeypots/)
- 2018.05 [3gstudent] [渗透技巧——Pass the Hash with Remote Desktop](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-Pass-the-Hash-with-Remote-Desktop/)
- 2018.05 [3gstudent] [渗透技巧——Pass the Hash with Remote Desktop](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-Pass-the-Hash-with-Remote-Desktop/)
- 2018.02 [4hou] [如何用WINDOWS事件查看器检测传递哈希](http://www.4hou.com/system/10273.html)
- 2017.12 [3gstudent] [域渗透——Pass The Hash的实现](https://3gstudent.github.io/3gstudent.github.io/%E5%9F%9F%E6%B8%97%E9%80%8F-Pass-The-Hash%E7%9A%84%E5%AE%9E%E7%8E%B0/)
- 2017.12 [3gstudent] [域渗透——Pass The Hash的实现](https://3gstudent.github.io/3gstudent.github.io/%E5%9F%9F%E6%B8%97%E9%80%8F-Pass-The-Hash%E7%9A%84%E5%AE%9E%E7%8E%B0/)
- 2017.12 [aliyun] [域渗透——Pass The Hash的实现](https://xz.aliyun.com/t/1802)
- 2017.08 [labofapenetrationtester] [Week of Evading Microsoft ATA - Day 2 - Overpass-the-hash and Golden Ticket](http://www.labofapenetrationtester.com/2017/08/week-of-evading-microsoft-ata-day2.html)
- 2017.06 [decoder] [From Pass-the-Hash to Pass-the-Ticket with no pain](https://decoder.cloud/2017/06/30/from-pass-the-hash-to-pass-the-ticket-with-no-pain/)
- 2017.06 [wikidsystems] [Defeating pass-the-hash attacks with two-factor authentication](https://www.wikidsystems.com/blog/defeating-pass-the-hash-attacks-with-two-factor-authentication/)
***
- 2019.02 [stealthbits] [How to Detect Pass-the-Ticket Attacks](https://blog.stealthbits.com/detect-pass-the-ticket-attacks)
- 2017.05 [4hou] [如何通过SSH隧道实现 Windows Pass the Ticket攻击?](http://www.4hou.com/technology/4974.html)
- 2017.05 [bluescreenofjeff] [如何利用 SSH 隧道进行域渗透(Passthe Ticket)](https://bluescreenofjeff.com/2017-05-23-how-to-pass-the-ticket-through-ssh-tunnels/)
***
- 2020.01 [pentestlab] [Persistence – Winlogon Helper DLL](https://pentestlab.blog/2020/01/14/persistence-winlogon-helper-dll/)
- 2019.09 [specterops] [Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe](https://medium.com/p/80696c8a73b)
- 2016.11 [hexacorn] [The Archaeologologogology #2 – the romantic view as seen through the winlogon.exe’s window…](http://www.hexacorn.com/blog/2016/11/27/the-archaeologologogology-2-the-romantic-view-as-seen-through-the-winlogon-exes-window/)
- 2016.05 [malwarebytes] [Tech support scammers using Winlogon](https://blog.malwarebytes.com/cybercrime/2016/05/tech-support-scammers-using-winlogon/)
- 2010.11 [redplait] [winlogon.exe RPC interfaces](http://redplait.blogspot.com/2010/11/winlogonexe-rpc-interfaces.html)
- 2009.05 [pediy] [[推荐]汇编实现注入winlogon.exe屏蔽Ctrl+Alt+Del 附lib库 源码和例子](https://bbs.pediy.com/thread-87864.htm)
***
- [**1072**星][6m] [PS] [kevin-robertson/inveigh](https://github.com/kevin-robertson/inveigh) Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool
- [**258**星][6m] [C#] [kevin-robertson/inveighzero](https://github.com/kevin-robertson/inveighzero) Windows C# LLMNR/mDNS/NBNS/DNS spoofer/man-in-the-middle tool
- 2019.08 [bugbountywriteup] [LLMNR Poisoning and WPAD Spoofing](https://medium.com/p/69bfd8d8c504)
- 2019.04 [blackhillsinfosec] [An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit](https://www.blackhillsinfosec.com/an-smb-relay-race-how-to-exploit-llmnr-and-smb-message-signing-for-fun-and-profit/)
- 2018.12 [4hou] [内网渗透技术之超越LLMNR/NBNS欺骗的ADIDNS欺骗攻击](http://www.4hou.com/penetration/15309.html)
- 2018.07 [netspi] [不只是 LLMNR/NBNS 欺骗: 攻击集成了 Active Directory 的 DNS](https://blog.netspi.com/exploiting-adidns/)
- 2018.06 [blackhillsinfosec] [How to Disable LLMNR & Why You Want To](https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/)
- 2018.05 [freebuf] [利用LLMNR结合PDF文件获取PC Hashes](http://www.freebuf.com/articles/network/171634.html)
- 2017.11 [aliyun] [利用 LLMNR 名称解析缺陷劫持内网指定主机会话](https://xz.aliyun.com/t/1679)
- 2017.04 [n0where] [Windows PowerShell LLMNR/NBNS spoofer: Inveigh](https://n0where.net/windows-powershell-llmnrnbns-spoofer-inveigh)
- 2017.03 [n0where] [LLMNR NBT-NS MDNS Poisoner: Responder](https://n0where.net/llmnr-nbt-ns-mdns-poisoner-responder)
- 2017.02 [360] [渗透测试中的LLMNR/NBT-NS欺骗攻击](https://www.anquanke.com/post/id/85503/)
- 2017.01 [polaris] [LLMNR&WPAD介绍以及渗透测试中的利用](http://polaris-lab.com/index.php/archives/139/)
- 2016.12 [pentest] [What is LLMNR & WPAD and How to Abuse Them During Pentest ?](https://pentest.blog/what-is-llmnr-wpad-and-how-to-abuse-them-during-pentest/)
- 2016.11 [n0where] [LLMNR, NBT-NS and MDNS Responder for Windows](https://n0where.net/llmnr-nbt-ns-and-mdns-responder-for-windows)
- 2016.06 [] [LLMNR and NBT-NS Poisoning Using Responder](https://www.4armed.com/blog/llmnr-nbtns-poisoning-using-responder/)
- 2016.03 [360] [Inveigh:Windows Powershell版的LLMNR/NBNS 协议欺骗/中间人工具](https://www.anquanke.com/post/id/83671/)
- 2016.02 [securityblog] [LLMNR NBT-NS and MDNS poisoner](http://securityblog.gr/3249/llmnr-nbt-ns-and-mdns-poisoner/)
- 2015.12 [toolswatch] [Inveigh Beta Windows PowerShell LLMNR/NBNS Spoofer](http://www.toolswatch.org/2015/12/inveigh-beta-windows-powershell-llmnrnbns-spoofer/)
- 2015.09 [gracefulsecurity] [Stealing Accounts: LLMNR and NBT-NS Spoofing](https://www.gracefulsecurity.com/stealing-accounts-llmnr-and-nbt-ns-poisoning/)
***
- 2019.01 [infosecaddicts] [Enumerating NetBIOS services](https://infosecaddicts.com/enumerating-netbios-services/)
- 2018.10 [HackerSploit] [NetBIOS And SMB Enumeration - Nbtstat & smbclient](https://www.youtube.com/watch?v=sXqT95eIAjo)
- 2017.09 [hackingarticles] [NetBIOS and SMB Penetration Testing on Windows](http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows/)
- 2016.09 [rapid7] [Sonar NetBIOS Name Service Study](https://blog.rapid7.com/2016/09/06/sonar-netbios-name-service-study/)
- 2015.10 [akamai] [NetBIOS, RPC Portmap and Sentinel Reflection DDoS Attacks](https://blogs.akamai.com/2015/10/netbios-rpc-portmap-and-sentinel-reflection-ddos-attacks.html)
- 2015.09 [darknet] [Remote Network Penetration via NetBios Hack/Hacking](https://www.darknet.org.uk/2006/09/remote-network-penetration-via-netbios-hackhacking/)
- 2015.08 [agrrrdog] [NetBIOS spoofing for attacks on browser](http://agrrrdog.blogspot.com/2015/08/netbios-spoofing-for-attacks-on-browser.html)
- 2014.08 [sans] [All Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon](https://isc.sans.edu/forums/diary/All+Samba+4xx+are+vulnerable+to+a+remote+code+execution+vulnerability+in+the+nmbd+NetBIOS+name+services+daemon/18471/)
- 2013.04 [securityblog] [Disable NetBIOS NULL Sessions](http://securityblog.gr/1841/disable-netbios-null-sessions/)
- 2012.08 [pentestlab] [Scanning NetBIOS](https://pentestlab.blog/2012/08/19/scanning-netbios/)
- 2012.08 [freebuf] [使用NetBios Spoofing技术渗透内网](http://www.freebuf.com/articles/5238.html)
- 2012.05 [sans] [Windows Firewall Bypass Vulnerability and NetBIOS NS](https://isc.sans.edu/forums/diary/Windows+Firewall+Bypass+Vulnerability+and+NetBIOS+NS/13156/)
- 2012.04 [securityblog] [NetBIOS name enumeration](http://securityblog.gr/656/netbios-name-enumeration/)
- 2012.01 [sans] [Is it time to get rid of NetBIOS?](https://isc.sans.edu/forums/diary/Is+it+time+to+get+rid+of+NetBIOS/12454/)
- 2011.02 [toolswatch] [Netbios Share Scanner updated to v0.3](http://www.toolswatch.org/2011/02/netbios-share-scanner-updated-to-v0-3/)
- 2011.01 [toolswatch] [Netbios Share Scanner v0.2 released](http://www.toolswatch.org/2011/01/netbios-share-scanner-v0-2-released/)
- 2008.08 [skullsecurity] [nbtool 0.02 released! (also, a primer on NetBIOS)](https://blog.skullsecurity.org/2008/nbtool-002-released-also-a-primer-on-netbios)
***
***
- [**2500**星][2m] [C] [hfiref0x/uacme](https://github.com/hfiref0x/uacme) Defeating Windows User Account Control
- [**2458**星][9d] [PS] [k8gege/k8tools](https://github.com/k8gege/k8tools) K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
- [**1859**星][17d] [JS] [coreybutler/node-windows](https://github.com/coreybutler/node-windows) Windows support for Node.JS scripts (daemons, eventlog, UAC, etc).
- [**1742**星][1m] [Py] [rootm0s/winpwnage](https://github.com/rootm0s/winpwnage) UAC bypass, Elevate, Persistence and Execution methods
- 2020.01 [morphisec] [Trickbot Trojan Leveraging a New Windows 10 UAC Bypass](https://blog.morphisec.com/trickbot-uses-a-new-windows-10-uac-bypass)
- 2019.11 [4hou] [CVE-2019-1388: Windows UAC权限提升漏洞](https://www.4hou.com/info/news/21710.html)
- 2019.10 [freebuf] [UAC绕过初探](https://www.freebuf.com/articles/system/216337.html)
- 2019.09 [4sysops] [Security options in Windows Server 2016: Accounts and UAC](https://4sysops.com/archives/security-options-in-windows-server-2016-accounts-and-uac/)
- 2019.09 [heynowyouseeme] [windows 10 GUI UAC bypass ( netplwiz.exe )](https://heynowyouseeme.blogspot.com/2019/09/windows-10-gui-uac-bypass-netplwizexe.html)
- 2019.08 [heynowyouseeme] [Windows 10 LPE (UAC Bypass) in Windows Store (WSReset.exe)](https://heynowyouseeme.blogspot.com/2019/08/windows-10-lpe-uac-bypass-in-windows.html)
- 2019.08 [freebuf] [SneakyEXE:一款嵌入式UAC绕过工具](https://www.freebuf.com/sectool/209097.html)
- 2019.04 [markmotig] [Brute Forcing Admin Passwords with UAC](https://medium.com/p/e711c551ad7e)
- 2019.03 [4hou] [通过模拟可信目录绕过UAC的利用分析](https://www.4hou.com/technology/16713.html)
- 2019.03 [aliyun] [如何滥用Access Tokens UIAccess绕过UAC](https://xz.aliyun.com/t/4126)
- 2019.02 [3gstudent] [通过模拟可信目录绕过UAC的利用分析](https://3gstudent.github.io/3gstudent.github.io/%E9%80%9A%E8%BF%87%E6%A8%A1%E6%8B%9F%E5%8F%AF%E4%BF%A1%E7%9B%AE%E5%BD%95%E7%BB%95%E8%BF%87UAC%E7%9A%84%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/)
- 2019.02 [3gstudent] [通过模拟可信目录绕过UAC的利用分析](https://3gstudent.github.io/3gstudent.github.io/%E9%80%9A%E8%BF%87%E6%A8%A1%E6%8B%9F%E5%8F%AF%E4%BF%A1%E7%9B%AE%E5%BD%95%E7%BB%95%E8%BF%87UAC%E7%9A%84%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/)
- 2019.02 [sans] [UAC is not all that bad really](https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/)
- 2019.01 [fuzzysecurity] [Anatomy of UAC Attacks](http://fuzzysecurity.com/tutorials/27.html)
- 2019.01 [sevagas] [Yet another sdclt UAC bypass](https://blog.sevagas.com/?Yet-another-sdclt-UAC-bypass)
- 2018.11 [4hou] [利用metasploit绕过UAC的5种方式](http://www.4hou.com/system/13707.html)
- 2018.11 [tenable] [UAC Bypass by Mocking Trusted Directories](https://medium.com/p/24a96675f6e)
- 2018.10 [0x000x00] [How to bypass UAC in newer Windows versions](https://0x00-0x00.github.io/research/2018/10/31/How-to-bypass-UAC-in-newer-Windows-versions.html)
- 2018.10 [tyranidslair] [Farewell to the Token Stealing UAC Bypass](https://tyranidslair.blogspot.com/2018/10/farewell-to-token-stealing-uac-bypass.html)
- 2018.10 [tyranidslair] [Farewell to the Token Stealing UAC Bypass](https://www.tiraniddo.dev/2018/10/farewell-to-token-stealing-uac-bypass.html)
***
- [**947**星][23d] [PS] [api0cradle/ultimateapplockerbypasslist](https://github.com/api0cradle/ultimateapplockerbypasslist) The goal of this repository is to document the most common techniques to bypass AppLocker.
- 2019.11 [tyranidslair] [The Internals of AppLocker - Part 4 - Blocking DLL Loading](https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-4.html)
- 2019.11 [tyranidslair] [The Internals of AppLocker - Part 4 - Blocking DLL Loading](https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-4.html)
- 2019.11 [tyranidslair] [The Internals of AppLocker - Part 3 - Access Tokens and Access Checking](https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-3.html)
- 2019.11 [tyranidslair] [The Internals of AppLocker - Part 3 - Access Tokens and Access Checking](https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-3.html)
- 2019.11 [tyranidslair] [The Internals of AppLocker - Part 2 - Blocking Process Creation](https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-2.html)
- 2019.11 [tyranidslair] [The Internals of AppLocker - Part 2 - Blocking Process Creation](https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-2.html)
- 2019.11 [tyranidslair] [The Internals of AppLocker - Part 1 - Overview and Setup](https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-1.html)
- 2019.11 [tyranidslair] [The Internals of AppLocker - Part 1 - Overview and Setup](https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-1.html)
- 2019.09 [blackhillsinfosec] [Getting Started With AppLocker](https://www.blackhillsinfosec.com/getting-started-with-applocker/)
- 2019.08 [p0w3rsh3ll] [How to delete a single Applocker rule](https://p0w3rsh3ll.wordpress.com/2019/08/02/how-to-delete-a-single-applocker-rule/)
- 2019.05 [oddvar] [A small discovery about AppLocker](https://oddvar.moe/2019/05/29/a-small-discovery-about-applocker/)
- 2019.04 [4hou] [通过regsrv32.exe绕过Applocker应用程序白名单的多种方法](https://www.4hou.com/web/17354.html)
- 2019.03 [4sysops] [Application whitelisting: Software Restriction Policies vs. AppLocker vs. Windows Defender Application Control](https://4sysops.com/archives/application-whitelisting-software-restriction-policies-vs-applocker-vs-windows-defender-application-control/)
- 2019.03 [4hou] [逃避手段再开花——从一个能逃避AppLocker和AMSI检测的Office文档讲起](https://www.4hou.com/system/16916.html)
- 2019.03 [yoroi] [The Document that Eluded AppLocker and AMSI](https://blog.yoroi.company/research/the-document-that-eluded-applocker-and-amsi/)
- 2019.03 [p0w3rsh3ll] [Applocker and PowerShell: how do they tightly work together?](https://p0w3rsh3ll.wordpress.com/2019/03/07/applocker-and-powershell-how-do-they-tightly-work-together/)
- 2019.02 [4hou] [如何以管理员身份绕过AppLocker](http://www.4hou.com/web/16213.html)
- 2019.02 [oddvar] [Bypassing AppLocker as an admin](https://oddvar.moe/2019/02/01/bypassing-applocker-as-an-admin/)
- 2019.01 [hackingarticles] [Windows Applocker Policy – A Beginner’s Guide](https://www.hackingarticles.in/windows-applocker-policy-a-beginners-guide/)
- 2019.01 [t00ls] [投稿文章:Bypass Applocker + 免杀执行任意 shellcode [ csc + installUtil ]](https://www.t00ls.net/articles-49443.html)
***
## Data Execution Prevention(DEP)
- 2019.11 [aliyun] [ARM EXP 开发 - 绕过 DEP 执行 mprotect()](https://xz.aliyun.com/t/6750)
- 2019.07 [codingvision] [Bypassing ASLR and DEP - Getting Shells with pwntools](https://codingvision.net/security/bypassing-aslr-dep-getting-shells-with-pwntools)
- 2019.01 [fuzzysecurity] [MS13-009 Use-After-Free IE8 (DEP)](http://fuzzysecurity.com/exploits/20.html)
- 2019.01 [fuzzysecurity] [BlazeVideo HDTV Player 6.6 Professional SEH&DEP&ASLR](http://fuzzysecurity.com/exploits/11.html)
- 2019.01 [fuzzysecurity] [NCMedia Sound Editor Pro v7.5.1 SEH&DEP&ASLR](http://fuzzysecurity.com/exploits/16.html)
- 2019.01 [fuzzysecurity] [ALLMediaServer 0.8 SEH&DEP&ASLR](http://fuzzysecurity.com/exploits/15.html)
- 2018.12 [360] [CoolPlayer bypass DEP(CVE-2008-3408)分析](https://www.anquanke.com/post/id/167424/)
- 2018.09 [duo] [Weak Apple DEP Authentication Leaves Enterprises Vulnerable to Social Engineering Attacks and Rogue Devices](https://duo.com/blog/weak-apple-dep-authentication-leaves-enterprises-vulnerable-to-social-engineering-attacks-and-rogue-devices)
- 2018.09 [3or] [ARM Exploitation - Defeating DEP - executing mprotect()](https://blog.3or.de/arm-exploitation-defeating-dep-executing-mprotect.html)
- 2018.09 [3or] [ARM Exploitation - Defeating DEP - execute system()](https://blog.3or.de/arm-exploitation-defeating-dep-execute-system.html)
- 2018.06 [pediy] [[原创]Easy MPEG to DVD Burner 1.7.11 SEH + DEP Bypass Local Buffer Overflow](https://bbs.pediy.com/thread-228537.htm)
- 2018.05 [pediy] [[翻译]DEP缓解技术(一)](https://bbs.pediy.com/thread-226625.htm)
- 2017.12 [360] [利用缓解技术:数据执行保护(DEP)](https://www.anquanke.com/post/id/91266/)
- 2017.12 [0x00sec] [Exploit Mitigation Techniques - Data Execution Prevention (DEP)](https://0x00sec.org/t/exploit-mitigation-techniques-data-execution-prevention-dep/4634/)
- 2017.10 [freebuf] [在64位系统中使用ROP+Return-to-dl-resolve来绕过ASLR+DEP](http://www.freebuf.com/articles/system/149364.html)
- 2017.10 [freebuf] [如何在32位系统中使用ROP+Return-to-dl来绕过ASLR+DEP](http://www.freebuf.com/articles/system/149214.html)
- 2017.08 [pediy] [[原创]利用Ret2Libc挑战DEP——利用ZwSetInformationProcess](https://bbs.pediy.com/thread-220346.htm)
- 2017.06 [360] [ropasaurusrex:ROP入门教程——DEP(下)](https://www.anquanke.com/post/id/86197/)
- 2017.06 [360] [ropasaurusrex:ROP入门教程——DEP(上)](https://www.anquanke.com/post/id/86196/)
- 2017.05 [myonlinesecurity] [fake clothing order Berhanu (PURCHASE DEPARTMENT) using winace files delivers Loki bot](https://myonlinesecurity.co.uk/fake-clothing-order-berhanu-purchase-department-using-winace-files-delivers-loki-bot/)
***
- [**551**星][11m] [C] [hfiref0x/upgdsed](https://github.com/hfiref0x/upgdsed) 通用PG和DSE禁用工具
- 2019.04 [OffensiveCon] [OffensiveCon19 - Luc Reginato - Updated Analysis of PatchGuard on Windows RS4](https://www.youtube.com/watch?v=ifWdeFHXj7s)
- 2019.03 [tetrane] [Updated Analysis of PatchGuard on Microsoft Windows 10 RS4](https://blog.tetrane.com/2019/Analysis-Windows-PatchGuard.html)
- 2018.10 [aliyun] [搞定PatchGuard:利用KPTI绕过内核修改保护](https://xz.aliyun.com/t/3072)
- 2018.10 [ensilo] [Melting Down PatchGuard: Leveraging KPTI to Bypass Kernel Patch Protection](https://blog.ensilo.com/meltdown-patchguard)
- 2018.09 [pediy] [[原创]PatchGuard自效验粗略分析](https://bbs.pediy.com/thread-246730.htm)
- 2015.06 [alex] [What are Little PatchGuards Made Of?](http://www.alex-ionescu.com/?p=290)
- 2015.01 [ptsecurity] [Windows 8.1 Kernel Patch Protection — PatchGuard](http://blog.ptsecurity.ru/2015/01/windows-81-kernel-patch-protection.html)
- 2014.07 [mcafee] [Malicious Utility Can Defeat Windows PatchGuard](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-utility-can-defeat-windows-patchguard/)
- 2014.07 [mcafee] [Malicious Utility Can Defeat Windows PatchGuard](https://securingtomorrow.mcafee.com/mcafee-labs/malicious-utility-can-defeat-windows-patchguard/)
- 2014.03 [mcafee] [Analyzing the Uroburos PatchGuard Bypass](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-uroburos-patchguard-bypass/)
- 2014.03 [mcafee] [Analyzing the Uroburos PatchGuard Bypass](https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-uroburos-patchguard-bypass/)
- 2013.02 [pediy] [[原创]DisablePatchGuard.sys](https://bbs.pediy.com/thread-162477.htm)
- 2012.11 [pediy] [[讨论]让PatchGuard变狗屎的那些方法~](https://bbs.pediy.com/thread-158157.htm)
- 2011.06 [picturoku] [Patchguard red flags](http://picturoku.blogspot.com/2011/06/patchguard-red-flags.html)
- 2009.12 [immunityinc] [PatchGuard](https://www.immunityinc.com/downloads/h2hc.pdf)
- 2007.01 [alex] [Windows Vista 64-bit Driver Signing/PatchGuard Workaround](http://www.alex-ionescu.com/?p=23)
- 2007.01 [pediy] [[转帖]Bypassing PatchGuard on Windows x64](https://bbs.pediy.com/thread-37428.htm)
- 2006.10 [microsoft] [The Final Word – Jim Allchin Letter Clarifies Patchguard on Vista](https://cloudblogs.microsoft.com/microsoftsecure/2006/10/24/the-final-word-jim-allchin-letter-clarifies-patchguard-on-vista/)
- 2006.10 [infosecblog] [MS caves on Vista Patchguard? Not so fast](https://www.infosecblog.org/2006/10/ms-caves-on-vista-patchguard-not-so-fast/)
- 2006.08 [microsoft] [Interview with Patchguard Architect Forrest Foltz (Windows Vista x64 Security – Patchguard follow up)](https://cloudblogs.microsoft.com/microsoftsecure/2006/08/16/interview-with-patchguard-architect-forrest-foltz-windows-vista-x64-security-patchguard-follow-up/)
***
## Driver Signature Enforcement(DSE)
- [**723**星][10m] [C] [hfiref0x/tdl](https://github.com/hfiref0x/tdl) Driver loader for bypassing Windows x64 Driver Signature Enforcement
- [**369**星][11d] [C] [mattiwatti/efiguard](https://github.com/mattiwatti/efiguard) Disable PatchGuard and DSE at boot time
- [**322**星][5m] [C] [9176324/shark](https://github.com/9176324/shark) Turn off PatchGuard in real time for win7 (7600) ~ win10 (18950).
- [**274**星][9d] [C++] [can1357/byepg](https://github.com/can1357/byepg) Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI
- 2014.05 [pediy] [[分享]抄抄改改过win7,win8,win8.1 x64的强制签名(DSE)](https://bbs.pediy.com/thread-187699.htm)
- 2013.01 [colinpoflynn] [Windows 7 64-bit Disable Driver Signature Enforcement](https://www.youtube.com/watch?v=k4RwaI4mn6Y)
- 2012.12 [vexillium] [Defeating Windows Driver Signature Enforcement #3: The Ultimate Encounter](http://j00ru.vexillium.org/?p=1455)
- 2012.12 [vexillium] [Defeating Windows Driver Signature Enforcement #3: The Ultimate Encounter](https://j00ru.vexillium.org/2012/12/defeating-windows-driver-signature-enforcement-part-3-the-ultimate-encounter/)
- 2012.11 [vexillium] [Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops](http://j00ru.vexillium.org/?p=1393)
- 2012.11 [vexillium] [Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops](https://j00ru.vexillium.org/2012/11/defeating-windows-driver-signature-enforcement-part-2-csrss-and-thread-desktops/)
- 2012.11 [vexillium] [Defeating Windows Driver Signature Enforcement #1: default drivers](http://j00ru.vexillium.org/?p=1169)
- 2012.11 [vexillium] [Defeating Windows Driver Signature Enforcement #1: default drivers](https://j00ru.vexillium.org/2012/11/defeating-windows-driver-signature-enforcement-part-1-default-drivers/)
- 2010.06 [vexillium] [A quick insight into the Driver Signature Enforcement](http://j00ru.vexillium.org/?p=377)
- 2010.06 [vexillium] [A quick insight into the Driver Signature Enforcement](https://j00ru.vexillium.org/2010/06/insight-into-the-driver-signature-enforcement/)
- 2006.03 [] [Showdown: MIIS vs. DSE](http://360tek.blogspot.com/2006/03/showdown-miis-vs-dse.html)
***
- [**424**星][10d] [C#] [matterpreter/defendercheck](https://github.com/matterpreter/defendercheck) Identifies the bytes that Microsoft Defender flags on.
- 2020.02 [eforensicsmag] [[CQLabs] Windows Defender Exploit Guard under the hood |by Artur Wojtkowski](https://eforensicsmag.com/cqlabs-windows-defender-exploit-guard-under-the-hood-by-artur-wojtkowski/)
- 2019.12 [p0w3rsh3ll] [Quick post: Review Windows Defender notifications](https://p0w3rsh3ll.wordpress.com/2019/12/29/quick-post-review-windows-defender-notifications/)
- 2019.12 [4hou] [评估一个新的安全数据源的有效性: Windows Defender 漏洞利用防护(上)](https://www.4hou.com/system/22277.html)
- 2019.12 [Enderman] [Can Windows Defender protect your computer against malware?](https://www.youtube.com/watch?v=ErxcY9wjr14)
- 2019.12 [illuminati] [Starlink: “Sorry this application cannot run in a Virtual Machine” while running with Windows Defender Application Guard enabled.](https://illuminati.services/2019/12/07/starlink-sorry-this-application-cannot-run-under-a-virtual-machine/)
- 2019.11 [vishal] [Disable Defender in Win10](https://medium.com/p/cf9514711fdf)
- 2019.10 [palantir] [Assessing the effectiveness of a new security data source: Windows Defender Exploit Guard](https://medium.com/p/860b69db2ad2)
- 2019.10 [HackersOnBoard] [Windows Offender Reverse Engineering Windows Defender's Antivirus Emulator](https://www.youtube.com/watch?v=LvW68czaEGs)
- 2019.09 [ATTTechChannel] [9/13/19 GootKit Malware Bypasses Windows Defender | AT&T ThreatTraq](https://www.youtube.com/watch?v=gCvSxzF4x1M)
- 2019.09 [aliyun] [Playing with Windows Defender](https://xz.aliyun.com/t/6216)
- 2019.07 [microsoft] [How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection](https://www.microsoft.com/security/blog/2019/07/31/how-windows-defender-antivirus-integrates-hardware-based-system-integrity-for-informed-extensive-endpoint-protection/)
- 2019.06 [goet] [Analyzing your Microsoft Defender ATP data in real-time in ELK using the new streaming API](https://medium.com/p/c435d2943605)
- 2019.06 [goet] [Protect yourself against #BlueKeep using Azure Sentinel and Defender ATP.](https://medium.com/p/d308f566d5cf)
- 2019.05 [eli] [Using PowerShell in Windows Defender](https://www.peerlyst.com/posts/using-powershell-in-windows-defender-eli-shlomo)
- 2019.05 [morphisec] [Morphisec + WINDOWS Defender AV: Advanced Threat Protection Made Easy](https://blog.morphisec.com/morphisec-microsoft-defender-av)
- 2019.04 [contextis] [Windows Defender Functionality](https://www.contextis.com/en/blog/windows-defender-functionality)
- 2019.04 [rce4fun] [Circumventing Windows Defender ATP's user-mode APC Injection sensor from Kernel-mode](http://rce4fun.blogspot.com/2019/04/circumventing-windows-defender-atps.html)
- 2019.03 [freebuf] [良心开发者,微软安全防护套件Windows Defender ATP将登陆Mac OS平台](https://www.freebuf.com/news/199117.html)
- 2019.03 [4hou] [攻击者如何使用修改后的Empire绕过Windows Defender](https://www.4hou.com/system/16541.html)
- 2019.03 [freebuf] [修改Empire绕过Windows Defender](https://www.freebuf.com/articles/system/197558.html)
***
## Antimalware Scan Interface(AMSI)
- [**322**星][9d] [C#] [hackplayers/salsa-tools](https://github.com/hackplayers/salsa-tools) Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched
- 2020.01 [ionize] [Detecting AMSI Bypass](https://ionize.com.au/detecting-amsi-bypass/)
- 2019.11 [two06] [AMSI as a Service — Automating AV Evasion](https://medium.com/p/2e2f54397ff9)
- 2019.11 [thecyberbutler] [Yet another update to bypass AMSI in VBA](https://medium.com/p/19ddf9065c04)
- 2019.11 [freebuf] [如何识别并分析反恶意软件扫描接口(AMSI)组件](https://www.freebuf.com/articles/terminal/216921.html)
- 2019.10 [binarydefense] [Binary Defense MDR Integrates Microsoft Antimalware Scan Interface Interoperability (AMSI) - Binary Defense](https://www.binarydefense.com/binary-defense-mdr-integrates-microsoft-antimalware-scan-interface-interoperability-amsi/)
- 2019.10 [mattifestation] [Antimalware Scan Interface Detection Optics Analysis Methodology: Identification and Analysis of AMSI for WMI](https://posts.specterops.io/antimalware-scan-interface-detection-optics-analysis-methodology-858c37c38383)
- 2019.10 [4hou] [看我如何一步步将基于堆的 AMSI 绕过做到接近完美](https://www.4hou.com/system/20700.html)
- 2019.10 [specterops] [Antimalware Scan Interface Detection Optics Analysis Methodology](https://medium.com/p/858c37c38383)
- 2019.09 [byte] [Adventures in the Wonderful World of AMSI.](https://medium.com/p/25d235eb749c)
- 2019.08 [4hou] [绕过AMSI的全套操作过程](https://www.4hou.com/web/18619.html)
- 2019.08 [mcafee] [McAfee AMSI Integration Protects Against Malicious Scripts](https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-amsi-integration-protects-against-malicious-scripts/)
- 2019.08 [mcafee] [McAfee AMSI Integration Protects Against Malicious Scripts](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-amsi-integration-protects-against-malicious-scripts/)
- 2019.07 [codewhitesec] [Heap-based AMSI bypass for MS Excel VBA and others](https://codewhitesec.blogspot.com/2019/07/heap-based-amsi-bypass-in-vba.html)
- 2019.07 [f] [Hunting for AMSI bypasses](https://blog.f-secure.com/hunting-for-amsi-bypasses/)
- 2019.06 [360] [如何绕过AMSI](https://www.anquanke.com/post/id/180281/)
- 2019.06 [contextis] [AMSI Bypass](https://www.contextis.com/en/blog/amsi-bypass)
- 2019.06 [aliyun] [How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code](https://xz.aliyun.com/t/5351)
- 2019.06 [360] [如何绕过AMSI及WLDP](https://www.anquanke.com/post/id/179832/)
- 2019.05 [benoit] [Alternative AMSI bypass](https://medium.com/p/554dc61d70b1)
- 2019.04 [4hou] [如何绕过AMSI for VBA](https://www.4hou.com/technology/17638.html)
***
## Address Space Layout Randomization(ASLR)
- [**901**星][2m] [Roff] [slimm609/checksec.sh](https://github.com/slimm609/checksec.sh) 检查可执行文件(PIE, RELRO, PaX, Canaries, ASLR, Fortify Source)属性的 bash 脚本
- [**371**星][12d] [PS] [netspi/pesecurity](https://github.com/netspi/pesecurity) 检查PE(EXE/DLL)编译选项是否有:ASLR, DEP, SafeSEH, StrongNaming, Authenticode。PowerShell模块
- 2019.12 [johnlatwc] [Early Security Stories — ASLR](https://medium.com/p/4c6bafe0dda1)
- 2019.10 [HackersOnBoard] [Black Hat USA 2016 Breaking Kernel Address Space Layout Randomization KASLR With Intel TSX](https://www.youtube.com/watch?v=K8nt67X1ahk)
- 2019.06 [arxiv] [[1906.10478] From IP ID to Device ID and KASLR Bypass (Extended Version)](https://arxiv.org/abs/1906.10478)
- 2019.06 [securityevaluators] [ASUSWRT RCE via Buffer Overflow, ASLR Bypass](https://blog.securityevaluators.com/asuswrt-buffer-overflow-format-string-aslr-bypass-2bbf9736fe46)
- 2019.06 [openanalysis] [Disable ASLR for Easier Malware Debugging With x64dbg and IDA Pro](https://oalabs.openanalysis.net/2019/06/12/disable-aslr-for-easier-malware-debugging/)
- 2019.06 [OALabs] [Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro](https://www.youtube.com/watch?v=DGX7oZvdmT0)
- 2019.04 [4hou] [利用ASLR薄弱点:Chrome沙箱逃逸漏洞分析](https://www.4hou.com/system/17424.html)
- 2019.03 [offensive] [Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)](https://www.offensive-security.com/vulndev/development-of-a-new-windows-10-kaslr-bypass-in-one-windbg-command/)
- 2019.03 [notsoshant] [Windows Exploitation: ASLR Bypass (MS07–017)](https://medium.com/p/8760378e3e84)
- 2019.02 [rce4fun] [VirtualProtectEx to bypass ASLR : A specific case study](http://rce4fun.blogspot.com/2019/02/virtualprotectex-to-bypass-aslr.html)
- 2019.01 [aliyun] [静态链接可执行文件的ASLR保护机制](https://xz.aliyun.com/t/3752)
- 2018.11 [pediy] [[原创] CVE-2014-0322 IE与Flash结合利用 绕过ASLR+DEP](https://bbs.pediy.com/thread-248057.htm)
- 2018.11 [pediy] [[原创]CVE-2012-1889 Win7 通过GUID加载dll库绕过ASLR+DEP](https://bbs.pediy.com/thread-247975.htm)
- 2018.11 [securityevaluators] [ASUSWRT Buffer Overflow, Format String ASLR Bypass](https://medium.com/p/2bbf9736fe46)
- 2018.10 [osandamalith] [PE Sec Info – A Simple Tool to Manipulate ASLR and DEP Flags](https://osandamalith.com/2018/10/24/pe-sec-info-a-simple-tool-to-manipulate-aslr-and-dep-flags/)
- 2018.08 [cmu] [When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults](https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html)
- 2018.06 [teamultimate] [Return to PLT, GOT to bypass ASLR remotely](https://teamultimate.in/return-to-plt-got-to-bypass-aslr-remote/)
- 2018.06 [teamultimate] [Format String Exploits: Defeating Stack Canary, NX and ASLR Remotely on 64 bit](https://teamultimate.in/format-string-defeating-stack-canary-nx-aslr-remote/)
- 2018.06 [nul] [Linux ASLR的一些实验 (1)](http://www.nul.pw/2018/06/09/263.html)
- 2018.05 [pediy] [[翻译]绕过 ASLR + NX 第一部分](https://bbs.pediy.com/thread-226637.htm)
***
***
***
***
- [**345**星][4m] [Py] [3ndg4me/autoblue-ms17-010](https://github.com/3ndg4me/autoblue-ms17-010) This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010
- [**254**星][17d] [Py] [mez-0/ms17-010-python](https://github.com/mez-0/MS17-010-Python) MS17-010: Python and Meterpreter
***
- 2020.02 [LoiLiangYang] [Exploiting Windows 10 with MS17_010_PSEXEC](https://www.youtube.com/watch?v=7-3k7AGTHPQ)
- 2010.04 [g] [MS10-020](http://g-laurent.blogspot.com/2010/04/ms10-020.html)
- 2010.04 [sans] [MS10-021: Encountering A Failed WinXP Update](https://isc.sans.edu/forums/diary/MS10021+Encountering+A+Failed+WinXP+Update/8644/)
- 2010.03 [sans] [OOB Update for Internet Explorer MS10-018](https://isc.sans.edu/forums/diary/OOB+Update+for+Internet+Explorer+MS10018/8533/)
- 2010.02 [sans] [MS10-015 may cause Windows XP to blue screen (but only if you have malware on it)](https://isc.sans.edu/forums/diary/MS10015+may+cause+Windows+XP+to+blue+screen+but+only+if+you+have+malware+on+it/8266/)
- 2010.02 [g] [More details on MS10-006](http://g-laurent.blogspot.com/2010/02/more-details-on-ms10-006.html)
- 1970.01 [] [[MS15-010 / CVE-2015-0057] Exploitation](http://0day5.com/archives/3631/)
***
- [**6407**星][1y] [Pascal] [stascorp/rdpwrap](https://github.com/stascorp/rdpwrap) RDP Wrapper Library
- [**3800**星][9d] [C] [freerdp/freerdp](https://github.com/freerdp/freerdp) FreeRDP is a free remote desktop protocol library and clients
- [**1655**星][21d] [C] [neutrinolabs/xrdp](https://github.com/neutrinolabs/xrdp) xrdp: an open source RDP server
- [**1083**星][9d] [C] [zerosum0x0/cve-2019-0708](https://github.com/zerosum0x0/cve-2019-0708) Scanner PoC for CVE-2019-0708 RDP RCE vuln
- [**996**星][1m] [Py] [syss-research/seth](https://github.com/syss-research/seth) Perform a MitM attack and extract clear text credentials from RDP connections
- [**911**星][13d] [Py] [jimmy201602/webterminal](https://github.com/jimmy201602/webterminal) ssh rdp vnc telnet sftp bastion/jump web putty xshell terminal jumpserver audit realtime monitor rz/sz 堡垒机 云桌面 linux devops sftp websocket file management rz/sz otp 自动化运维 审计 录像 文件管理 sftp上传 实时监控 录像回放 网页版rz/sz上传下载/动态口令 django
- [**764**星][10d] [C] [rdesktop/rdesktop](https://github.com/rdesktop/rdesktop) rdesktop is an open source UNIX client for connecting to Windows Remote Desktop Services, capably of natively speaking Remote Desktop Protocol (RDP) in order to present the user's Windows desktop. rdesktop is known to work with Windows server version ranging from NT 4 terminal server to Windows 2012 R2.
- [**692**星][13d] [C] [robertdavidgraham/rdpscan](https://github.com/robertdavidgraham/rd