Skip to content

Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.

Notifications You must be signed in to change notification settings

alphaSeclab/windows-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Windows

  • 跟Windows安全有关的资源收集。当前包括的工具个数1100+,并根据功能进行了粗糙的分类。部分工具添加了中文描述。当前包括文章数3300+。
  • 此页只包含部分内容. 查看完整版
  • English Version

目录

PowerShell


PowerSploit

工具

文章


PSAttack

工具

文章


其他

工具

  • [216星][23d] [PS] mkellerman/invoke-commandas Invoke Command As System/Interactive/GMSA/User on Local/Remote machine & returns PSObjects.

文章

DLL


新添加

工具

  • [2064星][10d] [C#] lucasg/dependencies A rewrite of the old legacy software "depends.exe" in C# for Windows devs to troubleshoot dll load dependencies issues.
  • [1393星][12m] [C] fancycode/memorymodule Library to load a DLL from memory.
  • [1232星][10d] [C#] perfare/il2cppdumper Restore dll from Unity il2cpp binary file (except code)
  • [810星][10d] [C#] terminals-origin/terminals Terminals is a secure, multi tab terminal services/remote desktop client. It uses Terminal Services ActiveX Client (mstscax.dll). The project started from the need of controlling multiple connections simultaneously. It is a complete replacement for the mstsc.exe (Terminal Services) client. This is official source moved from Codeplex.
  • [396星][8m] [C++] hasherezade/dll_to_exe Converts a DLL into EXE
  • [385星][19d] [C#] 3f/dllexport .NET DllExport
  • [371星][12d] [PS] netspi/pesecurity PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.
  • [255星][16d] [C++] wbenny/detoursnt Detours with just single dependency - NTDLL
  • [236星][21d] [C#] erfg12/memory.dll C# Hacking library for making PC game trainers.
  • [234星][1y] [C#] misaka-mikoto-tech/monohook hook C# method at runtime without modify dll file (such as UnityEditor.dll)
  • [220星][2m] [C++] chuyu-team/mint Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
  • [203星][10d] [C++] s1lentq/regamedll_cs a result of reverse engineering of original library mod HLDS (build 6153beta) using DWARF debug info embedded into linux version of HLDS, cs.so

文章


DLL注入

工具

  • [994星][1m] [C] fdiskyou/injectallthethings Seven different DLL injection techniques in one single project.
  • [747星][7m] [C++] darthton/xenos Windows DLL 注入器
  • [635星][3m] [PS] monoxgas/srdi Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

文章


DLL劫持

工具

  • [441星][9m] [Pascal] mojtabatajik/robber 查找易于发生DLL劫持的可执行文件
  • [327星][1y] [C++] anhkgg/superdllhijack 一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了

文章


DLL旁加载

文章

PE


PE解析

工具

  • [904星][12d] [Py] erocarrera/pefile PE文件读取、解析工具,Python编写

    查看详情

      ## 特性
      - Inspecting headers
      - Analysis of sections' data
      - Retrieving embedded data
      - Reading strings from the resources
      - Warnings for suspicious and malformed values
      - Support to write to some of the fields and to other parts of the PE, so it's possible to do some basic butchering of PEs
      - Packer detection with PEiD’s signatures
      - PEiD signature generation
      </details>
    

文章


工具

工具

  • [693星][15d] [C] thewover/donut 生成位置无关的shellcode(x86,x64或AMD64 + x86),该shellcode从内存中加载.NET程序集、PE文件和其他Windows有效负载,并使用参数运行它们
  • [407星][2m] [Assembly] hasherezade/pe_to_shellcode Converts PE into a shellcode
  • [399星][5m] [Jupyter Notebook] endgameinc/ember 110万PE文件的数据集合, 可用于训练相关模型. PE文件信息主要包括: SHA256/histogram(直方图)/byteentropy(字节熵)/字符串/PE头信息/段信息/导入表/导出表
  • [372星][1y] [Assembly] egebalci/amber 反射式PE加壳器,用于绕过安全产品和缓解措施
  • [342星][7m] [C] merces/pev The PE file analysis toolkit
  • [328星][2m] [VBA] itm4n/vba-runpe A VBA implementation of the RunPE technique or how to bypass application whitelisting.
  • [327星][1m] [C++] trailofbits/pe-parse Principled, lightweight C/C++ PE parser
  • [318星][20d] [C++] hasherezade/libpeconv 用于映射和取消映射PE 文件的库
  • [288星][9m] [Java] katjahahn/portex Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

文章

文章

.NET


工具

新添加

  • [9528星][19d] [C#] icsharpcode/ilspy .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
  • [3824星][2m] [C#] 0xd4d/de4dot .NET deobfuscator and unpacker.
  • [3278星][9m] [JS] sindresorhus/speed-test Test your internet connection speed and ping using speedtest.net from the CLI
  • [2526星][1y] [C#] yck1509/confuserex An open-source, free protector for .NET applications
  • [1811星][1m] [C#] sshnet/ssh.net SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.
  • [1696星][19d] [C#] jbevain/cecil C#库, 探查/修改/生成 .NET App/库
  • [1535星][12d] [C#] steamre/steamkit SteamKit2 is a .NET library designed to interoperate with Valve's Steam network. It aims to provide a simple, yet extensible, interface to perform various actions on the network.
  • [1415星][1y] [C++] dotnet/llilc This repo contains LLILC, an LLVM based compiler for .NET Core. It includes a set of cross-platform .NET code generation tools that enables compilation of MSIL byte code to LLVM supported platforms.
  • [1147星][9d] [C#] cobbr/covenant Covenant is a collaborative .NET C2 framework for red teamers.
  • [1135星][15d] [Boo] byt3bl33d3r/silenttrinity An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
  • [923星][12d] [C#] pwntester/ysoserial.net 生成Payload,恶意利用不安全的 .NET 对象反序列化
  • [818星][12d] [C#] proxykit/proxykit A toolkit to create code-first HTTP reverse proxies on ASP.NET Core
  • [788星][2m] [C#] cobbr/sharpsploit SharpSploit is a .NET post-exploitation library written in C#
  • [728星][3m] [C#] obfuscar/obfuscar Open source obfuscation tool for .NET assemblies
  • [693星][15d] [C] thewover/donut 生成位置无关的shellcode(x86,x64或AMD64 + x86),该shellcode从内存中加载.NET程序集、PE文件和其他Windows有效负载,并使用参数运行它们
  • [634星][12d] [HTML] foxzilla/pxer 人人可用的P站爬虫
  • [577星][10d] [C#] dabutvin/imgbot An Azure Function solution to crawl through all of your image files in GitHub and losslessly compress them. This will make the file size go down, but leave the dimensions and quality untouched. Once it's done, ImgBot will open a pull request for you to review and merge. help@imgbot.net
  • [546星][24d] [C#] crosire/scripthookvdotnet An ASI plugin for Grand Theft Auto V, which allows running scripts written in any .NET language in-game.
  • [536星][11d] [Go] timothyye/godns A dynamic DNS client tool, supports AliDNS, Cloudflare, Google Domains, DNSPod, HE.net & DuckDNS, written in Go.
  • [494星][28d] [C#] paulbartrum/jurassic A .NET library to parse and execute JavaScript code.
  • [493星][1m] [C#] chmorgan/sharppcap 用于捕获数据包的跨平台 (Windows, Mac, Linux)库,.NET编写
  • [486星][28d] [C#] tyranid/oleviewdotnet OLE/COM查看和检测工具,.NET语言编写
  • [424星][7m] [Java] nccgroup/freddy 自动识别 Java/.NET 应用程序中的反序列化漏洞
  • [386星][14d] [C#] addictedcs/soundfingerprinting .NET中的音频指纹识别。完全用C#编写的高效的声音指纹识别算法。
  • [385星][19d] [C#] 3f/dllexport .NET DllExport
  • [383星][2m] [C#] security-code-scan/security-code-scan Vulnerability Patterns Detector for C# and VB.NET
  • [373星][9d] [C#] sonarsource/sonar-dotnet 用于C#和VB.NET语言的静态代码分析器,用作SonarQube和SonarCloud平台的扩展。
  • [366星][10m] [JS] nikolayit/openjudgesystem An open source system for online algorithm competitions for Windows, written in ASP.NET MVC
  • [357星][10d] [C#] tmoonlight/nsmartproxy 内网穿透工具。采用.NET CORE的全异步模式打造
  • [334星][10d] [Java] wiglenet/wigle-wifi-wardriving Nethugging client for Android, from wigle.net
  • [320星][1m] [C#] azuread/azure-activedirectory-library-for-dotnet ADAL authentication libraries for .net
  • [316星][10d] [C#] dahall/vanara A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.

dnspy

  • [13163星][24d] [C#] 0xd4d/dnspy .NET debugger and assembly editor

文章

登录与认证


Mimikatz

工具

文章


NTLM

工具

  • [3097星][5m] [Py] spiderlabs/responder LLMNR/NBT-NS/MDNS投毒,内置HTTP/SMB/MSSQL/FTP/LDAP认证服务器, 支持NTLMv1/NTLMv2/LMv2
  • [1887星][1m] [Py] lgandx/responder LLMNR, NBT-NS, MDNS 投毒工具, 内置 HTTP/SMB/MSSQL/FTP/LDAP 流氓认证服务器,支持 NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP和基础 HTTP认证
  • [781星][1m] [Py] lgandx/pcredz This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
  • [744星][1y] [C#] eladshamir/internal-monologue 在不接触LSASS的情况下提取NTLM hash
  • [676星][1y] [Py] deepzec/bad-pdf create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines
  • [256星][2m] [Py] evilmog/ntlmv1-multi 修改NTLMv1/NTLMv1-ESS/MSCHAPv1 Hask, 使其可以在hashcat中用DES模式14000破解
  • [252星][14d] [PS] notmedic/netntlmtosilverticket SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
  • [250星][11d] [Ruby] urbanesec/zackattack Unveiled at DEF CON 20, NTLM Relaying to ALL THE THINGS!

文章


Kerberos

工具

  • [728星][19d] [C#] ghostpack/rubeus 原始Kerberos交互和滥用,C#编写
  • [617星][3m] [C] gentilkiwi/kekeo 玩弄 Windows Kerberos 的工具箱
  • [593星][7m] [Py] nidem/kerberoast 一系列用于攻击MS Kerberos实现的工具
  • [376星][12d] [Go] jcmturner/gokrb5 Pure Go Kerberos library for clients and services
  • [354星][2m] [Go] ropnop/kerbrute A tool to perform Kerberos pre-auth bruteforcing
  • [236星][27d] [Py] dirkjanm/krbrelayx Kerberos unconstrained delegation abuse toolkit

文章


Pass-The-Hash

工具

文章


Pass-The-Ticket

文章


winglogon.exe

工具

文章


LLMNR

工具

文章


NetBIOS

工具

文章


其他

工具

安全防护


UAC

工具

  • [2500星][2m] [C] hfiref0x/uacme Defeating Windows User Account Control
  • [2458星][9d] [PS] k8gege/k8tools K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
  • [1859星][17d] [JS] coreybutler/node-windows Windows support for Node.JS scripts (daemons, eventlog, UAC, etc).
  • [1742星][1m] [Py] rootm0s/winpwnage UAC bypass, Elevate, Persistence and Execution methods

文章


AppLocker

工具

文章


Data Execution Prevention(DEP)

工具

文章


Patch Guard(PG)

工具

文章


Driver Signature Enforcement(DSE)

工具

  • [723星][10m] [C] hfiref0x/tdl Driver loader for bypassing Windows x64 Driver Signature Enforcement
  • [369星][11d] [C] mattiwatti/efiguard Disable PatchGuard and DSE at boot time
  • [322星][5m] [C] 9176324/shark Turn off PatchGuard in real time for win7 (7600) ~ win10 (18950).
  • [274星][9d] [C++] can1357/byepg Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI

文章


Windows Defender

工具

文章


Antimalware Scan Interface(AMSI)

工具

  • [322星][9d] [C#] hackplayers/salsa-tools Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched

文章


Address Space Layout Randomization(ASLR)

工具

  • [901星][2m] [Roff] slimm609/checksec.sh 检查可执行文件(PIE, RELRO, PaX, Canaries, ASLR, Fortify Source)属性的 bash 脚本
  • [371星][12d] [PS] netspi/pesecurity 检查PE(EXE/DLL)编译选项是否有:ASLR, DEP, SafeSEH, StrongNaming, Authenticode。PowerShell模块

文章


Control Flow Guard

工具


Control Integrity Guard


其他

MS1X


工具

  • [345星][4m] [Py] 3ndg4me/autoblue-ms17-010 This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010
  • [254星][17d] [Py] mez-0/ms17-010-python MS17-010: Python and Meterpreter

文章

系统机制


RDP

工具

  • [6407星][1y] [Pascal] stascorp/rdpwrap RDP Wrapper Library
  • [3800星][9d] [C] freerdp/freerdp FreeRDP is a free remote desktop protocol library and clients
  • [1655星][21d] [C] neutrinolabs/xrdp xrdp: an open source RDP server
  • [1083星][9d] [C] zerosum0x0/cve-2019-0708 Scanner PoC for CVE-2019-0708 RDP RCE vuln
  • [996星][1m] [Py] syss-research/seth Perform a MitM attack and extract clear text credentials from RDP connections
  • [911星][13d] [Py] jimmy201602/webterminal ssh rdp vnc telnet sftp bastion/jump web putty xshell terminal jumpserver audit realtime monitor rz/sz 堡垒机 云桌面 linux devops sftp websocket file management rz/sz otp 自动化运维 审计 录像 文件管理 sftp上传 实时监控 录像回放 网页版rz/sz上传下载/动态口令 django
  • [764星][10d] [C] rdesktop/rdesktop rdesktop is an open source UNIX client for connecting to Windows Remote Desktop Services, capably of natively speaking Remote Desktop Protocol (RDP) in order to present the user's Windows desktop. rdesktop is known to work with Windows server version ranging from NT 4 terminal server to Windows 2012 R2.
  • [692星][13d] [C] robertdavidgraham/rdpscan A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability.
  • [433星][9d] [C++] 0x09al/rdpthief Extracting Clear Text Passwords from mstsc.exe using API Hooking.
  • [378星][15d] [C#] beckzhu/simpleremote 远程管理工具。轻量级、选项卡式、免费、开源的远程连接管理工具,支持RDP、SSH、Telnet协议
  • [376星][13d] [Py] gosecure/pyrdp RDP man-in-the-middle (mitm) and library for Python 3 with the ability to watch connections live or after the fact
  • [339星][21d] [PS] joelgmsec/autordpwn The Shadow Attack Framework
  • [296星][9d] [Py] xfreed0m/rdpassspray Python3 tool to perform password spraying using RDP
  • [283星][8m] [Py] k8gege/cve-2019-0708 3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

文章

文章_0


SMB

工具

  • [1215星][1m] [C#] k8gege/ladon 用于大型网络渗透的多线程插件化综合扫描神器
  • [820星][1y] [PS] kevin-robertson/invoke-thehash 执行 pass the hash WMI 和 SMB 任务的PowerShell函数
  • [767星][2m] [Py] shawndevans/smbmap SMB枚举
  • [388星][12d] [C] zerosum0x0/smbdoor Windows kernel backdoor via registering a malicious SMB handler
  • [355星][3m] [Py] m8r0wn/nullinux SMB null 会话识别和枚举工具
  • [348星][11m] [Py] skorov/ridrelay 通过使用具有低priv的SMB中继来枚举您没有信誉的域上的用户名。
  • [322星][8m] [C#] raikia/credninja A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter
  • [255星][19d] [PS] p3nt4/invoke-piper Forward local or remote tcp ports through SMB pipes.
  • [225星][3m] [Py] m4ll0k/smbrute SMB Protocol Bruteforce
  • [210星][3m] [Py] miketeo/pysmb pysmb is an experimental SMB/CIFS library written in Python. It implements the client-side SMB/CIFS protocol (SMB1 and SMB2) which allows your Python application to access and transfer files to/from SMB/CIFS shared folders like your Windows file sharing and Samba folders.

文章


Windows Management Instrumentation(WMI)

工具

  • [708星][12d] [Go] martinlindhe/wmi_exporter Prometheus exporter for Windows machines using WMI
  • [706星][1y] [PS] arvanaghi/sessiongopher 使用WMI为远程访问工具(如WinSCP,PuTTY,SuperPuTTY,FileZilla和Microsoft远程桌面)提取保存的会话信息。PowerShell编写
  • [610星][1y] [PS] fortynorthsecurity/wmimplant This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
  • [265星][9d] [JS] pandorafms/pandorafms Pandora FMS is a flexible and highly scalable monitoring system ready for big environments. It uses agents (Linux, Windows, AIX, HP-UX, Solaris and BSD systems) and can do both local and remote network monitoring (SNMP v3, TCP checks, WMI, etc).
  • [259星][1m] [Go] stackexchange/wmi WMI for Go
  • [251星][1y] [C#] 0xbadjuju/wheresmyimplant A Bring Your Own Land Toolkit that Doubles as a WMI Provider

文章


Event Tracing for Windows(ETW)

工具

文章


Lsass

工具

  • [489星][20d] [Py] hackndo/lsassy Extract credentials from lsass remotely
  • [356星][11d] [Py] aas-n/spraykatz Credentials gathering tool automating remote procdump and parse of lsass process.
  • [315星][13d] [C] outflanknl/dumpert LSASS memory dumper using direct system calls and API unhooking.

文章


BitLocker

工具

  • [772星][3m] [C] aorimn/dislocker FUSE driver to read/write Windows' BitLocker-ed volumes under Linux / Mac OSX
  • [347星][1y] [C] e-ago/bitcracker BitLocker密码破解器

文章


NTFS

工具

文章


SSDT

工具

文章


Windows Registry

工具

文章


Component Object Model(COM)

工具


Distributed Component Object Model(DCOM)

工具

  • [225星][10d] [PS] outflanknl/excel4-dcom PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
  • [207星][1y] [PS] sud0woodo/dcomrade Powershell script for enumerating vulnerable DCOM Applications

文章


Dynamic Data Exchange(DDE)

文章


Compiled HTML Help(CHM)

文章


WinSxS

工具


WoW64

工具

文章


Background Intelligent Transfer Service(BITS)

工具


Batch Script(.bat)

工具

  • [268星][9m] [Batchfile] diogo-fernan/ir-rescue A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
  • [216星][9d] [PS] enjoiz/privesc Windows batch script that finds misconfiguration issues which can lead to privilege escalation.

文章


DACL

工具

  • [333星][11d] [PS] canix1/adaclscanner Repo for ADACLScan.ps1 - Your number one script for ACL's in Active Directory

文章


WebDAV

工具

  • [465星][23d] [C++] winscp/winscp WinSCP is a popular free SFTP and FTP client for Windows, a powerful file manager that will improve your productivity. It supports also Amazon S3, FTPS, SCP and WebDAV protocols. Power users can automate WinSCP using .NET assembly.
  • [373星][2m] [Py] mar10/wsgidav A generic and extendable WebDAV server based on WSGI

文章


Group Policy Object(GPO)

工具

  • [246星][16d] [C#] fsecurelabs/sharpgpoabuse take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

文章


AppInit/AppCert

文章


InstallUtil

文章


Image File Execution Option(IFEO)

文章


Mshta

文章


Microsoft HTML Application(HTA)

文章


NetShell

工具

文章


VBScript

工具

  • [1615星][12d] [Py] zerosum0x0/koadic 类似于Meterpreter、Powershell Empire 的post-exploitation rootkit,区别在于其大多数操作都是由 Windows 脚本主机 JScript/VBScript 执行

文章


VBA

工具

文章


Security Service Provider(SSP)

文章


Scheduled Task

工具

  • [432星][1m] [Py] sibson/redbeat RedBeat is a Celery Beat Scheduler that stores the scheduled tasks and runtime metadata in Redis.
  • [385星][1m] [C#] dahall/taskscheduler Provides a .NET wrapper for the Windows Task Scheduler. It aggregates the multiple versions, provides an editor and allows for localization.

文章


Windows Remote Management(WinRM)

工具

文章


Control Panel

工具

文章


Windows Shortcut File

工具

文章


Windows Explorer

工具

文章


Application Shim

文章


Squiblydoo

文章


Open Office XML

工具


其他

各类软件


MS Internet Explorer

工具


MS Edge

工具

文章


MS Office

工具

  • [1731星][1m] [JS] ziv-barber/officegen Standalone Office Open XML files (Microsoft Office 2007 and later) generator for Word (docx), PowerPoint (pptx) and Excell (xlsx) in javascript. The output is a stream.
  • [1066星][20d] [Rich Text Format] decalage2/oletools python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
  • [750星][9d] [C#] outflanknl/evilclippy A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
  • [407星][2m] [YARA] guelfoweb/peframe PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

文章


EMET

工具

文章


psexec

工具

文章


Nltest


CMSTP.exe


Rundll32

工具

文章


Regsvr32

工具

文章


Regasm


Regsvcs


svchost

工具

文章


MSBuild

工具

  • [4136星][7d] [C#] microsoft/msbuild The Microsoft Build Engine (MSBuild) is the build platform for .NET and Visual Studio.
  • [728星][9m] [Py] mr-un1k0d3r/powerlessshell 依靠MSBuild.exe远程执行PowerShell脚本和命令
  • [226星][7m] [Py] infosecn1nja/maliciousmacromsbuild Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.

文章


csrss.exe

文章


其他exe

文章

SysInternalSuite


Sysmon

工具

文章


Procmon

工具

文章


Autoruns

工具

文章


ProcessExplorer

文章


其他

工具

文章

工具


新添加的


Environment&&环境&&配置


内核&&驱动


注册表


系统调用


其他

文章


新添加

贡献

内容为系统自动导出, 有任何问题请提issue

About

Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published