├── README.md ├── SUMMARY.md ├── amsi └── bypass-amsi.md ├── anti-analysis └── anti-vm-sandbox.md ├── disable-av └── disable-wd.md ├── dump ├── bsod.md ├── comsvcs.dll.md ├── dumpert.md ├── hibernation.md ├── ppldump.md ├── procdump.md ├── processdump.exe.md ├── shellcode.md ├── silentprocessexit.md ├── sqldumper.md ├── task-manager-process-explorer.md ├── untitled.md └── winpmem.md ├── file ├── chm │ ├── README.md │ └── phishing-chm.md ├── lnk │ ├── README.md │ └── phishing-lnk.md ├── office.md └── pe.md ├── get-password ├── inject-mstsc.exe.md ├── mimikatz.md ├── nplogonnotify.md ├── smb.md └── tickets.md ├── inject └── inject.md ├── lateral-movement ├── dcom.md ├── hash.md ├── kerberos-tickets.md ├── rpc.md └── wmi.md ├── persistence ├── bits-jobs │ ├── README.md │ └── bits.md ├── com-hijack │ ├── README.md │ └── com-hijack.md ├── dll-hijack │ ├── README.md │ ├── hijack-.net-program.md │ └── hijack-autorun-programs.md ├── image-file-execution-options │ ├── README.md │ └── image-file-execution-options.md ├── office │ ├── README.md │ ├── com-hijack.md │ ├── macro-enabled-add-in-file.md │ ├── vsto.md │ └── wll-xll.md ├── rootkit │ ├── README.md │ └── rootkit.md ├── schtasks │ ├── README.md │ └── add-schtasks.md ├── service │ ├── README.md │ ├── edit-service.md │ ├── hide-service.md │ ├── hijack-service.md │ └── new-service.md ├── startup │ ├── README.md │ ├── folder.md │ └── registry.md ├── uncatelogued │ ├── README.md │ ├── addmonitor.md │ ├── appinit-dlls-inject.md │ ├── bios.md │ ├── command-processor.md │ ├── hijack-update-program.md │ ├── laps.md │ ├── powershell-profile.md │ ├── replace-file.md │ ├── screen-save.md │ ├── sdb.md │ ├── sethc.exe.md │ ├── ssp-dll.md │ ├── uwp.md │ ├── w32time.md │ ├── waitfor.md │ └── windows-telemetry.md ├── user │ ├── README.md │ ├── add-user.md │ └── hide-user.md └── wmi │ ├── README.md │ └── wmi-event.md ├── privilege-escalation ├── bug.md ├── untitled-4.md └── wrong-config.md ├── process └── creat-new-process.md ├── rats ├── hidden-remote.md └── stealer │ ├── README.md │ └── shu-ru-fa.md ├── tips └── some-tips.md └── tools └── untitled.md /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/README.md -------------------------------------------------------------------------------- /SUMMARY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/SUMMARY.md -------------------------------------------------------------------------------- /amsi/bypass-amsi.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/amsi/bypass-amsi.md -------------------------------------------------------------------------------- /anti-analysis/anti-vm-sandbox.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/anti-analysis/anti-vm-sandbox.md -------------------------------------------------------------------------------- /disable-av/disable-wd.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/disable-av/disable-wd.md -------------------------------------------------------------------------------- /dump/bsod.md: -------------------------------------------------------------------------------- 1 | # BSOD 2 | 3 | 参考链接: 4 | 5 | {% embed url="https://www.mrwu.red/web/2000.html" caption="" %} 6 | 7 | -------------------------------------------------------------------------------- /dump/comsvcs.dll.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/comsvcs.dll.md -------------------------------------------------------------------------------- /dump/dumpert.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/dumpert.md -------------------------------------------------------------------------------- /dump/hibernation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/hibernation.md -------------------------------------------------------------------------------- /dump/ppldump.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/ppldump.md -------------------------------------------------------------------------------- /dump/procdump.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/procdump.md -------------------------------------------------------------------------------- /dump/processdump.exe.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/processdump.exe.md -------------------------------------------------------------------------------- /dump/shellcode.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/shellcode.md -------------------------------------------------------------------------------- /dump/silentprocessexit.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/silentprocessexit.md -------------------------------------------------------------------------------- /dump/sqldumper.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/sqldumper.md -------------------------------------------------------------------------------- /dump/task-manager-process-explorer.md: -------------------------------------------------------------------------------- 1 | # Task Manager/Process Explorer 2 | 3 | 任务管理器中 4 | 5 | 右键-创建转储文件 6 | 7 | -------------------------------------------------------------------------------- /dump/untitled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/dump/untitled.md -------------------------------------------------------------------------------- /dump/winpmem.md: -------------------------------------------------------------------------------- 1 | # WinPmem 2 | 3 | 参考链接: 4 | 5 | {% embed url="https://github.com/FSecureLABS/physmem2profit" caption="" %} 6 | 7 | -------------------------------------------------------------------------------- /file/chm/README.md: -------------------------------------------------------------------------------- 1 | # CHM 2 | 3 | -------------------------------------------------------------------------------- /file/chm/phishing-chm.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/file/chm/phishing-chm.md -------------------------------------------------------------------------------- /file/lnk/README.md: -------------------------------------------------------------------------------- 1 | # LNK 2 | 3 | 待整理 4 | 5 | 参考文章: 6 | 7 | {% embed url="https://bbs.pediy.com/thread-260953.htm" caption="" %} 8 | 9 | -------------------------------------------------------------------------------- /file/lnk/phishing-lnk.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/file/lnk/phishing-lnk.md -------------------------------------------------------------------------------- /file/office.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/file/office.md -------------------------------------------------------------------------------- /file/pe.md: -------------------------------------------------------------------------------- 1 | # PE 2 | 3 | 待整理 4 | 5 | 参考文章: 6 | 7 | {% embed url="https://bbs.pediy.com/thread-121488.htm" caption="" %} 8 | 9 | -------------------------------------------------------------------------------- /get-password/inject-mstsc.exe.md: -------------------------------------------------------------------------------- 1 | # 注入mstsc.exe 2 | 3 | 窃取远程桌面连接密码 4 | 5 | {% embed url="https://github.com/0x09AL/RdpThief" caption="" %} 6 | 7 | -------------------------------------------------------------------------------- /get-password/mimikatz.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/get-password/mimikatz.md -------------------------------------------------------------------------------- /get-password/nplogonnotify.md: -------------------------------------------------------------------------------- 1 | # NPLogonNotify 2 | 3 | 参考链接: 4 | 5 | {% embed url="https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy" caption="" %} 6 | 7 | -------------------------------------------------------------------------------- /get-password/smb.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/get-password/smb.md -------------------------------------------------------------------------------- /get-password/tickets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/get-password/tickets.md -------------------------------------------------------------------------------- /inject/inject.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/inject/inject.md -------------------------------------------------------------------------------- /lateral-movement/dcom.md: -------------------------------------------------------------------------------- 1 | # DCOM 2 | 3 | -------------------------------------------------------------------------------- /lateral-movement/hash.md: -------------------------------------------------------------------------------- 1 | # HASH 2 | 3 | -------------------------------------------------------------------------------- /lateral-movement/kerberos-tickets.md: -------------------------------------------------------------------------------- 1 | # Kerberos tickets 2 | 3 | -------------------------------------------------------------------------------- /lateral-movement/rpc.md: -------------------------------------------------------------------------------- 1 | # RPC 2 | 3 | -------------------------------------------------------------------------------- /lateral-movement/wmi.md: -------------------------------------------------------------------------------- 1 | # WMI 2 | 3 | -------------------------------------------------------------------------------- /persistence/bits-jobs/README.md: -------------------------------------------------------------------------------- 1 | # BITS Jobs 2 | 3 | -------------------------------------------------------------------------------- /persistence/bits-jobs/bits.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/bits-jobs/bits.md -------------------------------------------------------------------------------- /persistence/com-hijack/README.md: -------------------------------------------------------------------------------- 1 | # COM劫持 2 | 3 | -------------------------------------------------------------------------------- /persistence/com-hijack/com-hijack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/com-hijack/com-hijack.md -------------------------------------------------------------------------------- /persistence/dll-hijack/README.md: -------------------------------------------------------------------------------- 1 | # DLL劫持 2 | 3 | -------------------------------------------------------------------------------- /persistence/dll-hijack/hijack-.net-program.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/dll-hijack/hijack-.net-program.md -------------------------------------------------------------------------------- /persistence/dll-hijack/hijack-autorun-programs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/dll-hijack/hijack-autorun-programs.md -------------------------------------------------------------------------------- /persistence/image-file-execution-options/README.md: -------------------------------------------------------------------------------- 1 | # 映像劫持 2 | 3 | -------------------------------------------------------------------------------- /persistence/image-file-execution-options/image-file-execution-options.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/image-file-execution-options/image-file-execution-options.md -------------------------------------------------------------------------------- /persistence/office/README.md: -------------------------------------------------------------------------------- 1 | # Office 2 | 3 | -------------------------------------------------------------------------------- /persistence/office/com-hijack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/office/com-hijack.md -------------------------------------------------------------------------------- /persistence/office/macro-enabled-add-in-file.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/office/macro-enabled-add-in-file.md -------------------------------------------------------------------------------- /persistence/office/vsto.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/office/vsto.md -------------------------------------------------------------------------------- /persistence/office/wll-xll.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/office/wll-xll.md -------------------------------------------------------------------------------- /persistence/rootkit/README.md: -------------------------------------------------------------------------------- 1 | # Rootkit 2 | 3 | -------------------------------------------------------------------------------- /persistence/rootkit/rootkit.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/rootkit/rootkit.md -------------------------------------------------------------------------------- /persistence/schtasks/README.md: -------------------------------------------------------------------------------- 1 | # 计划任务 2 | 3 | -------------------------------------------------------------------------------- /persistence/schtasks/add-schtasks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/schtasks/add-schtasks.md -------------------------------------------------------------------------------- /persistence/service/README.md: -------------------------------------------------------------------------------- 1 | # 服务 2 | 3 | -------------------------------------------------------------------------------- /persistence/service/edit-service.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/service/edit-service.md -------------------------------------------------------------------------------- /persistence/service/hide-service.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/service/hide-service.md -------------------------------------------------------------------------------- /persistence/service/hijack-service.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/service/hijack-service.md -------------------------------------------------------------------------------- /persistence/service/new-service.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/service/new-service.md -------------------------------------------------------------------------------- /persistence/startup/README.md: -------------------------------------------------------------------------------- 1 | # 启动项 2 | 3 | -------------------------------------------------------------------------------- /persistence/startup/folder.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/startup/folder.md -------------------------------------------------------------------------------- /persistence/startup/registry.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/startup/registry.md -------------------------------------------------------------------------------- /persistence/uncatelogued/README.md: -------------------------------------------------------------------------------- 1 | # 未分类 2 | 3 | -------------------------------------------------------------------------------- /persistence/uncatelogued/addmonitor.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/addmonitor.md -------------------------------------------------------------------------------- /persistence/uncatelogued/appinit-dlls-inject.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/appinit-dlls-inject.md -------------------------------------------------------------------------------- /persistence/uncatelogued/bios.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/bios.md -------------------------------------------------------------------------------- /persistence/uncatelogued/command-processor.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/command-processor.md -------------------------------------------------------------------------------- /persistence/uncatelogued/hijack-update-program.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/hijack-update-program.md -------------------------------------------------------------------------------- /persistence/uncatelogued/laps.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/laps.md -------------------------------------------------------------------------------- /persistence/uncatelogued/powershell-profile.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/powershell-profile.md -------------------------------------------------------------------------------- /persistence/uncatelogued/replace-file.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/replace-file.md -------------------------------------------------------------------------------- /persistence/uncatelogued/screen-save.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/screen-save.md -------------------------------------------------------------------------------- /persistence/uncatelogued/sdb.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/sdb.md -------------------------------------------------------------------------------- /persistence/uncatelogued/sethc.exe.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/sethc.exe.md -------------------------------------------------------------------------------- /persistence/uncatelogued/ssp-dll.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/ssp-dll.md -------------------------------------------------------------------------------- /persistence/uncatelogued/uwp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/uwp.md -------------------------------------------------------------------------------- /persistence/uncatelogued/w32time.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/w32time.md -------------------------------------------------------------------------------- /persistence/uncatelogued/waitfor.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/waitfor.md -------------------------------------------------------------------------------- /persistence/uncatelogued/windows-telemetry.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/uncatelogued/windows-telemetry.md -------------------------------------------------------------------------------- /persistence/user/README.md: -------------------------------------------------------------------------------- 1 | # 用户账户 2 | 3 | -------------------------------------------------------------------------------- /persistence/user/add-user.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/user/add-user.md -------------------------------------------------------------------------------- /persistence/user/hide-user.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/user/hide-user.md -------------------------------------------------------------------------------- /persistence/wmi/README.md: -------------------------------------------------------------------------------- 1 | # WMI 2 | 3 | -------------------------------------------------------------------------------- /persistence/wmi/wmi-event.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/persistence/wmi/wmi-event.md -------------------------------------------------------------------------------- /privilege-escalation/bug.md: -------------------------------------------------------------------------------- 1 | # 漏洞 2 | 3 | -------------------------------------------------------------------------------- /privilege-escalation/untitled-4.md: -------------------------------------------------------------------------------- 1 | # UAC Bypass 2 | 3 | -------------------------------------------------------------------------------- /privilege-escalation/wrong-config.md: -------------------------------------------------------------------------------- 1 | # 错误配置 2 | 3 | -------------------------------------------------------------------------------- /process/creat-new-process.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/process/creat-new-process.md -------------------------------------------------------------------------------- /rats/hidden-remote.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/rats/hidden-remote.md -------------------------------------------------------------------------------- /rats/stealer/README.md: -------------------------------------------------------------------------------- 1 | # Stealer 2 | 3 | -------------------------------------------------------------------------------- /rats/stealer/shu-ru-fa.md: -------------------------------------------------------------------------------- 1 | # 输入法 2 | 3 | 参考链接: 4 | 5 | {% embed url="https://www.cnki.com.cn/Article/CJFDTotal-JCJS202005014.htm" caption="" %} 6 | 7 | -------------------------------------------------------------------------------- /tips/some-tips.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qwqdanchun/Malware-Note/HEAD/tips/some-tips.md -------------------------------------------------------------------------------- /tools/untitled.md: -------------------------------------------------------------------------------- 1 | # Untitled 2 | 3 | --------------------------------------------------------------------------------