From 6884954db01f837ef92c96809990868c5f84aa33 Mon Sep 17 00:00:00 2001
From: pe3zx <pansaen@i-secure.co.th>
Date: Sun, 19 Nov 2017 23:44:19 +0700
Subject: [PATCH] Add google/sandbox-attacksurface-analysis-tools

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 6a09e56..faddc07 100644
--- a/README.md
+++ b/README.md
@@ -541,6 +541,10 @@ My curated list of awesome links, resources and tools
         <td><a href="https://github.com/api0cradle/UltimateAppLockerByPassList">api0cradle/UltimateAppLockerByPassList</a></td>
         <td>The goal of this repository is to document the most common techniques to bypass AppLocker.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/google/sandbox-attacksurface-analysis-tools">google/sandbox-attacksurface-analysis-tools</a></td>
+        <td>This is a small suite of tools to test various properties of sandboxes on Windows. Many of the checking tools take a -p flag which is used to specify the PID of a sandboxed process. The tool will impersonate the token of that process and determine what access is allowed from that location. Also it's recommended to run these tools as an administrator or local system to ensure the system can be appropriately enumerated.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/hlldz/Invoke-Phant0m">hlldz/Invoke-Phant0m</a></td>
         <td>Windows Event Log Killer</td>