http://wechat.doonsec.com/MzU4NTg4MzIzNA.xmlThe latest security articles about WeChat official accountzh-CNFri, 28 Nov 2025 21:32:40 GMTPyRSS2Gen-1.1.0http://blogs.law.harvard.edu/tech/rsshttp://wechat.doonsec.com/http://wechat.doonsec.com/static/front/img/doonsec_bak3.pnghttps://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247485015&idx=1&sn=031aa0d920a3db14d96e728c2ad67eedgo-yara手把手配置事件响应回忆录事件响应回忆录2025-11-28T12:40:23https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484953&idx=1&sn=1f4f5267262a9b11f0ebbc5a5871bf73随着银狐病毒不断演化，其变种呈现出更高的专业性、更新频率显著加快，且清除难度大幅提升，给应急响应和事件处置工作带来了极大挑战。为便于在处置和分析溯源过程中共享信息，在此建立在线情报共享表格及微信交流群，欢迎大家填写，共享相关情报。事件响应回忆录事件响应回忆录2025-10-27T14:48:36https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484947&idx=1&sn=65a536c3d12833fb03620bf6385d57e5巧用AI完成病毒事件响应工作事件响应回忆录事件响应回忆录2025-10-23T18:00:14https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484927&idx=1&sn=ff73b31c4a12f9a667a219f995e0a215看技术博客，偶遇黑链跳转到瑟瑟网站，对该事件进行简单分析背后黑链成因事件响应回忆录事件响应回忆录2025-09-22T08:30:40https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484906&idx=1&sn=8b8f211da1e9a92cd005a6d9b6c87607“银狐”病毒正在伪冒主流办公软件大肆传播。事件响应回忆录事件响应回忆录2025-08-21T19:12:10https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484904&idx=1&sn=638ed847ff6a51ff2aceaca9e78dc84f巧用Windows NTFS特性还原攻击者行为事件响应回忆录事件响应回忆录2025-07-24T08:00:39https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484845&idx=1&sn=48603e50be0e2679dc20bfd28268f892hawkeye分析工具简单更新，添加防火墙出入站记录、计划任务日志以及去除c2 beacon规则，避免杀软和沙箱误报导致工具被隔离事件响应回忆录事件响应回忆录2025-07-15T08:00:18https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484838&idx=1&sn=e33b2792840998a1ac6531e8314c5838gota是golang中用于进行数据分析的一个第三方库，其功能和python的pandas库相似，能让使用者在进行数据分析时快速开展工作，同时也能够兼并性能。事件响应回忆录事件响应回忆录2025-07-13T09:01:10https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484755&idx=1&sn=a2cc9a2fe0437cc43742b4976b7c65c6近期，发现多种告警事件：“黑链”、“通报”、“webshell通信”，经过排查定位，还原该组织的整个攻击手法。事件响应回忆录事件响应回忆录2025-06-26T11:39:09https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484753&idx=1&sn=2040c910a28b2ee89de93c10473eef1f全新2.0崭新出品，助力hw溯源事件响应回忆录事件响应回忆录2025-06-18T17:41:30https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484751&idx=1&sn=926542156dd9a09e07631bae970b7752dddd-N0ld 投毒，样本简单分析事件响应回忆录事件响应回忆录2025-06-16T19:30:58https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484734&idx=1&sn=0fc7de2953ca89dad430b36eadd5d5fb一文详述EDR规避原理事件响应回忆录事件响应回忆录2025-06-11T10:04:09https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484732&idx=1&sn=4daacb8cb99df59042a1eeb986bf3dea好久没阅读源码学习了，闲暇之余，找了下frp早期源码看了看并做下阅读记录。事件响应回忆录事件响应回忆录2025-06-08T09:02:34https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484715&idx=1&sn=ee982e6796d71081485c2a8d8893544a本文是个娱乐项的文章，而非之前的安全类文章，理性观看。事件响应回忆录事件响应回忆录2025-06-03T08:30:57https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484710&idx=1&sn=684e1bb3329a2c6fac98ab5ffcc46ebd🔥K8Sxa0运维必看！删除xa0Podxa0后自动复活？强制删除xa0+xa0外联排查两大思路，附核心xa0DNSxa0日志开启xa0\\x26amp;xa0容器网络空间抓包技巧，轻松搞定疑难杂症💻事件响应回忆录事件响应回忆录2025-05-30T12:00:29https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484683&idx=1&sn=0e35e3e37aed48e00c8445053d1274ae一款图形化的Windows应急分析工具，快速分析主机威胁事件响应回忆录事件响应回忆录2025-03-20T10:00:14https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484659&idx=1&sn=baeebf0cea0163592a3703c9ac4e1674PikaY-一款开源的内存和文件威胁狩猎工具事件响应回忆录事件响应回忆录2025-03-17T16:00:25https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484643&idx=1&sn=9ae4fd2d317ca5b1697d983439d71fa3本文将深入探讨并研究这种特定的攻击手段——Fake CAPTCHA。事件响应回忆录事件响应回忆录2025-03-07T14:33:44https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484622&idx=1&sn=ce56975d9029b09199c2978ae21c3d55去除部分内置扫描规则，避免杀软误报事件响应回忆录事件响应回忆录2025-03-06T21:53:55https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484613&idx=1&sn=3721cdda846955f43690c03cbf92c0e5全文简要的说明了在Windows应急响应过程中常见的命令以及相关工具的使用事件响应回忆录事件响应回忆录2025-03-03T17:18:10https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484522&idx=1&sn=2f5d2f21e5604e3c3583d50156b1b82bWindows GUI应急响应工具HawkEye v2版本事件响应回忆录事件响应回忆录2025-02-24T09:06:50https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484487&idx=1&sn=5e3716bde6b2581de00776f3fce29a6f事件响应回忆录事件响应回忆录2025-02-14T09:14:01https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484469&idx=1&sn=2e2de8d06a275b54390db2695c6cf4fb日志追踪：通过auth.log定位异常SSH连接\\x0d\\x0a\\x0d\\x0a病毒解剖：利用find命令+proc文件系统锁定恶意程序\\x0d\\x0a\\x0d\\x0a自动化处置：开发带交互确认的Python清理脚本事件响应回忆录事件响应回忆录2025-02-13T09:01:34https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484450&idx=1&sn=cd9089afac034348d2252f99458c9f25比较经典的流量分析网站，适合新手进行流量分析的练习事件响应回忆录事件响应回忆录2025-02-11T09:37:25https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484364&idx=1&sn=4a3cc203214ad25b42f285ba08b34146从源代码角度，学习evileye/beaconeye扫描C2木马原理事件响应回忆录事件响应回忆录2025-02-10T10:03:45https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484358&idx=1&sn=d537fdb218cc12823147e284dbb35d76web应急之各中间件日志保存位置，作者：雁过留痕@深信服MSS专家部事件响应回忆录事件响应回忆录2025-01-31T19:52:08https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484356&idx=1&sn=6e62ed5d3095fff522186a185f8e68b3安全工程师的好帮手，Windows应急响应工具HawkEye春节节前更新事件响应回忆录事件响应回忆录2025-01-26T13:36:44https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484329&idx=1&sn=20c31baba359a00aaa54f36bd93f9bcd如何利用油猴脚本自动化检测钓鱼站点也总想挖RCE也总想挖RCE2025-01-19T11:43:17https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484308&idx=1&sn=317866f5804db85ce8bea45bc78a6eb6银狐叒进化，溯源不了，清理不掉！一线应急响应工程师教你如何手工处理也总想挖RCE也总想挖RCE2025-01-17T12:15:05https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484250&idx=1&sn=f36f7d2986b2134410351ce761ee4e3b仙女座僵尸网络也被称为Gamarue，本文介绍该病毒的处置，作者：雁过留痕@深信服MSS专家部也总想挖RCE也总想挖RCE2025-01-14T12:28:19https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484245&idx=1&sn=7d0127310237c3f630bdb35b87d5c2cfHawkeye(鹰眼)一款基于goalang开发的安全工具，旨在帮助安全工程师上机排查时能够快速的定位问题，提供排查思路。也总想挖RCE也总想挖RCE2025-01-10T09:00:40https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484228&idx=1&sn=64405b56391feff276eb05dfa90bd00a也总想挖RCE也总想挖RCE2024-12-09T17:48:17https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484214&idx=1&sn=f160e7b5731e2c8e3709138ce21f0529也总想挖RCE也总想挖RCE2024-12-06T14:17:39https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484157&idx=1&sn=1be955b4453fd3ef727531b319a991d1也总想挖RCE也总想挖RCE2024-12-02T14:47:09https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484155&idx=1&sn=7864b0503fa206fe7dce2f720b8b2f1c也总想挖RCE也总想挖RCE2024-11-29T17:42:26https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484067&idx=1&sn=d51f59c269f941abd4253caaf76c7fa0也总想挖RCE也总想挖RCE2024-11-28T20:05:30https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484039&idx=1&sn=1debfd30dd97dd8b30f44e392e218e7f也总想挖RCE也总想挖RCE2024-11-22T15:41:44https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247484004&idx=1&sn=9b02baf2f40c945576786771787041a7重生归来之我在写公众号？HVV-蓝队娱乐骚操作。也总想挖RCE也总想挖RCE2024-07-31T22:11:29https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483994&idx=1&sn=f41a5bf9abd6816868abd142e0b1a2bd本文缝合作者：雁过留痕@深信服MSS专家部零、前言最近老是遇到勒索病毒类事件，基于这种情况，在网上查找大量资也总想挖RCE也总想挖RCE2024-06-06T10:48:18https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483992&idx=1&sn=b6734a700ea538f1b5ce8c157553fc84也总想挖RCE也总想挖RCE2024-04-12T15:24:25https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483950&idx=1&sn=13c888bfce846616ddfe31e0d12c7606菜鸡的java内存马学习之旅也总想挖RCE也总想挖RCE2023-12-28T14:51:41https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483928&idx=1&sn=0dbd8af35fab510dda4c0124b5cdac14各位读者，好久不见，这段时间麋鹿甚是繁忙，以致于有一段时间未更新技术文章了。这几日看朋友圈中多位同仁分享雪景也总想挖RCE也总想挖RCE2023-12-20T17:11:37https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483926&idx=1&sn=1844992b45d4710c55eef9de7e9bc274免责声明由于传播、利用本公众号藏剑安全所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，也总想挖RCE也总想挖RCE2023-12-11T12:24:40https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483924&idx=1&sn=64c307bc98623137b989d2095fee64de什么是网络安全中的权限提升？在网络安全领域，了解威胁至关重要，而最关键的威胁之一就是特权升级的概念。从本质上也总想挖RCE也总想挖RCE2023-12-08T22:51:28https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483869&idx=1&sn=7c9680be3453ed62fdce4a12f3f257c0什么？远控程序被黑客利用了？一文带你分析常见远程软件日志！！也总想挖RCE也总想挖RCE2023-11-30T08:30:19https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483850&idx=1&sn=f44c2f4ba46de434f31485aec4497107一文讲解常见内存马查杀工具也总想挖RCE也总想挖RCE2023-11-29T09:14:29https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483846&idx=1&sn=f86f8faad7164e88e0a3883b9e9b870b一文总结常见应急响应中Linux常见命令也总想挖RCE也总想挖RCE2023-11-28T08:54:41https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483842&idx=1&sn=d4bd82c8c41fa17a26886ef496dd39fb一文讲完常见Windows权限维持，以及如何排查也总想挖RCE也总想挖RCE2023-11-27T19:04:44https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483782&idx=1&sn=13880ad7c0b67e0a8b345b405c99d831全文从实际使用方向出发，搭建内网穿透环境，对通信数据包进行分析，涵盖当前主流代理工具。抓包工具：wiresh也总想挖RCE也总想挖RCE2023-11-24T17:05:38https://mp.weixin.qq.com/s?__biz=MzU4NTg4MzIzNA==&mid=2247483706&idx=1&sn=016e6a8792785dad52a6a355bc7c14d3一个风和日丽的下午，日常与小伙伴们在qq群里吹着牛皮闹着磕，突然一个小伙伴发来一个URL，说是一个钓鱼网站。也总想挖RCE也总想挖RCE2022-06-10T19:04:04