Doonsec's feedhttp://wechat.doonsec.com/Mzk0MTY0NDIzMQ.xmlThe latest security articles about WeChat official accountzh-CNWed, 12 Mar 2025 16:38:32 GMTPyRSS2Gen-1.1.0http://blogs.law.harvard.edu/tech/rsshttp://wechat.doonsec.com/Doonsechttp://wechat.doonsec.com/static/front/img/doonsec_bak3.png【红队利器】单文件一键Kill360https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483887&idx=1&sn=35194cc678bef863bab32001fee6f6864SecNet4SecNet2025-03-12T12:24:10【APT攻击】针对渗透测试人员的大规模钓鱼攻击,涉及38个Github账号,请自查https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483871&idx=1&sn=0e363b482ab94158c22b47cb98f44f4b4SecNet4SecNet2025-03-06T09:20:23【红队利器】老\"鱼\"新\"吃\"-回归免杀本质https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483843&idx=1&sn=73ce1acf3bf7d3a81f22dc25db3261d34SecNet4SecNet2025-03-02T13:29:11【2025护网】国护招聘发车https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483841&idx=1&sn=3aac4e16f04066fe25a174c6d72059594SecNet4SecNet2025-03-01T18:59:26【红队战术】\"白名单的致命拥抱\"--PE文件注入技术实现无特征攻击https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483832&idx=1&sn=8aaed5fe5c6fea926afdda0b1243f9054SecNet4SecNet2025-02-28T09:49:23【AI时代】Ollama模型“白嫖”https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483823&idx=1&sn=a9ccecb1d9d0c19c1c99a442dbef340f4SecNet4SecNet2025-02-26T11:03:41【红队利器】无文件免杀之内存执行远程程序https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483800&idx=1&sn=57c91aa7813b95fc0734bd71638f64fd使用xa0PE Loader 技术结合远程下载与内存执行,实现文件不落地的执行方式,从而有效提高免杀能力。4SecNet4SecNet2025-02-22T10:30:00【红队利器】——某黑产团伙的IIS内存马源码https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483787&idx=1&sn=85a7b888a01f9806be105930aafc3b8a近期,我们追踪了某黑产团伙的一起攻击活动,发现该黑产团伙有能力劫持IIS服务器上的所有请求,并针对特定请求伪造特殊返回包,从而实现流量劫持、命令执行、黑帽SEO等功能。4SecNet4SecNet2025-02-21T11:28:56【红队神器】自研Shellcode生成引擎https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483774&idx=1&sn=9ca1c8065c34e0422859d492a74973324SecNet4SecNet2025-02-13T17:34:34【免杀】白名单-杀软的阿喀琉斯之踵?用户侧终结杀软https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483751&idx=1&sn=200759c8e6033991b22c22872b11a64a自APT组织使用BYOVD技术以来,驱动kill杀软的例子数不胜数,对于免杀,既然免杀不了,那就直接干掉杀软。今天分享一个简单的办法,利用白名单机制,在三环直接Kill掉某杀软,直接免杀。4SecNet4SecNet2025-01-10T10:10:38【持久化】单文件实现计划任务启动项持久化:巧妙绕过防护的实战技巧https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483744&idx=1&sn=1a748464e5a7a45134ada2c9707f288c4SecNet4SecNet2025-01-07T08:38:56【免杀】窥破虚拟世界:一次有趣的反沙箱技术揭秘https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483728&idx=1&sn=179e50ad3ff9a8127b988c81b0a930ab4SecNet4SecNet2024-12-31T12:18:03【免杀】深入揭秘银狐:利用进程断网技术巧妙绕过360云查杀,窥探其APT化演进之路https://mp.weixin.qq.com/s?__biz=Mzk0MTY0NDIzMQ==&mid=2247483705&idx=1&sn=c1ed1ab5ad0962ecfc43a848c2d35eb24SecNet4SecNet2024-12-30T09:56:52