http://wechat.doonsec.com/Mzk1NzM5MTI2Mg.xmlThe latest security articles about WeChat official accountzh-CNThu, 21 Aug 2025 17:30:53 GMTPyRSS2Gen-1.1.0http://blogs.law.harvard.edu/tech/rsshttp://wechat.doonsec.com/http://wechat.doonsec.com/static/front/img/doonsec_bak3.pnghttps://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484995&idx=1&sn=dc6c91d18d44876de08e67d3f06f128b通过AppVerifier和ShimEnginer接口来起到一种隐蔽的起进程形式的注入。半只红队半只红队2025-08-21T16:00:01https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484961&idx=1&sn=7b5bfad998e24dea74d6dc6eeba4dfa9Syscall 这种东西，见仁见智，不同的人，不同场景，不同EDR，不同对抗环境，效果不同 。半只红队半只红队2025-07-24T14:47:31https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484892&idx=1&sn=b97c48f14b44444c9e2a8d98d658b620避免注入链：Primitive Injection半只红队半只红队2025-06-30T14:22:36https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484880&idx=1&sn=74731199fa59eb0317aea9dd541aca01探讨进程注入：CONTEXT-Only半只红队半只红队2025-06-09T22:22:48https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484852&idx=1&sn=e7f0bb8c4807d2fafea0ac5c94ca9b26堆栈不在，何必欺骗？半只红队半只红队2025-05-21T23:21:46https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484833&idx=1&sn=9f266618eea9764fb773328367e30295《从栈回溯中谈谈堆栈欺骗》从基本的堆栈欺骗再到DEFCON提出的巧妙实现半只红队半只红队2025-05-10T14:41:09https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484786&idx=1&sn=36f35d013c1880aca93afd3a61055f3d【UDRLTrick】| CS Heap Encypt实现半只红队半只红队2025-04-22T12:49:28https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484715&idx=1&sn=239a3234a80e48f67d16e56d71493e7f【fscan插件】| 用gokrb5构建你的fscan插件（二）半只红队半只红队2025-04-07T10:40:20https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484699&idx=1&sn=339a02d6f79f25ff9ce0a6b29c7bd3a4【fscan插件】| 用gokrb5构建你的fscan插件半只红队半只红队2025-03-26T22:01:46https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484682&idx=1&sn=09e396d42d28ffbeff94180c181c03e9【Fscan】| POC与指纹编写半只红队半只红队2025-03-17T13:07:59https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484612&idx=1&sn=503f344add62347234340f40c339e076【CS-BOF插件】| 移除EDR六大内核回调半只红队半只红队2025-03-10T15:38:07https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484581&idx=1&sn=840758396b6d5d6060218a1978ace5f3【360过父】| 360核晶断链绕过父进程半只红队半只红队2025-03-04T19:50:50https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484569&idx=1&sn=c12b8370d1527aafba12095e7aac1710【Fscan二开】| Fscan中的瑞士军刀半只红队半只红队2025-03-02T17:40:32https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484508&idx=1&sn=eed57fd71be58a8a59823ac94a19479a【内核对抗】| 换个角度内核级致盲AV-EDR半只红队半只红队2025-02-17T17:06:49https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484433&idx=1&sn=c880bb48a013ff14e3bab913ecbfe043【Win11抓不到密码?】| 内存匹配规则的添加！！半只红队半只红队2025-02-03T23:25:04https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484414&idx=1&sn=e0687c1f6d62a3dcc2a187af2721c6b2AI爽文，全网狂欢半只红队半只红队2025-02-01T15:56:02https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484412&idx=1&sn=f7e81d418014efc190a265ea5b403424【CS单兵后渗透插件发布】| OpSec 标准下的红队武器化半只红队半只红队2025-01-28T22:17:04https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484326&idx=1&sn=d1da617b6d8c6a19e20c3543f60afc58【CS武器化插件】| BOF读取ToDesk和向日葵密码信息半只红队半只红队2025-01-24T08:02:07https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484316&idx=1&sn=ab9ac916c896017f20ab1efeb8dc19cb【钓鱼思路】| 360核晶等杀软环境下钓鱼思路分享半只红队半只红队2025-01-20T08:06:02https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484156&idx=1&sn=0bd24cccc21657f0a9d4bc5832be2ea3【无需Patch】| 最简单最朴素绕过AMSI半只红队半只红队2025-01-16T08:02:56https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484116&idx=1&sn=938506fe873a8dc0bdf5610037268530利用某神在Ring0层结束某擎某绒某电脑管家源代码半只红队半只红队2025-01-12T22:11:05https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484033&idx=1&sn=f9c2658f6c936dc00ecee65660a930ad【新手误区】| 单exe过360核晶？？半只红队半只红队2025-01-04T15:22:56https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247484006&idx=1&sn=4153933cdb8b7efe88bab1385806afca【武器开发】| 开发你的第一个BOF半只红队半只红队2025-01-02T23:36:10https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483939&idx=1&sn=a2b4cc9adb80dfba7245f6a3b12a12a8【从0到1】| 绕过企业版卡巴斯基EDR内存扫描详细思路半只红队半只红队2024-12-30T08:00:08https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483915&idx=1&sn=18ccf27e68c9e61166bf51cae745bdf8【冷饭新炒？】｜令牌移除居然还没失效半只红队半只红队2024-12-28T16:01:50https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483881&idx=1&sn=559674531d4a410f917e7f0b180dc0ad【随便写一个loader】| 对抗企业版卡巴斯基内存扫描半只红队半只红队2024-12-27T08:30:29https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483866&idx=1&sn=6f14d8109cf9dd8d67703d4ee722144f【杀软对抗之趣】｜ Ring3非驱动结束卡巴斯基半只红队半只红队2024-12-26T08:15:46https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483853&idx=1&sn=f5e17754932070b55adaf3830216a2f7【杀软对抗】| 重生之我在Ring3继续强杀天擎和杀软组件半只红队半只红队2024-12-25T03:00:03https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483842&idx=1&sn=d64db1b0bd7d9a113edef8da9449a51e【Kill !】| Ring3非驱动不重启结束V10天晴，物理机360核晶体！半只红队半只红队2024-12-23T16:38:42https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483820&idx=1&sn=b93386c3f56157dedfd61ddf4dd32cadRing3非驱动致盲360核晶全家桶 ！！！半只红队半只红队2024-12-20T15:37:46https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483798&idx=1&sn=e840d05d4d37a8f716df7ceba50bd4ec[强杀？致盲！] ｜让你的火绒失去对抗病毒的能力半只红队半只红队2024-12-19T11:51:45https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483784&idx=1&sn=c75ea845a96799c91499ff455c6b9807Bypass 360物理机核晶添加用户半只红队半只红队2024-12-17T14:54:45https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483757&idx=1&sn=66ee4b3104841386b013b0520f6d61b7直接系统调用、间接系统调用及其完善半只红队半只红队2024-12-15T23:44:16https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483736&idx=1&sn=2d4dc2cf7d2f605086c59a2d098f5238绕过实体机360核晶Dump lsass进程，全程BOF化，执行后将lsass.dmp拖到自己主机进行离线破解即可。半只红队半只红队2024-12-13T18:01:56https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483723&idx=1&sn=fafe76528870669586b2b0ec13dd6603无视像卡巴斯基EDR这样强大的EDR半只红队半只红队2024-12-12T20:12:10https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483709&idx=1&sn=a84d3f6254e53d412881a3da9727e66e整理了一下免杀的基础，DLL注入，虽然这个方法再实战中没啥用了是个累赘，但是这种方法还是要知道的。半只红队半只红队2024-12-09T18:47:36https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483702&idx=1&sn=df65072921958c1a992cb88a7e9b66b6这篇文章主要介绍免杀的前置知识，与其他前置知识文章不太一样，这篇文章主要告诉你，前置知识有啥。半只红队半只红队2024-12-08T23:26:23https://mp.weixin.qq.com/s?__biz=Mzk1NzM5MTI2Mg==&mid=2247483678&idx=1&sn=c1802d2297de4b8977b5970b5cd88ed1物理机Bypass 360权限维持半只红队半只红队2024-12-07T22:01:08