http://wechat.doonsec.com/Mzk2NDg3NTc1Mg.xmlThe latest security articles about WeChat official accountzh-CNThu, 05 Mar 2026 14:06:20 GMTPyRSS2Gen-1.1.0http://blogs.law.harvard.edu/tech/rsshttp://wechat.doonsec.com/http://wechat.doonsec.com/static/front/img/doonsec_bak3.pnghttps://mp.weixin.qq.com/s/7_pNaYVrnvUPSjr5YgU4LwGachiLoader：通过 API 跟踪击败 Node.js 恶意软件红队工坊红队工坊2026-03-05T10:33:38https://mp.weixin.qq.com/s/ep376tna5lZX50eu5oLMfA绕过杀软EDR内存扫描红队工坊红队工坊2026-02-12T16:17:08https://mp.weixin.qq.com/s/wNrl3wFBqLnL41Q-ZV84GQNimShellCodeLoader入选2022年KCon兵器谱红队工坊红队工坊2026-02-11T12:09:32https://mp.weixin.qq.com/s/wirOz97hJkKnm7dNrwW0Pw一款基于 Python 编写的使用AI自动化生成PowerShell Payload 的工具红队工坊红队工坊2026-02-09T11:16:59https://mp.weixin.qq.com/s/S2ex-Gc7YDlplTnTT3VPlg次世代免杀shellocde加载器红队工坊红队工坊2026-02-05T08:34:03https://mp.weixin.qq.com/s/7GaCGlwQMg_yVKoeWwhV7A深度预警 | AI Agent 门户 Clawdbot 安全风险：数百名用户服务暴露，敏感凭证面临清空风险红队工坊红队工坊2026-01-28T06:00:20https://mp.weixin.qq.com/s/5FgPxXc9PJy79msvPBoEpwPPL 滥用新路径红队工坊红队工坊2026-01-27T06:03:12https://mp.weixin.qq.com/s/QgSHX_N_rZqIUUa70KF66Q红队工坊红队工坊2026-01-05T10:15:51https://mp.weixin.qq.com/s/xA8reH9yIiX6C3GgL6laXw12月31日上午，小米创办人、董事长兼CEO雷军发文：实在抱歉，我感冒有点严重，原定跨年的直播只能推迟到 1月红队工坊红队工坊2025-12-31T10:49:46https://mp.weixin.qq.com/s/_6Lf_sXSYl8zjm2Hf9-IIg一个没有雷军的发布会红队工坊红队工坊2025-12-30T06:00:16https://mp.weixin.qq.com/s/WVXH3wkjrXST6_W2bhtrpg今日凌晨，我们已经正式上线最新网安技术模型N1 PRO模型。同时也发布了无问AI mini推理模式。红队工坊红队工坊2025-12-29T06:05:54https://mp.weixin.qq.com/s/moBS80jWec1tCU8InsSSZQ分析软件供应链攻击原理及防御工具红队工坊红队工坊2025-12-26T06:19:45https://mp.weixin.qq.com/s/SDZCLqeSR1f-vIEV85NXAA节日快乐🎆🎄\\x26lt;a class=\\x26quot;wx_topic_link\\x26quot; topic-id=\\x26quot;mjkrr8ek-28jeeg\\x26quot; data-topic=\\x26quot;1\\x26quot; style=\\x26quot;color: rgb(87, 107, 149) !important;\\x26quot;\\x26gt;#温馨家居装饰\\x26lt;/a\\x26gt;红队工坊红队工坊2025-12-25T09:35:56https://mp.weixin.qq.com/s/zb6-NrGZqUdb73YH4tC57Q利用binfmt_misc注册SUID二进制作为Linux后门红队工坊红队工坊2025-12-25T06:00:28https://mp.weixin.qq.com/s/gpLRhoT37Ry6Qq4zTV_Y7Q通过 Hook wininet 构建自定义 C2 通信信道红队工坊红队工坊2025-12-24T06:00:20https://mp.weixin.qq.com/s/XvBB1bJCIFpoQoAAGKhXcwAdaptixC2 深度剖析：功能、战术与狩猎策略红队工坊红队工坊2025-12-23T06:00:24https://mp.weixin.qq.com/s/P4P-Lx0O4fTrNfr8R9KCSg让AI去挖漏洞：11款大模型的黑客能力，我们替你测了个遍红队工坊红队工坊2025-12-22T06:01:42https://mp.weixin.qq.com/s/JUHK4Rld-uPak7exsJG1VQ利用Windows 错误报告转储 LSASS 内存红队工坊红队工坊2025-12-19T06:00:27https://mp.weixin.qq.com/s/MvcpbB-_Eqnevlxs1VvUeQ使用浏览器代理C2的HTTP流量红队工坊红队工坊2025-12-18T06:00:35https://mp.weixin.qq.com/s/iM3rCIXGy77GxIr7ILcXCg恶意软件开发系列（九）：使用C/C++内存执行.NET程序红队工坊红队工坊2025-12-17T06:00:40https://mp.weixin.qq.com/s/9eKwTH_h7PoIOfgbYzGVJg恶意软件开发系列（八）：COFF注入与内存执行红队工坊红队工坊2025-12-16T06:00:46https://mp.weixin.qq.com/s/BzLtyg0WpTFKOwI7Wv_h5AWindows 恶意软件开发（七）：突破安全桌面，实现键盘记录器红队工坊红队工坊2025-12-15T06:00:36https://mp.weixin.qq.com/s/Xwjl2XUsA6y-eKOKKGpwiA恶意软件开发系列（六）：使用LLVM和模板元编程的高级混淆技术红队工坊红队工坊2025-12-11T06:00:20https://mp.weixin.qq.com/s/6v9usDXDN8h3MzB2LwC_Yg恶意软件开发系列（五）： 一些Tips和技巧红队工坊红队工坊2025-12-10T06:03:58https://mp.weixin.qq.com/s/YnoOfvd0ITjM4TZP7ANttg恶意软件开发系列（四）：反静态分析技术详解红队工坊红队工坊2025-12-09T06:00:30https://mp.weixin.qq.com/s/vP80n7aOmSN1w1XdTwYILQ恶意软件开发系列（三）：反调试技术详解红队工坊红队工坊2025-12-08T08:00:34https://mp.weixin.qq.com/s/9FpaeuCcbZefXdg0v18FFA恶意软件开发系列（二）：与沙箱斗智斗勇红队工坊红队工坊2025-12-04T08:04:39https://mp.weixin.qq.com/s/plALQUnN7YK8-XU1sRtfVQ恶意软件开发系列（一）：打造一个能躲避杀软的木马红队工坊红队工坊2025-12-03T06:00:19https://mp.weixin.qq.com/s/nz1Ydo2Ksp-aR6ICYZNU-Q分析C2框架的演变及规避检测技术红队工坊红队工坊2025-12-02T08:00:50https://mp.weixin.qq.com/s/fTtLq4XCVREJJBKcaLy89Q深入 Windows VEH：如何导出向量化异常处理器列表红队工坊红队工坊2025-12-01T08:00:53https://mp.weixin.qq.com/s/ivqCEX4mVI4P0-_B40cZ5gWindows Installer 提权漏洞分析红队工坊红队工坊2025-11-27T08:01:42https://mp.weixin.qq.com/s/W0EhjKGgBhPaSno2WRH89w利用call gadgets技术绕过EDR调用栈检测红队工坊红队工坊2025-11-26T08:02:08https://mp.weixin.qq.com/s/eiWeV7y8jGnj99FC_FGmLw利用 Windows 辅助功能实现持久化与横向移动红队工坊红队工坊2025-11-25T08:00:45https://mp.weixin.qq.com/s/Pt7kGHfz53SvklKstGv2bw为什么 Rust 在恶意软件开发领域逐渐占据一席之地红队工坊红队工坊2025-11-24T08:01:07https://mp.weixin.qq.com/s/GW8luECl0Eo-4qXklT-1IAPowerShell红队指南红队工坊红队工坊2025-11-20T08:02:47https://mp.weixin.qq.com/s/S3SjvfI3E-iIeR1nKSeDEgCS的UDRL, SleepMask和BeaconGate功能详解红队工坊红队工坊2025-11-17T10:06:55https://mp.weixin.qq.com/s/geo2NEsBLGTOdqIX0V07rA如何编写免杀的shellcode红队工坊红队工坊2025-11-13T08:00:24https://mp.weixin.qq.com/s/c1dfQwB5uhYOhHDA5MKTKQEDR对抗和绕过技术盘点红队工坊红队工坊2025-11-11T08:01:16https://mp.weixin.qq.com/s/2zTtQhMDCjN7ekcXIftg5Q利用CS配置文件的强大功能实现EDR规避 - 第二部分红队工坊红队工坊2025-11-10T08:02:21https://mp.weixin.qq.com/s/_K0Y_HjNGBdxYfnSFFIUrA利用CS配置文件的强大功能实现EDR规避 - 第一部分红队工坊红队工坊2025-11-07T08:23:22https://mp.weixin.qq.com/s/zJF7PqrU0pltuVBD0NRXDw禁忌内容：如何手动地加载一个PE文件红队工坊红队工坊2025-11-06T08:01:23https://mp.weixin.qq.com/s/JoWhOKi0Hl5MNh7VjAeJCg利用CS4.10中的新特性魔改Beacon红队工坊红队工坊2025-11-05T08:18:19https://mp.weixin.qq.com/s/LDFOCX8Zk-uQvJgeiXoPqQPowerShell + .NET反射：打造无文件Shellcode加载链红队工坊红队工坊2025-11-04T08:01:14https://mp.weixin.qq.com/s/7XdioeJK2JfWYAQdrMJ5Vw内存加载PE绕过EDR红队工坊红队工坊2025-11-03T08:00:38https://mp.weixin.qq.com/s/nKHf-CqpW_eQvq32yhuxWAWindows进程间通信：深入探索（第六部分）红队工坊红队工坊2025-10-31T08:00:32https://mp.weixin.qq.com/s/G5j9nqG7OvCyz2WfPanjdAWindows进程间通信：深入探索（第五部分）红队工坊红队工坊2025-10-30T08:11:50https://mp.weixin.qq.com/s/gZYfHLdRq1RFoXRYKXEQyAWindows进程间通信：深入探索（第四部分）红队工坊红队工坊2025-10-29T08:02:36https://mp.weixin.qq.com/s/E-5YMZcqhmMoIHVRS_iONAWindows进程间通信：深入探索（第三部分）红队工坊红队工坊2025-10-27T08:01:32https://mp.weixin.qq.com/s/am0VmYvHLYHGL0XdVc3DsgWindows进程间通信：深入探索（第二部分）红队工坊红队工坊2025-10-23T08:00:43https://mp.weixin.qq.com/s/0Nu2ujFOQb3L4dWtDtJGzAWindows 进程间通信：深入探索背后的世界 - 第一部分红队工坊红队工坊2025-10-22T08:19:01https://mp.weixin.qq.com/s/hg1SgBxsnf28dapTKghFNQ可执行命令的DCOM对象-1红队工坊红队工坊2025-10-21T08:00:27https://mp.weixin.qq.com/s/egKPJIPS4i7FQp7_qddSpw漏洞赏金指南之竞争条件漏洞红队工坊红队工坊2025-10-20T08:00:40https://mp.weixin.qq.com/s/xrcTgY9_w-f-GqxU_s2WYw利用互联网空间搜索引擎搜集C2服务器红队工坊红队工坊2025-09-28T11:19:47https://mp.weixin.qq.com/s/86Hd_W48sK9WFj1P1BM5HwCOM劫持对抗AV/EDR终章-4红队工坊红队工坊2025-09-26T08:02:37https://mp.weixin.qq.com/s/3ntwiLCbr1cVb0NN4M-eegCOM劫持对抗AV/EDR-3红队工坊红队工坊2025-09-25T11:24:35https://mp.weixin.qq.com/s/RsYqra4lc36QIp3R-7iPWgCOM劫持对抗AV/EDR-2红队工坊红队工坊2025-09-24T08:00:56https://mp.weixin.qq.com/s/2smuGgR5mEdXeJNGUaRaVQCOM劫持对抗AV/EDR-1红队工坊红队工坊2025-09-23T08:05:46https://mp.weixin.qq.com/s/UjwIKPe5MUcP5dyH9HVD1Q利用 Crystal Palace API 构建C2功能模块红队工坊红队工坊2025-09-22T08:00:19https://mp.weixin.qq.com/s/jjSnNS-RKzgbt8tm9W7bzA深入理解 RUNDLL32.EXE红队工坊红队工坊2025-09-19T08:05:26https://mp.weixin.qq.com/s/Zaz30PB9yKvnpjJiexUIYA劫持计划任务MareBackup实现权限提升红队工坊红队工坊2025-09-18T08:05:58https://mp.weixin.qq.com/s/46xzrZkZ1nCPpv_fpjiJdgCS4.10中后渗透工具的开发红队工坊红队工坊2025-09-17T08:10:15https://mp.weixin.qq.com/s/jQ1VW-UTxGtdakxMfOr-mw免杀开发语言新选择：Crystal红队工坊红队工坊2025-09-16T08:00:35https://mp.weixin.qq.com/s/v7FO2TrUxLfUyZhRUD5a-gWindows 24H2中的自删除技术研究红队工坊红队工坊2025-09-15T08:02:00https://mp.weixin.qq.com/s/lL1IXnBhvXG0-td86A9EYwHackers hijack npm packages with 2 billion weekly红队工坊红队工坊2025-09-11T08:01:21https://mp.weixin.qq.com/s/NwHp0IBPIzM0gHXb7UMqrAmacOS 和 Linux中的EDR技术红队工坊红队工坊2025-09-10T08:01:47https://mp.weixin.qq.com/s/D8o1VJXeE0PAXUziPvD8Xg利用msc格式文件执行任意代码红队工坊红队工坊2025-09-09T08:00:55https://mp.weixin.qq.com/s/LqCjIIDAbaVq1m_nUNIUCgEarly Cascade注入绕过EDR红队工坊红队工坊2025-09-08T08:01:10https://mp.weixin.qq.com/s/0APZ5O2zH4EP9gTWAeknCw在 Windows 11 24H2中Dump Hashes红队工坊红队工坊2025-09-05T08:01:31https://mp.weixin.qq.com/s/DVqAxuK2VloWqtxMu6i79w利用GPP实现持久化红队工坊红队工坊2025-09-04T08:01:14https://mp.weixin.qq.com/s/6poGhZLot58slMb_3byNHw规避EDR日志创建计划任务红队工坊红队工坊2025-09-03T08:00:22https://mp.weixin.qq.com/s/FSiboaqrZvttAg73Y8S9jw利用BOF获取记事本内存中的访问令牌红队工坊红队工坊2025-09-02T08:01:08https://mp.weixin.qq.com/s/-Qwp7pV2myAPy3JeXvI4Xg内网渗透：高效文件侦察的技术演进之路红队工坊红队工坊2025-09-01T08:01:19https://mp.weixin.qq.com/s/-OiDvxjoLnJK4dAqIuNAlQ钓鱼攻击之ClickFix-2红队工坊红队工坊2025-08-29T08:02:54https://mp.weixin.qq.com/s/65UdUPlsZeXhqbZPvItahg钓鱼攻击之ClickFix-1红队工坊红队工坊2025-08-28T08:01:11https://mp.weixin.qq.com/s/0yjUePuvLThQSB4rmo4wsw利用PPL进程对抗EDR红队工坊红队工坊2025-08-27T08:00:59https://mp.weixin.qq.com/s/222lRt1nJvO4y8RBbNYnuA“调用栈伪造（Stack Spoofing）”是一种很酷的恶意代码技巧。它不新鲜，但最近又被拿出来讨论了。红队工坊红队工坊2025-08-26T08:00:27https://mp.weixin.qq.com/s/gTsepn8o5wvr9zGzbJXzlACOM劫持技术从入门到放弃红队工坊红队工坊2025-08-25T08:00:29https://mp.weixin.qq.com/s/-ErZCGNtY2HgbiW0FRja8g网站地址：https://powershellforhackers.com/payloads/红队工坊红队工坊2025-08-21T08:03:51https://mp.weixin.qq.com/s/UXCBQwoSIgeQNIxNSVCYOg利用C#窃取令牌获得system权限红队工坊红队工坊2025-08-20T08:00:26https://mp.weixin.qq.com/s/R3Hj3XWB6aBKP2ws0jLe0Q终端对抗，抛弃过时和被错误使用的技巧，了解底层原理，精准对抗红队工坊红队工坊2025-08-19T08:01:59https://mp.weixin.qq.com/s/QYxNcp6WTwX1fVMVfv1d8Q路径伪造，bypass EDR红队工坊红队工坊2025-08-18T08:00:25https://mp.weixin.qq.com/s/ae8zDM-tKG28o3icoRWS_w开发并改进一个 Python Shellcode Loader，探索对抗它的防御方式以及绕过这些防御的方法红队工坊红队工坊2025-08-15T08:00:53https://mp.weixin.qq.com/s/r2PtyIDEzSNoajYbm-mnTA从头开始构建BOF加载器红队工坊红队工坊2025-08-14T08:39:55https://mp.weixin.qq.com/s/cqZASlBQ2qXECfRgD_gSiw利用Chromium来监视用户的桌面红队工坊红队工坊2025-08-13T08:00:31https://mp.weixin.qq.com/s/Z1kfSRvbEbriq0OfkvfVMA渗透测试技巧：利用Windows长文件名实现文件隐身红队工坊红队工坊2025-08-12T08:00:38https://mp.weixin.qq.com/s/lfZ0bGxoL00QXprBh0Kkag在攻防领域中，存在许多的代码注入技术。今天要分享的是一个经典且实用的技术——AppDomainManager劫持。红队工坊红队工坊2025-08-08T08:02:04https://mp.weixin.qq.com/s/e6AoFTmWXOx9Q0e_hSpdFg前言在Windows安全攻防中，代码注入一直是一个核心话题。红队工坊红队工坊2025-08-05T08:02:06https://mp.weixin.qq.com/s/43_ddkafv8kn8hUpsNl6Mgargfuscator 简介ArgFuscator 是一个开源的独立 Web 应用程序，可帮助为常见的系统原红队工坊红队工坊2025-07-01T08:00:38https://mp.weixin.qq.com/s/F0tue7ITx_C-GTe01TjPlw前言读过前几期的文章，相信各位看官已经初步掌握了一些免杀技巧。本期我们将在Visual Studio环境下，手把手演示从代码编写到免杀成型的完整流程。红队工坊红队工坊2025-04-29T08:00:13https://mp.weixin.qq.com/s/5YpVAKjBfEEboqoOXqtjIA前言免杀技术绕不过白加黑这一关，利用系统或者安装的软件中，存在正规签名的文件，来运行我们的shellcode红队工坊红队工坊2025-04-23T08:01:05https://mp.weixin.qq.com/s/fh1XHaXn47kIkrlk_GRHQg谢谢翻车鱼红队工坊红队工坊2025-04-15T08:00:14https://mp.weixin.qq.com/s/DZLNLn1mhld_vMQaSUCO2Q前言你那匹引以为傲的“免杀马”，此刻正在“敌军”的数字堡垒里纵横捭阖，七进七出，如入无人之境。红队工坊红队工坊2025-04-14T08:03:03https://mp.weixin.qq.com/s/8L5w6whA1eTXr4vfNGzU-A前言书接上文，你正在免杀宇宙里遨游，指尖在键盘上疯狂跳跃。突然，旁边战友一声略带沮丧的喊叫把你拽回了现实：“靠，怎么又被干掉了！红队工坊红队工坊2025-04-11T08:02:07https://mp.weixin.qq.com/s/sCMKp8FcL0k0ZQUcNCxfAw前言项目实施在即，兄弟们都在期待着你的“马子”征战沙场。此时，你小心翼翼地将从gayhub上抄来的代码复制到虚拟机的IDE中，进行编辑和生成。红队工坊红队工坊2025-04-10T08:00:47https://mp.weixin.qq.com/s/ee2SpUL36TkO2kbFmh-R-A前言本文仅限技术研究与讨论，旨在探索利用AI加速安全相关代码开发的可能性，特别是沙箱检测技术。红队工坊红队工坊2025-04-02T15:39:01https://mp.weixin.qq.com/s/q3z5yw_xV3sWBgbiRlt_6g漏洞概述最近，Vite 开发服务器曝出了一个严重的安全漏洞，编号为 CVE-2025-30208。红队工坊红队工坊2025-04-01T08:02:30https://mp.weixin.qq.com/s/tcAWHr0_UxhtLZYgCYTWnA红队工坊红队工坊2025-03-25T13:51:46https://mp.weixin.qq.com/s/8oQsE4XSkqHkAhl0KDjcDw红队工坊红队工坊2025-03-21T14:30:59https://mp.weixin.qq.com/s/SdsBip2buPB9lpHoAa3QsA红队工坊红队工坊2025-03-20T14:31:06https://mp.weixin.qq.com/s/sPCyESmXM1obUg_ekyzU3w红队工坊红队工坊2025-03-19T08:09:52https://mp.weixin.qq.com/s/MwRu61blRlT-2XPQ_IlEew红队工坊红队工坊2025-03-14T14:30:24https://mp.weixin.qq.com/s/xHnNCSOuH6MqLduWF-b9Nw红队工坊红队工坊2025-03-13T14:02:28https://mp.weixin.qq.com/s/P7whaRE91LZhXBVl4xEJXw红队工坊红队工坊2025-03-12T14:00:47https://mp.weixin.qq.com/s/JLFl3Bzl1NgCp7x_nv5DwQ红队工坊红队工坊2025-03-11T14:26:29https://mp.weixin.qq.com/s/oVPdMOt21bdtqZFwqzp2XQ红队工坊红队工坊2025-03-09T15:20:07https://mp.weixin.qq.com/s/u--TovA9lRSMGBFpQ71Bsg红队工坊红队工坊2025-03-08T13:35:34https://mp.weixin.qq.com/s/sQ15Aucrim5Xny68e5JtMQ红队工坊红队工坊2025-03-07T08:03:30https://mp.weixin.qq.com/s/nDdCQu9bY1MPLCVHQHYG7w红队工坊红队工坊2025-03-06T08:00:48https://mp.weixin.qq.com/s/x5sycawiDxGae3IzQkjFzQ红队工坊红队工坊2025-03-05T09:03:42https://mp.weixin.qq.com/s/wVAZoX4TAmi3sf4bstSsiw红队工坊红队工坊2025-03-04T10:00:48https://mp.weixin.qq.com/s/OcFCBSjlaaOZxchAIlxxeg红队工坊红队工坊2025-03-03T21:34:03https://mp.weixin.qq.com/s/li8Di3lilyQyQyCGOLX2Tg红队工坊红队工坊2025-03-02T15:50:37https://mp.weixin.qq.com/s/BO-05WIx6mhnI0S2ARt0TA反弹shell，永不掉线红队工坊红队工坊2025-03-01T23:21:08https://mp.weixin.qq.com/s/-PRzNXd_s-jpcy-wr0OjiA轻松寻找白名单文件红队工坊红队工坊2025-02-28T08:00:55https://mp.weixin.qq.com/s/7M2vwy3p6q0aOvzSse48EQ资产测存活，我来一把梭红队工坊红队工坊2025-02-27T21:40:41https://mp.weixin.qq.com/s/XJnOSbxXPTha7HYjPtxrxQ红队工坊红队工坊2025-02-26T22:28:41https://mp.weixin.qq.com/s/4ESbImdjW1lMXDVGqeehHg\\x26lt;a class=\\x26quot;wx_topic_link\\x26quot; topic-id=\\x26quot;mgrzajqy-o0bh3z\\x26quot; data-topic=\\x26quot;1\\x26quot; style=\\x26quot;color: rgb(87, 107, 149) !important;\\x26quot;\\x26gt;#正则表达式\\x26lt;/a\\x26gt;\\x0a\\x26lt;a class=\\x26quot;wx红队工坊红队工坊