https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/index.htmlActive Directory Certificate Services 漏洞利用与防御：ESC1 与 ESC8 0x00 概述 Active Directory Certificate Services (AD CS) 作为微软提供的公钥基础设施 (PKI) 解决方案，在 … Spring Boot Actuator与Jolokia未授权访问打点利用技术 Spring Boot Actuator与Jolokia未授权访问打点利用技术 在现代 Java 微服务环境中，Spring Boot Actuator 是极其 … Jenkins管理面打点与接口利用技术 Jenkins管理面打点与接口利用技术 Jenkins 在渗透测试中属于典型的高价值管理面。它不像普通业务系统那样只承载单一业务逻辑，而是天然具备： 代码拉取与 … Nexus Repository Manager管理面打点与制品仓库利用技术 Nexus Repository Manager管理面打点与制品仓库利用技术 Nexus Repository Manager 是典型的制品仓库与依赖代理管理面 … GitLab管理面与API打点利用技术 GitLab管理面与API打点利用技术 GitLab 在渗透测试里不是一个单纯的代码托管站点，而是一个集代码仓库、CI/CD、制品 … Vault管理面打点与API利用技术 Vault管理面打点与API利用技术 HashiCorp Vault 是典型的高价值密钥与凭据控制平面。它管理的不只是“若干机密字符串”，而是整套组织级的： 静 … Keycloak身份认证平台管理面打点与Admin API利用技术 Keycloak身份认证平台管理面打点与Admin API利用技术 Keycloak 是典型的身份认证与 SSO 控制平面。它的价值不在一个登录页，而在它天然汇 …Hugozh-CNTue, 16 Jun 2026 00:20:51 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Active_Directory_Certificate_Services_%E6%BB%A5%E7%94%A8%E4%B8%8E%E9%98%B2%E5%AE%88_ESC1_ESC8/index.htmlFri, 12 Jun 2026 20:39:11 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Active_Directory_Certificate_Services_%E6%BB%A5%E7%94%A8%E4%B8%8E%E9%98%B2%E5%AE%88_ESC1_ESC8/index.html围绕 Active Directory Certificate Services、ESC1 与 ESC8 相关利用链，分析证书模板滥用、NTLM 中继、日志痕迹与蓝队防守处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Spring_Boot_Actuator%E4%B8%8EJolokia%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%89%93%E7%82%B9%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlSat, 13 Jun 2026 13:40:32 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Spring_Boot_Actuator%E4%B8%8EJolokia%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%89%93%E7%82%B9%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕Spring Boot Actuator与Jolokia相关攻击面与利用路径，分析打点识别、接口枚举、风险链条、日志痕迹与防守处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Jenkins%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8E%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlSat, 13 Jun 2026 13:46:56 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Jenkins%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8E%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕Jenkins相关攻击面与利用路径，分析打点识别、接口枚举、风险链条、日志痕迹与防守处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Nexus_Repository_Manager%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8E%E5%88%B6%E5%93%81%E4%BB%93%E5%BA%93%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlSat, 13 Jun 2026 14:07:32 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Nexus_Repository_Manager%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8E%E5%88%B6%E5%93%81%E4%BB%93%E5%BA%93%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕Nexus Repository Manager相关攻击面与利用路径，分析打点识别、接口枚举、风险链条、日志痕迹与防守处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/GitLab%E7%AE%A1%E7%90%86%E9%9D%A2%E4%B8%8EAPI%E6%89%93%E7%82%B9%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlSat, 13 Jun 2026 14:08:59 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/GitLab%E7%AE%A1%E7%90%86%E9%9D%A2%E4%B8%8EAPI%E6%89%93%E7%82%B9%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕GitLab管理面与API打点相关攻击面与利用路径，分析打点识别、接口枚举、风险链条、日志痕迹与防守处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Vault%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAPI%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlMon, 15 Jun 2026 12:23:07 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Vault%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAPI%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕Vault相关攻击面与利用路径，分析打点识别、接口枚举、风险链条、日志痕迹与防守处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Keycloak%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E5%B9%B3%E5%8F%B0%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAdmin_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 00:20:51 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/4-%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E4%B8%8EDevOps/Keycloak%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E5%B9%B3%E5%8F%B0%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAdmin_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕Keycloak身份认证平台相关攻击面与利用路径，分析打点识别、接口枚举、风险链条、日志痕迹与防守处置思路。