https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/index.html内网渗透与域控安全 当 Web 边界被撕裂，真正的战争才刚刚开始。 在这个板块，我们将视角从公网的 HTTP 协议，转向深邃的企业内网。这里没有花哨的前端页面，只有冰冷的 RPC 调用、复杂的 Active Directory 信任关系，以及隐蔽的隧道流量。Hugozh-CNThu, 11 Jun 2026 16:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/1-%E8%BE%B9%E7%95%8C%E6%92%95%E8%A3%82/%E5%86%85%E7%BD%91%E4%BB%A3%E7%90%86%E4%B8%8E%E9%9A%A7%E9%81%93%E7%A9%BF%E9%80%8F%E5%BA%95%E5%B1%82%E6%8E%A8%E6%BC%94/index.htmlThu, 11 Jun 2026 13:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/1-%E8%BE%B9%E7%95%8C%E6%92%95%E8%A3%82/%E5%86%85%E7%BD%91%E4%BB%A3%E7%90%86%E4%B8%8E%E9%9A%A7%E9%81%93%E7%A9%BF%E9%80%8F%E5%BA%95%E5%B1%82%E6%8E%A8%E6%BC%94/index.html边界撕裂：内网代理穿透与隧道隐蔽技术底层推演 当攻击者通过 Web 漏洞（如文件上传、反序列化）在 DMZ（隔离区）的一台边缘服务器上获得了 WebShell 后，真正的内网渗透才刚刚拉开帷幕。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/2-%E5%B9%BD%E7%81%B5%E6%BC%AB%E6%AD%A5/Windows%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8%E4%B8%8E%E5%93%88%E5%B8%8C%E4%BC%A0%E9%80%92%E5%BA%95%E5%B1%82%E6%8E%A8%E6%BC%94/index.htmlThu, 11 Jun 2026 14:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/2-%E5%B9%BD%E7%81%B5%E6%BC%AB%E6%AD%A5/Windows%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8%E4%B8%8E%E5%93%88%E5%B8%8C%E4%BC%A0%E9%80%92%E5%BA%95%E5%B1%82%E6%8E%A8%E6%BC%94/index.html幽灵漫步：Windows横向移动机制(WMI/PsExec/WinRM)与哈希传递实战 在撕裂边界、建立起稳固的内网隧道后，攻击者的视角正式切入企业内网。 面对内网中成百上千台 Windows 主机，寻找高价值目标（如域控、核心数据库）的过程被称为横向移动（Lateral Movement）。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/3-%E5%9F%9F%E6%8E%A7%E7%9A%84%E9%99%A8%E8%90%BD/Kerberos%E5%8D%8F%E8%AE%AE%E6%BB%A5%E7%94%A8%E4%B8%8ERoasting%E6%94%BB%E5%87%BB%E6%8E%A8%E6%BC%94/index.htmlThu, 11 Jun 2026 15:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/3-%E5%9F%9F%E6%8E%A7%E7%9A%84%E9%99%A8%E8%90%BD/Kerberos%E5%8D%8F%E8%AE%AE%E6%BB%A5%E7%94%A8%E4%B8%8ERoasting%E6%94%BB%E5%87%BB%E6%8E%A8%E6%BC%94/index.html域控的陨落：Active Directory认证协议滥用(Kerberoasting/AS-REP) 在大型企业网络中，Active Directory（活动目录，简称 AD 域） 是整个内网的心脏。它掌管着所有用户、计算机和服务的信任关系。拿下了域控（Domain Controller, DC），就等于拿到了整个企业的“玉玺”。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/4-%E7%BB%88%E6%9E%81%E4%BC%AA%E9%80%A0/%E9%BB%84%E9%87%91%E7%A5%A8%E6%8D%AE%E4%B8%8E%E5%A7%94%E6%B4%BE%E6%94%BB%E5%87%BB%E5%BA%95%E5%B1%82%E9%80%BB%E8%BE%91/index.htmlThu, 11 Jun 2026 16:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/4-%E7%BB%88%E6%9E%81%E4%BC%AA%E9%80%A0/%E9%BB%84%E9%87%91%E7%A5%A8%E6%8D%AE%E4%B8%8E%E5%A7%94%E6%B4%BE%E6%94%BB%E5%87%BB%E5%BA%95%E5%B1%82%E9%80%BB%E8%BE%91/index.html终极伪造：黄金票据(Golden Ticket)与委派攻击(Delegation)底层逻辑 在内网渗透的终局之战中，当攻击者终于拿下了域控（Domain Controller, DC）的最高权限，这并不意味着渗透的结束，而是**权限维持（Persistence）**的开始。