https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/3-%E5%85%8D%E6%9D%80%E4%B8%8E%E9%98%B2%E5%BE%A1%E8%A7%84%E9%81%BF/index.html免杀与防御规避 随着现代终端检测与响应（EDR）及防病毒软件的不断进化，如何在复杂环境下绕过监控机制、隐藏自身行为，成为红蓝对抗中的核心博弈点。Hugozh-CNThu, 11 Jun 2026 22:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/3-%E5%85%8D%E6%9D%80%E4%B8%8E%E9%98%B2%E5%BE%A1%E8%A7%84%E9%81%BF/EDR%E5%AF%B9%E6%8A%97%E4%B8%8E%E5%85%8D%E6%9D%80%E5%BA%95%E5%B1%82%E6%9C%BA%E5%88%B6/index.htmlThu, 11 Jun 2026 22:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/3-%E5%85%8D%E6%9D%80%E4%B8%8E%E9%98%B2%E5%BE%A1%E8%A7%84%E9%81%BF/EDR%E5%AF%B9%E6%8A%97%E4%B8%8E%E5%85%8D%E6%9D%80%E5%BA%95%E5%B1%82%E6%9C%BA%E5%88%B6/index.html暗影随行：EDR对抗与免杀艺术(Bypass AV/AMSI) 在十年前，杀毒软件（AV）主要依靠“特征码”和“黑名单”来查杀木马。那时候的免杀（Bypass）往往只需要加个壳（Packer）或者把特征字符串混淆一下就能轻松过关。