{"pages":[{"title":"深信服2024年APT洞察报告：应急响应与取证分析视角","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/APT%E6%94%BB%E5%87%BB/%E6%B7%B1%E4%BF%A1%E6%9C%8D2024%E5%B9%B4APT%E6%B4%9E%E5%AF%9F%E6%8A%A5%E5%91%8A/","date":"2026-06-20","summary":"一、APT攻击概况与应急响应挑战 2024年，全球APT组织通过技术跃迁、组织升级等不断演化和扩张，已将攻击的魔爪伸向影响更广泛、更具破坏性的领域。高级持续性威胁（APT）正在经历新一轮技术跃迁，攻防对抗再度升级。从利用0day漏洞渗透政府 …","section":"安全","category":"应急响应","tags":["APT攻击","0day漏洞","供应链攻击","Rootkit","EDR对抗","取证分析","应急响应"]},{"title":"银狐木马分析：从攻击行为到完整应急处置流程","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E9%93%B6%E7%8B%90%E6%9C%A8%E9%A9%AC/%E9%93%B6%E7%8B%90%E6%9C%A8%E9%A9%AC%E5%88%86%E6%9E%90%E4%BB%8E%E6%94%BB%E5%87%BB%E8%A1%8C%E4%B8%BA%E5%88%B0%E5%AE%8C%E6%95%B4%E5%BA%94%E6%80%A5%E5%A4%84%E7%BD%AE%E6%B5%81%E7%A8%8B/","date":"2026-06-20","summary":"一、银狐木马概述 银狐木马（Silver Fox），又称\u0026amp;quot;游蛇\u0026amp;quot;或\u0026amp;quot;谷堕大盗\u0026amp;quot;等，是国内安全企业对一类长期活跃、持续演化的远控木马家族的统称。该类木马隐蔽性强、存活时间长，常被用于长期控制终端主机、窃 …","section":"安全","category":"应急响应","tags":["银狐木马","远控木马","应急响应","社工攻击","内网扩散","进程注入","持久化","C2通信"]},{"title":"挖矿木马应急响应常规处置方法","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E6%8C%96%E7%9F%BF%E6%9C%A8%E9%A9%AC/%E6%8C%96%E7%9F%BF%E6%9C%A8%E9%A9%AC%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E5%B8%B8%E8%A7%84%E5%A4%84%E7%BD%AE%E6%96%B9%E6%B3%95/","date":"2026-06-20","summary":"一、事件背景与典型特征 挖矿木马（Cryptomining Malware）是一类利用受害者计算资源进行加密货币挖掘的恶意程序。其核心特征为CPU/GPU占用率持续异常升高，通常伴随异常外联矿池地址。部分挖矿木马带有蠕虫传播模块，在取得当前 …","section":"安全","category":"应急响应","tags":["挖矿木马","应急响应","CPU占用","进程排查","计划任务","启动项","矿池","持久化","后门"]},{"title":"Microsoft DART勒索软件应急响应案例研究","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E5%9B%BD%E9%99%85%E6%A1%88%E4%BE%8B/Microsoft-DART%E5%8B%92%E7%B4%A2%E8%BD%AF%E4%BB%B6%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%A1%88%E4%BE%8B%E7%A0%94%E7%A9%B6/","date":"2026-06-20","summary":"事件概述 本案例描述了微软检测与响应团队（DART）调查一起真实勒索软件事件的完整过程。该案例详细记录了攻击者从初始入侵到最终部署勒索软件的完整攻击链，按MITRE ATT\u0026amp;amp;CK战术进行分类分析。\n攻击路径分析 初始入侵 勒索软件活 …","section":"安全","category":"应急响应","tags":["勒索软件","Microsoft DART","MITRE ATT\u0026CK","RDP暴破","Mimikatz"]},{"title":"某部委遭遇CC攻击","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/DDoS%E5%83%B5%E5%B0%B8%E7%BD%91%E7%BB%9C%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2/%E6%9F%90%E9%83%A8%E5%A7%94%E9%81%AD%E9%81%87CC%E6%94%BB%E5%87%BB/","date":"2026-06-20","summary":"事件概述 某日，安服团队接到某部委的网站安全应急响应请求，网站存在动态页面访问异常缓慢现象，但静态页面访问正常，同时WAF、DDoS设备出现告警信息。\n应急响应人员通过对现场技术人员所提供WAF告警日志、DDoS设备日志、Web访问日志等数 …","section":"安全","category":"应急响应","tags":["DDoS","CC攻击","部委","验证码","动态页面"]},{"title":"利用钓鱼邮件，伪造打款信息","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E9%92%93%E9%B1%BC%E9%82%AE%E4%BB%B6/%E5%88%A9%E7%94%A8%E9%92%93%E9%B1%BC%E9%82%AE%E4%BB%B6%E4%BC%AA%E9%80%A0%E6%89%93%E6%AC%BE%E4%BF%A1%E6%81%AF/","date":"2026-06-20","summary":"事件概述 某日，某能源行业企业发现黑客伪造邮件，试图欺骗项目方打款到非项目银行账户中。由于发现及时，该企业已紧急与项目方进行联系，提醒项目方注意防范伪造邮件，未造成严重后果。应急人员前往现场进行溯源工作。\n应急人员对邮件服务器进行分析，发现 …","section":"安全","category":"应急响应","tags":["钓鱼邮件","BEC攻击","域名伪装","能源行业","邮件伪造"]},{"title":"Redis未授权访问漏洞致官网被植入黑链","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E7%BD%91%E9%A1%B5%E7%AF%A1%E6%94%B9/Redis%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%E8%87%B4%E5%AE%98%E7%BD%91%E8%A2%AB%E6%A4%8D%E5%85%A5%E9%BB%91%E9%93%BE/","date":"2026-06-20","summary":"事件概述 某日，安服团队接到某出版社应急响应请求，官网出现黑链急需溯源排查，应急响应专家30分钟到达现场。\n应急人员抵达现场后，通过对系统分析发现在WEB负载服务器WEB01中确实存在黑链，对Web01进行排查发现后门文件，溯源分析后发现攻 …","section":"安全","category":"应急响应","tags":["网页篡改","Redis未授权","黑链","RootKit","TRS漏洞"]},{"title":"服务器存漏洞感染勒索病毒","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E5%8B%92%E7%B4%A2%E7%97%85%E6%AF%92/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%AD%98%E6%BC%8F%E6%B4%9E%E6%84%9F%E6%9F%93%E5%8B%92%E7%B4%A2%E7%97%85%E6%AF%92/","date":"2026-06-20","summary":"事件概述 某日，接到某医院的服务器安全应急响应请求。该机构反馈有几台服务器出现重启/蓝屏现象，应急响应人员初步判定为感染了勒索病毒。\n应急响应人员对重启/蓝屏服务器分析后，判定均遭受\u0026amp;quot;永恒之蓝\u0026amp;quot;勒索病毒，同时遭受感染的服 …","section":"安全","category":"应急响应","tags":["勒索病毒","永恒之蓝","MS17-010","医院","445端口"]},{"title":"应急响应报告网站收集","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A%E7%BD%91%E7%AB%99%E6%94%B6%E9%9B%86/","date":"2026-06-19","summary":" 本文仅收录可完整访问内容的真实安全事件应急响应报告。每篇报告均包含具体的事件背景、处置过程、溯源分析和防护建议，适合用于后续深入学习与案例分析。\n一、勒索病毒类应急响应报告 1. FreeBuf：网络安全应急响应典型案例-勒索病毒类 来源 …","section":"安全","category":"应急响应","tags":["应急响应报告","安全事件分析","勒索病毒","Webshell","钓鱼邮件","篡改","DDoS","案例复盘"]},{"title":"汇编与寄存器：x86/x64指令集与函数调用栈帧深度剖析","url":"/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/03-%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/%E4%B8%93%E9%A2%98%E7%A0%94%E7%A9%B6%E4%B8%8E%E6%95%99%E7%A8%8B/%E4%BA%8C%E8%BF%9B%E5%88%B6%E9%80%86%E5%90%91%E4%B8%8EPwn%E8%BF%9B%E9%98%B6/1-%E6%B1%87%E7%BC%96%E4%B8%8E%E6%A0%88%E5%B8%A7/x86%E6%B1%87%E7%BC%96%E4%B8%8E%E5%87%BD%E6%95%B0%E6%A0%88%E5%B8%A7%E5%89%96%E6%9E%90/","date":"2026-06-11","summary":"汇编与寄存器：x86/x64指令集与函数调用栈帧深度剖析 如果说 Web 渗透是寻找逻辑漏洞，那么 Pwn（二进制漏洞利用） 则是直接与 CPU 和内存对话的终极黑客艺术。\n要在一堆枯燥的十六进制机器码中找到可以执行 …","section":"安全","category":"安全"},{"title":"边界撕裂：内网代理穿透与隧道隐蔽技术底层推演","url":"/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/1-%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/1-%E8%BE%B9%E7%95%8C%E6%92%95%E8%A3%82/%E5%86%85%E7%BD%91%E4%BB%A3%E7%90%86%E4%B8%8E%E9%9A%A7%E9%81%93%E7%A9%BF%E9%80%8F%E5%BA%95%E5%B1%82%E6%8E%A8%E6%BC%94/","date":"2026-06-11","summary":"边界撕裂：内网代理穿透与隧道隐蔽技术底层推演 当攻击者通过 Web 漏洞（如文件上传、反序列化）在 DMZ（隔离区）的一台边缘服务器上获得了 WebShell 后，真正的内网渗透才刚刚拉开帷幕。\n然而，企业内网绝非坦途。严格的防火墙 …","section":"安全","category":"安全"},{"title":"Cyber Forensic Academy 印度真实应急响应案例研究（10起）","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E5%9B%BD%E9%99%85%E6%A1%88%E4%BE%8B/Cyber-Forensic-Academy%E5%8D%B0%E5%BA%A6%E7%9C%9F%E5%AE%9E%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%A1%88%E4%BE%8B%E7%A0%94%E7%A9%B610%E8%B5%B7/","date":"2026-06-20","summary":"案例概览 本文收录了 10 起发生在印度的真实安全事件（2023-2025），每起案例均包含标准化的分析框架：攻击向量、时间线、使用工具、遏制时间、恢复成本和经验教训。\n案例 1：AIIMS Delhi 勒索软件事件（2023） 攻击向量： …","section":"安全","category":"应急响应","tags":["应急响应","印度安全事件","勒索软件","数据泄露","APT攻击","案例研究"]},{"title":"某证券公司遭遇DDoS攻击","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/DDoS%E5%83%B5%E5%B0%B8%E7%BD%91%E7%BB%9C%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2/%E6%9F%90%E8%AF%81%E5%88%B8%E5%85%AC%E5%8F%B8%E9%81%AD%E9%81%87DDoS%E6%94%BB%E5%87%BB/","date":"2026-06-20","summary":"事件概述 某日，安服团队接到某省网安的应急响应请求，本地证券公司在10日7:00-8:00遭受1G流量的DDoS攻击，整个攻击过程持续了1个小时，造成证券公司网站无法正常访问。同时，多个邮箱收到勒索邮件，并宣称如不尽快交钱会把攻击流量增加到 …","section":"安全","category":"应急响应","tags":["DDoS","NTP反射放大","证券公司","勒索邮件"]},{"title":"破解管理员弱密码，发起钓鱼邮件攻击","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E9%92%93%E9%B1%BC%E9%82%AE%E4%BB%B6/%E7%A0%B4%E8%A7%A3%E7%AE%A1%E7%90%86%E5%91%98%E5%BC%B1%E5%AF%86%E7%A0%81%E5%8F%91%E8%B5%B7%E9%92%93%E9%B1%BC%E9%82%AE%E4%BB%B6%E6%94%BB%E5%87%BB/","date":"2026-06-20","summary":"事件概述 某日，安服应急响应团队接到某科研集团应急需求，其邮箱系统遭受钓鱼邮件攻击，邮箱系统超级管理员账户被盗，导致集团组织架构，以及包含集团领导在内的近200名员工信息泄露。\n应急人员抵达现场后对邮件服务器进行排查，发现邮箱系统超级管理员 …","section":"安全","category":"应急响应","tags":["钓鱼邮件","弱口令","SMTP暴破","科研集团","组织架构泄露"]},{"title":"网站WEB漏洞致网站被挂马","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E7%BD%91%E9%A1%B5%E7%AF%A1%E6%94%B9/%E7%BD%91%E7%AB%99WEB%E6%BC%8F%E6%B4%9E%E8%87%B4%E7%BD%91%E7%AB%99%E8%A2%AB%E6%8C%82%E9%A9%AC/","date":"2026-06-20","summary":"事件概述 某日，安服团队接到某集团网站挂马事件应急响应请求，其门户网站被挂马，非域名或IP直接访问跳转色情网站。\n应急人员到达现场后，对网站系统、服务器文件、账号、网络连接、日志等多方面进行分析，网站网页被植入恶意JS脚本代码，同时网站系统 …","section":"安全","category":"应急响应","tags":["网页篡改","挂马","DOTNETCMS","SQL注入","任意文件上传"]},{"title":"终端电脑遭遇钓鱼邮件感染勒索病毒","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E5%8B%92%E7%B4%A2%E7%97%85%E6%AF%92/%E7%BB%88%E7%AB%AF%E7%94%B5%E8%84%91%E9%81%AD%E9%81%87%E9%92%93%E9%B1%BC%E9%82%AE%E4%BB%B6%E6%84%9F%E6%9F%93%E5%8B%92%E7%B4%A2%E7%97%85%E6%AF%92/","date":"2026-06-20","summary":"事件概述 某日，到某电网公司的终端安全应急响应请求，有几台办公终端出现部分Office文档、图片文档、pdf文档多了sage后缀，修改后变成乱码。\n应急响应人员接到请求后，通过对感染勒索病毒的机器样机进行分析得知，此次感染的勒索病毒的类型为 …","section":"安全","category":"应急响应","tags":["勒索病毒","sage2.2","钓鱼邮件","电网公司","终端"]},{"title":"保护机制与突破：ASLR/DEP/Canary底层逻辑与Ret2Libc实战","url":"/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/03-%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/%E4%B8%93%E9%A2%98%E7%A0%94%E7%A9%B6%E4%B8%8E%E6%95%99%E7%A8%8B/%E4%BA%8C%E8%BF%9B%E5%88%B6%E9%80%86%E5%90%91%E4%B8%8EPwn%E8%BF%9B%E9%98%B6/2-%E4%BF%9D%E6%8A%A4%E4%B8%8E%E7%AA%81%E7%A0%B4/ASLR%E4%B8%8ERet2Libc%E5%AE%9E%E6%88%98/","date":"2026-06-11","summary":"保护机制与突破：ASLR/DEP/Canary底层逻辑与Ret2Libc实战 在上一篇中，我们推演了最基础的栈溢出攻击：通过输入过长的数据，覆盖栈上的返回地址（Return Address），让 rip 跳转到我们在栈上布置的恶意代码 …","section":"安全","category":"安全"},{"title":"幽灵漫步：Windows横向移动机制与哈希传递实战","url":"/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/05-%E5%90%8E%E6%B8%97%E9%80%8F%E5%88%A9%E7%94%A8/1-%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E4%B8%8E%E5%9F%9F%E6%8E%A7%E5%AE%89%E5%85%A8/2-%E5%B9%BD%E7%81%B5%E6%BC%AB%E6%AD%A5/Windows%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8%E4%B8%8E%E5%93%88%E5%B8%8C%E4%BC%A0%E9%80%92%E5%BA%95%E5%B1%82%E6%8E%A8%E6%BC%94/","date":"2026-06-11","summary":"幽灵漫步：Windows横向移动机制(WMI/PsExec/WinRM)与哈希传递实战 在撕裂边界、建立起稳固的内网隧道后，攻击者的视角正式切入企业内网。 面对内网中成百上千台 Windows 主机，寻找高价值目标（如域控、核心数据库）的过 …","section":"安全","category":"安全"},{"title":"CSDN Webshell 典型处置案例","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/%E5%9B%BD%E9%99%85%E6%A1%88%E4%BE%8B/CSDN-Webshell%E5%85%B8%E5%9E%8B%E5%A4%84%E7%BD%AE%E6%A1%88%E4%BE%8B/","date":"2026-06-20","summary":"案例一：Windows 服务器网站后台被篡改 事件背景 在 2018 年 11 月 29 日 4 时 47 分，某网站管理员发现网站后台登录页面被篡改，\u0026amp;ldquo;中招\u0026amp;quot;服务器为 Windows 系统，应采用 Java 语言开发 …","section":"安全","category":"应急响应","tags":["Webshell","应急响应","挖矿木马","网页篡改","Tomcat"]},{"title":"安全设备弱口令致内网被僵尸网络控制","url":"/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/DDoS%E5%83%B5%E5%B0%B8%E7%BD%91%E7%BB%9C%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2/%E5%AE%89%E5%85%A8%E8%AE%BE%E5%A4%87%E5%BC%B1%E5%8F%A3%E4%BB%A4%E8%87%B4%E5%86%85%E7%BD%91%E8%A2%AB%E5%83%B5%E5%B0%B8%E7%BD%91%E7%BB%9C%E6%8E%A7%E5%88%B6/","date":"2026-06-20","summary":"事件概述 某日，安服应急响应团队接到某大学僵尸网络事件的应急请求，现场多台终端发现疑似黑客活动迹象，重要网站系统遭到黑客攻击，无法正常运行。\n应急响应人员通过对重要网站系统进行排查分析，发现该业务系统存在大量IPC暴破登录行为，内网多台主机 …","section":"安全","category":"应急响应","tags":["僵尸网络","弱口令","审计系统","大学","IPC暴破"]}],"currentPage":1,"totalPages":19,"hasNext":true}