<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>安全机制 :: 标签 :: x7peeps</title><link>https://x7peeps.com/tags/%E5%AE%89%E5%85%A8%E6%9C%BA%E5%88%B6/index.html</link><description/><generator>Hugo</generator><language>zh-CN</language><lastBuildDate>Thu, 25 Jun 2026 14:00:00 +0800</lastBuildDate><atom:link href="https://x7peeps.com/tags/%E5%AE%89%E5%85%A8%E6%9C%BA%E5%88%B6/index.xml" rel="self" type="application/rss+xml"/><item><title>AMSI绕过与ETW篡改取证分析</title><link>https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E6%94%BB%E5%87%BB%E6%8A%80%E6%9C%AF%E5%8F%96%E8%AF%81/AMSI%E7%BB%95%E8%BF%87%E4%B8%8EETW%E7%AF%A1%E6%94%B9%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/index.html</link><pubDate>Thu, 25 Jun 2026 14:00:00 +0800</pubDate><guid>https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E6%94%BB%E5%87%BB%E6%8A%80%E6%9C%AF%E5%8F%96%E8%AF%81/AMSI%E7%BB%95%E8%BF%87%E4%B8%8EETW%E7%AF%A1%E6%94%B9%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/index.html</guid><description>围绕 AMSI（反恶意软件扫描接口）绕过和 ETW（事件追踪）篡改技术的完整体系，深入分析 AMSI 架构、AMSI 补丁绕过、反射加载绕过、ETW 架构、ETW 禁用/篡改、取证特征、检测方法，以及如何识别安全机制被破坏的痕迹。</description></item></channel></rss>