https://x7peeps.com/tags/%E9%98%B2%E5%BE%A1%E7%BB%95%E8%BF%87/index.htmlHugozh-CNTue, 16 Jun 2026 09:30:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E7%94%A8%E6%88%B7%E6%80%81%E5%86%85%E6%A0%B8%E6%80%81%E9%92%A9%E5%AD%90%E4%B8%8EAPI%E5%8A%AB%E6%8C%81%E7%97%95%E8%BF%B9%E5%88%86%E6%9E%90/index.htmlTue, 16 Jun 2026 01:10:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E7%94%A8%E6%88%B7%E6%80%81%E5%86%85%E6%A0%B8%E6%80%81%E9%92%A9%E5%AD%90%E4%B8%8EAPI%E5%8A%AB%E6%8C%81%E7%97%95%E8%BF%B9%E5%88%86%E6%9E%90/index.html围绕用户态 API Hook、AMSI/ETW Patch、IAT/Inline Hook、进程注入与内核回调可见性，分析蓝队如何从主机证据识别劫持与规避行为。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E9%98%B2%E7%81%AB%E5%A2%99%E8%A7%84%E5%88%99%E7%AF%A1%E6%94%B9%E4%B8%8E%E6%94%BE%E8%A1%8C%E9%93%BE%E8%B7%AF%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/index.htmlTue, 16 Jun 2026 09:30:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E9%98%B2%E7%81%AB%E5%A2%99%E8%A7%84%E5%88%99%E7%AF%A1%E6%94%B9%E4%B8%8E%E6%94%BE%E8%A1%8C%E9%93%BE%E8%B7%AF%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/index.html围绕 Windows Firewall、WFP、netsh、New-NetFirewallRule、iptables 与 ufw，分析攻击者如何通过放行、阻断或静默规则为横向、RDP、EDR规避和隧道建立让路。