<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Dependency Confusion :: 标签 :: x7peeps</title><link>https://x7peeps.com/tags/Dependency-Confusion/index.html</link><description/><generator>Hugo</generator><language>zh-CN</language><lastBuildDate>Sun, 05 Jul 2026 10:00:00 +0800</lastBuildDate><atom:link href="https://x7peeps.com/tags/Dependency-Confusion/index.xml" rel="self" type="application/rss+xml"/><item><title>供应链攻击取证深度分析</title><link>https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB%E5%8F%96%E8%AF%81%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90/index.html</link><pubDate>Sun, 05 Jul 2026 10:00:00 +0800</pubDate><guid>https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB%E5%8F%96%E8%AF%81%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90/index.html</guid><description>系统剖析软件供应链攻击的取证分析方法论，涵盖npm/PyPI/Maven依赖投毒、GitHub Actions/CI-CD流水线污染、代码签名链验证、SolarWinds式高级持续性攻击、UEFI固件供应链篡改，结合SBOM生成与Sigstore验证等自动化检测手段，通过SolarWinds、XZ Utils、event-stream等真实案例还原完整攻击链</description></item></channel></rss>