https://x7peeps.com/tags/EDR%E5%AF%B9%E6%8A%97/index.htmlHugozh-CNSat, 20 Jun 2026 16:02:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/APT%E6%94%BB%E5%87%BB/1.%E6%B7%B1%E4%BF%A1%E6%9C%8D2024%E5%B9%B4APT%E6%B4%9E%E5%AF%9F%E6%8A%A5%E5%91%8A/index.htmlSat, 20 Jun 2026 16:02:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x04%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E6%8A%A5%E5%91%8A/APT%E6%94%BB%E5%87%BB/1.%E6%B7%B1%E4%BF%A1%E6%9C%8D2024%E5%B9%B4APT%E6%B4%9E%E5%AF%9F%E6%8A%A5%E5%91%8A/index.html基于深信服千里目安全技术中心《2024年APT洞察报告》，从应急响应与取证分析视角重构APT攻击全流程。针对0day漏洞利用、供应链投毒、Rootkit持久化、EDR对抗、窃密组件等每个攻击阶段，映射到0x02电子取证和0x03取证分析概念体系，给出对应的取证入口、证据收集方法和证据链构建思路。