<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Fileless Malware :: 标签 :: x7peeps</title><link>https://x7peeps.com/tags/Fileless-Malware/index.html</link><description/><generator>Hugo</generator><language>zh-CN</language><lastBuildDate>Thu, 09 Jul 2026 12:00:00 +0800</lastBuildDate><atom:link href="https://x7peeps.com/tags/Fileless-Malware/index.xml" rel="self" type="application/rss+xml"/><item><title>无文件恶意代码取证深度分析</title><link>https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E6%97%A0%E6%96%87%E4%BB%B6%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%8F%96%E8%AF%81%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90/index.html</link><pubDate>Thu, 09 Jul 2026 12:00:00 +0800</pubDate><guid>https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E6%97%A0%E6%96%87%E4%BB%B6%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%8F%96%E8%AF%81%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90/index.html</guid><description>全面剖析无文件恶意代码（Fileless Malware）的攻击技术与取证检测方法论，涵盖PowerShell内存执行与AMSI绕过、Process Hollowing与进程替换、.NET Assembly反射加载、WMI事件订阅持久化、注册表Shellcode注入、COM对象劫持等无文件攻击技术，结合Volatility内存取证与Sysmon日志分析提供完整的检测与响应方案</description></item></channel></rss>