https://x7peeps.com/tags/Winlogon/index.htmlHugozh-CNWed, 17 Jun 2026 05:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E6%98%A0%E5%83%8F%E5%8A%AB%E6%8C%81%E6%A3%80%E6%9F%A5%E7%BB%93%E6%9E%9C%E4%B8%8EIFEO%E5%8F%8AWinlogon%E6%8C%81%E4%B9%85%E5%8C%96%E5%88%A4%E6%96%AD%E5%88%86%E6%9E%90/index.htmlWed, 17 Jun 2026 05:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E6%98%A0%E5%83%8F%E5%8A%AB%E6%8C%81%E6%A3%80%E6%9F%A5%E7%BB%93%E6%9E%9C%E4%B8%8EIFEO%E5%8F%8AWinlogon%E6%8C%81%E4%B9%85%E5%8C%96%E5%88%A4%E6%96%AD%E5%88%86%E6%9E%90/index.html围绕 0x02 映像劫持检查取证结果，分析如何从 IFEO 注册表键值中判断调试器劫持、SilentProcessExit 监控、Winlogon 持久化等攻击行为。