# idiotc4t's blog ## idiotc4t's blog - [关于这个博客](https://idiotc4t.com/master.md) - [我也不知道能不能写](https://idiotc4t.com/weapon-design/idoknow.md) - [C2手稿](https://idiotc4t.com/weapon-design/c2-manuscript.md) - [Heap加密](https://idiotc4t.com/weapon-design/c2-manuscript/heap-jia-mi.md) - [数据打包DataPacker](https://idiotc4t.com/weapon-design/c2-manuscript/shu-ju-da-bao-fang-shi.md) - [真·手稿](https://idiotc4t.com/weapon-design/c2-manuscript/real-manuscript.md) - [实现UML图](https://idiotc4t.com/weapon-design/c2-manuscript/real-uml.md) - [先占个位置](https://idiotc4t.com/weapon-design/xian-zhan-ge-wei-zhi.md) - [COM组件相关的武器化开发技术](https://idiotc4t.com/weaponization/com-weaponization.md) - [攻击demo的bof改造](https://idiotc4t.com/weaponization/bof-weaponization.md) - [Go项目反射改造](https://idiotc4t.com/weaponization/go-xiang-mu-fan-she-gai-zao.md) - [VulnBins的利用 (vuln driver)](https://idiotc4t.com/weaponization/vulnbins-de-li-yong-vuln-driver.md) - [NtQueryInformationProcess逆向](https://idiotc4t.com/redteam-research/untitled.md) - [NetUserAdd逆向](https://idiotc4t.com/redteam-research/netuseradd-ni-xiang.md) - [WannaMine4.0专杀的一些技巧](https://idiotc4t.com/emergency-response/fuck-wannamine4.0.md) - [ReflectiveDLLInjection变形应用](https://idiotc4t.com/defense-evasion/reflectivedllinjection-variation.md) - [Execute-Assembly实现](https://idiotc4t.com/defense-evasion/cobaltstrike-executeassembly-realization.md) - [ShadowMove复现与思考](https://idiotc4t.com/defense-evasion/shadowmove-emersion-and-think.md) - [载入第二个Ntdll绕Hook](https://idiotc4t.com/defense-evasion/load-ntdll-too.md) - [编译时混淆字符串&函数调用](https://idiotc4t.com/defense-evasion/compile-time-obfuscation.md) - [基于线程结束的EventLog绕过](https://idiotc4t.com/defense-evasion/fuck-eventlog.md) - [动态获取系统调用(syscall)号](https://idiotc4t.com/defense-evasion/dynamic-get-syscallid.md) - [基于内存补丁的AMSI绕过](https://idiotc4t.com/defense-evasion/memory-pacth-bypass-amsi.md) - [基于API Hook和DLL注入的AMSI绕过](https://idiotc4t.com/defense-evasion/apihook-and-dllinjection-bypass-amsi.md) - [基于内存补丁ETW的绕过](https://idiotc4t.com/defense-evasion/memory-pacth-bypass-etw.md) - [基于断链的DLL隐藏](https://idiotc4t.com/defense-evasion/unlink-module-hide.md) - [基于HEX字符串执行的AV绕过](https://idiotc4t.com/defense-evasion/hex-execute.md): hex-strings-execute - [CobaltStrike Argue命令实现](https://idiotc4t.com/defense-evasion/cobaltstrike-argue.md) - [简单的分离免杀](https://idiotc4t.com/defense-evasion/simple-separate-bypassav.md) - [伪装PPID规避检测](https://idiotc4t.com/defense-evasion/fake-ppid.md): fake-PPID - [伪装命令行规避检测](https://idiotc4t.com/defense-evasion/fake-commandline.md) - [通过重写ring3 API函数实现免杀](https://idiotc4t.com/defense-evasion/overwrite-winapi-bypassav.md) - [动态调用无导入表编译](https://idiotc4t.com/defense-evasion/avtive-call-api.md): 重新编译开源代码绕过杀毒软件 - [基于Registry的虚拟机检测](https://idiotc4t.com/defense-evasion/rregistry-check-virtualmachine.md) - [利用杀毒软件删除任意文件](https://idiotc4t.com/defense-evasion/using-antivirus-to-delete-files.md) - [反转字符串绕杀软](https://idiotc4t.com/defense-evasion/reverse-strings-bypass-av.md) - [重新加载.text节拖钩](https://idiotc4t.com/defense-evasion/reload-ntdll-.text-section.md) - [x64转换层&跨位数进程注入](https://idiotc4t.com/defense-evasion/wow64-and-cross-bit-process-injection.md) - [Divide and Conquer](https://idiotc4t.com/code-and-dll-process-injection/divide-and-conquer.md) - [Clipboard Data Deliver](https://idiotc4t.com/code-and-dll-process-injection/clipboard-data-deliver.md) - [.NET Reflective Injection](https://idiotc4t.com/code-and-dll-process-injection/.net-fan-she-jia-zai.md) - [APC Thread Hijack](https://idiotc4t.com/code-and-dll-process-injection/apc-thread-hijack.md) - [CreateRemoteThread](https://idiotc4t.com/code-and-dll-process-injection/createremotethread.md): 经典代码\&dll注入 - [APC Injection](https://idiotc4t.com/code-and-dll-process-injection/apc-injection.md): APC注入 - [Mapping Injection](https://idiotc4t.com/code-and-dll-process-injection/mapping-injection.md): Mapping Injection - [Bypass Session 0 Injection](https://idiotc4t.com/code-and-dll-process-injection/bypass-session-0-injection.md) - [WhiteFile Offset Table Generate Shellcode](https://idiotc4t.com/code-and-dll-process-injection/writefile-offset-table-generate-shellcode.md) - [Early Bird](https://idiotc4t.com/code-and-dll-process-injection/early-bird.md) - [Early Bird & CreateRemoteThread](https://idiotc4t.com/code-and-dll-process-injection/early-bird-and--createremotethread.md) - [TLS Code Execute](https://idiotc4t.com/code-and-dll-process-injection/tls-code-execute.md) - [SEH Code Execute](https://idiotc4t.com/code-and-dll-process-injection/seh-code-execute.md) - [APC & NtTestAlert Code Execute](https://idiotc4t.com/code-and-dll-process-injection/apc-and-nttestalert-code-execute.md): APC & NtTestAlert代码执行 - [NtCreateSection & NtMapViewOfSection Code Execute](https://idiotc4t.com/code-and-dll-process-injection/untitled.md) - [Process Hollowing](https://idiotc4t.com/code-and-dll-process-injection/process-hollowing.md): 进程镂空 - [SetContext Hijack Thread](https://idiotc4t.com/code-and-dll-process-injection/setcontext-hijack-thread.md) - [DLL Hollowing](https://idiotc4t.com/code-and-dll-process-injection/dll-hollowing.md): DLL Hollowing - [基于注册表劫持BypassUAC](https://idiotc4t.com/privilege-escalation/bypassuac-fodhelper.md): bypassuac-Fodhelper - [基于dll劫持BypassUac](https://idiotc4t.com/privilege-escalation/dll-hijack-bypassuac.md) - [通过com组件BypassUAC](https://idiotc4t.com/privilege-escalation/com-bypassuac.md) - [通过复制Token提权到SYSTEM](https://idiotc4t.com/privilege-escalation/token-manipulation.md) - [通过code\&dll注入提权到SYSTEM](https://idiotc4t.com/privilege-escalation/code-dll-injection-privilege-escalation.md) - [通过伪装PPID提权到SYSTEM](https://idiotc4t.com/privilege-escalation/privilege-escalation-ppid.md): PPID-Priv - [通过系统服务提权到SYSTEM](https://idiotc4t.com/privilege-escalation/privilege-escalation-service.md) - [主机特征绑定木马](https://idiotc4t.com/persistence/zhu-ji-te-zheng-bang-ding-mu-ma.md) - [寻找有价值的文件](https://idiotc4t.com/persistence/find-file.md) - [获取机器安装的软件](https://idiotc4t.com/persistence/get-computer-installed-software.md) - [通过API添加Windows用户](https://idiotc4t.com/persistence/api-add-user.md) - [Detours InLine Hook](https://idiotc4t.com/persistence/detous-inline-hook.md) - [DLL劫持](https://idiotc4t.com/persistence/dll-hijack.md): dll hijack - [RID劫持](https://idiotc4t.com/persistence/rid-hijack.md): RID-hijack - [自启动服务](https://idiotc4t.com/persistence/startup-service.md) - [编写简单远控](https://idiotc4t.com/persistence/simple-cc.md) - [注册表自启动项](https://idiotc4t.com/persistence/registry-startup.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://idiotc4t.com/master.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.