{"version":1,"pages":[{"id":"-M3Guh9bu6XC9Z4JXQ6m","title":"关于这个博客","pathname":"/","siteSpaceId":"sitesp_xC8DF","description":""},{"id":"-MXgSU1Nsovb1RBqnpWJ","title":"我也不知道能不能写","pathname":"/weapon-design/idoknow","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器设计"}]},{"id":"-MkVSMUVURnOzWvn-J2K","title":"C2手稿","pathname":"/weapon-design/c2-manuscript","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器设计"}]},{"id":"-Ml5P1g_zDoebX9Xa3cN","title":"Heap加密","pathname":"/weapon-design/c2-manuscript/heap-jia-mi","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器设计"},{"label":"C2手稿"}]},{"id":"-Ml5lTnPPQdoRjyGe3gi","title":"数据打包DataPacker","pathname":"/weapon-design/c2-manuscript/shu-ju-da-bao-fang-shi","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器设计"},{"label":"C2手稿"}]},{"id":"-MkVSOMwjtXAuNlJO_ET","title":"真·手稿","pathname":"/weapon-design/c2-manuscript/real-manuscript","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器设计"},{"label":"C2手稿"}]},{"id":"-MkVXll1XunbEvvw_bHG","title":"实现UML图","pathname":"/weapon-design/c2-manuscript/real-uml","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器设计"},{"label":"C2手稿"}]},{"id":"-MXgSmwlGXmB72ne8Bhm","title":"先占个位置","pathname":"/weapon-design/xian-zhan-ge-wei-zhi","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器设计"}]},{"id":"-MH_E3AuiC5oj4o6_-kT","title":"COM组件相关的武器化开发技术","pathname":"/weaponization/com-weaponization","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器化"}]},{"id":"-MHiyRNB2B5twA2ql1Cs","title":"攻击demo的bof改造","pathname":"/weaponization/bof-weaponization","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器化"}]},{"id":"-MVbxuE3Q4ENVoetS680","title":"Go项目反射改造","pathname":"/weaponization/go-xiang-mu-fan-she-gai-zao","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器化"}]},{"id":"-McNlsh8dXeCix6EW3Rq","title":"VulnBins的利用 (vuln driver)","pathname":"/weaponization/vulnbins-de-li-yong-vuln-driver","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"武器化"}]},{"id":"-MTeKIKycsAO5D5ocp72","title":"NtQueryInformationProcess逆向","pathname":"/redteam-research/untitled","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"红队研究"}]},{"id":"-MU7_JgsHrVRiSL5EDO6","title":"NetUserAdd逆向","pathname":"/redteam-research/netuseradd-ni-xiang","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"红队研究"}]},{"id":"-MLGNaZzmB1tJMSnoZUW","title":"WannaMine4.0专杀的一些技巧","pathname":"/emergency-response/fuck-wannamine4.0","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"应急响应"}]},{"id":"-MO4SY3a3nmfqiGudx-0","title":"ReflectiveDLLInjection变形应用","pathname":"/defense-evasion/reflectivedllinjection-variation","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MNvBkwSauwmpfIWDZqQ","title":"Execute-Assembly实现","pathname":"/defense-evasion/cobaltstrike-executeassembly-realization","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MJeuecSDeIO1ykdA5Yh","title":"ShadowMove复现与思考","pathname":"/defense-evasion/shadowmove-emersion-and-think","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MK4n7KTnYZzxvreXgp5","title":"载入第二个Ntdll绕Hook","pathname":"/defense-evasion/load-ntdll-too","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MBCOkiQ6RNRSIYOZE6p","title":"编译时混淆字符串&函数调用","pathname":"/defense-evasion/compile-time-obfuscation","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MHpwAwURxa5Ys00fWgb","title":"基于线程结束的EventLog绕过","pathname":"/defense-evasion/fuck-eventlog","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MG44l2HJiQeylD1hffH","title":"动态获取系统调用(syscall)号","pathname":"/defense-evasion/dynamic-get-syscallid","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M6c5dSvjyOpwaWpu5Ig","title":"基于内存补丁的AMSI绕过","pathname":"/defense-evasion/memory-pacth-bypass-amsi","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MAFa8U_j3PhtpLn2CRA","title":"基于API Hook和DLL注入的AMSI绕过","pathname":"/defense-evasion/apihook-and-dllinjection-bypass-amsi","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MAU75i6_G3Wd29mRgua","title":"基于内存补丁ETW的绕过","pathname":"/defense-evasion/memory-pacth-bypass-etw","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MAQD0tXgMFVIiDLlB4z","title":"基于断链的DLL隐藏","pathname":"/defense-evasion/unlink-module-hide","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M3JVcDdHWASS-S5cqbt","title":"基于HEX字符串执行的AV绕过","pathname":"/defense-evasion/hex-execute","siteSpaceId":"sitesp_xC8DF","description":"hex-strings-execute","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M9Iv3W8w_c0AMzspPso","title":"CobaltStrike Argue命令实现","pathname":"/defense-evasion/cobaltstrike-argue","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M5KSXi1P-RbThTb6yM-","title":"简单的分离免杀","pathname":"/defense-evasion/simple-separate-bypassav","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M3OqxtYUVyT_FPBuAoe","title":"伪装PPID规避检测","pathname":"/defense-evasion/fake-ppid","siteSpaceId":"sitesp_xC8DF","description":"fake-PPID","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M4Ri_rWJPI2wCOwaYxd","title":"伪装命令行规避检测","pathname":"/defense-evasion/fake-commandline","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M3tODOpQFkKJnMESFau","title":"通过重写ring3 API函数实现免杀","pathname":"/defense-evasion/overwrite-winapi-bypassav","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M3tNNuyOjwYzIE78Xql","title":"动态调用无导入表编译","pathname":"/defense-evasion/avtive-call-api","siteSpaceId":"sitesp_xC8DF","description":"重新编译开源代码绕过杀毒软件","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M4WmsdCpkxmRUxsbfLp","title":"基于Registry的虚拟机检测","pathname":"/defense-evasion/rregistry-check-virtualmachine","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-M5_VqgthM_lBJ-WhBiH","title":"利用杀毒软件删除任意文件","pathname":"/defense-evasion/using-antivirus-to-delete-files","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MDTbAHT74BPXHfYCCQU","title":"反转字符串绕杀软","pathname":"/defense-evasion/reverse-strings-bypass-av","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MJeddlc8JgaVH1musWY","title":"重新加载.text节拖钩","pathname":"/defense-evasion/reload-ntdll-.text-section","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MJeuk4_gl-fSl5DjvzJ","title":"x64转换层&跨位数进程注入","pathname":"/defense-evasion/wow64-and-cross-bit-process-injection","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"防御逃避"}]},{"id":"-MRY7EvzCNiABNNBl9RP","title":"Divide and Conquer","pathname":"/code-and-dll-process-injection/divide-and-conquer","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-MVZfKBVYb_LGFycTl62","title":"Clipboard Data Deliver","pathname":"/code-and-dll-process-injection/clipboard-data-deliver","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-MNaGZKwDwshOxXyjGTS","title":".NET Reflective Injection","pathname":"/code-and-dll-process-injection/.net-fan-she-jia-zai","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-MD4P5vbiIrAzkqLJOoH","title":"APC Thread Hijack","pathname":"/code-and-dll-process-injection/apc-thread-hijack","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M3_vPQYX_J6cjsQIEN_","title":"CreateRemoteThread","pathname":"/code-and-dll-process-injection/createremotethread","siteSpaceId":"sitesp_xC8DF","description":"经典代码&dll注入","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M4mS8INA7hBO1F79D9x","title":"APC Injection","pathname":"/code-and-dll-process-injection/apc-injection","siteSpaceId":"sitesp_xC8DF","description":"APC注入","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M4H5LXiPZhI3sR7E0UN","title":"Mapping Injection","pathname":"/code-and-dll-process-injection/mapping-injection","siteSpaceId":"sitesp_xC8DF","description":"Mapping Injection","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M4MOsKZjq70WV0s2hxk","title":"Bypass Session 0 Injection","pathname":"/code-and-dll-process-injection/bypass-session-0-injection","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-MDxB2LxBhycf2pgIavL","title":"WhiteFile Offset Table Generate Shellcode","pathname":"/code-and-dll-process-injection/writefile-offset-table-generate-shellcode","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M3_v9LvSr7vvzE5HOPq","title":"Early Bird","pathname":"/code-and-dll-process-injection/early-bird","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M6gzMrHpfVBL1Mlyxsx","title":"Early Bird & CreateRemoteThread","pathname":"/code-and-dll-process-injection/early-bird-and--createremotethread","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M7k5o1HEexNmvSUOCec","title":"TLS Code Execute","pathname":"/code-and-dll-process-injection/tls-code-execute","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M7u7OlQrb3YNobyb88-","title":"SEH Code Execute","pathname":"/code-and-dll-process-injection/seh-code-execute","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M3t6Pg-KKZhwH0A8_b7","title":"APC & NtTestAlert Code Execute","pathname":"/code-and-dll-process-injection/apc-and-nttestalert-code-execute","siteSpaceId":"sitesp_xC8DF","description":"APC & NtTestAlert代码执行","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M70gXk_99xpFgMZglAJ","title":"NtCreateSection & NtMapViewOfSection Code Execute","pathname":"/code-and-dll-process-injection/untitled","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M3PKB4yLZubQaz7grUx","title":"Process Hollowing","pathname":"/code-and-dll-process-injection/process-hollowing","siteSpaceId":"sitesp_xC8DF","description":"进程镂空","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M8x3keKsVUlTyt0Xag9","title":"SetContext Hijack Thread","pathname":"/code-and-dll-process-injection/setcontext-hijack-thread","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M6s0IhsKh17UxWIbQfV","title":"DLL Hollowing","pathname":"/code-and-dll-process-injection/dll-hollowing","siteSpaceId":"sitesp_xC8DF","description":"DLL Hollowing","breadcrumbs":[{"label":"代码与进程注入"}]},{"id":"-M3H8A-EB0u-YY94w2HV","title":"基于注册表劫持BypassUAC","pathname":"/privilege-escalation/bypassuac-fodhelper","siteSpaceId":"sitesp_xC8DF","description":"bypassuac-Fodhelper","breadcrumbs":[{"label":"权限提升"}]},{"id":"-M5pI4WT1eUgbvW3WH2r","title":"基于dll劫持BypassUac","pathname":"/privilege-escalation/dll-hijack-bypassuac","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限提升"}]},{"id":"-MCjy532qx_unEGk0TJ6","title":"通过com组件BypassUAC","pathname":"/privilege-escalation/com-bypassuac","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限提升"}]},{"id":"-M5-ov3MXP2Tt5GgxeJ9","title":"通过复制Token提权到SYSTEM","pathname":"/privilege-escalation/token-manipulation","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限提升"}]},{"id":"-M4qWi69BINEH-cFt1zU","title":"通过code&dll注入提权到SYSTEM","pathname":"/privilege-escalation/code-dll-injection-privilege-escalation","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限提升"}]},{"id":"-M3xw6isKenHbA9QyWiQ","title":"通过伪装PPID提权到SYSTEM","pathname":"/privilege-escalation/privilege-escalation-ppid","siteSpaceId":"sitesp_xC8DF","description":"PPID-Priv","breadcrumbs":[{"label":"权限提升"}]},{"id":"-M5QJ5AG-aW9aM2_mWJ_","title":"通过系统服务提权到SYSTEM","pathname":"/privilege-escalation/privilege-escalation-service","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限提升"}]},{"id":"-MXXDOw9wmouvb91opsj","title":"主机特征绑定木马","pathname":"/persistence/zhu-ji-te-zheng-bang-ding-mu-ma","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限维持"}]},{"id":"-MCCO-hqt1xmaSrc5lFd","title":"寻找有价值的文件","pathname":"/persistence/find-file","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限维持"}]},{"id":"-MG2cDZ0ug7cGoKj_I_j","title":"获取机器安装的软件","pathname":"/persistence/get-computer-installed-software","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限维持"}]},{"id":"-MCHt6b8_KENuaGUPgb-","title":"通过API添加Windows用户","pathname":"/persistence/api-add-user","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限维持"}]},{"id":"-M8DlMFYvgSPvNv7S0XK","title":"Detours InLine Hook","pathname":"/persistence/detous-inline-hook","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限维持"}]},{"id":"-M5mDcfF5ERM4nM7puak","title":"DLL劫持","pathname":"/persistence/dll-hijack","siteSpaceId":"sitesp_xC8DF","description":"dll hijack","breadcrumbs":[{"label":"权限维持"}]},{"id":"-M62xiZJguSi1nOgbzDu","title":"RID劫持","pathname":"/persistence/rid-hijack","siteSpaceId":"sitesp_xC8DF","description":"RID-hijack","breadcrumbs":[{"label":"权限维持"}]},{"id":"-M7Al1aB8SJ6dAJXpfYw","title":"自启动服务","pathname":"/persistence/startup-service","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限维持"}]},{"id":"-M5QaLcO3AnjmkTKcCWU","title":"编写简单远控","pathname":"/persistence/simple-cc","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限维持"}]},{"id":"-M5yZ3o6lL9Oe_v97TpB","title":"注册表自启动项","pathname":"/persistence/registry-startup","siteSpaceId":"sitesp_xC8DF","description":"","breadcrumbs":[{"label":"权限维持"}]}]}