Deploying to gh-pages from @ ef7491a097 🚀
This commit is contained in:
qwqdanchun
parent
b2a99f1b9b
commit
8da9ca819d
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="这次是标题党了,主要还是记录一下自己在使用Appdomain中遇到的一点小坑 前情提要我一直很喜欢使用C#制作一些工具,或者制作一些技术的poc,在测试杀软对行为的拦截时为了避免频繁文件落地,都是使用对一个C#远控添加插件的方式测试的。 最常用的插件加载方式就是Assembly.Load了,使用过的都会发现这种方式可以加载不能卸载,用Procexp之类的软件可以很方便的查看进程内的Assembly">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2023-02-17T01:29:19.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.611Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.133Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content=".Net">
|
||||
<meta property="article:tag" content="Appdomain">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="拿到装有宝塔面板的服务器后,在不登录面板的情况下不能直接查看数据库信息 为了解决这个问题,就制作了一个脚本去进行配置信息的解密 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253import os#使用前pip3 install PyCryptodome#">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2023-12-01T07:26:33.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.611Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.133Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="Decrypt">
|
||||
<meta name="twitter:card" content="summary_large_image">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="某大型活动还有一段时间,但是总会有很多新工具出现,想用但不敢用该怎么办,还是需要先了解下常见的源码投毒方式吧 方法1.代码带毒直接在代码中实现一个后门,常见的操作包括但不限于在程序启动时,按钮点击时,程序结束时等位置添加恶意代码。常见恶意代码为反向shell或各式各样的shellcode加载器 对于visual studio等编译器,不会在项目中显示未包含文件的代码,但是如果引用到了,依然会编译进">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2023-05-09T07:12:17.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.611Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.133Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="Backdoor">
|
||||
<meta property="article:tag" content="BlueTeam">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="早在疫情期间就经历了好久的线上考试,最近又遇到了类似的需求,正好就写写相关的东西吧。为了防止暴露是哪几款软件,文中就不放图了,只是说说方法。 逆向相关目前遇到过的主流是C#/Electron的程序,也有部分C++的程序。 C#的可以直接用DnSpy查看代码并修改 Electron的可以解包asar查看代码,修改后也可以打包替换回去 C++的一般IDA辅助分析后,可以手动跳过部分函数或判断">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2023-03-16T05:30:29.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.611Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.133Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content=".Net">
|
||||
<meta property="article:tag" content="Crack">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="突发奇想的一个思路,不太好用就发出来玩玩吧 背景知识目录挂载subst是Windows自带的一个工具,可以将文件目录挂载为磁盘,但是重启后不会继续挂载了。 如果想长期挂载,需要修改注册表 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices。 https://learn.microsoft.com/en-us/windo">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2023-02-27T09:49:45.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.611Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.133Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="Bypass">
|
||||
<meta property="article:tag" content="360">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="首先感谢Zy143L大佬进行的PCB板的设计和制作。 特点 附带tf卡槽,可自选是否附带储存空间 使用CH552单片机,方便上手 通用G2版型,方便购买或定制外壳 带有USBHUB,可以同时作为U盘和可编程USB控制设备使用 带有霍尔开关,用于控制烧写,也可用于连接后的控制开关,即使加壳也不影响后续烧写 成本低廉,适合大批量使用 使用方法1.准备环境Windows系统,安装Arduino IDE">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2023-09-06T10:47:22.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.619Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.141Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="USB">
|
||||
<meta name="twitter:card" content="summary_large_image">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="2022年过的真的很快啊,一转眼就2023了,本来想着元旦的时候,搞一点东西分享出来,但是因为太忙没有腾出时间,那就只好赶着春节前夕,水一点文章了。 CobaltStrike简介CobaltStrike是一套商业化的C2框架,提供了较好的兼容性和可扩展性,也因此成为了目前红队中最为广泛使用的C2。但是因为使用广泛,其特征也被大量采集,并用于识别beacon及TeamServer,这里我就简单的把自">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2023-01-21T15:59:59.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.623Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.145Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="CobaltStrike">
|
||||
<meta property="article:tag" content="Modify">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="起源一年多以前,Jonas L在推特首次提出了这个注入方法,并在评论区提出了一些可能的利用方法。半年前,有人在GitHub发布了一份Poc,某种程度上进行了对注入方案的验证。 原理控制台程序,会有一个对应的Code Page,也就是代码页,这个东西是字符代码的一个映射,每个控制台对应两个代码页,一个输入一个输出。 大部分Code Page都是nls文件,但是看到有一部分是dll文件,确切地说是5开">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2022-11-25T13:03:31.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.623Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.145Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="Injection">
|
||||
<meta property="article:tag" content="CodePage">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="今年上半年,在开发 CobaltStrike 插件期间,没用遇到合适且长期更新的信息收集工具,便决定自己制作一款,也就有了Pillager项目。 这款工具旨在收集机器上浏览器,聊天软件,已经其他常用工具的凭证、记录等敏感信息,从而进行进一步的后渗透工作。 思路的确定最初的想法只是为了制作一个小巧简介的 BOF ,但是后期研究发现使用 BOF 开发并不合适,综合考虑下选择了使用C#开发。进而就要考虑">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2023-11-09T19:22:25.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.623Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.145Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="Forensics">
|
||||
<meta name="twitter:card" content="summary_large_image">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="Chrome系列浏览器的信息提取Chrome浏览器的数据默认保存在 %LocalAppdata%\Google\Chrome\User Data内,此目录中 Local State文件保存了 MasterKey信息,Default目录保存了默认配置信息,如有更多配置,则保存于 Profile 数字的文件夹中 历史记录对于每一个配置文件夹,其中的 History文件即为保存为Sqlite数据库格式的">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2024-01-02T12:16:33.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.623Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.145Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="Forensics">
|
||||
<meta name="twitter:card" content="summary_large_image">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="网易邮箱大师的账号接管网易邮箱大师的数据文件默认保存在 %LocalAppdata%\Netease\MailMaster\data\app.db内,此文件为Sqlite格式储存 获取目录app.db的Account表中的每一行对应一个账号,DataPath项对应的值即为账号信息保存目录。 接管账号本地安装网易邮箱大师后,将上一步获取的文件夹,复制回本地,依次点击设置-邮箱设置-导入邮箱数据,选">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2024-01-02T14:11:45.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.627Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.149Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="Forensics">
|
||||
<meta name="twitter:card" content="summary_large_image">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="概述CVE-2021-1675 / CVE-2021-34527 这两个洞本质上就是一个洞,只是因为修复的问题分配了两个编号。具体的漏洞分析就不赘述了,很早就有人发过,没必要炒冷饭,这里只总结下实际使用时可能出现的问题,以及很多poc中不会提到的细节 复现攻击环境注意事项1.域相关目标机器为域内Windows Server机器时,攻击机必须为同一域内的机器;目标机器为非域环境Window">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2022-11-12T19:34:50.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.627Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.149Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="0/N Day">
|
||||
<meta property="article:tag" content="PrintNightmare">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="因为各种原因,接触了一些场景要对Telegram进行信息收集,这里就记录下基本思路,只涉及Windows的官方客户端 1.关于tdata正常安装的Telegram会安装至 %appdata%\Telegram Desktop,在这个目录中 modules文件夹存放了一个D3D的dll,tdata文件夹存放所有数据,unins000.exe/unins000.dat文件是卸载相关,Updater.e">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2023-04-14T21:40:56.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.627Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.149Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta property="article:tag" content="Forensics">
|
||||
<meta property="article:tag" content="Telegram">
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@
|
|||
<meta property="og:site_name" content="簞純's Blog">
|
||||
<meta property="og:description" content="这里是簞純,一个单纯的日常生产bug再debug的菜鸡红队安全开发,目前主要做Windows下的二进制方向开发 ID:簞純 / qwqdanchun Tag:伪技术宅,干饭人,老二次元,佛系,咕咕咕,夜猫子 QQ聊天群:814084837">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2024-03-08T17:21:28.627Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.627Z">
|
||||
<meta property="article:published_time" content="2024-03-08T17:22:11.149Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.149Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta name="twitter:card" content="summary_large_image">
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<meta property="og:description" content="历时半个多月,删站的我又决定把博客搭起来了,这次从用了五年的Wordpress换成了Hexo,自动部署的纯静态博客似乎也是不错的 不过之前的文章没有保存了,很多都是早年写的东西,现在看来已经没有意义了 后面会尽量恢复记笔记的习惯,也就顺手更一些文章吧,希望我的文章可以帮到你">
|
||||
<meta property="og:locale" content="zh_CN">
|
||||
<meta property="article:published_time" content="2022-11-11T11:15:50.000Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:21:28.627Z">
|
||||
<meta property="article:modified_time" content="2024-03-08T17:22:11.149Z">
|
||||
<meta property="article:author" content="qwqdanchun">
|
||||
<meta name="twitter:card" content="summary_large_image">
|
||||
|
||||
|
|
|
|||
|
|
@ -402,7 +402,7 @@
|
|||
|
||||
<div class="link-text">
|
||||
<div class="link-title">蚊子</div>
|
||||
<div class="link-intro">蚊BloG</div>
|
||||
<div class="link-intro">幸福往往是摸得透彻,而堇业的心却常常隐藏</div>
|
||||
</div>
|
||||
</div>
|
||||
</a>
|
||||
|
|
@ -420,7 +420,7 @@
|
|||
|
||||
<div class="link-text">
|
||||
<div class="link-title">Sp4ce</div>
|
||||
<div class="link-intro">Sp4ce's Blog</div>
|
||||
<div class="link-intro">不傲不畏,不卑不亢,不骄不躁,不气不馁</div>
|
||||
</div>
|
||||
</div>
|
||||
</a>
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
https://blog.qwqdanchun.com/PrintNightmare/
|
||||
https://blog.qwqdanchun.com/Telegram_Forensics/
|
||||
https://blog.qwqdanchun.com/hello-world/
|
||||
https://blog.qwqdanchun.com/Telegram_Forensics/
|
||||
https://blog.qwqdanchun.com/Pillager_Forensics_3/
|
||||
https://blog.qwqdanchun.com/about/index.html
|
||||
https://blog.qwqdanchun.com/av/index.html
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://blog.qwqdanchun.com/Telegram_Forensics/</loc>
|
||||
<loc>https://blog.qwqdanchun.com/hello-world/</loc>
|
||||
|
||||
<lastmod>2024-03-08</lastmod>
|
||||
|
||||
|
|
@ -20,7 +20,7 @@
|
|||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://blog.qwqdanchun.com/hello-world/</loc>
|
||||
<loc>https://blog.qwqdanchun.com/Telegram_Forensics/</loc>
|
||||
|
||||
<lastmod>2024-03-08</lastmod>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue