应急响应


  • brief introduction
  • Table of contents
  • Latest documents

    内存马原理及处理

    目前针对 java web 注入内存 webshell 的经验有不少师傅已经总结过了,主流是根据不同的 web 容器(tomcat、weblogic 等)和不同的 web 技术框架(servlet、spring 系列等)来注入 filter、listener、servlet、controller 等不同形式的内存马。 我们要在上面这三个地方动手脚,于是按照作用的位置,我们有了 • listene………

    myh0st - July 15, 2022, 7:59 a.m.


    Linux 系统取证

    大纲 威胁情报 情报中心 样本分析检测 域名监测 URL分析 IP分析 PassiveDNS IOCs 系统层面 Rootkit 勒索软件 Web层面 暗链 webshell后门 网络层面 DDOS 文章 - 应急响应日志分析小脚本 - 【应急响应】一文了解应急响应中常用的日志收集方法 应急案例 - 6.[应急响应]Linux 入侵排查思路 - bmjoke………

    myh0st - July 12, 2022, 3:11 p.m.


    横向移动事件

    myh0st - March 10, 2022, 6:11 p.m.


    Hunt a Deleted Suspicious Process

    Case #4: Hunt a Deleted Suspicious Process! The goal of this lab is to simulate the idea of a suspicious process that was run by a threat actor and then deleted it so no traces were left behind. But,………

    myh0st - Jan. 14, 2022, 9:48 a.m.


    Attacker’s Kali System!

    Case #3: Attacker’s Kali System! You have been called to analyze the system of a known threat actor who has been accused of breaking into the server of a smaller company. The company has now come to ………

    myh0st - Jan. 14, 2022, 9:47 a.m.



    myh0st