跳到主要内容

Host Evasions - 主机规避

TryHackMe | Host Evasions

了解主机安全背后的技术,并绕过 Windows 操作系统中最常见的安全产品。

Understand the techniques behind host-based security and bypass the most common security products in Windows operating systems.

该模块提供了绕过各种主机安全解决方案的基本知识和基本技术,包括防病毒产品、用户账户控制(UAC)和 AppLocker、日志记录、运行时检测以及 AMSI。您还将学习 “Living-Off-the-Land” 技术以及如何利用 Windows Sysinternals 工具来执行各种红队任务。

This module provides the essential knowledge and fundamental techniques to bypass various host-based security solutions, including AV products, UAC and AppLocker, Logging, Runtime Detection, and AMSI. You will also learn the Living-Off-the-Land technique and how to leverage the Windows Sysinternals tool to perform various Red Team purposes.

Windows Internals - Windows 内部机制

学习并理解 Windows 在其核心运行的基本原理。

Learn and understand the fundamentals of how Windows operates at its core.

Introduction to Windows API - Windows API 简介

学习如何与 Win32 API 进行交互,并理解其广泛的用例。

Learn how to interact with the win32 API and understand its wide range of use cases

Abusing Windows Internals - 滥用 Windows 内部机制

利用 Windows 内部组件来规避常见的检测解决方案,采用现代的与工具无关的方法。

Leverage windows internals components to evade common detection solutions, using modern tool-agnostic approaches.

Introduction to Antivirus - 防病毒简介

了解防病毒软件的工作原理以及用于规避恶意文件检查的检测技术。

Understand how antivirus software works and what detection techniques are used to bypass malicious file checks.

[AV Evasion: Shellcode] - 防病毒规避:Shellcode

学习 Shellcode 编码、打包、绑定器和加密器。

Learn shellcode encoding, packing, binders, and crypters.

[Obfuscation Principles] - 混淆原理

利用与工具无关的软件混淆实践来隐藏恶意功能并创建独特的代码。

Leverage tool-agnostic software obfuscation practices to hide malicious functions and create unique code.

[Signature Evasion] - 签名规避

学习如何打破签名并规避常见的防病毒软件,采用现代的与工具无关的方法。

Learn how to break signatures and evade common AV, using modern tool-agnostic approaches.

[Bypassing UAC] - 绕过用户账户控制(UAC)

学习在 Windows 主机中绕过用户账户控制(UAC)的常用方法。

Learn common ways to bypass User Account Control (UAC) in Windows hosts.

[Runtime Detection Evasion] - 运行时检测规避

学习如何使用现代的与工具无关的方法来规避常见的运行时检测措施,比如 AMSI。

Learn how to bypass common runtime detection measures, such as AMSI, using modern tool-agnostic approaches.

[Evading Logging and Monitoring] - 规避日志记录和监视

学习如何使用现代的与工具无关的方法来规避常见的日志记录和系统监控,比如 ETW。

Learn how to bypass common logging and system monitoring, such as ETW, using modern tool-agnostic approaches.

[Living Off the Land] - 离土不离乡

学习在红队行动中 “Living Off the Land”(使用系统内置资源)的基本概念。

Learn the essential concept of "Living Off the Land" in Red Team engagements.