奇安信攻防社区-【补天白帽黑客城市沙龙-杭州站】基于“幽灵协议”下的内存马构建

【补天白帽黑客城市沙龙-杭州站】基于“幽灵协议”下的内存马构建

在当前的攻防实战中，传统的内存马查杀技术正日益完善,促使我们从开发者视角深入探索更隐蔽、更底层的内存马形态。我基于对TCP/IP协议的精细化理解,实现了一套全新的WebShell工具Demo。这个工具不再依赖常见的HTTP层封装，而是直接在TCP底层进行自定义字节流构建与解析，从而实现更高级别的隐蔽通信。

### Speaker：Q16G

![幻灯片1.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-7c27c4556ca13da3350c150fbfac097971fa19d6.png)

![幻灯片2.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-cf93b48c6dabf7e64d67c87dbc4669593b41cd29.png)

![幻灯片3.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-cb2cf0f67bd29b42f77b736cbbdb3fceb87c53a7.png)

![幻灯片4.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-aa2473e08eae408e7f7004b3fe11b6db73a93d17.png)

![幻灯片5.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-a4da5da07d99127cd57ede2252d028ef6561d7ac.png)

![幻灯片6.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-c17848f6913840b41b2986c331684d1a08625c16.png)

![幻灯片7.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-cf2f67d428f42e4d4d9df87d196488d0329bbace.png)

![幻灯片8.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-62ae61c25b799ab0193edc90cad3265f03293808.png)

![幻灯片9.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-963fbf6b781b10ebcf09346c5224ed370ec55c63.png)

![幻灯片10.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-c7fa42a8dbb7373565cb0b3c9597e702d9abee36.png)

![幻灯片11.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-04ee115b029646716ca933c46a314e1f1eeea0f1.png)

![幻灯片12.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-75e6f75dc1c3a1e569557debe36ee661fb08a419.png)

![幻灯片13.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-9e33a66a4703c62ae57b11d38ff15b0afa5e5e12.png)

![幻灯片14.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-a2cff14836356b1bae048113e84ed8665856d9ba.png)

![幻灯片15.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-b8f10b83341011a8b506f7c2849ec2809d847e16.png)

![幻灯片16.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-fd95c555170fed0245b953c23de230d18a7df6b1.png)

![幻灯片17.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-d8e8e4987522e89f280079e2b8cd0dccb1dd8c78.png)

![幻灯片18.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-0b1f667ac4517e8585b928fc83697532112aba6e.png)

![幻灯片19.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-bd56dd786777c7ac2a07c6d6bd187a489ce2a3fe.png)

![幻灯片20.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-0c2e4b56f6ac73060c84018b4eeb6b5d575b5749.png)

![幻灯片21.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-6a20e449010c9b27a484d1d907b8f9b6d782e33f.png)

![幻灯片22.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-e0d8f0fc13a2b0af3a14c03c999dac9c6215ae64.png)

![幻灯片23.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-05cd31ce7a4845bc0d9be2128309a62e357a5dbe.png)

![幻灯片24.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-5ad4eb545e4417706ea1bc52c0b5bdd886d5917d.png)

![幻灯片25.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-ea7f4651314ab4494fc4a6880a6793974a84a36d.png)

![幻灯片26.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-9311098725fe9ebde2dc305be48c3b98a9b902b3.png)

![幻灯片27.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-69fe58463bf764dac889dac4fa4e1428562b173f.png)

![幻灯片28.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-189582e5e6f82784e8ed0b9b69d208fb9a6fef48.png)

![幻灯片29.PNG](https://cdn-yg-zzbm.yun.qianxin.com/attack-forum/2025/08/attach-08f23720bb97b5ad3fcf86dba0582c2d729dd535.png)

发表于 2025-08-13 18:19:37
阅读 ( 519 )
分类：渗透测试

【补天白帽黑客城市沙龙-杭州站】基于“幽灵协议”下的内存马构建

0 条评论