使用 volatility 发现内存中的恶意软件——malfind的核心是找到可疑的可执行的内存区域,然后反汇编结果给你让你排查,yarascan是搜索特征码
如果是vol3的话,我没有找到合适的命令行可以等价输出(感觉是vol3这块还没有足够成熟),因此:本文使用的是vol2,下载地址:http://downloads.volatilityfoundation.org/releases/2.6/volatility_2.6_win64_standalone.zip
因为有可执行文件,所以我直接加到了path里。
好了,我自己实验下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | volatility26 -f D:\book\malwarecookbook-master\malwarecookbook-master\17\1\zeus.vmem\zeus.vmem yarascan --yara-file .\sample.yaraVolatility Foundation Volatility Framework 2.6Rule: credentialsOwner: Process svchost.exe Pid 10280x76da3f67 70 41 6e 64 41 6c 6c 6f 63 61 74 65 43 61 63 68 pAndAllocateCach0x76da3f77 65 64 45 6e 74 72 79 3a 20 72 65 74 75 72 6e 69 edEntry:.returni0x76da3f87 6e 67 20 63 61 63 68 65 64 20 65 6e 74 72 79 20 ng.cached.entry.0x76da3f97 66 6f 72 20 64 6f 6d 61 69 6e 20 3c 25 77 73 3e for.domain.<%ws>0x76da3fa7 2c 20 6e 65 74 77 6f 72 6b 20 3c 25 77 73 3e 0a ,.network.<%ws>.0x76da3fb7 00 25 77 73 3a 20 25 77 73 3a 20 46 6f 75 6e 64 .%ws:.%ws:.Found0x76da3fc7 20 63 61 63 68 65 20 65 6e 74 72 79 20 30 78 25 .cache.entry.0x%0x76da3fd7 78 2f 25 64 2f 25 78 20 48 3a 25 64 20 54 3a 25 x/%d/%x.H:%d.T:%0x76da3fe7 64 0a 00 8b 36 e9 b0 fe ff ff 90 90 90 90 90 68 d...6..........h0x76da3ff7 84 00 00 00 68 d8 46 da 76 e8 14 d4 ff ff a1 00 ....h.F.v.......0x76da4007 20 db 76 89 45 e4 8b 7d 08 89 7d ac 8b 75 0c 89 ..v.E..}..}..u..0x76da4017 75 b0 8b 45 18 89 45 98 8b 45 24 89 45 90 8b 45 u..E..E..E$.E..E0x76da4027 28 89 45 a0 8b 4d 30 89 4d b4 8b 45 34 89 45 80 (.E..M0.M..E4.E.0x76da4037 8b 55 38 89 55 94 c6 45 bf 00 33 db 89 5d c0 89 .U8.U..E..3..]..0x76da4047 5d a4 89 5d 9c 89 5d fc 57 50 ff 75 2c 51 56 68 ]..]..].WP.u,QVh0x76da4057 58 46 da 76 68 00 40 00 00 e8 9b d2 ff ff 83 c4 XF.vh.@......... |
我的结果和作者的不一样。奇怪。。。。
yara文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | rule credentials{meta:description = "Malfind w/ Yara Example"strings:$a = "PaNdA" nocasecondition:any of them} |
如果是使用winhex找字符串呢?如下:
第一个就是yarascan搜索到的结果,另外几个很可能不是:
所以这个例子和书中结果有出入,很可能是zeus.vmem不对。
我们继续另外一个例子:
也就是说malfind的核心是找到可疑的可执行的内存区域,然后反汇编结果给你。
1 2 3 4 5 | python .\vol.py -f D:\book\malwarecookbook-master\malwarecookbook-master\16\6\coreflood.vmem\coreflood.vmem windows.malfind或者:volatility26.exe -f D:\book\malwarecookbook-master\malwarecookbook-master\16\6\coreflood.vmem\coreflood.vmem malfind |
vol3或者vol26版本已经不支持-p参数了,我查了下官方文档,https://blog.onfvp.com/post/volatility-cheatsheet/,最新的版本也的确是废弃了pid参数。
上面的命令输出类似:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 | PS D:\Application\volatility3-stable> python .\vol.py -f D:\book\malwarecookbook-master\malwarecookbook-master\16\6\coreflood.vmem\coreflood.vmem windows.malfindVolatility 3 Framework 2.4.1Progress: 100.00 PDB scanning finishedPID Process Start VPN End VPN Tag Protection CommitCharge PrivateMemory File output Hexdump Disasm608 csrss.exe 0x7f6f0000 0x7f7effff Vad PAGE_EXECUTE_READWRITE 0 0 Disabledc8 00 00 00 ff 01 00 00 ........ff ee ff ee 08 70 00 00 .....p..08 00 00 00 00 fe 00 00 ........00 00 10 00 00 20 00 00 ........00 02 00 00 00 20 00 00 ........8d 01 00 00 ff ef fd 7f ........03 00 08 06 00 00 00 00 ........00 00 00 00 00 00 00 00 ........0x7f6f0000: enter 0, 00x7f6f0004: inc dword ptr [ecx]0x7f6f0006: add byte ptr [eax], al632 winlogon.exe 0x2c930000 0x2c933fff VadS PAGE_EXECUTE_READWRITE 4 1 Disabled00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 25 00 25 00 ....%.%.01 00 00 00 00 00 00 00 ........0x2c930000: add byte ptr [eax], al0x2c930002: add byte ptr [eax], al0x2c930004: add byte ptr [eax], al0x2c930006: add byte ptr [eax], al0x2c930008: add byte ptr [eax], al0x2c93000a: add byte ptr [eax], al0x2c93000c: add byte ptr [eax], al0x2c93000e: add byte ptr [eax], al0x2c930010: add byte ptr [eax], al0x2c930012: add byte ptr [eax], al0x2c930014: add byte ptr [eax], al0x2c930016: add byte ptr [eax], al0x2c930018: add byte ptr [eax], al0x2c93001a: add byte ptr [eax], al0x2c93001c: add byte ptr [eax], al0x2c93001e: add byte ptr [eax], al0x2c930020: add byte ptr [eax], al0x2c930022: add byte ptr [eax], al0x2c930024: add byte ptr [eax], al0x2c930026: add byte ptr [eax], al0x2c930028: add byte ptr [eax], al0x2c93002a: add byte ptr [eax], al0x2c93002c: add byte ptr [eax], al0x2c93002e: add byte ptr [eax], al0x2c930030: add byte ptr [eax], al0x2c930032: add byte ptr [eax], al0x2c930034: and eax, 0x10025000x2c930039: add byte ptr [eax], al0x2c93003b: add byte ptr [eax], al0x2c93003d: add byte ptr [eax], al632 winlogon.exe 0x37ec0000 0x37ec3fff VadS PAGE_EXECUTE_READWRITE 4 1 Disabled00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 2b 00 2b 00 ....+.+.01 00 00 00 00 00 00 00 ........0x37ec0000: add byte ptr [eax], al0x37ec0002: add byte ptr [eax], al0x37ec0004: add byte ptr [eax], al0x37ec0006: add byte ptr [eax], al0x37ec0008: add byte ptr [eax], al0x37ec000a: add byte ptr [eax], al0x37ec000c: add byte ptr [eax], al0x37ec000e: add byte ptr [eax], al0x37ec0010: add byte ptr [eax], al0x37ec0012: add byte ptr [eax], al0x37ec0014: add byte ptr [eax], al0x37ec0016: add byte ptr [eax], al0x37ec0018: add byte ptr [eax], al0x37ec001a: add byte ptr [eax], al0x37ec001c: add byte ptr [eax], al0x37ec001e: add byte ptr [eax], al0x37ec0020: add byte ptr [eax], al0x37ec0022: add byte ptr [eax], al0x37ec0024: add byte ptr [eax], al0x37ec0026: add byte ptr [eax], al0x37ec0028: add byte ptr [eax], al0x37ec002a: add byte ptr [eax], al0x37ec002c: add byte ptr [eax], al0x37ec002e: add byte ptr [eax], al0x37ec0030: add byte ptr [eax], al0x37ec0032: add byte ptr [eax], al0x37ec0034: sub eax, dword ptr [eax]0x37ec0036: sub eax, dword ptr [eax]0x37ec0038: add dword ptr [eax], eax0x37ec003a: add byte ptr [eax], al0x37ec003c: add byte ptr [eax], al0x37ec003e: add byte ptr [eax], al632 winlogon.exe 0x33470000 0x33473fff VadS PAGE_EXECUTE_READWRITE 4 1 Disabled00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 29 00 29 00 ....).).01 00 00 00 00 00 00 00 ........0x33470000: add byte ptr [eax], al0x33470002: add byte ptr [eax], al0x33470004: add byte ptr [eax], al0x33470006: add byte ptr [eax], al0x33470008: add byte ptr [eax], al0x3347000a: add byte ptr [eax], al0x3347000c: add byte ptr [eax], al0x3347000e: add byte ptr [eax], al0x33470010: add byte ptr [eax], al0x33470012: add byte ptr [eax], al0x33470014: add byte ptr [eax], al0x33470016: add byte ptr [eax], al0x33470018: add byte ptr [eax], al0x3347001a: add byte ptr [eax], al0x3347001c: add byte ptr [eax], al0x3347001e: add byte ptr [eax], al0x33470020: add byte ptr [eax], al0x33470022: add byte ptr [eax], al0x33470024: add byte ptr [eax], al0x33470026: add byte ptr [eax], al0x33470028: add byte ptr [eax], al0x3347002a: add byte ptr [eax], al0x3347002c: add byte ptr [eax], al0x3347002e: add byte ptr [eax], al0x33470030: add byte ptr [eax], al0x33470032: add byte ptr [eax], al0x33470034: sub dword ptr [eax], eax0x33470036: sub dword ptr [eax], eax0x33470038: add dword ptr [eax], eax0x3347003a: add byte ptr [eax], al0x3347003c: add byte ptr [eax], al0x3347003e: add byte ptr [eax], al632 winlogon.exe 0x71ee0000 0x71ee3fff VadS PAGE_EXECUTE_READWRITE 4 1 Disabled00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 29 00 29 00 ....).).01 00 00 00 00 00 00 00 ........0x71ee0000: add byte ptr [eax], al0x71ee0002: add byte ptr [eax], al0x71ee0004: add byte ptr [eax], al0x71ee0006: add byte ptr [eax], al0x71ee0008: add byte ptr [eax], al0x71ee000a: add byte ptr [eax], al0x71ee000c: add byte ptr [eax], al0x71ee000e: add byte ptr [eax], al0x71ee0010: add byte ptr [eax], al0x71ee0012: add byte ptr [eax], al0x71ee0014: add byte ptr [eax], al0x71ee0016: add byte ptr [eax], al0x71ee0018: add byte ptr [eax], al0x71ee001a: add byte ptr [eax], al0x71ee001c: add byte ptr [eax], al0x71ee001e: add byte ptr [eax], al0x71ee0020: add byte ptr [eax], al0x71ee0022: add byte ptr [eax], al0x71ee0024: add byte ptr [eax], al0x71ee0026: add byte ptr [eax], al0x71ee0028: add byte ptr [eax], al0x71ee002a: add byte ptr [eax], al0x71ee002c: add byte ptr [eax], al0x71ee002e: add byte ptr [eax], al0x71ee0030: add byte ptr [eax], al0x71ee0032: add byte ptr [eax], al0x71ee0034: sub dword ptr [eax], eax0x71ee0036: sub dword ptr [eax], eax0x71ee0038: add dword ptr [eax], eax0x71ee003a: add byte ptr [eax], al0x71ee003c: add byte ptr [eax], al0x71ee003e: add byte ptr [eax], al632 winlogon.exe 0x78850000 0x78853fff VadS PAGE_EXECUTE_READWRITE 4 1 Disabled00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 27 00 27 00 ....'.'.01 00 00 00 00 00 00 00 ........0x78850000: add byte ptr [eax], al0x78850002: add byte ptr [eax], al0x78850004: add byte ptr [eax], al0x78850006: add byte ptr [eax], al0x78850008: add byte ptr [eax], al0x7885000a: add byte ptr [eax], al0x7885000c: add byte ptr [eax], al0x7885000e: add byte ptr [eax], al0x78850010: add byte ptr [eax], al0x78850012: add byte ptr [eax], al0x78850014: add byte ptr [eax], al0x78850016: add byte ptr [eax], al0x78850018: add byte ptr [eax], al0x7885001a: add byte ptr [eax], al0x7885001c: add byte ptr [eax], al0x7885001e: add byte ptr [eax], al0x78850020: add byte ptr [eax], al0x78850022: add byte ptr [eax], al0x78850024: add byte ptr [eax], al0x78850026: add byte ptr [eax], al0x78850028: add byte ptr [eax], al0x7885002a: add byte ptr [eax], al0x7885002c: add byte ptr [eax], al0x7885002e: add byte ptr [eax], al0x78850030: add byte ptr [eax], al0x78850032: add byte ptr [eax], al0x78850034: daa0x78850035: add byte ptr [edi], ah0x78850037: add byte ptr [ecx], al0x78850039: add byte ptr [eax], al0x7885003b: add byte ptr [eax], al0x7885003d: add byte ptr [eax], al632 winlogon.exe 0x793e0000 0x793e3fff VadS PAGE_EXECUTE_READWRITE 4 1 Disabled00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 2b 00 2b 00 ....+.+.01 00 00 00 00 00 00 00 ........0x793e0000: add byte ptr [eax], al0x793e0002: add byte ptr [eax], al0x793e0004: add byte ptr [eax], al0x793e0006: add byte ptr [eax], al0x793e0008: add byte ptr [eax], al0x793e000a: add byte ptr [eax], al0x793e000c: add byte ptr [eax], al0x793e000e: add byte ptr [eax], al0x793e0010: add byte ptr [eax], al0x793e0012: add byte ptr [eax], al0x793e0014: add byte ptr [eax], al0x793e0016: add byte ptr [eax], al0x793e0018: add byte ptr [eax], al0x793e001a: add byte ptr [eax], al0x793e001c: add byte ptr [eax], al0x793e001e: add byte ptr [eax], al0x793e0020: add byte ptr [eax], al0x793e0022: add byte ptr [eax], al0x793e0024: add byte ptr [eax], al0x793e0026: add byte ptr [eax], al0x793e0028: add byte ptr [eax], al0x793e002a: add byte ptr [eax], al0x793e002c: add byte ptr [eax], al0x793e002e: add byte ptr [eax], al0x793e0030: add byte ptr [eax], al0x793e0032: add byte ptr [eax], al0x793e0034: sub eax, dword ptr [eax]0x793e0036: sub eax, dword ptr [eax]0x793e0038: add dword ptr [eax], eax0x793e003a: add byte ptr [eax], al0x793e003c: add byte ptr [eax], al0x793e003e: add byte ptr [eax], al1724 explorer.exe 0x1b20000 0x1b20fff VadS PAGE_EXECUTE_READWRITE 1 1 Disabled00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 b2 01 00 00 00 00 ........00 00 00 00 00 00 00 00 ........10 00 b2 01 00 00 00 00 ........00 00 00 00 00 00 00 00 ........20 00 b2 01 00 00 00 00 ........00 00 00 00 00 00 00 00 ........0x1b20000: add byte ptr [eax], al0x1b20002: add byte ptr [eax], al0x1b20004: add byte ptr [eax], al0x1b20006: add byte ptr [eax], al0x1b20008: add byte ptr [eax], al0x1b2000a: add byte ptr [eax], al0x1b2000c: add byte ptr [eax], al0x1b2000e: add byte ptr [eax], al0x1b20010: add byte ptr [eax], al0x1b20012: mov dl, 10x1b20014: add byte ptr [eax], al0x1b20016: add byte ptr [eax], al0x1b20018: add byte ptr [eax], al0x1b2001a: add byte ptr [eax], al0x1b2001c: add byte ptr [eax], al0x1b2001e: add byte ptr [eax], al0x1b20020: adc byte ptr [eax], al0x1b20022: mov dl, 10x1b20024: add byte ptr [eax], al0x1b20026: add byte ptr [eax], al0x1b20028: add byte ptr [eax], al0x1b2002a: add byte ptr [eax], al0x1b2002c: add byte ptr [eax], al0x1b2002e: add byte ptr [eax], al0x1b20030: and byte ptr [eax], al0x1b20032: mov dl, 10x1b20034: add byte ptr [eax], al0x1b20036: add byte ptr [eax], al0x1b20038: add byte ptr [eax], al0x1b2003a: add byte ptr [eax], al0x1b2003c: add byte ptr [eax], al0x1b2003e: add byte ptr [eax], al2044 IEXPLORE.EXE 0x7ff80000 0x7ffadfff VadS PAGE_EXECUTE_READWRITE 45 1 Disabled00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........0x7ff80000: add byte ptr [eax], al0x7ff80002: add byte ptr [eax], al0x7ff80004: add byte ptr [eax], al0x7ff80006: add byte ptr [eax], al0x7ff80008: add byte ptr [eax], al0x7ff8000a: add byte ptr [eax], al0x7ff8000c: add byte ptr [eax], al0x7ff8000e: add byte ptr [eax], al0x7ff80010: add byte ptr [eax], al0x7ff80012: add byte ptr [eax], al0x7ff80014: add byte ptr [eax], al0x7ff80016: add byte ptr [eax], al0x7ff80018: add byte ptr [eax], al0x7ff8001a: add byte ptr [eax], al0x7ff8001c: add byte ptr [eax], al0x7ff8001e: add byte ptr [eax], al0x7ff80020: add byte ptr [eax], al0x7ff80022: add byte ptr [eax], al0x7ff80024: add byte ptr [eax], al0x7ff80026: add byte ptr [eax], al0x7ff80028: add byte ptr [eax], al0x7ff8002a: add byte ptr [eax], al0x7ff8002c: add byte ptr [eax], al0x7ff8002e: add byte ptr [eax], al0x7ff80030: add byte ptr [eax], al0x7ff80032: add byte ptr [eax], al0x7ff80034: add byte ptr [eax], al0x7ff80036: add byte ptr [eax], al0x7ff80038: add byte ptr [eax], al0x7ff8003a: add byte ptr [eax], al0x7ff8003c: add byte ptr [eax], al0x7ff8003e: add byte ptr [eax], al |
和作者的结果还是不一样,罢了!
最后试试silent banker:
python .\vol.py -f D:\book\malwarecookbook-master\malwarecookbook-master\16\6\silentbanker.vmem\silentbanker.vmem windows.malfind 然后终于看到有类似书中提到的silent banker的注入技术了!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | Volatility 3 Framework 2.4.1PID Process Start VPN End VPN Tag Protection CommitCharge PrivateMemory File output Hexdump Disasm608 csrss.exe 0x7f6f0000 0x7f7effff Vad PAGE_EXECUTE_READWRITE 0 0 Disabled c8 00 00 00 ff 01 00 00 ........ff ee ff ee 08 70 00 00 .....p..08 00 00 00 00 fe 00 00 ........00 00 10 00 00 20 00 00 ........00 02 00 00 00 20 00 00 ........8d 01 00 00 ff ef fd 7f ........03 00 08 06 00 00 00 00 ........00 00 00 00 00 00 00 00 ........ 0x7f6f0000: enter 0, 00x7f6f0004: inc dword ptr [ecx]0x7f6f0006: add byte ptr [eax], albla bla...1884 IEXPLORE.EXE 0x10c0000 0x10c0fff VadS PAGE_EXECUTE_READWRITE 1 1 Disabled 58 68 05 00 0d 01 68 00 Xh....h.00 00 00 68 00 00 80 7c ...h...|68 28 18 03 10 50 68 bc h(...Ph.9f 02 10 c3 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........00 00 00 00 00 00 00 00 ........ 0x10c0000: pop eax0x10c0001: push 0x10d00050x10c0006: push 00x10c000b: push 0x7c8000000x10c0010: push 0x100318280x10c0015: push eax0x10c0016: push 0x10029fbc0x10c001b: ret 0x10c001c: add byte ptr [eax], al0x10c001e: add byte ptr [eax], al0x10c0020: add byte ptr [eax], al0x10c0022: add byte ptr [eax], al |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」
2021-05-03 站点的源码 可以从菜鸟源码以及闲鱼、淘宝上去购买(小众)
2021-05-03 CMS和中间件识别指纹库——在线的有云悉,也可以自己写代码硬刚
2021-05-03 docker vulhub漏洞环境搭建和使用
2021-05-03 Apache HTTPD 多后缀解析漏洞
2021-05-03 加速国内 Github 访问,下载,的9种方案!——第一种直接替换域名的方式即可受到不错效果
2021-05-03 web中间件常见漏洞总结2020
2017-05-03 xubuntu 17.04 和 iphone 6互传文件方法——使用libimobiledevice就可以像u盘一样操作文件了