Kevins的天空 - 远控后门和攻击技术http://blog.csdn.net/iiprogram/category/136508.aspx普通木马技术,远程控制等攻击技术等zh-CNThu, 24 Jul 2008 21:32:00 GMT60KevinsA Catalog of Local Windows Kernel-mode Backdoor Techniqueshttp://blog.csdn.net/iiprogram/archive/2008/07/24/2706870.aspxThu, 24 Jul 2008 21:31:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/24/2706870.aspxhttp://blog.csdn.net/iiprogram/comments/2706870.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/24/2706870.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2706870.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2706870A Catalog of Local Windows Kernel-mode Backdoor Techniques<img src ="http://blog.csdn.net/iiprogram/aggbug/2706870.aspx" width = "1" height = "1" />KevinsKwasek6 polymorphic code, modified Ruby Hashhttp://blog.csdn.net/iiprogram/archive/2008/07/23/2694920.aspxWed, 23 Jul 2008 10:59:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/23/2694920.aspxhttp://blog.csdn.net/iiprogram/comments/2694920.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/23/2694920.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2694920.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2694920Kwasek6 polymorphic code, modified Ruby Hash<img src ="http://blog.csdn.net/iiprogram/aggbug/2694920.aspx" width = "1" height = "1" />KevinsXP下双开3389远程控制的源码http://blog.csdn.net/iiprogram/archive/2008/07/22/2687758.aspxTue, 22 Jul 2008 08:09:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/22/2687758.aspxhttp://blog.csdn.net/iiprogram/comments/2687758.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/22/2687758.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2687758.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2687758XP下双开3389远程控制的源码<img src ="http://blog.csdn.net/iiprogram/aggbug/2687758.aspx" width = "1" height = "1" />KevinsC++ win32 下载者源码http://blog.csdn.net/iiprogram/archive/2008/07/22/2687757.aspxTue, 22 Jul 2008 08:07:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/22/2687757.aspxhttp://blog.csdn.net/iiprogram/comments/2687757.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/22/2687757.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2687757.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2687757C++ win32 下载者源码<img src ="http://blog.csdn.net/iiprogram/aggbug/2687757.aspx" width = "1" height = "1" />Kevins注入winlogonhttp://blog.csdn.net/iiprogram/archive/2008/07/17/2664233.aspxThu, 17 Jul 2008 09:55:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/17/2664233.aspxhttp://blog.csdn.net/iiprogram/comments/2664233.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/17/2664233.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2664233.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2664233注入winlogon<img src ="http://blog.csdn.net/iiprogram/aggbug/2664233.aspx" width = "1" height = "1" />Kevins一个注入winlogon的程序的代码,学习API用http://blog.csdn.net/iiprogram/archive/2008/07/17/2664215.aspxThu, 17 Jul 2008 09:53:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/17/2664215.aspxhttp://blog.csdn.net/iiprogram/comments/2664215.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/17/2664215.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2664215.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2664215一个注入winlogon的程序的代码,学习API用<img src ="http://blog.csdn.net/iiprogram/aggbug/2664215.aspx" width = "1" height = "1" />Kevins暴力注入Explorer的apc方法http://blog.csdn.net/iiprogram/archive/2008/07/17/2664098.aspxThu, 17 Jul 2008 09:36:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/17/2664098.aspxhttp://blog.csdn.net/iiprogram/comments/2664098.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/17/2664098.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2664098.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2664098暴力注入Explorer的apc方法<img src ="http://blog.csdn.net/iiprogram/aggbug/2664098.aspx" width = "1" height = "1" />Kevins利用CreateEvent函数不让微点启动http://blog.csdn.net/iiprogram/archive/2008/07/17/2663785.aspxThu, 17 Jul 2008 08:50:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/17/2663785.aspxhttp://blog.csdn.net/iiprogram/comments/2663785.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/17/2663785.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2663785.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2663785利用CreateEvent函数不让微点启动<img src ="http://blog.csdn.net/iiprogram/aggbug/2663785.aspx" width = "1" height = "1" />Kevins 通过PspTerminateThreadByPointer结束进程http://blog.csdn.net/iiprogram/archive/2008/07/16/2662873.aspxWed, 16 Jul 2008 20:27:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/16/2662873.aspxhttp://blog.csdn.net/iiprogram/comments/2662873.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/16/2662873.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2662873.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2662873 通过PspTerminateThreadByPointer结束进程<img src ="http://blog.csdn.net/iiprogram/aggbug/2662873.aspx" width = "1" height = "1" />Kevins 绕过安全软件挂钩SSDT的检测http://blog.csdn.net/iiprogram/archive/2008/07/16/2662854.aspxWed, 16 Jul 2008 20:24:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/16/2662854.aspxhttp://blog.csdn.net/iiprogram/comments/2662854.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/16/2662854.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2662854.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2662854 绕过安全软件挂钩SSDT的检测<img src ="http://blog.csdn.net/iiprogram/aggbug/2662854.aspx" width = "1" height = "1" />KevinsMS Office Snapshot Viewer ActiveX Exploit 最新网马http://blog.csdn.net/iiprogram/archive/2008/07/16/2659286.aspxWed, 16 Jul 2008 11:18:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/16/2659286.aspxhttp://blog.csdn.net/iiprogram/comments/2659286.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/16/2659286.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2659286.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2659286MS Office Snapshot Viewer ActiveX Exploit 最新网马<img src ="http://blog.csdn.net/iiprogram/aggbug/2659286.aspx" width = "1" height = "1" />傻傻Kevins下载者的新思路http://blog.csdn.net/iiprogram/archive/2008/07/15/2654068.aspxTue, 15 Jul 2008 15:13:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/15/2654068.aspxhttp://blog.csdn.net/iiprogram/comments/2654068.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/15/2654068.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2654068.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2654068下载者的新思路<img src ="http://blog.csdn.net/iiprogram/aggbug/2654068.aspx" width = "1" height = "1" />傻傻Kevins让对方运行你的木马的社会工程学艺术http://blog.csdn.net/iiprogram/archive/2008/07/15/2654043.aspxTue, 15 Jul 2008 15:10:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/15/2654043.aspxhttp://blog.csdn.net/iiprogram/comments/2654043.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/15/2654043.aspx#Feedback1http://blog.csdn.net/iiprogram/comments/commentRss/2654043.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2654043让对方运行你的木马的社会工程学艺术<img src ="http://blog.csdn.net/iiprogram/aggbug/2654043.aspx" width = "1" height = "1" />傻傻Kevins最近流行的14种第三方0day挂马防御措施http://blog.csdn.net/iiprogram/archive/2008/07/15/2653191.aspxTue, 15 Jul 2008 12:02:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/15/2653191.aspxhttp://blog.csdn.net/iiprogram/comments/2653191.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/15/2653191.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2653191.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2653191最近流行的14种第三方0day挂马防御措施<img src ="http://blog.csdn.net/iiprogram/aggbug/2653191.aspx" width = "1" height = "1" />傻傻Kevins免杀之花指令http://blog.csdn.net/iiprogram/archive/2008/07/15/2652369.aspxTue, 15 Jul 2008 10:09:00 GMThttp://blog.csdn.net/iiprogram/archive/2008/07/15/2652369.aspxhttp://blog.csdn.net/iiprogram/comments/2652369.aspxhttp://blog.csdn.net/iiprogram/archive/2008/07/15/2652369.aspx#Feedback0http://blog.csdn.net/iiprogram/comments/commentRss/2652369.aspxhttp://tb.blog.csdn.net/TrackBack.aspx?PostId=2652369免杀之花指令<img src ="http://blog.csdn.net/iiprogram/aggbug/2652369.aspx" width = "1" height = "1" />