{"type":"rich","html":"","url":"https://briteming.hatenablog.com/entry/2018/09/23/150005","blog_title":"blog.hatena.ne.jp, \u5206\u7c7b: https://briteming.hatenablog.com/categories","published":"2018-09-23 15:00:05","provider_url":"https://hatena.blog","version":"1.0","blog_url":"https://briteming.hatenablog.com/","provider_name":"Hatena Blog","width":"100%","height":"190","description":"0x01 \u5f00\u59cb\u4e4b\u524d,\u6709\u5fc5\u8981\u5148\u7a0d\u5fae\u7406\u89e3\u4e0b\u57fa\u4e8edns beacon\u7684\u5927\u81f4\u901a\u4fe1\u8fc7\u7a0b,\u5176\u5b9e,\u975e\u5e38\u975e\u5e38\u7b80\u5355,\u524d\u63d0\u662f\u4f60\u5bf9dns\u7684\u89e3\u6790\u8fc7\u7a0b\u65e9\u5df2\u7ecf\u70c2\u900f\u4e8e\u5fc3,\u4e0d\u719f\u6089\u7684\u670b\u53cb\u53ef\u4ee5\u5148\u53bb\u53c2\u8003\u524d\u6bb5\u65f6\u95f4\u5199\u7684 [DNS \u6df1\u5ea6\u7406\u89e3 \u4e00] ,\u628a\u57fa\u7840\u6253\u624e\u5b9e\u4e86,\u518d\u56de\u8fc7\u5934\u6765\u7406\u89e3\u8fd9\u4e9b\u4e1c\u897f\u81ea\u7136\u5c31\u6613\u5982\u53cd\u638c\u4e86 1 2 3 -> beacon shell\u4f1a\u5411\u6307\u5b9a\u7684\u57df\u540d\u53d1\u8d77\u6b63\u5e38\u7684dns\u67e5\u8be2 -> \u4e2d\u95f4\u4f9d\u7136\u662f\u7ecf\u8fc7\u4e00\u4e9b\u5217\u7684\u5e38\u89c4dns\u8fed\u4ee3\u53ca\u9012\u5f52\u67e5\u8be2,\u5927\u81f4\u8fc7\u7a0b\u5c31\u662f,\u4e00\u76f4\u4ece\u6839\u5f00\u59cb\u627e,\u76f4\u5230\u627e\u5230\u6211\u4eec\u81ea\u5df1\u7684ns\u670d\u52a1\u5668,\u6700\u540e\u518d\u5b9a\u4f4d\u5230\u56e2\u961f\u670d\u52a1\u5668ip,\u4ec5\u6b64\u800c\u5df2 -> \u4e5f\u5c31\u662f\u8bf4,\u7b2c\u4e00\u6b21\u901a\u4fe1\u53ef\u80fd\u4f1a\u6162\u70b9,\u540e\u7eed\u5c31\u4f1a\u7a0d\u5fae\u5feb\u4e9b,\u4e0d\u8fc7\u8bf4\u5b9e\u8bdd,dns\u518d\u5feb\u4e5f\u5feb\u4e0d\u5230\u54ea\u91cc\u53bb,\u6bd5\u7adf,\u6211\u4eec\u8981\u7684\u2026","title":"\u5bf9 Cobalt Strike DNS\u96a7\u9053\u7684\u7406\u89e3\u4e0e\u5b9e\u6218","image_url":"https://klionsec.github.io/img/vps%20demo.png","author_url":"https://blog.hatena.ne.jp/briteming/","categories":[],"author_name":"briteming"}