This article provides a step‑by‑step technical analysis of the DarkKomet remote‑access trojan, covering its capabilities, infection vectors, detection methods using TTP‑driven EDR, containment actions, eradication procedures, root‑cause forensics, and post‑incident recovery measures.
The Host Security Capability Construction Guide analyzes evolving threats, categorizes security capabilities into basic, enhanced, and advanced levels, details industry-specific priority requirements, and outlines a comprehensive construction and evaluation process to help enterprises select appropriate solutions and build an effective host security framework.
This article details 360's Threat Hunting platform built on Flink, covering its evolution, architecture, block‑index design, Hilbert‑curve data ordering, like‑pushdown, join optimizations, Alluxio caching, and future plans for BI and multi‑user concurrency, all aimed at efficient PB‑scale data querying.
This article demonstrates how red‑team methods can be applied to phishing traceability, detailing phishing classifications, email‑header extraction, malicious site analysis, web‑shell decryption, privilege‑escalation techniques, log mining, and attacker attribution to reconstruct the full attack chain.
This article details a step‑by‑step incident‑response case study of a Windows internal‑network Trojan that exploited SMB port 445, describing how alerts were identified, malicious processes were traced, terminated, and fully removed using tools such as netstat, PChunter, and process monitoring utilities.
