{"id":24636,"date":"2021-04-12T01:01:00","date_gmt":"2021-04-11T20:31:00","guid":{"rendered":"https:\/\/www.apk.co.ir\/?post_type=manual_kb&#038;p=24636"},"modified":"2021-04-13T08:26:21","modified_gmt":"2021-04-13T03:56:21","slug":"checking-for-ghosts-in-fileless-attack-part-2","status":"publish","type":"manual_kb","link":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/","title":{"rendered":"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645 (\u067e\u0627\u06cc\u0627\u0646\u06cc)"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg\" alt=\"Fileless Attack\" class=\"wp-image-24570\" width=\"424\" height=\"471\" srcset=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg 1200w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack-126x140.jpg 126w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack-458x510.jpg 458w\" sizes=\"auto, (max-width: 424px) 100vw, 424px\" \/><\/figure><\/div>\n\n\n\n<p>\u062f\u0631 <a href=\"https:\/\/www.apk.co.ir\/kb\/investigate-and-search-for-ghosts-in-fileless-attack-part-1\/\">\u0642\u0633\u0645\u062a \u0627\u0648\u0644<\/a> \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u062f\u0631 \u0645\u0648\u0631\u062f&nbsp;Fileless Malware \u0648 \u0628\u0647 \u0645\u0642\u0627\u06cc\u0633\u0647 \u0622\u0646 \u0628\u0627 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0642\u062f\u06cc\u0645\u06cc \u067e\u0631\u062f\u0627\u062e\u062a\u06cc\u0645\u060c \u0647\u0645\u0686\u0646\u06cc\u0646 \u062f\u0631 \u0645\u0648\u0631\u062f \u0648\u0628 \u0633\u0627\u06cc\u062a \u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \u0635\u062d\u0628\u062a \u0634\u062f \u0648 \u0628\u0647 \u062a\u0639\u062f\u0627\u062f\u06cc \u0627\u0632 \u0622\u0646 \u0647\u0627 \u0627\u0634\u0627\u0631\u0647 \u06af\u0634\u062a. \u062f\u0631 \u0627\u06cc\u0646 \u0642\u0633\u0645\u062a \u0628\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0637\u0644\u0628 \u062f\u0631 \u0645\u0648\u0631\u062f Ghost\u0647\u0627 \u062f\u0631<a href=\"https:\/\/info.deepinstinct.com\/whitepaper-making-sense-of-fileless-malware?utm_term=fileless%20malware&amp;utm_campaign=KD+-+Fileless+Malware+-+20201013&amp;utm_source=adwords&amp;utm_medium=ppc&amp;hsa_acc=8733123917&amp;hsa_cam=11362231375&amp;hsa_grp=110884635066&amp;hsa_ad=472738124821&amp;hsa_src=g&amp;hsa_tgt=kwd-504397960077&amp;hsa_kw=fileless%20malware&amp;hsa_mt=p&amp;hsa_net=adwords&amp;hsa_ver=3&amp;gclid=CjwKCAjwvMqDBhB8EiwA2iSmPK4WwVHu3H98oAuUyUMe8TMv4bkMCkYRQH82__UKrxHX8eHVDJ2auBoC2YgQAvD_BwE\"> Fileless Attack<\/a> \u0645\u06cc \u067e\u0631\u062f\u0627\u0632\u06cc\u0645.<\/p>\n\n\n\n<p>\u067e\u064a\u0634 \u0627\u0632 \u0622\u0646 \u0643\u0647 Code Injection \u0628\u0647 \u0637\u0648\u0631 \u0645\u0641\u0635\u0644 \u0645\u0648\u0631\u062f \u0628\u062d\u062b \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f\u060c \u064a\u0627\u062f\u06af\u064a\u0631\u06cc \u0646\u062d\u0648\u0647 \u0628\u0627\u0631\u06af\u064a\u0631\u06cc \u0641\u0631\u0622\u064a\u0646\u062f \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0628\u0633\u064a\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a. \u062f\u0631 \u0627\u064a\u0646 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0647\u0645\u0647 \u0645\u0648\u0627\u0631\u062f \u062f\u0627\u062e\u0644\u06cc Process Memory \u06cc\u0627<strong> <\/strong>\u062d\u0627\u0641\u0638\u0647 \u0641\u0631\u0622\u064a\u0646\u062f \u0628\u0627 \u062c\u0632\u0626\u064a\u0627\u062a \u067e\u0631\u062f\u0627\u062e\u062a\u0647 \u0646\u062e\u0648\u0627\u0647\u062f \u0634\u062f\u060c \u0627\u0645\u0627 \u062f\u0631 \u0639\u0648\u0636\u060c \u0628\u0647 \u0645\u0646\u0638\u0648\u0631 \u062f\u0631\u0643 Code Injection \u0628\u0647 \u0627\u064a\u0646 \u0627\u062c\u0632\u0627\u06cc \u0645\u0647\u0645 \u0648 \u062d\u064a\u0627\u062a\u06cc \u062e\u0648\u0627\u0647\u064a\u0645 \u067e\u0631\u062f\u0627\u062e\u062a. \u062a\u0635\u0648\u06cc\u0631 \u0632\u06cc\u0631 \u0646\u0645\u0648\u062f\u0627\u0631 Process Memory Internal\u0647\u0627 \u0631\u0627 \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f.<\/p>\n\n\n\n<p>\u0648\u0642\u062a\u06cc \u0641\u0631\u0622\u06cc\u0646\u062f\u06cc \u0634\u0631\u0648\u0639 \u0645\u06cc \u0634\u0648\u062f\u060c \u0628\u062e\u0634\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u0628\u0647 \u0622\u0646 \u0627\u062e\u062a\u0635\u0627\u0635 \u0645\u06cc\u200c\u064a\u0627\u0628\u062f. \u0628\u0647 \u0637\u0648\u0631 \u067e\u06cc\u0634 \u0641\u0631\u0636\u060c \u062f\u0631 \u0627\u064a\u0646 \u0641\u0631\u0622\u064a\u0646\u062f \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u0628\u0647 \u0635\u0648\u0631\u062a WCX \u064a\u0627 Page_Execute_WriteCpy \u0645\u062d\u0627\u0641\u0638\u062a \u0645\u064a\u200c\u0634\u0648\u062f. WCX \u00ab\u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0627\u062c\u0631\u0627\u060c \u062d\u0627\u0644\u062a Readonly \u064a\u0627 \u0646\u0648\u0634\u062a\u0646 \u0628\u0631 \u0646\u0633\u062e\u0647 \u0643\u067e\u06cc \u0646\u0645\u0627\u06cc Map\u0634\u062f\u0647 \u0627\u0632 Mappping Object\u0647\u0627\u064a \u064a\u0643 \u0641\u0627\u064a\u0644 \u0631\u0627 \u0645\u064a\u0633\u0631 \u0645\u064a\u200c\u0633\u0627\u0632\u062f\u00bb. \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u062a\u0635\u0648\u06cc\u0631 \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u0641\u0631\u0622\u06cc\u0646\u062f \u0634\u0627\u0645\u0644 \u0627\u062c\u0632\u0627\u06cc \u0645\u062e\u062a\u0644\u0641\u06cc \u0627\u0633\u062a\u060c \u06a9\u0647 \u0627\u062c\u0632\u0627\u06cc \u0627\u0633\u0627\u0633\u06cc \u0622\u0646 \u0639\u0628\u0627\u0631\u062a\u0646\u062f \u0627\u0632:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Memory-Internal.png\" alt=\"Process Memory Internal\" class=\"wp-image-24644\" width=\"504\" height=\"233\" srcset=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Memory-Internal.png 1053w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Memory-Internal-768x355.png 768w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Memory-Internal-140x65.png 140w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Memory-Internal-825x382.png 825w\" sizes=\"auto, (max-width: 504px) 100vw, 504px\" \/><\/figure><\/div>\n\n\n\n<p><strong>&nbsp;Dynamic Linked Libraries \u064a\u0627DLL: <\/strong>\u0627\u06cc\u0646 \u0642\u0633\u0645\u062a \u0646\u0634\u0627\u0646\u200c\u062f\u0647\u0646\u062f\u0647 Library\u0647\u0627\u06cc \u0645\u0634\u062a\u0631\u0643 \u064a\u0627DLL\u0647\u0627\u064a\u06cc \u0627\u0633\u062a \u06a9\u0647 \u064a\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0627\u0631\u0627\u062f\u06cc \u0648 \u064a\u0627 \u0628\u0647 \u0627\u062c\u0628\u0627\u0631 \u062f\u0631 Adress Space \u0628\u0627\u0631\u06af\u064a\u0631\u06cc \u0645\u06cc\u200c\u0634\u0648\u0646\u062f.<\/p>\n\n\n\n<p>&nbsp;<strong>Block Environment Block<\/strong> <strong>\u064a\u0627 BEP<\/strong>: \u0633\u0627\u062e\u062a\u0627\u0631\u06cc \u062f\u0627\u0631\u0627\u06cc \u0645\u0632\u0627\u064a\u0627\u06cc \u0641\u0631\u0627\u0648\u0627\u0646 \u06a9\u0647 \u0628\u0647 \u0643\u0627\u0631\u0628\u0631 \u0645\u06cc\u200c\u06af\u0648\u06cc\u062f \u0627\u0632 \u0643\u062c\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0686\u0646\u062f \u0645\u0648\u0631\u062f \u0627\u0632 \u0622\u064a\u062a\u0645\u200c\u0647\u0627\u06cc \u062f\u064a\u06af\u0631\u060c \u0627\u0632 \u062c\u0645\u0644\u0647DLL\u0647\u0627\u060c Heap\u0647\u0627 \u0648 \u0645\u062a\u063a\u064a\u0631\u0647\u0627\u06cc \u0645\u062d\u064a\u0637 \u0631\u0627 \u0628\u064a\u0627\u0628\u062f. \u0627\u06cc\u0646 \u0628\u062e\u0634 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0634\u0627\u0645\u0644 \u0622\u0631\u06af\u0648\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u062e\u0637 \u0641\u0631\u0645\u0627\u0646 \u0641\u0631\u0622\u06cc\u0646\u062f\u060c \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0641\u0639\u0644\u06cc \u0622\u0646 \u0648 \u0634\u064a\u0648\u0647\u200c\u0647\u0627\u06cc \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f \u0645\u062f\u064a\u0631\u064a\u062a \u0622\u0646 \u0627\u0633\u062a.<\/p>\n\n\n\n<p>&nbsp;<strong>Executable: <\/strong>\u0641\u0631\u0627\u06cc\u0646\u062f Executable \u0634\u0627\u0645\u0644&nbsp; \u0628\u062f\u0646\u0647 \u0627\u0635\u0644\u06cc \u06a9\u062f \u0648 \u0645\u062a\u063a\u06cc\u0631\u0647\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646\/ \u0646\u0648\u0634\u062a\u0646 \u0628\u0631\u0627\u06cc \u0628\u0631\u0646\u0627\u0645\u0647 \u0643\u0627\u0628\u0631\u062f\u06cc \u0627\u0633\u062a. \u0627\u06cc\u0646 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0631\u0648\u06cc \u062f\u06cc\u0633\u06a9\u060c \u0641\u0634\u0631\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u06cc\u0627 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0634\u0648\u062f\u060c \u0627\u0645\u0627 \u067e\u0633 \u0627\u0632 \u0622\u0646 \u0643\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 Load \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u062d\u0627\u0641\u0638\u0647 \u0622\u0646 \u0631\u0627 Unpack \u0646\u0645\u0648\u062f\u0647 \u0648 \u0627\u0645\u0643\u0627\u0646 \u0628\u0627\u0632\u06af\u0631\u062f\u0627\u0646\u06cc \u0645\u062a\u0646 \u0628\u0647 \u0635\u0648\u0631\u062a Plain \u0628\u0647 \u062f\u064a\u0633\u0643 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u0643\u0646\u062f.<\/p>\n\n\n\n<p><strong>&nbsp;Process Environmental Block \u064a\u0627 PEB:<\/strong> \u0634\u0627\u0645\u0644 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0641\u0631\u0627\u062f\u0627\u062f\u0647 \u064a\u0643 \u0641\u0631\u0622\u064a\u0646\u062f \u0645\u0627\u0646\u0646\u062f \u0645\u062d\u0644 \u0642\u0631\u0627\u0631\u06af\u06cc\u0631\u06cc \u067e\u0631\u0648\u0646\u062f\u0647 \u062f\u0631 \u062f\u06cc\u0633\u06a9\u060c \u0645\u062d\u0644 \u0622\u062f\u0631\u0633 \u062d\u0627\u0641\u0638\u0647 \u0648 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u0627\u0698\u0648\u0644\u200c\u0647\u0627\u06cc&nbsp;Load\u0634\u062f\u0647 \u0627\u0633\u062a.<\/p>\n\n\n\n<p><strong>&nbsp;LoadOrderList: <\/strong>\u062a\u0631\u062a\u064a\u0628 \u0645\u0627\u0698\u0648\u0644\u200c\u200e\u0647\u0627\u064a\u06cc \u0631\u0627 \u0643\u0647 \u062f\u0631 \u064a\u0643 \u0641\u0631\u0622\u064a\u0646\u062f Load \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0631\u062f\u064a\u0627\u0628\u06cc \u0645\u064a\u200c\u200c\u0643\u0646\u062f.<\/p>\n\n\n\n<p><strong> MemoryOrderList: <\/strong>\u062a\u0631\u062a\u064a\u0628 \u0638\u0627\u0647\u0631 \u0634\u062f\u0646 \u0645\u0627\u0698\u0648\u0644\u200c\u0647\u0627 \u062f\u0631 \u0644\u0627\u064a\u0647 \u062d\u0627\u0641\u0638\u0647 \u0645\u062c\u0627\u0632\u06cc \u064a\u0643 \u0641\u0631\u0622\u064a\u0646\u062f<\/p>\n\n\n\n<p><strong> InitOrderList:<\/strong>&nbsp;\u062a\u0631\u062a\u064a\u0628 \u0645\u0627\u0698\u0648\u0644\u200c\u0647\u0627 \u0631\u0627 \u0628\u0647 \u062a\u0631\u062a\u064a\u0628 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0627\u0648\u0644\u064a\u0647\u200c\u0634\u0627\u0646 \u0631\u062f\u064a\u0627\u0628\u06cc \u0645\u06cc\u200c\u0643\u0646\u062f.<\/p>\n\n\n\n<p>\u0628\u0631\u062e\u06cc \u0627\u0632 \u0628\u062f\u0627\u0641\u0632\u0627\u0631\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u062f\u0631 \u062d\u064a\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 Windows Kernel\u060c \u0627\u062a\u0635\u0627\u0644 \u062e\u0648\u062f \u0631\u0627 \u0628\u0627 Doubly-link-list \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f \u0642\u0637\u0639 \u0646\u0645\u0627\u064a\u0646\u062f \u062a\u0627 \u0641\u0631\u0622\u064a\u0646\u062f \u062e\u0648\u062f \u0631\u0627 \u0627\u0632 \u062f\u064a\u062f \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u0627\u0645\u0646\u064a\u062a\u06cc \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f \u0645\u062e\u0641\u06cc \u0633\u0627\u0632\u0646\u062f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-process-hollowing\"><strong>Process Hollowing<\/strong><\/h3>\n\n\n\n<p>&nbsp;Process Hollowing \u064a\u0643 \u062a\u0631\u0641\u0646\u062f Code Injection \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u06cc\u06a9 \u0631\u0648\u0646\u062f \u0642\u0627\u0646\u0648\u0646\u06cc \u0631\u0627 \u062f\u0631 \u062d\u0627\u0644\u062a \u062a\u0639\u0644\u06cc\u0642 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0633\u067e\u0633 \u0622\u062f\u0631\u0633 \u062d\u0627\u0641\u0638\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f \u0645\u062c\u0627\u0632 \u0622\u0632\u0627\u062f \u0634\u062f\u0647 \u0648 \u0643\u062f \u0645\u062e\u0631\u0628 \u062c\u0627\u064a\u06af\u0632\u064a\u0646 \u0622\u0646 \u0645\u06cc\u200c\u06af\u0631\u062f\u062f. \u0648\u0642\u062a\u06cc \u0631\u0634\u062a\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f \u0627\u0632 \u0633\u0631 \u06af\u0631\u0641\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0643\u062f \u0645\u062e\u0631\u0628 \u063a\u0644\u0637 \u200c\u0627\u0646\u062f\u0627\u0632 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0641\u0631\u0622\u06cc\u0646\u062f \u0645\u062c\u0627\u0632 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n\n\n\n<p>Process Hollowing&nbsp;\u0627\u0646\u0648\u0627\u0639 \u0645\u062e\u062a\u0644\u0641\u06cc \u062f\u0627\u0631\u062f \u0627\u0645\u0627 \u0645\u0641\u0647\u0648\u0645 \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0647\u0645\u0647 \u0622\u0646\u200c\u0647\u0627 \u064a\u0643\u0633\u0627\u0646 \u0627\u0633\u062a. \u062a\u0635\u0648\u06cc\u0631\u06cc \u06a9\u0647 \u062f\u0631 \u0634\u06a9\u0644 \u0632\u06cc\u0631 \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u062c\u0631\u06cc\u0627\u0646 \u0645\u0639\u0645\u0648\u0644 \u062a\u0631\u0641\u0646\u062f Process Hollowing \u0631\u0627 \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Hollowing.png\" alt=\"Process Hollowing\" class=\"wp-image-24641\" width=\"559\" height=\"391\" srcset=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Hollowing.png 807w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Hollowing-768x537.png 768w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Hollowing-140x98.png 140w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Process-Hollowing-730x510.png 730w\" sizes=\"auto, (max-width: 559px) 100vw, 559px\" \/><\/figure><\/div>\n\n\n\n<p>\u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u0646\u0645\u0648\u062f\u0627\u0631 \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u0641\u0631\u0622\u064a\u0646\u062f \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0646\u0645\u0648\u0646\u0647 \u062c\u062f\u06cc\u062f\u06cc \u0627\u0632 \u06cc\u06a9 \u067e\u0631\u0648\u0633\u0647 \u0645\u062c\u0627\u0632 \u0631\u0627 \u062f\u0631 \u062d\u0627\u0644\u062a \u062a\u0639\u0644\u06cc\u0642 \u06cc\u0627 &nbsp;CREATE_SUSPENDED \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u062d\u0627\u0644\u062a\u060c \u062f\u0633\u062a\u0648\u0631 svchost.exe \u0631\u0627 \u062f\u0631 \u062d\u0627\u0644\u062a \u062a\u0639\u0644\u06cc\u0642 \u0622\u063a\u0627\u0632 \u0645\u06cc\u200c\u0646\u0645\u0627\u064a\u062f. \u062d\u0627\u0644\u062a \u062a\u0639\u0644\u06cc\u0642 \u0627\u0645\u0643\u0627\u0646 \u062f\u0633\u062a\u0643\u0627\u0631\u06cc \u0622\u062f\u0631\u0633 \u062d\u0627\u0641\u0638\u0647 \u0641\u0631\u0622\u064a\u0646\u062f \u0642\u0627\u0646\u0648\u0646\u06cc \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u0643\u0646\u062f. \u0633\u067e\u0633 \u062d\u0641\u0627\u0638\u062a \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u0627\u0632\u062d\u0627\u0644\u062a WCX \u064a\u0627&nbsp;Page_Execute_WriteCopy &nbsp;\u0628\u0647 \u062d\u0627\u0644\u062a RWX \u064a\u0627&nbsp; Page_Execute_ReadWrite \u062a\u063a\u06cc\u06cc\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f. \u062f\u0644\u06cc\u0644 \u0627\u06cc\u0646 \u062a\u063a\u06cc\u06cc\u0631 \u0627\u064a\u0646 \u0627\u0633\u062a \u0643\u0647 \u0627\u06af\u0631 \u062d\u0641\u0627\u0638\u062a \u062d\u0627\u0641\u0638\u0647 \u0627\u0632 \u0646\u0648\u0639 WCX \u0628\u0627\u0634\u062f\u060c \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u062e\u0634 \u062c\u062f\u064a\u062f\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u062a\u062e\u0635\u064a\u0635 \u062f\u0647\u062f. \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646\u060c \u0627\u064a\u0646 \u062d\u0641\u0627\u0638\u062a \u0628\u0627\u064a\u062f \u0628\u0647 \u062d\u0627\u0644\u062a RWX \u064a\u0627 Page_Execute_ReadWrite \u062a\u063a\u06cc\u06cc\u0631 \u06cc\u0627\u0628\u062f. \u062f\u0631 \u0627\u062f\u0627\u0645\u0647\u060c \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0628\u0627 \u062c\u0645\u0639 \u0622\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0641\u0631\u0627\u062f\u0627\u062f\u0647 \u0627\u0632PEB\u060c \u0622\u062f\u0631\u0633 \u0627\u0635\u0644\u06cc \u062d\u0627\u0641\u0638\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f \u0642\u0627\u0646\u0648\u0646\u06cc \u0631\u0627 \u062c\u0645\u0639\u200c\u0622\u0648\u0631\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0628\u0639\u062f\u0627\u064b \u0622\u0632\u0627\u062f\u0633\u0627\u0632\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f \u062a\u0627 \u0628\u062e\u0634 \u0645\u0630\u0643\u0648\u0631 \u0627\u0632 \u0622\u062f\u0631\u0633 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u062e\u0627\u0644\u06cc \u0646\u0645\u0627\u064a\u062f. \u062f\u0631 \u0627\u064a\u0646 \u0645\u0631\u062d\u0644\u0647 \u06a9\u0647 \u0622\u062f\u0631\u0633 \u062d\u0627\u0641\u0638\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f \u0642\u0627\u0646\u0648\u0646\u06cc\u060c \u0622\u0632\u0627\u062f\u0633\u0627\u0632\u06cc \u0648 Hollow \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0628\u062f\u0627\u0641\u0632\u0627\u0631 Block \u062c\u062f\u06cc\u062f\u06cc \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u062a\u062e\u0635\u064a\u0635 \u062f\u0627\u062f\u0647 \u0648 \u0633\u067e\u0633 \u06a9\u062f \u0645\u062e\u0631\u0628 \u0631\u0627 \u062f\u0631 \u0622\u0646 \u0642\u0633\u0645\u062a \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u06a9\u067e\u06cc \u064a\u0627 \u0628\u0647 \u0622\u0646 Inject \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0645\u0631\u062d\u0644\u0647 \u0622\u062e\u0631 \u0627\u062f\u0627\u0645\u0647 \u0641\u0631\u0622\u064a\u0646\u062f \u0627\u0633\u062a \u0643\u0647 \u0637\u06cc \u0622\u0646 \u0627\u0645\u0643\u0627\u0646 \u0627\u062c\u0631\u0627 \u0634\u062f\u0646 \u0628\u0631\u0627\u06cc \u0643\u062f \u0645\u062e\u0631\u0628 \u0643\u0647 \u062f\u0631 \u0638\u0627\u0647\u0631 \u0641\u0631\u0622\u064a\u0646\u062f\u06cc \u0642\u0627\u0646\u0648\u0646\u06cc \u0627\u0633\u062a \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06af\u0631\u062f\u062f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-reflective-dll-injection\"><strong>Reflective DLL Injection<\/strong><\/h3>\n\n\n\n<p>\u0627\u064a\u0646 \u062a\u0631\u0641\u0646\u062f Injection \u0634\u0627\u0645\u0644 \u06a9\u062f \u0645\u062e\u0631\u0628\u06cc \u0627\u0633\u062a \u06a9\u0647 Dynamic Link library \u064a\u0627 DLL \u0631\u0627 \u062f\u0631 \u0641\u0631\u0622\u06cc\u0646\u062f \u0647\u0627\u0633\u062a Load \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0646\u06cc\u0627\u0632\u06cc \u0628\u0647 \u0646\u0648\u0634\u062a\u0646 DLL \u062f\u0631 \u062f\u06cc\u0633\u06a9 \u0646\u062e\u0648\u0627\u0647\u062f \u0628\u0648\u062f. \u0627\u06cc\u0646 \u0631\u0648\u0634 \u0632\u0645\u0627\u0646\u06cc \u0628\u0647 \u0643\u0627\u0631 \u0645\u06cc\u200c\u0631\u0648\u062f \u0643\u0647 \u0642\u0631\u0627\u0631 \u0628\u0627\u0634\u062f DLL \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 Load \u0634\u0648\u062f \u0648 \u0646\u0647 \u0627\u0632 \u062f\u064a\u0633\u0643 Metasploit&#8217;s Meterpreter.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Metasploits-Meterpreter.png\" alt=\"Metasploit's Meterpreter in Fileless Attack\" class=\"wp-image-24642\" width=\"473\" height=\"231\" srcset=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Metasploits-Meterpreter.png 897w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Metasploits-Meterpreter-768x375.png 768w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Metasploits-Meterpreter-140x68.png 140w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Metasploits-Meterpreter-825x403.png 825w\" sizes=\"auto, (max-width: 473px) 100vw, 473px\" \/><\/figure><\/div>\n\n\n\n<p>\u062f\u0631 \u0627\u064a\u0646 \u062a\u0631\u0641\u0646\u062f\u060c \u062f\u0631 \u0627\u0648\u0644\u064a\u0646 \u0645\u0631\u062d\u0644\u0647\u060c \u0641\u0631\u0622\u064a\u0646\u062f \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u064a\u0627 Injector \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u0641\u0631\u0622\u064a\u0646\u062f \u0642\u0627\u0646\u0648\u0646\u06cc \u0646\u0647\u0627\u064a\u06cc \u0645\u062a\u0635\u0644 \u0648 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0631\u0627 \u062c\u0645\u0639\u200c\u0622\u0648\u0631\u06cc \u0645\u06cc\u200c\u0643\u0646\u062f. \u0633\u067e\u0633 WCX \u064a\u0627 Page_Execute_WriteCopy \u0631\u0627 \u0628\u0647 RWX \u064a\u0627 Page_Execute_ReadWrite \u062a\u063a\u064a\u064a\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u0627\u0645\u06a9\u0627\u0646 \u062a\u062e\u0635\u06cc\u0635 \u062d\u0627\u0641\u0638\u0647 \u062f\u0631 \u0641\u0631\u0622\u06cc\u0646\u062f \u0647\u062f\u0641 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u06a9\u0646\u062f. \u062f\u0631 \u0627\u062f\u0627\u0645\u0647\u060c \u064a\u06a9 Block \u062c\u062f\u06cc\u062f \u0627\u0632 \u062d\u0627\u0641\u0638\u0647 \u0631\u0627 \u0628\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0627\u062e\u062a\u0635\u0627\u0635 \u0645\u06cc\u200c\u062f\u0647\u062f \u0648 \u0645\u062d\u062a\u0648\u0627\u06cc \u0645\u062e\u0631\u0628 DLL \u0631\u0627 \u0628\u0647 \u0622\u0646 Inject \u0645\u06cc\u200c\u200c\u0643\u0646\u062f. \u0633\u067e\u0633 \u0641\u0631\u0622\u064a\u0646\u062f \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0628\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f \u0647\u062f\u0641 \u062f\u0633\u062a\u0648\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0645\u062e\u0631\u0628 DLL \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f. \u0627\u064a\u0646 \u0641\u0631\u0622\u064a\u0646\u062f \u0628\u0627\u064a\u062f \u0642\u0627\u0628\u0644\u064a\u062a ReflectiveLoader \u0631\u0627 \u0641\u0631\u0627 \u062e\u0648\u0627\u0646\u062f \u062a\u0627 DLL \u0645\u062e\u0631\u0628 \u0631\u0627 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 Map \u0646\u0645\u0648\u062f\u0647 \u0648 \u0633\u067e\u0633 \u0627\u062c\u0631\u0627 \u0646\u0645\u0627\u064a\u062f. \u0633\u067e\u0633 \u0645\u0648\u0642\u0639\u064a\u062a \u0645\u0643\u0627\u0646\u06cc \u0641\u0639\u0644\u06cc DLL \u0645\u062e\u0631\u0628 \u0631\u0627 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u067e\u0631\u062f\u0627\u0632\u0634 \u0645\u06cc\u200c\u06a9\u0646\u062f \u062a\u0627Header \u0647\u0627\u06cc \u0622\u0646 \u0628\u0647\u200c\u062f\u0631\u0633\u062a\u06cc \u062c\u062f\u0627\u0633\u0627\u0632\u06cc \u0648 \u0627\u062c\u0631\u0627 \u0634\u0648\u0646\u062f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-script-fileless-attack\"><strong>\u062d\u0645\u0644\u0627\u062a \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 Script<\/strong> \u062f\u0631 Fileless Attack<\/h3>\n\n\n\n<p>\u062f\u0631 Fileless Attack \u062d\u0645\u0644\u0627\u062a \u0645\u0628\u062a\u0646\u06cc \u0628\u0631Script\u060c \u062a\u0631\u0641\u0646\u062f\u06cc \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 \u0627\u0633\u062a \u0643\u0647 \u0627\u0632Script \u0647\u0627 \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u0645\u0633\u062a\u0642\u06cc\u0645 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0633\u067e\u0633 Script \u0647\u0627 \u062a\u0648\u0633\u0637 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u0643\u0627\u0631\u0628\u0631\u062f\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0644\u06cc\u0633\u062a \u0633\u0641\u06cc\u062f \u0645\u0627\u0646\u0646\u062fPowerShell \u060cCscript \u060cWscript \u060cMSHTA \u0648 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u062f\u064a\u06af\u0631 \u062a\u0641\u0633\u06cc\u0631 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f. \u0627\u064a\u0646 \u062d\u0645\u0644\u0627\u062a \u0645\u0645\u0643\u0646 \u0627\u0633\u062a \u0643\u0627\u0645\u0644\u0627 \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 \u0646\u0628\u0627\u0634\u0646\u062f\u060c \u0686\u0631\u0627\u0643\u0647 \u062f\u0631 \u0627\u0628\u062a\u062f\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u067e\u064a\u0648\u0633\u062a \u0648 \u0627\u0632 \u0637\u0631\u064a\u0642 \u0627\u064a\u0645\u064a\u0644 \u0648\u0627\u0631\u062f \u0633\u064a\u0633\u062a\u0645 \u0643\u0627\u0631\u0628\u0631 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f. \u062f\u0631 \u067e\u0627\u0633\u062e \u0628\u0647 \u0627\u064a\u0646 \u0643\u0647 \u0686\u0631\u0627 \u0627\u06cc\u0646 \u062d\u0645\u0644\u0627\u062a \u062f\u0631 \u06af\u0631\u0648\u0647 \u062d\u0645\u0644\u0627\u062a \u00ab\u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644\u00bb \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u0646\u062f\u060c \u0628\u0627\u064a\u062f \u06af\u0641\u062a \u0632\u06cc\u0631\u0627 \u0648\u0642\u062a\u06cc \u0641\u0627\u064a\u0644 \u067e\u06cc\u0648\u0633\u062a \u06cc\u0627 \u0633\u0646\u062f \u0628\u0627\u0632 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0628\u0627 \u0627\u062c\u0631\u0627\u06cc \u0645\u0633\u062a\u0642\u06cc\u0645 Script \u062a\u0639\u0628\u06cc\u0647 \u0634\u062f\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647\u060c \u0628\u0647 \u0635\u0648\u0631\u062a \u00ab\u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644\u00bb \u062f\u0631\u0645\u06cc\u200c\u200c\u0622\u064a\u0646\u062f. Script \u0627\u0648\u0644\u064a\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u062f\u0627\u0646\u0644\u0648\u062f\u0643\u0646\u0646\u062f\u0647 \u0639\u0645\u0644 \u0645\u06cc\u200c\u0643\u0646\u062f \u062a\u0627 \u0628\u0647 \u0648\u0628\u0633\u0627\u064a\u062a \u0645\u062e\u0631\u0628\u06cc \u0645\u062a\u0635\u0644\u200c \u0634\u062f\u0647 \u0648 Script \u062f\u064a\u06af\u0631\u06cc \u064a\u0627 \u064a\u0643 Binary \u062f\u0627\u0646\u0644\u0648\u062f \u0643\u0646\u062f \u062a\u0627 Payload \u0646\u0647\u0627\u064a\u06cc \u062e\u0648\u062f \u0631\u0627 \u0627\u062c\u0631\u0627 \u0643\u0646\u062f. \u0647\u0645\u0647 \u0686\u064a\u0632 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0648 \u0628\u062f\u0648\u0646 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0646 \u0641\u0627\u064a\u0644 \u062f\u0631 \u062f\u064a\u0633\u0643 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0641\u0627\u064a\u0644 \u0627\u0635\u0644\u06cc \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0648\u0631\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u0645\u0639\u0645\u0648\u0644\u0627\u064b \u062e\u0648\u062f \u062a\u062e\u0631\u064a\u0628\u06cc \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0647\u06cc\u0686 \u0627\u062b\u0631\u06cc \u062f\u0631 \u062f\u06cc\u0633\u06a9 \u0628\u0627\u0642\u06cc \u0646\u0645\u0627\u0646\u062f. \u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c Script\u0647\u0627 \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0628\u0633\u06cc\u0627\u0631 \u062c\u0630\u0627\u0628 \u0647\u0633\u062a\u0646\u062f \u0632\u06cc\u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u0628\u0647 \u0631\u0627\u062d\u062a\u06cc \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u0645\u0628\u0647\u0645 \u06cc\u0627 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0646\u0645\u0648\u062f \u062a\u0627 \u0627\u0632 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0631\u0627\u0647\u0643\u0627\u0631\u0647\u0627\u06cc \u0627\u0645\u0646\u064a\u062a\u06cc \u0641\u0631\u0627\u0631 \u0643\u0646\u0646\u062f. \u062a\u0635\u0648\u06cc\u0631 \u0632\u06cc\u0631 \u0646\u0645\u0648\u0646\u0647\u200c\u0627\u06cc \u0627\u0632 \u06cc\u06a9 \u0633\u0646\u062f Phishing \u0631\u0627 \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u0647 \u0627\u0632 Macro \u0628\u0631\u0627\u06cc \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc Script\u0647\u0627\u06cc \u0645\u062e\u0631\u0628 PowerShell \u062f\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/PowerShell.png\" alt=\"PowerShell\" class=\"wp-image-24643\" width=\"456\" height=\"217\" srcset=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/PowerShell.png 846w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/PowerShell-768x366.png 768w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/PowerShell-140x67.png 140w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/PowerShell-825x393.png 825w\" sizes=\"auto, (max-width: 456px) 100vw, 456px\" \/><\/figure><\/div>\n\n\n\n<p>\u0627\u06af\u0631 Macro \u0641\u0639\u0627\u0644 \u0628\u0627\u0634\u062f\u060c \u0628\u0644\u0627\u0641\u0627\u0635\u0644\u0647 Script \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Script.png\" alt=\"Script\" class=\"wp-image-24646\" width=\"663\" height=\"110\" srcset=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Script.png 1138w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Script-768x129.png 768w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Script-140x23.png 140w, https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Script-825x138.png 825w\" sizes=\"auto, (max-width: 663px) 100vw, 663px\" \/><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-living-off-the-land\">&nbsp;<strong>&nbsp;\u062a\u0631\u0641\u0646\u062f <\/strong><strong>Living off the Land<\/strong><\/h3>\n\n\n\n<p>&nbsp;Living off the Land \u062a\u0631\u0641\u0646\u062f\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0637\u06cc \u0622\u0646\u060c \u062d\u0645\u0644\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a \u0633\u06cc\u0633\u062a\u0645 \u0648 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u062f\u0627\u062e\u0644\u06cc \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0643\u0646\u062f\u200c \u06a9\u0647 \u00ab\u0632\u0646\u062c\u064a\u0631\u0647\u200c\u0627\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a\u00bb \u0631\u0627 \u062f\u0631 \u0628\u0631 \u0645\u06cc\u200c\u06af\u064a\u0631\u062f. \u0627\u064a\u0646 \u062a\u0631\u0641\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u062f\u0627\u062e\u0644\u06cc\/\u0645\u062f\u064a\u0631\u064a\u062a \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u0641\u0639\u0627\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \u062f\u0631 \u0634\u0628\u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0627\u06af\u0631 \u062d\u0645\u0644\u0647\u200c\u0627\u06cc \u0627\u0632 \u062a\u0631\u0641\u0646\u062f\u0647\u0627\u06cc Living off the Land \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0643\u0646\u062f\u060c \u064a\u0639\u0646\u06cc \u062a\u0647\u062f\u06cc\u062f \u0627\u0632 \u0642\u0628\u0644 \u062f\u0631 \u0634\u0628\u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646 \u0645\u0648\u062c\u0648\u062f \u0628\u0648\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0622\u0646 \u062d\u0627\u0644\u062a &nbsp;Post-exploitation\u0645\u06cc \u06af\u0648\u06cc\u0646\u062f. \u06cc\u06a9\u06cc \u0627\u0632 \u0628\u062f\u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0642\u0627\u0628\u0644 \u062a\u0648\u062c\u0647 \u06a9\u0647 \u0627\u0632 \u0627\u064a\u0646 \u062a\u0631\u0641\u0646\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f\u060c \u0628\u0627\u062c \u0627\u0641\u0632\u0627\u0631 Petya \/NonPetya \u0627\u0633\u062a \u06a9\u0647 \u0627\u0632 PsExec \u0648 WMIC \u0628\u0631\u0627\u06cc \u062c\u0627\u0628\u062c\u0627\u06cc\u06cc \u0641\u0631\u0639\u06cc \u0648 \u0627\u0628\u0632\u0627\u0631\u06cc \u0628\u0647 \u0646\u0627\u0645 Mimikatz \u0628\u0631\u0627\u06cc \u0628\u0631\u062f\u0627\u0634\u062a\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0627\u0639\u062a\u0628\u0627\u0631\u06cc \u0628\u0647 \u0645\u0646\u0638\u0648\u0631 \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0628\u0627 \u0627\u064a\u0646 \u062d\u0627\u0644\u060c \u0628\u0647 \u0647\u0646\u06af\u0627\u0645 \u0645\u0642\u0627\u0628\u0644\u0647 \u0628\u0627 \u062d\u0645\u0644\u0627\u062a \u0647\u062f\u0641\u200c\u06af\u0630\u0627\u0631\u06cc\u200c\u0634\u062f\u0647APT \u060c \u062a\u0634\u062e\u064a\u0635 \u062a\u0631\u0641\u0646\u062f Living off the Land \u062f\u0634\u0648\u0627\u0631\u062a\u0631 \u062e\u0648\u0627\u0647\u062f \u0628\u0648\u062f\u060c \u0686\u0631\u0627 \u0643\u0647 \u0634\u0627\u0645\u0644 \u0645\u0647\u0627\u062c\u0645\u06cc \u0648\u0627\u0642\u0639\u06cc \u0627\u0633\u062a \u0648 \u0627\u06cc\u0646 \u0645\u0647\u0627\u062c\u0645 \u064a\u0643 \u0627\u0646\u0633\u0627\u0646 \u0627\u0633\u062a \u0648 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0645\u062e\u0631\u0628 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u062f\u0647\u062f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-fileless-attack\"><strong>\u0645\u0642\u0627\u0648\u0645\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644<\/strong> \u062f\u0631 Fileless Attack<\/h3>\n\n\n\n<p>\u062a\u0647\u062f\u06cc\u062f\u0647\u0627\u06cc \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 \u06a9\u0647 \u0639\u0645\u062f\u062a\u0627 \u0628\u0627 \u0627\u06cc\u062c\u0627\u062f \u0646\u0642\u0627\u0637 Load \u0643\u0647 \u062f\u0631 \u0622\u0646 Payload\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0645\u062c\u062f\u062f\u0627 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0634\u0648\u0646\u062f\u060c \u0627\u0632 \u062a\u0631\u0641\u0646\u062f\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641 \u0648 \u0645\u0646\u062d\u0635\u0631\u200c\u0628\u0647\u200e\u200c\u0641\u0631\u062f\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0627\u062a \u0628\u0627 \u06a9\u0627\u0634\u062a \u06a9\u062f\u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \u062f\u0631 \u0627\u0628\u0632\u0627\u0631\u0647\u0627 \u0648 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u062f\u0627\u062e\u0644\u06cc Windows \u0645\u0627\u0646\u0646\u062f \u0631\u062c\u06cc\u0633\u062a\u0631\u06cc \u0633\u06cc\u0633\u062a\u0645\u060c Windows Task Scheduler \u060cWindows Management Instrumentation Service&nbsp;\u0627\u064a\u0646 \u0643\u0627\u0631 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f\u060c \u0644\u0627\u0632\u0645 \u0628\u0647 \u0630\u06a9\u0631 \u0627\u0633\u062a \u0628\u0631\u0627\u06cc \u0645\u0642\u0627\u0648\u0645\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 \u0627\u0632 \u0631\u0648\u0634\u200c\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u062a\u0631\u0641\u0646\u062f\u0647\u0627\u06cc \u0645\u0630\u0643\u0648\u0631 \u0628\u0647 \u062f\u0644\u064a\u0644 \u0645\u062d\u0628\u0648\u0628\u064a\u062a \u0628\u064a\u0634\u062a\u0631 \u062f\u0631 \u0645\u064a\u0627\u0646 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 \u0645\u0648\u0631\u062f \u0628\u062d\u062b \u0642\u0631\u0627\u0631 \u062e\u0648\u0627\u0647\u0646\u062f \u06af\u0631\u0641\u062a.<\/p>\n\n\n\n<p>\u0631\u062c\u06cc\u0633\u062a\u0631\u06cc \u0633\u06cc\u0633\u062a\u0645 \u062f\u0631 \u0630\u062e\u06cc\u0631\u0647 \u062f\u064a\u062a\u0627\u0628\u064a\u0633\u200c\u0647\u0627 \u0648 \u062a\u0646\u0638\u06cc\u0645\u0627\u062a \u062f\u0631 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u06cc\u06a9 Script \u0645\u062e\u0631\u0628 \u062f\u0631 \u0631\u062c\u06cc\u0633\u062a\u0631\u06cc \u0630\u062e\u06cc\u0631\u0647 \u06a9\u0646\u0646\u062f \u06a9\u0647 \u0628\u0627 \u0634\u0631\u0648\u0639 \u06a9\u0627\u0631 \u0633\u06cc\u0633\u062a\u0645 \u06cc\u0627 \u0628\u0627\u0632 \u0634\u062f\u0646 \u0641\u0627\u064a\u0644\u200c\u0647\u0627\u06cc \u062e\u0627\u0635 \u0641\u0639\u0627\u0644 \u0634\u0648\u062f.<\/p>\n\n\n\n<p><strong>Windows Task Scheduler<\/strong> \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u06cc\u0627 Script\u0647\u0627 \u0631\u0627 \u062f\u0631 \u06cc\u06a9 \u0632\u0645\u0627\u0646 \u0627\u0632 \u067e\u06cc\u0634 \u062a\u0639\u06cc\u06cc\u0646\u200c\u0634\u062f\u0647 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u06a9\u0646\u062f. \u062f\u0631 \u062e\u0635\u0648\u0635 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644\u060c \u062a\u0633\u0643\u200c\u0647\u0627\u064a\u06cc \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0631\u064a\u0632\u06cc\u200c\u0634\u062f\u0647 \u0627\u064a\u062c\u0627\u062f \u0645\u06cc\u200c\u0634\u0648\u0646\u062f \u062a\u0627 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u0628\u0647 \u0627\u062c\u0631\u0627 \u062f\u0631\u0622\u0648\u0631\u0646\u062f. \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u062a\u0633\u0643\u200c\u0647\u0627\u064a\u06cc \u0632\u0645\u0627\u0646\u200c\u0628\u0646\u062f\u06cc\u200c\u0634\u062f\u0647 \u0631\u0627 \u0628\u0647 \u06af\u0648\u0646\u0647\u200c\u0627\u06cc \u062a\u0646\u0638\u06cc\u0645 \u0643\u0646\u0646\u062f \u062a\u0627 \u0645\u062c\u062f\u062f\u0627 \u0641\u0639\u0627\u0644 \u0634\u0648\u0646\u062f \u0648 \u0647\u0645\u0686\u0646\u064a\u0646Entry\u0647\u0627\u06cc \u0631\u062c\u064a\u0633\u062a\u0631\u06cc\u200c\u0627\u06cc \u0627\u064a\u062c\u0627\u062f \u0643\u0646\u0646\u062f \u062a\u0627 \u0633\u064a\u0633\u062a\u0645 \u0631\u0627 \u0645\u062c\u062f\u062f\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u062e\u0648\u062f\u0643\u0627\u0631 \u0622\u0644\u0648\u062f\u0647 \u0633\u0627\u0632\u0646\u062f. Windows Management Instrumentation Service \u064a\u0627 WMI \u06cc\u06a9\u06cc \u0627\u0632 \u0645\u0648\u0644\u0641\u0647\u200c\u0647\u0627\u06cc \u0627\u0635\u0644\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u0627\u0633\u062a \u06a9\u0647 \u0645\u0639\u0645\u0648\u0644\u0627\u064b \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0647\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a\u06cc \u0631\u0648\u0632\u0645\u0631\u0647 \u0645\u0627\u0646\u0646\u062f \u0627\u0633\u062a\u0642\u0631\u0627\u0631Scrip \u0647\u0627\u06cc \u062e\u0648\u062f\u0643\u0627\u0631\u0633\u0627\u0632\u06cc\u060c \u0627\u062c\u0631\u0627\u06cc \u06cc\u06a9 \u0641\u0631\u0622\u06cc\u0646\u062f\/\u0628\u0631\u0646\u0627\u0645\u0647 \u062f\u0631 \u06cc\u06a9 \u0632\u0645\u0627\u0646 \u0645\u0634\u062e\u0635\u060c \u0643\u0633\u0628 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u0643\u0627\u0631\u0628\u0631\u062f\u06cc \u064a\u0627 \u0633\u062e\u062a\u200c\u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0646\u0635\u0628\u200c\u200e\u0634\u062f\u0647\u060c \u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u062f\u0631 \u06cc\u06a9 \u067e\u0648\u0634\u0647\u060c \u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u0641\u0636\u0627\u06cc \u062f\u06cc\u0633\u06a9 \u0648 \u0645\u0648\u0627\u0631\u062f \u062f\u064a\u06af\u0631 \u0628\u0647 \u0643\u0627\u0631 \u0645\u06cc\u200c\u0631\u0648\u062f. \u0647\u0631\u0686\u0646\u062f \u0627\u06af\u0631 \u0628\u0647 \u062f\u0633\u062a \u064a\u0643 \u0645\u062c\u0631\u0645 \u0633\u0627\u064a\u0628\u0631\u06cc \u0628\u064a\u0641\u062a\u062f\u060c \u0627\u0648 \u0627\u0632 \u0622\u0646 \u0628\u0647 \u06af\u0648\u0646\u0647\u200c\u0627\u06cc \u0645\u062e\u0631\u0628 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u062f \u0643\u0631\u062f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h--1\"><strong>\u062c\u0631\u0645\u200c\u0634\u0646\u0627\u0633\u06cc \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644<\/strong><\/h3>\n\n\n\n<p>\u062d\u0645\u0644\u0647 \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 \u0645\u0645\u0643\u0646 \u0627\u0633\u062a \u0645\u062e\u0641\u06cc\u0627\u0646\u0647 \u0628\u0627\u0634\u062f\u060c \u0627\u0645\u0627 \u06a9\u0627\u0645\u0644\u0627\u064b \u0646\u0627\u0645\u0631\u0626\u06cc \u0646\u06cc\u0633\u062a. \u0627\u06af\u0631 \u0643\u0627\u0631\u0628\u0631 \u0628\u062f\u0627\u0646\u062f \u0643\u062c\u0627 \u0631\u0627 \u0628\u0627\u064a\u062f \u062c\u0633\u062a\u200c\u0648\u062c\u0648 \u0643\u0646\u062f\u060c \u0647\u0646\u0648\u0632 \u0633\u0631\u0646\u062e \u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u062a\u0648\u0627\u0646 \u0627\u0632 \u062f\u0633\u062a\u06af\u0627\u0647\u064a \u0645\u0634\u06a9\u0648\u06a9 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u06a9\u0631\u062f. \u062d\u0645\u0644\u0627\u062a \u0648\u0627\u0642\u0639\u06cc \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0647\u0627\u06cc 64 \u0628\u064a\u062a\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 10 \u0648 32 \u0628\u064a\u062a\u06cc \u0648\u064a\u0646\u062f\u0648\u0632 7 \u062f\u0631 \u0645\u062d\u06cc\u0637 \u0645\u062c\u0627\u0632\u06cc \u0628\u0633\u062a\u0647 \u0634\u0628\u06cc\u0647\u200c\u0633\u0627\u0632\u06cc\u200c \u0645\u06cc\u200c\u0634\u0648\u0646\u062f \u0648 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u062c\u0631\u0645\u200c\u0634\u0646\u0627\u0633\u06cc SANS 508 \u0628\u0631\u0627\u06cc \u0628\u0631\u0631\u0633\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0643\u0646\u0646\u062f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-code-injection\"><strong>\u062a\u0634\u062e\u06cc\u0635 \u062a\u0631\u0641\u0646\u062f\u0647\u0627\u06cc Code Injection<\/strong><\/h3>\n\n\n\n<p>\u062f\u0631 \u062a\u0634\u062e\u06cc\u0635 \u062a\u0631\u0641\u0646\u062f\u0647\u0627\u06cc Code Injection\u060c \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u06cc \u0628\u0647 \u0646\u0627\u0645 Volatility \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. Volatility&nbsp;\u06cc\u06a9 \u0627\u0628\u0632\u0627\u0631 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u062d\u0627\u0641\u0638\u0647 \u0645\u0646\u0628\u0639\u200c\u0628\u0627\u0632 \u0627\u0633\u062a \u06a9\u0647 \u0627\u0632 \u0633\u064a\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644\u200c\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u060c Linux\u060c \u0645\u0643 \u0648 \u062d\u062a\u06cc \u0627\u0646\u062f\u0631\u0648\u064a\u062f \u067e\u0634\u062a\u064a\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u0643\u0646\u062f. \u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062a\u0635\u0627\u0648\u06cc\u0631 VMware\u060c \u062a\u0635\u0627\u0648\u06cc\u0631 Virtual Box \u0648 &#8230; \u0631\u0627 \u062a\u062c\u0632\u064a\u0647 \u0648 \u062a\u062d\u0644\u064a\u0644 \u0643\u0646\u062f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-process-hollowing-1\"><strong>Process Hollowing<\/strong><\/h3>\n\n\n\n<p>\u0646\u0645\u0648\u0646\u0647 \u0647\u0627\u06cc \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0645\u0648\u0631\u062f \u0628\u0631\u0631\u0633\u06cc \u0628\u0631\u0627\u064a Code Injection \u0627\u0632 \u0646\u0648\u0639 \u062a\u0631\u0641\u0646\u062f Process Hollowing\u060c \u0628\u0627\u062c\u200c\u0627\u0641\u0632\u0627\u0631 SOREBRECT \u0648 DRIDEX banking Trojan \u0647\u0633\u062a\u0646\u062f. \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u062d\u0627\u0641\u0638\u0647 Volatility\u060c \u062a\u0635\u0648\u06cc\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0622\u0644\u0648\u062f\u0647 \u0643\u0647 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u062b\u0628\u062a \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u0628\u0627 \u062f\u0642\u062a \u0645\u0648\u0631\u062f \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f \u062a\u0627 \u062a\u0631\u0641\u0646\u062f\u0647\u0627\u06cc Injection \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u06cc\u0646 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u0648\u062f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-sorebrect\"><strong>\u0628\u0627\u062c\u200c\u0627\u0641\u0632\u0627\u0631<\/strong><strong> Sorebrect <\/strong><strong><\/strong><\/h3>\n\n\n\n<p>\u0645\u0634\u062e\u0635 \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0627\u062c \u0627\u0641\u0632\u0627\u0631 SOREBRECT \u0627\u0632 \u0637\u0631\u06cc\u0642 PsExec \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f \u062a\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0634\u0628\u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646 \u0645\u0646\u062a\u0634\u0631 \u0634\u0648\u062f.<\/p>\n\n\n\n<p>\u0628\u0631\u0631\u0633\u06cc \u062e\u0635\u0648\u0635\u06cc\u0627\u062a \u0641\u0631\u0622\u06cc\u0646\u062f \u0645\u0634\u06a9\u0648\u06a9 svchost.ex \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0627\u0633\u062a \u0643\u0647 \u0627\u064a\u0646 \u0641\u0631\u0622\u064a\u0646\u062f \u0628\u0631 \u0627\u0633\u0627\u0633 \u0645\u0633\u064a\u0631 \u0641\u0627\u064a\u0644\u0634 \u0642\u0627\u0646\u0648\u0646\u06cc \u0628\u0647 \u0646\u0638\u0631 \u0645\u064a\u06cc\u0631\u0633\u062f. \u0647\u0645\u0686\u0646\u064a\u0646 \u06a9\u0627\u0648\u0634 \u0639\u0645\u06cc\u0642 \u062f\u0631 \u062a\u0635\u0648\u06cc\u0631 \u062d\u0627\u0641\u0638\u0647 \u0628\u0647\u200c\u062f\u0633\u062a\u200c\u200e\u0622\u0645\u062f\u0647 \u0628\u0647 \u0643\u0645\u0643 \u0627\u0628\u0632\u0627\u0631 Volatility \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u0643\u0647 \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 \u00abvol.py pslist |&nbsp;grep -i svchost\u00bb \u0628\u0631\u0627\u06cc \u0641\u06cc\u0644\u062a\u0631 \u06a9\u0631\u062f\u0646 \u0643\u0627\u0645\u0644 \u0641\u0631\u0622\u064a\u0646\u062f svchost.exe \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0648 \u0627\u06cc\u0646 \u062f\u0633\u062a\u0648\u0631 \u0627\u062e\u062a\u0644\u0627\u0641\u0627\u062a\u06cc \u0631\u0627 \u062f\u0631 \u0631\u0627\u0628\u0637\u0647 \u0628\u064a\u0646&nbsp;Parent \u0648 Child \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0627\u0633\u062a. \u0641\u0631\u0622\u06cc\u0646\u062f Parent \u067e\u06cc\u0634 \u0641\u0631\u0636 \u00absvchost.exe\u00bb \u0628\u0627\u06cc\u062f \u00abservices.exe\u00bb \u0628\u0627\u0634\u062f. \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u064a\u0646 \u062e\u0631\u0648\u062c\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0646\u0627\u0647\u0646\u062c\u0627\u0631\u06cc \u0631\u0627 \u0645\u0634\u062e\u0635 \u0643\u0631\u062f. \u0647\u0645\u0647 \u0641\u0631\u0622\u064a\u0646\u062f\u0647\u0627\u06cc svchost.exe \u062f\u0627\u0631\u0627\u06cc \u0641\u0631\u0622\u06cc\u0646\u062f Parent \u0627\u0632 \u0646\u0648\u0639 PPID 692 \u0647\u0633\u062a\u0646\u062f\u060c \u0628\u0647 \u062c\u0632 \u0641\u0631\u0622\u064a\u0646\u062f \u062e\u0627\u0635 svchost.exe (PID 4692) \u06a9\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f Parent \u0622\u0646 \u0627\u0632 \u0646\u0648\u0639 PPID 4656 \u0627\u0633\u062a.<\/p>\n\n\n<h3 class=\"crp-list-title\">\u0645\u0642\u0627\u0644\u0647 \u0647\u0627\u06cc \u0645\u0631\u062a\u0628\u0637:<\/h3><div class=\"crp-list\"><div class=\"crp-list-item crp-list-item-image-none\"><div class=\"crp-list-item-title\"><a href=\"https:\/\/www.apk.co.ir\/kb\/investigate-and-search-for-ghosts-in-fileless-attack-part-1\/\">\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u0627\u0648\u0644<\/a><\/div><\/div><\/div>","protected":false},"author":1004068,"featured_media":24570,"parent":0,"menu_order":0,"template":"","format":"standard","manualknowledgebasecat":[2970],"manual_kb_tag":[8965,8967],"class_list":{"0":"post-24636","1":"manual_kb","2":"type-manual_kb","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"manualknowledgebasecat-security","8":"manual_kb_tag-fileless-attack-","9":"manual_kb_tag-fileless-attack"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.8 (Yoast SEO v23.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645<\/title>\n<meta name=\"description\" content=\"\u062f\u0631 Fileless Attack \u062f\u0631 \u0645\u0648\u0631\u062f Code Injection \u0628\u0627\u06cc\u0633\u062a\u06cc \u0627\u06cc\u0646 \u0646\u06a9\u062a\u0647 \u0631\u0627 \u062a\u0648\u062c\u0647 \u062f\u0627\u0634\u062a \u06a9\u0647 \u064a\u0627\u062f\u06af\u064a\u0631\u06cc \u0646\u062d\u0648\u0647 \u0628\u0627\u0631\u06af\u064a\u0631\u06cc \u0641\u0631\u0622\u064a\u0646\u062f \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0628\u0633\u064a\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/\" \/>\n<meta property=\"og:locale\" content=\"fa_IR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645 (\u067e\u0627\u06cc\u0627\u0646\u06cc)\" \/>\n<meta property=\"og:description\" content=\"\u062f\u0631 Fileless Attack \u062f\u0631 \u0645\u0648\u0631\u062f Code Injection \u0628\u0627\u06cc\u0633\u062a\u06cc \u0627\u06cc\u0646 \u0646\u06a9\u062a\u0647 \u0631\u0627 \u062a\u0648\u062c\u0647 \u062f\u0627\u0634\u062a \u06a9\u0647 \u064a\u0627\u062f\u06af\u064a\u0631\u06cc \u0646\u062d\u0648\u0647 \u0628\u0627\u0631\u06af\u064a\u0631\u06cc \u0641\u0631\u0622\u064a\u0646\u062f \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0628\u0633\u064a\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/\" \/>\n<meta property=\"og:site_name\" content=\"\u0627\u0645\u0646 \u067e\u0627\u06cc\u0647 \u0631\u06cc\u0632\u0627\u0646 \u06a9\u0627\u0631\u0646 | APK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/apkco\/\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-13T03:56:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"1337\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u0632\u0645\u0627\u0646 \u062a\u062e\u0645\u06cc\u0646\u06cc \u0645\u0637\u0627\u0644\u0639\u0647\" \/>\n\t<meta name=\"twitter:data1\" content=\"9 \u062f\u0642\u06cc\u0642\u0647\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/\"},\"author\":{\"name\":\"Hadis Pooyafar\",\"@id\":\"https:\/\/www.apk.co.ir\/#\/schema\/person\/0f141ffe0bf764c2c8f90416bd03941c\"},\"headline\":\"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645 (\u067e\u0627\u06cc\u0627\u0646\u06cc)\",\"datePublished\":\"2021-04-11T20:31:00+00:00\",\"dateModified\":\"2021-04-13T03:56:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/\"},\"wordCount\":267,\"publisher\":{\"@id\":\"https:\/\/www.apk.co.ir\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg\",\"inLanguage\":\"fa-IR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/\",\"url\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/\",\"name\":\"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645\",\"isPartOf\":{\"@id\":\"https:\/\/www.apk.co.ir\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg\",\"datePublished\":\"2021-04-11T20:31:00+00:00\",\"dateModified\":\"2021-04-13T03:56:21+00:00\",\"description\":\"\u062f\u0631 Fileless Attack \u062f\u0631 \u0645\u0648\u0631\u062f Code Injection \u0628\u0627\u06cc\u0633\u062a\u06cc \u0627\u06cc\u0646 \u0646\u06a9\u062a\u0647 \u0631\u0627 \u062a\u0648\u062c\u0647 \u062f\u0627\u0634\u062a \u06a9\u0647 \u064a\u0627\u062f\u06af\u064a\u0631\u06cc \u0646\u062d\u0648\u0647 \u0628\u0627\u0631\u06af\u064a\u0631\u06cc \u0641\u0631\u0622\u064a\u0646\u062f \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0628\u0633\u064a\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#breadcrumb\"},\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fa-IR\",\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#primaryimage\",\"url\":\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg\",\"contentUrl\":\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg\",\"width\":1200,\"height\":1337,\"caption\":\"Fileless Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u062e\u0627\u0646\u0647\",\"item\":\"https:\/\/www.apk.co.ir\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645 (\u067e\u0627\u06cc\u0627\u0646\u06cc)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.apk.co.ir\/#website\",\"url\":\"https:\/\/www.apk.co.ir\/\",\"name\":\"\u0627\u0645\u0646 \u067e\u0627\u06cc\u0647 \u0631\u06cc\u0632\u0627\u0646 \u06a9\u0627\u0631\u0646 | APK\",\"description\":\"\u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a\u060c \u0627\u0645\u0646\u06cc\u062a\u060c \u0634\u0628\u06a9\u0647\u060c \u0645\u062c\u0627\u0632\u06cc \u0633\u0627\u0632\u06cc\u060c \u062f\u06cc\u062a\u0627\u0633\u0646\u062a\u0631\",\"publisher\":{\"@id\":\"https:\/\/www.apk.co.ir\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.apk.co.ir\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fa-IR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.apk.co.ir\/#organization\",\"name\":\"\u0627\u0645\u0646 \u067e\u0627\u06cc\u0647 \u0631\u06cc\u0632\u0627\u0646 \u06a9\u0627\u0631\u0646 | APK\",\"url\":\"https:\/\/www.apk.co.ir\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fa-IR\",\"@id\":\"https:\/\/www.apk.co.ir\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2016\/08\/apk-logo-black.png\",\"contentUrl\":\"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2016\/08\/apk-logo-black.png\",\"width\":800,\"height\":158,\"caption\":\"\u0627\u0645\u0646 \u067e\u0627\u06cc\u0647 \u0631\u06cc\u0632\u0627\u0646 \u06a9\u0627\u0631\u0646 | APK\"},\"image\":{\"@id\":\"https:\/\/www.apk.co.ir\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/apkco\/\",\"https:\/\/www.instagram.com\/apk.co\/\",\"https:\/\/www.linkedin.com\/company\/apkco\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.apk.co.ir\/#\/schema\/person\/0f141ffe0bf764c2c8f90416bd03941c\",\"name\":\"Hadis Pooyafar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fa-IR\",\"@id\":\"https:\/\/www.apk.co.ir\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f0dcb4360c1530101bc9b840aa4905e7?s=96&d=mm&r=r\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f0dcb4360c1530101bc9b840aa4905e7?s=96&d=mm&r=r\",\"caption\":\"Hadis Pooyafar\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645","description":"\u062f\u0631 Fileless Attack \u062f\u0631 \u0645\u0648\u0631\u062f Code Injection \u0628\u0627\u06cc\u0633\u062a\u06cc \u0627\u06cc\u0646 \u0646\u06a9\u062a\u0647 \u0631\u0627 \u062a\u0648\u062c\u0647 \u062f\u0627\u0634\u062a \u06a9\u0647 \u064a\u0627\u062f\u06af\u064a\u0631\u06cc \u0646\u062d\u0648\u0647 \u0628\u0627\u0631\u06af\u064a\u0631\u06cc \u0641\u0631\u0622\u064a\u0646\u062f \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0628\u0633\u064a\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/","og_locale":"fa_IR","og_type":"article","og_title":"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645 (\u067e\u0627\u06cc\u0627\u0646\u06cc)","og_description":"\u062f\u0631 Fileless Attack \u062f\u0631 \u0645\u0648\u0631\u062f Code Injection \u0628\u0627\u06cc\u0633\u062a\u06cc \u0627\u06cc\u0646 \u0646\u06a9\u062a\u0647 \u0631\u0627 \u062a\u0648\u062c\u0647 \u062f\u0627\u0634\u062a \u06a9\u0647 \u064a\u0627\u062f\u06af\u064a\u0631\u06cc \u0646\u062d\u0648\u0647 \u0628\u0627\u0631\u06af\u064a\u0631\u06cc \u0641\u0631\u0622\u064a\u0646\u062f \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0628\u0633\u064a\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a.","og_url":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/","og_site_name":"\u0627\u0645\u0646 \u067e\u0627\u06cc\u0647 \u0631\u06cc\u0632\u0627\u0646 \u06a9\u0627\u0631\u0646 | APK","article_publisher":"https:\/\/www.facebook.com\/apkco\/","article_modified_time":"2021-04-13T03:56:21+00:00","og_image":[{"width":1200,"height":1337,"url":"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"\u0632\u0645\u0627\u0646 \u062a\u062e\u0645\u06cc\u0646\u06cc \u0645\u0637\u0627\u0644\u0639\u0647":"9 \u062f\u0642\u06cc\u0642\u0647"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#article","isPartOf":{"@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/"},"author":{"name":"Hadis Pooyafar","@id":"https:\/\/www.apk.co.ir\/#\/schema\/person\/0f141ffe0bf764c2c8f90416bd03941c"},"headline":"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645 (\u067e\u0627\u06cc\u0627\u0646\u06cc)","datePublished":"2021-04-11T20:31:00+00:00","dateModified":"2021-04-13T03:56:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/"},"wordCount":267,"publisher":{"@id":"https:\/\/www.apk.co.ir\/#organization"},"image":{"@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg","inLanguage":"fa-IR"},{"@type":"WebPage","@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/","url":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/","name":"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645","isPartOf":{"@id":"https:\/\/www.apk.co.ir\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#primaryimage"},"image":{"@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg","datePublished":"2021-04-11T20:31:00+00:00","dateModified":"2021-04-13T03:56:21+00:00","description":"\u062f\u0631 Fileless Attack \u062f\u0631 \u0645\u0648\u0631\u062f Code Injection \u0628\u0627\u06cc\u0633\u062a\u06cc \u0627\u06cc\u0646 \u0646\u06a9\u062a\u0647 \u0631\u0627 \u062a\u0648\u062c\u0647 \u062f\u0627\u0634\u062a \u06a9\u0647 \u064a\u0627\u062f\u06af\u064a\u0631\u06cc \u0646\u062d\u0648\u0647 \u0628\u0627\u0631\u06af\u064a\u0631\u06cc \u0641\u0631\u0622\u064a\u0646\u062f \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0628\u0633\u064a\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a.","breadcrumb":{"@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#breadcrumb"},"inLanguage":"fa-IR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/"]}]},{"@type":"ImageObject","inLanguage":"fa-IR","@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#primaryimage","url":"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg","contentUrl":"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2021\/04\/Fileless-Attack.jpg","width":1200,"height":1337,"caption":"Fileless Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/www.apk.co.ir\/kb\/checking-for-ghosts-in-fileless-attack-part-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u062e\u0627\u0646\u0647","item":"https:\/\/www.apk.co.ir\/"},{"@type":"ListItem","position":2,"name":"\u0628\u0631\u0631\u0633\u06cc \u0648 \u062c\u0633\u062a\u200c\u0648\u062c\u0648\u06cc Ghost\u0647\u0627 \u062f\u0631 Fileless Attack \u06cc\u0627 \u062d\u0645\u0644\u0627\u062a \u0628\u062f\u0648\u0646 \u0641\u0627\u064a\u0644 _ \u0642\u0633\u0645\u062a \u062f\u0648\u0645 (\u067e\u0627\u06cc\u0627\u0646\u06cc)"}]},{"@type":"WebSite","@id":"https:\/\/www.apk.co.ir\/#website","url":"https:\/\/www.apk.co.ir\/","name":"\u0627\u0645\u0646 \u067e\u0627\u06cc\u0647 \u0631\u06cc\u0632\u0627\u0646 \u06a9\u0627\u0631\u0646 | APK","description":"\u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a\u060c \u0627\u0645\u0646\u06cc\u062a\u060c \u0634\u0628\u06a9\u0647\u060c \u0645\u062c\u0627\u0632\u06cc \u0633\u0627\u0632\u06cc\u060c \u062f\u06cc\u062a\u0627\u0633\u0646\u062a\u0631","publisher":{"@id":"https:\/\/www.apk.co.ir\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.apk.co.ir\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fa-IR"},{"@type":"Organization","@id":"https:\/\/www.apk.co.ir\/#organization","name":"\u0627\u0645\u0646 \u067e\u0627\u06cc\u0647 \u0631\u06cc\u0632\u0627\u0646 \u06a9\u0627\u0631\u0646 | APK","url":"https:\/\/www.apk.co.ir\/","logo":{"@type":"ImageObject","inLanguage":"fa-IR","@id":"https:\/\/www.apk.co.ir\/#\/schema\/logo\/image\/","url":"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2016\/08\/apk-logo-black.png","contentUrl":"https:\/\/www.apk.co.ir\/wp-content\/uploads\/2016\/08\/apk-logo-black.png","width":800,"height":158,"caption":"\u0627\u0645\u0646 \u067e\u0627\u06cc\u0647 \u0631\u06cc\u0632\u0627\u0646 \u06a9\u0627\u0631\u0646 | APK"},"image":{"@id":"https:\/\/www.apk.co.ir\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/apkco\/","https:\/\/www.instagram.com\/apk.co\/","https:\/\/www.linkedin.com\/company\/apkco"]},{"@type":"Person","@id":"https:\/\/www.apk.co.ir\/#\/schema\/person\/0f141ffe0bf764c2c8f90416bd03941c","name":"Hadis Pooyafar","image":{"@type":"ImageObject","inLanguage":"fa-IR","@id":"https:\/\/www.apk.co.ir\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f0dcb4360c1530101bc9b840aa4905e7?s=96&d=mm&r=r","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f0dcb4360c1530101bc9b840aa4905e7?s=96&d=mm&r=r","caption":"Hadis Pooyafar"}}]}},"_links":{"self":[{"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/manual_kb\/24636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/manual_kb"}],"about":[{"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/types\/manual_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/users\/1004068"}],"version-history":[{"count":15,"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/manual_kb\/24636\/revisions"}],"predecessor-version":[{"id":24685,"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/manual_kb\/24636\/revisions\/24685"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/media\/24570"}],"wp:attachment":[{"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/media?parent=24636"}],"wp:term":[{"taxonomy":"manualknowledgebasecat","embeddable":true,"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/manualknowledgebasecat?post=24636"},{"taxonomy":"manual_kb_tag","embeddable":true,"href":"https:\/\/www.apk.co.ir\/wp-json\/wp\/v2\/manual_kb_tag?post=24636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}