中圖分類號：TP393.08 文獻標志碼：A DOI: 10.16157/j.issn.0258-7998.256460
中文引用格式： 莫施文，沙樂天，潘家曄. 面向Windows平臺的樣本對抗研究[J]. 電子技術(shù)應用，2025，51(10)：52-57.
英文引用格式： Mo Shiwen，Sha Letian，Pan Jiaye. Adversarial research on malware samples for the Windows platform[J]. Application of Electronic Technique，2025，51(10)：52-57.

Adversarial research on malware samples for the Windows platform

Abstract： With the continuous evolution of cyberattack technologies, Advanced Persistent Threats (APT) targeting enterprises and organizations have become increasingly prevalent. The success of APT attacks largely depends on the execution quality during the post-exploitation phase, where attackers use sophisticated adversarial techniques to maintain persistent control and exfiltrate data. This paper focuses on adversarial techniques in the post-exploitation phase, discussing technologies such as Bootkit, COM Interface Abuse, BYOVD, and VEIL7, and introduces a new adversarial framework. Through experiments, the paper demonstrates its bypass capabilities against multiple antivirus tools, as well as its advantages over existing adversarial tools. Additionally, corresponding defense strategies for this framework are proposed to advance research on countermeasure techniques and optimize defense mechanisms.

Key words : APT attacks；adversarial techniques；Bootkit；COM interface exploitation；vulnerable driver