fix: update prompt styling for clarity in SilverFox POC documentation

JerryLinLinLin · JerryLinLinLin · commit fc9b43a7fd45 · 2025-12-25T20:39:02.000-06:00
diff --git a/_posts/2025-12-15-silver-fox-poc-2025-zh-cn.md b/_posts/2025-12-15-silver-fox-poc-2025-zh-cn.md
@@ -47,7 +47,7 @@ Python 社区已经提供了现成的库：[PythonMemoryModule](https://github.c
 导入此库后，即可将任意 DLL/EXE 加载进 `python.exe` 宿主进程的内存中。
 
 > 经过本地测试，C/C++ 编译的 EXE 可以完美运行，但 .NET 程序无法正常工作。
-{: .prompt-tip }
+{: .prompt-warning }
 
 ```python
 import pythonmemorymodule
@@ -193,7 +193,7 @@ if (result == ERROR_SUCCESS) {
     ![alt text](3.png)
 
 > 至此，该驱动可以在开启了 HVCI (Hypervisor-Protected Code Integrity) 的最新版 Windows 11 机器上成功运行。
-{: .prompt-info }
+{: .prompt-tip }
 
 下面是 POC 的关键代码片段：
 
@@ -431,7 +431,7 @@ int InvokeCreateSvcRpcMain(char* pExecCmd)
 2024 年底，安全研究员 **Jonathan Beierle** 和 **Logan Goins** 发布了一篇名为 [Weaponizing WDAC - Killing the Dreams of EDR](https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/) 的文章，详细描述了如何滥用 WDAC 机制来禁用杀毒软件和 EDR 的运行。
 
 > 这一攻击手法的核心关键点在于：**WDAC 策略在系统启动阶段的加载优先级高于 EDR 驱动程序**。
-{: .prompt-info }
+{: .prompt-danger }
 
 ### 攻击流程
 
diff --git a/_posts/2025-12-15-silver-fox-poc-2025.md b/_posts/2025-12-15-silver-fox-poc-2025.md
@@ -47,7 +47,7 @@ The Python community has provided a ready-made library: [PythonMemoryModule](htt
 After importing this library, any DLL/EXE can be loaded into the memory of the `python.exe` host process.
 
 > After local testing, EXEs compiled with C/C++ run perfectly, but .NET programs do not work properly.
-{: .prompt-tip }
+{: .prompt-warning }
 
 ```python
 import pythonmemorymodule
@@ -192,8 +192,8 @@ According to a [report](https://research.checkpoint.com/2025/silver-fox-apt-vuln
 
     ![alt text](3.png)
 
-> At this point, this driver can successfully run on the latest Windows 11 machines with HVCI (Hypervisor-Protected Code Integrity) enabled.
-{: .prompt-info }
+> At this point, the driver can successfully run on the latest Windows 11 machines with HVCI (Hypervisor-Protected Code Integrity) enabled.
+{: .prompt-tip }
 
 Below is the key code snippet of the POC:
 
@@ -431,7 +431,7 @@ According to [Huorong Security's report](https://www.huorong.cn/document/tech/vi
 In late 2024, security researchers **Jonathan Beierle** and **Logan Goins** published an article titled [Weaponizing WDAC - Killing the Dreams of EDR](https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/), detailing how to abuse the WDAC mechanism to disable the operation of antivirus software and EDR.
 
 > The core key point of this attack method is: **WDAC policies have a higher loading priority than EDR drivers during the system boot phase**.
-{: .prompt-info }
+{: .prompt-danger }
 
 ### Attack Process
 
