窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf

Check these out next

HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
Marco Balduzzi
議題二:Web應用程式安全防護
議題二:Web應用程式安全防護
Nicolas su
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah
SSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
Waf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
Format string Attack
Format string Attack
icchy
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
1 of 57

窺探職場上所需之資安專業技術與能力 Tdohconf

Dec. 20, 2016
Download to read offline
Presentations & Public Speaking

TDOH CONF

jack51706

Recommended

資訊安全入門資訊安全入門
資訊安全入門Tyler Chen9.3K views160 slides
Got Your PW - 一場入門資安的微旅行Got Your PW - 一場入門資安的微旅行
Got Your PW - 一場入門資安的微旅行Allen Chou2K views35 slides
台科大網路鑑識課程 封包分析及中繼站追蹤台科大網路鑑識課程 封包分析及中繼站追蹤
台科大網路鑑識課程 封包分析及中繼站追蹤jack517063.2K views59 slides
Become A Security MasterBecome A Security Master
Become A Security MasterChong-Kuan Chen5.6K views52 slides
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protectionamiable_indian8.5K views64 slides
Dos attackDos attack
Dos attackManjushree Mashal1.4K views5 slides

More Related Content

Slideshows for you(20)

HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
Marco Balduzzi11.5K views
議題二:Web應用程式安全防護議題二:Web應用程式安全防護
議題二:Web應用程式安全防護
Nicolas su4.2K views
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili51.8K views
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah45K views
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur373 views
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa26.3K views
Format string AttackFormat string Attack
Format string Attack
icchy4.2K views
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava2K views
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)7.6K views
XXE - XML External Entity Attack XXE - XML External Entity Attack
XXE - XML External Entity Attack
Cysinfo Cyber Security Community3.7K views
Proxy WarProxy War
Proxy War
zaki464914.6K views
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request Forgery
Tony Bibbs4.6K views
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web Attacks
Vivek Sinha Anurag1.2K views
Basics of Server Side Template InjectionBasics of Server Side Template Injection
Basics of Server Side Template Injection
Vandana Verma374 views
XSSフィルターを利用したXSS攻撃 by Masato KinugawaXSSフィルターを利用したXSS攻撃 by Masato Kinugawa
XSSフィルターを利用したXSS攻撃 by Masato Kinugawa
CODE BLUE7.6K views
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAP
Paul Ionescu2K views
Slides do Treinamento - OWASP TOP 10 (Em português)Slides do Treinamento - OWASP TOP 10 (Em português)
Slides do Treinamento - OWASP TOP 10 (Em português)
Julio Cesar Stefanutto2.9K views
外部キー制約に伴うロックの小話外部キー制約に伴うロックの小話
外部キー制約に伴うロックの小話
ichirin250132K views
SQLインジェクション再考SQLインジェクション再考
SQLインジェクション再考
Hiroshi Tokumaru1.1K views
sqlmap internalssqlmap internals
sqlmap internals
Miroslav Stampar2.4K views

Similar to 窺探職場上所需之資安專業技術與能力 Tdohconf(20)

OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP188 views
淺談 Startup 公司的軟體開發流程 v2淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Wen-Tien Chang38.7K views
Agile startup company management and operationAgile startup company management and operation
Agile startup company management and operation
Jiang Zhu870 views
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory Forensics
Andrew Case2K views
Simon Bennetts - Automating ZAP Simon Bennetts - Automating ZAP
Simon Bennetts - Automating ZAP
DevSecCon1.4K views
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts8K views
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloudITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
Istanbul Tech Talks592 views
2017 Codemotion OWASP ZAP in CI/CD2017 Codemotion OWASP ZAP in CI/CD
2017 Codemotion OWASP ZAP in CI/CD
Simon Bennetts2.4K views
15年前に作ったアプリを現在に蘇らせてみた話15年前に作ったアプリを現在に蘇らせてみた話
15年前に作ったアプリを現在に蘇らせてみた話
Naoki Nagazumi2.4K views
EclipseCon France 2018 reportEclipseCon France 2018 report
EclipseCon France 2018 report
Akira Tanaka772 views
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov12.8K views
Доклад Михаила Егорова на PHDaysДоклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDays
ru_Parallels314 views
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon china
Peter Hlavaty369 views
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo1.2K views
Barcamp Bangkhen :: Robot FrameworkBarcamp Bangkhen :: Robot Framework
Barcamp Bangkhen :: Robot Framework
Somkiat Puisungnoen2.4K views
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
TestDevLab809 views
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Codemotion4.8K views
Java platformJava platform
Java platform
Universidade de São Paulo799 views
Silent web app testing by example - BerlinSides 2011Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011
Abraham Aranguren8.4K views
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
gmaran232.5K views

Recently uploaded(20)

GYNAE TOACS A7-A12.pptxGYNAE TOACS A7-A12.pptx
GYNAE TOACS A7-A12.pptx
HassanIlyas331 view
Prototyping Cards Prototyping Cards
Prototyping Cards
peter williams17 views
Kazuko Kotaki_Japan digital PR best practices‗how to run hybrid media relatio...Kazuko Kotaki_Japan digital PR best practices‗how to run hybrid media relatio...
Kazuko Kotaki_Japan digital PR best practices‗how to run hybrid media relatio...
Edelman Japan1 view
SURGICAL INSTRUMENTS surgery.pptxSURGICAL INSTRUMENTS surgery.pptx
SURGICAL INSTRUMENTS surgery.pptx
HassanIlyas332 views
Skilling .pdfSkilling .pdf
Skilling .pdf
ManasKumar4519512 views
The Cornerstone of Media - ABS CBN Reporter (Jervis Manahan).pdfThe Cornerstone of Media - ABS CBN Reporter (Jervis Manahan).pdf
The Cornerstone of Media - ABS CBN Reporter (Jervis Manahan).pdf
JohnChristianAgustin2 views
LANDMARKS AND MONUMENTS OF NIGERIALANDMARKS AND MONUMENTS OF NIGERIA
LANDMARKS AND MONUMENTS OF NIGERIA
Basil Achie3 views
Near Miss.pptxNear Miss.pptx
Near Miss.pptx
Dineshpal823 views
11.1_Katleen Bell-Bonjean.pdf11.1_Katleen Bell-Bonjean.pdf
11.1_Katleen Bell-Bonjean.pdf
Katleen Bell-Bonjean48 views
Mapping the landscape of service robots in hospitality: A bibliometric analysisMapping the landscape of service robots in hospitality: A bibliometric analysis
Mapping the landscape of service robots in hospitality: A bibliometric analysis
Selcen Ozturkcan18 views
Critical L&D Elements to Achieve Success for Small and Growing Biotechs Critical L&D Elements to Achieve Success for Small and Growing Biotechs
Critical L&D Elements to Achieve Success for Small and Growing Biotechs
Seuss+2 views
IKWUEZE UCHENNA HUMPHREY.pptxIKWUEZE UCHENNA HUMPHREY.pptx
IKWUEZE UCHENNA HUMPHREY.pptx
UchennaIkwueze22 views
presentation on geological structure.pptxpresentation on geological structure.pptx
presentation on geological structure.pptx
AlMamun5603461 view
Walter Vargas - eCommerce Day Paraguay Blended Professional Experience 2023Walter Vargas - eCommerce Day Paraguay Blended Professional Experience 2023
Walter Vargas - eCommerce Day Paraguay Blended Professional Experience 2023
eCommerce Institute6 views
business-models.pdfbusiness-models.pdf
business-models.pdf
ImadRiaz21 view
Assessment3_22026986_Dinh Tuan Tran.pdfAssessment3_22026986_Dinh Tuan Tran.pdf
Assessment3_22026986_Dinh Tuan Tran.pdf
accountvsro3 views
paragraphs.pptparagraphs.ppt
paragraphs.ppt
AsifIqbalAsifIqbal1 view
Presentation - Poverty -Updated.Anas.pptxPresentation - Poverty -Updated.Anas.pptx
Presentation - Poverty -Updated.Anas.pptx
Shah G2 views
Resisting Assimilation: The Synthesis of tradition and Modernity in Tibetan e...Resisting Assimilation: The Synthesis of tradition and Modernity in Tibetan e...
Resisting Assimilation: The Synthesis of tradition and Modernity in Tibetan e...
TibetMuseum3 views
An Ocean of Glaciers Tibet from top to bottom An Ocean of Glaciers Tibet from top to bottom
An Ocean of Glaciers Tibet from top to bottom
TibetMuseum4 views

窺探職場上所需之資安專業技術與能力 Tdohconf

  1. Jack 1
  2. ... • • • • • 2
  3. Agenda • Whoami • • & • • • FAQ 3
  4. 4
  5. ( ) • TCP/IP • OWASP 5
  6. -VA & WEBVA • OWASP • Vulnerability Assessment • ..... • 6
  7. Exploit Development • http://securityalley.blogspot.tw/2014/06/buffer-overflow-windows.html ( EXPLOIT ) • https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/ (CORELAN ) • http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/ ( EXPLOIT ) • https://github.com/enddo/awesome-windows-exploitation • https://github.com/riusksk/vul_war 7
  8. 8
  9. 9
  10. - / • • 10
  11. - • • • AD • • • 11
  12. ( ) • WEBPT • IR • Coding • Certification 12
  13. - • OWASP Testing Guide • Open Source Security Testing Methodology Manual (OSSTMM) • • 13
  14. Web Application Hacker’s Methodology 14
  15. SQLMAP • ..... • 1 • 2 code • 3 code 15
  16. -1 • https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project • http://drops.wooyun.org/( ....) • http://www.freebuf.com/ • https://www.91ri.org/ • https://support.portswigger.net/customer/portal/topics/792273-burp-testing- methodologies/articles?page=1 • https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/ 16
  17. 17
  18. - • ERS? (WHAT) • ? (WHO) • ? (WHERE) 
 • ? (HOW) • 18
  19. ATTACK LIFECYCLE ..... 19
  20. - • 20
  21. IR Toolkit • 21
  22. - • • • • 22
  23. • Hash ( ) • (.NET JAVA ) • Import ( • Strings • Tools Installed on REMnux • Reverse-Engineering Wiki 23
  24. • F5 ( • • ( ?) 24
  25. • .... • • —— 25
  26. 26
  27. • Anti VM • Anti OD • Anti Forensic • Anti XXX …… • • ANTI TECH github 27
  28. • • 28
  29. • http://bbs.pediy.com/ ( ) • http://www.52pojie.cn/forum.php ( ) • http://adr.horse/ ( ) • https://github.com/gasgas4/APT_CyberCriminal_Campagin ( ) • http://blog.malwaremustdie.org/ • http://www.malware-traffic-analysis.net/ 29
  30. 30
  31. Malware Source / Code • https://github.com/gasgas4/Leaked_Malware_SourceCode • https://github.com/ytisf/theZoo • https://github.com/krmaxwell/maltrieve 31
  32. - • • • • • 32
  33. • • • ?! • • 33
  34. 34
  35. 35
  36. 36
  37. IDA OD ... 37
  38. Google Drive • OAuth 38
  39. DropBox • token 39
  40. 40
  41. XX •A B •B C D E • ... 41
  42. XXX • • • 42
  43. 43
  44. ( ! 44
  45. • Office • 45
  46. ... 46
  47. • 47
  48. ! ! ! 48
  49. ! ! !
 49
  50. 50
  51. • https://github.com/hackedteam?tab=repositories ( HACKING TEAM) • https://www.blackhat.com/html/archives.html • https://www.defcon.org/html/links/dc-archives.html • https://github.com/RichardLitt/awesome-conferences • RSA , Zeronight , Hitcon , cansecwest , CONFidence , HITB , nullcon , recon , syscan ... 51
  52. FAQ: CTF • • Bug Bounty • http://ppt.cc/7xaGu • https://bugcrowd.com/ programs • https://h1.sintheticlabs.com/ 52
  53. FAQ Certification • 53
  54. 54
  55. 55
  56. ... 56
  57. & 57