Successfully reported this slideshow.

窺探職場上所需之資安專業技術與能力 Tdohconf

26

Share

Loading in …3
×
1 of 57
1 of 57

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

窺探職場上所需之資安專業技術與能力 Tdohconf

  1. 1. Jack 1
  2. 2. ... • • • • • 2
  3. 3. Agenda • Whoami • • & • • • FAQ 3
  4. 4. 4
  5. 5. ( ) • TCP/IP • OWASP 5
  6. 6. -VA & WEBVA • OWASP • Vulnerability Assessment • ..... • 6
  7. 7. Exploit Development • http://securityalley.blogspot.tw/2014/06/buffer-overflow-windows.html ( EXPLOIT ) • https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/ (CORELAN ) • http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/ ( EXPLOIT ) • https://github.com/enddo/awesome-windows-exploitation • https://github.com/riusksk/vul_war 7
  8. 8. 8
  9. 9. 9
  10. 10. - / • • 10
  11. 11. - • • • AD • • • 11
  12. 12. ( ) • WEBPT • IR • Coding • Certification 12
  13. 13. - • OWASP Testing Guide • Open Source Security Testing Methodology Manual (OSSTMM) • • 13
  14. 14. Web Application Hacker’s Methodology 14
  15. 15. SQLMAP • ..... • 1 • 2 code • 3 code 15
  16. 16. -1 • https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project • http://drops.wooyun.org/( ....) • http://www.freebuf.com/ • https://www.91ri.org/ • https://support.portswigger.net/customer/portal/topics/792273-burp-testing- methodologies/articles?page=1 • https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/ 16
  17. 17. 17
  18. 18. - • ERS? (WHAT) • ? (WHO) • ? (WHERE) 
 • ? (HOW) • 18
  19. 19. ATTACK LIFECYCLE ..... 19
  20. 20. - • 20
  21. 21. IR Toolkit • 21
  22. 22. - • • • • 22
  23. 23. • Hash ( ) • (.NET JAVA ) • Import ( • Strings • Tools Installed on REMnux • Reverse-Engineering Wiki 23
  24. 24. • F5 ( • • ( ?) 24
  25. 25. • .... • • —— 25
  26. 26. 26
  27. 27. • Anti VM • Anti OD • Anti Forensic • Anti XXX …… • • ANTI TECH github 27
  28. 28. • • 28
  29. 29. • http://bbs.pediy.com/ ( ) • http://www.52pojie.cn/forum.php ( ) • http://adr.horse/ ( ) • https://github.com/gasgas4/APT_CyberCriminal_Campagin ( ) • http://blog.malwaremustdie.org/ • http://www.malware-traffic-analysis.net/ 29
  30. 30. 30
  31. 31. Malware Source / Code • https://github.com/gasgas4/Leaked_Malware_SourceCode • https://github.com/ytisf/theZoo • https://github.com/krmaxwell/maltrieve 31
  32. 32. - • • • • • 32
  33. 33. • • • ?! • • 33
  34. 34. 34
  35. 35. 35
  36. 36. 36
  37. 37. IDA OD ... 37
  38. 38. Google Drive • OAuth 38
  39. 39. DropBox • token 39
  40. 40. 40
  41. 41. XX •A B •B C D E • ... 41
  42. 42. XXX • • • 42
  43. 43. 43
  44. 44. ( ! 44
  45. 45. • Office • 45
  46. 46. ... 46
  47. 47. • 47
  48. 48. ! ! ! 48
  49. 49. ! ! !
 49
  50. 50. 50
  51. 51. • https://github.com/hackedteam?tab=repositories ( HACKING TEAM) • https://www.blackhat.com/html/archives.html • https://www.defcon.org/html/links/dc-archives.html • https://github.com/RichardLitt/awesome-conferences • RSA , Zeronight , Hitcon , cansecwest , CONFidence , HITB , nullcon , recon , syscan ... 51
  52. 52. FAQ: CTF • • Bug Bounty • http://ppt.cc/7xaGu • https://bugcrowd.com/ programs • https://h1.sintheticlabs.com/ 52
  53. 53. FAQ Certification • 53
  54. 54. 54
  55. 55. 55
  56. 56. ... 56
  57. 57. & 57

×