This document contains an agenda for a presentation that includes topics such as exploit development, web application hacking methodology, SQLMap, vulnerability assessment, malware analysis, reverse engineering, and cybersecurity conferences. It also addresses frequently asked questions about capture the flag events, bug bounty programs, and security certifications. Resources like exploit code examples, tool documentation, hacking forums, and malware repositories are listed.

1. Jack
1

2. ...
•
•
•
•
•
2

3. Agenda
• Whoami
•
• &
•
•
• FAQ
3

4. 4

5. ( )
• TCP/IP
• OWASP
5

6. -VA & WEBVA
• OWASP
• Vulnerability
Assessment
• .....
•
6

7. Exploit Development
• http://securityalley.blogspot.tw/2014/06/buffer-overflow-windows.html (
EXPLOIT )
• https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/
(CORELAN )
• http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/ (
EXPLOIT )
• https://github.com/enddo/awesome-windows-exploitation
• https://github.com/riusksk/vul_war
7

8. 8

9. 9

10. - /
•
•
10

11. -
•
•
• AD
•
•
•
11

12. ( )
• WEBPT
• IR
• Coding
• Certification
12

13. -
• OWASP Testing Guide
• Open Source Security
Testing Methodology
Manual (OSSTMM)
•
•
13

14. Web Application Hacker’s Methodology
14

15. SQLMAP
• .....
• 1
• 2 code
• 3 code
15

16. -1
• https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
• http://drops.wooyun.org/( ....)
• http://www.freebuf.com/
• https://www.91ri.org/
• https://support.portswigger.net/customer/portal/topics/792273-burp-testing-
methodologies/articles?page=1
• https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/
16

17. 17

18. -
• ERS? (WHAT)
• ? (WHO)
• ? (WHERE)
• ? (HOW)
•
18

19. ATTACK LIFECYCLE
.....
19

20. -
•
20

21. IR Toolkit
•
21

22. -
•
•
•
•
22

23. • Hash ( )
• (.NET JAVA
)
• Import (
• Strings
• Tools Installed on REMnux
• Reverse-Engineering Wiki
23

24. • F5 (
•
• ( ?)
24

25. • ....
•
• ——
25

26. 26

27. • Anti VM
• Anti OD
• Anti Forensic
• Anti XXX ……
•
• ANTI TECH github
27

28. •
•
28

29. • http://bbs.pediy.com/ ( )
• http://www.52pojie.cn/forum.php ( )
• http://adr.horse/ ( )
• https://github.com/gasgas4/APT_CyberCriminal_Campagin (
)
• http://blog.malwaremustdie.org/
• http://www.malware-traffic-analysis.net/
29

30. 30

31. Malware Source / Code
• https://github.com/gasgas4/Leaked_Malware_SourceCode
• https://github.com/ytisf/theZoo
• https://github.com/krmaxwell/maltrieve
31

32. -
•
•
•
•
•
32

33. •
•
• ?!
•
•
33

34. 34

35. 35

36. 36

37. IDA
OD
...
37

38. Google Drive
• OAuth
38

39. DropBox
• token
39

40. 40

41. XX
•A B
•B C D E
• ...
41

42. XXX
•
•
•
42

43. 43

44. ( !
44

45. • Office
•
45

46. ...
46

47. •
47

48. ! ! !
48

49. ! ! !
49

50. 50

51. • https://github.com/hackedteam?tab=repositories ( HACKING
TEAM)
• https://www.blackhat.com/html/archives.html
• https://www.defcon.org/html/links/dc-archives.html
• https://github.com/RichardLitt/awesome-conferences
• RSA , Zeronight , Hitcon , cansecwest , CONFidence , HITB ,
nullcon , recon , syscan ...
51

52. FAQ: CTF
•
• Bug Bounty
• http://ppt.cc/7xaGu
• https://bugcrowd.com/
programs
• https://h1.sintheticlabs.com/
52

53. FAQ Certification
•
53

54. 54

55. 55

56. ...
56

57. &
57