Recently, room booking records of Huazhu's hotels were leaked, and the leaked data involved 130 million users. For a time, how to protect users' information security became the focus of social discussion.
Do you remember that two years ago, a photo of Zuckerberg on Facebook attracted the attention of netizens around the world. Zuckerberg used tape to cover the camera and microphone of his computer to prevent information leakage.
With the large-scale popularization of smart devices and the Internet, users and enterprises are increasingly exposed to cyberattack risks and frequency.
According to research data from RiskIQ, an American network security company, 1.5 organizations around the world are currently attacked by ransomware every minute, and the average loss for enterprises is US$15,221. To describe the seriousness of hacking behavior in terms of one minute on the Internet, data shows that cybercrime can cause losses of US$1,138,888 in one minute.
In daily life, computers, mobile phones, smart home appliances and other products are vulnerable to various forms of attacks, causing digital asset losses and data leaks.
Nowadays, data leakage is difficult to prevent, and modern hackers can attack networks and steal data from all kinds of unexpected places.
1. Use the microphone to monitor the content of the mobile phone screen
Ultrasonic tracking technology can push various location services to users' smartphones, but unregulated ultrasonic technology may become a very big security risk.
At this year's Crypto 2018 conference, a research team discovered that by listening and analyzing the ultrasonic waves emitted by an LCD monitor, and using machine learning technology to analyze these sounds, the content of the monitor screen can be accurately interpreted.
For some zebra patterns and websites, the researchers had a 90-100% success rate.
The researchers also found that both webcams and smartphone microphones could be exploited to pick up the sound emitted by the screen and thus spy on the user's smartphone.
2. Use fish tank thermometer to steal casino database
As more and more connected devices become available, these devices have become an important way for hackers to invade corporate networks, especially small devices that are easily overlooked.
Cybersecurity company Darktrace once analyzed a hacking incident in which a hacker entered the casino network through a connected thermometer in a casino's aquarium and transferred an important database to the cloud.
3. Use sound to destroy mechanical hard drives
In September 2016, Romania's ING Bank conducted a fire extinguishing test at its Bucharest data center. The loud noise caused by the inert gas released during the test caused serious damage to dozens of hard drives and interrupted bank services for 10 hours.
At the 39th IEEE Security/Privacy Symposium, researchers from the Michigan and Zhejiang University teams discovered that sound attacks can cause mechanical hard drives to fail. At the scene, researchers used an adapted Katy Perry song to cause a Windows 10 laptop to directly blue screen, prompting a hard drive error.
4. Use the sound of computer fans to steal data
A research team from the Cyber Security Research Center of Ben-Gurion University in Israel discovered that data can be stolen by using the sound of computer cooling fans.
The research team developed a malware called "Fansmitter". Based on the principle that data is a combination of 0 and 1, after infecting a computer, it will control the fan speed so that it works at two different speeds, corresponding to the binary " 1", "0", thereby stealing computer data.
This attack method can be applied to systems that do not have sound hardware or speakers installed, such as servers, printers, IoT devices, and industrial control systems.
5. Stealing data through computer cooling
A computer that is not connected to the Internet at all is considered a relatively safe computer, but hackers can remotely read the data in the computer by dissipating heat from the computer without plugging in any physical devices.
A team of researchers at the Cybersecurity Research Center of Ben-Gurion University in Israel has discovered that it is possible to read the heat emitted by computer processors from air-gapping computers (air-gapping, a system that uses specialized hardware to connect two or more computers to each other). technology to achieve secure data transmission and resource sharing when the network is disconnected) to obtain data.
6. Send a fax to invade the network
Although fax machines are no longer that popular, and fax machines have been designed as all-in-one printer and fax machines that are connected to the office network. But there are still 300 million fax numbers and 45 million fax machines in use around the world, and faxing is still very popular in some business areas.
The Check Point malware research team discovered that all it takes is a fax number to send an image file containing malicious information via fax. Once the image file is received by the fax machine, the image is decoded and uploaded to the fax machine's memory, using the communication protocol Two serious remote code execution (RCE) vulnerabilities in the system can penetrate corporate or home networks.
7. The brightness of smart light bulbs can leak data
Recently, researchers at the University of Texas at San Antonio proposed a new technology that analyzes the brightness and color of smart light bulbs from a distance to obtain user data.
When users listen to music or watch videos in a room with smart light bulbs, the brightness and color of the linked smart light bulbs will change slightly as the sound level changes. The visible light and infrared spectrum emitted by the smart light bulbs can be captured by the device and processed decoding.
Through experiments, it was found that as the distance becomes farther, the quality of the analyzed image also becomes worse, but effective information can still be obtained at a distance of 50 meters.
8. Monitor cell phone by sound
In March 2017, researchers from the University of Michigan and the University of South Carolina discovered that sound waves could be used to hack into smartphones.
Researchers have discovered that using sound waves of a specific frequency can cause the accelerometer (a sensor) on a mobile phone to resonate, allowing it to receive incorrect information and thereby control the mobile phone system. Korean researchers have used similar methods to hack into drones.
In short, while the Internet is developing rapidly, we can never slack off on the network security issues that accompany it. Always stay vigilant, strengthen protective measures, and adhere to good usage habits. Nothing is missing.
Technology itself is not evil, only the misuse of technology can lead to evil!
If you also want to become a hacker, I would like to share with you some good information that I have compiled to give you a comprehensive introduction to the basic theories of network security, including reverse engineering, eight-layer network defense, assembly language, white hat web security, cryptography, and network security. Protocols, etc., closely combines basic theory with the application practice of mainstream tools, which is helpful for readers to understand the implementation mechanisms behind various mainstream tools.
I hope it can provide practical help to friends who want to learn hacking and get started with network security. The explanations are easy to understand, humorous, and the style is fresh and lively, making learning easy and enjoyable!
①Network security learning route
②20 penetration testing e-books
③Security attack and defense 357 pages of notes
④50 Security Offense and Defense Interview Guide
⑤Security Red Team Penetration Tool Kit
⑥Essential Network Security Books
⑦100 Vulnerability Practical Cases
⑧Internal video resources of major safety manufacturers
⑨Analysis of past CTF capture the flag competition questions
There is a lot of knowledge about network security. How to arrange it scientifically and reasonably?
The following is a summary of a set of learning routes suitable for zero-level network security. It is suitable for fresh graduates and career changers. After learning, the minimum is 6k! Even if you have poor foundation, if you can take advantage of the good development momentum of network security and continue to learn, it is not impossible to find a job in a big company and get a million-dollar annual salary!
Junior network engineer
1. Network security theoretical knowledge (2 days)
① Understand the relevant background and prospects of the industry, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operations.
④Introduction to the MLPS, regulations, processes and specifications for the MLPS. (very important)
2. Penetration testing basics (one week)
①Process, classification and standards of penetration testing
②Information collection technology: active/passive information collection, Nmap tool, Google Hacking
③Vulnerabilities Scanning, vulnerability exploitation, principles, utilization methods, tools (MSF), bypassing IDS and anti-virus reconnaissance
④Host attack and defense drills: MS17-010, MS08-067, MS10-046, MS12- 20 etc.
3. Operating system basics (one week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (basic of system intrusion detection/system reinforcement)< /span>
4. Computer network basics (one week)
①Computer network foundation, protocols and architecture
②Network communication principles, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP /IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/passive attack, DDOS attack, CVE vulnerability recovery Now
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (Chop Knife, Miss Scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the standard protection module well, you can also work as a standard protection engineer. Salary range 6k-15k
So far, about 1 month. You've become a "script kiddie." So do you still want to explore further?
【Receive "Script Kid" growth and advanced resources】
7. Script programming (beginner/intermediate/advanced)
In the field of network security. Having programming skills is the essential difference between "script kiddies" and real hackers. In the actual penetration testing process, in the face of complex and changeable network environments, when commonly used tools cannot meet actual needs, it is often necessary to expand existing tools, or write tools and automated scripts that meet our requirements. At this time, Requires certain programming skills. In the CTF competition where every second counts, if you want to effectively use homemade script tools to achieve various purposes, you need to have programming skills.
For beginners, it is recommended to choose one of the scripting languages Python/PHP/Go/Java and learn to program common libraries; build a development environment and choose an IDE. Wamp and XAMPP are recommended for PHP environments, and Sublime is highly recommended for IDEs; ·Learn Python programming , the learning content includes: grammar, regularity, files, networks, multi-threading and other common libraries. We recommend "Python Core Programming", don't read it all; · Use Python to write exploits for vulnerabilities, and then write a simple web crawler; · PHP basic syntax Learn and write a simple blog system; Be familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional); ·Understand Bootstrap layout or CSS.
8. Super Internet worker
This part of the content is still relatively far away for students with no basic knowledge, so I will not go into details and post a general route. If you are interested in children's shoes, you can research it. If you don't know the place, you can [click here] to join me and learn and communicate with me.
Network Security Engineer Enterprise Level Learning Route
If the picture is too large and has been compressed by the platform and cannot be seen clearly, you can[Click here]Add me and send it to you, everyone You can also study and communicate together.
Some video tutorials that I bought myself and cannot be found on other platforms:
If necessary, you can scan the card below and I will send it to you (all are shared for free). You can also learn and communicate together.
Conclusion
The network security industry is like a river and lake, where people of all colors gather. Compared with many well-known and decent people in European and American countries who have a solid foundation (understand encryption, know how to protect, can dig holes, and are good at engineering), our country's talents are more of a heretic (many white hats may be unconvinced), so in the future talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system construction" that combines "business" with "data" and "automation". Only in this way can we quench the thirst for talents and truly provide comprehensive services to society. The Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this book is by no means to provide technical support to those with bad intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this book is to awaken everyone's attention to network security to the greatest extent, and to take corresponding security measures, thereby reducing the economic losses caused by network security! ! !