The term penetration test
poc critical vulnerability exists whether the code
exp exploits
webshell shell back door under the web
shell and interact with the system channel tools
Reverse the victim to the attacker
Forward attacker to the victim
Mention the right to
increase the right early in the server, to enhance the vulnerability by webshell rights
getshell acquisition process of shell
0day not flawed vulnerability
1day has been disclosed vulnerabilities
nday the n-ago vulnerabilities
DDos Denial of Service (DDoS cc attack web layer)
WEF Web application firewall
scan scan
shellcode binary code used by a buffer overflow
cve global vulnerability numbers
cvss availability, confidentiality, integrity
Universal vulnerabilities universality, large-scale, wide-ranging implications
Springboard (proxy) for camouflage themselves into the network proxy
Production network core business, there are real business online network
Network test network test systems business
Tunnel network privacy channels, stability,
cdn deployed around the edge server, load balancing through the center of the platform, content distribution, scheduling and other functional modules
idc data center, computer room
ips intrusion prevention system
idp Intrusion Detection
Situational awareness monitor traffic services, etc., found Intrusion Detection
Honeypots to lure attackers
Vulnerabilities Range Vulnerability environment
Social engineering to personal information collected guess, to associate, to create a password dictionary. Interpersonal communication
Fishing fake text messages, e-mail, micro letter, qq
Spear phishing internal relations targeted angling
Remote control service, the client
AV anti-virus software
icmp network diagnostic tool