1, Black Hat
People hacking is illegal purposes, usually for financial gain. They enter the secure network for the destruction, redemption, modify or steal data, or the network can not be used for authorized users. The name comes from the fact that: old-fashioned black and white western movie villain moviegoers easily identified because they wore a black Stetson, but "good" is wearing a white hat.
2, the back door
Hidden in the computer system of the "pipe" to bypass the login and password protection orthodox, making them largely ineffective in terms of data protection.
3, brute-force attack
Hackers on the system every possible password automatically search for highly dense, thereby undermining security and gain access to the computer.
4, Doxing
View its details online, find and release the identity of Internet users. Hacker jargon Daquan
5, gray hat
People perform hacker attacks, but not for personal or financial gain. One example is hacking, as part of a broader political protests carried out, the activists of an organization or official policy point of view is regarded as a curse rather embarrassing or humiliating.
6、IP
Internet protocol address - an identifier or a computer "fingerprint." This device for identifying a person using, or tracked activities which show its position.
7, the recording key
Tracking computer which the user presses the button, so that a hacker can login and password recorded in the system.
8, malware
A computer program designed to control or steal data.
9, phishing
To send them by e-mail appears to be from a real person or organization, repeat someone offers you their personal information, such as passwords, bank account details (eg PIN number) and credit card details.
10, deceit
Changing the real e-mail, it now appears from elsewhere, such as from your bank, and providing false instructions, if followed these instructions will endanger the security of your data.
11, spyware
This is a "malware", it is programmed to go unnoticed on the computer, and the data quietly sent to the hacker.
12, whaling
Phishing for senior management organization, or by a hacker pursuit of economic interests become more involved in political causes. Whaling can be used to collect sensitive personal or extremely embarrassing information, such as salary, bonus, private address, email and phone number.
13, white hat
Hackers their skills for social welfare, or by exposing vulnerabilities in their IT systems help organizations. This is the opposite of a black hat.
14 vulnerabilities
Vulnerability refers to the information system software, hardware or communication protocols defects or improper configuration,
thereby allowing the attacker to access the system in case of destruction or unauthorized, resulting in information systems security risks.
Common loopholes SQL injection vulnerabilities, weak passwords vulnerability, remote command execution vulnerability, permission to bypass vulnerabilities.
15, malicious programs
恶意程序是指在未经授权的情况下,在信息系统中安装、执行以达到不正当目The program.
1.特洛伊木马
特洛伊木马(简称木马)是以盗取用户个人信息、远程控制用户计算机为主要
目的的恶意程序,通常由控制端和被控端组成。由于它像间谍一样潜入用户的计算
机,与战争中的“木马”战术十分相似,因而得名木马。按照功能,木马程序可
进一步分为盗号木马、网银木马、窃密木马、远程控制木马、流量劫持木马
、下载者木马和其他木马7类。
盗号木马是用于窃取用户电子邮箱、网络游戏等账号的木马。
网银木马是用于窃取用户网银、证券等账号的木马。
窃密木马是用于窃取用户主机中敏感文件或数据的木马。
远程控制木马是以不正当手段获得主机管理员权限,并能够通过网络操控用户主机的木马。
流量劫持木马是用于劫持用户网络浏览的流量到攻击者指定站点的木马。
下载者木马是用于下载更多恶意代码到用户主机并运行,以进一步操控用户主机的木马。
2.僵尸程序
僵尸程序是用于构建大规模攻击平台的恶意程序。按照使用的通信协议,僵尸程
序可进一步分为IRC僵尸程序、HTTP僵尸程序、P2P僵尸程序和其他僵尸程序4类。
3.蠕虫
蠕虫是指能自我复制和广泛传播,以占用系统和网络资源为主要目的的恶意程
序。按照传播途径,蠕虫可进一步分为邮件蠕虫、即时消息蠕虫、U盘蠕虫、漏洞
利用蠕虫和其他蠕虫5类。
4.病毒
病毒是通过感染计算机文件进行传播,以破坏或篡改用户数据,影响信息系统
正常运行为主要目的的恶意程序。
5.勒索软件
勒索软件是黑客用来劫持用户资产或资源并以此为条件向用户勒索钱财的一种
恶意软件。勒索软件通常会将用户数据或用户设备进行加密操作或更改配置,使之
不可用,然后向用户发出勒索通知,要求用户支付费用以获得解密密码或者获得恢
复系统正常运行的方法。
6.移动互联网恶意程序
移动互联网恶意程序是指在用户不知情或未授权的情况下,在移动终端系统中
安装、运行以达到不正当的目的,或具有违反国家相关法律法规行为的可执行文
件、程序模块或程序片段。按照行为属性分类,移动互联网恶意程序包括恶意扣
费、信息窃取、远程控制、恶意传播、资费消耗、系统破坏、诱骗欺诈和流氓行为
8种类型。
7.其他
上述分类未包含的其他恶意程序。
The main purpose of the classification by malicious programs
With the development of the hacker underground industry chain, the emergence of a number of malicious programs on the Internet also has the above classification
of multiple functional attributes and technical characteristics, and continue to develop. In this regard, we will follow the malicious programs main purposes
are classified with reference to the above definition.
1.僵尸网络
僵尸网络是被黑客集中控制的计算机群,其核心特点是黑客能够通过一对多的
命令与控制信道操纵感染木马或僵尸程序的主机执行相同的恶意行为,如可同时对
某目标网站进行分布式拒绝服务攻击,或发送大量的垃圾邮件等。
2.拒绝服务攻击
拒绝服务攻击是向某一目标信息系统发送密集的攻击包,或执行特定攻击操
作,以期致使目标系统停止提供服务。
3.网页篡改
网页篡改是恶意破坏或更改网页内容,使网站无法正常工作或出现黑客插入的
非正常网页内容。
4.网页仿冒
网页仿冒是通过构造与某一目标网站高度相似的页面诱骗用户的攻击方式。钓
鱼网站是网页仿冒的一种常见形式,常以垃圾邮件、即时聊天、手机短信或网页虚
假广告等方式传播,用户访问钓鱼网站后可能泄露账号、密码等个人隐私。
5.网站后门
网站后门事件是指黑客在网站的特定目录中上传远程控制页面,从而能够通过
该页面秘密远程控制网站服务器的攻击形式。
6.垃圾邮件
垃圾邮件是指未经用户许可(与用户无关)就强行发送到用户邮箱中的电子邮
件。
7.域名劫持
域名劫持是通过拦截域名解析请求或篡改域名服务器上的数据,使得用户在访
问相关域名时返回虚假IP地址或使用户的请求失败。
8.路由劫持
路由劫持是通过欺骗方式更改路由信息,导致用户无法访问正确的目标,或导
致用户的访问流量绕行黑客设定的路径,达到不正当的目的。
16 difference, viruses and Trojans
病毒:
平时一般我们所说的病毒,指的是感染型病毒,是编制者在计算机程序中插入的破坏计算机功能或者数据的代码,能影响计算机使用,能自我复制的一组计算机指令或者程序代码。其具有传播性、隐蔽性、感染性、潜伏性、可激发性、表现性或破坏性。
一般病毒的生命周期:开发期→传染期→潜伏期→发作期→发现期→消化期→消亡期。与生物病毒有很多的相似的地方,比如说自我繁殖、互相传染以及激活再生等生物病毒特征等等。
木马:
木马病毒源自古希腊特洛伊战争中著名的“木马计”而得名,这里可自行百度,一个很有趣的故事。木马病毒一般通过电子邮件附件发出,捆绑在其他的程序中,通过特定的程序(木马程序)来控制另一台计算机,通常有两个可执行程序:一个是控制端,另一个是被控制端。“木马”程序与一般的病毒不同,它不会自我繁殖,也并不“刻意”地去感染其他文件,它会修改注册表、驻留内存、在系统中安装后门程序、开机加载附带的木马。
木马病毒的发作要在用户的机器里运行客户端程序,一旦发作,就可设置后门,定时地发送该用户的隐私到木马程序指定的地址,一般同时内置可进入该用户电脑的端口,并可任意控制此计算机,进行文件删除、拷贝、改密码等非法操作。
画个重点,说说二者的区别:
1、 病毒会传染,而木马不会传染;
2、 病毒入侵电脑后会有感觉,而木马不会,主要原因是便其开展后续“工作”;
3、 病毒主要是以“破坏”著称,而木马主要是用来盗取用户信息。
说到这里,再补充一下蠕虫病毒方面的知识。与木马病毒有本质区别的是,蠕虫病毒是一种能够利用系统漏洞通过网络进行自我传播的恶意程序,它不需要附着在其他程序上,而是独立存在的。当形成规模、传播速度过快时会极大地消耗网络资源导致大面积网络拥塞甚至瘫痪,这可要比木马病毒恐怖多的多。17, honeypot
(1) is an attack on parties honeypot technology is essentially spoofing technology, through a number of hosts as a decoy arrangement, network services or information, the attacker to induce them to attack, allowing for aggressive behavior capture and analysis to understand the tools and methods used by the attacker, presumably attacking intent and motive, the defender can make a clear understanding of the security threats they are facing, and to earn the actual security system through technology and management tools ability.
(2) honeypot is like intelligence gathering systems, honeypots as if people deliberately targeted attacks, lure hackers to come to attack, an attacker such as before and after, you can know how the attacker succeed, keep abreast of the latest server launched attacks and vulnerabilities, but also through a variety of tools tapping contacts between the phone hacking by hackers, and master their social network
18, Dark Web
互联网由三层网络组成
表示层网
深网
暗网How to access to the darknet
LAN -> (surface mesh) presentation layer network -> Deep Web -> darknet
表层网就是可以访问到的常用网站例如:百度,腾讯视频等…
想访问到暗网还是比较困难的!Dark Web is a subset of the Deep Web
(1) 暗网和深网不能混为一起,互联网百分之90都来自于深网
(2)深网:不能被搜索引擎搜索到,只能通过特殊软件可以访问到!
例如:qq/微信等聊天工具就可以称作为深网,不能被搜索引擎所搜到
(3) 暗网是深网的一个子集(分支),不能直接访问,需要特定的浏览器才可以,它的域名形式都是以.onion作为后缀- the difference between deep and dark mesh network
(1) darknet American invention, that is, between the role of a spy anonymously in the dark network to exchange information and other tasks ...
(2) there are many dark net sale of stolen data information, and a variety of public information.
19, free to kill
to avoid killing is killing escaped scanning antivirus software, the antivirus software as decoration, in addition to avoid killing technology to bring us more, will be a leap in growth and technology ideas.
20, APT attack
APT (advanced Persistent Threat) refers to the advanced persistent threat, is supplied in the form of long-term sustainability of cyber attacks on specific targets using advanced means of attack.
(1)中国是APT攻击的主要受害国
(2)APT攻击一般是一个国家/一个集团来支撑团队攻击窃取科研成果和资料
(3)一旦被APT攻击盯上以后会很难以逃脱.21 Exploit / POC
Exploit (Exploits)
Exploit/Exp的英文意思就是利用,它在黑客眼里就是漏洞利用.有漏洞不一定就有Exploit(利用),有Exploit就肯定有漏洞POC (proof of vulnerability)
概念验证(英语:proof of concept:简称POC)是对某些想法的一个较短而不完整的实现,以证明其可行性,拾饭其原理,其目的是为了验证一些概念或理论,概念验证通常被认为是一个有里程碑意义的实现的原型.
简述:证明程序有漏洞,但是没法利用这个漏洞
22, the network penetration
什么是内网渗透?
为什么要内网渗透?
内网渗透就是换了一个环境做渗透
有些重要数据/资料/代码会放到内网服务器或者公司内部开发人员电脑里,所以需要内网扫描/渗透,
内网渗透需要更多的随机性和突破口,情况较为复杂.
涉及到的知识很广,攻击手法也很多
23, social psychology,
computer science, social engineering is through legal means to communicate with others, be it psychological affected, said the way to make certain actions or confidential information, which is generally considered for cheat others to gather information / fraud and acts of invasion of the computer system, in the Anglo-American common law system, this behavior is generally considered to be infringing privacy!
Social workers library
社工库
(1)社会工程学里面的的一个工具,把泄露或渗透拿到的数据整合到社工库中,搜索查询使用,
(2)复杂的社工库可以做到利用渗透或者泄露出来的数据整合在一起,从而查询出某人使用的手机号/开房记录/各种密码等…
24, Google hacking
Google hacking (Google hacking) is to use a search engine such as Google to locate a security risk and easy point of attack on the Internet
are generally on the Web two kinds of easy to find and easy type of attack:
(1) software vulnerabilities
(2) Error configuration
although there are some experienced intruder goal is to aim a special system, while trying to find loopholes allow them to enter, but most of the invaders starting from specific software vulnerabilities or misconfigurations which ordinary users from the beginning, in these configurations, they already know how to invade and attempt to discover or preliminary scanning systems have this kind of vulnerability, Google for the first attackers rarely use, but for the second attacker then played an important role !
Google hacking learning links, played a role in the penetration of information collected!
25, Tuoku
Tuoku homonym corresponds off the library
off the library means: access to the database refers to the site through illegal means, membership information, or the information they need
simply to understand each other is to download information database!
26, put right
after the upgrade to get webshell from the ordinary user administrator privileges!
27,0 (zero) day attack
0day attack, a kind of computer software attacks
(1) in the computer field, zero-day vulnerabilities and zero-day vulnerabilities (English: zero-day exploit / zero- day / 0day) usually it refers to no patch security vulnerabilities,
通过自己挖掘出来的漏洞且还没有公布的称为0day
(2) and zero-day or zero-day attacks (English: zero-day attack) it refers to attacks that exploit this vulnerability, providing the details of the vulnerability or take advantage of the program usually is the discoverer of the vulnerability,
zero-day vulnerability the use of the program has a huge threat to network security, and therefore zero-day vulnerability is not only a favorite of hackers, grasp how many zero-day vulnerability is also known as an important parameter to evaluate the technical level of a hacker!
28, / C segment next to the station
next to the station
目标站点所在服务器上其他网站,再想办法跨到真正目标站点目录中
C section
网段中的任意一台机器,只要子网相同就有可能嗅探到账号密码