20,199,101 2019-2020-2 "network attack and defense practice," the first week of operation

Others 2020-03-01 01:18:43 views: null

20,199,101 2019-2020-2 "network attack and defense practice," the first week of operation

1. knowledge carding and summary

Through the study of the first chapter, I will probably divided into four parts to sort and summarize.

  • Network Attack actual cases (with Dasher worm for example)
  • Hackers, hacker Road and stick to the original meaning
  • Basic introduction to network attack and defense technology
  • Physical attacks and social engineering

Network Attack actual cases (with Dasher worm for example)

Dasher is a worm outbreak began in 2005 December 15 famous on the Internet worm cases. Its main mechanism of infection

  • First of all compromised machines external source of infection through TCP MSDTC service vulnerability port
  • Then injected shellcode, and acquiring a download instruction FTP server location
  • From an FTP server to download Dasher worm samples of the virus to the host and activate
  • Further spread of the external scan

Hackers, hacker Road and stick to the original meaning

Hacker (hacker) This refers to the group who love computers (hereinafter also derived for other industries), who contributed to solve computer problems and its development, is intended to face challenges and create technology to solve their problems. Hacker (cracker) for illegal benefits to crack the safe operation of regular people. I would like to explain to the majority of people are able to. Distinguish hacker or hackers is not a basis for his name, or at least become a hacker what you should have? I do not want to use too much morality to restrain a person, but attach a Buddhist Poems, it is my personal favorite.

To follow the path
Look to the master
Follow the master
walk with the master
see through the master
become the master

We hope everyone can become a good Hacker! ! !
We hope everyone can become a good Hacker! ! !
We hope everyone can become a good Hacker! ! !

Hacker Road (Hackerdom) refers to the exploration of the spiritual dimension of hackers. It is divided into several age

  • Prehistoric times , rely mainly on machine language, assembly language becomes a man
  • Ancient times widely used, ITS operating system
  • Late Antiquity era , UNIX and C language loyal fans
  • Modern history , with popular Linux-based open source, while this period is booming computer age, many established Internet business lifted the super company
  • Modern history to Morris worm appears as a symbol, marking the development of computer technology and security of both age

Basic introduction to network attack and defense technology

The network is divided into offensive and defensive systems security attack and defense, network security attack and defense, physical attacks and social engineering in three parts.

  • System security is a core component of the offensive and defensive network security attack and defense. Mainly the use of source code review, reverse engineering, Fuzz testing and other methods, mining system vulnerabilities.
  • Network security attack and defense is the use of loopholes in the network protocol design time. Typical applications such as HTTP transport layer plaintext, Padding-Oracle attacks, IP source address spoofing, TCP session hijacking.
  • Physical attacks and social engineering is the use of human weakness and inability to attack hardware, etc., does not contain too much technology. Will use the example of social engineering is completed in the next section describes specific social engineering, as well as after-school job.

Physical attacks and social engineering

Sometimes physical attacks and social engineering in the network attack and defense is essential in. Physical attack occurs when an attacker to bypass physical security protection system, to enter the premises or equipment within the protected resource. When we need to get into a company's internal network, many times we have to take the form of physical attacks and tricky combination of social engineering. Social engineering attack positioning is very clear --- people. Who is also the whole system is not the most reliable place , an art or science of social engineering is the use of human weaknesses and achieve the desired behavior. We should have is how to prevent social engineering attacks.

2. The problems and solutions encountered in the study

For the knowledge of the first chapter, there is no big problem. Liberal understanding of network attack and defense of this course.

3. Learn sentiment, thinking

  • No one system is safe. This is also contrary to tell those hackers, your attack is not necessarily seamless. Yes, there are many people in this world for the benefit of doing something shady. But I believe that more people should uphold the idea of a real hacker - just for love, not for the benefit .
  • Social engineering is very important not only on the network attack and defense, and he is a real art.

4. homework

4.1 movie "Who am I, there is no absolute security system" Feedback

  1. The film mainly in flashback mode to Benjamin as Intelligence Agency surrender began, described the hacker organization CLAY series of actions, including for fun deliberately put a malicious video, in order to attack poor public pharmacies, never self-serving from the beginning and in order to prove to attack MRX own story of Criminal Investigation and Intelligence Bureau. However, the outcome is reversed, Benjamin use of social engineering makes the whole CLAY organization qualified for witness protection.
  2. First of all I am very interested in this movie where that flexible application of social engineering. The internal mixing system to Benjamin, lost wallet to the ground, in a canteen deployed public network. This is his use of social engineering to fear of domestic violence, to win the sympathy of security, thereby successfully enter.

Social engineering 1

  1. Of course, for the best use of social engineering is the subject of the film is a social engineering, from the beginning of the drama of Benjamin into the intelligence agency is a scam began. His flexible so that women own investigators found himself having multiple personalities, did not in fact, to gain sympathy female investigator. As shown in Figure eventually they made the trust of female investigators, the success of his team and himself into the witness protection program.

Social Engineering 2

  1. As a hacker movie, the film included some technical means, such as internal staff find mailbox Intelligence Agency, which issued to the content they are interested in fishing links, causing them to leak information.

Fishing 1
Fishing 2

After obtaining this information, they take the initiative to enter the intelligence agency building, break their systems.

Break

In fact, hackers, network technology is nothing more than a magician, magician's tools are those magic props, and hacker tools are complicated and those simple code! The film's ending is Hannah Benjamin in the car and play with that magic, originally four sugar cube, the results become one, it appears to be turned into one, in fact, has always been four, but the other three just do not see stars in her place. It is probably the intricacies of this world, as if each of us is a magician. Novelist writing a magician, a magician photographer picture, video post-production is a magician. In fact, just as there is no absolute security systems, there is no absolutely not fool people. Each system has loopholes, everyone has weaknesses.
May every one且行且珍惜!

### social engineering practice

Note: As it relates to the privacy of students, here inconvenience shots, illustrate only some of the process

  • First, I accidentally found a junior high school students visiting the space of such a talk

The end ah when the epidemic seems to go out looking for work ah ~

  • And then find a job as an opportunity, and I started to talk with students
  • Students learned years ago to resign, the current home Daigong
  • Students a high school education, currently I do not know much about, so I said I work in the insurance industry, we recommended him to do sales
  • I sent him a policy a few Pacific Insurance Company Introduction
  • Then suggested I help him entry, two people have to get 500 bonus
  • Then I find the Internet a personal information form, and add the information related to the insurance company and the Pacific
  • At this point, I managed to get all the personal information of students.

He stressed: After I did not get a closer look, then deleted. And tell the whole story of what the students, in order to compensate him, still owes a meal. You figure it out! ! !

Reference material

Guess you like

Origin www.cnblogs.com/charlesxie/p/12387543.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com