20,199,324 2019-2020-2 "network attack and defense practice," the first week of operation

Others 2020-03-01 14:14:36 views: null

Job Description

This work belongs Course : Course Link

Where this requirement in the job : the job requirements link

In the course of my goal is : There is a general understanding of network attack and defense technology

In particular aspects of the job which helped me to achieve goals : network attack and defense technology overview study, study after lay some basic

Text of the job

1. knowledge carding and summary

The first chapter network attack and defense technology Overview

Dasher worm attack step

  • First, an external source of infection MS05-051 compromised machines through TCP MSDTC service vulnerability 1025 port;
  • After performing connection control command injection shellcode server, location server and the FTP download instruction;
  • From an FTP server to download Dasher worm samples to the host;
  • The virus is activated on the host;
  • Foreign scanning further spread.

Hackers Hacking Road

  • Real classic hacker or hackers, a person sincerely interested in any operating system mysterious and profound work, usually programmers.
  • Hacker: refers to a malicious attacker, those who forced their way into the terminal system or interfering with some malicious purpose terminal system integrity.
  • Hacker Road (Hackerdom) is to explore the more spiritual level.

Network attack and defense technology introduced

  • The network is divided into offensive and defensive systems security attack and defense , network security attack and defense , physical attacks and social engineering in three parts.
    • System security attack and defense: a core component of network security attack and defense, is the underlying software program security vulnerabilities.
    • Network security attack and defense: the use of safety defects or unsafe network protocols exist at design time.
    • Physical attacks and social engineering: mainly the physical environment in which the use of information systems, hardware, and people involved in the use of existing security vulnerabilities, intrusion by physical or interpersonal communication, to attack targets of attack information systems.

Physical attacks and social engineering

  • Physical attacks : an attacker through a variety of technical means to circumvent physical security protection system, to enter the premises within the facility or facilities protected resource, taking or destruction of protected information attack information systems physical media. Usually requires the attacker to actually invade a protected physical space, there are significant risks and challenges.
    • Violent: mainly rely on armed men equipped with weapons and carry out the destruction of physical security protection system through destructive means, then enter a protected area in contact with the target, the purpose of acquiring or damage.
    • Skill-based: the perfect combination of human intelligence and action force, without touch security alarms, access or destruction of confidential information.
  • Social engineering : that is, by way of natural, social and institutional use people's psychological weaknesses (such as the human instinct, curiosity, trust, greed) and the rules loopholes in the system, the attacker and the attacker establish a trust relationship between the gain valuable information, and ultimately access to some sensitive data and privacy data without the user's authorization by the path.

2. Homework

(1) hacker movie appreciation, write a film review published on a personal blog, or social engineering or physical attacks to intercept fragments from the film and television work, which explain the use of the means of attack, to be specific comments.

"Who am I: There is no absolute security system."

  • Some details :
    • scene one:
      • Scene description : Male Friend Max took the turn to the Lord from the trash in a cake shop packaging and billing, customer just pretend visited the grocery store, cheat food.
      • Process analysis : the use of other unknown heart, successfully conceal his identity and obtain the trust, be confused with some of the reality of illusion to deceive the other party to get food.
    • Scene Two:
      • Scene description : follow the Federal News Service out of the garbage truck, named Randy card through garbage in a learned Randy favorite Meng pet, to work in the intelligence bureau Randy email send a link Meng Chong, open the invasion of the channel, bypassing the security system will eventually enter Intelligence Agency and mischief.
      • Process Analysis : Enterprise garbage which often contain a lot of information, the attacker can find a lot of information that may endanger the security from the inside, combined with phishing sites, send e-mail disguise the identity of the implementation of social engineering attacks.
    • Scene Three:
      • Scene description : the male picked up a tour card, the guard said he lied during the day to visit the student, his wallet fell on the canteen, fear of domestic violence to win the sympathy of security, after entering the cafeteria a signal receiver security in the table underneath, black into the system of Europol.
      • Process Analysis : camouflage identity, after acquiring the target portion information, manufacturing trap guard to help make it feel sympathy and willingness to ultimately achieve the goal.
    • Scene Four:
      • Scene description : male host Benjamin to get her confidence by helping investigators traceability arrest MRX, Finally sympathy psychological investigators destroyed their identity files, managed to escape the surveillance and government intelligence agencies to kill the gang organization.
      • Process Analysis : Benjamin carefully studied investigators relevant information, the use of psychological weakness investigator, and through the "split personality" weaken themselves, other members will direct "virtual" of people into the reality does not exist, in order to stimulate female investigators maternal feelings of members, the investigators mistakenly thought he split personality, to win their sympathy and eventually let him. Female investigators always thinking protagonist in the settlement built in, did not see through the scam.
  • Some thoughts : The film's strong sense of rhythm, the black network has turned into a dark, crowded, oppressive metro space, is a network behind a mask with each other do not know the true identity of the person, very creative. Meanwhile Secret truth of the end of the movie, once again shows the biggest security holes do not exist in any program or server, humans are the biggest security vulnerabilities. People just want to see what he would like to see. There is no absolute security system, and indeed there is no absolute trust in human nature.

(2) by means of social engineering attempt to obtain personal information about other students, and to expand your social worker process, including success and failure.

In the Little Red Book stumbled university students, he learned that the province quiz to a place of civil servants, then pretend to take part in this year's public examination, asking him about some of the public examination, he was now in the process of communication work address, work and other information, as it involves their privacy, here and hold screenshot friends.

3. The problems and solutions encountered in the study

The problems are mostly solved explanation of professional terms by Baidu.

4. Learning perception, thinking, etc.

By learning a system, so I understand the biggest security holes do not exist in any program or server, humanity is the biggest security holes, but feel the Internet is the inevitable product of the times generated by "human nature" only behind all of this is "double-edged sword" in the true sense. Using the Internet to the implementation of criminal activities and conduct an attack against the network system, let me malice "human nature" had a deep thought.

Reference material

Guess you like

Origin www.cnblogs.com/yangdd/p/12389093.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com