View
1.238
Download
3
Category
Preview:
Citation preview
Jack
1
...•
•
•
•
•
2
Agenda• Whoami
•
• &
•
•
• FAQ3
4
( )
• TCP/IP
• OWASP
5
-VA & WEBVA• OWASP
• Vulnerability Assessment
• .....
•
6
Exploit Development• http://securityalley.blogspot.tw/2014/06/buffer-overflow-windows.html (
EXPLOIT )
• https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/ (CORELAN )
• http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/ (EXPLOIT )
• https://github.com/enddo/awesome-windows-exploitation
• https://github.com/riusksk/vul_war
7
8
9
- /
•
•
10
-•
•
• AD
•
•
•
11
( )
• WEBPT
• IR
• Coding
• Certification
12
-• OWASP Testing Guide
• Open Source Security Testing Methodology Manual (OSSTMM)
•
•
13
Web Application Hacker’s Methodology
14
SQLMAP
• .....
• 1
• 2 code
• 3 code
15
-1• https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
• http://drops.wooyun.org/( ....)
• http://www.freebuf.com/
• https://www.91ri.org/
• https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles?page=1
• https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/
16
17
-• ERS? (WHAT)
• ? (WHO)
• ? (WHERE)
• ? (HOW)
•
18
ATTACK LIFECYCLE.....
19
-
•
20
IR Toolkit
•
21
-
•
•
•
•
22
• Hash ( )
• (.NET JAVA )
• Import (
• Strings
• Tools Installed on REMnux
• Reverse-Engineering Wiki
23
• F5 (
•
• ( ?)
24
• Anti VM
• Anti OD
• Anti Forensic
• Anti XXX ……
•
• ANTI TECH github27
• http://bbs.pediy.com/ ( )
• http://www.52pojie.cn/forum.php ( )
• http://adr.horse/ ( )
• https://github.com/gasgas4/APT_CyberCriminal_Campagin ( )
• http://blog.malwaremustdie.org/
• http://www.malware-traffic-analysis.net/
29
30
Malware Source / Code
• https://github.com/gasgas4/Leaked_Malware_SourceCode
• https://github.com/ytisf/theZoo
• https://github.com/krmaxwell/maltrieve
31
-•
•
•
•
•
32
34
35
IDA OD
...
37
Google Drive
• OAuth
38
DropBox
• token
39
40
XX
•A B
•B C D E
• ...
41
XXX•
•
•
42
43
( !
44
• Office
•
45
...
46
•
47
! ! !
48
! ! !
49
50
• https://github.com/hackedteam?tab=repositories ( HACKING TEAM)
• https://www.blackhat.com/html/archives.html
• https://www.defcon.org/html/links/dc-archives.html
• https://github.com/RichardLitt/awesome-conferences
• RSA , Zeronight , Hitcon , cansecwest , CONFidence , HITB , nullcon , recon , syscan ...
51
FAQ: CTF•
• Bug Bounty
• http://ppt.cc/7xaGu
• https://bugcrowd.com/programs
• https://h1.sintheticlabs.com/
52
FAQ Certification
•
53
54
55
...
56
&
57
Recommended