窺探職場上所需之資安專業技術與能力 tdohconf
TRANSCRIPT
![Page 1: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/1.jpg)
Jack
1
![Page 2: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/2.jpg)
...•
•
•
•
•
2
![Page 3: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/3.jpg)
Agenda• Whoami
•
• &
•
•
• FAQ3
![Page 4: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/4.jpg)
4
![Page 5: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/5.jpg)
( )
• TCP/IP
• OWASP
5
![Page 6: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/6.jpg)
-VA & WEBVA• OWASP
• Vulnerability Assessment
• .....
•
6
![Page 7: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/7.jpg)
Exploit Development• http://securityalley.blogspot.tw/2014/06/buffer-overflow-windows.html (
EXPLOIT )
• https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/ (CORELAN )
• http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/ (EXPLOIT )
• https://github.com/enddo/awesome-windows-exploitation
• https://github.com/riusksk/vul_war
7
![Page 8: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/8.jpg)
8
![Page 9: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/9.jpg)
9
![Page 10: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/10.jpg)
- /
•
•
10
![Page 11: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/11.jpg)
-•
•
• AD
•
•
•
11
![Page 12: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/12.jpg)
( )
• WEBPT
• IR
• Coding
• Certification
12
![Page 13: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/13.jpg)
-• OWASP Testing Guide
• Open Source Security Testing Methodology Manual (OSSTMM)
•
•
13
![Page 14: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/14.jpg)
Web Application Hacker’s Methodology
14
![Page 15: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/15.jpg)
SQLMAP
• .....
• 1
• 2 code
• 3 code
15
![Page 16: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/16.jpg)
-1• https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
• http://drops.wooyun.org/( ....)
• http://www.freebuf.com/
• https://www.91ri.org/
• https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles?page=1
• https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/
16
![Page 17: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/17.jpg)
17
![Page 18: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/18.jpg)
-• ERS? (WHAT)
• ? (WHO)
• ? (WHERE)
• ? (HOW)
•
18
![Page 19: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/19.jpg)
ATTACK LIFECYCLE.....
19
![Page 20: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/20.jpg)
-
•
20
![Page 21: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/21.jpg)
IR Toolkit
•
21
![Page 22: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/22.jpg)
-
•
•
•
•
22
![Page 23: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/23.jpg)
• Hash ( )
• (.NET JAVA )
• Import (
• Strings
• Tools Installed on REMnux
• Reverse-Engineering Wiki
23
![Page 24: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/24.jpg)
• F5 (
•
• ( ?)
24
![Page 27: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/27.jpg)
• Anti VM
• Anti OD
• Anti Forensic
• Anti XXX ……
•
• ANTI TECH github27
![Page 29: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/29.jpg)
• http://bbs.pediy.com/ ( )
• http://www.52pojie.cn/forum.php ( )
• http://adr.horse/ ( )
• https://github.com/gasgas4/APT_CyberCriminal_Campagin ( )
• http://blog.malwaremustdie.org/
• http://www.malware-traffic-analysis.net/
29
![Page 30: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/30.jpg)
30
![Page 31: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/31.jpg)
Malware Source / Code
• https://github.com/gasgas4/Leaked_Malware_SourceCode
• https://github.com/ytisf/theZoo
• https://github.com/krmaxwell/maltrieve
31
![Page 32: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/32.jpg)
-•
•
•
•
•
32
![Page 34: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/34.jpg)
34
![Page 35: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/35.jpg)
35
![Page 37: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/37.jpg)
IDA OD
...
37
![Page 38: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/38.jpg)
Google Drive
• OAuth
38
![Page 39: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/39.jpg)
DropBox
• token
39
![Page 40: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/40.jpg)
40
![Page 41: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/41.jpg)
XX
•A B
•B C D E
• ...
41
![Page 42: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/42.jpg)
XXX•
•
•
42
![Page 43: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/43.jpg)
43
![Page 44: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/44.jpg)
( !
44
![Page 45: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/45.jpg)
• Office
•
45
![Page 46: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/46.jpg)
...
46
![Page 47: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/47.jpg)
•
47
![Page 48: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/48.jpg)
! ! !
48
![Page 49: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/49.jpg)
! ! !
49
![Page 50: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/50.jpg)
50
![Page 51: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/51.jpg)
• https://github.com/hackedteam?tab=repositories ( HACKING TEAM)
• https://www.blackhat.com/html/archives.html
• https://www.defcon.org/html/links/dc-archives.html
• https://github.com/RichardLitt/awesome-conferences
• RSA , Zeronight , Hitcon , cansecwest , CONFidence , HITB , nullcon , recon , syscan ...
51
![Page 52: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/52.jpg)
FAQ: CTF•
• Bug Bounty
• http://ppt.cc/7xaGu
• https://bugcrowd.com/programs
• https://h1.sintheticlabs.com/
52
![Page 53: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/53.jpg)
FAQ Certification
•
53
![Page 54: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/54.jpg)
54
![Page 55: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/55.jpg)
55
![Page 56: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/56.jpg)
...
56
![Page 57: 窺探職場上所需之資安專業技術與能力 Tdohconf](https://reader030.vdocuments.site/reader030/viewer/2022012823/587a720e1a28ab8a2a8b80ad/html5/thumbnails/57.jpg)
&
57