东京打工人Jackie

当一个好斜杠

发表于 更新于 分类于 Disqus: 本文字数: 858 阅读时长 ≈ 3 分钟
Reconnaissance
侦察		 Resource Development
资源扩展		 Initial Access
最初入口		 Execution
执行攻击		 Persistence
持续性控制		 Privilege Escalation
权限提升		 Defense Evasion
躲避防御机制		 Credential Access
获取合法凭证访问		 Discovery
查看信息		 Lateral Movement
横向权限扩展		 Collection
收集信息		 Command and Control
命令控制		 Exfiltration
信息窃取		 Impact
Active Scanning Acquire Infrastructure Drive-by Infrastructure Command and Scripting Interpreter Account Manipulation Abuse Elevation Control Mechanism Abuse Elevation Control Mechanism Adversary-in-the-Middle Account Discovery Exploitation of Remote Services Adversary-in-the-Middle Application Layer Protocol Automated Exfiltration Account Access Removal
Gather Victim Host Information Compromise Accounts Exploit Public-Facing Application Container Administration Command BITS Jobs Access Token Manipulation Access Token Manipulation Brute Force Application Windows Discovery Internal Spearphishing Archive Collected Data Communication Through Removable Media Data Transfer Size Limits Data Destruction
Gather Victim Identity Information Compromise Infrastructure External Remote Services Deploy Container Boot or Logon Autostart Execution Boot or Logon Autostart Execution BITS Jobs Credentials from Password Stores Browser Bookmark Discovery Lateral Tool Transfer Audio Capture Data Encoding Exfiltration Over Alternative Protocol Data Encrypted for Impact
Gather Victim Network Information Develop Capabilities Hardware Additions Exploitation for Client Execution Boot or Logon Initialization Scripts Boot or Logon Initialization Scripts Build Image on Host Exploitation for Credential Access Cloud Service Dashboard Remote Service Session Hijacking Automated Collection Data Obfuscation Exfiltration Over C2 Channel Data Manipulation
Gather Victim Org Information Eastablish Accounts Phishing Inter-Process Communication Browser Extensions Create or Modify System Process Debugger Evasion Forced Authentication Cloud Service Discovery Remote Services Browser Session Hijacking Dynamic Resolution Exfiltration Over Other Network Medium Defacement
Phishing for Information Obtain Capabilities Replication Through Removable Media Native API Compromise Client Software Binary Domain Policy Modification Deobfuscate/Decode Files or Information Forge Web Credentials Cloud Storage Object Discovery Replication Through Removable Media Clipboard Data Encrypted Channel Exfiltration Over Physical Medium Disk Wipe
Search Closed Sources Stage Capabilities Supply Chain Compromise Scheduled Task/Job Create Account Escape to Host Deploy Container Input Capture Container and Resource Discovery Software Deployment Tools Data from Cloud Storage Fallback Channels Exfiltration Over Web Service Endpoint Denial of Service
Search Open Technical Databases Trusted Relationship Serverless Execution Create or Modify System Process Event Triggered Execution Direct Volume Access Modify Authentication Process Debugger Evasion Taint Shared Content Data from Configuration Repository Ingress Tool Transfer Scheduled Transfer Firmware Corruption
Search Open Websites/Domains Valid Accounts Shared Modules Event Triggered Execution Exploitation for Privilege Escalation Domain Policy Modification Multi-Factor Authentication Interception Domain Trust Discovery Use Alternate Authentication Material Data from Informatoin Repositories Multi-Stage Channels Transfer Data to Cloud Account Inhibit System Recovery
Search Victim-Owned Websites Software Deployment Tools External Remote Services Hijack Execution Flow Execution Guardrails Multi-Factor Authentication Request Generation File and Directory Discovery Data from Information Repositories Non-Application Layer Protocol Network Denial of Service
System Services Hijack Execution Flow Process Injection Exploitation for Defense Evasion Network Sniffing Group Policy Discovery Data from Local System Non-Standard Port Resource Hijacking
User Execution Implant Internal Image Scheduled Task/Job File and Directory Permissions Modification OS Credential Dumping Network Service Discovery Data from Network Shared Drive Protocol Tunneling Service Stop
Windows Management Instrumentation Modify Authentication Process Valid Accounts Hide Artifacts Steal Application Access Token Network Share Discovery Data from Removable Media Proxy System Shutdown/Reboot
Modify Cloud Compute Infrastructure Hijack Execution Flow Steal or Forge Authentication Certificates Network Sniffing Data Staged Remote Access Software
Modify Registry Impair Defenses Steal or Forge Kerberos Tickets Password Policy Email Collection Traffic Signaling
Modify System Image Indicator Removal Steal web Session Cookie Peripheral Device Discovery Input Capture Web Service
Network Boundary Bridging Indirect Command Execution Unsecured Credentials Permission Groups Discovery Screen Capture
Obfuscated Files or Information Masquerading Process Discovery Video Capture
Plist File Modification Modify Authentication Process Query Registry
Pre-OS Boot Modify Cloud Compute Infrastructure Remote System Discovery
Process Injection Modify Registry Software Discovery
Modify System Image System Information Discovery
Network Boundary Bridging System Network Configuration Discovery
Obfuscated Files or Information System Network Connections Discovery
Plist File Modification System Owner/User Discovery
Pre-OS Boot System Service Discovery
Process Injection System Time Discovery
Reflective Code Loading Virtualization/Sandbox Evasion
Rogue Domain Controller
Rootkit
Subvert Trust Controls
System Binary Proxy Execution
System Script Proxy Execution
Template Injection
Traffice Signaling
Trusted Developer Utilities Proxy Execution
Unused/Unsupported Cloud Regions
Use Alternate Authentication Material
Valid Accounts
Virtualization/Sandbox Evasion
Weaken Encryption
XLS Script Processing

因为攻击手法千奇百怪,所以暂时先从常见的入手:

Non-Standard Port

Non-Standard Port, Technique T1571 - Enterprise | MITRE ATT&CK®

Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088[1] or port 587[2] as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.

发表于 分类于 Disqus: 本文字数: 4.5k 阅读时长 ≈ 16 分钟

[TOC]

引言

0.1总则 本标准提供建立,实现,维护和持续改进信息安全管理体系的要求。采用信息安全管理体系是组织的一项战略性决策。组织信息安全管理体系的建立和实现受组织的需要和目标,安全要求,组织所采用的过程,规模和结构的影响。所有这些影响因素可能随时间发生变化。 信息安全管理体系通过应用风险管理过程来保持信息的保密性,完整性和可用性,并为相关方树立风险得到充分管理的信心。 重要的是,信息安全管理体系是组织的过程和整体管理结构的一部分并集成在其中,并且在过程,信息系统和控制的设计中要考虑到信息安全。期望的是,信息安全管理体系的实现程度要与组织的需要相符合。 本标准可被内部和外部各方用于评估组织的能力是否满足自身的信息安全要求。 本标准中所表述要求的顺序不反映各要求的重要性或暗示这些要求要予实现的顺序。条款编号仅为方便引用。 ISO/IEC 27000描述了信息安全管理体系的概要和词汇,引用了信息安全管理体系标准族(包括ISO/IEC 27003, ISO/IEC 27004, ISO/IEC 27005),以及相关术语和定义。

解读:

阅读全文 »

发表于 更新于 Disqus: 本文字数: 612 阅读时长 ≈ 2 分钟

在花了几小时深度了几种个人博客方案后,还是决定回归到Hexo+Github上来。

简单地整理下自己的折腾过程:

1)本来看到网上有Hugo建站的教程,说是渲染速度快,本地环境搭建简单,但按教程一步步来,最后还是出错,而且自己也不想花时间深究哪里出错了。

2)又在xhs上看到直接用Notion+Vercel+Github可以实现笔记软件和博客的2合1,也很吸引我,但是在Vercel中进行Deploy的时候又卡住了,继续出错。我本来觉得这个行得通应该是终极解决方案了,一劳永逸,但出错了, 而且Notion的导出选项稍稍有点少(html,md,pdf).

3)经历前面2次出错,有点失落,本来想着就在本地Mybase笔记软件里写给自己得了,但想了想,搞技术的如果只输出给自己,动力不足,而且会懈怠。还是弄一个博客吧,反正Hexo+Github之前自己试过,成功了,当然那时候写的文章现在也用不着了。于是就有了现在的这个博客。

阅读全文 »
0%