信息安全知识库 http://vipread.com 信息安全相关知识库-专业的信息安全IT文档分享平台,使知识可以总结,经验可以分享,汇集优质文档资料的交流平台 http://vipread.com http://vipread.com zh-cn Thu, 12 Dec 2019 00:19:23 +0000 卫星通信的安全缺陷 http://vipread.com/library/item/2679 <a href='http://vipread.com/library/item/2679'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575714318.png'><br /><ul> <li>卫星通信</li> <li>卫星通信组成</li> <li>通信卫星转发器</li> <li>互联网卫星的转发器载荷</li> <li>存在的威胁</li> <li>伪造信号</li> <li>卫星通信链路常用频率</li> <li>窃听伪造场景</li> <li>攻击航空网络</li> <li>数据窃取攻击</li> <li>ip数据接收卡窃取数据</li> <li>国际上常用的卫星调制解调器</li> <li>卫星调制解调器的功能</li> <li>远程控制网络</li> <li>EDMAC 控制端界面</li> <li>EDMAC/EDMAC 2</li> <li>EDMAC协议</li> <li>解调解码</li> <li>尝试逆向数据</li> <li>实验环境</li> <li>伪造数据实验</li> <li>比特币卫星网络</li> <li>卫星覆盖仿真</li> <li>北京接收来自Telstar 18V的比特币交易数据</li> <li>总结</li> </ul> http://vipread.com/library/item/2679 Sat, 07 Dec 2019 10:25:19 +0000 蓝方的进攻——进攻是最好的防守 http://vipread.com/library/item/2680 <a href='http://vipread.com/library/item/2680'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575716088.png'><br /><ul> <li>攻防形式</li> <li>战术</li> <li>知己知彼</li> <li>评估</li> <li>总结</li> </ul> http://vipread.com/library/item/2680 Sat, 07 Dec 2019 10:54:49 +0000 基于图数据的云上BOT团伙深度感知 http://vipread.com/library/item/2681 <a href='http://vipread.com/library/item/2681'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575716321.png'><br /><ul> <li>案例</li> <li>防御侧应急</li> <li>客户侧应急</li> <li>困境</li> <li>根本问题</li> <li>能力需求</li> <li>解决思路</li> <li>进程图构建</li> <li>标签传递</li> <li>网络行为关联</li> <li>进程行为模式识别</li> <li>攻击方式识别</li> <li>数据问题</li> <li>解决方法</li> <li>情报运营</li> <li>防御侧业务价值</li> <li>客户侧业务价值</li> <li>其他</li> </ul> http://vipread.com/library/item/2681 Sat, 07 Dec 2019 10:58:42 +0000 网络攻防演练的现实思考 http://vipread.com/library/item/2682 <a href='http://vipread.com/library/item/2682'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575716461.png'><br /><ul> <li>统计数据分析</li> <li>安全问题成了没人知道的答案</li> <li>甲方视觉下的攻防演练</li> <li>实际场景下乙方攻击队的故事</li> <li>攻防演练≠ 渗透测试</li> <li>真实的红军(red team)攻击过程</li> <li>新一代攻防演练技术发展</li> <li>结合众测平台的攻防演练方案</li> <li>白帽攻击平台</li> <li>白帽VPN平台</li> </ul> http://vipread.com/library/item/2682 Sat, 07 Dec 2019 11:01:03 +0000 Fortinet云安全自动化 http://vipread.com/library/item/2683 <a href='http://vipread.com/library/item/2683'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575716670.png'><br /><ul> <li>应用基础架构发展</li> <li>自动构建云基础架构和安全</li> <li>混合云安全基础架构</li> <li>Infrastructure-as-a-code</li> <li>Terraform自动化部署</li> <li>HA自动切换</li> <li>安全策略配置自动化</li> <li>自动连接、选路</li> <li>安全策略自动化</li> <li>安全策略优化-AI的使用</li> <li>安全组件自动联动</li> <li>安全事件自动联动-云平台</li> <li>安全事件自动联动-安全系统</li> <li>Fortinet云安全全景图</li> <li>Fortinet 云安全战略的三大支柱</li> <li>Fortinet支持中国国内的主流公有云平台</li> </ul> http://vipread.com/library/item/2683 Sat, 07 Dec 2019 11:04:31 +0000 猫鼠游戏: 持续渗透中的高级命令混淆对抗 http://vipread.com/library/item/2684 <a href='http://vipread.com/library/item/2684'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575716880.png'><br /><ul> <li> <ol> <li>问题背景:命令混淆</li> </ol> </li> <li> <ol> <li>命令混淆方法</li> </ol> </li> <li> <ol> <li>我们的解决方案</li> </ol> </li> <li> <ol> <li>总结与讨论</li> </ol> </li> </ul> http://vipread.com/library/item/2684 Sat, 07 Dec 2019 11:08:01 +0000 锤炼新形势下实网攻防的“剑与盾” http://vipread.com/library/item/2685 <a href='http://vipread.com/library/item/2685'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575717004.png'><br /><ul> <li>PART / 01 现状与思考</li> <li>PART / 02 靶场最佳实践</li> </ul> http://vipread.com/library/item/2685 Sat, 07 Dec 2019 11:10:05 +0000 硬件盒子安全分解 http://vipread.com/library/item/2686 <a href='http://vipread.com/library/item/2686'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575717115.png'><br /><ul> <li>01 背景</li> <li>02 攻击者的另辟蹊径</li> <li>03 硬件盒子的安全分解</li> </ul> http://vipread.com/library/item/2686 Sat, 07 Dec 2019 11:11:56 +0000 iOSURLScheme之殇 http://vipread.com/library/item/2687 <a href='http://vipread.com/library/item/2687'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575717253.png'><br /><ul> <li>iOS URL Scheme</li> <li>造成系统层面的漏洞</li> <li>造成上层APP的漏洞</li> </ul> http://vipread.com/library/item/2687 Sat, 07 Dec 2019 11:14:14 +0000 RedTeam视角下的二进制攻防研究 http://vipread.com/library/item/2688 <a href='http://vipread.com/library/item/2688'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575717391.png'><br /><ul> <li>1、“红蓝对抗”的地位问题</li> <li>2、“KillChain”的作用域</li> <li>3、不仅仅是“响应”和“溯源”</li> <li>4、技术提高途径</li> <li>5、薪资往往不是问题</li> </ul> http://vipread.com/library/item/2688 Sat, 07 Dec 2019 11:16:32 +0000 现代可抵赖后门研究--Reflection on trusting trust http://vipread.com/library/item/2689 <a href='http://vipread.com/library/item/2689'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575717783.png'><br /><ul> <li>The problem</li> <li>Self-reproducing program(Quine)</li> <li>Sulogin compiler-backdoor</li> <li>Deniable Backdoors Using Compiler Bugs</li> <li>Deniable Backdoors in Other Way</li> <li>Is Compiler Hack Still a Threat?</li> <li>Possible defence?</li> <li>Diverse Double Compiling (DDC)</li> </ul> http://vipread.com/library/item/2689 Sat, 07 Dec 2019 11:23:04 +0000 新形势下的企业安全体系建设实践(蓝军篇) http://vipread.com/library/item/2690 <a href='http://vipread.com/library/item/2690'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575718047.png'><br /><ul> <li>概况介绍</li> <li>安全战略</li> <li>安全相关部门架构</li> <li>安全生命周期</li> <li>安全体系不安全产品构成</li> <li>一个问题</li> <li>如何检验防护能力</li> <li>渗透测试&amp;红蓝对抗</li> <li>红蓝对抗实战</li> <li>蓝军建设之路</li> <li>系统安全蓝军</li> <li>网络攻击蓝军</li> <li>业务安全蓝军</li> <li>物联网&amp;硬件设备蓝军</li> <li>基于白帽子众测的泛蓝军</li> <li>新技术预研:Tencent Blade Team</li> <li>蓝军行劢一例:智能楼宇安全测试</li> <li>蓝军成果</li> <li>推劢生态,合作共赢</li> </ul> http://vipread.com/library/item/2690 Sat, 07 Dec 2019 11:27:28 +0000 域权限维持方法浅析 http://vipread.com/library/item/2691 <a href='http://vipread.com/library/item/2691'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575718341.png'><br /><ul> <li>前情提要&amp; 本集简介</li> <li>Golden Ticket</li> <li>Silver Ticket</li> <li>SID History</li> <li>SID History -Golden Ticket Now More GOLDEN!</li> <li>Directory Service Restore Mode (DSRM)</li> <li>DSRM -Pass The Hash&amp;DCSync</li> <li>Malicious Security Support Provider (SSP)</li> <li>Hook PasswordChangeNotify</li> <li>Skeleton Key</li> <li>DCShadow</li> <li>BadGPO(Group Policy Objects)</li> <li>ACL (Access Control Lists)</li> <li>ACL -AdminSDHolder</li> <li>ACL -DCSync</li> </ul> http://vipread.com/library/item/2691 Sat, 07 Dec 2019 11:32:22 +0000 打造CTF+“肾”透测试攻城狮兴奋混合剂 http://vipread.com/library/item/2692 <a href='http://vipread.com/library/item/2692'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575718526.png'><br /><ul> <li>渗透现状与痛点分析</li> <li>CTF多元化技术浅析</li> <li>打造技术状态”Zone”</li> </ul> http://vipread.com/library/item/2692 Sat, 07 Dec 2019 11:35:27 +0000 ANDROID APP安全从入门到放弃 http://vipread.com/library/item/2693 <a href='http://vipread.com/library/item/2693'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575718625.png'><br /><ul> <li>APP安全初探</li> <li>APP安全学习路径</li> <li>一点体会</li> </ul> http://vipread.com/library/item/2693 Sat, 07 Dec 2019 11:37:06 +0000 WEB漏洞挖掘速成训练营 http://vipread.com/library/item/2694 <a href='http://vipread.com/library/item/2694'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575718837.png'><br /><p>WEB漏洞挖掘速成训练营</p> http://vipread.com/library/item/2694 Sat, 07 Dec 2019 11:40:38 +0000 现代“碟中谍”——多国APT组织的杀戮之路 http://vipread.com/library/item/2695 <a href='http://vipread.com/library/item/2695'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575718960.png'><br /><ul> <li>序言</li> <li>APT-32/海莲花黑客组织</li> <li>TA505 黑客组织</li> <li>蓝宝菇/APT-C-12黑客组织</li> </ul> http://vipread.com/library/item/2695 Sat, 07 Dec 2019 11:42:41 +0000 你相信发电厂爆炸事件是工控黑客所为吗? http://vipread.com/library/item/2696 <a href='http://vipread.com/library/item/2696'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575719087.png'><br /><ul> <li>工控概述</li> <li>工控系统脆弱性</li> <li>工控漏洞挖掘方法</li> <li>工控安全防护</li> </ul> http://vipread.com/library/item/2696 Sat, 07 Dec 2019 11:44:48 +0000 给我1K内存VS难以打破的安全系统 http://vipread.com/library/item/2697 <a href='http://vipread.com/library/item/2697'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575719277.png'><br /><ul> <li>我们所说的难以打破的安全系统</li> <li>内存攻击法(传统)</li> <li>思考</li> <li>内存操作的危害</li> <li>获取内存数据的方法</li> <li>冷启动攻击</li> <li>虚拟化攻击</li> <li>总线攻击(DMA)</li> <li>总线攻击(JTAG)</li> <li>攻击场景</li> <li>攻击防御</li> </ul> http://vipread.com/library/item/2697 Sat, 07 Dec 2019 11:47:58 +0000 代码能力在渗透测试实战中的价值 http://vipread.com/library/item/2698 <a href='http://vipread.com/library/item/2698'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575719409.png'><br /><p>代码能力在渗透测试实战中的价值</p> http://vipread.com/library/item/2698 Sat, 07 Dec 2019 11:50:11 +0000 安全众测下的漏洞发展新趋势 http://vipread.com/library/item/2699 <a href='http://vipread.com/library/item/2699'>本文链接</a><br /><img src='/static/uimages/2019-12-07/2_1575719499.png'><br /><ul> <li>不同行业漏洞现状分析</li> <li>安全众测与漏洞变迁</li> <li>当前安全环境下漏洞挖掘小技巧</li> </ul> http://vipread.com/library/item/2699 Sat, 07 Dec 2019 11:51:40 +0000 小米 AIoT 安全新起点 http://vipread.com/library/item/2700 <a href='http://vipread.com/library/item/2700'>本文链接</a><br /><img src='/static/uimages/2019-12-09/2_1575856392.png'><br /><ul> <li>小米 AIoT 安全保障体系</li> <li>小米智能生活安全守护计划</li> <li>如此庞大的 IoT生态产品如何保障安全?</li> <li>安全的边界在哪里?</li> <li>什么是安全?</li> <li>IoT安全规范标准</li> <li>国际认证体系</li> <li>安全平台</li> <li>AIoT 安全与隐私自动化检测平台</li> <li>去密码化零信任办公网络</li> </ul> http://vipread.com/library/item/2700 Mon, 09 Dec 2019 01:53:13 +0000 物联网安全与隐私保护框架 http://vipread.com/library/item/2701 <a href='http://vipread.com/library/item/2701'>本文链接</a><br /><img src='/static/uimages/2019-12-09/2_1575856496.png'><br /><ul> <li>IoT 的安全与隐私风险</li> <li>IoT 安全与隐私框架</li> <li>IoTSF 安全框架如何实施?</li> </ul> http://vipread.com/library/item/2701 Mon, 09 Dec 2019 01:54:57 +0000 APT最新发现与趋势分享 http://vipread.com/library/item/2702 <a href='http://vipread.com/library/item/2702'>本文链接</a><br /><img src='/static/uimages/2019-12-09/2_1575856678.png'><br /><ul> <li>FireEye –APT安全的全球领导者</li> <li>FireEye 核心能力(技术,情报及专家)</li> <li>新命名的APT 组织</li> <li>APT38案例研究</li> <li>IoT安全事件</li> <li>IoT安全现状</li> <li>IoT安全性引发的担忧</li> <li>案例分析:罗技智能家居管理系统(Logitech Harmony Hub)漏洞</li> <li>Logitech Harmony Hub 漏洞分析</li> <li>Logitech Harmony Hub 漏洞案例总结</li> <li>IoT安全框架</li> <li>黑客对机器学习的利用</li> <li>FireEye 智能安全生态</li> </ul> http://vipread.com/library/item/2702 Mon, 09 Dec 2019 01:57:59 +0000 蓝牙安全之第二战场 http://vipread.com/library/item/2703 <a href='http://vipread.com/library/item/2703'>本文链接</a><br /><img src='/static/uimages/2019-12-09/2_1575857892.png'><br /><ul> <li>蓝牙设备联动安全</li> <li>芯片厂商隐患</li> <li>蓝牙硬件安全</li> <li>蓝牙安全架构</li> </ul> http://vipread.com/library/item/2703 Mon, 09 Dec 2019 02:18:13 +0000 物联网平台模糊测试:经验分享 http://vipread.com/library/item/2704 <a href='http://vipread.com/library/item/2704'>本文链接</a><br /><img src='/static/uimages/2019-12-09/2_1575858057.png'><br /><ul> <li>物联网平台的模糊测试</li> <li>Off-target 模糊测试</li> <li>针对模糊测试的对象来建模合理地建模并忽略其他数据</li> </ul> http://vipread.com/library/item/2704 Mon, 09 Dec 2019 02:20:58 +0000 The Game of Life http://vipread.com/library/item/2705 <a href='http://vipread.com/library/item/2705'>本文链接</a><br /><img src='/static/uimages/2019-12-09/2_1575858175.png'><br /><ul> <li>智能新时代</li> <li>安全新起点</li> <li>生活如「戏」</li> <li>游戏?现实!</li> </ul> http://vipread.com/library/item/2705 Mon, 09 Dec 2019 02:22:57 +0000 AIoT 自动化评估探索和实践 http://vipread.com/library/item/2706 <a href='http://vipread.com/library/item/2706'>本文链接</a><br /><img src='/static/uimages/2019-12-09/2_1575858443.png'><br /><ul> <li>历程<ul> <li>AIoT 安全与隐私自动化检测平台</li> </ul> </li> <li>原因</li> <li>探索<ul> <li>探索 - AIoT 产品典型场景</li> <li>探索 - AIoT 产品威胁分析</li> <li>探索 - 自动化评估功能需求</li> </ul> </li> <li>实践<ul> <li>实践 - AIoT 产品自动化评估模型</li> <li>实践 - MiEye</li> <li>实践 - MiEye 架构</li> <li>实践 - 加密流量分析</li> <li>实践 - 多国节点</li> <li>实践 - 复杂网络环境模拟</li> <li>探索 - 自动化评估功能列表</li> </ul> </li> </ul> http://vipread.com/library/item/2706 Mon, 09 Dec 2019 02:27:25 +0000 无人独善其身 ——安全问题的行业化 http://vipread.com/library/item/2707 <a href='http://vipread.com/library/item/2707'>本文链接</a><br /><img src='/static/uimages/2019-12-09/2_1575858674.png'><br /><ul> <li>绝大多数安全漏洞影响的是具体某个产品</li> <li>是否有安全问题会影响多个产品,甚至整个行业?</li> <li>LibPNG CVE-2004-0597 漏洞的修复过程</li> <li>安全问题行业化的两大类原因</li> <li>由供应链引入的漏洞</li> <li>OpenSSL Heartbleed 漏洞影响版本分布</li> <li>OpenSSL 高危漏洞分布(CVSS &gt;= 9)</li> <li>问题远不只OpenSSL</li> <li>供应链问题远比想象的更复杂</li> <li>标准、惯例带来的漏洞</li> <li>2015 年:BadBarcode</li> <li>2017 年:“应用克隆”</li> <li>2018 年:“残迹重用”</li> <li>2019 年:“BucketShock”</li> <li>文字、语言和代码一样是信息,可以携带漏洞</li> <li>处理安全问题行业化的困局</li> <li>不同角色如何应对安全问题的行业化?</li> </ul> http://vipread.com/library/item/2707 Mon, 09 Dec 2019 02:31:15 +0000 顺势而为:互联网与物联网用户隐私保护 http://vipread.com/library/item/2708 <a href='http://vipread.com/library/item/2708'>本文链接</a><br /><img src='/static/uimages/2019-12-09/2_1575858841.png'><br /><ul> <li>铺天盖地的“窃取用户隐私”指责</li> <li>明枪还是暗箭</li> <li>中国第一位首席隐私官的诞生</li> <li>360用户隐私保护大事记</li> <li>建立用户隐私保护组织</li> <li>定保护策略</li> <li>上技术手段</li> <li>做公关宣传:说人话</li> <li>应对GDPR</li> <li>挑战</li> <li>顺势而为,促成飞跃</li> <li>做业务部门的伙伴</li> <li>红脸与黑脸的配合</li> <li>做好危机公关的准备</li> <li>平衡的艺术</li> </ul> http://vipread.com/library/item/2708 Mon, 09 Dec 2019 02:34:02 +0000