- 博客(42)
- 资源 (1)
- 收藏
- 关注
RSS订阅原创 2016年终总结
距离2017年还有几个小时,快马加鞭敲出来这篇年终总结,欢迎各位斧正~首先从行业角度出发,聊聊2016互联网大事件 1.支付宝微信红包大战,表示没玩过 2.百度魏则西事件 3.优步滴滴合并 4.“支付鸨”事件 5.各种直播(互联网卖肉,活不长久) 6.共享单车(还没玩过)互联网安全大事件1.乌云关闭2.京东12G用户信息泄露事件在个人工作中收获一下几点一:别人说的永远是别人说的,自己
2016-12-31 21:22:27
525
转载 网络安全渗透测试执行标准
一件事情总有千万种解决方案,其中更优的哪一种就是标准,渗透测试也是一样,目前渗透测试流程标准有以下几种:1、安全测试方法学开源手册 由ISECOM安全与公共方法学研究所制定,安全测试方法学开源手册(OSSTMM)提供物理安全,人类心理学,数据网络,无线通信媒介和电讯通信这五类渠道非常细致的测试用例,同时给出评估安全测试结果的指标标准。 OSSTMM的特色在于非常注重技术的细节,这使其成为一个具有
2016-09-25 14:39:35
5888
原创 如何学习网络安全
首先我们不讨论什么是网络安全,我先讲我是如何一步一步走进这个圈子的,初中的时候看过一篇小说,当时是躲在被窝里看的,那时候初二,里面讲的一个牛逼的黑客如何帮自己心仪的妹子杀掉计算机中的病毒,xxxx故事over,那是一个羡慕,我什么时候才能这样帮自己喜欢的妹纸杀毒了,至此就走上了网络安全的道路,由于是山区,条件不是怎么的好,电脑没摸过几次,这就比较尴尬了,当时手机还不是智能机,听歌不能登QQ,登QQ不
2016-09-24 01:13:26
4532
5
原创 minerd木马处理流程
首先说一句,这木马太恶心了,卧槽 首先在服务器发现minerd 程序ps -rf|grep minerd然后发现crontab 定时任务根据这个地址看看攻击脚本,我就不分析了,大致是获取系统权限等等首先删除生成的秘钥然后暂停定时任务暂停服务删除/opt/minerd 文件记住这里有个坑,此时已经暂停掉任务了但是那个进程还在,我特么就奇怪了,可能出现的原因是已经进入定时任务后,暂定这个服务但是任务还
2016-07-27 18:26:47
909
转载 服务高可用性及容灾的几个衡量指标
网站可用性所谓网站可用性(availability)也即网站正常运行时间的百分比,业界用 N 个9 来量化可用性, 最常说的就是类似 “4个9(也就是99.99%)” 的可用性。 描述 通俗叫法 可用性级别 年度停机时间 基本可用性 2个9 99% 87.6小时 较高可用性 3个9 99.9% 8.8小时 具有故障自动恢复能力的可用性 4个9 99.99% 53分
2016-07-25 16:55:42
4536
转载 HTTP 验证 Tomcat中进行基本验证 (Basic Authentication) 和摘要验证 (Digest Authentication)
传送门:http://blog.csdn.net/renminzdb/article/details/42422141
2016-07-22 09:33:41
862
原创 kali弱点分析工具之DBPwAudit
DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simpl
2016-07-15 21:52:38
875
原创 kali弱点分析工具之BED
BED is a program which is designed to check daemons for potential buffer overflows, format strings et. al.‘一个缓冲区溢出检测工具,归属与系统漏洞挖掘工具库,溢出漏洞挖掘工具集Tools included in the bed packagebed – A network protocol fu
2016-07-15 21:47:04
1404
原创 kali弱点分析工具之BBQSQL
Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help y
2016-07-15 00:33:48
1890
原创 kali信息搜集工具之dnstracer
dnstracer Package Descriptiondnstracer determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative a
2016-07-15 00:25:18
1139
原创 kali信息收集工具之DNSRecon
DNSRecon Package DescriptionDNSRecon provides the ability to perform:Check all NS Records for Zone Transfers Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT) Perfo
2016-07-15 00:14:11
2068
原创 kali信息收集工具之dnsmap
dnsmap Package Descriptiondnsmap was originally released back in 2006 and was inspired by the fictional story “The Thief No One Saw” by Paul Craig, which can be found in the book “Stealing the Network
2016-07-15 00:04:14
2612
原创 kali信息搜集工具之dnsenum
dnsenum Package DescriptionMultithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.一款子域名爆破工具和之前介绍的bing-ip2hosts功能差不多,在此归类与域名信息搜集工具Tools included in t
2016-07-14 23:55:49
2953
原创 kali信息搜集工具之dnmap
dnmap Package Descriptiondnmap is a framework to distribute nmap scans among several clients. It reads an already created file with nmap commands and send those commands to each client connected to it.
2016-07-14 23:12:00
2325
原创 kali信息搜集工具之DMitry
DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality
2016-07-14 22:53:55
1754
原创 kali信息搜集工具之copy-router-config
Copies configuration files from Cisco devices running SNMP.额,说白了就是一个TFT服务转发工具,在这里推荐下lcx,目前这款工具我已经编译成windos,linux,嵌入式设备都可用的端口转发工具,在我的下载里面就有哦,非常好用Tools included in the copy-router-config packagecopy-rout
2016-07-14 22:49:45
681
原创 kali信息收集工具之Cookie Cadger
Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.Web providers have started stepping up to the plate since Firesheep was released in 2010. Toda
2016-07-14 22:36:33
1966
原创 kali信息收集工具之cisco-torch
Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not
2016-07-14 22:32:05
1366
原创 kali搜集工具之CDPSnarf
is a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more思科CD
2016-07-14 22:27:12
1096
原创 CDP协议
CDP是Cisco DiscoveryProtocol的缩写,它是由思科公司推出的一种私有的二层网络协议,它能够运行在大部分的思科设备上面。通过运行CDP 协议,思科设备能够在与它们直连的设备之间分享有关操作系统软件版本,以及IP地址,硬件平台等相关信息。详见:http://baike.baidu.com/link?url=fNMlCFZ50rYEYNLEkTLiwG-PD4pFnONQ1HADip
2016-07-14 22:24:32
2430
原创 kali信息搜集工具之CaseFile
CaseFile is the little brother to Maltego. It targets a unique market of ‘offline’ analysts whose primary sources of information are not gained from the open-source intelligence side or can be programm
2016-07-14 22:20:24
2974
原创 kali信息收集工具之Braa
Braa is a mass snmp scanner. The intended usage of such a tool is of course making SNMP queries – but unlike snmpget or snmpwalk from net-snmp, it is able to query dozens or hundreds of hosts simultane
2016-07-14 22:12:07
1737
原创 SNMP协议
简单网络管理协议(SNMP),由一组网络管理的标准组成,包含一个应用层协议(application layer protocol)、数据库模型(database schema)和一组资源对象。该协议能够支持网络管理系统,用以监测连接到网络上的设备是否有任何引起管理上关注的情况。该协议是互联网工程工作小组(IETF,Internet Engineering Task Force)定义的internet
2016-07-14 22:06:10
210
原创 SMB协议
见百度百科“>http://baike.baidu.com/link?url=bzkKoX7acsmoBfSYIexPsoZnTVCxW7IsgeBZ4nYp0Axo8SAGL5tqtEi_ph718cZJW2BH_lECWWUAijBDEB52-个人理解为局域网共享IPCSMB(Server Message Block)通信协议是微软(Microsoft)和英特尔(Intel)在1987年制定的协
2016-07-14 21:58:41
524
原创 kali信息搜集工具之bing-ip2hosts
Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. Bing-ip2hosts uses this feat
2016-07-14 21:51:32
746
原创 kali信息收集工具之Automater
Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater
2016-07-14 21:41:51
755
原创 kali信息收集工具之Amap
Amap was the first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal. It also identifies non-ascii based appli
2016-07-14 21:30:52
2224
原创 kali信息收集工具之ace-voip
目测为一款网络电话攻击工具,由于中国相关环境,网络电话并没有出现在公众视野,但是企业内部可能会出现,所以该工具在企业内部渗透中可能会用到Tools included in the ace-voip packageace – A simple VoIP corporate directory enumeration toolroot@kali:~# ace ACE v1.10: Automated
2016-07-14 21:18:48
1332
原创 kali信息收集工具之acccheck
The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is depen
2016-07-14 21:11:51
3145
原创 docker 学习笔记之增删改查
docker 学习笔记坑一之之增删改查docker 近年来非常火,小小尝试一番确实很屌,秒级部署,秒级开机,大大减轻了运维的工作!Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的 Linux 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。重点来了,docker有三个核心,镜像,容器,仓库镜像:类似与虚拟
2016-07-12 22:21:42
311
原创 Mysql ERROR 2002 (HY000)错误解决
Mysql ERROR 2002 (HY000)错误解决[root@mandaren bin]# ./mysql -uroot -p Enter password: ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/tmp/mysql.sock’ (111)当使用如上命令进入mysql时会出现如上情
2016-07-12 22:11:33
985
转载 Mysql 主从复制配置
1、主从服务器分别作以下操作: 1.1、版本一致 1.2、初始化表,并在后台启动mysql 1.3、修改root的密码2、修改主服务器master: #vi /etc/my.cnf [mysqld] log-bin=mysql-bin //[必须]启用二进制日志 server-id=222 //[必须]
2016-02-18 15:42:20
243
原创 Mysql 修改默认端口
Mysql 端口修改Mysql解压版采用手动方式安装,在安装时默认采用3306接口,如果想改接口就需要my-default.ini中修改,但是修改后重启服务死活不起作用,结果一查Mysql启动时可以不需要配置文件,如果想设置的话需要定义my.ini,好么,名字改为my.ini,服务成功启动
2016-02-18 14:15:42
1015
原创 Mysql 分表
Mysql 大表分表策略,由于在系统设计之初木有考虑到系统后期数据大规模增加,造成查询操作越来越慢,刚开始我们可能会进行sql的优化操作,但是随着时间的增加我们就会发现查询时间长的情况又会暴漏出来,此时只能进行分表操作分表策略:1.按照时间分表,这是最简单也最好理解的分表方式2.取模分表3.自定义hash 首先将表分成若干个子表:insert int
2016-02-18 09:58:58
339
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人