系统/安全
王孙小蛮
这个作者很懒,什么都没留下…
展开
-
服务高可用性及容灾的几个衡量指标
网站可用性所谓网站可用性(availability)也即网站正常运行时间的百分比,业界用 N 个9 来量化可用性, 最常说的就是类似 “4个9(也就是99.99%)” 的可用性。 描述 通俗叫法 可用性级别 年度停机时间 基本可用性 2个9 99% 87.6小时 较高可用性 3个9 99.9% 8.8小时 具有故障自动恢复能力的可用性 4个9 99.99% 53分转载 2016-07-25 16:55:42 · 4599 阅读 · 0 评论 -
网络安全渗透测试执行标准
一件事情总有千万种解决方案,其中更优的哪一种就是标准,渗透测试也是一样,目前渗透测试流程标准有以下几种:1、安全测试方法学开源手册 由ISECOM安全与公共方法学研究所制定,安全测试方法学开源手册(OSSTMM)提供物理安全,人类心理学,数据网络,无线通信媒介和电讯通信这五类渠道非常细致的测试用例,同时给出评估安全测试结果的指标标准。 OSSTMM的特色在于非常注重技术的细节,这使其成为一个具有转载 2016-09-25 14:39:35 · 5962 阅读 · 0 评论 -
如何学习网络安全
首先我们不讨论什么是网络安全,我先讲我是如何一步一步走进这个圈子的,初中的时候看过一篇小说,当时是躲在被窝里看的,那时候初二,里面讲的一个牛逼的黑客如何帮自己心仪的妹子杀掉计算机中的病毒,xxxx故事over,那是一个羡慕,我什么时候才能这样帮自己喜欢的妹纸杀毒了,至此就走上了网络安全的道路,由于是山区,条件不是怎么的好,电脑没摸过几次,这就比较尴尬了,当时手机还不是智能机,听歌不能登QQ,登QQ不原创 2016-09-24 01:13:26 · 4601 阅读 · 5 评论 -
kali信息搜集工具之dnsenum
dnsenum Package DescriptionMultithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.一款子域名爆破工具和之前介绍的bing-ip2hosts功能差不多,在此归类与域名信息搜集工具Tools included in t原创 2016-07-14 23:55:49 · 2964 阅读 · 0 评论 -
HTTP 验证 Tomcat中进行基本验证 (Basic Authentication) 和摘要验证 (Digest Authentication)
传送门:http://blog.csdn.net/renminzdb/article/details/42422141转载 2016-07-22 09:33:41 · 871 阅读 · 0 评论 -
kali信息收集工具之DNSRecon
DNSRecon Package DescriptionDNSRecon provides the ability to perform:Check all NS Records for Zone Transfers Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT) Perfo原创 2016-07-15 00:14:11 · 2095 阅读 · 0 评论 -
kali信息搜集工具之dnmap
dnmap Package Descriptiondnmap is a framework to distribute nmap scans among several clients. It reads an already created file with nmap commands and send those commands to each client connected to it.原创 2016-07-14 23:12:00 · 2339 阅读 · 0 评论 -
kali信息搜集工具之DMitry
DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality原创 2016-07-14 22:53:55 · 1764 阅读 · 0 评论 -
kali信息搜集工具之copy-router-config
Copies configuration files from Cisco devices running SNMP.额,说白了就是一个TFT服务转发工具,在这里推荐下lcx,目前这款工具我已经编译成windos,linux,嵌入式设备都可用的端口转发工具,在我的下载里面就有哦,非常好用Tools included in the copy-router-config packagecopy-rout原创 2016-07-14 22:49:45 · 697 阅读 · 0 评论 -
kali信息收集工具之Cookie Cadger
Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.Web providers have started stepping up to the plate since Firesheep was released in 2010. Toda原创 2016-07-14 22:36:33 · 1992 阅读 · 0 评论 -
kali信息收集工具之cisco-torch
Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not原创 2016-07-14 22:32:05 · 1391 阅读 · 0 评论 -
kali搜集工具之CDPSnarf
is a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more思科CD原创 2016-07-14 22:27:12 · 1103 阅读 · 0 评论 -
kali信息收集工具之Braa
Braa is a mass snmp scanner. The intended usage of such a tool is of course making SNMP queries – but unlike snmpget or snmpwalk from net-snmp, it is able to query dozens or hundreds of hosts simultane原创 2016-07-14 22:12:07 · 1759 阅读 · 0 评论 -
kali信息搜集工具之bing-ip2hosts
Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. Bing-ip2hosts uses this feat原创 2016-07-14 21:51:32 · 761 阅读 · 0 评论 -
kali信息收集工具之Automater
Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater原创 2016-07-14 21:41:51 · 762 阅读 · 0 评论 -
kali信息收集工具之Amap
Amap was the first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal. It also identifies non-ascii based appli原创 2016-07-14 21:30:52 · 2256 阅读 · 0 评论 -
minerd木马处理流程
首先说一句,这木马太恶心了,卧槽 首先在服务器发现minerd 程序ps -rf|grep minerd然后发现crontab 定时任务根据这个地址看看攻击脚本,我就不分析了,大致是获取系统权限等等首先删除生成的秘钥然后暂停定时任务暂停服务删除/opt/minerd 文件记住这里有个坑,此时已经暂停掉任务了但是那个进程还在,我特么就奇怪了,可能出现的原因是已经进入定时任务后,暂定这个服务但是任务还原创 2016-07-27 18:26:47 · 917 阅读 · 0 评论