Suche senden
Hochladen
窺探職場上所需之資安專業技術與能力 Tdohconf
•
27 gefällt mir
•
4,395 views
jack51706
Folgen
TDOH CONF
Weniger lesen
Mehr lesen
Präsentationen & Vorträge
Diashow-Anzeige
Melden
Teilen
Diashow-Anzeige
Melden
Teilen
1 von 57
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
資訊安全入門
資訊安全入門
Tyler Chen
Got Your PW - 一場入門資安的微旅行
Got Your PW - 一場入門資安的微旅行
Allen Chou
台科大網路鑑識課程 封包分析及中繼站追蹤
台科大網路鑑識課程 封包分析及中繼站追蹤
jack51706
網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享
Ying-Chun Cheng
Become A Security Master
Become A Security Master
Chong-Kuan Chen
Dangling DNS records takeover at scale
Dangling DNS records takeover at scale
Chandrapal Badshah
Hacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With Metasploit
Chris Gates
SSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
Empfohlen
資訊安全入門
資訊安全入門
Tyler Chen
Got Your PW - 一場入門資安的微旅行
Got Your PW - 一場入門資安的微旅行
Allen Chou
台科大網路鑑識課程 封包分析及中繼站追蹤
台科大網路鑑識課程 封包分析及中繼站追蹤
jack51706
網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享
Ying-Chun Cheng
Become A Security Master
Become A Security Master
Chong-Kuan Chen
Dangling DNS records takeover at scale
Dangling DNS records takeover at scale
Chandrapal Badshah
Hacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With Metasploit
Chris Gates
SSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
neexemil
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
Waf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
OWASP Secure Coding
OWASP Secure Coding
bilcorry
Super Easy Memory Forensics
Super Easy Memory Forensics
IIJ
Offzone | Another waf bypass
Offzone | Another waf bypass
Дмитрий Бумов
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beau Bullock
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Mauricio Velazco
サイバー脅威インテリジェンスに基づく検知指標学習とその応用 by 谷口 剛
サイバー脅威インテリジェンスに基づく検知指標学習とその応用 by 谷口 剛
CODE BLUE
最近のBurp Suiteについて調べてみた
最近のBurp Suiteについて調べてみた
zaki4649
Advanced SQL Injection
Advanced SQL Injection
amiable_indian
Process hollowing
Process hollowing
ry0kvn
MSOfficeファイル暗号化のマスター鍵を利用したバックドアとその対策 by 光成滋生&竹迫良範
MSOfficeファイル暗号化のマスター鍵を利用したバックドアとその対策 by 光成滋生&竹迫良範
CODE BLUE
You can detect PowerShell attacks
You can detect PowerShell attacks
Michael Gough
Deep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
Secure coding practices
Secure coding practices
Mohammed Danish Amber
XSS再入門
XSS再入門
Hiroshi Tokumaru
Introduction to red team operations
Introduction to red team operations
Sunny Neo
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP
淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Wen-Tien Chang
Weitere ähnliche Inhalte
Was ist angesagt?
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
neexemil
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
Waf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
OWASP Secure Coding
OWASP Secure Coding
bilcorry
Super Easy Memory Forensics
Super Easy Memory Forensics
IIJ
Offzone | Another waf bypass
Offzone | Another waf bypass
Дмитрий Бумов
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beau Bullock
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Mauricio Velazco
サイバー脅威インテリジェンスに基づく検知指標学習とその応用 by 谷口 剛
サイバー脅威インテリジェンスに基づく検知指標学習とその応用 by 谷口 剛
CODE BLUE
最近のBurp Suiteについて調べてみた
最近のBurp Suiteについて調べてみた
zaki4649
Advanced SQL Injection
Advanced SQL Injection
amiable_indian
Process hollowing
Process hollowing
ry0kvn
MSOfficeファイル暗号化のマスター鍵を利用したバックドアとその対策 by 光成滋生&竹迫良範
MSOfficeファイル暗号化のマスター鍵を利用したバックドアとその対策 by 光成滋生&竹迫良範
CODE BLUE
You can detect PowerShell attacks
You can detect PowerShell attacks
Michael Gough
Deep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
Secure coding practices
Secure coding practices
Mohammed Danish Amber
XSS再入門
XSS再入門
Hiroshi Tokumaru
Introduction to red team operations
Introduction to red team operations
Sunny Neo
Was ist angesagt?
(20)
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Waf bypassing Techniques
Waf bypassing Techniques
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
OWASP Secure Coding
OWASP Secure Coding
Super Easy Memory Forensics
Super Easy Memory Forensics
Offzone | Another waf bypass
Offzone | Another waf bypass
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...
サイバー脅威インテリジェンスに基づく検知指標学習とその応用 by 谷口 剛
サイバー脅威インテリジェンスに基づく検知指標学習とその応用 by 谷口 剛
最近のBurp Suiteについて調べてみた
最近のBurp Suiteについて調べてみた
Advanced SQL Injection
Advanced SQL Injection
Process hollowing
Process hollowing
MSOfficeファイル暗号化のマスター鍵を利用したバックドアとその対策 by 光成滋生&竹迫良範
MSOfficeファイル暗号化のマスター鍵を利用したバックドアとその対策 by 光成滋生&竹迫良範
You can detect PowerShell attacks
You can detect PowerShell attacks
Deep dive into ssrf
Deep dive into ssrf
Secure coding practices
Secure coding practices
XSS再入門
XSS再入門
Introduction to red team operations
Introduction to red team operations
Ähnlich wie 窺探職場上所需之資安專業技術與能力 Tdohconf
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP
淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Wen-Tien Chang
Agile startup company management and operation
Agile startup company management and operation
Jiang Zhu
Next Generation Memory Forensics
Next Generation Memory Forensics
Andrew Case
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
Simon Bennetts - Automating ZAP
Simon Bennetts - Automating ZAP
DevSecCon
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
Istanbul Tech Talks
2017 Codemotion OWASP ZAP in CI/CD
2017 Codemotion OWASP ZAP in CI/CD
Simon Bennetts
15年前に作ったアプリを現在に蘇らせてみた話
15年前に作ったアプリを現在に蘇らせてみた話
Naoki Nagazumi
EclipseCon France 2018 report
EclipseCon France 2018 report
Akira Tanaka
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov
Доклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDays
ru_Parallels
Security research over Windows #defcon china
Security research over Windows #defcon china
Peter Hlavaty
Barcamp Bangkhen :: Robot Framework
Barcamp Bangkhen :: Robot Framework
Somkiat Puisungnoen
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
TestDevLab
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Codemotion
Java platform
Java platform
Universidade de São Paulo
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011
Abraham Aranguren
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
gmaran23
Qcon beijing 2010
Qcon beijing 2010
Vonbo
Ähnlich wie 窺探職場上所需之資安專業技術與能力 Tdohconf
(20)
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Agile startup company management and operation
Agile startup company management and operation
Next Generation Memory Forensics
Next Generation Memory Forensics
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts - Automating ZAP
Simon Bennetts - Automating ZAP
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
2017 Codemotion OWASP ZAP in CI/CD
2017 Codemotion OWASP ZAP in CI/CD
15年前に作ったアプリを現在に蘇らせてみた話
15年前に作ったアプリを現在に蘇らせてみた話
EclipseCon France 2018 report
EclipseCon France 2018 report
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Доклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDays
Security research over Windows #defcon china
Security research over Windows #defcon china
Barcamp Bangkhen :: Robot Framework
Barcamp Bangkhen :: Robot Framework
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Java platform
Java platform
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Qcon beijing 2010
Qcon beijing 2010
Kürzlich hochgeladen
Report Writing Webinar Training
Report Writing Webinar Training
KylaCullinane
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
NhPhngng3
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
nswingard
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
CamilleBoulbin1
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
hlharris
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
Islamia university of Rahim Yar khan campus
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Delhi Call girls
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
Vipesco
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
Senaatti-kiinteistöt
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
SkillCertProExams
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Pooja Nehwal
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
Fabian de Rijk
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lodhisaajjda
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
Kürzlich hochgeladen
(18)
Report Writing Webinar Training
Report Writing Webinar Training
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
窺探職場上所需之資安專業技術與能力 Tdohconf
1.
Jack 1
2.
... • • • • • 2
3.
Agenda • Whoami • • & • • •
FAQ 3
4.
4
5.
( ) • TCP/IP •
OWASP 5
6.
-VA & WEBVA •
OWASP • Vulnerability Assessment • ..... • 6
7.
Exploit Development • http://securityalley.blogspot.tw/2014/06/buffer-overflow-windows.html
( EXPLOIT ) • https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/ (CORELAN ) • http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/ ( EXPLOIT ) • https://github.com/enddo/awesome-windows-exploitation • https://github.com/riusksk/vul_war 7
8.
8
9.
9
10.
- / • • 10
11.
- • • • AD • • • 11
12.
( ) • WEBPT •
IR • Coding • Certification 12
13.
- • OWASP Testing
Guide • Open Source Security Testing Methodology Manual (OSSTMM) • • 13
14.
Web Application Hacker’s
Methodology 14
15.
SQLMAP • ..... • 1 •
2 code • 3 code 15
16.
-1 • https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project • http://drops.wooyun.org/(
....) • http://www.freebuf.com/ • https://www.91ri.org/ • https://support.portswigger.net/customer/portal/topics/792273-burp-testing- methodologies/articles?page=1 • https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/ 16
17.
17
18.
- • ERS? (WHAT) •
? (WHO) • ? (WHERE) • ? (HOW) • 18
19.
ATTACK LIFECYCLE ..... 19
20.
- • 20
21.
IR Toolkit • 21
22.
- • • • • 22
23.
• Hash (
) • (.NET JAVA ) • Import ( • Strings • Tools Installed on REMnux • Reverse-Engineering Wiki 23
24.
• F5 ( • •
( ?) 24
25.
• .... • • —— 25
26.
26
27.
• Anti VM •
Anti OD • Anti Forensic • Anti XXX …… • • ANTI TECH github 27
28.
• • 28
29.
• http://bbs.pediy.com/ (
) • http://www.52pojie.cn/forum.php ( ) • http://adr.horse/ ( ) • https://github.com/gasgas4/APT_CyberCriminal_Campagin ( ) • http://blog.malwaremustdie.org/ • http://www.malware-traffic-analysis.net/ 29
30.
30
31.
Malware Source /
Code • https://github.com/gasgas4/Leaked_Malware_SourceCode • https://github.com/ytisf/theZoo • https://github.com/krmaxwell/maltrieve 31
32.
- • • • • • 32
33.
• • • ?! • • 33
34.
34
35.
35
36.
36
37.
IDA OD ... 37
38.
Google Drive • OAuth 38
39.
DropBox • token 39
40.
40
41.
XX •A B •B C
D E • ... 41
42.
XXX • • • 42
43.
43
44.
( ! 44
45.
• Office • 45
46.
... 46
47.
• 47
48.
! ! ! 48
49.
! ! ! 49
50.
50
51.
• https://github.com/hackedteam?tab=repositories (
HACKING TEAM) • https://www.blackhat.com/html/archives.html • https://www.defcon.org/html/links/dc-archives.html • https://github.com/RichardLitt/awesome-conferences • RSA , Zeronight , Hitcon , cansecwest , CONFidence , HITB , nullcon , recon , syscan ... 51
52.
FAQ: CTF • • Bug
Bounty • http://ppt.cc/7xaGu • https://bugcrowd.com/ programs • https://h1.sintheticlabs.com/ 52
53.
FAQ Certification • 53
54.
54
55.
55
56.
... 56
57.
& 57
Jetzt herunterladen