- 博客(255)
- 收藏
- 关注
RSS订阅原创 越狱检测手段
许多iOS应用都包含一些越狱检测机制,有些会被攻击者绕过,有些却非常困难。之前我也在公众号上放了一篇iOS有反检测能力的越狱工具shadow的分析和检测,但没有整理检测的方法。下面是一些比较常见的检测越狱iOS设备方法基于文件系统的检测越狱进程会修改文件系统,加入,移动和改变文件和目录。这些改变是可以检测到,用来决定这个设备是否被越狱。新文件创建在越狱过程中,一些额外文件会在设备上创建。查找这些文件是一种简单的检测越狱的方法,同时对于恶意用户来说,也是最容易检测和绕过的。一个攻击者可以在
2021-10-13 12:20:17
1328
原创 免费恶意样本资源
恶意软件研究员经常要寻找恶意样本来获取威胁情报和开发防御方案。下面是一些免费的恶意样本资源站,研究的人请下载到虚拟机上玩,后果自负!ANY.RUNhttps://app.any.run/submissions/每天更新,需要注册Contagio Malware Dumphttp://contagiodump.blogspot.com/每天更新,下载后解压需要发邮件给博主获取密码DAS MALWERKhttps://dasmalwerk.eu/更新频率不知,随便下载
2021-10-13 12:15:11
2870
原创 iOS有反检测能力的越狱工具shadow的分析和检测
Shadow包地址:https://github.com/jjolano/shadow/releases/download/v2.0.x%40old/me.jjolano.shadow_2.0.20_iphoneos-arm.deb分析工具:IDA 7.0基本思路在分析越狱工具shadow之前,所有越狱工具都是对进程进行注入挂钩来实现。注入从作用范围来看,分为两类: 用户态注入,通过动态库 内核态注入,通过驱动 根据https://developer.apple.com/.
2021-04-16 23:24:59
3014
2
原创 最后防线:三款开源HIDS功能对比评估
本文是对Wazuh, Osquery, AgentSmith这三款开源HIDS进行功能性的评估,目的是取长补短,做一个完善的HIDS系统。简介HIDS的功能主要是依靠agent的数据收集功能, 所以HIDS的功能对比,实际上是agent的功能对比。HIDS主要是为了检测主机系统的异常行为,也就是说,必须要建立各种基线,在基线的基础上进行事件监控,从事件中甄别出异常行为或误报,从而不断地调整更新基线。那么,agent必须要采集各种系统信息生成各种基线,并且通过轮循或实时监控的方式来收集各种.
2021-04-16 23:02:19
1016
原创 最后防线:三款开源HIDS应用对比评估
本文仅从应用角度评估Wazuh, Osquery, AgentSmith这三款HIDS,针对企业立马使用HIDS,或者包装成方案的场景。简介Wazuh:一款免费、开源的企业级安全监控解决方案,用于威胁检测、完整性监控、事件响应和合规性。Osquery: 用于Windows、OS X(MacOS)、Linux和FreeBSD的操作系统工具框架, 使低级操作系统分析和监控既有性能又直观。AgentSmith: 一个基于云本地主机的入侵检测解决方案项目,旨在通过现代架构提供下一代威胁检测和行为.
2021-04-16 23:01:09
1036
原创 CISSP考试指南笔记:8.15 快速提示
Security should be addressed in each phase of system development. It should not be addressed only at the end of development because of the added cost, time, and effort and the lack of functionality. The attack surface is the collection of possible e..
2021-04-16 22:59:28
201
原创 CISSP考试指南笔记:8.14 评估外部获取软件的安全性
In many cases, our approach to mitigating the risks of acquired software will begin with an assessment of the vendor.A key element in assessing the security of acquired software is, rather obviously, its performance on an internal assessment.剩余内容请关注本人公
2021-04-16 22:58:11
104
原创 CISSP考试指南笔记:8.13 恶意软件
Adhering to the usual rules of not opening an e-mail attachment or clicking on a link that comes from an unknown source is one of the best ways to combat malicious code.VirusesAvirusis a small application, or string of code, that infects software. Th..
2021-04-16 22:56:22
161
原创 CISSP考试指南笔记:8.12 数据库管理
Database Management SoftwareAdatabaseis a collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify that data as needed.Adatabase management system (DBMS)is a suite of programs used to ma...
2021-04-16 22:53:58
162
原创 CISSP考试指南笔记:8.11 web安全
Specific Threats for Web EnvironmentsAdministrative InterfacesUsing a web-based administrative interface is, in most opinions, a bad idea.A bad habit that’s found even in high-security environments is hard-coding authentication credentials into the l
2021-04-16 22:52:39
130
原创 CISSP考试指南笔记:8.10 移动代码
Code that can be transmitted across a network, to be executed by a system or device on the other end, is calledmobile code.Java AppletsJava is an object-oriented, platform-independent programming language. It is employed as a full-fledged programming .
2021-04-16 22:51:12
133
原创 base64的天坑
base64编码补位的坑,导致数据验证被绕过,也绕过了系统黑名单的检测。背景突然,测试人员找上我,说篡改某对象ID的值会绕过系统的黑名单检测!我非常不相信,因为该对象ID生成有随机因素,而且它的校验也有hash判断,只要校验不通过,立马会拒绝。他把那个对象ID发给我,是这样的NWE3MGQzMTBhYWYyODUxZTFlN2QwOWY2OWFmOGE5ZjMtMmUzOGIxZWNlZTVkNDUzNjkyYTg2NDAxYTVhZjk0MzUwMDAyLUx3QTF1OGpXW.
2021-03-30 00:22:39
162
原创 CISSP考试指南笔记:8.7 安全编码
Secure codingis the process of developing software that is free from defects, particularly those that could be exploited by an adversary to cause us harm or loss.Source Code VulnerabilitiesTheOpen Web Application Security Project (OWASP)is an organi...
2021-03-30 00:19:52
131
原创 CISSP考试指南笔记:8.9 分布式计算
A distributed object computing model needs toregisterthe client and server components, which means to find out here they live on the network, what their names or IDs are, and what type of functionality the different components carry out.Distributed Com..
2021-03-30 00:19:32
83
原创 CISSP考试指南笔记:8.8 编程语言和概念
Machine languageis in a format that the computer’s processor can understand and work with directly.Anassembly languageis considered a low-level programming language and is the symbolic representation of machine-level instructions.Third-generation pr...
2021-03-30 00:18:45
177
原创 CISSP考试指南笔记:8.6 开发环境的安全
there are three major elements we should stress when it comes to security of development environments: the development platforms, the code repositories, and the software configurations.Security of Development Platformsthe first step in ensuring the sec
2021-03-30 00:16:43
164
原创 CISSP考试指南笔记:8.4 能力成熟度模型
Capability Maturity Model Integration (CMMI)is a comprehensive, integrated set of guidelines for developing products and software.CMMI describes procedures, principles, and practices that underlie software development process maturity.The five maturit.
2021-03-30 00:15:51
246
原创 CISSP考试指南笔记:8.5 变更控制
Change managementis a systematic approach to deliberately regulating the changing nature of projects, including software development projects.Change ControlChange controlis the process of controlling the specific changes that take place during the li..
2021-03-30 00:15:18
266
原创 CISSP考试指南笔记:8.3 软件开发模型
Waterfall MethodologyThe Waterfall methodology uses a linear-sequential life-cycle approach,Each phase must be completed in its entirety before the next phase can begin. At the end of each phase, a review takes place to make sure the project is on the co
2021-03-30 00:13:29
113
原创 CISSP考试指南笔记:8.2 软件开发生命周期
There have been several software development life cycle (SDLC) models developed over the years, the crux of each model deals with the following phases: Requirements gathering Design Development Testing Operations and maintenance Pr
2021-03-30 00:12:40
176
原创 CISSP考试指南笔记:8.1 创建好的代码
Quality can be defined as fitness for purpose.Code reviews and interface testing, are key elements in ensuring software quality.Software controls come in various flavors and have many different goals. They can control input, encryption, logic process..
2021-03-30 00:11:53
140
原创 最后防线:字节跳动HIDS分析
AgentSmith HIDS是字节跳动开源的HIDS,采用内核驱动方式进行入侵检测,可以检测各种rootkit/bootkit,具有实时,高性能,无感知的优势。由于它是基于内核,只对2.6.32+内核支持,且rootkit的检测必须要在3.10.0+内核才支持。同时,由于它是监控内核函数的调用,事件和消息,并不提供软件管理,用户管理,系统管理,网络管理之类的基线。虽然目前总体代码只是2500行左右,但实现功能却非常多,多得作者Will大佬的指点,在撸一把5.12.0内核的代码,才勉强清楚这些检测.
2021-03-17 11:42:39
1715
1
原创 CISSP考试指南笔记:7.14 快速提示
Facilities that house systems that process sensitive information should have physical access controls to limit access to authorized personnel only. Clipping levels should be implemented to establish a baseline of user activity and acceptable errors...
2021-03-17 00:28:12
186
原创 CISSP考试指南笔记:7.13 个人安全问题
The single most valuable asset for an organization, and the one that involves the highest moral and ethical standards, is its people.Emergency ManagementA common tool for ensuring the safety of personnel during emergencies is the occupant emergency pla
2021-03-14 16:21:41
132
原创 CISSP考试指南笔记:7.12 实施灾难恢复
Recovering from a disaster begins way before the event occurs. It starts by anticipating threats and developing goals that support the business’s continuity of operations.A goal must contain certain key information, such as the following: Responsibili
2021-03-14 16:20:53
154
原创 CISSP考试指南笔记:7.11 保险
The BCP team should work with management to understand what the current coverage is, the various insurance options, and the limits of each option. The goal here is to make sure the insurance coverage fills in the gap of what the current preventive counterm
2021-03-12 23:40:47
110
原创 CISSP考试指南笔记:7.10 义务及其后果
In the context of security,due caremeans that a company did all it could have reasonably done, under the circumstances, to prevent security breaches, and also took reasonable steps to ensure that if a security breach did take place, proper controls or co..
2021-03-12 00:24:12
140
原创 CISSP考试指南笔记:7.9 灾难恢复
Therecovery time objective (RTO)is the maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences associated with a break in business continuity.Thework recove...
2021-03-12 00:23:27
186
原创 CISSP考试指南笔记:7.8 调查
When a potential computer crime takes place, it is critical that the investigation steps are carried out properly to ensure that the evidence will be admissible to the court if things go that far and that it can stand up under the cross-examination and scr
2021-03-12 00:22:38
132
原创 CISSP考试指南笔记:7.7 事故管理流程
There are many incident management models, but all share some basic characteristics. They all require that we identify the event, analyze it to determine the appropriate counteractions, correct the problem(s), and, finally, keep the event from happening ag
2021-03-12 00:21:58
263
原创 最后防线:osquery功能与实现
开源HIDS osquery的主机监控功能和实现原理。osquery代码链接:osqueryosquery表结构:表结构本文是在安装它之后,从osqueryi中的表再调研代码来获取它的实现设备基线对系统使用的设备建立基线,从而发现故障的设备,用于IDC机房。不足之处:这些功能用于传统机房。对于云时代并不适用功能 实现原理 acpi设备 读取/sys/firmware/acpi/tables目录 块设备 通过调用udev库API读取 设备信息(设备...
2021-03-07 23:15:14
798
原创 CISSP考试指南笔记:7.6 预防和检测
The steps of this generalized process are described here: Understand the risk. Use the right controls. Use the controls correctly. Manage your configuration. Assess your operation. Continuous MonitoringNIST Special Publication 80
2021-03-07 23:13:35
235
原创 CISSP考试指南笔记:7.5 网络和资源可用性
Another key component of security operations is planning for and dealing with the inevitable failures of the component parts of our information systems.The network needs to be properly maintained to make sure the network and its resources will always be
2021-03-07 01:08:50
85
原创 CISSP考试指南笔记:7.4 安全资源配置
provisioning is the set of all activities required to provide one or more new information services to a user or group of users.At the heart of provisioning is the imperative to provide these services in a secure manner.Asset Inventorythe most essenti
2021-03-06 00:09:54
157
原创 CISSP考试指南笔记:7.3 物理安全
As any other defensive technique, physical security should be implemented by using a layered approach.It is also important to have a diversity of controls.This defense model should work in two main modes: one mode during normal facility operations and
2021-03-06 00:07:52
110
原创 CISSP考试指南笔记:7.2 行政管理
Administrative management is a very important piece of operational security. One aspect of administrative management is dealing with personnel issues. This includes separation of duties and job rotation. The objective of separation of duties is to ensure t
2021-03-06 00:06:50
128
原创 CISSP考试指南笔记:7.1 运营部门的角色
The continual effort to make sure the correct policies, procedures, standards, and guidelines are in place and being followed is an important piece of the due care and due diligence efforts that companies need to perform.Security operations is all abou.
2021-03-06 00:06:04
143
原创 CISSP考试指南笔记:6.6 快速提示
An audit is a systematic assessment of the security controls of an information system. Setting a clear set of goals is probably the most important step of planning a security audit. Internal audits benefit from the auditors’ familiarity with th..
2021-03-06 00:05:23
269
原创 CISSP考试指南笔记:6.5 管理评审
A management review is a formal meeting of senior organizational leaders to determine whether the management systems are effectively accomplishing their goals.While management reviews have been around for a very long time, the modern use of the term is p
2021-03-06 00:04:34
221
原创 CISSP考试指南笔记:6.4 报告
Analyzing ResultsOnly after analyzing the results can you provide insights and recommendations that will be valuable to senior decision-makers.First you gather all your data, organize it, and study it carefully.The second step in your analysis is to
2021-03-06 00:03:19
133
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人