Information Security penetration test training notes
No surprise, the speaker has begun, entitled penetration testing. This article describes how to use the attacker's method to identify non-destructive vulnerabilities with Party A's authorization.
The ten step to kill a person, not to stay a thousandmiles. -- White Lee
May March, the end of the month, not yet available.
Under baiwangshan, the Big willow edge, the wolf factory dream gold.
(Baidu's meeting room)
Everyone is fully seated, with one person and one screen in the light.
Noisy, sit, close, quiet, and look forward.
No surprise, the speaker has begun, entitled penetration testing. This article describes how to use the attacker's method to identify non-destructive vulnerabilities with Party A's authorization.
In the venue, the audience gathered together, and they seemed to hear the technology in it.
However, I heard "kill ". This method is exactly the same as the legendary hacker.
Processes, tools, and methods,
Listening to routines, weapons, and secrets.
The next book asked: "Why should I learn this destructive technique if I love peace ?"
It is expected that this is not an industry expert.
In the past 20 years, Western learning has become popular in China.
The architecture of information security is as follows: Yu, test, and Ying.
Owner:
Protection is to take all possible measures to protect the security of networks, systems, and information. The technologies and methods used for protection mainly include encryption, authentication, access control, firewall, and anti-virus.
Tested:
Detection can be used to understand and evaluate the security status of networks and systems and provide a basis for security protection and security response. Detection techniques include intrusion detection, vulnerability detection, and network scanning.
Applicant:
Emergency Response plays an important role in the security model and is the most effective solution to security problems. Solving security problems is to solve emergency response and exception handling problems. Therefore, establishing an emergency response mechanism to form a fast and secure response capability is crucial for networks and systems.
Some people asked questions one after another, and the speaker answered questions with laughter.
After the event, all people are dispersed.
I sat alone and thought deeply, and the audience did not pay attention to the "method of Mind" I just mentioned ".
Routines, weapons, and tips are just the means that you can see. However, if you want to reach the realm of the bullet fingers, there will also be secrets such as mind, no trace, and tracing.
The means are hard work, the system is numerous, the weakness is numerous, the human ability memory is infinite many means, just enough.
The idea is also true. Identify various means, without having to focus on memory weaknesses. The total set of xinfa is "seven-step killing chain", which is divided into various types, as shown in the following:
This is the essence of penetration.
The penetration engineer has another qualification requirement and asks for "patience ".
It is both a qualification and a routine. No means are required. The target will be monitored all day long. When a vulnerability is discovered and the O & M personnel have not completed the patch, the attacker will be able to pull the knife.
What I learned today, I am back to sort it out, and it is dark. Ele. Me in the belly, no smoke in the kitchen downstairs. Electric vehicles and horses outside the factory are still there, and now they are leaving, so they can still get home by subway.
As for security techniques, if you want to learn more about them, let's take a look at them.