VagrantPi
    • Create new note
    • Create a note from template
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Write
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Engagement control Commenting, Suggest edit, Emoji Reply
    • Invite by email
      Invitee

      This note has no invitees

    • Publish Note

      Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

      Your note will be visible on your profile and discoverable by anyone.
      Your note is now live.
      This note is visible on your profile and discoverable online.
      Everyone on the web can find and read all notes of this public team.
      See published notes
      Unpublish note
      Please check the box to agree to the Community Guidelines.
      View profile
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Emoji Reply
    • Enable
    • Versions and GitHub Sync
    • Note settings
    • Note Insights
    • Engagement control
    • Transfer ownership
    • Delete this note
    • Save as template
    • Insert from template
    • Import from
      • Dropbox
      • Google Drive
      • Gist
      • Clipboard
    • Export to
      • Dropbox
      • Google Drive
      • Gist
    • Download
      • Markdown
      • HTML
      • Raw HTML
Menu Note settings Versions and GitHub Sync Note Insights Sharing URL Create Help
Create Create new note Create a note from template
Menu
Options
Engagement control Transfer ownership Delete this note
Import from
Dropbox Google Drive Gist Clipboard
Export to
Dropbox Google Drive Gist
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Write
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Engagement control Commenting, Suggest edit, Emoji Reply
  • Invite by email
    Invitee

    This note has no invitees

    • Publish Note

    Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

    Your note will be visible on your profile and discoverable by anyone.
    Your note is now live.
    This note is visible on your profile and discoverable online.
    Everyone on the web can find and read all notes of this public team.
    See published notes
    Unpublish note
    Please check the box to agree to the Community Guidelines.
    View profile
    Engagement control
    Commenting
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    • Everyone
    Suggest edit
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    Emoji Reply
    Enable
    Import from Dropbox Google Drive Gist Clipboard
       owned this note    owned this note      
    Published Linked with GitHub
    Subscribed
    • Any changes
      Be notified of any changes
    • Mention me
      Be notified of mention me
    • Unsubscribe
    Subscribe
    <style> .textleft { text-align:left; } .reveal, .reveal h1, .reveal h2, .reveal h3, .reveal h4, .reveal h5, .reveal h6 { font-family:Arial, Microsoft JhengHei;} .small-font { font-size: 20px !important; } .reveal .progress { height: 14px !important; } .progress span { background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAAMCAIAAAAs6UAAAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoV2luZG93cykiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QUNCQzIyREQ0QjdEMTFFMzlEMDM4Qzc3MEY0NzdGMDgiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QUNCQzIyREU0QjdEMTFFMzlEMDM4Qzc3MEY0NzdGMDgiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDpBQ0JDMjJEQjRCN0QxMUUzOUQwMzhDNzcwRjQ3N0YwOCIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDpBQ0JDMjJEQzRCN0QxMUUzOUQwMzhDNzcwRjQ3N0YwOCIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PovDFgYAAAAmSURBVHjaYvjPwMAAxjMZmBhA9H8INv4P4TPM/A+m04zBNECAAQBCWQv9SUQpVgAAAABJRU5ErkJggg==) repeat-x !important; } .progress span:after, .progress span.nyancat { content: ""; background: url(data:image/gif;base64,R0lGODlhIgAVAKIHAL3/9/+Zmf8zmf/MmZmZmf+Z/wAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/wtYTVAgRGF0YVhNUDw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDpDMkJBNjY5RTU1NEJFMzExOUM4QUM2MDAwNDQzRERBQyIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpCREIzOEIzMzRCN0IxMUUzODhEQjgwOTYzMTgyNTE0QiIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpCREIzOEIzMjRCN0IxMUUzODhEQjgwOTYzMTgyNTE0QiIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChXaW5kb3dzKSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOkM1QkE2NjlFNTU0QkUzMTE5QzhBQzYwMDA0NDNEREFDIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOkMyQkE2NjlFNTU0QkUzMTE5QzhBQzYwMDA0NDNEREFDIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+Af/+/fz7+vn49/b19PPy8fDv7u3s6+rp6Ofm5eTj4uHg397d3Nva2djX1tXU09LR0M/OzczLysnIx8bFxMPCwcC/vr28u7q5uLe2tbSzsrGwr66trKuqqainpqWko6KhoJ+enZybmpmYl5aVlJOSkZCPjo2Mi4qJiIeGhYSDgoGAf359fHt6eXh3dnV0c3JxcG9ubWxramloZ2ZlZGNiYWBfXl1cW1pZWFdWVVRTUlFQT05NTEtKSUhHRkVEQ0JBQD8+PTw7Ojk4NzY1NDMyMTAvLi0sKyopKCcmJSQjIiEgHx4dHBsaGRgXFhUUExIREA8ODQwLCgkIBwYFBAMCAQAAIfkECQcABwAsAAAAACIAFQAAA6J4umv+MDpG6zEj682zsRaWFWRpltoHMuJZCCRseis7xG5eDGp93bqCA7f7TFaYoIFAMMwczB5EkTzJllEUttmIGoG5bfPBjDawD7CsJC67uWcv2CRov929C/q2ZpcBbYBmLGk6W1BRY4MUDnMvJEsBAXdlknk2fCeRk2iJliAijpBlEmigjR0plKSgpKWvEUheF4tUZqZID1RHjEe8PsDBBwkAIfkECQcABwAsAAAAACIAFQAAA6B4umv+MDpG6zEj682zsRaWFWRpltoHMuJZCCRseis7xG5eDGp93TqS40XiKSYgTLBgIBAMqE/zmQSaZEzns+jQ9pC/5dQJ0VIv5KMVWxqb36opxHrNvu9ptPfGbmsBbgSAeRdydCdjXWRPchQPh1hNAQF4TpM9NnwukpRyi5chGjqJEoSOIh0plaYsZBKvsCuNjY5ptElgDyFIuj6+vwcJACH5BAkHAAcALAAAAAAiABUAAAOfeLrc/vCZSaudUY7Nu99GxhhcYZ7oyYXiQQ5pIZgzCrYuLMd8MbAiUu802flYGIhwaCAQDKpQ86nUoWqF6dP00wIby572SXE6vyMrlmhuu9GKifWaddvNQAtszXYCxgR/Zy5jYTFeXmSDiIZGdQEBd06QSBQ5e4cEkE9nnZQaG2J4F4MSLx8rkqUSZBeurhlTUqsLsi60DpZxSWBJugcJACH5BAkHAAcALAAAAAAiABUAAAOgeLrc/vCZSaudUY7Nu99GxhhcYZ7oyYXiQQ5pIZgzCrYuLMd8MbAiUu802flYGIhwaCAQDKpQ86nUoWqF6dP00wIby572SXE6vyMrlmhuu9GuifWaddvNwMkZtmY7AWMEgGcKY2ExXl5khFMVc0Z1AQF3TpJShDl8iASST2efloV5JTyJFpgOch8dgW9KZxexshGNLqgLtbW0SXFwvaJfCQAh+QQJBwAHACwAAAAAIgAVAAADoXi63P7wmUmrnVGOzbvfRsYYXGGe6MmF4kEOaSGYMwq2LizHfDGwIlLPNKGZfi6gZmggEAy2iVPZEKZqzakq+1xUFFYe90lxTsHmim6HGpvf3eR7skYJ3PC5tyystc0AboFnVXQ9XFJTZIQOYUYFTQEBeWaSVF4bbCeRk1meBJYSL3WbaReMIxQfHXh6jaYXsbEQni6oaF21ERR7l0ksvA0JACH5BAkHAAcALAAAAAAiABUAAAOeeLrc/vCZSaudUY7Nu99GxhhcYZ7oyYXiQQ5pIZgzCrYuLMfFlA4hTITEMxkIBMOuADwmhzqeM6mashTCXKw2TVKQyKuTRSx2wegnNkyJ1ozpOFiMLqcEU8BZHx6NYW8nVlZefQ1tZgQBAXJIi1eHUTRwi0lhl48QL0sogxaGDhMlUo2gh14fHhcVmnOrrxNqrU9joX21Q0IUElm7DQkAIfkECQcABwAsAAAAACIAFQAAA6J4umv+MDpG6zEj682zsRaWFWRpltoHMuJZCCRseis7xG5eDGp93bqCA7f7TFaYoIFAMMwczB5EkTzJllEUttmIGoG5bfPBjDawD7CsJC67uWcv2CRov929C/q2ZpcBbYBmLGk6W1BRY4MUDnMvJEsBAXdlknk2fCeRk2iJliAijpBlEmigjR0plKSgpKWvEUheF4tUZqZID1RHjEe8PsDBBwkAIfkECQcABwAsAAAAACIAFQAAA6B4umv+MDpG6zEj682zsRaWFWRpltoHMuJZCCRseis7xG5eDGp93TqS40XiKSYgTLBgIBAMqE/zmQSaZEzns+jQ9pC/5dQJ0VIv5KMVWxqb36opxHrNvu9ptPfGbmsBbgSAeRdydCdjXWRPchQPh1hNAQF4TpM9NnwukpRyi5chGjqJEoSOIh0plaYsZBKvsCuNjY5ptElgDyFIuj6+vwcJACH5BAkHAAcALAAAAAAiABUAAAOfeLrc/vCZSaudUY7Nu99GxhhcYZ7oyYXiQQ5pIZgzCrYuLMd8MbAiUu802flYGIhwaCAQDKpQ86nUoWqF6dP00wIby572SXE6vyMrlmhuu9GKifWaddvNQAtszXYCxgR/Zy5jYTFeXmSDiIZGdQEBd06QSBQ5e4cEkE9nnZQaG2J4F4MSLx8rkqUSZBeurhlTUqsLsi60DpZxSWBJugcJACH5BAkHAAcALAAAAAAiABUAAAOgeLrc/vCZSaudUY7Nu99GxhhcYZ7oyYXiQQ5pIZgzCrYuLMd8MbAiUu802flYGIhwaCAQDKpQ86nUoWqF6dP00wIby572SXE6vyMrlmhuu9GuifWaddvNwMkZtmY7AWMEgGcKY2ExXl5khFMVc0Z1AQF3TpJShDl8iASST2efloV5JTyJFpgOch8dgW9KZxexshGNLqgLtbW0SXFwvaJfCQAh+QQJBwAHACwAAAAAIgAVAAADoXi63P7wmUmrnVGOzbvfRsYYXGGe6MmF4kEOaSGYMwq2LizHfDGwIlLPNKGZfi6gZmggEAy2iVPZEKZqzakq+1xUFFYe90lxTsHmim6HGpvf3eR7skYJ3PC5tyystc0AboFnVXQ9XFJTZIQOYUYFTQEBeWaSVF4bbCeRk1meBJYSL3WbaReMIxQfHXh6jaYXsbEQni6oaF21ERR7l0ksvA0JACH5BAkHAAcALAAAAAAiABUAAAOeeLrc/vCZSaudUY7Nu99GxhhcYZ7oyYXiQQ5pIZgzCrYuLMfFlA4hTITEMxkIBMOuADwmhzqeM6mashTCXKw2TVKQyKuTRSx2wegnNkyJ1ozpOFiMLqcEU8BZHx6NYW8nVlZefQ1tZgQBAXJIi1eHUTRwi0lhl48QL0sogxaGDhMlUo2gh14fHhcVmnOrrxNqrU9joX21Q0IUElm7DQkAOw==) ; width: 36px !important; height: 21px !important; border: none !important; float: right; margin-top: -7px; margin-right: -10px; transform: scale(1.5,1.5); } .reveal section img { height: 550px !important; } </style> <!-- .slide: data-transition="slide" --> # 台灣資安大會分享 @Kais(VagrantPi) ###### tags: `security`, `簡報` --- <!-- .slide: data-transition="slide" --> ## 議程分享 - 如何用世界一流的架構評估資安產品優劣 - IT人轉職資安人的起手式(不在簡報上)(推薦) - 手把手,教你如何處理資安事件(推薦) - 做到哪種程度才有足夠的網路安全? - 正面迎戰內部威脅,公司被害還是員工被駭?! - 使用軟體無線電進行封包重送、逆向與偽造 ---- <!-- .slide: data-transition="convex" --> - 2019 GDPR 關注重點與趨勢觀察(推薦) - 駭客如何利用公開工具在內部網路中暢行無阻(推薦) - 突破困境:資安開源工具之應用分享(推薦) - 產品漏洞處理及回應 - 以人為本的資安控管-由內而外幫您建立全面防線 - 用紅隊演練最佳化資安投資(推薦) --- <!-- .slide: data-transition="slide" --> ## 如何用世界一流的架構評估資安產品優劣 ---- <!-- .slide: data-transition="convex" --> ### EDR, MDR <!-- 現在APT - Advanced Persistent Threat (高級長期威脅)逐步增加的現代,傳統的單純防護已不堪使用 --> EDR - endpoint detection response <!-- EDR 為端點的偵測與與防禦 --> MDR - managed detection response <!-- EDR 延伸,類似集成的管理工具 --> ---- <!-- .slide: data-transition="convex" --> 差異: - EDR 需要有專門的技術人員處理,MDR 則有人幫你管理 - 人力也是問題 - 針對入侵事件是否也能自行排除 - 硬體備份之類的服務 ---- <!-- .slide: data-transition="convex" --> ### 駭客擊殺鍊 - Cyber Kill Chain <div class="small-font">擊殺鍊描述攻擊者的攻擊流程,所以說如果再某的環節擋住,駭客就得再從頭來</div> <p class="small-font"><< 此圖分本場 slide >></p> ![](https://i.imgur.com/44HSXDW.jpg) ---- <!-- .slide: data-transition="convex" --> ### TTP 駭客攻擊手法準則 Tools, Techniques, Procedures 所以拿到某個駭客族群的 TTP,就可以去找出所有電腦中有哪些有類似 TTP > 如果有人中了,會放出消息,其他人就能防禦了,這就是所謂的情資 <div class="small-font">EX: 使用的工具、使用的 C&C (IP/URL 黑名單)、偷偷裝了VPN、有奇怪的 ping 且封包夾帶資料</div> ---- <!-- .slide: data-transition="convex" --> ### MITRE ATT & CK 描述攻擊的 TTP Framework(統一的回報規格) > https://attack.mitre.org/ ![](https://i.imgur.com/gqk3Jiy.png) ---- <!-- .slide: data-transition="convex" --> ### Red Team vs Blue Team 怎麼評估工具? - 沒人會攻擊或防守 - 攻擊手段是否有可信度 - 打不進去是防守完整還是攻擊不夠力 ---- <!-- .slide: data-transition="convex" --> ### Adversary Emulation 自動化的攻擊模擬平台 - RedHunt OS (講師推薦) - Caldera(*) - Metta - APT Simulator --- <!-- .slide: data-transition="slide" --> ## 手把手,教你如何處理資安事件(推薦) ---- <!-- .slide: data-transition="convex" --> ### 資安的源頭 - 網軍 - 網路犯罪 - 內鬼 - 駭客主義者 ---- <!-- .slide: data-transition="convex" --> ### 可能的手段 - multi-stage download + loader(附件為普通的 txt => txt 轉 exe) - vpn 會被當作跳板使用 - 透過一些合法程式來下載後門(如微軟簽章的程式加點參數可以拿來下載東西,防毒一定不會掃描這些程式) - 一些雲端服務會變成後門下載中繼站(github, dropbox, google drive 通常這些 domain uri 不會被擋) ---- <!-- .slide: data-transition="convex" --> ### 調查思路 - what 什麼東西發生異常 - who 受害對象是 - where 受害對象在哪 受害範圍,哪些主機受害 - how 如何受害 哪些主機,開了哪些服務,對應會產生哪些漏洞 分析法 - 時間軸分析 - 羅卡定律與時間交互作用 <!-- 羅卡定律,凡兩個物體接觸,必會產生轉移現象 --> <!-- 惡意軟體加密,被加密的時間順序,通常第一個被加密的前面幾個 exe 檔可能就是惡意程式 --> --- <!-- .slide: data-transition="slide" --> ## 做到哪種程度才有足夠的網路安全? ---- <!-- .slide: data-transition="convex" --> teamview 或 vnc 沒有開其他 port 的情況下,卻可以在內部下載外部資源(反向代理) > 資通安全管理法,可以參考 ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/yl42rEP.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/IVUItii.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/KUj0vvN.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/IsgXNs0.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/MuZXgC8.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/LyWZjyi.jpg) --- <!-- .slide: data-transition="slide" --> ## 正面迎戰內部威脅,公司被害還是員工被駭?! ---- <!-- .slide: data-transition="convex" --> 使用 sandbox 來侷限開發者,能存取網站、指令(shell)、螢幕擷取、勝制是複製貼上的字數限制,這街 event 也會被 log 下來 ---- <!-- .slide: data-transition="convex" --> ### 內網安全 人、駭客、applecation、OS 都會產生些網路行為,但如何區別 白名單、黑名單、port 管制? --- <!-- .slide: data-transition="slide" --> ## 使用軟體無線電進行封包重送、逆向與偽造 ---- <!-- .slide: data-transition="convex" --> 技術相關同一題目 hitcon 有更深的文章 有些機器是透過無線電控制的,只要駭客從中竊取,在發出一樣的無線電,工具就會動了 300m 內可以截取(無線電控制是廣播的),而他可以透過指向性天線,從2km外去操控機器 不過該問題對台灣的影響非常小,因為用有限的居多 --- <!-- .slide: data-transition="slide" --> ## 2019 GDPR 關注重點與趨勢觀察(推薦) ---- <!-- .slide: data-transition="convex" --> ### GDPR 通報率不斷上升!! <div class="small-font">網頁、監視器、電話推銷...</div> ![](https://i.imgur.com/IULXDyk.jpg) ---- <!-- .slide: data-transition="convex" --> ### 各國相繼建立隱私法規 ![](https://i.imgur.com/gTWuzrk.jpg) ---- <!-- .slide: data-transition="convex" --> ### 美國會不會之後也出現聯邦隱私法呢? ![](https://i.imgur.com/1YbEtJ3.jpg) ---- <!-- .slide: data-transition="convex" --> ### IOT 相關保護重點 ![](https://i.imgur.com/GMoiy71.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/OufC9y7.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/ym6saW9.jpg) ---- <!-- .slide: data-transition="convex" --> ### GDPR 接下來會是大餅,一堆跟隱私相關解決方案 ![](https://i.imgur.com/LdycW4V.jpg) ---- <!-- .slide: data-transition="convex" --> ### 加值應用與去識別化 <div class="small-font">去識別化越高,資料利用價值越低</div> ![](https://i.imgur.com/qODrtzK.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/Htxq3sl.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/4o6IzVP.jpg) --- <!-- .slide: data-transition="slide" --> ## 駭客如何利用公開工具在內部網路中暢行無阻(推薦) ---- <!-- .slide: data-transition="convex" --> ### 紅隊演練 vs 滲透測試 ---- <!-- .slide: data-transition="convex" --> ### 滲透測試 - 特定目標 - 特定範圍 - 目標是找漏洞 ---- <!-- .slide: data-transition="convex" --> ### 紅隊演練 - 駭客思維出發 - 全面啟廣泛 - 目標是竊取內部資料 ---- <!-- .slide: data-transition="convex" --> ### 常見免費測試 tool metasploit - 滲透測試工具 cobalt strike - 遠程控制工具(紅隊演練) ---- <!-- .slide: data-transition="convex" --> ### 駭客狙殺鍊 - Cyber Kill Chain ![](https://i.imgur.com/44HSXDW.jpg) ---- <!-- .slide: data-transition="convex" --> ### 目標偵查 recon-ng - 目標搜集,擁有多種模組 ![](https://i.imgur.com/9ID1nlD.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/z2KbUVM.jpg) ---- <!-- .slide: data-transition="convex" --> ### 武器製造 macro_pack - 代碼混淆 可以將混淆後的資料透過 metasploit 包成聚集,透過多種工具來做混淆,使防毒更不容易抓到 <div class="small-font">漏洞一發布後,最快 2 天就能產生攻擊工具</div> ---- <!-- .slide: data-transition="convex" --> ### 內網滲透 bloodhound - 可以圖形化 window active directory 網域環境,並可提供攻擊路徑 ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/xt31mH1.jpg) ---- <!-- .slide: data-transition="convex" --> 透過汙染內網 DNS 來竊取資料 ![](https://i.imgur.com/33PXz5R.jpg) ---- <!-- .slide: data-transition="convex" --> ### 偷取資料 - responder - 針對某些協定做 poisoning attack - dnscat2 - dns 隧道後門,可以將偷盜的資料運出來 - icmpsh - icmp 隧道後門,使 ping 的方式中的封包夾帶 data 運出來 - 或是使用公開服務當中繼站(google drive, drobox) ---- <!-- .slide: data-transition="convex" --> ### 防禦對策 ![](https://i.imgur.com/UCLNB4u.jpg) --- <!-- .slide: data-transition="slide" --> ## 突破困境:資安開源工具之應用分享(推薦) ---- <!-- .slide: data-transition="convex" --> * proxmox - 虛擬機管理工具 * librenms - 網路管理系統 * Open-audIT - 資產管理 * Graylog - 類 elk * FreeNAS - nas * duplicati - 備份雲端 * packetfence - nac ---- <!-- .slide: data-transition="convex" --> * wso2 it - MDM * openvas - 弱點掃描 * MobSF - app 檢測 * sonarQube - 開方原始碼漏洞檢測 * proxmox - 郵件閘道 * open hub - 開源專案檢測,也有詳細解釋授權 ---- <!-- .slide: data-transition="convex" --> - 作者blog: http://blog.jason.tools/ - 作者slideshare: https://www.slideshare.net/jasoncheng7115 --- <!-- .slide: data-transition="slide" --> ## 產品漏洞處理及回應 ---- <!-- .slide: data-transition="convex" --> ### 漏洞的定義 與 bug 的差別 - 該產品的弱點,可以被”利用“,來做一些操作或植入惡意程式 ``` 舉例 原本程式能產生 A,但卻產出 B 了,這就是 bug 不過如果他產出了全公司的薪資等安全資料,那就是漏洞 ``` ---- <!-- .slide: data-transition="convex" --> ### ZDI zero-day initiative 漏洞懸賞平台 趨勢也有自己的 https://success.trendmicro.com/tw/vulnerability-response <div class="small-font">所以如果接到趨勢的報告又不確定是不是真的可以來這邊找</div> ---- <!-- .slide: data-transition="convex" --> ### 漏洞發現後 ![](https://i.imgur.com/Bg1wvwg.jpg) ---- <!-- .slide: data-transition="convex" --> ### 修補漏洞 <div class="small-font">發現 -> 通知廠商 -> 廠商驗證漏洞 -> 修補產生補丁 -> 發布</div> ![](https://i.imgur.com/H1bIqvs.jpg) --- <!-- .slide: data-transition="slide" --> ## 以人為本的資安控管-由內而外幫您建立全面防線 ---- <!-- .slide: data-transition="convex" --> ### 資安事件中了社交工程佔了 1X% ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/zUEnoGO.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/7HGpEcZ.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/vQd7WHt.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/ZhAw7wI.jpg) --- <!-- .slide: data-transition="slide" --> ## 用紅隊演練最佳化資安投資(推薦) ---- <!-- .slide: data-transition="convex" --> ### 什麼是紅隊演練 - 資安最大的困境:戰場超乎想像 - 只要是接網設備,都有可能不入侵 - 所以需要透過駭客思維來作防禦 - 紅隊演練即在不損利益情況下,真的打機器 ``` ex: 以一個電商來說,被重點防守 production 正式機 而駭客通常會打邊界的設備,如測試機,再從內網打入 production ``` ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/jKJeuKI.jpg) ---- <!-- .slide: data-transition="convex" --> ### 真實案例 ![](https://i.imgur.com/m7rzaUp.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/FMobtuP.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/6zbGs6F.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/XojQF9r.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/sNAlILS.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/b5TCdJC.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/pxUJC3C.jpg) ---- <!-- .slide: data-transition="convex" --> ## 重要防禦的設備本身安全嗎? ![](https://i.imgur.com/Mhe4kEr.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/BWeivlP.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/ib0YIZ2.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/T4vLz2J.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/zCRQA3m.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/xJ1VfxK.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/rekKrT8.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/5qNyWkd.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/EGNpW3R.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/BUqqnVX.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/7UbwTVJ.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/R3sa6bF.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/NFqeON6.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/Se6eJBY.jpg) ---- <!-- .slide: data-transition="convex" --> ![](https://i.imgur.com/DS0CmVi.jpg) --- <!-- .slide: data-transition="slide" --> ## 總結一下 ---- <!-- .slide: data-transition="convex" --> - 以前是盡力預防,現在則是端點警告、追蹤、排除 - 資安的"意識"很重要,需要落實並成為文化 - 你不知道駭客怎麼打,閉門造車打造的資安防護可能都是自嗨 - 設備(包含開哪些 port,內網的port、白名單,所有連網設備)盤點與制定資安策略的重要性 - 漏洞或駭客 TTP 通報的重要性 --- <!-- .slide: data-transition="slide" --> ## 沒 Q&A, 感謝聆聽

    Import from clipboard

    Paste your markdown or webpage here...

    Advanced permission required

    Your current role can only read. Ask the system administrator to acquire write and comment permission.

    This team is disabled

    Sorry, this team is disabled. You can't edit this note.

    This note is locked

    Sorry, only owner can edit this note.

    Reach the limit

    Sorry, you've reached the max length this note can be.
    Please reduce the content or divide it to more notes, thank you!

    Import from Gist

    Import from Snippet

    or

    Export to Snippet

    Are you sure?

    Do you really want to delete this note?
    All users will lose their connection.

    Create a note from template

    Create a note from template

    Oops...
    This template has been removed or transferred.
    Upgrade
    All
    • All
    • Team
    No template.

    Create a template

    Upgrade

    Delete template

    Do you really want to delete this template?
    Turn this template into a regular note and keep its content, versions, and comments.

    This page need refresh

    You have an incompatible client version.
    Refresh to update.
    New version available!
    See releases notes here
    Refresh to enjoy new features.
    Your user state has changed.
    Refresh to load new user state.

    Sign in

    Forgot password

    or

    By clicking below, you agree to our terms of service.

    Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
    Wallet ( )
    Connect another wallet

    New to HackMD? Sign up

    Help

    • English
    • 中文
    • Français
    • Deutsch
    • 日本語
    • Español
    • Català
    • Ελληνικά
    • Português
    • italiano
    • Türkçe
    • Русский
    • Nederlands
    • hrvatski jezik
    • język polski
    • Українська
    • हिन्दी
    • svenska
    • Esperanto
    • dansk

    Documents

    Help & Tutorial

    How to use Book mode

    Slide Example

    API Docs

    Edit in VSCode

    Install browser extension

    Contacts

    Feedback

    Discord

    Send us email

    Resources

    Releases

    Pricing

    Blog

    Policy

    Terms

    Privacy

    Cheatsheet

    Syntax Example Reference
    # Header Header 基本排版
    - Unordered List
    • Unordered List
    1. Ordered List
    1. Ordered List
    - [ ] Todo List
    • Todo List
    > Blockquote
    Blockquote
    **Bold font** Bold font
    *Italics font* Italics font
    ~~Strikethrough~~ Strikethrough
    19^th^ 19th
    H~2~O H2O
    ++Inserted text++ Inserted text
    ==Marked text== Marked text
    [link text](https:// "title") Link
    ![image alt](https:// "title") Image
    `Code` Code 在筆記中貼入程式碼
    ```javascript
    var i = 0;
    ```    		 
    var i = 0;
    :smile: :smile: Emoji list
    {%youtube youtube_id %} Externals
    $L^aT_eX$ LaTeX
    :::info
    This is a alert area.
    :::

    This is a alert area.
    Versions and GitHub Sync
    Get Full History Access

    • Edit version name
    • Delete

    revision author avatar     named on  

    More Less

    Note content is identical to the latest version.
    Compare
      Choose a version
      No search result
      Version not found
    Sign in to link this note to GitHub
    Learn more
    This note is not linked with GitHub
     

    Feedback

    Submission failed, please try again

    Thanks for your support.

    On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

    Please give us some advice and help us improve HackMD.

     

    Thanks for your feedback

    Remove version name

    Do you want to remove this version name and description?

    Transfer ownership

    Transfer to
      Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

        Link with GitHub

        Please authorize HackMD on GitHub
        • Please sign in to GitHub and install the HackMD app on your GitHub repo.
        • HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.
        Learn more  Sign in to GitHub

        Push the note to GitHub Push to GitHub Pull a file from GitHub

          Authorize again
         

        Choose which file to push to

        Select repo
        Refresh Authorize more repos
        Select branch
        Select file
        Select branch
        Choose version(s) to push
        • Save a new version and push
        • Choose from existing versions
        Include title and tags
        Available push count

        Pull from GitHub

         
        File from GitHub
        File from HackMD

        GitHub Link Settings

        File linked

        Linked by
        File path
        Last synced branch
        Available push count

        Danger Zone

        Unlink
        You will no longer receive notification when GitHub file changes after unlink.

        Syncing

        Push failed

        Push successfully