HeyMrSalt
    • Create new note
    • Create a note from template
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Write
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Engagement control Commenting, Suggest edit, Emoji Reply
    • Invite by email
      Invitee

      This note has no invitees

    • Publish Note

      Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

      Your note will be visible on your profile and discoverable by anyone.
      Your note is now live.
      This note is visible on your profile and discoverable online.
      Everyone on the web can find and read all notes of this public team.
      See published notes
      Unpublish note
      Please check the box to agree to the Community Guidelines.
      View profile
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Emoji Reply
    • Enable
    • Versions and GitHub Sync
    • Note settings
    • Note Insights New
    • Engagement control
    • Make a copy
    • Transfer ownership
    • Delete this note
    • Save as template
    • Insert from template
    • Import from
      • Dropbox
      • Google Drive
      • Gist
      • Clipboard
    • Export to
      • Dropbox
      • Google Drive
      • Gist
    • Download
      • Markdown
      • HTML
      • Raw HTML
Menu Note settings Note Insights Versions and GitHub Sync Sharing URL Create Help
Create Create new note Create a note from template
Menu
Options
Engagement control Make a copy Transfer ownership Delete this note
Import from
Dropbox Google Drive Gist Clipboard
Export to
Dropbox Google Drive Gist
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Write
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Engagement control Commenting, Suggest edit, Emoji Reply
  • Invite by email
    Invitee

    This note has no invitees

    • Publish Note

    Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

    Your note will be visible on your profile and discoverable by anyone.
    Your note is now live.
    This note is visible on your profile and discoverable online.
    Everyone on the web can find and read all notes of this public team.
    See published notes
    Unpublish note
    Please check the box to agree to the Community Guidelines.
    View profile
    Engagement control
    Commenting
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    • Everyone
    Suggest edit
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    Emoji Reply
    Enable
    Import from Dropbox Google Drive Gist Clipboard
       Owned this note    Owned this note      
    Published Linked with GitHub
    • Any changes
      Be notified of any changes
    • Mention me
      Be notified of mention me
    • Unsubscribe
    # 【AIS3 2024 Team D5 專題共筆】 - [報告步驟大綱](#報告步驟大綱) - [簡報強烈建議放的內容](#簡報強烈建議放的內容) - [不錯的報告建議](#不錯的報告建議) --- [TOC] # 專題討論 & 進度 ## 20240802 09:00 進度 ### CVE #### Ubuntu 復現 昨晚環境建立完成 四指令 a. java real google -> OK b. curl real google -> OK c. java fake google -><font color="ff0000"> OK </font> d. curl fake google -> NG In java 15-18 壞人 能利用ECDSA漏洞 偽造假的簽章憑證 #### 網頁部分 :::spoiler 很醜不要看 ```html= <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="refresh" content="540" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <title>AIS3銀行</title> <link href="css.css" rel="stylesheet" type="text/css" /> <link rel="icon" href="img/AIS3_logo.png" type="image/x-icon"> <style> .title12oe2 { font-family: "新細明體", "Arial", "taipei"; font-size: 12px; color: FF3300; line-height: 135%; /*FF6600;*/ } .title12oe2 A:link { color: FF6600; text-decoration: none; } .title12oe2 A:visited { color: FF6600; text-decoration: none; } .title12oe2 A:hover { color: 990000; text-decoration: underline; } .slideHomePic { width: 690px; height: 350px; border: 0px solid white; } .slideAward2Pic { width: 320px; height: 190px; border: 0px solid white; } </style> <style> /* Reset CSS --------------------------------------- */ html,body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre, form,fieldset,input,textarea,p,blockquote,th,td { padding: 0; margin: 0; width: auto; } a{text-decoration:none; outline: none; /* for Firefox */ /*hlbr:expression(this.onFocus=this.blur()); /* for IE */ } table { border-spacing: 0; } img { border: 0;} ol,ul { list-style: none;} h1,h2,h3,h4,h5,h6 { font-weight: normal; font-size: 100%; margin:0; padding:0; } .clearfix:after { visibility:hidden; display:block; font-size:0; content:" "; clear:both; height:0; } .clearfix { zoom:1; } /*a{text-decoration:none;}*/ /*header --------------------------------------- */ body{font-family: arial,微軟正黑體; font-size:14px; line-height:20px; color:#535353;} body.private{background:#f5f5f2 url(img/index_private_top_bg.jpg) repeat-x center top;} .wrapper{ width:1010px; margin:auto;} /*.text_none{ text-indent: -1000px; overflow:hidden;}*/ .header { padding:10px 0; font-size:12px; height:60px;} .header .logo,.header .logo a{ width:175px; height:50px; display:block; float:left;} .header h1{ padding:7px 0 0 0;} .header h2{ float:left; padding:5px 0 0 0; margin:0 0 0 20px;} .header h2 span{ display:block;padding:0 0 0 20px;height:30px;} .header .top_nav,.header .language{ float:right;} .header .top_nav{padding:17px 0 0 0;} .header .language{width:131px; height:25px; padding:15px 0 0 0; margin:0 0 0 10px;} .header .language li{ float:left; width:65px; text-align:center; line-height:25px;} .header .top_nav li{ float:left; padding:0 10px 0 20px;} .header .logout{ float:right; margin:0 0 0 10px; padding:0 0 0 10px;} .header .logout a{ display:block; width:50px; height:20px; padding:30px 0 0 0; text-align:center;} .company .header a{ color:#FFF;} .company .header a:hover{text-decoration: underline;} .company .header .logout{border-left:1px solid #f69a9b;} .private .header.login{background:#f20000 url(img/index_private_top_bg2.jpg) repeat-x center top;} .private .header a{ color:#ffffff;} .private .header a:hover{text-decoration: underline;} .private .header .logo a{ background:url(img/AIS3_logo.png) no-repeat center top; background-size: 40%;} .private .header .top_nav li{ background:url(netbank/pages/jsp/Login/html/images/top_list_r.png) no-repeat 0 1px;} .private .header .language{ background:url(img/language_r2.png) no-repeat 0 bottom; } .private .header .language a{ color:#FFF;} .private .header .logout{border-left:1px solid #c8c8c8;} .private .header .logout a{ background:url(netbank/pages/jsp/Login/html/images/login_icon_r.png) no-repeat center top;} /*content nav --------------------------------------- */ .content{ background:#f5f5f2 url(netbank/pages/jsp/Login/html/images/content_bg.jpg) repeat-x center top;} .content .nav_bar{ height:50px; text-align:right; font-size:12px;} .content .nav_bar ul{float:left;} .content .nav_bar li{ float:left; font-size:16px;} .content .nav_bar li a{ min-width:120px; padding:0 15px; text-align:center; display:block;} .company .content .nav_bar{ background:url(netbank/pages/jsp/Login/html/images/nav_bar_w.png) repeat-x;line-height:45px; color:#666; margin:0 0 15px 0;} .company .content .nav_bar ul{ background:url(netbank/pages/jsp/Login/html/images/nav_bar_w_line.png) no-repeat left bottom;} .company .content .nav_bar li{ background:url(netbank/pages/jsp/Login/html/images/nav_bar_w_line.png) no-repeat right bottom;} .company .content .nav_bar li a{ color:#333; line-height:45px;} .company .content .nav_bar li a:hover{ color:#f20000;} .private .content .nav_bar{ background:url(netbank/pages/jsp/Login/html/images/nav_bar_r.png) repeat-x ;color:#fff;line-height:45px; margin:0 0 15px 0;} .private .content .nav_bar ul{ background:url(netbank/pages/jsp/Login/html/images/nav_bar_r_line.png) no-repeat left bottom;} .private .content .nav_bar li{ background:url(netbank/pages/jsp/Login/html/images/nav_bar_r_line.png) no-repeat right bottom;} .private .content .nav_bar li a{ color:#FFF;line-height:45px;} .private .content .nav_bar li a:hover{color:#f69a9b;} /*content sidebar--------------------------------------- */ .content .sidebar{ width:200px; float:left; padding:0 0 50px 0;border-top:5px solid #ec0000; margin:0 20px 0 0;} .content .sidebar > ul{ border-left:1px solid #ddd; font-size:15px;} .content .sidebar > ul > li{ border-bottom:1px solid #ddd;border-right:1px solid #ddd;} .content .sidebar ul > li > a{ display:block; padding:15px 0 15px 15px; color:#333;} .content .sidebar ul > li > a:hover{color:#e1060a;} .content .sidebar li > ul {border-top:1px solid #ddd; padding:0 0 0 15px;} .content .sidebar li li {padding:0 0 0 10px; background: url(netbank/pages/jsp/Login/html/images/sidebar_arrow.png) no-repeat 155px 15px;} .content .sidebar li li a {padding:10px;border-bottom:1px solid #ddd;} .content .sidebar li li:last-child a{border-bottom: none;} .content .sidebar .arrow{ display:block; padding:0 30px 0 0} .content .sidebar .arrow.up{ background:url(netbank/pages/jsp/Login/html/images/up.png) no-repeat 155px 0;} .content .sidebar .arrow.down{ background:url(netbank/pages/jsp/Login/html/images/down.png) no-repeat 155px 0;} .company .content .sidebar li li {border-left:4px solid #dde08b;} .private .content .sidebar li li {border-left:4px solid #f79f9f;} /*content --------------------------------------- */ .content .main{ float:left; width:790px; padding:0 0 50px 0;} .content .msg_box{ padding:5px 0 20px 0;} .content .member_msg{ padding:10px 0; color:#666;} .content .msg_box .member_msg .left{ float:left; width:270px; min-height:65px; padding:15px 0 10px 110px; border-right:1px solid #d4d7ab;} .content .msg_box .member_msg .left p{ padding:0 0 5px 0;} .content .msg_box .member_msg .right{ float:right; font-size:12px; width:394px; padding:10px 0 10px 15px;} .content .member_msg .note{ height:23px; line-height:23px; padding:0 10px; color:#fff; float:right; margin:10px 0 0 0;} .company .content .msg_box{ background: url(netbank/pages/jsp/Login/html/images/msg_box_g.png) no-repeat center top;} .company .content .member_msg{background:#f3f5b8;} .company .content .msg_box .member_msg .left{background:url(netbank/pages/jsp/Login/html/images/icon_company.png) no-repeat 10px top;} .company .content .member_msg .note{ background:url(netbank/pages/jsp/Login/html/images/member_msg_note_g.png) no-repeat 0 0;} .private .content .msg_box{ background: url(netbank/pages/jsp/Login/html/images/msg_box_r.png) no-repeat center top;} .private .content .member_msg{background:#ffd2d2;} .private .content .msg_box .member_msg .left{background:url(netbank/pages/jsp/Login/html/images/icon_private.png) no-repeat 10px top;} .private .content .member_msg .note{ background:url(netbank/pages/jsp/Login/html/images/member_msg_note_r.png) no-repeat 0 0;} .content .title{ background:url(netbank/pages/jsp/Login/html/images/title_bg_line.png) repeat-x left center; line-height:27px; height:27px; margin:0 0 20px 0; position:relative;} .content .title span{ background: url(netbank/pages/jsp/Login/html/images/title_bg.jpg) no-repeat ; padding:0 5px 0 10px; display:inline-block; color:#FFF; position:relative;} .content .title em{ background: url(netbank/pages/jsp/Login/html/images/title_bg2.png) no-repeat left center; display:block; width:16px; height:27px; position:absolute; right:-16px; top:0;} .content .title a{ background:url(netbank/pages/jsp/Login/html/images/btn_add.png) no-repeat; width:129px; height:22px; display:block; position:absolute; right:0; top:3px; color:#9f9f9f; line-height:22px; padding:0 0 0 5px;} .content .title .more{ background:url(netbank/pages/jsp/Login/html/images/more.png) no-repeat;width:60px; padding:0 0 0 14px;} .content .inform_msg li{ padding:0 13px 10px 0px; float:left; width:250px;} .content .login_box{ padding:30px 0 0 0;} .content .login_box .login{ float:left; width:318px; height:349px; background:#fdfdfc url(/img/login_bg.jpg) repeat-x left bottom; border-right:1px solid #d9d9d9; border-bottom:1px solid #d9d9d9;border-left:1px solid #d9d9d9;} .content .login_box .login h3{ color:#fff; line-height:50px; font-size:18px;} .content .login_box .login h3 span{ padding:0 0 0 45px; display:block;} .company .content .login_box .login h3{background:url(netbank/pages/jsp/Login/html/images/login_bar_g.jpg) repeat-x left top; margin:0 0 0 0;} .company .content .login_box .login h3 span{background:url(/etbank/pages/jsp/Login/html/images/icon_company_s.png) no-repeat 10px 10px;} .private .content .login_box .login h3{background:url(img/login_bar_r.jpg) repeat-x left top;margin:0 0 0 0;} .private .content .login_box .login h3 span{background:url(img/icon_private_s.png) no-repeat 10px 10px;} .content .login_box .login .input_box{ padding:0 10px 10px 25px; line-height:40px;} .content .login_box .login .input_box_private{ padding:0 10px 5px 25px; line-height:40px;} .content .login_box .login .text_bar{ -webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px; border:1px solid #dcdcdc; width:160px; height:20px; line-height:20px; color:#003C9D; padding:5px; margin:0 10px 0 0; font-weight:900; } .content .login_box .login .text_bar_private{ -webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px; border:1px solid #dcdcdc; width:80px; height:20px; line-height:20px; color:#003C9D; padding:5px; margin:0 2px 0 0; font-weight:900; } .content .login_box .btn_s{ width:110px; height:32px; padding:0px 95px 0 95px; margin:auto; line-height:32px; font-size:12px;} .content .login_box .btn_s a{ width:70px; height:32px; display:block; padding:0 0 0 40px;} .company .content .login_box .btn_s{ background:url(netbank/pages/jsp/Login/html/images/login_btn01.png) no-repeat center bottom;} .private .content .login_box .btn_s{background:url(netbank/pages/jsp/Login/html/images/login_btn02.png) no-repeat center bottom;} .company .content .login_box .btn_s a{color:#aab103;} .private .content .login_box .btn_s a{color:#ec0000;} .content .login_box .main_btn{ width:275px; margin:auto; line-height:45px; text-align:center;} .content .login_box .main_btn_company{ padding:10px 0 0 0;} .content .login_box .main_btn_private{ padding:0 0 0 0;} .content .login_box .main_btn li{ padding:0 0 5px 0;} .content .login_box .main_btn a{width:275px; height:45px; display:block; font-size:18px;} .content .login_box .main_btn .btn_g a{ background:url(netbank/pages/jsp/Login/html/images/logout_btn_g.png) no-repeat center top; color:#FFF;} .content .login_box .main_btn .btn_g a:hover{ background-position:center bottom;} .content .login_box .main_btn .btn_r a{ background:url(img/logout_btn_r.png) no-repeat center top; color:#FFF;} .content .login_box .main_btn .btn_r li{ background:url(img/logout_btn_r.png) no-repeat center top; color:#FFF;} .content .login_box .main_btn .btn_r a:hover{ background-position:center bottom;} .content .login_box .main_btn .btn_w a{ background:url(img/logout_btn_w.png) no-repeat center top; color:#666;} .private .content .login_box .main_btn .btn_w a:hover{color:#ec0000;} .company .content .login_box .main_btn .btn_w a:hover{color:#aab103;} /*網銀常用連結區,由於需求修改字樣 數位銀行Bank3.0 改成 線上申請專區數位銀行Bank3.0 ,故調整CSS版面*/ .content .link ul li{ float:left; margin:0 0px 20px 0;} .content .link ul li a{ display:block; width:101px; padding:70px 0 0 0; color:#666; text-align:center;margin-left:-4px;line-height:15px;} .content .link ul li .link_01{ background:url(netbank/pages/jsp/Login/html/images/icon_01.png) no-repeat;background-position:17px 0px;} .content .link ul li .link_02{ background:url(netbank/pages/jsp/Login/html/images/icon_02.png) no-repeat;background-position:17px 0px;} .content .link ul li .link_03{ background:url(netbank/pages/jsp/Login/html/images/icon_03.png) no-repeat;background-position:17px 0px;} .content .link ul li .link_04{ background:url(netbank/pages/jsp/Login/html/images/icon_04.png) no-repeat;background-position:17px 0px;} .content .link ul li .link_05{ background:url(netbank/pages/jsp/Login/html/images/icon_05.png) no-repeat;background-position:17px 0px;} .content .link ul li .link_06{ background:url(netbank/pages/jsp/Login/html/images/icon_06.png) no-repeat;background-position:17px 0px;} .content .books{ text-align:center;} .content .books ul{ background:url(netbank/pages/jsp/Login/html/images/icon_1.png) no-repeat; padding:0 0 0 90px; margin-bottom:20px; line-height:24px;text-align: left;} .content .books ul li{ padding:0 0 5px 0;} .content .books ul li span{background:url(netbank/pages/jsp/Login/html/images/list.png) no-repeat 0 0; display:block; float:left; height:24px; width:24px; text-align:center; margin:0 5px;} .content .books ul li a{color:#666; float:left;display:block; width:180px;} .content .download ul{ background:url(netbank/pages/jsp/Login/html/images/icon_2.png) no-repeat; padding:0 0 0 90px; min-height:100px; margin-bottom:20px; line-height:24px;} .content .download ul li{ padding:0 0 5px 0;} .content .download ul li span{background:url(netbank/pages/jsp/Login/html/images/list.png) no-repeat 0 0; display:block; float:left; height:24px; width:24px; text-align:center; margin:0 5px;} .content .download ul li a{color:#666; float:left;display:block; width:180px;} .content .books .page{-webkit-border-radius: 5px;-moz-border-radius: 5px;border-radius: 5px; background:rgba(255, 255, 255, 0.6); padding:0 10px; display: inline-block;} .content .books .page li{ float:left; padding:3px;} .content .books .page li a{display:block; width:12px; height:12px; text-indent:-2000px; background:url(netbank/pages/jsp/Login/html/images/page.png) left bottom;} .content .books .page .activation a{ background-position:left top;} .content .download .page{-webkit-border-radius: 5px;-moz-border-radius: 5px;border-radius: 5px; background:rgba(255, 255, 255, 0.6); padding:0 3px; display: inline-block;} .content .download .page li{ float:left; padding:3px;} .content .download .page li a{display:block; width:12px; height:12px; text-indent:-1000px; overflow:hidden; background:url(netbank/pages/jsp/Login/html/images/page.png) left bottom;} .private .books h2,.private .download h2,.private .link h2{ font-size:22px; background:url(netbank/pages/jsp/Login/html/images/title_icon.png) no-repeat left top; text-align:left; padding:0 0 10px 10px;} .private .content .link,.private .content .download,.private .content .books{ float:left;} .private .content .link{ padding:20px 0 0 0;} .private .content .download{ padding:20px 15px 0 0;} .private .content .books{ padding:20px 15px 0 0;} .private .content .books ul{ background-position: 5px top; margin-bottom:0;} .private .content .download ul{ background-position: 5px top;} .private .content .link ul{ padding:0 0 0 15px;} .private .content .list_box{border:1px solid #d6d3ca; width:314px; padding:20px 5px 0 5px; background:#fff; height:230px; margin-bottom:20px;} /*logout --------------------------------------- */ .content .logout { text-align:center; width:790px; margin:auto; padding:80px 0 0 0; color:#666;} .content .logout h2{ font-size:24px; color:#FFF; padding:15px; border-bottom:1px solid #d6d3ca;} .content .logout .text_box{ border-left:1px solid #d6d3ca;border-right:1px solid #d6d3ca; border-top:1px solid #e1e1e1;border-bottom:1px solid #d6d3ca; padding:50px 20px; font-size:15px;} .content .logout .logout_nav{ width:570px; margin:auto; padding:10px 0 0 0;} .content .logout .logout_nav li{ float:left; padding:0 5px;} .content .logout .logout_nav li a{ width:275px; height:45px; display:block; font-size:18px; line-height:45px;} .content .logout .logout_nav li .btn{ background:url(netbank/pages/jsp/Login/html/images/logout_btn_w.png) no-repeat; color:#666;} .content .logout .logout_nav li .btn:hover{color:#ff0000;} .content .logout .logout_nav li .btn_r{ background:url(netbank/pages/jsp/Login/html/images/logout_btn_r.png) no-repeat;color:#fff;} .content .logout .logout_nav li .btn_r:hover{ background-position:center bottom;} .content .logout .note_box{ background:url(netbank/pages/jsp/Login/html/images/logout_down_bg.png) no-repeat center bottom; min-height:50px;padding:20px; text-align:left;} .content .logout .note_box p {min-height:70px;} .content .logout .note_box .icon_r{ background:url(netbank/pages/jsp/Login/html/images/icon_r.png) no-repeat 0 0; padding:10px 0 0 100px; } .content .logout .note_box .icon_g{ background:url(netbank/pages/jsp/Login/html/images/icon_g.png) no-repeat 0 0; padding:10px 0 0 100px; } .company .content .logout h2{ background: url(netbank/pages/jsp/Login/html/images/logout_title_g.png) no-repeat center top; } .private .content .logout h2{ background: url(netbank/pages/jsp/Login/html/images/logout_title_r.png) no-repeat center top; } /*footer --------------------------------------- */ .footer{font-size:12px; color:#999; padding:30px 0; background:#f5f5f2 url(netbank/pages/jsp/Login/html/images/footer_bg.jpg) repeat-x center top;} .footer a{color:#999;} .footer .nav{font-size:13px; color:#666; line-height:16px; padding:0 0 5px 0;} .footer .nav a{color:#666;} .footer a:hover{text-decoration: underline;} .footer .nav li{ float:left; border-right:1px solid #666; padding:0 5px;} .footer .nav li:first-child{ padding:0 5px 0 0;} .footer .nav li:last-child{ border:none;} </style> </head> <body class="private" onLoad="javascript:doOnLoad('N');" onkeyup="keypressed(event)"> <div id="Layer1" style="position:absolute; left:1px; top:1px; width:100%; height:100%; z-index:2"> <FORM name="LoginForm" id="LoginForm_post" method="post" action="/netbank/servlet/TrxDispatcher" autocomplete="off"> <div class="private"> <div class="header"> <div class="wrapper clearfix"> <h1 class="logo" style="font-size: 30px;"><a href=""></a></h1> <span style="position: relative; font-size: 30px; top: 20px;">AIS3銀行</span> <!-- <h2 class="text_none" style="font-size: 30px; position: static; top: 30px;"><span>個人網路銀行</span></h2> --> <ul class="language"> <li><a href="">English</a></li> <li><a href="">简体中文</a></li> </ul> <ul class="top_nav"> <li><a href="" style="color: red;">企業網銀</a></li> <li><a href="" style="color: red;">AIS3金控</a></li> </ul> </div> </div> <div class="content"> <div class="wrapper"> <div class="login_box clearfix"> <div class="slides_container" style="float: left;width: 690px;height: 350px;"> <ul id="slides_home"></ul> </div> <div class="login"> <h3><span>網路銀行/個人用戶</span></h3> <div style="margin:3px 0 0 160px; font-size:14px;"> <img src="img/bt_login.gif"> <a href="">首次簽入</a> </div> <hr style="margin-top:0;"> <div class="input_box_private"> <input class="text_bar" name="USERID" id="USERID" value="請輸入身分證字號" type="text" maxlength="10" autocomplete="off" onblur="if(this.value=='') this.value='請輸入身分證字號';" onfocus="if(this.value=='請輸入身分證字號') this.value='';"> <input name="cbUsrid" type="checkbox" value="checkbox" id="list_a1" /> <label for="list_a1">記住</label> <!-- 加入隱碼 --> <input name="cbUSERIDVisiable" type="checkbox" id="list_a2"> <label id="label_list_a2" for="list_a2">隱碼</label> </div> <div class="input_box_private"> <input class="text_bar" name="NICKNAME" id="NICKNAME" type="text" maxlength="10" value="請輸入您的代號" autocomplete="off" onfocus="if(this.value=='請輸入您的代號') this.value='';" onblur="if(this.value=='') this.value='請輸入您的代號';"> <input name="cbNickname" type="checkbox" id="list_b1" /> <label for="list_b1">記住</label> <a href="javascript: hint()" class="text_r">提示</a> <!-- 加入隱碼 --> </div> <div class="input_box_private"> <input class="text_bar" name="pwdText" id="pwdText" type="text" minlength="8" maxlength="16" value="請輸入8~16位密碼" style="display:block;" onblur="if(this.value=='') this.value='請輸入8~16位密碼';" onfocus="if(this.value=='請輸入8~16位密碼') this.value='';"> <input class="text_bar" name="PASSWORD" id="password" type="password" minlength="8" maxlength="16" style="display:none;" onBlur="changeDisplayFocus();" onkeypress="detectMaxLen('登入密碼', this.value, 16, event);" onpaste="detectMaxLen('登入密碼', this.value, 16, event);" /> </div> <div class="input_box_private" style="padding-top:2px;padding-bottom:0px;"> <div style="float:left;"><input name="TrxCaptchaKey" type="text" class="text_bar_private" id="TrxCaptchaKey" size="5" maxlength="4" value="圖形驗證碼" onfocus="if(this.value=='圖形驗證碼') this.value='';" onBlur="if(this.value=='') this.value='圖形驗證碼';"></div> <div style="float:center;"><img src="img/CaptchaImage_2.jsp" id="code_Cap" name="code_Cap" height="30" width="80">&nbsp;&nbsp;<a href="javascript:void( 0 )" type="button" onClick="chgCaptcha();">重新產生</a> </div> </div> <div style="float:left;padding-left:25px"> <ul class="main_btn_private main_btn"> <li id="WannaLogin" class="btn_r"><a href="javascript:void( 0 )" onclick="doSubmit();">確定登入</a></li> <li id="cancelData" class="btn_w"><a href="javascript:void( 0 )" type="button" onClick="doReset()" id="resetBottun">清除重填</a></li> </ul> </div> </div> </div> </div> </div> <div class="footer"> <div class="wrapper"> <table> <tr> <td> <p>24小時客服中心:(02) xxxx-xxxx</p> <p>AIS3銀行股份有限公司|統編 20240804</p> </td> <td> <a href="https://www.cdic.gov.tw/main_ch/chinese.html" target="_blank"> <img src="/netbank/pages/jsp/Login/html/images/cdic_logo.jpeg" alt="" /> </a> </td> </tr> </table> </div> </div> </div> </FORM> </div> </body> </html> ``` ::: ### PPT 略作簡略版本 19:00 主力花在禮拜六編輯 今天簡易版即可 ## 20240801 19:40 進度 兩分支 確立 分 4-5 Min ZTNA ; 12 Min CVE ## 20240731 22:00 討論想法 兩分支 分頭進行 ZTNA 以及 CVE ### ZTNA :::spoiler 影片 與 各關鍵字 https://youtu.be/IYmXPF3XUwo?si=c5nBF55IxT4N1Qwt 使用 Twin Gate 實現 ZTNA . 中繼點 (Pivot point, PEP/PDP) Cloud computing:Linux, docker -> Tailscale . 接入點 (Connector) NAS, Windows (Tailscale terminal) . client . NAS IP: 192.168.1.150 ::: - Client - Connector:內部資源和外部請求間的中介 - Controller (及PEP/PDP):ZTNA 系統核心,管理和執行安全策略 - Relay:告訴 Connector 誰允許進入網路 (a list of allowed devices and what allowed to access) 關係: ![image](https://hackmd.io/_uploads/ryFTZLdKR.png) - Connector 在配置時會產生 token,透過 token 跟 Controller 驗證,Controller 會將 Relay 給 Connector - Relay 是 Client 和 Connector 間的橋梁,讓彼此知道對方的 IP 和 port - Connector 會根據 Relay 判斷 Client 是否可以進入、可以存取哪些內容 #### ZTA關鍵概念 * Assume breached * Never trust, always verify * Implement Least priviledge #### ZTNA概念金字塔 ![IMG_0257](https://hackmd.io/_uploads/BJwxklcKA.png) #### Policy Enforcement/Decision Point:你在訪問resource前的海關 * 這兩個會在你跟resource進行連線前把你從頭到腳檢查一遍,檢查的東西包括但不限於Connection established time, source IP location, Operating System * PDP負責決定而PEP負責執行 * 在authentication及authorization過後,PEP會負責你跟resource間的連線 ##### Policy Engine(PE) 跟 Policy Administration(PA) 由PE做出決定要不要使subject通過/拒絕或中斷連線,而PA則負責跟subject的溝通。 ![1722581864841](https://hackmd.io/_uploads/S10qmZqF0.png) #### ZTNA vs. IKE/IPsec VPN?: * 接入後VPN讓你隨便逛,ZTNA則會監視你的每個舉止 * PEP跟Destination host之間才是implicit trust zone,VPN你接入後整個網路隨便你逛 * ZTNA應用Role-Based Access control,對於用戶(組)的權限管控極其嚴格 * IPsec基於AES,TLS基於RSA #### 避免破口&其它益處: * DoS protection * Incident Response * User/Device Behavior Analytics(UEBA) * Horizontal pivoting (Lateral moving) * Minimizing possibility of priviledge escalation #### Claude比較IPsec/IKE跟TLS: > 1. Tunnel Formation: > IKE/IPsec: - Forms a tunnel at the network layer (Layer 3) - Creates a virtual encrypted tunnel between two endpoints - Encapsulates entire IP packets - Can protect all traffic between two networks or hosts > ZTNA with TLS: > - Forms a tunnel at the application layer (Layer 7) > - Creates encrypted connections for specific applications > - Doesn't encapsulate entire IP packets > - Protects specific application traffic, not necessarily all traffic between endpoints > > 2. Key Exchange: > IKE/IPsec: - Uses Internet Key Exchange (IKE) protocol - Two main versions: IKEv1 and IKEv2 - Involves a two-phase process for key exchange and SA (Security Association) establishment > ZTNA with TLS: - Uses TLS Handshake protocol - Current version is TLS 1.3 (though 1.2 is still widely used) - Single phase handshake process for key exchange and parameter negotiation > 3. Phases and Steps: > IKE/IPsec: > Phase 1 (IKE SA): 1. Propose and agree on encryption and authentication algorithms 2. Perform Diffie-Hellman key exchange 3. Authenticate peers (e.g., using pre-shared keys or certificates) 4. Establish a secure channel for Phase 2 Phase 2 (IPsec SA): 1. Negotiate IPsec security parameters (e.g., encryption algorithms, modes) 2. Establish IPsec Security Associations (SAs) 3. Periodically refresh keys and SAs ZTNA with TLS: TLS 1.3 Handshake (single phase): 1. Client Hello (with supported ciphers and key share) 2. Server Hello (with selected cipher and key share) 3. Server sends certificate and signature 4. [Optional] Server requests client certificate 5. [Optional] Client sends certificate and signature 6. Derive session keys 7. Finished messages to confirm handshake > 4. Encryption Algorithms: IKE/IPsec: - Typically uses AES (Advanced Encryption Standard) - Common modes: AES-CBC, AES-GCM - Supports various key sizes (128, 192, 256 bits) ZTNA with TLS: - Uses a variety of ciphers, including AES - TLS 1.3 mandates use of AEAD (Authenticated Encryption with Associated Data) ciphers - Common ciphers: AES-GCM, ChaCha20-Poly1305 >5. Authentication: IKE/IPsec: - Supports pre-shared keys, certificates, and EAP methods - Authentication occurs during IKE Phase 1 ZTNA with TLS: - Primarily uses certificates for server authentication - Can use client certificates for mutual authentication - Often combined with additional authentication methods at the application level >6. Flexibility and Granularity: IKE/IPsec: - Provides network-level security - Less granular control over individual application access - Well-suited for site-to-site VPNs and remote access VPNs ZTNA with TLS: - Provides application-level security - Offers more granular control over access to specific applications - Better suited for fine-grained access control and micro-segmentation >7. Performance and Overhead: IKE/IPsec: - Can have higher overhead due to packet encapsulation - May require specialized hardware for high-performance environments ZTNA with TLS: - Generally lower overhead as it operates at the application layer - Can be more efficiently implemented in software >8. NAT Traversal: IKE/IPsec: - Requires specific NAT traversal mechanisms (e.g., NAT-T) - Can face challenges with complex NAT scenarios ZTNA with TLS: - Naturally traverses NAT without additional mechanisms - Generally works well in various network configurations #### References [NIST Special Publication 800-207](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf) [Zero Trust Architecture (ZTA): A Comprehensive Survey - IEEE](https://ieeexplore.ieee.org/document/9773102) ### CVE Reappear-CVE-2022-21449-TLS-PoC 重現此CVE 這CVE是關於 橢圓曲線簽章漏洞 導致多因子驗證被繞過 在Java 15.16.17.18 上面出現此漏洞 風險等級高 風險分數7.5 類別 Lib Refer : \ [1] https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ \ [2] https://github.com/notkmhn/CVE-2022-21449-TLS-PoC \ [3] https://ithelp.ithome.com.tw/articles/10304518 \ [4] https://nvd.nist.gov/vuln/detail/CVE-2022-21449 \ [5] [https://jfrog.com/blog/cve-2022-21449-psychic-signatures](https://jfrog.com/blog/cve-2022-21449-psychic-signatures-analyzing-the-new-java-crypto-vulnerability/) \ [6] https://developer.aliyun.com/article/1028316 \ [7] [https://www.youtube.com/watch?](https://www.youtube.com/watch?v=RdYJrViBXBg&ab_channel=%E8%82%B2%E6%AD%A3%E8%91%9B%E8%91%9B%E7%9A%84%E8%B3%87%E5%AE%89%E9%81%8A%E6%A8%82%E5%A0%B4) [8] [WebVM](https://www.facebook.com/ghost.end/posts/pfbid0TfAHuK7YGcafXv6WizK8zfrgUkpCZEyojXCncL3iUCQUfLnT9upGQ5EZvLBEHW5Sl?locale=zh_TW) [9] [LEMP](https://xenby.com/b/137-%E6%95%99%E5%AD%B8-%E5%AE%89%E8%A3%9Dlemplinuxnginxmysqlphp%E7%92%B0%E5%A2%83) ## 20240730 16:30 Create HackMD共筆 ### 前言 下面有一個我下個Prompt在Claude的平台 還有金融講師剛好有提到 我們提到的方向 所以有截圖一些 不過在閱讀之前 我認為我們時間只有六天 所以勢必要做刪減 以及 輕量化 ; 還要適時提出遇到的狀況 因為要時間管理+合作 下面的架構都很龐大 我們可以刪減的方向有 EX : - 類比資料轉數位 我們假想就好 - 同態加密通常運算比較龐大 這是我目前較擔心的 - 按照零信任七大面向 我們做多少是多少 有些可以用概念敘述 - 很難完美 盡力就好 !! 一起一邊崩潰一邊+U !! ### 使用Claude下Prompt - Prompt: 那如果 不導入零信任 * 1.光譜先採集 2.再透過ADC類比轉成數位 3.利用快速傅立葉FFT將時域轉頻域 以利未來 本地儲存/頻譜分析 4.最後頻譜分析 可以透過機器學習模型/尋找異常/等分析 如果今天我是A公司 我向B廠商 買一台設備 可以分析頻域異常特徵 這樣的話 有可能引進的設備 有機會竊取我數據 那如果導入 同態加密 達到零信任的話 Q1 有沒有現有的研究或PAPER 使用 FFT 同態加密 技術 有的話給我連結 資源 來源 Q2 有一個技術叫O-RAN 如果把以上整合 你幫我重複一次整體概念 串起來 目前大概有OT 零信任 同態 O-RAN (光譜) 以上 並 給我這個專題 幫我取一個名稱 並且加上 Router 光譜 我們想用Arduino+8266 模擬 假想 還有沒有什麼VPN 可以結合在這整個OT 零信任 模型 - Response : 非常好的想法!讓我們重新整合這些概念,並加入您提到的新元素。以下是一個更全面的整合方案: 整體概念: 1. 數據採集模擬: - 使用Arduino + ESP8266模擬光譜採集設備。 - 生成模擬的光譜數據,模仿實際工業環境中的頻譜特徵。 2. 邊緣加密: - 在Arduino設備上實現輕量級加密,為數據提供初步保護。 3. 安全路由: - 使用支持VPN的路由器(如OpenWrt路由器)作為數據傳輸的第一跳。 - 實現IPSec或OpenVPN,為數據傳輸提供額外的加密層。 4. 同態加密處理: - 在邊緣設備或安全網關上對數據進行完全同態加密(FHE)。 - 確保後續所有操作都在加密域進行。 5. 加密域FFT: - 在加密狀態下執行FFT,將時域信號轉換為頻域。 6. O-RAN集成: - 利用O-RAN的開放架構,將加密的頻譜分析整合到無線網絡中。 - 實現動態頻譜分配和干擾管理。 7. 零信任架構: - 實施持續身份驗證、最小權限訪問和動態信任評估。 - 使用微分段技術隔離不同的網絡功能。 8. OT安全集成: - 將頻譜分析系統與工業控制系統(ICS)安全整合。 - 實施ICS專用的安全協議和隔離措施。 9. 加密域機器學習: - 在加密狀態下執行機器學習模型,進行異常檢測和頻譜分析。 10. 安全多方計算(MPC): - 引入MPC技術,允許多個不信任方共同進行頻譜分析,而不暴露各自的數據。 11. 軟件定義網絡(SDN): - 使用SDN技術動態管理網絡流量和安全策略。 12. 安全結果輸出: - 只在最終階段解密分析結果,保持整個過程的數據隱私。 專題名稱: "基於Arduino的工業物聯網零信任頻譜分析系統:融合同態加密、O-RAN與OT安全的新一代SDN-VPN架構" 這個專題名稱涵蓋了所有關鍵元素:Arduino模擬、零信任、頻譜分析、同態加密、O-RAN、OT安全、SDN和VPN。它強調了系統的創新性和全面性。 實施建議: 1. 硬件設置: - 使用Arduino Uno或Mega與ESP8266模組模擬光譜採集。 - 選擇支持OpenWrt的路由器作為安全網關。 2. 軟件實現: - 在Arduino上實現基本的FFT算法。 - 使用輕量級加密庫(如AES)在Arduino上進行初步加密。 - 在路由器上設置OpenVPN或IPSec。 3. 同態加密: - 研究並實現適合IoT設備的輕量級同態加密方案。 4. O-RAN集成: - 使用開源O-RAN軟件堆棧(如O-RAN Software Community)進行集成。 5. 零信任實現: - 實施基於身份的訪問控制(IBAC)和軟件定義邊界(SDP)。 6. 機器學習: - 使用TensorFlow Lite或類似的輕量級ML框架在加密域進行分析。 7. 性能優化: - 研究如何在資源受限的環境中優化加密和分析過程。 這個專題結合了多個前沿技術領域,不僅具有學術價值,還有潛在的實際應用前景。它展示了如何在保護數據隱私的同時,實現高效的頻譜分析和網絡安全。 如果您需要更多細節、具體的實施步驟或有任何其他問題,請隨時告訴我。這是一個非常有挑戰性但也非常有價值的研究方向。 --- # 參考 ## Fig (我們可以參考 來自講師PDF) ![image](https://hackmd.io/_uploads/BJTYRmIKR.png) ![image](https://hackmd.io/_uploads/BJluyV8YC.png) ![image](https://hackmd.io/_uploads/Sy0ay48FC.png) # 報告 ## 報告步驟大綱 0. 講完標題 先破堤 標題不要講英文縮寫 反而是中文 不縮寫 情境 的專題標題 用情境視角帶點有趣去包裝 可能還比較好! 1. 先提零信任 再提零信任網路 2. 大闕介紹 ZTNA 4Min 適時提到 "TLS" 盡可能以 "金融體系" 包裝 3. 接者介紹 TLS Java 用TLS 難道就安全嗎 4. 提 CVE 提 嚴重等級 提Java lib洞 5. 偽造簽章一但成功 用戶端就會被偽造的Server端欺騙 使得用戶信賴Fake Server 6. 如何偽造 快速介紹ECC 簽章 以及 洞 7. Demo 8. Modify and Demo Fix - CVE-2022-21449 簡介 - 心靈簽章說明 - 風險等級 - 漏洞說明 - 加解密 - 簽章 - 橢圓曲線 - demo - demo 說明 - 遇到的問題 ## 專題大綱 - 動機 - ZTNA - 動機 - ZTNA 連線拓譜 & 機制 - demo - ZTNA 好處 - 數位簽章 CVE 復現 - CVE-2022-21449 介紹 - 漏洞說明 - demo - 心得&未來展望 ## 簡報強烈建議放的內容 1. 如果應用程序使用了受影響的 Java 版本進行 ECDSA 簽名驗證,無論是使用 TLS 1.0、1.1、1.2 還是 1.3,只要使用了 ECDSA 簽名,這個漏洞都可能影響到這些協議版本。 2. 對稱非對稱 ![image](https://hackmd.io/_uploads/BJU2cTYFR.png) ![image](https://hackmd.io/_uploads/rk10qatYR.png) 3. 心靈簽章(Psychic Signatures) Intro 4. 要提到一些關鍵字 ; 像是繞過驗證 高風險等級 7.5分 5. 是否放Team Work --- ## 不錯的報告建議 1. 盡量不要用"我" 用==我們== 2. 建議少提到 "專題時間很少" 如果不得已要提 就說 ==在有限的時間== 3. 如果評審提問 不要硬凹 4. 稍微輕鬆點報告 不是論文 反而適合弄成故事 去敘述 5. 單頁字不要多 講居多 字少 6. 注意用詞 --- # Refer : [1] 憑證 數位簽章 https://www.dottedsign.com/zh-tw/blog/product/what-is-digital-signature [2] 憑證 Ele實驗室 https://www.youtube.com/watch?v=vVbLSba6vOI&ab_channel=Ele%E5%AE%9E%E9%AA%8C%E5%AE%A4 <style> /* AIS3 × D5Team × HackMD Start */ .navbar-brand:before { content: 'AIS3 × TeamD5 × ' !important; padding-left: 2em; background-image: url(); background-repeat: no-repeat; background-size: contain; } .navbar-brand > .fa-file-text { display: none; } /* End */ /* Please don't uncomment it */ /* Rotating Profile Picture Start */ img { animation-name: rotate; animation-iteration-count: infinite; } /* End */ </style> --- ###### tags: `AIS32024` `D組跨領域` `專題` `共筆`

    Import from clipboard

    Paste your markdown or webpage here...

    Advanced permission required

    Your current role can only read. Ask the system administrator to acquire write and comment permission.

    This team is disabled

    Sorry, this team is disabled. You can't edit this note.

    This note is locked

    Sorry, only owner can edit this note.

    Reach the limit

    Sorry, you've reached the max length this note can be.
    Please reduce the content or divide it to more notes, thank you!

    Import from Gist

    Import from Snippet

    or

    Export to Snippet

    Are you sure?

    Do you really want to delete this note?
    All users will lose their connection.

    Create a note from template

    Create a note from template

    Oops...
    This template has been removed or transferred.
    Upgrade
    All
    • All
    • Team
    No template.

    Create a template

    Upgrade

    Delete template

    Do you really want to delete this template?
    Turn this template into a regular note and keep its content, versions, and comments.

    This page need refresh

    You have an incompatible client version.
    Refresh to update.
    New version available!
    See releases notes here
    Refresh to enjoy new features.
    Your user state has changed.
    Refresh to load new user state.

    Sign in

    Forgot password

    or

    By clicking below, you agree to our terms of service.

    Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
    Wallet ( )
    Connect another wallet

    New to HackMD? Sign up

    Help

    • English
    • 中文
    • Français
    • Deutsch
    • 日本語
    • Español
    • Català
    • Ελληνικά
    • Português
    • italiano
    • Türkçe
    • Русский
    • Nederlands
    • hrvatski jezik
    • język polski
    • Українська
    • हिन्दी
    • svenska
    • Esperanto
    • dansk

    Documents

    Help & Tutorial

    How to use Book mode

    Slide Example

    API Docs

    Edit in VSCode

    Install browser extension

    Contacts

    Feedback

    Discord

    Send us email

    Resources

    Releases

    Pricing

    Blog

    Policy

    Terms

    Privacy

    Cheatsheet

    Syntax Example Reference
    # Header Header 基本排版
    - Unordered List
    • Unordered List
    1. Ordered List
    1. Ordered List
    - [ ] Todo List
    • Todo List
    > Blockquote
    Blockquote
    **Bold font** Bold font
    *Italics font* Italics font
    ~~Strikethrough~~ Strikethrough
    19^th^ 19th
    H~2~O H2O
    ++Inserted text++ Inserted text
    ==Marked text== Marked text
    [link text](https:// "title") Link
    ![image alt](https:// "title") Image
    `Code` Code 在筆記中貼入程式碼
    ```javascript
    var i = 0;
    ```    		 
    var i = 0;
    :smile: :smile: Emoji list
    {%youtube youtube_id %} Externals
    $L^aT_eX$ LaTeX
    :::info
    This is a alert area.
    :::

    This is a alert area.
    Versions and GitHub Sync
    Get Full History Access

    • Edit version name
    • Delete

    revision author avatar     named on  

    More Less

    Note content is identical to the latest version.
    Compare
      Choose a version
      No search result
      Version not found
    Sign in to link this note to GitHub
    Learn more
    This note is not linked with GitHub
     

    Feedback

    Submission failed, please try again

    Thanks for your support.

    On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

    Please give us some advice and help us improve HackMD.

     

    Thanks for your feedback

    Remove version name

    Do you want to remove this version name and description?

    Transfer ownership

    Transfer to
      Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

        Link with GitHub

        Please authorize HackMD on GitHub
        • Please sign in to GitHub and install the HackMD app on your GitHub repo.
        • HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.
        Learn more  Sign in to GitHub

        Push the note to GitHub Push to GitHub Pull a file from GitHub

          Authorize again
         

        Choose which file to push to

        Select repo
        Refresh Authorize more repos
        Select branch
        Select file
        Select branch
        Choose version(s) to push
        • Save a new version and push
        • Choose from existing versions
        Include title and tags
        Available push count

        Pull from GitHub

         
        File from GitHub
        File from HackMD

        GitHub Link Settings

        File linked

        Linked by
        File path
        Last synced branch
        Available push count

        Danger Zone

        Unlink
        You will no longer receive notification when GitHub file changes after unlink.

        Syncing

        Push failed

        Push successfully