CEH - 职业道德黑客简介
这里的简介都是一些初步的介绍有什么东西,具体的详细内容在各个章节里都有介绍。
黑客方法论:
入狱六部:(penetration test)
- Reconnaissance 侦察
- Footprint 足迹
- Scanning 扫描
- Gaining Access 获取入口
- Maintaining Access 持续连接
- Clearing Tracks 毁尸灭迹
三大测试:
- Black box testing,传说中的盲打 (注:pentester 渗透测试者),很好的测试系统vulnerablities
- White box testing,类似于画完考点的开卷考试
- Grey box testing, 攻击者相比于black box test有elevated privileges, 相当于半开卷,没有考点
常见攻击手段:
- Operating System attacks: 操作系统攻击,原文说的是
Generally speaking, these attacks target the comman mistake many people make when installing operating system - accepting the leveling and defaults.
也就是说,攻击者利用了被攻击者在安装系统时候一顿点击默认还有瞎升级出现的漏洞。有些端口号和密码,都是默认的,一不注意就变成了我家大门常打开了。
- Application-level attacks: 应用层攻击,看看原文
These are attacks on the actual programming codes of an application.
所以应用层攻击就像游戏里的外挂,我直接在应用里面搞你的心态。
- Shrink-wrap code attacks 膜代码攻击,shrink-wrap是保鲜膜的意思,具体中文的翻译暂时没找到。字如其名,这类攻击是通过保鲜过期没被丢弃的应用中存在的代码或者脚本产生漏洞。比如log4j的重大漏洞,如果有人还在用apache的2.0到2.14版本做java开发日志,那攻击者就可以利用这一点进行攻击。原文看一下
These attacks take advantage of the built-in code and scripts most off-the-shelf applications come with.
文中也举出例子比如初始的一些脚本设定,都可以产生被攻击者利用的漏洞。
- Misconfiguration attacks 利用错误配置, 原文如下
These attacks take advantage of systems that are, on purpose or by accident, not configured appropriately for security.
如果手工配置一些软件或者硬件,总是有配置可能存在隐患的地方。所以嘛,没有漏风的墙。
常用名词解释
可以略
- Threat,威胁 就原文
A threat is any agent, circumstance, or situation that could cause harm or loss of an IT asset
- Vulnerabilities,漏洞 上原文
A vulnerability is any weakness, such as a software flaw or logic desgin, that could be exploited by a threat to a cause damage to an asset
- Exploit,利用漏洞
A breach of IT system security through vulnerabilities.
- Payload, 载体
Payload is the part of an exploit code that performs the intended malicious action.
- Zero-Day Attack,你一发现漏洞我就用
An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability.
- Daisy Chaining 总线型拓扑,一串多access
It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information
- Doxing 人肉搜索,从互联网上扒身份
Publishing personally identifiable information
Information Security 要素
CIA: Confidentiality机密性,integrity完整性,Avaliability可获取性 other:Authenticity真实性,Non-repudiation不可否认 安全三角: Security(指restriction关于暴露在外的组件),functionality(当前系统的功能),Usability(易用性)
信息安全攻击和攻击向量(information security attacks and attack vectors)
攻击等式:attacks = Motive(动机) + method(可用方法) + vulnerability(系统漏洞)
Motive behind attacks
- Disrupting business continuity 商业竞争
- information theft and manipulate data 窃读数据
- Creating Fear and chaos by disrupting critial infrastructure 恐怖袭击
- Financial loss 勒索钱财
- Progating religious and political belife 狂热信徒
- Achieve state's military objects 军事攻击
- Demanding reputation of the target 傲慢之罪
- Taking revenge 复仇者
- Demanding random 闲的蛋疼
Method(information security threats categories)
- Network Threats 网络威胁 like 窃听等
- Host Threats 主机威胁 like dos攻击 恶意插件
- Application Threates 应用威胁 like sql注入 xss注入等
Vulnerability(information security threats)
- cloud
- Advance Persistent Threat: 持续的偷取信息在被攻击毫无察觉的情况下
- Virus & Worm
- Ransomware 勒索软件
- Mobile
