Enviar pesquisa
Carregar
窺探職場上所需之資安專業技術與能力 Tdohconf
•
27 gostaram
•
4,394 visualizações
jack51706
Seguir
TDOH CONF
Leia menos
Leia mais
Apresentações e oratória
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 57
Baixar agora
Baixar para ler offline
Recomendados
資訊安全入門
資訊安全入門
Tyler Chen
Got Your PW - 一場入門資安的微旅行
Got Your PW - 一場入門資安的微旅行
Allen Chou
台科大網路鑑識課程 封包分析及中繼站追蹤
台科大網路鑑識課程 封包分析及中繼站追蹤
jack51706
網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享
Ying-Chun Cheng
ZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSS
Дмитрий Бумов
Basics of Server Side Template Injection
Basics of Server Side Template Injection
Vandana Verma
今さら聞けないXSS
今さら聞けないXSS
Sota Sugiura
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
Recomendados
資訊安全入門
資訊安全入門
Tyler Chen
Got Your PW - 一場入門資安的微旅行
Got Your PW - 一場入門資安的微旅行
Allen Chou
台科大網路鑑識課程 封包分析及中繼站追蹤
台科大網路鑑識課程 封包分析及中繼站追蹤
jack51706
網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享
Ying-Chun Cheng
ZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSS
Дмитрий Бумов
Basics of Server Side Template Injection
Basics of Server Side Template Injection
Vandana Verma
今さら聞けないXSS
今さら聞けないXSS
Sota Sugiura
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
Malware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén
Introduction to shodan
Introduction to shodan
n|u - The Open Security Community
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
bugcrowd
SSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
議題二:Web應用程式安全防護
議題二:Web應用程式安全防護
Nicolas su
XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?
Yurii Bilyk
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
Bug Bounty for - Beginners
Bug Bounty for - Beginners
Himanshu Kumar Das
End-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
Windows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
Social Engineering Attacks & Principles
Social Engineering Attacks & Principles
LearningwithRayYT
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)
Daniel Tumser
Key logger,Why? and How to prevent Them?
Key logger,Why? and How to prevent Them?
Bibek Sharma
XSS
XSS
Hrishikesh Mishra
Deep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
Building Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)
Bug Bounty 101
Bug Bounty 101
Shahee Mirza
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP
淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Wen-Tien Chang
Mais conteúdo relacionado
Mais procurados
Malware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén
Introduction to shodan
Introduction to shodan
n|u - The Open Security Community
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
bugcrowd
SSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
議題二:Web應用程式安全防護
議題二:Web應用程式安全防護
Nicolas su
XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?
Yurii Bilyk
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
Bug Bounty for - Beginners
Bug Bounty for - Beginners
Himanshu Kumar Das
End-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
Windows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
Social Engineering Attacks & Principles
Social Engineering Attacks & Principles
LearningwithRayYT
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)
Daniel Tumser
Key logger,Why? and How to prevent Them?
Key logger,Why? and How to prevent Them?
Bibek Sharma
XSS
XSS
Hrishikesh Mishra
Deep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
Building Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)
Bug Bounty 101
Bug Bounty 101
Shahee Mirza
Mais procurados
(20)
Malware Analysis Made Simple
Malware Analysis Made Simple
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Introduction to shodan
Introduction to shodan
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
SSRF For Bug Bounties
SSRF For Bug Bounties
議題二:Web應用程式安全防護
議題二:Web應用程式安全防護
XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Bug Bounty for - Beginners
Bug Bounty for - Beginners
End-User Security Awareness
End-User Security Awareness
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
Windows Threat Hunting
Windows Threat Hunting
Social Engineering Attacks & Principles
Social Engineering Attacks & Principles
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)
Key logger,Why? and How to prevent Them?
Key logger,Why? and How to prevent Them?
XSS
XSS
Deep dive into ssrf
Deep dive into ssrf
Building Advanced XSS Vectors
Building Advanced XSS Vectors
Bug Bounty 101
Bug Bounty 101
Semelhante a 窺探職場上所需之資安專業技術與能力 Tdohconf
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP
淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Wen-Tien Chang
Agile startup company management and operation
Agile startup company management and operation
Jiang Zhu
Next Generation Memory Forensics
Next Generation Memory Forensics
Andrew Case
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
Simon Bennetts - Automating ZAP
Simon Bennetts - Automating ZAP
DevSecCon
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
Istanbul Tech Talks
2017 Codemotion OWASP ZAP in CI/CD
2017 Codemotion OWASP ZAP in CI/CD
Simon Bennetts
15年前に作ったアプリを現在に蘇らせてみた話
15年前に作ったアプリを現在に蘇らせてみた話
Naoki Nagazumi
EclipseCon France 2018 report
EclipseCon France 2018 report
Akira Tanaka
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov
Доклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDays
ru_Parallels
Security research over Windows #defcon china
Security research over Windows #defcon china
Peter Hlavaty
Introduction to red team operations
Introduction to red team operations
Sunny Neo
Barcamp Bangkhen :: Robot Framework
Barcamp Bangkhen :: Robot Framework
Somkiat Puisungnoen
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
TestDevLab
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Codemotion
Java platform
Java platform
Universidade de São Paulo
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011
Abraham Aranguren
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
gmaran23
Semelhante a 窺探職場上所需之資安專業技術與能力 Tdohconf
(20)
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
淺談 Startup 公司的軟體開發流程 v2
淺談 Startup 公司的軟體開發流程 v2
Agile startup company management and operation
Agile startup company management and operation
Next Generation Memory Forensics
Next Generation Memory Forensics
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts - Automating ZAP
Simon Bennetts - Automating ZAP
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
2017 Codemotion OWASP ZAP in CI/CD
2017 Codemotion OWASP ZAP in CI/CD
15年前に作ったアプリを現在に蘇らせてみた話
15年前に作ったアプリを現在に蘇らせてみた話
EclipseCon France 2018 report
EclipseCon France 2018 report
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Доклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDays
Security research over Windows #defcon china
Security research over Windows #defcon china
Introduction to red team operations
Introduction to red team operations
Barcamp Bangkhen :: Robot Framework
Barcamp Bangkhen :: Robot Framework
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
Java platform
Java platform
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Último
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
Vipesco
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
mohammadalnahdi22
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
soniya singh
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
NikitaBankoti2
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
Sheetaleventcompany
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
anamikaraghav4
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
eCommerce Institute
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Pooja Nehwal
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
Pooja Nehwal
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
eCommerce Institute
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
NETWAYS
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Pooja Nehwal
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Hasting Chen
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Kayode Fayemi
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
henrik385807
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
Chameera Dedduwage
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
henrik385807
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
Tatiana Gurgel
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
henrik385807
Último
(20)
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
窺探職場上所需之資安專業技術與能力 Tdohconf
1.
Jack 1
2.
... • • • • • 2
3.
Agenda • Whoami • • & • • •
FAQ 3
4.
4
5.
( ) • TCP/IP •
OWASP 5
6.
-VA & WEBVA •
OWASP • Vulnerability Assessment • ..... • 6
7.
Exploit Development • http://securityalley.blogspot.tw/2014/06/buffer-overflow-windows.html
( EXPLOIT ) • https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/ (CORELAN ) • http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/ ( EXPLOIT ) • https://github.com/enddo/awesome-windows-exploitation • https://github.com/riusksk/vul_war 7
8.
8
9.
9
10.
- / • • 10
11.
- • • • AD • • • 11
12.
( ) • WEBPT •
IR • Coding • Certification 12
13.
- • OWASP Testing
Guide • Open Source Security Testing Methodology Manual (OSSTMM) • • 13
14.
Web Application Hacker’s
Methodology 14
15.
SQLMAP • ..... • 1 •
2 code • 3 code 15
16.
-1 • https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project • http://drops.wooyun.org/(
....) • http://www.freebuf.com/ • https://www.91ri.org/ • https://support.portswigger.net/customer/portal/topics/792273-burp-testing- methodologies/articles?page=1 • https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/ 16
17.
17
18.
- • ERS? (WHAT) •
? (WHO) • ? (WHERE) • ? (HOW) • 18
19.
ATTACK LIFECYCLE ..... 19
20.
- • 20
21.
IR Toolkit • 21
22.
- • • • • 22
23.
• Hash (
) • (.NET JAVA ) • Import ( • Strings • Tools Installed on REMnux • Reverse-Engineering Wiki 23
24.
• F5 ( • •
( ?) 24
25.
• .... • • —— 25
26.
26
27.
• Anti VM •
Anti OD • Anti Forensic • Anti XXX …… • • ANTI TECH github 27
28.
• • 28
29.
• http://bbs.pediy.com/ (
) • http://www.52pojie.cn/forum.php ( ) • http://adr.horse/ ( ) • https://github.com/gasgas4/APT_CyberCriminal_Campagin ( ) • http://blog.malwaremustdie.org/ • http://www.malware-traffic-analysis.net/ 29
30.
30
31.
Malware Source /
Code • https://github.com/gasgas4/Leaked_Malware_SourceCode • https://github.com/ytisf/theZoo • https://github.com/krmaxwell/maltrieve 31
32.
- • • • • • 32
33.
• • • ?! • • 33
34.
34
35.
35
36.
36
37.
IDA OD ... 37
38.
Google Drive • OAuth 38
39.
DropBox • token 39
40.
40
41.
XX •A B •B C
D E • ... 41
42.
XXX • • • 42
43.
43
44.
( ! 44
45.
• Office • 45
46.
... 46
47.
• 47
48.
! ! ! 48
49.
! ! ! 49
50.
50
51.
• https://github.com/hackedteam?tab=repositories (
HACKING TEAM) • https://www.blackhat.com/html/archives.html • https://www.defcon.org/html/links/dc-archives.html • https://github.com/RichardLitt/awesome-conferences • RSA , Zeronight , Hitcon , cansecwest , CONFidence , HITB , nullcon , recon , syscan ... 51
52.
FAQ: CTF • • Bug
Bounty • http://ppt.cc/7xaGu • https://bugcrowd.com/ programs • https://h1.sintheticlabs.com/ 52
53.
FAQ Certification • 53
54.
54
55.
55
56.
... 56
57.
& 57
Baixar agora