Network SecurityNCTU CSCC xatier2012.12.24

Security?

先不管這個了，你聽過聖誕夜嗎

Security?

Security?

True Story

http://i.imgur.com/k1qoD.jpg

evil input

SQL injection

pangolin

http://nosec.org/en

Havij

XSS

XSShttp://thehackernews.com/2012/11/xss-vulnerability-in-apple-website.html#

XSRF

Burp Suite打嗝套房

http://www.portswigger.net/burp/

social engineering

social engineering駭客大騙局

欺騙的藝術：人心控制的安全要素The Art of Deception: Controlling the Human Element of Security

social engineeringSET!

http://www.social-engineer.org/

social engineeringcosmo the God

http://wired.tw/2012/10/03/cosmo-the-god-who-fell-to-earth-1/index.html

air crack!空氣爆破術

air crack!空氣爆破術

air crack!空氣爆破術http://www.aircrack-ng.org/

air crack!空氣爆破術http://www.aircrack-ng.org/feedingbottle 奶瓶beini Linuxhttp://beini.en.softonic.com/

phishing

phishing

phishing

exploit vulnerabilityJohn von Neumann 對於圖靈機實作的天然缺陷

data / program 傻傻分不清楚

圖靈機能夠複製自己！

我的 data 你的 code >/////<

metasploithttp://www.metasploit.com/

open source!

plugins and scripts (Ruby)

ms08067

ms08067

Allow Remote Code Execution ！

Programming LanguageVulnerable design in the programming language.

http://www.nruns.com/_downloads/advisory28122011.pdf

surf the net secretly

ssh tunneling ssh -NfD [localport] you@bsd1

proxy: localhost:[localport]

proxychains!

VPN

virtualprivatenetwork

PPTPThe Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.

the Tor project

https://www.torproject.org/

News

thehackernews.comwww.hack-stuff.comcoolshell.cnsecurity-sh3ll.blogspot.tw

wargameshttp://hitcon.org/2012/wargame.html

最簡單的第零題：http://hitcon.org!

happy hacking

:-)