[nctu] [ccca] network security ii
TRANSCRIPT
Network SecurityNCTU CSCC xatier2012.12.24
Security?
先不管這個了,你聽過聖誕夜嗎
Security?
Security?
True Story
http://i.imgur.com/k1qoD.jpg
evil input
SQL injection
pangolin
http://nosec.org/en
XSS
XSShttp://thehackernews.com/2012/11/xss-vulnerability-in-apple-website.html#
XSRF
Burp Suite打嗝套房
http://www.portswigger.net/burp/
social engineering
social engineering駭客大騙局
欺騙的藝術:人心控制的安全要素The Art of Deception: Controlling the Human Element of Security
social engineeringSET!
http://www.social-engineer.org/
social engineeringcosmo the God
http://wired.tw/2012/10/03/cosmo-the-god-who-fell-to-earth-1/index.html
air crack!空氣爆破術
air crack!空氣爆破術
air crack!空氣爆破術http://www.aircrack-ng.org/
air crack!空氣爆破術http://www.aircrack-ng.org/feedingbottle 奶瓶beini Linuxhttp://beini.en.softonic.com/
phishing
phishing
phishing
exploit vulnerabilityJohn von Neumann 對於圖靈機實作的天然缺陷
data / program 傻傻分不清楚
圖靈機能夠複製自己!
我的 data 你的 code >/////<
metasploithttp://www.metasploit.com/
open source!
plugins and scripts (Ruby)
ms08067
ms08067
Allow Remote Code Execution !
Programming LanguageVulnerable design in the programming language.
http://www.nruns.com/_downloads/advisory28122011.pdf
surf the net secretly
ssh tunneling ssh -NfD [localport] you@bsd1
proxy: localhost:[localport]
proxychains!
VPN
virtualprivatenetwork
PPTPThe Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
the Tor project
https://www.torproject.org/
News
thehackernews.comwww.hack-stuff.comcoolshell.cnsecurity-sh3ll.blogspot.tw
wargameshttp://hitcon.org/2012/wargame.html
最簡單的第零題:http://hitcon.org!
happy hacking
:-)