⽬录遍历 Apache ActiveMQ 未授权访问,5.12 之前的版本 fileserver存在 PUT任意写 CVE-2015-5254 Apache Solr CVE-2017-12629 CVE-2019-0193 [ Apache Solr 5.x - 8.2.0 ] Apache Zookeeper 未授权访问,敏感信息泄露 Apache Shiro 此处不再赘述, 此项⾮防御重点, 因为压根也不好防 批量抓取当前机器上的 "各类基础服务配置⽂件中保存的各种账号密码" ⽐如,各种数据库连接配置⽂件,各类服务⾃身的配置⽂件(redis,http basic...)... 想办法 "控制⽬标 运维管理 / 技术⼈员 的单机,从这些机器上去搜集可能保存着各类敏感⽹络资产的账号密码表" ⽐如, *.ls,*.doc,*.docx, * 本机明⽂密码嗅探 [ http,ftp,pop3... ] 传统键盘记录 windows蓝屏技巧 [ 此操作主要为应对不时之需,⽐如,搞蓝屏,登管理员登录抓密码 ] Hash 爆破: Hashcat [ 完全拼GPU ] 0x08 内⽹安全 [内⽹常⽤ "隧道"" / "转发"" / "代理"" 穿透⼿法 提炼汇总 ， 防御重点] 出⽹流量刺探 ⽐如,http,dns,以及⼀些穿透性相对较好的tcp端⼝

Management  Every technology under the sun  Solaris, Windows, Linux  Apache, IIS, TCServer, etc.  Oracle, DB2, SQL Server  How we got better  We read and we studied.  Created a self-improvement

”  “I have to manually type in hundreds of server names in one of the text boxes. Most of the time, there’s not enough room in the field! A hundred server names are supposed to fit in a sixty-four-character Attributions [1] Amazon, http://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/0988262509/[2] The Three Ways: The Principles Underpinning DevOps, Gene Kim, http://itrevolution.com/the-three-ways-

infrastructure, etc. 2. Security group changes 3. Changes to configurations 4. XSS, SQLi attempts 5. Server errorsii. Consider blocking and storing source of events when attacks are detected to facilitate

ability to learn from mistakes and diminish integrating that learning into future work d. Google Web Server (GWS) team was struggling with changes – Hard line: no changes would be accepted into GWS without

about? What did I learn? Service Workers: The Practical Bits by Patrick Meenan (Google) @patmeenan http://www.slideshare.net/patrickmeenan/service-workers-for-performance  They are effectively a man in Performance Best Practices Together to Create the Perfect SPA by Chris Love (Love2Dev) @ChrisLove http://www.slideshare.net/docluv/putting-performance-best-practices-together-for-a-spa  "We have created (but where the heck do you start?) by Tammy Everts & Cliff Crocker (SOASTA) @tameverts @cliffcrocker http://www.slideshare.net/CloudTest/metrics-metrics-everywhere-but-where-the-heck-do-you-start  The myth

北京快猫星云科技有限公司 Categraf 增强功能 INTERNAL OR RESTRICTED, ALL RIGHTS RESERVED © 北京快猫星云科技有限公司 Categraf 增强功能 多协议： HTTP、TCP、UDP、 ICMP、WSDL 多拨测点： 可选择安装了Categraf 的⼀个或多个设备 INTERNAL OR RESTRICTED, ALL RIGHTS RESERVED 北京快猫星云科技有限公司 INTERNAL OR RESTRICTED, ALL RIGHTS RESERVED © 北京快猫星云科技有限公司 六分科技——国内领先的⾼精定位服务产品专业提供商 http://flashcat.cloud/blog/liufen/ 痛点： 1. 监控⼯具太多，维护和使⽤都很麻烦 2. 缺少业务维度的监控 3. 缺乏统⼀的稳定性视图，缺乏故障定位的驾驶舱 效果： 北京快猫星云科技有限公司 北京快猫星云科技有限公司 INTERNAL OR RESTRICTED, ALL RIGHTS RESERVED © 北京快猫星云科技有限公司 某国内领先的医疗⼤健康产业集团 http://flashcat.cloud/blog/case-flashcat-in-medicine-company/ 痛点： 1. 故障发现慢，主要依赖⽤户保障 2. 缺乏基于业务视⻆的全链路监控，故障定位耗时较⻓

Utica Coll. of Syracuse Univ. Lib., N.Y . Attributions and References [1] The Pomodoro Technique, http://pomodorotechnique.com/ [2] Personal Productivity Using The Pomodoro Technique, Daniel Hinojosa w/ present#slide=id.i0 [3] Flow: The Psychology of Optimal Experience, Mihaly Csikszentmihalyi, http://www.amazon.com/Flow-Psychology-Experience-Mihaly-Csikszentmihalyi/dp/0061339202/Walkthrough To

NDIA's Agile in Government Summit 6/6/2018-6/7/2018. Keynotes: Major General Sarah Zabel http://www.ndia.org/events/2018/6/6/agile-in-government/proceedings Agile and EVMS They Can Co-exist! ( per