Metrics、Logs、Traces、Events、Profiling 等多种可观测性数据融会贯通，并预置⾏业最佳实践， 既提供全局业务视⻆、技术视⻆的驾驶舱，也提供层层下钻的故障定位能⼒，有效缩短故障发现和定位 时间。 统一采集 INTERNAL OR RESTRICTED, ALL RIGHTS RESERVED © 北京快猫星云科技有限公司 All-in-One 的数据采集器 Categraf 集，云上云下，均可监控； • 汇聚领域最佳实践，开箱即⽤； INTERNAL OR RESTRICTED, ALL RIGHTS RESERVED © 北京快猫星云科技有限公司 内置仪表盘模板和告警模板 INTERNAL OR RESTRICTED, ALL RIGHTS RESERVED © 北京快猫星云科技有限公司 Categraf 增强功能 INTERNAL OR RESTRICTED INTERNAL OR RESTRICTED, ALL RIGHTS RESERVED © 北京快猫星云科技有限公司 告警排班 1. 提前规划值班表，可以让 on-call ⼯作更有计划性，减少疏忽和失误。 2. 通过值班表，可以有效的減少告警对⾮值班 team 的打扰，提升⼯程师的⼯作体验。 可创建多个规则 临时调班 值班提醒 INTERNAL OR RESTRICTED, ALL RIGHTS

⽽不局限于你⼀定要在什么时间, ⽤什么技术 或者 必须通过什么途径去搞,相⽐传统渗透测试,红队则更趋于真实的 ⼊侵活动 这种场景其实对防御者的 实战对抗经验 和 技术深度 都是⽐较⼤的挑战 所以,以下的所有技术点也⼏乎都是完全站在这种场景和⻆度下来考量梳理的 需要特别说明的是, 所有攻击⼿法在现实中都绝不是完全孤⽴使⽤的, 往往很多⼿法都是相互灵活组合起来进⾏循环 利⽤ 由于绝⼤部分内容都是基于本⼈平时学习实战积累的⼀些经验 但⻓期来看, 是⼀劳永逸的, 沉淀下来的这些东⻄最终也会慢慢形成⾃⼰产品的 核⼼竞争⼒和特⾊ 说⽩点,这种对抗,本质上拼的还是双⽅的技术实⼒,不仅要能在不知觉的情况下搞进去,⽽且要能⽆限制加⼤对⽅后期 的溯源成本 另外,作为⼀名合格的攻防⼈员,⼯具的熟练掌握仅仅只是极⼩的⼀部分,对各种利⽤原理的深度理解和⼆次定制能⼒ 才是你的核⼼ ⽇常流程简要说明 ⼊⼝权限 => 内⽹搜集/探测 => 钓hash,国内ISP过滤SMB流量不适⽤ ] ...... 0x05 主机安全 [提权利⽤，防御重点] 以下只单独挑了⼀些在 通⽤性, 稳定性, 易⽤性, 实际成功率 都相对较好的洞 和 ⽅式 其它的⼀些"边缘性"的 利⽤都暂未提及 Windows 系统漏洞 本地提权 [成功的前提是 保证事先已做好各种针对性免杀] Windows 系统漏洞 本地提权 [成功的前提是, 保证事先已做好各种针对性免杀]

product. Management for the sake of management is not respected.  Get things done: The hierarchy must be flattened. Layers of management get in the way of goals. The employee wants the shortest possible ever since. Follow Us Follow our Agile for Defense group on Meetup, Facebook, and GitHub where we post events and many of our table topics.  https://www.meetup.com/Agile-for-Defense/  https://www trying? On the Agile for Defense Facebook group, I created a post where you can post your feedback as comments on the post. The URL to that post is: https://www.facebook.com/groups/AgileForDefense/perm

practices 1. Blameless post-mortems 2. Controlled introduction of failures for practice c. SCHEDULE BLAMELESS POST-MORTEM MEETINGS AFTER ACCIDENTS OCCUR i. Blameless Post-Mortem – meeting to examine the decision- making process of individuals proximate to the failure.” – John Allspaw ii. Blameless Post-Mortem – Actions: 1. Construct a timeline and gather details of the failure from multiple perspectives2 these countermeasures are recorded with ta target date and an owner for follow-up. iii. Blameless Post-Mortem – Stakeholders: 1. The people involved in decisions that may have contributed to the problem

elsewhere in the software code or documentation. When these changes do not get addressed within the immediate sprint or release and get deferred for a later iteration, the program accumulates a debt that must but these reviews and the early phases would be heavily tailored and streamlined. The goal is to get from MDD to Milestone B in less than 18 months. This would provide sufficient analysis and planning actively collaborate with the development team, particularly during continuous testing activities and post-development limited assessments and acceptance testing. In situations where no primary users are

features that we don’t actually use.  It resists change—we can’t even change it ourselves, but have to get the vendor to change it.  Our IT Skills Asset also becomes less flexible when we acquire an off-the-shelf use them correctly, enable a fast try-and-learn cycle in which developers can produce something, get feedback, and then adjust what they have produced. As a result, the code can be developed in a user-centric actual delivery. The more advance planning we do, the longer it takes to get a product to market; the longer it takes to get a product to market, the more risk we assume.  our governance decisions

PPM software for Agile 1 Scott Grimes Technical Debt 2 Michelle Bauer "Rapid Problem Solving with Post-It Notes - Book Club 0 Nick Wenner My Experience in Effective Retrospectives 2 Eric Ewing LeanUX Nik Kalantjakos "Coaching Agile Teams" - Book Club 0 Michelle Bauer "Rapid Problem Solving with Post-It Notes - Book Club 0 Craig Lacy Challenges to Adopting Agile in a Mainframe World 0

software for Agile Aug 2015 Scott Grimes Technical Debt Michelle Bauer "Rapid Problem Solving with Post-lt Notes - Book Club Nick Wenner My Experience in Effective Retrospectives Eric Ewing

servers like pets: “You name them and when they get sick, you nurse them back tohealth. [Now] servers are [treated] like cattle. You number them and when they get sick, you shoot them.” iii. Ensure consistency PULL THE ANDON CORD i. If not, it becomes increasing difficult to get back to a deployable state ii. If not, undoes the work done to get to a known workable state 4. Ch. 11 Enable and Practice Continuous

in a change request, they have to wait a lifetime to get approvals, let alone get on the schedule. We have the business breathing down our neck to get crap done. We can’t wait for you to hem and haw, complaining