利⽤漏洞触发 ] ... 第⼆种,给⽬标发送各种钓⻥链接,⽐如, 利⽤各种⽬标登录⼝的钓⻥⻚⾯来窃取各种内⽹账号密码 Vpn Mail OA Net ntlm hash [ 远程模板注⼊,pdf...钓hash,国内ISP过滤SMB流量不适⽤ ] ...... 0x05 主机安全 [提权利⽤，防御重点] 以下只单独挑了⼀些在 通⽤性, 稳定性, 易⽤性, 实际成功率 都相对较好的洞 ⽐如,Navicat,SSMS[MSSQL⾃带客户端管理⼯具,⾥⾯也可能保存的有密码(加密后的base64)] 抓取当前系统 "注册表中保存的各类账号密码hash" [ Windows ] 抓取当前系统所有 "本地⽤户的明⽂密码/hash" [ Windows & linux ] 抓取当前系统的所有 "⽤户token" [ Windows ] 抓取 "windows凭据管理器中保存的各类连接账号密码" 包括组策略⽬录中XML⾥保存的密码hash 和 NETLOGON⽬录下的某些脚 本中保存的账号密码 ] 抓取各类 "SSH客户端⼯具中保存的各种linux系统连接账号密码", SecureCRT,Xshell,WinSCP,putty 抓取各类 "浏览器中保存的各种web登录密码",Chrome [360浏览器],Firefox,IE,QQ浏览器 抓取各类 "数据库表中保存的各类账号密码hash" 抓取各类 "

their own key and sign all commits to version control. All created packages should be signed and hash recorded for auditing h. ENSURE SECURITY OF OUR SOFTWARE SUPPLY CHAIN i. Were often assembling applications

the next six-month release.  DO epics and user stories to concisely define the desired system functions and provide the foundation for Agile estimation and planning. o They describe what the users want developers, testers, and other stakeholders have a clear and agreed-upon understanding of the desired functions. They offer a far more dynamic approach to managing requirements than large requirements documents

often translate requirements into epics and user stories to concisely define the desired system functions and provide the foundation for Agile estimation and planning. They describe what the users want developers, testers, and other stakeholders have a clear and agreed-upon understanding of the desired functions. They offer a far more dynamic approach to managing requirements than large requirements documents

 The practice team wasn’t the same as the game time team.  Segregated technical and business functions  Development  Operations (Operational Waterfall)  Infrastructure Ops  Product Ops  Product

work flow streamline interdepartmental communications, and effectively serve the other business functions at Parts Unlimited. Key Concepts The Three Ways [2] The First Way emphasizes the performance

iteration in establishing software requirements • Growing software organically, adding more and more functions to systems as they are run, used, and tested”Who said it?Frederick Brooks Jr. • Joined IBM in

OF DAILY WORK i. Create infrastructure to make it easy for Dev or Ops to create telemetry for functions built ii. Generate graphs with overlays of production changes iii. Tools – StatsD, JMX, codahale

developing the application iii. QA – team responsible for ensuring feedback loop exists to ensure functions as desired iv. Operations – the team responsible for maintaing the production environment and