才是你的核⼼ ⽇常流程简要说明 ⼊⼝权限 => 内⽹搜集/探测 => 免杀提权[⾮必须] => 抓取登录凭证 => 跨平台横向 => ⼊⼝维持 => 数据回 传 => 定期权限维护 0x01 ⼊⼝权限获取 [前期侦察，搜集阶段本身就不存在太多可防御的点，⾮防 御重⼼] 绕CDN找出⽬标所有真实ip段 找⽬标的各种Web管理后台登录⼝ 批量抓取⽬标所有真实C段 Web banner BypassWAF 各类Java Web中间件已知Nday漏洞利⽤ BypassWAF Webshell 免杀 其它更多 待补充修 其它更多 , 待补充修正... 0x02 ⼊⼝权限获取 [外部防御重⼼ ( "重中之重") ] 此阶段,主要是针对各主流 "中间件 + 开源程序 + Web服务组件" ⾃身的各种已知Nday漏洞利⽤ 如下已按 "实际攻击利⽤的难易程度" [jboss 7.x 改名为 wildfly] 控制台弱⼝令,部署webshell Tomcat CVE-2016-8735 CVE-2017-12615 [ readonly 实际设为 true的情况较少,稍鸡肋 ] CVE-2020-1938 [ AJP协议漏洞, 直接把8009端⼝暴露在外⽹的不太多,稍鸡肋 ] 控制台弱⼝令,部署webshelll [ 注: 7.x版本后,默认加了防爆机制

evolve based upon new constraints, goals, and functionality iii. What works at scale 1X rarely works at scale 10X or 100X d. USE THE STRANGLER APPLICATION PATTERN TO SAFELY EVOLVE OUR ENTERPRISE ARCHITECTURE

Pomodoro Technique, Daniel Hinojosa, https://docs.google.com/presentation/d/1ufjcILARuowbv3Y9r-FP9-x3kmlIzq7bvOJBxRVh3-w/ present#slide=id.i0 [3] Flow: The Psychology of Optimal Experience, Mihaly Csikszentmihalyi

changes or complicated processes.” iv. 2015 State of DevOps Report – high performers had MTTR 168x faster than low performers b. CREATE OUR CENTRALIZED TELEMETRY INFRASTRUCTURE i. Remove the silos

Successful Brownfield transformations 1. CSG – COBOL mainframe and supporting applications a. They 2X release frequency b. Resulted in increased application reliability c. Reduced deployment lead time

resulted from hack day project. Small team refined it over 2 year period and allowed Facebook to handle 6X production load compared to native PHP. d. ENABLE EVERYONE TO TEACH AND LEARN i. Dedicate organizational