15. 現場確認
Port mirroring is used on a network switch to send a copy
of network packets seen on one switch port (or an entire VLAN)
to a network monitoring connection on another switch port.
22. 使用工具
CapTipper
Malicious HTTP traffic explorer
CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic.
https://github.com/omriher/CapTipper
http://ppt.cc/qEXsD (LAB1)
http://ppt.cc/JkkeO (LAB2)
23. 使用工具
SecurityOnion
Security Onion is a Linux distribution for intrusion
detection, network security monitoring, and log
management. It’s based on Ubuntu and contains Snort,
Suricata, Bro, Sguil…
http://sourceforge.net/projects/security-
onion/files/?source=navbar
https://security-onion-solutions.github.io/security-
onion/
26. EXPLOIT INTRODUCTION
ExploitKit is a toolkit that automates the
exploitation of client-side vulnerabilities,
targeting browsers and programs that a website
can invoke through the browser.
49. AUTOMATER
Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at
making the analysis process easier for intrusion Analysts. Given a target
(URL, IP, or HASH) or a file full of targets Automater will return relevant
results from sources like the following: IPvoid.com, Robtex.com,
Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com,
ThreatExpert, VxVault, and VirusTotal.
https://github.com/1aN0rmus/TekDefense-Automater