Enviar búsqueda
Cargar
HITCON GIRLS_惡意程式分析介紹_in 成功大學_by Turkey_2016.04.28
•
2 recomendaciones
•
421 vistas
Shang Wei Li
Seguir
演講簡介: HITCON 活動 惡意程式 勒索軟體
Leer menos
Leer más
Ingeniería
Denunciar
Compartir
Denunciar
Compartir
1 de 44
Descargar ahora
Descargar para leer sin conexión
Recomendados
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area
Orange Tsai
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
bugcrowd
Web application security & Testing
Web application security & Testing
Deepu S Nath
What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
Masato Kinugawa
SQL injection
SQL injection
Raj Parmar
Introduction to path traversal attack
Introduction to path traversal attack
Prashant Hegde
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
Recomendados
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area
Orange Tsai
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
bugcrowd
Web application security & Testing
Web application security & Testing
Deepu S Nath
What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
Masato Kinugawa
SQL injection
SQL injection
Raj Parmar
Introduction to path traversal attack
Introduction to path traversal attack
Prashant Hegde
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra
Orange Tsai
Click jacking
Click jacking
Ronan Dunne, CEH, SSCP
Oscp preparation
Oscp preparation
Manich Koomsusi
網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知
Justin Lin
Encoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
Marco Morana
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
Introduction To Ethical Hacking
Introduction To Ethical Hacking
Raghav Bisht
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
Security BSides Ahmedabad
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
Frans Rosén
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
Anurag Srivastava
Poor authorization and authentication
Poor authorization and authentication
Salma Gouia
Waf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
CSRF Basics
CSRF Basics
n|u - The Open Security Community
Building Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)
SQL Injection
SQL Injection
Adhoura Academy
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
Frans Rosén
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
資訊安全入門
資訊安全入門
Tyler Chen
Security testing
Security testing
Khizra Sammad
Shellshock 威脅案例
Shellshock 威脅案例
Shaolin Hsu
價值主張設計:如何測試 How to test your value proposition?
價值主張設計:如何測試 How to test your value proposition?
士杰 戴
Más contenido relacionado
La actualidad más candente
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra
Orange Tsai
Click jacking
Click jacking
Ronan Dunne, CEH, SSCP
Oscp preparation
Oscp preparation
Manich Koomsusi
網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知
Justin Lin
Encoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
Marco Morana
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
Introduction To Ethical Hacking
Introduction To Ethical Hacking
Raghav Bisht
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
Security BSides Ahmedabad
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
Frans Rosén
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
Anurag Srivastava
Poor authorization and authentication
Poor authorization and authentication
Salma Gouia
Waf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
CSRF Basics
CSRF Basics
n|u - The Open Security Community
Building Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)
SQL Injection
SQL Injection
Adhoura Academy
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
Frans Rosén
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
資訊安全入門
資訊安全入門
Tyler Chen
Security testing
Security testing
Khizra Sammad
La actualidad más candente
(20)
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra
Click jacking
Click jacking
Oscp preparation
Oscp preparation
網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知
Encoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Introduction To Ethical Hacking
Introduction To Ethical Hacking
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
Poor authorization and authentication
Poor authorization and authentication
Waf bypassing Techniques
Waf bypassing Techniques
CSRF Basics
CSRF Basics
Building Advanced XSS Vectors
Building Advanced XSS Vectors
SQL Injection
SQL Injection
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
資訊安全入門
資訊安全入門
Security testing
Security testing
Destacado
Shellshock 威脅案例
Shellshock 威脅案例
Shaolin Hsu
價值主張設計:如何測試 How to test your value proposition?
價值主張設計:如何測試 How to test your value proposition?
士杰 戴
MS SQL 2012 安裝與基本使用教學
MS SQL 2012 安裝與基本使用教學
Yuan Chiu
Ab Testing
Ab Testing
newegg
Http Headers 與 Cache 機制(2016)
Http Headers 與 Cache 機制(2016)
振揚 陳
Spock:願你的測試長長久久、生生不息
Spock:願你的測試長長久久、生生不息
Shihpeng Lin
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦
Ray Reng
測試是什麼
測試是什麼
Yvonne Yu
初心者 Git 上手攻略
初心者 Git 上手攻略
Lucien Lee
耶穌的生活: 兒童的著色書
耶穌的生活: 兒童的著色書
FreeChildrenStories
我的敏捷测试宣言(Agile Testing Manifesto)
我的敏捷测试宣言(Agile Testing Manifesto)
Xudong Yu
Git 版本控制 (使用教學)
Git 版本控制 (使用教學)
Jui An Huang (黃瑞安)
Linux 的檔案系統格式介紹
Linux 的檔案系統格式介紹
Ma Yu-Hui
MOPCON 2015 - 軟體、測試、程式設計家
MOPCON 2015 - 軟體、測試、程式設計家
家弘 周
Frontend django, Django Web 前端探索
Frontend django, Django Web 前端探索
Tim (文昌)
HITCON GIRLS Malware Analysis
HITCON GIRLS Malware Analysis
Hacks in Taiwan (HITCON)
CTF 經驗分享
CTF 經驗分享
Hacks in Taiwan (HITCON)
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊
Hacks in Taiwan (HITCON)
HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析
Hacks in Taiwan (HITCON)
關於測試,我說的其實是......
關於測試,我說的其實是......
hugo lu
Destacado
(20)
Shellshock 威脅案例
Shellshock 威脅案例
價值主張設計:如何測試 How to test your value proposition?
價值主張設計:如何測試 How to test your value proposition?
MS SQL 2012 安裝與基本使用教學
MS SQL 2012 安裝與基本使用教學
Ab Testing
Ab Testing
Http Headers 與 Cache 機制(2016)
Http Headers 與 Cache 機制(2016)
Spock:願你的測試長長久久、生生不息
Spock:願你的測試長長久久、生生不息
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦
測試是什麼
測試是什麼
初心者 Git 上手攻略
初心者 Git 上手攻略
耶穌的生活: 兒童的著色書
耶穌的生活: 兒童的著色書
我的敏捷测试宣言(Agile Testing Manifesto)
我的敏捷测试宣言(Agile Testing Manifesto)
Git 版本控制 (使用教學)
Git 版本控制 (使用教學)
Linux 的檔案系統格式介紹
Linux 的檔案系統格式介紹
MOPCON 2015 - 軟體、測試、程式設計家
MOPCON 2015 - 軟體、測試、程式設計家
Frontend django, Django Web 前端探索
Frontend django, Django Web 前端探索
HITCON GIRLS Malware Analysis
HITCON GIRLS Malware Analysis
CTF 經驗分享
CTF 經驗分享
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析
關於測試,我說的其實是......
關於測試,我說的其實是......
HITCON GIRLS_惡意程式分析介紹_in 成功大學_by Turkey_2016.04.28
1.
2.
3.
4.
HITCON Pacific HITCON Community HITCON
GIRLS HITCON Training HITCON CTF HITCON ZeroDay HITCON Knowledge Base HITCON FreeTalk
5.
6.
7.
8.
9.
10.
烏雲
11.
12.
惡意程式分析介紹
13.
惡意程式分析⽅式 線上檢測 ⼿動分析 &
14.
https://www.virustotal.com
15.
https://fireeye.ijinshan.com/
16.
17.
常 用 工 具 介 紹 觀察 Process ⾏為: Microsoft
Process Explorer 觀察網路⾏為: TCPView 觀察啟動項: AutoRuns Wireshark
18.
19.
20.
!
21.
ProcessExplorer 下⾴看放⼤圖..
22.
ProcessExplorer
23.
!
24.
TCPView 但 TCPView 無法看歷史連線紀錄,當連線⼀斷,即消失
25.
!
26.
Wireshark
27.
Wireshark
28.
!
29.
Autoruns
30.
31.
分析過程很靠經驗 時間很長, 需要靠經驗讓分析時間越來越短
32.
33.
看雪学院-pediy.com
34.
35.
36.
37.
38.
39.
40.
備份
41.
42.
43.
勒索軟體預防
44.
感謝聆聽
Descargar ahora