控制台弱⼝令,部署webshelll [ 注: 7.x版本后,默认加了防爆机制 ] Jekins CVE-2018-1999002 [任意⽂件读取] 未授权访问,任意命令执⾏ 控制台弱⼝令,任意命令执⾏ ElasticSearch CVE-2014-3120 [专⻔针对⽼版本(⽆沙盒)RCE] CVE-2015-1427 [Groovy RCE] [ y ] CVE-2015-3337 [Shellshock] 各种能快速 getshell 的常规基础 Web 漏洞利⽤ [注: 有些漏洞在不审代码的情况下其实 是很难有效盲测到的] 后台弱⼝令 SSRF sql注⼊ 越权 命令 / 代码执⾏ / 反序列化 任意⽂件上传 / 下载 / 读取 包含 XSS（实际上,XSS只有在针对某些特定邮箱,⼿⾥有浏览器0day时价值才会⽐较⼤,红队场景下其实并不是⾮常致命) 业务逻辑漏洞 此处仅仅只挑选了⼀些实战中真正能协助快速getshell的服务,其它的⼀些相对边缘性的服务均未提及 同样,已按 "实际攻击利⽤的难易程度" 及 "获取到的shell权限⾼低" 为标准进⾏了详细排序 如下,就每个端⼝的具体攻击利⽤⽅式,进⾏了简要说明 Top Port List Mssql [ 默认⼯作在tcp 1433端⼝, 弱⼝令, 敏感账号密码泄露, 提权, 远程执⾏, 后⻔植⼊ ] SMB [

务，所以在每家餐厅中，会部署相应的服务器，及相应IT设 备，本地会运⾏POS、会员、下单等业务。 公司有众多的餐厅⻔店，各个⻔店业务流量不同，⻔店的IT 设备由于城市、开业时间等因素，其型号也不相同，服务 器、应⽤程序分散式部署，给应⽤管理、IT运维、以及先于 ⻔店发现问题，带来了极⼤的挑战。 痛点和挑战 p 如何⾼效的集中监控所有的⻔店？ p 如何度量、发现、治理有 IT 隐患的⻔ 店？ p 如何让总部 IT 先于⻔店发现故障？

that could become an error and will likely trigger an alert 4. Error – error conditions such as API failures, internal issues 5. Fatal – forces a termination iv. Examples of potentially significant Use telemetry to measure outcomes iv. Etsy open-sourced their experimentation framework – Feature API e. INTEGRATE A/B TESTING INTO OUR FEATURE PLANNING i. Product owners should consider each feature

suite becomes the living documentation of the system specification and represent working examples of API use e. DESIGN FOR OPERATIONS THROUGH CODIFIED NON-FUNCTIONAL REQUIREMENTS i. Designing for fast changes through pair programming or code review 3. Instrument the repository to detect suspicious code (API calls from certain types of test code) 4. Ensure every CI process is in an isolated container 5

Coined by Martin Fowler in 2004 ii. Strangler Application 1. Put existing functionality behind an API 2. New functionality implemented in new services with new architecture 3. Make calls to old system