– Part 1 & 2 1. Preface xi a. Myth—DevOps is Only for Startups: b. Myth—DevOps Replaces Agile c. Myth—DevOps is incompatible with ITIL d. Myth—DevOps is Incompatible with Information Security and short lead times was small batch sizes of work b. Agile, Continuous Delivery, and the Three Ways 7 c. The First Way: The Principles of Flow 15 i. MAKE OUR WORK VISIBLE 1. A significant difference between the constraint usually follows this progression: a. Environment creation: b. Code deployment: c. Test setup and run: d. Overly tight architecture: iv. ELIMINATE HARDSHIPS AND WASTE IN THE VALUE

Effective practices 1. Blameless post-mortems 2. Controlled introduction of failures for practice c. SCHEDULE BLAMELESS POST-MORTEM MEETINGS AFTER ACCIDENTS OCCUR i. Blameless Post-Mortem – meeting amplify signals to help avert the next catastrophe iii. Michael Roberto, Richard M.J. Bohmer, & Amy C. Edmondson (Harvard Business Review): organizations are typically structured as:1. Standardized Model organization is in direct proportion to the degree to which its policies are expressed as code.” c. CREATE A SINGLE, SHARED SOURCE CODE REPOSITORY FOR OUR ENTIRE ORGANIZATION i. Firm-wide shared source

automated environment build process iii. Environments will be stable, reliable, consistent, & secure c. CREATE OUR SINGLE REPOSITORY OF TRUTH FOR THE ENTIRE SYSTEM i. ALL parts (code & environments) of Delayed feedback fades the cause & effect link of the error; now requires firefighting and archaeology. c. Worst effect – lose the ability to learn from mistakes and diminish integrating that learning into development costs, 140% increase in programs under development, 78% reduction in cost per program c. SMALL BATCH DEVELOPMENT AND WHAT HAPPENS WHEN WE COMMIT CODE TO TRUNK INFREQUENTLY i. Branching Strategies

our monitoring systems need to be more available and scalable than the systems being monitored.” c. CREATE APPLICATION LOGGING TELEMETRY THAT HELPS PRODUCTION i. Dev & Ops create production telemetry metric, configure alerts when metric deviates significantly from mean 4. Repeat for weaker signals c. PROBLEMS THAT ARISE WHEN OUR TELEMETRY DATA HAS NON-GAUSSIAN DISTRIBUTION i. Many operational data new features development – feature is only “done” when it’s performing as expected in production c. HAVE DEVELOPERS FOLLOW WORK DOWNSTREAM i. Contextual Inquiry – product team watches customer use the

0x01 ⼊⼝权限获取 [前期侦察，搜集阶段本身就不存在太多可防御的点，⾮防 御重⼼] 绕CDN找出⽬标所有真实ip段 找⽬标的各种Web管理后台登录⼝ 批量抓取⽬标所有真实C段 Web banner 批量对⽬标所有真实C段 进⾏基础服务端⼝扫描探测识别 尝试⽬标DNS是否允许区域传送,如果不允许则继续尝试⼦域爆破 批量抓取⽬标所有⼦域 Web banner 批量对⽬标所有⼦域集中进⾏基础服务端⼝探测识别 rdp,smb,wmi,powershell....] 各类邮箱登录⽇志 域内敏感攻击利⽤⽇志 [ ⾦票,银票... ] 此项为专业蓝队范畴,不再赘述 ...... 0x13 各类常⽤ C2 / 渗透 框架 CobaltStrike [⼆次开发] payload(beacon) 逆向/改进重写 Metasploit [⼆次开发] ...... 0x14 各类常⽤ Webshell

.................................................................................... 60 Appendix C: Agile Roles and Responsibilities.................................................................. activities, to include the acquisition leadership, contracting, test, Certification and Accreditation (C&A), the user community, external systems, and cost and financial support.11 Figure 5: Potential Agile guidance was not clear. 14. Traditional status tracking does not align with Agile.61 Appendix C: Agile Roles and Responsibilities Program Manager The program manager identifies and sets the vision

https://techfarhub.cio.gov/ Handbook for Procuring Digital Services Using Agile Processes All structures (standard C, IDIQ, BPA, GWAC, set-aside, etc.) can support Lean-Agile contracts All types (FFP, T&M, CPFF, CPAF

accountability? You know the answer: Scrum. Let’s start a few thousand miles west of Washington, D.C., in the Washington state capital, Olympia. There, the past two administrations—first a Republican

increase the capacity of the plant is to increase the capacity of only the bottleneck. Story - NCX-10 n/c machine idle on lunch break, pile of inventory in front of heat treat Jonah: “Whatever is available