抓取登录凭证 => 跨平台横向 => ⼊⼝维持 => 数据回 传 => 定期权限维护 0x01 ⼊⼝权限获取 [前期侦察，搜集阶段本身就不存在太多可防御的点，⾮防 御重⼼] 绕CDN找出⽬标所有真实ip段 找⽬标的各种Web管理后台登录⼝ 批量抓取⽬标所有真实C段 Web banner 批量对⽬标所有真实C段 进⾏基础服务端⼝扫描探测识别 尝试⽬标DNS是否允许区域传送,如果不允许则继续尝试⼦域爆破 能正常进⾏的,此处不再赘述 查看当前shell权限 及 详细系统内核版本 获取当前系统的 详细ip配置,包括 所在域, ip, 掩码, ⽹关, 主备 dns ip 获取当前系统最近的⽤户登录记录 获取当前⽤户的所有命令历史记录 [ 主要针对linux,⾥⾯可能包含的有各类敏感账号密码,ip,敏感服务配置... ] 获取本机所有 服务/进程 [包括各个进程的详细权限,也包括⽬标系统中的可疑恶意进程(有可能是同⾏的⻢)]/端 计划任务所对应的执⾏脚本内容 [ 有些执⾏脚本中很可能存的有各种连 接账号密码 ] 获取当前⽤户 桌⾯ 及 回收站 ⾥的所有⽂件列表 获取当前系统的所有存在suid权限的⼆进制程序 获取当前系统代理 [ ip & 端⼝ ] 获取当前系统所有的⾃启动注册表项值 获取当前系统的所有 ipc 连接 及 已启⽤共享 获取当前系统的所有挂载[mount] 获取当前系统的防⽕墙状态 获取当前系统所有分区/盘符及其详细使⽤情况

verify. Key aspects of zero trust at the container level include mutual Transport Layer Security authentication (mTLS), an encrypted communication tunnel between containers, strong identities per Pod using service 5. DCAR for the hardened containers 6. Common Vulnerabilities and Exposures (CVE)Service / host-based security to provide CVEs for the security sidecar container CSIAC Webinars - DoD Enterprise

the method does not consist of simply following a set of prescribed processes, but is designed to allow dynamic, tailored, and rapidly evolving approaches to support each organization’s IT environment. Assessment Areas Consider Traditional Practices and require frequent capability upgrades (<1 year). allow iterative development or lacks the ability to absorb frequent updates. User representatives and large DoD IT programs.1 The key is to dismiss misconceptions about what the acquisition process can allow and challenge the art of the possible. Within a sprint (e.g., one month), the development team designs

Examples of potentially significant events (Gartner’s GTP Security & Risk Management group) 1. Authentication/authorization decisions 2. System and data access 3. System and application changes, especially

• Open discussion - need interactive communication, try crowd-sourcing or positive deviance - allow people to discuss solutions that are already working within the organization itself, rather than They provide structure & coherence as they gain momentum. • Encourage dissent & format debate - allow rigorous review, critique, and drive the best approach • Monitor for emergence - foster creative

metrics observed, investigative paths taken, results, and other resolutions considered 2. Don’t allow fear of punishment or retribution creep in due to words or behaviors – find a facilitator to start or replacement iii. Create “buoys, not boundaries”; navigate the channel, mark the channel, and allow people to explore past it. 1. The marked channel provides safe, supported passage 2. You can go

learning.  we would gauge progress by seeing operational results . Agile and Lean approaches allow teams to quickly put product in the hands of users. This not only delivers value immediately, but might begin the project with a hypothesis of what will best accomplish the objectives, but then allow requirements to change. Based on what we learned, we would re-validate these hypotheses. Oversight

Better Way to Plan: Nevertheless, planning is important. In my role, I need to decide whether to allow an initiative to begin, which of course depends on whether I am satisfied with its plan. I might