說明

在渗透完成之後，為了降低被發現的機率，攻擊者需要將自己的入侵軌跡清除。當然如果時間不夠，目標又有可利用的漏洞，直接作加密勒索一波也是常見的方式。

link.medium.com/ILX1KSadIfb

介紹

這邊列出了藍隊會需要知道的幾個Modules

SIEM的部份主要以Azure Sentinel 跟 ELK來說明

共24個Modules

Modules

• Module 1- Incident Response and Security Operations Fundamentals
• Module 2- TOP 20 Open-source tools every Blue Teamer should have
• Module 3- How to deploy your Elastic Stack (ELK) SIEM
• Module 4- Getting started using Microsoft Azure Sentinel (Cloud-Native SIEM and SOAR)
• Module 5- Hands-on Wazuh Host-based Intrusion Detection System (HIDS) Deployment
• Module 6- Threat Intelligence Fundamentals:
• Module 7- How to Install and use The Hive Project in Incident Management
• Module 8- Incident Response and Threat hunting with OSQuery and Kolide Fleet
• Module 9- How to use the MITRE PRE-ATT&CK framework to enhance your reconnaissance assessments
• Module 10- How to Perform Open Source Intelligence (OSINT) with SpiderFoot
• Module 11- How to perform OSINT with Shodan
• Module 12- Using MITRE ATT&CK to defend against Advanced Persistent Threats
• Module 13- Hands-on Malicious Traffic Analysis with Wireshark
• Module 14- Digital Forensics Fundamentals
• Module 15- How to Perform Static Malware Analysis with Radare2
• Module 16- How to use Yara rules to detect malware
• Module 17- Getting started with IDA Pro
• Module 18- Getting Started with Reverse Engineering using Ghidra
• Module 19- How to Perform Memory Analysis
• Module 20- Red Teaming Attack Simulation with “Atomic Red Team”
• Module 21- How to build a Machine Learning Intrusion Detection system
• Module 22- Azure Sentinel - Process Hollowing (T1055.012) Analysis
• Module 23- Azure Sentinel - Send Events with Filebeat and Logstash
• Module 24- Azure Sentinel - Using Custom Logs and DNSTwist to Monitor Malicious Similar Domains

延伸閱讀

• [轉]病毒分析教學 Malware-Analysis-Training
• 病毒相關名詞
• 勒索病毒IR
• 工具介紹-osquery

文章連結

www.blueteamsacademy.com/

說明

在密碼噴濺攻擊中，攻擊者會使用許多不同帳戶與服務中最常見的密碼，去嘗試存取任何他們能找到的密碼保護資產。這些攻擊通常可能橫跨許多不同組織和識別提供者。舉例來說，攻擊者會使用 Mailsniper 這類容易取得的工具組去羅列出數個組織中的所有使用者，然後嘗試用「P@$$w0rd」和「Password1」去登入這些帳戶。

介紹

A FREE comprehensive reverse engineering course covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

網頁連結

https://github.com/mytechnotalent/Reverse-Engineering?fbclid=IwAR0xlXSnR5zyRNEmQ2B2PRD3mLjL59ynh0zsYr7lj2UD8rOG5w1-FHsPDN4

介紹

OSCP是有名的滲透證照，以下為網路上有人分享OSCP心得。

文章連結

https://lonelysec.com/offensive-security-certified-professional-oscp-%E8%80%83%E8%A9%A6%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB/

延伸閱讀

• The Journey to Try Harder: TJnull’s Preparation Guide for PWK/OSCP | NetSec Focus
• 建立Metasploitable 滲透練習Lab
• Redteam-紅隊作戰執行手冊
• RedTeam攻擊技巧和安全防禦