介紹 This is the first part of the Blue Team Operations — Technical Series where we discuss how SOC operates in corporate world. In this article we try to understand SOC from a CISO and Management point-of-view. In the upcoming stories, we shall deep-dive into how to perform incident response, investigations and triage different types of cyber security incident from a SOC analyst point-of-view. So Stay Tuned! 文章

說明 MDR EDR EPP XDR在國內近期相當的常聽到，但不是所有人都知道是什麼，以下是簡單的名詞解釋。 EDR：Endpoint Detection and Response 故名思意針對端點還的行

一些攻擊手法 https://www.anquanke.com/post/id/239640

說明 反向代理 Reverse Proxy顧名思意，是相較Proxy的行為反向執行。代替Server將請求回傳給Client。 也就是說Client端所請求的對

WSUS是windows提供更新管理的Server 影片說明 https://www.youtube.com/watch?v=Yv0qjxdX5yw 文章連結 https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus https://blog.xuite.net/tolarku/blog/194558299-%E5%BB%BA%E7%AB%8B%E8%87%AA%E5%AE%B6%E7%9A%84+Windows+Update+Server+-+WSUS+ 相關攻擊手法 https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus/

PsExec：執行遠端電腦上的指令 PsExec最主要的功能就是啟動遠端電腦上的命令式批次指令，或是Regedit等特定的系統工具程式。舉例來