攻防演练中防守方重点知识点整理,旨在方便平时看看,也在需要的时候有一个miniwiki
Hvv蓝队技战法:https://www.freebuf.com/defense/391301.html
3个阶段,4大要点,蓝队防守全流程纲要解读:https://www.aqniu.com/vendor/84950.html
正式开始前的准备工作包括资产梳理、暴露面收敛、安全加固等
攻防演练防守方的战前准备:https://www.sangfor.com.cn/news/9fad5b74fc384baa8d7eebe27b1965a3
做好二十项筹备任务,实战攻防演练获得“先手优势”:https://www.anquanke.com/post/id/290025
红蓝对抗 之 防守阵地的有效建设:https://www.freebuf.com/company-information/239197.html
攻防演练之资产收敛:https://mp.weixin.qq.com/s/sx-YhCb2WT9SQjwY1uF7DA
再谈互联网资产梳理与暴露面收敛:https://www.freebuf.com/articles/web/240393.html
风险收敛加固指南 : 7个维度,30+Checklist:https://www.anquanke.com/post/id/273642
【实用】HW前Linux安全基线检查脚本:https://mp.weixin.qq.com/s/Go5n9iU4ff4lx61YQ_kLXQ
Windows安全加固总结(非常详细):https://blog.csdn.net/Python_0011/article/details/139079448
给蓝队防守方的11个忠告:https://m.freebuf.com/articles/neopoints/374683.html
攻防演练中常见的8种攻击方式及应对指南:https://www.qingteng.cn/think-tank/safety-study/62da497b59bbf700428a4334.html
防守要点与解决方案:https://www.antiy.cn/Special/Drill/20220621.html
零信任安全在攻防演练中的“防御”之道:https://www.deepcloudsdp.com/news/detail6.html
常见Webshell&重大漏洞的流量特征:https://blog.csdn.net/Python_0011/article/details/134326908
攻守道:流量分析的刀光剑影:https://www.freebuf.com/articles/web/253603.html
基于wireshark对基础恶意流量的分析:https://xz.aliyun.com/t/13000
哥斯拉Godzilla加密流量分析:https://www.freebuf.com/sectool/285693.html
哥斯拉流量加解密浅析(jsp篇):https://xz.aliyun.com/t/10556
蚁剑流量分析:https://xz.aliyun.com/t/14162
应急响应实战笔记:https://github.com/Bypass007/Emergency-Response-Notes
应急响应指南:https://github.com/theLSA/emergency-response-checklist
应急响应所有流程:https://github.com/dahailinux/Security-response-process
Windows应急响应:https://wiki.wgpsec.org/knowledge/hw/windows-emergency-response.html
Linux应急响应:https://wiki.wgpsec.org/knowledge/hw/linux-emergency-response.html
Webshell查杀:https://wiki.wgpsec.org/knowledge/hw/kill-webshell.html
玄机应急响应wp:https://xz.aliyun.com/t/14254
浅谈溯源思维:https://www.anquanke.com/post/id/229474
应急响应-应急溯源:https://xz.aliyun.com/t/14197
记对蜜罐的溯源反制研究:https://xz.aliyun.com/t/14317
Mysql蜜罐反制Cobalt Strike:https://xz.aliyun.com/t/11631
HW多人运动溯源及反制指北:https://xz.aliyun.com/t/10268
记对cobalt strike的反制思路研究:https://xz.aliyun.com/t/14464
红蓝对抗系列之浅谈蓝队反制红队的手法一二:https://xz.aliyun.com/t/8385
安全红蓝对抗反制(反捕、画像):https://blog.csdn.net/u012206617/article/details/114581750
防守实战-蜜罐反制之攻击链还原:https://www.freebuf.com/defense/379601.html
红蓝对抗中的溯源反制实战:https://www.secrss.com/articles/27611
蚁剑反制技术:https://blog.csdn.net/Liuzixuan0207/article/details/131426375
反制xray:https://mp.weixin.qq.com/s/cddGshf9zhBK2TJgQi5vVA
反制goby:https://mp.weixin.qq.com/s/EPQZs5eQ4LL--tao93cUfQ
!这里请自己注意验后门,有hash的验一下hash,没有hash的建议看下代码或者放虚拟机跑
DBJ-边界资产梳理工具:https://github.com/wgpsec/DBJ
Windows安全基线核查加固助手:https://github.com/DeEpinGh0st/WindowsBaselineAssistant
Linux系统一键加固:https://github.com/xiaoyunjie/Shell_Script
Shiro反序列化流量自动解密脚本:https://github.com/zev3n/Shiro_decode
常见webshell流量一键解密:https://github.com/Potato-py/webshellDecrypt
哥斯拉JSP和java内存马 全流量解密脚本 :https://github.com/AlphabugX/godzilla_decode
jspWebshell 解密工具:https://github.com/minhangxiaohui/DecodeSomeJSPWebshell
冰蝎流量解密脚本:https://github.com/melody27/behinder_decrypt
CobaltStrike流量解密脚本:https://github.com/5ime/CS_Decrypt
蓝队分析研判工具箱:https://github.com/abc123info/BlueTeamTools
蓝队应急工具:https://github.com/RoomaSec/RmTools
火麒麟-网络安全应急响应工具(系统痕迹采集):https://github.com/MountCloud/FireKylin
TrackAttacker(溯源红队):https://github.com/Bywalks/TrackAttacker
npscrack burp插件(针对nps):https://github.com/weishen250/npscrack
JetBrains系列产品.idea钓鱼反制红队:https://github.com/no-one-sec/idea-project-fish-exploit
伪造webshell钓鱼反制蚁剑:https://github.com/shiyeshu/antSword-UnrealWebshell
- 2021HW参考|防守方经验总结:https://blog.csdn.net/hackzkaq/article/details/114523440
- 记一次HVV实战应急响应:https://www.freebuf.com/articles/web/304131.html
- 记一次应急响应到溯源入侵者:https://www.freebuf.com/articles/web/289450.html
- 记一次HVV真实应急响应与攻击路径溯源:https://cn-sec.com/archives/1093268.html
- 记一次曲折的钓鱼溯源反制:https://xz.aliyun.com/t/11471
- 记一次攻防演练溯源实例:https://www.freebuf.com/articles/web/341334.html
- 记一次蓝队溯源&应急响应:https://www.we2shopping.com/blog/2634630