CN109587137A - The method and apparatus for escaping C&C detection based on github - Google Patents
The method and apparatus for escaping C&C detection based on github Download PDFInfo
- Publication number
- CN109587137A CN109587137A CN201811477077.2A CN201811477077A CN109587137A CN 109587137 A CN109587137 A CN 109587137A CN 201811477077 A CN201811477077 A CN 201811477077A CN 109587137 A CN109587137 A CN 109587137A
- Authority
- CN
- China
- Prior art keywords
- file
- encryption
- title
- controlled terminal
- implementing result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides the method and apparatus for escaping C&C detection based on github, are applied to github platform, comprising: receive the solicited message that control terminal is sent;The first file is created according to solicited message;First file is encrypted, the first file encrypted;First file of encryption is sent to controlled terminal, so that the first file of encryption is decrypted controlled terminal, the first file is obtained, and execute the solicited message in the first file, obtains implementing result, and encrypt to implementing result;Receive the implementing result for the encryption that controlled terminal is sent, and the second file is created according to the implementing result of encryption, so that the second file of encryption is decrypted in control terminal, and check the implementing result of the second file, to using github platform as WEB service, sensitive data is avoided to be monitored to, it is highly-safe.
Description
Technical field
The present invention relates to technical field of network security, more particularly, to based on github the method for escaping C&C detection and
Device.
Background technique
Possess in the highly safe network environments such as data on flows abnormality detection, machine learning detection some, utilizes biography
System TCP (Transmission Control Protocol, transmission control protocol) or DNS (Domain Name System,
Domain name system) send sensitive data when, usually using public WEB service be used as C2 domain name, use these public WEB services
When, sensitive data is easy to be monitored to, and safety is poor.
Summary of the invention
In view of this, the purpose of the present invention is to provide the method and apparatus for escaping C&C detection based on github, it will
Github platform avoids sensitive data from being monitored to as WEB service, highly-safe.
In a first aspect, being applied to github the embodiment of the invention provides the method for escaping C&C detection based on github
Platform, which comprises
Receive the solicited message that control terminal is sent;
The first file is created according to the solicited message;
First file is encrypted, the first file encrypted;
First file of the encryption is sent to controlled terminal so that the controlled terminal by the first file of the encryption into
Row decryption, obtains first file, and execute the solicited message in first file, obtains implementing result, and right
The implementing result is encrypted;
The implementing result for the encryption that the controlled terminal is sent is received, and according to the second text of the implementing result of encryption creation
Part so that the second file of the encryption is decrypted in the control terminal, and checks the execution knot of second file
Fruit.
Further, the solicited message includes control command information, and first file includes the first suffix title, institute
It states and the first file of the encryption is sent to controlled terminal, so that the controlled terminal solves the first file of the encryption
It is close, first file is obtained, and execute the solicited message in first file, obtains implementing result, and to described
Implementing result is encrypted, comprising:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is from the first file of the encryption
The file for searching the first suffix title of encryption, if the file of the first suffix title of the encryption is found, to described
The file of first suffix title of encryption is decrypted, and obtains the file of the first suffix title, and execute first suffix name
The control command information in the file of title obtains the implementing result, and encrypts to the implementing result.
Further, the solicited message includes screenshot capture command information, and first file includes the second suffix name
Claim, it is described that first file of the encryption is sent to controlled terminal so that the controlled terminal by the first file of the encryption into
Row decryption, obtains first file, and execute the solicited message in first file, obtains implementing result, and right
The implementing result is encrypted, comprising:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is from the first file of the encryption
The file for searching the second suffix title of encryption, if the file of the second suffix title of the encryption is found, to described
The file of second suffix title of encryption is decrypted, and obtains the file of the second suffix title, and execute second suffix name
The screenshot capture command information in the file of title obtains picture content information, and adds to the picture content information
It is close.
Further, second file includes prefix title, the method also includes:
Receive the on-line time information for the update that the controlled terminal is sent;
The on-line time information of the update is stored in the second file of the encryption, so that the control terminal is from institute
The file that the prefix title of encryption is searched in the second file of encryption is stated, if finding the text of the prefix title of the encryption
Part is then decrypted the file of the prefix title of the encryption, obtains the file of prefix title, to obtain the prefix name
The on-line time information of the update in the file of title.
Further, the on-line time information of the update is to be updated by the controlled terminal to on-line time information
It obtains.
Second aspect, the embodiment of the invention provides the devices for escaping C&C detection based on github, are applied to github
Platform, described device include:
First receiving unit, for receiving the solicited message of control terminal transmission;
Creating unit, for creating the first file according to the solicited message;
Encryption unit, for first file to be encrypted, the first file encrypted;
First processing units, for the first file of the encryption to be sent to controlled terminal, so that the controlled terminal is by institute
The first file for stating encryption is decrypted, and obtains first file, and executes the solicited message in first file,
Implementing result is obtained, and the implementing result is encrypted;
The second processing unit, for receiving the implementing result for the encryption that the controlled terminal is sent, and according to the encryption
Implementing result creates the second file, so that the second file of the encryption is decrypted in the control terminal, and checks described the
The implementing result of two files.
Further, the solicited message includes control command information, and first file includes the first suffix title, institute
Stating first processing units includes:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is from the first file of the encryption
The file for searching the first suffix title of encryption, if the file of the first suffix title of the encryption is found, to described
The file of first suffix title of encryption is decrypted, and obtains the file of the first suffix title, and execute first suffix name
The control command information in the file of title obtains the implementing result, and encrypts to the implementing result.
Further, the solicited message includes screenshot capture command information, and first file includes the second suffix name
Claim, the first processing units include:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is from the first file of the encryption
The file for searching the second suffix title of encryption, if the file of the second suffix title of the encryption is found, to described
The file of second suffix title of encryption is decrypted, and obtains the file of the second suffix title, and execute second suffix name
The screenshot capture command information in the file of title obtains picture content information, and adds to the picture content information
It is close.
Further, second file includes prefix title, described device further include:
Second receiving unit, for receiving the on-line time information for the update that the controlled terminal is sent;
Third processing unit, for the on-line time information of the update to be stored in the second file of the encryption,
So that the control terminal searches the file of the prefix title of encryption from the second file of the encryption, if finding described add
The file of close prefix title is then decrypted the file of the prefix title of the encryption, obtains the file of prefix title, from
And obtain the on-line time information of the update in the file of the prefix title.
Further, the on-line time information of the update is to be updated by the controlled terminal to on-line time information
It obtains.
It is flat applied to github the embodiment of the invention provides the method and apparatus for escaping C&C detection based on github
Platform, comprising: receive the solicited message that control terminal is sent;The first file is created according to solicited message;First file is encrypted,
The first file encrypted;First file of encryption is sent to controlled terminal so that controlled terminal by the first file of encryption into
Row decryption obtains the first file, and executes the solicited message in the first file, obtains implementing result, and carry out to implementing result
Encryption;The implementing result for the encryption that controlled terminal is sent is received, and the second file is created according to the implementing result of encryption, so that control
The second file of encryption is decrypted in end, and checks the implementing result of the second file, to take github platform as WEB
Business, avoids sensitive data from being monitored to, highly-safe.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification, claims
And specifically noted structure is achieved and obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the method flow diagram for escaping C&C detection based on github that the embodiment of the present invention one provides;
Fig. 2 is another method flow diagram for escaping C&C detection based on github that the embodiment of the present invention one provides;
Fig. 3 is the schematic device provided by Embodiment 2 of the present invention that escape C&C detection based on github;
Fig. 4 is another schematic device for escaping C&C detection based on github provided by Embodiment 2 of the present invention.
Icon:
The first receiving unit of 10-;20- creating unit;30- encryption unit;40- first processing units;50- second processing list
Member;The second receiving unit of 60-;70- third processing unit.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
To be described in detail to the embodiment of the present invention below convenient for understanding the present embodiment.
Embodiment one:
Fig. 1 is the method flow diagram for escaping C&C detection based on github that the embodiment of the present invention one provides.
Referring to Fig.1, being applied to github platform generally will use the source on github platform in some software developments
Code, and the API of github platform is easy to accomplish as C2, it is at low cost.Wherein, C2 or C&C (Command and
Control), it is server for sending control instruction;Github platform is the trustship towards open source and privately owned software project
Platform.
On github platform, user needs to carry out anonymous authentication, obtains account and password, passes through account and password login
It is for distinguishing the unique of user identity that github platform, which includes parameter access tokens, access tokens in account,
Mark.
The setting up procedure of access tokens is as follows: entering developer's setting page after logging in github platform, increases newly
Token after generating new token, can be used for accessing all API (Application Programming
Interface, application programming interface).The API of github platform is as shown in table 1:
Table 1
In Fig. 1, executing subject is github platform, method includes the following steps:
Step S101 receives the solicited message that control terminal is sent;
Step S102 creates the first file according to solicited message;
Step S103 encrypts the first file, the first file encrypted;
First file of encryption is sent to controlled terminal by step S104, so that controlled terminal carries out the first file of encryption
Decryption obtains the first file, and executes the solicited message in the first file, obtains implementing result, and add to implementing result
It is close;
Step S105 receives the implementing result for the encryption that controlled terminal is sent, and according to the implementing result of encryption creation second
File so that the second file of encryption is decrypted in control terminal, and checks the implementing result of the second file.
Here, controlled terminal and control terminal can be user terminal.
Further, solicited message includes control command information, and the first file includes the first suffix title, step S104 packet
It includes:
First file of encryption is sent to controlled terminal, so that controlled terminal searches the of encryption from the first file of encryption
The file of one suffix title, if finding the file of the first suffix title of encryption, to the first suffix title of encryption
File is decrypted, and obtains the file of the first suffix title, and the control command information in the file of the first suffix title of execution,
Implementing result is obtained, and implementing result is encrypted.
Specifically, controlled terminal sends control command information to github platform, and github platform is according to control command information
The first file agent1.cmd.1 the serial number of (1 be the current command) is created, and the first file is encrypted, the encrypted
One file, also, the document content information in the first file is also required to encrypt.Then the first file of encryption is sent to controlled
End, controlled terminal search the text of the entitled cmd. serial number of the first suffix of encryption from the first file agent1.cmd.1 of encryption
Part is decrypted the file of the entitled cmd. serial number of the first suffix of encryption, obtains the text of cmd. serial number if found
The file of part, cmd. serial number executes control command information, obtains implementing result, and encrypt to implementing result, is encrypted
Implementing result.
The implementing result of encryption is sent to github platform, github platform is according to the implementing result of encryption creation second
File, control terminal can check the second file every preset time, and the implementing result of encryption is decrypted, and obtain executing knot
Fruit, to export implementing result.
Further, solicited message includes screenshot capture command information, and the first file includes the second suffix title, step
S104 includes:
First file of encryption is sent to controlled terminal, so that controlled terminal searches the of encryption from the first file of encryption
The file of two suffix titles, if finding the file of the second suffix title of encryption, to the second suffix title of encryption
File is decrypted, and obtains the file of the second suffix title, and the screenshot capture order in the file of the second suffix title of execution
Information obtains picture content information, and encrypts to picture content information.
Specifically, controlled terminal sends screenshot capture command information to github platform, and github platform is according to screenshot capture
Command information creates the first file agent1.screen.1, and encrypts to the first file, the first file encrypted,
Also, the document content information in the first file is also required to encrypt.Then the first file of encryption is sent to controlled terminal, be controlled
The file of the entitled screen of the second suffix of encryption is searched at end from the first file agent1.screen.1 of encryption, if
It finds, then the file of the entitled screen of the second suffix of encryption is decrypted, obtains the file of screen, screen's
File executes screenshot capture command information, obtains picture content information, and encrypt to picture content information, is encrypted
Picture content information.
The picture content information of encryption is sent to github platform, github platform is according to the picture content information of encryption
The second file is created, control terminal can check the second file every preset time, and the picture content information of encryption is decrypted,
Picture content information is obtained, to export picture content information.
The implementation procedure of control command information and the implementation procedure of screenshot capture command information, are all to be with github platform
Medium realizes the purpose for obtaining sensitive information, to improve the safety of network.
Further, the second file includes third suffix title, and referring to Fig. 2, this method is further comprising the steps of:
Step S201 receives the on-line time information for the update that controlled terminal is sent;
Here, controlled terminal at runtime, creates a warehouse on github platform, and creation one is corresponding under warehouse
File, this document can be character string file, and the basic information including controlled terminal, the basic information of controlled terminal includes on-line time
With the name information of controlled terminal etc..On-line time requires to update at regular intervals, and controlled terminal can be updated with the current time
Fall the on-line time in ancient deed.Access API interval time can be randomized, and if it is fixed interval time, be easy quilt
Security model is identified as C2 domain name.
The on-line time information of update is stored in the second file of encryption by step S202, so that control terminal is from encryption
The second file in search encryption prefix title file, if the file of the prefix title of encryption is found, to encryption
The file of prefix title be decrypted, the file of prefix title is obtained, to obtain the update in the file of prefix title
On-line time information.
Specifically, controlled terminal after on-line time information update, will obtain updating on-line time, and by the on-line time of update
It is stored in the warehouse on github platform, control terminal can obtain the second text of all encryptions under warehouse every preset time
Part filters out the file of the entitled agent of prefix of encryption, after decryption, obtains the update in the file of the entitled agent of prefix
The basic informations such as on-line time information.
Further, the on-line time information of update is to be updated by controlled terminal to on-line time information.
The embodiment of the invention provides the methods for escaping C&C detection based on github, are applied to github platform, packet
It includes: receiving the solicited message that control terminal is sent;The first file is created according to solicited message;First file is encrypted, is obtained
First file of encryption;First file of encryption is sent to controlled terminal, so that controlled terminal solves the first file of encryption
It is close, the first file is obtained, and execute the solicited message in the first file, obtains implementing result, and encrypt to implementing result;
The implementing result for the encryption that controlled terminal is sent is received, and the second file is created according to the implementing result of encryption, so that control terminal pair
Second file of encryption is decrypted, and checks the implementing result of the second file, thus using github platform as WEB service,
Sensitive data is avoided to be monitored to, it is highly-safe.
Embodiment two:
Fig. 3 is the schematic device provided by Embodiment 2 of the present invention that escape C&C detection based on github.
Referring to Fig. 3, it is applied to github platform, which includes:
First receiving unit 10, for receiving the solicited message of control terminal transmission;
Creating unit 20, for creating the first file according to solicited message;
Encryption unit 30, for the first file to be encrypted, the first file encrypted;
First processing units 40, the first file for that will encrypt are sent to controlled terminal, so that controlled terminal is by the of encryption
One file is decrypted, and obtains the first file, and execute the solicited message in the first file, obtains implementing result, and to execution
As a result it is encrypted;
The second processing unit 50, the implementing result of the encryption for receiving controlled terminal transmission, and according to the execution knot of encryption
Fruit creates the second file, so that the second file of encryption is decrypted in control terminal, and checks the implementing result of the second file.
Further, solicited message includes control command information, and the first file includes the first suffix title, and the first processing is single
First 40 include:
First file of encryption is sent to controlled terminal, so that controlled terminal searches the of encryption from the first file of encryption
The file of one suffix title, if finding the file of the first suffix title of encryption, to the first suffix title of encryption
File is decrypted, and obtains the file of the first suffix title, and the control command information in the file of the first suffix title of execution,
Implementing result is obtained, and implementing result is encrypted.
Further, solicited message includes screenshot capture command information, and the first file includes the second suffix title, at first
Managing unit 40 includes:
First file of encryption is sent to controlled terminal, so that controlled terminal searches the of encryption from the first file of encryption
The file of two suffix titles, if finding the file of the second suffix title of encryption, to the second suffix title of encryption
File is decrypted, and obtains the file of the second suffix title, and the screenshot capture order in the file of the second suffix title of execution
Information obtains picture content information, and encrypts to picture content information.
Further, the second file includes prefix title, referring to Fig. 4, the device further include:
Second receiving unit 60, the on-line time information of the update for receiving controlled terminal transmission;
Third processing unit 70, for the on-line time information of update to be stored in the second file of encryption, so that control
The file of the prefix title of encryption is searched at end processed from the second file of encryption, if finding the text of the prefix title of encryption
Part is then decrypted the file of the prefix title of encryption, obtains the file of prefix title, to obtain the file of prefix title
In update on-line time information.
Further, the on-line time information of update is to be updated by controlled terminal to on-line time information.
The embodiment of the invention provides the devices for escaping C&C detection based on github, are applied to github platform, packet
It includes: receiving the solicited message that control terminal is sent;The first file is created according to solicited message;First file is encrypted, is obtained
First file of encryption;First file of encryption is sent to controlled terminal, so that controlled terminal solves the first file of encryption
It is close, the first file is obtained, and execute the solicited message in the first file, obtains implementing result, and encrypt to implementing result;
The implementing result for the encryption that controlled terminal is sent is received, and the second file is created according to the implementing result of encryption, so that control terminal pair
Second file of encryption is decrypted, and checks the implementing result of the second file, thus using github platform as WEB service,
Sensitive data is avoided to be monitored to, it is highly-safe.
The embodiment of the present invention also provides a kind of electronic equipment, including memory, processor and storage are on a memory and can
The computer program run on a processor, processor realize provided by the above embodiment be based on when executing computer program
The step of method for escaping C&C detection of github.
The embodiment of the present invention also provides a kind of computer readable storage medium, and meter is stored on computer readable storage medium
Calculation machine program executes the side for escaping C&C detection based on github of above-described embodiment when computer program is run by processor
The step of method.
Computer program product provided by the embodiment of the present invention, the computer-readable storage including storing program code
Medium, the instruction that said program code includes can be used for executing previous methods method as described in the examples, and specific implementation can be joined
See embodiment of the method, details are not described herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical",
The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to
Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation,
It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ",
" third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art
In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention
Within the scope of.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.
Claims (10)
1. a kind of method for escaping C&C detection based on github, which is characterized in that be applied to github platform, the method
Include:
Receive the solicited message that control terminal is sent;
The first file is created according to the solicited message;
First file is encrypted, the first file encrypted;
First file of the encryption is sent to controlled terminal, so that the controlled terminal solves the first file of the encryption
It is close, first file is obtained, and execute the solicited message in first file, obtains implementing result, and to described
Implementing result is encrypted;
The implementing result for the encryption that the controlled terminal is sent is received, and the second file is created according to the implementing result of the encryption,
So that the second file of the encryption is decrypted in the control terminal, and check the implementing result of second file.
2. the method according to claim 1 that escape C&C detection based on github, which is characterized in that the request letter
Breath includes control command information, and first file includes the first suffix title, and first file by the encryption is sent
To controlled terminal, so that the first file of the encryption is decrypted the controlled terminal, first file is obtained, and execute institute
The solicited message in the first file is stated, obtains implementing result, and encrypt to the implementing result, comprising:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is searched from the first file of the encryption
The file of first suffix title of encryption, if the file of the first suffix title of the encryption is found, to the encryption
The file of the first suffix title be decrypted, obtain the file of the first suffix title, and execute the first suffix title
The control command information in file obtains the implementing result, and encrypts to the implementing result.
3. the method according to claim 1 that escape C&C detection based on github, which is characterized in that the request letter
Breath includes screenshot capture command information, and first file includes the second suffix title, first file by the encryption
It is sent to controlled terminal, so that the first file of the encryption is decrypted the controlled terminal, obtains first file, and hold
The solicited message in row first file, obtains implementing result, and encrypt to the implementing result, comprising:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is searched from the first file of the encryption
The file of second suffix title of encryption, if the file of the second suffix title of the encryption is found, to the encryption
The file of the second suffix title be decrypted, obtain the file of the second suffix title, and execute the second suffix title
The screenshot capture command information in file obtains picture content information, and encrypts to the picture content information.
4. the method according to claim 1 that escape C&C detection based on github, which is characterized in that second text
Part includes prefix title, the method also includes:
Receive the on-line time information for the update that the controlled terminal is sent;
The on-line time information of the update is stored in the second file of the encryption, so that the control terminal adds from described
The file of the prefix title of encryption is searched in the second close file, if finding the file of the prefix title of the encryption,
The file of the prefix title of the encryption is decrypted, the file of prefix title is obtained, to obtain the prefix title
The on-line time information of the update in file.
5. the method according to claim 4 that escape C&C detection based on github, which is characterized in that the update
On-line time information is to be updated by the controlled terminal to on-line time information.
6. a kind of device for escaping C&C detection based on github, which is characterized in that be applied to github platform, described device
Include:
First receiving unit, for receiving the solicited message of control terminal transmission;
Creating unit, for creating the first file according to the solicited message;
Encryption unit, for first file to be encrypted, the first file encrypted;
First processing units, for the first file of the encryption to be sent to controlled terminal, so that the controlled terminal described will add
The first close file is decrypted, and obtains first file, and executes the solicited message in first file, obtains
Implementing result, and the implementing result is encrypted;
The second processing unit, for receiving the implementing result for the encryption that the controlled terminal is sent, and according to the execution of the encryption
As a result the second file is created, so that the second file of the encryption is decrypted in the control terminal, and checks second text
The implementing result of part.
7. the device according to claim 6 that escape C&C detection based on github, which is characterized in that the request letter
Breath includes control command information, and first file includes the first suffix title, and the first processing units include:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is searched from the first file of the encryption
The file of first suffix title of encryption, if the file of the first suffix title of the encryption is found, to the encryption
The file of the first suffix title be decrypted, obtain the file of the first suffix title, and execute the first suffix title
The control command information in file obtains the implementing result, and encrypts to the implementing result.
8. the device according to claim 6 that escape C&C detection based on github, which is characterized in that the request letter
Breath includes screenshot capture command information, and first file includes the second suffix title, and the first processing units include:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is searched from the first file of the encryption
The file of second suffix title of encryption, if the file of the second suffix title of the encryption is found, to the encryption
The file of the second suffix title be decrypted, obtain the file of the second suffix title, and execute the second suffix title
The screenshot capture command information in file obtains picture content information, and encrypts to the picture content information.
9. the device according to claim 6 that escape C&C detection based on github, which is characterized in that second text
Part includes prefix title, described device further include:
Second receiving unit, for receiving the on-line time information for the update that the controlled terminal is sent;
Third processing unit, for the on-line time information of the update to be stored in the second file of the encryption, so that
The control terminal searches the file of the prefix title of encryption from the second file of the encryption, if finding the encryption
The file of prefix title is then decrypted the file of the prefix title of the encryption, obtains the file of prefix title, to obtain
Take the on-line time information of the update in the file of the prefix title.
10. the device according to claim 9 that escape C&C detection based on github, which is characterized in that the update
On-line time information is to be updated by the controlled terminal to on-line time information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811477077.2A CN109587137B (en) | 2018-12-04 | 2018-12-04 | Method and device for escape C & C detection based on github |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811477077.2A CN109587137B (en) | 2018-12-04 | 2018-12-04 | Method and device for escape C & C detection based on github |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109587137A true CN109587137A (en) | 2019-04-05 |
CN109587137B CN109587137B (en) | 2021-06-29 |
Family
ID=65926168
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811477077.2A Active CN109587137B (en) | 2018-12-04 | 2018-12-04 | Method and device for escape C & C detection based on github |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109587137B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070178891A1 (en) * | 2006-01-30 | 2007-08-02 | Louch John O | Remote control of electronic devices |
CN103678993A (en) * | 2013-11-26 | 2014-03-26 | 小米科技有限责任公司 | Method and device controlling terminal |
CN104486321A (en) * | 2014-12-11 | 2015-04-01 | 上海斐讯数据通信技术有限公司 | Web data interaction method and system and corresponding Web server |
CN104811444A (en) * | 2015-04-02 | 2015-07-29 | 谢杰涛 | Secure cloud control method and system |
-
2018
- 2018-12-04 CN CN201811477077.2A patent/CN109587137B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070178891A1 (en) * | 2006-01-30 | 2007-08-02 | Louch John O | Remote control of electronic devices |
CN103678993A (en) * | 2013-11-26 | 2014-03-26 | 小米科技有限责任公司 | Method and device controlling terminal |
CN104486321A (en) * | 2014-12-11 | 2015-04-01 | 上海斐讯数据通信技术有限公司 | Web data interaction method and system and corresponding Web server |
CN104811444A (en) * | 2015-04-02 | 2015-07-29 | 谢杰涛 | Secure cloud control method and system |
Also Published As
Publication number | Publication date |
---|---|
CN109587137B (en) | 2021-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9843578B2 (en) | Mobile security fob | |
CN106471783B (en) | Via the business system certification and authorization of gateway | |
US9531714B2 (en) | Enterprise authentication via third party authentication support | |
US10904218B2 (en) | Secure proxy to protect private data | |
EP2191610B1 (en) | Software based multi-channel polymorphic data obfuscation | |
CN108462710B (en) | Authentication and authorization method, device, authentication server and machine-readable storage medium | |
CN103065178B (en) | A kind of Quick Response Code sharing apparatus, access means and sharing method | |
US10142308B1 (en) | User authentication | |
US20170085567A1 (en) | System and method for processing task resources | |
TW201407378A (en) | Efficient data transfer for cloud storage by centralized management of access tokens | |
CN106105090A (en) | Session is utilized to share automated log on and publish session | |
CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
JP2011238036A (en) | Authentication system, single sign-on system, server device and program | |
CN102624687A (en) | Networking program user authentication method based on mobile terminal | |
CN111683370B (en) | Access authentication method, device and system of wireless network equipment | |
JP2011215753A (en) | Authentication system and authentication method | |
CN109302397B (en) | Network security management method, platform and computer readable storage medium | |
CN109542862A (en) | For controlling the methods, devices and systems of the carry of file system | |
US8775614B2 (en) | Monitoring remote access to an enterprise network | |
JP2005092614A (en) | Biometrics system, program, and information storage medium | |
CN113051035A (en) | Remote control method, device and system and host machine | |
CN109587137A (en) | The method and apparatus for escaping C&C detection based on github | |
CN107508838A (en) | A kind of access control method, device and system | |
Horalek et al. | Cybersecurity analysis of IoT networks | |
JP2016162278A (en) | Access relay device, information processing method, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |