CN109587137A - The method and apparatus for escaping C&C detection based on github - Google Patents

The method and apparatus for escaping C&C detection based on github Download PDF

Info

Publication number
CN109587137A
CN109587137A CN201811477077.2A CN201811477077A CN109587137A CN 109587137 A CN109587137 A CN 109587137A CN 201811477077 A CN201811477077 A CN 201811477077A CN 109587137 A CN109587137 A CN 109587137A
Authority
CN
China
Prior art keywords
file
encryption
title
controlled terminal
implementing result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811477077.2A
Other languages
Chinese (zh)
Other versions
CN109587137B (en
Inventor
梅高海
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201811477077.2A priority Critical patent/CN109587137B/en
Publication of CN109587137A publication Critical patent/CN109587137A/en
Application granted granted Critical
Publication of CN109587137B publication Critical patent/CN109587137B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides the method and apparatus for escaping C&C detection based on github, are applied to github platform, comprising: receive the solicited message that control terminal is sent;The first file is created according to solicited message;First file is encrypted, the first file encrypted;First file of encryption is sent to controlled terminal, so that the first file of encryption is decrypted controlled terminal, the first file is obtained, and execute the solicited message in the first file, obtains implementing result, and encrypt to implementing result;Receive the implementing result for the encryption that controlled terminal is sent, and the second file is created according to the implementing result of encryption, so that the second file of encryption is decrypted in control terminal, and check the implementing result of the second file, to using github platform as WEB service, sensitive data is avoided to be monitored to, it is highly-safe.

Description

The method and apparatus for escaping C & C detection based on github
Technical field
The present invention relates to technical field of network security, more particularly, to based on github the method for escaping C&C detection and Device.
Background technique
Possess in the highly safe network environments such as data on flows abnormality detection, machine learning detection some, utilizes biography System TCP (Transmission Control Protocol, transmission control protocol) or DNS (Domain Name System, Domain name system) send sensitive data when, usually using public WEB service be used as C2 domain name, use these public WEB services When, sensitive data is easy to be monitored to, and safety is poor.
Summary of the invention
In view of this, the purpose of the present invention is to provide the method and apparatus for escaping C&C detection based on github, it will Github platform avoids sensitive data from being monitored to as WEB service, highly-safe.
In a first aspect, being applied to github the embodiment of the invention provides the method for escaping C&C detection based on github Platform, which comprises
Receive the solicited message that control terminal is sent;
The first file is created according to the solicited message;
First file is encrypted, the first file encrypted;
First file of the encryption is sent to controlled terminal so that the controlled terminal by the first file of the encryption into Row decryption, obtains first file, and execute the solicited message in first file, obtains implementing result, and right The implementing result is encrypted;
The implementing result for the encryption that the controlled terminal is sent is received, and according to the second text of the implementing result of encryption creation Part so that the second file of the encryption is decrypted in the control terminal, and checks the execution knot of second file Fruit.
Further, the solicited message includes control command information, and first file includes the first suffix title, institute It states and the first file of the encryption is sent to controlled terminal, so that the controlled terminal solves the first file of the encryption It is close, first file is obtained, and execute the solicited message in first file, obtains implementing result, and to described Implementing result is encrypted, comprising:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is from the first file of the encryption The file for searching the first suffix title of encryption, if the file of the first suffix title of the encryption is found, to described The file of first suffix title of encryption is decrypted, and obtains the file of the first suffix title, and execute first suffix name The control command information in the file of title obtains the implementing result, and encrypts to the implementing result.
Further, the solicited message includes screenshot capture command information, and first file includes the second suffix name Claim, it is described that first file of the encryption is sent to controlled terminal so that the controlled terminal by the first file of the encryption into Row decryption, obtains first file, and execute the solicited message in first file, obtains implementing result, and right The implementing result is encrypted, comprising:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is from the first file of the encryption The file for searching the second suffix title of encryption, if the file of the second suffix title of the encryption is found, to described The file of second suffix title of encryption is decrypted, and obtains the file of the second suffix title, and execute second suffix name The screenshot capture command information in the file of title obtains picture content information, and adds to the picture content information It is close.
Further, second file includes prefix title, the method also includes:
Receive the on-line time information for the update that the controlled terminal is sent;
The on-line time information of the update is stored in the second file of the encryption, so that the control terminal is from institute The file that the prefix title of encryption is searched in the second file of encryption is stated, if finding the text of the prefix title of the encryption Part is then decrypted the file of the prefix title of the encryption, obtains the file of prefix title, to obtain the prefix name The on-line time information of the update in the file of title.
Further, the on-line time information of the update is to be updated by the controlled terminal to on-line time information It obtains.
Second aspect, the embodiment of the invention provides the devices for escaping C&C detection based on github, are applied to github Platform, described device include:
First receiving unit, for receiving the solicited message of control terminal transmission;
Creating unit, for creating the first file according to the solicited message;
Encryption unit, for first file to be encrypted, the first file encrypted;
First processing units, for the first file of the encryption to be sent to controlled terminal, so that the controlled terminal is by institute The first file for stating encryption is decrypted, and obtains first file, and executes the solicited message in first file, Implementing result is obtained, and the implementing result is encrypted;
The second processing unit, for receiving the implementing result for the encryption that the controlled terminal is sent, and according to the encryption Implementing result creates the second file, so that the second file of the encryption is decrypted in the control terminal, and checks described the The implementing result of two files.
Further, the solicited message includes control command information, and first file includes the first suffix title, institute Stating first processing units includes:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is from the first file of the encryption The file for searching the first suffix title of encryption, if the file of the first suffix title of the encryption is found, to described The file of first suffix title of encryption is decrypted, and obtains the file of the first suffix title, and execute first suffix name The control command information in the file of title obtains the implementing result, and encrypts to the implementing result.
Further, the solicited message includes screenshot capture command information, and first file includes the second suffix name Claim, the first processing units include:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is from the first file of the encryption The file for searching the second suffix title of encryption, if the file of the second suffix title of the encryption is found, to described The file of second suffix title of encryption is decrypted, and obtains the file of the second suffix title, and execute second suffix name The screenshot capture command information in the file of title obtains picture content information, and adds to the picture content information It is close.
Further, second file includes prefix title, described device further include:
Second receiving unit, for receiving the on-line time information for the update that the controlled terminal is sent;
Third processing unit, for the on-line time information of the update to be stored in the second file of the encryption, So that the control terminal searches the file of the prefix title of encryption from the second file of the encryption, if finding described add The file of close prefix title is then decrypted the file of the prefix title of the encryption, obtains the file of prefix title, from And obtain the on-line time information of the update in the file of the prefix title.
Further, the on-line time information of the update is to be updated by the controlled terminal to on-line time information It obtains.
It is flat applied to github the embodiment of the invention provides the method and apparatus for escaping C&C detection based on github Platform, comprising: receive the solicited message that control terminal is sent;The first file is created according to solicited message;First file is encrypted, The first file encrypted;First file of encryption is sent to controlled terminal so that controlled terminal by the first file of encryption into Row decryption obtains the first file, and executes the solicited message in the first file, obtains implementing result, and carry out to implementing result Encryption;The implementing result for the encryption that controlled terminal is sent is received, and the second file is created according to the implementing result of encryption, so that control The second file of encryption is decrypted in end, and checks the implementing result of the second file, to take github platform as WEB Business, avoids sensitive data from being monitored to, highly-safe.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification, claims And specifically noted structure is achieved and obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the method flow diagram for escaping C&C detection based on github that the embodiment of the present invention one provides;
Fig. 2 is another method flow diagram for escaping C&C detection based on github that the embodiment of the present invention one provides;
Fig. 3 is the schematic device provided by Embodiment 2 of the present invention that escape C&C detection based on github;
Fig. 4 is another schematic device for escaping C&C detection based on github provided by Embodiment 2 of the present invention.
Icon:
The first receiving unit of 10-;20- creating unit;30- encryption unit;40- first processing units;50- second processing list Member;The second receiving unit of 60-;70- third processing unit.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
To be described in detail to the embodiment of the present invention below convenient for understanding the present embodiment.
Embodiment one:
Fig. 1 is the method flow diagram for escaping C&C detection based on github that the embodiment of the present invention one provides.
Referring to Fig.1, being applied to github platform generally will use the source on github platform in some software developments Code, and the API of github platform is easy to accomplish as C2, it is at low cost.Wherein, C2 or C&C (Command and Control), it is server for sending control instruction;Github platform is the trustship towards open source and privately owned software project Platform.
On github platform, user needs to carry out anonymous authentication, obtains account and password, passes through account and password login It is for distinguishing the unique of user identity that github platform, which includes parameter access tokens, access tokens in account, Mark.
The setting up procedure of access tokens is as follows: entering developer's setting page after logging in github platform, increases newly Token after generating new token, can be used for accessing all API (Application Programming Interface, application programming interface).The API of github platform is as shown in table 1:
Table 1
In Fig. 1, executing subject is github platform, method includes the following steps:
Step S101 receives the solicited message that control terminal is sent;
Step S102 creates the first file according to solicited message;
Step S103 encrypts the first file, the first file encrypted;
First file of encryption is sent to controlled terminal by step S104, so that controlled terminal carries out the first file of encryption Decryption obtains the first file, and executes the solicited message in the first file, obtains implementing result, and add to implementing result It is close;
Step S105 receives the implementing result for the encryption that controlled terminal is sent, and according to the implementing result of encryption creation second File so that the second file of encryption is decrypted in control terminal, and checks the implementing result of the second file.
Here, controlled terminal and control terminal can be user terminal.
Further, solicited message includes control command information, and the first file includes the first suffix title, step S104 packet It includes:
First file of encryption is sent to controlled terminal, so that controlled terminal searches the of encryption from the first file of encryption The file of one suffix title, if finding the file of the first suffix title of encryption, to the first suffix title of encryption File is decrypted, and obtains the file of the first suffix title, and the control command information in the file of the first suffix title of execution, Implementing result is obtained, and implementing result is encrypted.
Specifically, controlled terminal sends control command information to github platform, and github platform is according to control command information The first file agent1.cmd.1 the serial number of (1 be the current command) is created, and the first file is encrypted, the encrypted One file, also, the document content information in the first file is also required to encrypt.Then the first file of encryption is sent to controlled End, controlled terminal search the text of the entitled cmd. serial number of the first suffix of encryption from the first file agent1.cmd.1 of encryption Part is decrypted the file of the entitled cmd. serial number of the first suffix of encryption, obtains the text of cmd. serial number if found The file of part, cmd. serial number executes control command information, obtains implementing result, and encrypt to implementing result, is encrypted Implementing result.
The implementing result of encryption is sent to github platform, github platform is according to the implementing result of encryption creation second File, control terminal can check the second file every preset time, and the implementing result of encryption is decrypted, and obtain executing knot Fruit, to export implementing result.
Further, solicited message includes screenshot capture command information, and the first file includes the second suffix title, step S104 includes:
First file of encryption is sent to controlled terminal, so that controlled terminal searches the of encryption from the first file of encryption The file of two suffix titles, if finding the file of the second suffix title of encryption, to the second suffix title of encryption File is decrypted, and obtains the file of the second suffix title, and the screenshot capture order in the file of the second suffix title of execution Information obtains picture content information, and encrypts to picture content information.
Specifically, controlled terminal sends screenshot capture command information to github platform, and github platform is according to screenshot capture Command information creates the first file agent1.screen.1, and encrypts to the first file, the first file encrypted, Also, the document content information in the first file is also required to encrypt.Then the first file of encryption is sent to controlled terminal, be controlled The file of the entitled screen of the second suffix of encryption is searched at end from the first file agent1.screen.1 of encryption, if It finds, then the file of the entitled screen of the second suffix of encryption is decrypted, obtains the file of screen, screen's File executes screenshot capture command information, obtains picture content information, and encrypt to picture content information, is encrypted Picture content information.
The picture content information of encryption is sent to github platform, github platform is according to the picture content information of encryption The second file is created, control terminal can check the second file every preset time, and the picture content information of encryption is decrypted, Picture content information is obtained, to export picture content information.
The implementation procedure of control command information and the implementation procedure of screenshot capture command information, are all to be with github platform Medium realizes the purpose for obtaining sensitive information, to improve the safety of network.
Further, the second file includes third suffix title, and referring to Fig. 2, this method is further comprising the steps of:
Step S201 receives the on-line time information for the update that controlled terminal is sent;
Here, controlled terminal at runtime, creates a warehouse on github platform, and creation one is corresponding under warehouse File, this document can be character string file, and the basic information including controlled terminal, the basic information of controlled terminal includes on-line time With the name information of controlled terminal etc..On-line time requires to update at regular intervals, and controlled terminal can be updated with the current time Fall the on-line time in ancient deed.Access API interval time can be randomized, and if it is fixed interval time, be easy quilt Security model is identified as C2 domain name.
The on-line time information of update is stored in the second file of encryption by step S202, so that control terminal is from encryption The second file in search encryption prefix title file, if the file of the prefix title of encryption is found, to encryption The file of prefix title be decrypted, the file of prefix title is obtained, to obtain the update in the file of prefix title On-line time information.
Specifically, controlled terminal after on-line time information update, will obtain updating on-line time, and by the on-line time of update It is stored in the warehouse on github platform, control terminal can obtain the second text of all encryptions under warehouse every preset time Part filters out the file of the entitled agent of prefix of encryption, after decryption, obtains the update in the file of the entitled agent of prefix The basic informations such as on-line time information.
Further, the on-line time information of update is to be updated by controlled terminal to on-line time information.
The embodiment of the invention provides the methods for escaping C&C detection based on github, are applied to github platform, packet It includes: receiving the solicited message that control terminal is sent;The first file is created according to solicited message;First file is encrypted, is obtained First file of encryption;First file of encryption is sent to controlled terminal, so that controlled terminal solves the first file of encryption It is close, the first file is obtained, and execute the solicited message in the first file, obtains implementing result, and encrypt to implementing result; The implementing result for the encryption that controlled terminal is sent is received, and the second file is created according to the implementing result of encryption, so that control terminal pair Second file of encryption is decrypted, and checks the implementing result of the second file, thus using github platform as WEB service, Sensitive data is avoided to be monitored to, it is highly-safe.
Embodiment two:
Fig. 3 is the schematic device provided by Embodiment 2 of the present invention that escape C&C detection based on github.
Referring to Fig. 3, it is applied to github platform, which includes:
First receiving unit 10, for receiving the solicited message of control terminal transmission;
Creating unit 20, for creating the first file according to solicited message;
Encryption unit 30, for the first file to be encrypted, the first file encrypted;
First processing units 40, the first file for that will encrypt are sent to controlled terminal, so that controlled terminal is by the of encryption One file is decrypted, and obtains the first file, and execute the solicited message in the first file, obtains implementing result, and to execution As a result it is encrypted;
The second processing unit 50, the implementing result of the encryption for receiving controlled terminal transmission, and according to the execution knot of encryption Fruit creates the second file, so that the second file of encryption is decrypted in control terminal, and checks the implementing result of the second file.
Further, solicited message includes control command information, and the first file includes the first suffix title, and the first processing is single First 40 include:
First file of encryption is sent to controlled terminal, so that controlled terminal searches the of encryption from the first file of encryption The file of one suffix title, if finding the file of the first suffix title of encryption, to the first suffix title of encryption File is decrypted, and obtains the file of the first suffix title, and the control command information in the file of the first suffix title of execution, Implementing result is obtained, and implementing result is encrypted.
Further, solicited message includes screenshot capture command information, and the first file includes the second suffix title, at first Managing unit 40 includes:
First file of encryption is sent to controlled terminal, so that controlled terminal searches the of encryption from the first file of encryption The file of two suffix titles, if finding the file of the second suffix title of encryption, to the second suffix title of encryption File is decrypted, and obtains the file of the second suffix title, and the screenshot capture order in the file of the second suffix title of execution Information obtains picture content information, and encrypts to picture content information.
Further, the second file includes prefix title, referring to Fig. 4, the device further include:
Second receiving unit 60, the on-line time information of the update for receiving controlled terminal transmission;
Third processing unit 70, for the on-line time information of update to be stored in the second file of encryption, so that control The file of the prefix title of encryption is searched at end processed from the second file of encryption, if finding the text of the prefix title of encryption Part is then decrypted the file of the prefix title of encryption, obtains the file of prefix title, to obtain the file of prefix title In update on-line time information.
Further, the on-line time information of update is to be updated by controlled terminal to on-line time information.
The embodiment of the invention provides the devices for escaping C&C detection based on github, are applied to github platform, packet It includes: receiving the solicited message that control terminal is sent;The first file is created according to solicited message;First file is encrypted, is obtained First file of encryption;First file of encryption is sent to controlled terminal, so that controlled terminal solves the first file of encryption It is close, the first file is obtained, and execute the solicited message in the first file, obtains implementing result, and encrypt to implementing result; The implementing result for the encryption that controlled terminal is sent is received, and the second file is created according to the implementing result of encryption, so that control terminal pair Second file of encryption is decrypted, and checks the implementing result of the second file, thus using github platform as WEB service, Sensitive data is avoided to be monitored to, it is highly-safe.
The embodiment of the present invention also provides a kind of electronic equipment, including memory, processor and storage are on a memory and can The computer program run on a processor, processor realize provided by the above embodiment be based on when executing computer program The step of method for escaping C&C detection of github.
The embodiment of the present invention also provides a kind of computer readable storage medium, and meter is stored on computer readable storage medium Calculation machine program executes the side for escaping C&C detection based on github of above-described embodiment when computer program is run by processor The step of method.
Computer program product provided by the embodiment of the present invention, the computer-readable storage including storing program code Medium, the instruction that said program code includes can be used for executing previous methods method as described in the examples, and specific implementation can be joined See embodiment of the method, details are not described herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical", The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation, It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ", " third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention Within the scope of.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (10)

1. a kind of method for escaping C&C detection based on github, which is characterized in that be applied to github platform, the method Include:
Receive the solicited message that control terminal is sent;
The first file is created according to the solicited message;
First file is encrypted, the first file encrypted;
First file of the encryption is sent to controlled terminal, so that the controlled terminal solves the first file of the encryption It is close, first file is obtained, and execute the solicited message in first file, obtains implementing result, and to described Implementing result is encrypted;
The implementing result for the encryption that the controlled terminal is sent is received, and the second file is created according to the implementing result of the encryption, So that the second file of the encryption is decrypted in the control terminal, and check the implementing result of second file.
2. the method according to claim 1 that escape C&C detection based on github, which is characterized in that the request letter Breath includes control command information, and first file includes the first suffix title, and first file by the encryption is sent To controlled terminal, so that the first file of the encryption is decrypted the controlled terminal, first file is obtained, and execute institute The solicited message in the first file is stated, obtains implementing result, and encrypt to the implementing result, comprising:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is searched from the first file of the encryption The file of first suffix title of encryption, if the file of the first suffix title of the encryption is found, to the encryption The file of the first suffix title be decrypted, obtain the file of the first suffix title, and execute the first suffix title The control command information in file obtains the implementing result, and encrypts to the implementing result.
3. the method according to claim 1 that escape C&C detection based on github, which is characterized in that the request letter Breath includes screenshot capture command information, and first file includes the second suffix title, first file by the encryption It is sent to controlled terminal, so that the first file of the encryption is decrypted the controlled terminal, obtains first file, and hold The solicited message in row first file, obtains implementing result, and encrypt to the implementing result, comprising:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is searched from the first file of the encryption The file of second suffix title of encryption, if the file of the second suffix title of the encryption is found, to the encryption The file of the second suffix title be decrypted, obtain the file of the second suffix title, and execute the second suffix title The screenshot capture command information in file obtains picture content information, and encrypts to the picture content information.
4. the method according to claim 1 that escape C&C detection based on github, which is characterized in that second text Part includes prefix title, the method also includes:
Receive the on-line time information for the update that the controlled terminal is sent;
The on-line time information of the update is stored in the second file of the encryption, so that the control terminal adds from described The file of the prefix title of encryption is searched in the second close file, if finding the file of the prefix title of the encryption, The file of the prefix title of the encryption is decrypted, the file of prefix title is obtained, to obtain the prefix title The on-line time information of the update in file.
5. the method according to claim 4 that escape C&C detection based on github, which is characterized in that the update On-line time information is to be updated by the controlled terminal to on-line time information.
6. a kind of device for escaping C&C detection based on github, which is characterized in that be applied to github platform, described device Include:
First receiving unit, for receiving the solicited message of control terminal transmission;
Creating unit, for creating the first file according to the solicited message;
Encryption unit, for first file to be encrypted, the first file encrypted;
First processing units, for the first file of the encryption to be sent to controlled terminal, so that the controlled terminal described will add The first close file is decrypted, and obtains first file, and executes the solicited message in first file, obtains Implementing result, and the implementing result is encrypted;
The second processing unit, for receiving the implementing result for the encryption that the controlled terminal is sent, and according to the execution of the encryption As a result the second file is created, so that the second file of the encryption is decrypted in the control terminal, and checks second text The implementing result of part.
7. the device according to claim 6 that escape C&C detection based on github, which is characterized in that the request letter Breath includes control command information, and first file includes the first suffix title, and the first processing units include:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is searched from the first file of the encryption The file of first suffix title of encryption, if the file of the first suffix title of the encryption is found, to the encryption The file of the first suffix title be decrypted, obtain the file of the first suffix title, and execute the first suffix title The control command information in file obtains the implementing result, and encrypts to the implementing result.
8. the device according to claim 6 that escape C&C detection based on github, which is characterized in that the request letter Breath includes screenshot capture command information, and first file includes the second suffix title, and the first processing units include:
First file of the encryption is sent to controlled terminal, so that the controlled terminal is searched from the first file of the encryption The file of second suffix title of encryption, if the file of the second suffix title of the encryption is found, to the encryption The file of the second suffix title be decrypted, obtain the file of the second suffix title, and execute the second suffix title The screenshot capture command information in file obtains picture content information, and encrypts to the picture content information.
9. the device according to claim 6 that escape C&C detection based on github, which is characterized in that second text Part includes prefix title, described device further include:
Second receiving unit, for receiving the on-line time information for the update that the controlled terminal is sent;
Third processing unit, for the on-line time information of the update to be stored in the second file of the encryption, so that The control terminal searches the file of the prefix title of encryption from the second file of the encryption, if finding the encryption The file of prefix title is then decrypted the file of the prefix title of the encryption, obtains the file of prefix title, to obtain Take the on-line time information of the update in the file of the prefix title.
10. the device according to claim 9 that escape C&C detection based on github, which is characterized in that the update On-line time information is to be updated by the controlled terminal to on-line time information.
CN201811477077.2A 2018-12-04 2018-12-04 Method and device for escape C & C detection based on github Active CN109587137B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811477077.2A CN109587137B (en) 2018-12-04 2018-12-04 Method and device for escape C & C detection based on github

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811477077.2A CN109587137B (en) 2018-12-04 2018-12-04 Method and device for escape C & C detection based on github

Publications (2)

Publication Number Publication Date
CN109587137A true CN109587137A (en) 2019-04-05
CN109587137B CN109587137B (en) 2021-06-29

Family

ID=65926168

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811477077.2A Active CN109587137B (en) 2018-12-04 2018-12-04 Method and device for escape C & C detection based on github

Country Status (1)

Country Link
CN (1) CN109587137B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070178891A1 (en) * 2006-01-30 2007-08-02 Louch John O Remote control of electronic devices
CN103678993A (en) * 2013-11-26 2014-03-26 小米科技有限责任公司 Method and device controlling terminal
CN104486321A (en) * 2014-12-11 2015-04-01 上海斐讯数据通信技术有限公司 Web data interaction method and system and corresponding Web server
CN104811444A (en) * 2015-04-02 2015-07-29 谢杰涛 Secure cloud control method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070178891A1 (en) * 2006-01-30 2007-08-02 Louch John O Remote control of electronic devices
CN103678993A (en) * 2013-11-26 2014-03-26 小米科技有限责任公司 Method and device controlling terminal
CN104486321A (en) * 2014-12-11 2015-04-01 上海斐讯数据通信技术有限公司 Web data interaction method and system and corresponding Web server
CN104811444A (en) * 2015-04-02 2015-07-29 谢杰涛 Secure cloud control method and system

Also Published As

Publication number Publication date
CN109587137B (en) 2021-06-29

Similar Documents

Publication Publication Date Title
US9843578B2 (en) Mobile security fob
CN106471783B (en) Via the business system certification and authorization of gateway
US9531714B2 (en) Enterprise authentication via third party authentication support
US10904218B2 (en) Secure proxy to protect private data
EP2191610B1 (en) Software based multi-channel polymorphic data obfuscation
CN108462710B (en) Authentication and authorization method, device, authentication server and machine-readable storage medium
CN103065178B (en) A kind of Quick Response Code sharing apparatus, access means and sharing method
US10142308B1 (en) User authentication
US20170085567A1 (en) System and method for processing task resources
TW201407378A (en) Efficient data transfer for cloud storage by centralized management of access tokens
CN106105090A (en) Session is utilized to share automated log on and publish session
CN108880822A (en) A kind of identity identifying method, device, system and a kind of intelligent wireless device
JP2011238036A (en) Authentication system, single sign-on system, server device and program
CN102624687A (en) Networking program user authentication method based on mobile terminal
CN111683370B (en) Access authentication method, device and system of wireless network equipment
JP2011215753A (en) Authentication system and authentication method
CN109302397B (en) Network security management method, platform and computer readable storage medium
CN109542862A (en) For controlling the methods, devices and systems of the carry of file system
US8775614B2 (en) Monitoring remote access to an enterprise network
JP2005092614A (en) Biometrics system, program, and information storage medium
CN113051035A (en) Remote control method, device and system and host machine
CN109587137A (en) The method and apparatus for escaping C&C detection based on github
CN107508838A (en) A kind of access control method, device and system
Horalek et al. Cybersecurity analysis of IoT networks
JP2016162278A (en) Access relay device, information processing method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant