CN110399718B - Remote penetration evidence obtaining method for industrial control system - Google Patents
Remote penetration evidence obtaining method for industrial control system Download PDFInfo
- Publication number
- CN110399718B CN110399718B CN201910482385.2A CN201910482385A CN110399718B CN 110399718 B CN110399718 B CN 110399718B CN 201910482385 A CN201910482385 A CN 201910482385A CN 110399718 B CN110399718 B CN 110399718B
- Authority
- CN
- China
- Prior art keywords
- scanning
- program
- file
- remote
- operation target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a remote penetration evidence obtaining method for an industrial control system, which comprises the following steps: (1) locally granting rights; (2) permission to reside; (3) collecting information; (4) local vulnerability scanning; (5) The method disclosed by the invention can be used for carrying out intranet penetration test on a target network and a target host in a target industrial control intranet at the visual angle of penetration personnel, provides a reference value for industrial control safety protection and a professional tool for industrial control safety evaluation, and has important significance for industrial control safety evaluation, evidence obtaining and protection.
Description
Technical Field
The invention relates to a safety evaluation method for an industrial intranet, in particular to a remote penetration evidence obtaining method for an industrial control system.
Background
With the continuous development of heavy industry, the safety of industrial control systems (ICS, hereinafter referred to as industrial control systems) has become a focus of attention. At present, an industrial control system is used as an infrastructure of industrial production, and serious security threats exist, for example, a large amount of remote authorization and code execution bugs exist in an industrial control host, which is caused by the problems that an industrial control enterprise does not patch, antivirus software is not installed in the host, and a Windows XP system which is not maintained by microsoft is adopted, so that an attacker and illegal personnel can easily destroy the industrial control system.
Currently, the tools for security assessment for industrial intranets are mainly classified into the following 4 types:
(1) Vulnerability scanning class tool: such tools are primarily oriented to perform security scan evaluations on industrial devices/hosts, detect security issues from device, network, and application layers, such as weak password vulnerabilities, remote bypass vulnerabilities, remote privilege-escalation vulnerabilities, and the like, with the results of the scan providing vulnerability reports to security administrators. The application scenarios of such tools are limited, and at present, only a certain node or a certain group of nodes can be scanned, but the tools cannot enter the nodes to scan other connected nodes.
(2) Information detection tool: the method is mainly used for detecting the specified industrial control intranet equipment, detecting a certain node or a group of nodes and acquiring related information and data of the nodes, such as versions, DB areas, register contents, specified address contents and the like.
(3) Situation awareness-like tool: the method is mainly used for detecting the whole network industrial control equipment and obtaining the data of all industrial control nodes, including equipment names, equipment numbers, versions, registers or specified address contents and the like.
(4) Vulnerability discovery tools: the method is mainly used for vulnerability mining aiming at a given industrial control equipment IP address. A large amount of malformed messages are constructed for a target by a fuzzy test and remote monitoring method, so that the current buffer area overflows, and security holes are excavated.
The above 4 kinds of tools have certain application limitations, and are unstable in operation, which is likely to cause paralysis or breakdown of the production system.
Disclosure of Invention
In order to solve the technical problems, the invention provides a remote penetration evidence obtaining method for an industrial control system, so as to achieve the purposes of avoiding paralysis or breakdown of a production system and ensuring the stability of the system in a test process.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a method of remote penetration forensics for industrial control systems, comprising the steps of:
(1) Local rights offering;
(2) The permission resides;
(3) Collecting information;
(4) Local vulnerability scanning;
(5) Remote scanning is utilized.
In the above scheme, the specific method of step (1) is as follows: the administrator operates the control end, the control end is connected with the controlled end through the server end, the controlled end is authenticated after being online, local right extraction is started after the authentication is passed, available right extraction is searched one by one through a built-in multiple right extraction loophole utilization method and is promoted to the SYSTEM authority, and if the right extraction cannot be promoted to the SYSTEM authority, the UAC step is executed to achieve the right extraction.
In the above scheme, in the step (2), if the local right-lifting cannot be performed, attempting to perform the right-lifting through an infection shortcut, specifically including the following steps:
1) Infecting a common lnk file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
2) Infecting a frequently-used chm file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
3) Infecting a common bat file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
4) Scanning a disk dll file, scanning a hijack bug, setting a service starting program, and setting a starting target as the program;
5) Scanning an html file, and inserting a script code to enable the html file to run the program of the controlled terminal;
6) The js file is scanned, and a script code is inserted, so that the controlled end program can be operated;
7) Scanning a bat file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
8) Scanning powershell files, replacing running targets by a man-in-the-middle attack method, and changing the running targets into controlled end programs;
9) Adding a rundll starting file, wherein the starting target is the program of the controlled terminal;
10 Adding a planning task, and starting a program with the target of the controlled end;
11 Creating service, wherein the starting target of the service is the program of the controlled terminal;
12 Add a launch file to the registry launch;
and in the permission resident process, if the permission resident process fails, skipping to continue execution. In the replacement process, a multi-level link mode is adopted.
In the above scheme, the specific method for collecting information in step (3) is as follows:
1) The traversal process acquires information of each process;
2) Traversing the service to obtain the information of each service;
3) Traversing the installed software to acquire the installation information of each software;
4) Acquiring network socket information (including local interception and remote connection);
5) Acquiring information of local antivirus software;
6) Acquiring login passwords (such as Chrome browser, firefox browser, XShell, IE browser, remote desktop certificate and the like) of various types of software;
7) And acquiring the information of the industrial control configuration software.
In the above scheme, the content of the local vulnerability scanning in the step (4) includes checking local privilege vulnerability and vulnerability problems.
In the above solution, the remote scanning process in step (5) is as follows:
1) Scanning the survival host of the intranet;
2) Carrying out port scanning and service detection aiming at the intranet survival host;
3) The common remote attack vulnerability within 5 years is adopted for overflowing, and the command is remotely executed, so that remote direct online is realized;
4) If the remote vulnerability exploitation fails, weak password exploitation is tried, and a null password is tried through IPC sharing, active directory and printer sharing;
5) If the null password attempt fails, the administrator is asked to further scan the common services of the intranet in a weak password scanning mode, wherein the services comprise FTP, TELNET and SSH.
In a further technical scheme, the line loading of the controlled end comprises two modes: directly connecting an online line and an agent online line; when the control end issues a task to a controlled end node, a command is firstly uploaded to the server end by the control end, then the server end stores a task queue of the designated node, and when the controlled end polls the server end regularly, the task queue is read and the command is executed, so that the socket is closed.
Through the technical scheme, the method for remote penetration evidence obtaining aiming at the industrial control system has the following beneficial effects:
the safety penetration evaluation and evidence collection method for the industrial control intranet can perform intranet penetration test on the target network and the target host at the visual angle of penetration personnel in the target industrial control intranet. And (4) performing safety penetration evaluation and evidence collection on each node (Windows machine) in the industrial control system. The method can simulate the infiltration of hackers or illegal persons from the outside, provide dynamic reference for administrators, and provide an early warning mechanism for enterprise security. Has important significance for industrial control safety evaluation, evidence collection and protection. The method is suitable for various industrial control internal networks and industrial control equipment systems, and the field is not limited to electric power, petroleum and petrochemical industry, tobacco, coal mines and the like.
Meanwhile, the system starts from the stability of the industrial control system, so that the paralysis or breakdown of the production system is avoided, and the stability of the system in the test process is guaranteed. The method provides reference value for industrial control safety protection and provides a professional tool for industrial control safety evaluation.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
FIG. 1 is a schematic flow chart of a method for remote penetration evidence collection for an industrial control system according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a controlled end on-line process disclosed in the embodiment of the present invention;
fig. 3 is a schematic diagram illustrating a communication process between a server and a controlled end according to an embodiment of the present invention;
fig. 4 is a network structure diagram of the method.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
The invention provides a remote penetration evidence obtaining method for an industrial control system, which is used for performing intranet penetration test on a target network and a target host at the visual angle of a remote penetration tester as shown in figure 1.
As shown in fig. 1, the method comprises the steps of:
1. local extraction
The method meets the sufficiency of information acquisition, the flexibility of penetration evaluation and the accuracy of key vulnerability examination. The method firstly needs to install the controlled program at the edge node of the industrial control system, and the installation method comprises remote vulnerability utilization, U disk operation, mail operation and the like. After the control system runs, the program can carry out right-giving and implantation on the host system, and the machine can be started.
The system is divided into three parts: the system comprises a control end, a server end and a controlled end. And the administrator operates the controlled end cluster at the control end, and the server end runs the Linux server and is responsible for establishing connection with the controlled end cluster. The controlled end program (script) runs on the Windows terminal or Linux terminal/server, is used for communicating with the server and executing the command issued by the server. The network structure is shown in fig. 4.
And the administrator operates the control end, and the control end is connected with the server end through TCP and DES encryption. And generating a controlled terminal script file through the server terminal (Windows can optionally generate BAT, PS, CMD, EXE and other files, linux generates Python script files, BSD and MACOS generate Python script files). And operating the generated file of the controlled end on a target machine in a USB flash disk/mail or other modes, and executing the following contents by the program of the controlled end after the operation:
and connecting to a server end through the HTTPS, performing password authentication, reading and executing the task list, executing the task and uploading the result if the task exists, and further closing the socket. If no task exists, the socket is directly closed. The main communication process between the server and the controlled end is shown in fig. 3.
The controlled terminal is on-line in two ways: direct connection online (the server and the controlled end program are connected through HTTPS) and agent online (the server and the controlled end program are online through HTTPS). The server itself maintains the information of all controlled terminals, including sockets, task lists, keys, fingerprints, etc. When a control end issues a task to a controlled end node, a command is firstly uploaded to a server end by the control end, and then the server end stores a task queue of a designated node. And when the controlled end polls the server end regularly, reading the task queue and executing a command so as to close the socket. The process is shown in figure 2.
After the authentication with the server side is finished, local privilege escalation check is started, a plurality of privilege escalation vulnerability utilization methods are built in, the available privileges are searched one by one and are escalated to the SYSTEM privilege, and if the SYSTEM privilege cannot be escalated, the UAC step is executed to achieve privilege escalation.
2. Permission parking
If the local right-lifting can not be performed, attempting to perform the right-lifting through an infection shortcut, and specifically comprising the following steps:
1) Infecting a common lnk file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
2) Infecting a frequently-used chm file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
3) Infecting a common bat file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
4) Scanning a disk dll file, scanning hijack bugs, setting a service starting program, and setting a starting target as the program;
5) Scanning an html file, and inserting a script code to enable the html file to run the program of the controlled terminal;
6) The js file is scanned, and a script code is inserted to enable the js file to run the program of the controlled terminal;
7) Scanning a bat file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
8) Scanning powershell files, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
9) Adding a rundll starting file, wherein the starting target is the program of the controlled terminal;
10 Adding a planning task, and starting a program with a target of the controlled end;
11 Creating service, wherein the starting target of the service is the program of the controlled terminal;
12 Add a launch file to the registry launch;
and in the permission resident process, if the permission resident process fails, skipping to continue execution. In the replacement process, a multi-level link mode is adopted.
3. Information collection
The specific method of information collection is as follows:
1) The traversal process acquires information of each process;
2) Traversing services to obtain information of each service;
3) Traversing the installed software to acquire the installation information of each software;
4) Acquiring network socket information (including local interception and remote connection);
5) Acquiring information of local antivirus software;
6) Acquiring login passwords (such as Chrome browser, firefox browser, XShell, IE browser, remote desktop certificate and the like) of various types of software;
7) And acquiring the information of the industrial control configuration software.
4. Local vulnerability scanning
The content of the local vulnerability scan includes:
1) Checking local privilege-granting holes (high risk);
2) And checking local vulnerability problems (non-high-risk) including information leakage, weak passwords, remote authorization of common software, information leakage and the like.
5. Remote scanning utilization
The remote scanning process is as follows:
1) Scanning the survival host of the intranet;
2) Carrying out port scanning and service detection aiming at the intranet survival host;
3) Common remote attack loopholes are adopted within 5 years for overflowing, and commands are remotely executed, so that remote direct online is realized;
4) If the remote vulnerability exploitation fails, weak password exploitation is tried, and a null password is tried through IPC sharing, active directory and printer sharing;
5) If the null password attempt fails, the administrator is asked to further scan the common services of the intranet in a weak password scanning mode, wherein the services comprise FTP, TELNET and SSH.
In addition, before automatic online, an administrator needs to configure an online target, the target can be a server side or a previous board jump machine, a generation process of a controlled end of the board jump machine can be completed in a semi-automatic mode of the server side, and the generation process can also be automatically completed by the server side after the remote utilization is successful.
The command execution process is realized in a script execution mode, windows executes commands by adopting Powershell scripts, and Linux executes commands by adopting Python scripts. And if the control task only contains the command, executing a calling script interpretation function, and if the control task contains executable files such as EXE, realizing automatic loading without additional processes by using a memory loading method. In addition, the control end user (administrator) can perform authority residence after the target is subjected to authority extraction/evidence collection/evaluation, so that the evaluation can be analyzed at a later date.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (1)
1. A method for remote penetration forensics for industrial control systems, comprising the steps of:
(1) Local right-raising;
(2) The permission resides;
(3) Collecting information;
(4) Local vulnerability scanning;
(5) Remote scanning and utilization;
the specific method of the step (1) is as follows: the administrator operates the control end, the control end is connected with the controlled end through the server end, the controlled end is authenticated after being online, local right extraction is started after the authentication is passed, available right extraction is searched one by one through a built-in method for utilizing a plurality of right extraction loopholes and is promoted to the SYSTEM authority, and if the right extraction cannot be promoted to the SYSTEM authority, the UAC step is executed to realize the right extraction;
in the step (2), if the local right-lifting can not be performed, attempting to perform the right-lifting through an infection shortcut, specifically comprising the following steps:
1) Infecting a common lnk file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
2) Infecting a frequently-used chm file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
3) Infecting a common bat file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
4) Scanning a disk dll file, scanning a hijack bug, setting a service starting program, and setting a starting target as the program;
5) Scanning an html file, and inserting a script code to enable the html file to run the program of the controlled terminal;
6) The js file is scanned, and a script code is inserted to enable the js file to run the program of the controlled terminal;
7) Scanning a bat file, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
8) Scanning powershell files, replacing an operation target by using a man-in-the-middle attack method, and changing the operation target into a controlled end program;
9) Adding a rundll starting file, wherein the starting target is the program of the controlled terminal;
10 Adding a planning task, and starting a program with the target of the controlled end;
11 Creating service, wherein the starting target of the service is the program of the controlled terminal;
12 Add a launch file to the registry launch;
in the permission residence process, if the permission residence process fails, the continuous execution is skipped, and in the replacement process, a multi-level link mode is adopted;
the specific method for collecting the information in the step (3) is as follows:
1) The traversal process acquires information of each process;
2) Traversing the service to obtain the information of each service;
3) Traversing the installed software to acquire installation information of each software;
4) Acquiring network socket information (including local interception and remote connection);
5) Acquiring information of local antivirus software;
6) Acquiring login passwords (such as Chrome browser, firefox browser, XShell, IE browser, remote desktop certificate and the like) of various types of software;
7) Acquiring information of industrial control configuration software;
the content of the local vulnerability scanning in the step (4) comprises the steps of checking local privilege escalation vulnerability and vulnerability problems;
the step (5) remote scanning process is as follows:
1) Scanning the intranet survival host;
2) Carrying out port scanning and service detection aiming at the intranet survival host;
3) Common remote attack loopholes are adopted within 5 years for overflowing, and commands are remotely executed, so that remote direct online is realized;
4) If the remote vulnerability exploitation fails, weak password exploitation is tried, and a null password is tried through IPC sharing, active directory and printer sharing;
5) If the empty password fails to be tried, inquiring an administrator, and further adopting a weak password scanning mode to scan common services of the intranet, wherein the services comprise FTP, TELNET and SSH;
the on-line of the controlled terminal comprises two modes: directly connecting an online line and an agent online line; when a control end issues a task to a controlled end node, a command is firstly uploaded to a server end by the control end, then the server end stores a task queue of a designated node, and when the controlled end polls the server end regularly, the task queue is read and the command is executed, so that a socket is closed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910482385.2A CN110399718B (en) | 2019-06-04 | 2019-06-04 | Remote penetration evidence obtaining method for industrial control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910482385.2A CN110399718B (en) | 2019-06-04 | 2019-06-04 | Remote penetration evidence obtaining method for industrial control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110399718A CN110399718A (en) | 2019-11-01 |
| CN110399718B true CN110399718B (en) | 2023-01-20 |
Family
ID=68324052
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910482385.2A Active CN110399718B (en) | 2019-06-04 | 2019-06-04 | Remote penetration evidence obtaining method for industrial control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110399718B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104009881A (en) * | 2013-02-27 | 2014-08-27 | 广东电网公司信息中心 | Method and device for system penetration testing |
| CN104468267A (en) * | 2014-11-24 | 2015-03-25 | 国家电网公司 | Information safety penetration testing method for distribution automation system |
| CN105243325A (en) * | 2015-09-29 | 2016-01-13 | 北京奇虎科技有限公司 | Method for residual process file in mobile terminal, mobile terminal and server |
| CN108182359A (en) * | 2017-12-29 | 2018-06-19 | 中国信息通信研究院 | The method, apparatus and storage medium of API safeties under a kind of test trusted context |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8464346B2 (en) * | 2007-05-24 | 2013-06-11 | Iviz Techno Solutions Pvt. Ltd | Method and system simulating a hacking attack on a network |
| US10257220B2 (en) * | 2017-01-30 | 2019-04-09 | Xm Cyber Ltd. | Verifying success of compromising a network node during penetration testing of a networked system |
-
2019
- 2019-06-04 CN CN201910482385.2A patent/CN110399718B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104009881A (en) * | 2013-02-27 | 2014-08-27 | 广东电网公司信息中心 | Method and device for system penetration testing |
| CN104468267A (en) * | 2014-11-24 | 2015-03-25 | 国家电网公司 | Information safety penetration testing method for distribution automation system |
| CN105243325A (en) * | 2015-09-29 | 2016-01-13 | 北京奇虎科技有限公司 | Method for residual process file in mobile terminal, mobile terminal and server |
| CN108182359A (en) * | 2017-12-29 | 2018-06-19 | 中国信息通信研究院 | The method, apparatus and storage medium of API safeties under a kind of test trusted context |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110399718A (en) | 2019-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mainka et al. | SoK: single sign-on security—an evaluation of openID connect | |
| Khera et al. | Analysis and impact of vulnerability assessment and penetration testing | |
| US8863288B1 (en) | Detecting malicious software | |
| CN107959673B (en) | Abnormal login detection method and device, storage medium and computer equipment | |
| Vibhandik et al. | Vulnerability assessment of web applications-a testing approach | |
| Johari et al. | Penetration testing in IoT network | |
| Bairwa et al. | Vulnerability scanners-a proactive approach to assess web application security | |
| Stealer | Intelligence report | |
| Yamada et al. | RAT-based malicious activities detection on enterprise internal networks | |
| CN114666104A (en) | Penetration testing method, system, computer equipment and storage medium | |
| US11916953B2 (en) | Method and mechanism for detection of pass-the-hash attacks | |
| Franklin et al. | CVSS implementation guidance | |
| Filiol et al. | A method for automatic penetration testing and mitigation: A red hat approach | |
| Sachidananda et al. | OVER: Overhauling vulnerability detection for IoT through an adaptable and automated static analysis framework | |
| CN112398787B (en) | Mailbox login verification method and device, computer equipment and storage medium | |
| CN110399718B (en) | Remote penetration evidence obtaining method for industrial control system | |
| CN116415300A (en) | File protection method, device, equipment and medium based on eBPF | |
| CN114257407B (en) | Equipment connection control method and device based on white list and computer equipment | |
| CN113194088B (en) | Access interception method, device, log server and computer readable storage medium | |
| Aarya et al. | Web scanning: existing techniques and future | |
| Bansal et al. | Analysis and Detection of various DDoS attacks on Internet of Things Network | |
| Holm et al. | A manual for the cyber security modeling language | |
| Lindorfer et al. | Take a bite-finding the worm in the apple | |
| Marstorp et al. | Security testing of an obd-ii connected iot device | |
| Yin et al. | Empirical study of system resources abused by iot attackers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |