CN113395287B - Method and system for recording network attack IP and command execution echo - Google Patents
Method and system for recording network attack IP and command execution echo Download PDFInfo
- Publication number
- CN113395287B CN113395287B CN202110692316.1A CN202110692316A CN113395287B CN 113395287 B CN113395287 B CN 113395287B CN 202110692316 A CN202110692316 A CN 202110692316A CN 113395287 B CN113395287 B CN 113395287B
- Authority
- CN
- China
- Prior art keywords
- function
- bash
- dictionary
- recording
- attacker
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
Abstract
The invention discloses a method and a system for recording network attack IP and command execution playback, wherein the method comprises the following steps: establishing a kernel debugging module, and mounting at least one key function in the kernel debugging module; acquiring a P ID dictionary, a socket fd dictionary and a dictionary corresponding to I P through the key function; mounting an exeve function in a kernel, recording a calling process of a current exeve function PI D according to the exeve function, and acquiring and returning a process tree; establishing a secret mark module, recording the current PI D of the bash, executing content and executing playback, and acquiring an ancestor process according to the process tree; and comparing the ancestor process PI D with the obtained P ID dictionary, the socket fd dictionary and the I P dictionary to obtain an attacker I P. The method and the system acquire the process tree where the Bash process is located, trace back the ancestor process according to the process tree, and acquire the IP of the network attacker according to the socket of the ancestor process, so that the effective monitoring on the Bash attack can be realized.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for recording network attack IP and command execution echoing.
Background
Bash, a member of Unix Shell, was written in 1987 by Blainen Focus for the GNU program. The first official version, released in 1989, was originally intended for use on the GNU operating system, but was capable of running on most Unix-like operating systems, including Linux and Mac OS X v10.4, both of which have been used as default shells.
Bash can be said to be the most basic component of the linux operating system. Therefore, it is a major issue of LINUX security for the monitoring of Bash, and almost all host defense suites add Bash monitoring as one of the functions. For monitoring of Bash, typical scenarios are derived from sudash and the official cmd _ log module of Bash.
In the prior art, Sudosh is specially designed to be used in combination with sudo or used as a login shell independently. Sudosh allows execution of a root or user shell with a log record, and each command and output entered by the user in the root shell is recorded.
Sudash in the prior art mainly has the following defects:
sudash cannot record the IP of the attacker who executes the bash. Sudosh cannot record the execution and playback of the bash command in the mode of bash-c, which is the most common network attack in which the bash command is executed through webshell. Sudash cannot record command execution and playback of the bounce shell, however, it is also one of the most common ways to execute commands in a network attack. The sudash cannot record which process the bash was created by, i.e. cannot trace back the source of the bash.
Disclosure of Invention
One of the purposes of the invention is to provide a method and a system for recording network attack IP and command execution playback, wherein the method and the system acquire a process tree in which a Bash process is located, trace back an ancestor process according to the process tree, and acquire a network attacker IP according to a socket of the ancestor process, so that the effective monitoring of the Bash attack can be realized.
One of the purposes of the invention is to provide a method and a system for recording network attack IP and command execution playback, wherein the method and the system are provided with a Bash secret mark module, the Bash secret mark module can record the execution command of an attacker to Bash attack and playback the recorded execution command, so that the attack mode can be effectively monitored.
One of the purposes of the invention is to provide a method and a system for recording network attack IP and command execution echoing, wherein the method and the system adopt a kernel debugging module to track and monitor a specific kernel function in a linux system, and are used for acquiring a function calling process and a function calling process tree and further acquiring an ancestor process of a Bash process.
One of the purposes of the invention is to provide a method and a system for recording network attack IP and command execution echo, wherein the method and the system construct a pseudo terminal through the secret mark module, record the input of an attacker at the pseudo terminal and output the attacker at the same time, so that the record tracing which is not perceived by the attacker can be realized, and the monitoring effect of Bash attack is improved.
To achieve at least one of the above objects, the present invention further provides a method for recording a network attack IP and a command execution echo, the method comprising the steps of:
establishing a kernel debugging module, and mounting at least one key function in the kernel debugging module;
acquiring a PID dictionary, a socketfd dictionary and a dictionary corresponding to the IP through the key function;
mounting an exeve function in a kernel, executing a calling process of a current exeve function PID according to the exeve function record, and acquiring and returning a process tree;
establishing a secret mark module, recording the current PID of the bash, executing content and displaying back, and acquiring an ancestor process according to the process tree;
and comparing the ancestor process PID with the obtained PID dictionary, the socket fd dictionary and the IP dictionary to obtain the IP of the attacker.
According to one preferred embodiment of the invention, a sockfd _ lookup function is called in the kernel, socketfd is obtained according to the mounting key function, the socketfd is converted into a socket structure through the sockfd _ lookup function, and an IP in the socket structure is analyzed.
According to another preferred embodiment of the invention, when the Bash is started, the secret function is inserted at the entry of the execution command corresponding to the two key nodes of the Bash-i and the Bash-c, and is used for secretly marking the execution instructions of the two key nodes.
According to another preferred embodiment of the invention, when the secret mark module is started at Bash, two pseudo terminals are constructed, and the two pseudo terminals are used for acquiring and executing an attacker command and outputting an execution result to the attacker.
According to another preferred embodiment of the present invention, the two pseudo terminals include a master device and a slave device, wherein the master device and the slave device constitute a pair of character devices, the master device is used for reading data of the slave device, and the slave device is used for reading data of the master device.
According to another preferred embodiment of the invention, when any key function process opens the character device pair, a master file descriptor is obtained under the/dev/ptmx file, and a slave file is created in the/dev/pts file.
According to another preferred embodiment of the present invention, a parent process and a child process are created according to the master device and the slave device, wherein the parent process supports the master device, the child process supports the child process, the child process receives input of an attacker and records relevant data of the input, and the child process records the input and exits a secret mark function and automatically displays the output back to the slave device.
According to another preferred embodiment of the present invention, the parent process circularly monitors the readable state of the master device, if the master device is readable, the child process records the echoed output and returns the output to the attacker, and if the master device is not readable, the parent process circularly monitors the master device.
According to another preferred embodiment of the present invention, if the master device is in a readable state, the read byte number is determined, and if the byte number read by the master device is greater than or equal to zero, the master device outputs the execution result to the attacker.
In order to achieve at least one of the above-mentioned objects, the present invention further provides a system for recording network attack IP and command execution echo, which executes the above-mentioned method for recording network attack IP and command execution echo.
The present invention provides a computer-readable storage medium storing a computer program executable by a processor to perform the above-described method of recording a network attack IP and a command execution echo.
Drawings
Fig. 1 is a schematic flow chart showing a method for recording the IP of the network attack and the command execution echo according to the present invention.
FIG. 2 is a flow chart of a method for recording IP and command execution playback of network attacks according to an embodiment of the present invention.
FIG. 3 is a flow chart showing the execution of the block for memorizing the information in the present invention.
Detailed Description
The following description is presented to disclose the invention so as to enable any person skilled in the art to practice the invention. The preferred embodiments in the following description are given by way of example only, and other obvious variations will occur to those skilled in the art. The basic principles of the invention, as defined in the following description, may be applied to other embodiments, variations, modifications, equivalents, and other technical solutions without departing from the spirit and scope of the invention.
It is understood that the terms "a" and "an" should be interpreted as meaning "at least one" or "one or more," i.e., that a quantity of one element may be one in one embodiment, while a quantity of another element may be plural in other embodiments, and the terms "a" and "an" should not be interpreted as limiting the quantity.
Referring to fig. 1-3, the present invention discloses a method and system for recording network attack IP and command execution playback, wherein the method and system mainly uses 3 modules such as socket chain, process chain and secret module to realize accurate record of attacker IP, record command executed by attacker, and playback the executed command.
Specifically, a kernel debugging module needs to be established in a kernel of the linux system, wherein the kernel debugging module includes a kprobe module and a kretprobe derived from the kprobe module. That is to say, the kernel debugging module can quickly acquire the state data of the kernel function and analyze the calling condition of the kernel function.
In order to better acquire the state of the kernel function, the invention mounts at least one key function in the kernel debugging module, wherein the key function comprises but is not limited to a recvfrom function and an accept function, and the key function is used for acquiring a PID (process identifier) for executing the current self function, and a socket file descriptor and an IP (Internet protocol). And the PID dictionary, the socketfd dictionary and the IP dictionary can be obtained through the two mounted key functions, and the kernel debugging module transmits the obtained PID dictionary, socketfd dictionary and IP dictionary to the monitor program. The kernel debugging module is also used for mounting an execute function, the execute function in the kernel debugging module is used for acquiring a PID (proportion integration differentiation) of the currently executed execute function, acquiring a process tree of the currently executed execute function, and transmitting the PID and the process tree of the currently executed execute function into a monitor program for monitoring.
The monitor program is in communication connection with the secret module, and the secret module records the PID of the current Bash, the command executed by the Bash and the echoed command. The said secret module sends the PID of the current Bash, and the executed command of the Bash back to the monitor program. After acquiring the PID of the current Bash, the monitor program judges whether the PID of the current Bash exists in a process tree list uploaded by an execute function, if so, the monitor program acquires the current process tree list, judges whether the PID of the current Bash has the same accept and recvfrom events through the acquired process tree list, and if so, acquires the IP of an attacker through executing the PID and the socketfd of the accept function and/or the recvfrom function. And returning the executed commands and the executed commands of the attacker IP, the process tree and the Bash back to the display. It should be noted that the ancestor processes of all the processes can be found through the process tree list. As the middle process of the Linux system is of a tree structure, all the tree structures have an ancestor process which is an init _ task process in the Linux kernel, and the init _ task process is an ancestor process of all processes under the same process tree. And evolving into various executed processes through the ancestor process init _ task process, wherein the execute function is a core function for converting a kernel state in the Linux system into a user state, when the Linux system in the system executes related codes to generate a first kernel core process kernel _ init, a text field of the kernel _ init process can be replaced through the execute function to generate the user process init. Therefore, the process tree recording all Bash behaviors can be obtained by obtaining the PID executing the execute function, so that the ancestor process can be traced back.
It should be noted that, in a preferred embodiment of the present invention, the following method is adopted to obtain the attacker IP when executing the accept function and/or the recvfrom function: calling a native function sockfd _ lookup in the linux system, reversely querying a socket structure body through the sockfd by the native function sockfd _ lookup, and executing sockfd in the mounted recvfrom function and the acept function. The mounted socketfd is directly converted into a Sock structure through the native function socketfd _ lookup. Since the Sock structure comprises quintuple, the quintuple comprises: source IP address, source port, destination IP address, destination port, and transport layer protocol. The IP of the attacker can be resolved directly from the five-tuple. The IP analysis method may be performed by dictionary comparison, which is not described in detail herein.
One of the advantages of the present invention is that the imperceptible record attacker IP and the command executed by the attack, and the technical scheme for realizing the imperceptibility includes: constructing two pseudo terminals through the secret mark module, wherein the two pseudo terminals comprise: the method comprises the following steps that: when a process opens a/dev/ptmx file in a kernel, the/dev/ptmx file obtains a master file descriptor (file descriptor), and simultaneously creates a slave device file under the/dev/pts file, it should be noted that the master device and the slave device can read data stored by each other.
The secret mark module inserts a secret mark function at a key node of a Bash source code, wherein the key node is as follows: and at the entry of the execution command corresponding to the bash-c and the bash-i, the secret function acquires the execution command data related to the key node, and the reading and distribution of the data are realized through the master device and the slave device.
Please refer to the schematic flow chart of the execution of the implication module shown in fig. 3, wherein the implication module obtains a Bash execution command at the key node, and creates a parent-child process through a Fork after creating two pseudo terminals, wherein the parent process supports the main devices of the two pseudo terminals, and the child process supports the child devices of the pseudo terminals. It should be noted that, the parent process and the child process respectively return PIDs when Fork is created, where the PID returned by the child process is 0, and the PID returned by the parent process is the PID of the child process, so that it can be determined whether the process is the child process as long as it is determined whether the PID return value in the process is 0, and when the returned PID is 0, the process is determined to be the child process. And setting the input of the sub-process for acquiring the attacker, keeping the output and the display playback of the sub-process unchanged, and after recording the attack input of the attacker, exiting the cryptic function and displaying the attack input back to the sub-device by the cryptic function. The child process can transmit the output of the attacker after the attack is executed to the main device, the parent process is set to close the input, and the output and the playback are kept unchanged, so that the parent process only acquires the output of the child process from the child process and returns the output to the attacker, and the attacker is informed in an imperceptible state. The parent process can set to circularly monitor the reading condition of the main device, if the parent process can read the reading condition, the child process is indicated to have operations such as echoing output, and if the main device reads the reading error, the child process is indicated to be closed, and the parent process is further closed. And if the master device is not readable, circularly monitoring the readable state of the master device.
The readable state includes: and if the number of bytes read from the main equipment is more than or equal to zero, the sub-process acquires the attack input and displays back the output, and after the main equipment reads the attack input and the display back output of the sub-process, the output is constantly returned to the attacker through the main process. If the byte number read from the main device is less than zero, the main device reads an error, the child process is closed, and the parent process also executes closing.
In particular, according to embodiments of the present disclosure, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section, and/or installed from a removable medium. The computer program, when executed by a Central Processing Unit (CPU), performs the above-described functions defined in the method of the present application. It should be noted that the computer readable medium mentioned above in the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wire segments, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless section, wire section, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It will be understood by those skilled in the art that the embodiments of the present invention described above and illustrated in the accompanying drawings are illustrative only and not restrictive of the broad invention, and that the objects of the invention have been fully and effectively achieved and that the functional and structural principles of the present invention have been shown and described in the embodiments and that modifications and variations may be resorted to without departing from the principles described herein.
Claims (10)
1. A method for recording network attack IP and command execution echo, characterized in that the method comprises the following steps:
establishing a kernel debugging module, wherein the kernel debugging module comprises a kprobe module and a kretprobe derived from the kprobe module, and mounting at least one key function in the kernel debugging module;
acquiring a PID dictionary, a socketfd dictionary and a dictionary corresponding to the IP through the key function;
mounting an exeve function in a kernel, executing a calling process of a current exeve function PID according to the exeve function record, and acquiring and returning a process tree;
establishing a secret mark module, recording the current PID of the Bash, executing content and execution playback, and acquiring an ancestor process according to the process tree;
and comparing the ancestor process PID with the obtained PID dictionary, the socket fd dictionary and the IP dictionary to obtain the IP of the attacker.
2. The method for recording network attack IP and command execution playback as claimed in claim 1, wherein a sockfd _ lookup function is called in a kernel, sockfd is obtained according to a mounted key function, the sockfd is converted into a socket structure through the sockfd _ lookup function, and the IP in the socket structure is analyzed.
3. The method for recording the network attack IP and the command execution echo according to claim 1, wherein when the Bash is started, a secret mark function is inserted at the execution command entry corresponding to the two key nodes of the Bash-i and the Bash-c for secretly marking the execution instructions of the two key nodes.
4. The method for recording the network attack IP and the command execution echo according to claim 1, characterized in that the secret mark module constructs two pseudo terminals when being started at Bash, and the two pseudo terminals are used for acquiring and executing an attacker command and outputting an execution result to the attacker; the two pseudo terminals comprise a master device and a slave device, wherein the master device and the slave device form a pair of character device pairs, the master device is used for reading data of the slave device, and the slave device is used for reading data of the master device.
5. The method as claimed in claim 4, wherein when any key function process opens the character device pair, a master file descriptor is obtained under the/dev/ptmx file, and a slave file is created in the/dev/pts file.
6. The method of claim 4, wherein a parent process and a child process are created according to the master device and the slave device, wherein the parent process supports the master device, the child process supports the slave device, the child process receives attacker input and records relevant data of the input, and the child process records the input back to the secret mark function and automatically outputs the back to the slave device.
7. The method as claimed in claim 6, wherein the parent process monitors the readable status of the master device in a loop, if the master device is readable, the child process records the echo output and returns the output to the attacker, and if the master device is not readable, the parent process monitors the master device in a loop.
8. The method of claim 7, wherein if the host device is in a readable state, determining a number of bytes read, and if the number of bytes read by the host device is greater than or equal to zero, the host device outputs an execution result to the attacker.
9. A system for recording IP of network attack and command execution echo, characterized in that the system executes a method for recording IP of network attack and command execution echo according to any of the claims 1-8.
10. A computer-readable storage medium storing a computer program executable by a processor to perform a method of recording a network attack IP and a command execution echo according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110692316.1A CN113395287B (en) | 2021-06-22 | 2021-06-22 | Method and system for recording network attack IP and command execution echo |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110692316.1A CN113395287B (en) | 2021-06-22 | 2021-06-22 | Method and system for recording network attack IP and command execution echo |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113395287A CN113395287A (en) | 2021-09-14 |
| CN113395287B true CN113395287B (en) | 2022-06-28 |
Family
ID=77623400
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110692316.1A Active CN113395287B (en) | 2021-06-22 | 2021-06-22 | Method and system for recording network attack IP and command execution echo |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113395287B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113918955A (en) * | 2021-09-29 | 2022-01-11 | 杭州默安科技有限公司 | Linux kernel vulnerability permission promotion detection blocking method and system |
| CN115469943B (en) * | 2022-09-22 | 2023-05-16 | 安芯网盾(北京)科技有限公司 | Detection method and device for command execution of JAVA virtual terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108200053A (en) * | 2017-12-30 | 2018-06-22 | 成都亚信网络安全产业技术研究院有限公司 | Record the method and device of APT attack operations |
| CN108234480A (en) * | 2017-12-29 | 2018-06-29 | 北京奇虎科技有限公司 | Intrusion detection method and device |
| CN109347698A (en) * | 2018-10-25 | 2019-02-15 | 北京凝思科技有限公司 | User terminal operations order and echo message monitoring method under a kind of linux system |
| CN111651754A (en) * | 2020-04-13 | 2020-09-11 | 北京奇艺世纪科技有限公司 | Intrusion detection method and device, storage medium and electronic device |
| CN111813774A (en) * | 2020-05-18 | 2020-10-23 | 广州锦行网络科技有限公司 | Method for monitoring and acquiring traceability information based on sysdig system |
| CN112383520A (en) * | 2020-11-02 | 2021-02-19 | 杭州安恒信息安全技术有限公司 | Honeypot system attack playback method, honeypot system attack playback device, storage medium and equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3535795B2 (en) * | 2000-02-21 | 2004-06-07 | 博 和泉 | Computer and computer-readable recording medium |
| WO2017160760A1 (en) * | 2016-03-15 | 2017-09-21 | Carbon Black, Inc. | System and method for reverse command shell detection |
| CN107483409B (en) * | 2017-07-21 | 2019-02-26 | 南京南瑞集团公司 | A method of the operational order real-time monitoring echo towards industry control operating system |
| CN112202727B (en) * | 2020-09-11 | 2023-01-10 | 苏州浪潮智能科技有限公司 | Server-side verification user management method, system, terminal and storage medium |
-
2021
- 2021-06-22 CN CN202110692316.1A patent/CN113395287B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234480A (en) * | 2017-12-29 | 2018-06-29 | 北京奇虎科技有限公司 | Intrusion detection method and device |
| CN108200053A (en) * | 2017-12-30 | 2018-06-22 | 成都亚信网络安全产业技术研究院有限公司 | Record the method and device of APT attack operations |
| CN109347698A (en) * | 2018-10-25 | 2019-02-15 | 北京凝思科技有限公司 | User terminal operations order and echo message monitoring method under a kind of linux system |
| CN111651754A (en) * | 2020-04-13 | 2020-09-11 | 北京奇艺世纪科技有限公司 | Intrusion detection method and device, storage medium and electronic device |
| CN111813774A (en) * | 2020-05-18 | 2020-10-23 | 广州锦行网络科技有限公司 | Method for monitoring and acquiring traceability information based on sysdig system |
| CN112383520A (en) * | 2020-11-02 | 2021-02-19 | 杭州安恒信息安全技术有限公司 | Honeypot system attack playback method, honeypot system attack playback device, storage medium and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113395287A (en) | 2021-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108897691B (en) | Data processing method, device, server and medium based on interface simulation service | |
| CN108900776B (en) | Method and apparatus for determining response time | |
| US9185039B1 (en) | Application testing through object level code inspection | |
| CN106294102B (en) | Application program testing method, client, server and system | |
| CN113395287B (en) | Method and system for recording network attack IP and command execution echo | |
| CN108717393B (en) | Application program testing method and mobile terminal | |
| CN108228444B (en) | Test method and device | |
| US8667119B2 (en) | System and method for re-generating packet load for load test | |
| CN108171088B (en) | Server hardware credibility protection method and device based on BMC | |
| CN108459850B (en) | Method, device and system for generating test script | |
| CN111163067B (en) | Safety testing method and device and electronic equipment | |
| CN111177729B (en) | Program bug test method and related device | |
| CN111831538A (en) | Debugging method, device and storage medium | |
| CN104036194A (en) | Vulnerability detection method and device for revealing private data in application program | |
| CN111654495B (en) | Method, apparatus, device and storage medium for determining traffic generation source | |
| CN110059064B (en) | Log file processing method and device and computer readable storage medium | |
| US20120158911A1 (en) | Automatic wsdl download of client emulation for a testing tool | |
| CN112115060A (en) | Audio test method and system based on terminal | |
| CN111522749A (en) | Page testing method and device, readable storage medium and electronic equipment | |
| CN113961307A (en) | Container-insensitive attacker IP and command execution playback method and system | |
| CN113407416B (en) | File operation IP tracing method and system | |
| CN112685745B (en) | Firmware detection method, device, equipment and storage medium | |
| CN115150300A (en) | Management system and method for vehicle safety attack and defense | |
| Mayoral-Vilches | Robot hacking manual (rhm) | |
| CN113760688A (en) | Remote debugging method, system, webpage server, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder |
Address after: 1st Floor, Building 3, No. 2616, Yuhangtang Road, Cangqian Street, Yuhang District, Hangzhou City, Zhejiang Province, 311100 Patentee after: HANGZHOU MOAN TECHNOLOGY CO.,LTD. Address before: 311100 10th floor, Block E, building 1, 1378 Wenyi West Road, Cangqian street, Yuhang District, Hangzhou City, Zhejiang Province Patentee before: HANGZHOU MOAN TECHNOLOGY CO.,LTD. |
|
| CP02 | Change in the address of a patent holder |