June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
168
|
第
4
章
•
漏洞利用是一种利用漏洞获取攻击者原本无法访问内容的攻击方法。
• OpenVAS
是一款开源漏洞扫描程序,可以用于扫描远程漏洞和本地漏洞。
•
本地漏洞需要通过某种身份验证,这可能对某些人无关紧要,但它们仍然
是必不可少的,因为它们可以用于权限升级。
•
网络设备也容易受到漏洞攻击,并可以为攻击者提供相应权限改变数据流
向。可以使用
OpenVAS
或其他特定工具(包括专注于思科设备的工具)
来扫描网络设备中的漏洞。
•
识别不存在的漏洞可能需要费一番功夫,但是像模糊器这样的工具可以用
于导致程序崩溃,这可能就是漏洞。
实用资源
•
开放式
Web
应用程序安全项目(
OWASP
)模糊测试
(
https://www.owasp.
org/index.php/Fuzzing
)
。
• Mateusz Jurczyk
的黑帽幻灯片,“
Effective File Format Fuzzing
”
(
https://
ubm.io/2NM8WY6
)
。
• Michael Sutton
和
Adam Greene
的黑帽幻灯片,“
The Art of File Format
Fuzzing
”
(
https://ubm.io/2LaYrM0
)
。
• HannoBöck
的教程,“
Beginner's Guide to Fuzzing
”
(
https://fuzzing-
project.org/tutorial1.html
)
。
• Deja vu
安全教程,“
Tutorial: File Fuzzing
”
(
http://community ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.