当前位置:首页 > 报告详情

从欺骗到隧道:红队用于初始访问和规避的新型网络技术.pdf

上传人: 竿*** 编号:981891 2025-11-29 125页 5.05MB

1、1From Spoofing to Tunneling:New Red Teams Networking Techniques for Initial Access and EvasionSpeaker:Shu-Hao,Tung(123ojp)2Just Another Normal Day of ITSeeing my Intranet LDAP server logP.S.All addresses are example addresses.3Just Another Normal Day of ITSeeing my Intranet LDAP server logSeeing my

2、Intranet LDAP server logP.S.All addresses are example addresses.4Just Another Normal Day of ITSeeing my Intranet LDAP server logSeeing my Intranet LDAP server logP.S.All addresses are example addresses.5Just Another Normal Day of ITSeeing my Intranet LDAP server logWhy a public IP is brute forcing m

3、e?How?Its an intranet server with no DNATSeeing my Intranet LDAP server logP.S.All addresses are example addresses.6Just Another Normal Day of ITSeeing my Intranet LDAP server logOkay I banned 9.9.9.9Seeing my Intranet LDAP server log7Just Another Normal Day of ITOh no how!?Seeing my Intranet LDAP s

4、erver logP.S.All addresses are example addresses.8Whoami Shu Hao Tung(123ojp)From Taiwan Threat Researcher(Red Team)Graduate of NTHU Previous President of HackerSir 123ojp shu-hao-tungo123ojp9AgendaIntroduction&BackgroundRed Teaming Techniques with IP Spoofing in IntranetTwo Methods to Replace Initi

5、al FootholdBOOM!Initial AccessNightmare of VxLAN Tunnel HijackingRouting Protocols Running on Buggy VxLAN Leading to IP Hijacking Leading to Domain CompromisesConclusions&TakeawaysQ&A10Spoofing Source IP11Spoofing Source IP in PublicPublic Internet2.2.2.21.1.1.13.3.3.3ip.srcip.dst3.3.3.3Spoofing1.1.

6、1.1DNS RequestsWe all know that packet spoofing is still possible on public networks.P.S.All addresses are example addresses.12Spoofing Source IP in Publicip.srcip.dst1.1.1.13.3.3.3DNS ResponsePublic Internet2.2.2.21.1.1.13.3.3.3We all know that packet spoofing is still possible on public networks.P

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,本文主要探讨了红队在网络攻击中的技术,特别是针对内网的入侵和逃避检测的方法。以下是关键点: 1. **IP欺骗技术**:攻击者通过伪造源IP地址进行网络攻击,包括在公共网络和内网中。 2. **隧道技术**:利用隧道技术(如GRE、VxLAN)进行数据包的隐蔽传输,以逃避检测。 3. **VxLAN漏洞**:VxLAN配置不当可能导致IP欺骗和隧道劫持,攻击者可以劫持VxLAN隧道并获取内网访问权限。 4. **路由协议攻击**:通过劫持VxLAN隧道,攻击者可以影响路由协议(如BGP、OSPF),进而劫持IP地址。 5. **防御建议**:建议检查和关闭不安全的隧道,设置安全的防火墙,并监控路由前缀的异常。 6. **攻击工具**:介绍了用于扫描和攻击的工具,如GRE隧道扫描器和VxLAN扫描器。
黑客如何绕过防火墙?" 内网安全面临何种威胁?" 内网IP欺骗技术解析!"
客服
商务合作
小程序
服务号
折叠