5618cheetsheet

23
Typecho, AutoUpload
20 分钟

本文最后由方少年更新于2025 年 11 月 25 日,已超过6天没有更新。如果文章内容或图片资源失效,请留言反馈,将会及时处理,谢谢!

COMP5618/4618 Applied Cybersecurity — Cheatsheet

一) Trigger words → Template IDs(速查索引,含中文提示,已对齐 T01–T23)

  • ETH(Ethics & Authorization)/ Scope / DoR / NDA / CoC → T01(伦理与授权/范围/保全链前置)
  • OSI L6(Presentation: enc/codec/compress)/ decryption troubleshoot → T02(表示层=编解码/加解密/压缩)
  • SUB(Subnetting/CIDR/usable hosts)→ T03(子网/可用主机/网络与广播)
  • NAT/PAT(SNAT/DNAT/Port‑Fwd;一公网多服务=PAT)→ T04(NAT 家族/端口转发/PAT)
  • ACL/Firewalking/Asymmetric rules/Default route → T05(路由/ACL/单向规则/默认路由)
  • TCPvsUDP / 3WH / scans: ACK/Xmas semantics → T06(TCP/UDP/ACK 与 Xmas 判定)
  • PROXY(Web vs SOCKS)/ SSH -L/-D/-R / VPN TUN vs TAP → T07(代理类型/SSH 转发/VPN 层级)
  • XSS/CSRF/SQLi/RCE + mitigations → T08(输出编码/CSP/Token/预编译/沙箱)
  • SAST vs DAST vs Fuzz / Shift‑left / Auth cookies for scans → T09(静态/动态/模糊/左移/扫描与 Cookie)
  • LPE(Linux Priv‑Esc):SUID/GTFOBins/credentials/CVEs/cron → T10(Linux 提权面)
  • MAL(Malware detection)Sig/Heuristic/Sandbox/EDR → T11(恶意软件检测)
  • ENUM(Recon):Nmap vs Gobuster → T12(信息收集)
  • AND(Android):Manifest/permissions/sandbox/MITM blockers(Pinning)→ T13(移动基础与拦截)
  • DFIR(Chain of Custody / write‑block / imaging / hash) → T14(取证流程与写阻断)
  • CRYPTO(encoding vs encryption vs hashing/stego; ECB/CBC/CTR)→ T15(密码学速记+非对称三性)
  • DC‑ARCH(Segmentation/FW/WAF placement/TLS/KMS/Secure‑code) → T16(数据中心架构与 WAF 放置)
  • PIN(Certificate Pinning:what/pros/cons/CA limits) → T17(证书固定)
  • Q20 tri‑part(Recon/Passwords/Priv‑Esc) → T18(三类口令/横纵越权/到 root)
  • HARDEN(Linux hardening & anti‑scan) → T19(加固与抗扫描)
  • REDTEAM(7 steps / pivot / SE) → T20(红队流程/枢纽/社工)
  • CMD(Mini‑cheats:nmap/gobuster/hydra/ssh/openvpn/snort/tcpdump) → T21(命令速查)
  • PIT(Pitfalls & Scoring) → T22(易错与给分)
  • PRACTICAL(3‑step pentest flow & fingerprinting)→ T23(实战三步与指纹)

二) Concept Abbrev Quick Reference(缩写速查表 → Template jump,已对齐 T01–T23)

  • SAST: Static App Sec Testing — pre‑compile static code analysis(静态/编译前/源码)→ T09
  • DAST: Dynamic App Sec Testing — black‑box runtime testing(动态/运行时/黑盒)→ T09
  • IAST: Interactive App Sec Testing — runtime + instrumentation(交互式/插桩)→ T09
  • RAST: Runtime App Self‑Protection(运行期自我防护)→ T09
  • SCA: Software Composition Analysis(组件/依赖扫描)→ T09
  • CI/CD: Continuous Integration/Delivery(持续集成/交付)→ T09
  • IaC: Infrastructure as Code(基础设施即代码)→ T09
  • SDLC: Software Development Life Cycle(软件开发生命周期)→ T09
  • RCE: Remote Code Execution(远程代码执行)→ T08
  • XSS: Cross‑Site Scripting(跨站脚本)→ T08
  • CSRF: Cross‑Site Request Forgery(跨站请求伪造)→ T08
  • SQLi: SQL Injection(SQL 注入)→ T08
  • LPE/Privesc: Local Privilege Escalation(本地提权)→ T10(Linux)/ T18(分类)
  • SUID: setuid bit on Unix/Linux binaries(SUID 位)→ T10
  • ACL: Access Control List(访问控制列表)→ T05(路由/ACL)/ T16(架构策略)

  • NAT: Network Address Translation(地址转换)→ T04

    • SNAT(出站改源)→ T04
    • DNAT(入站改目/端口映射)→ T04
    • PAT(端口复用/一公网多服务)→ T04

  • VPN: Virtual Private Network(虚拟专网)→ T07(概念)/ T21(OpenVPN 命令)

    • TUN(三层隧道)→ T07
    • TAP(二层桥接)→ T07
  • WAF: Web Application Firewall(应用层防火墙)→ T16
  • NGFW: Next‑Gen Firewall(新一代防火墙)→ T05(类型)/ T16(放置)
  • KMS/HSM: Key Mgmt Service / Hardware Security Module(管钥服务/硬件模块)→ T16
  • MFA: Multi‑Factor Authentication(多因子认证)→ T16(零信任/IAM)/ T20(社工对策背景)
  • EDR/XDR: Endpoint/Extended Detection & Response(终端/跨域检测响应)→ T11
  • OSINT: Open‑Source Intelligence(开源情报)→ T20(情报收集)/ T23(三步法导航)
  • MITM: Man‑In‑The‑Middle(中间人拦截)→ T13
  • CSP: Content Security Policy(内容安全策略)→ T08
  • CSR/CRT/CA: Cert Signing Request / Certificate / Certificate Authority(证书请求/证书/CA)→ T17
  • PKI: Public Key Infrastructure(公钥基础设施)→ T15(概念)/ T17(证书链与 Pinning)
  • TLS: Transport Layer Security(传输层安全)→ T02(层次)/ T16(架构)/ T13(移动拦截)
  • CTR/CBC/ECB: Block cipher modes(计数/链式/电子密码本)→ T15
  • ROT/Vigenère: Classical ciphers(古典密码)→ T15
  • PROXY types: Web proxy / SOCKS(代理类型)→ T07
  • SSH -L/-D/-R: Port forwarding(端口转发)→ T07(概念)/ T21(命令)
  • Pinning: Certificate Pinning(证书固定)→ T17(原理)/ T13(移动拦截阻碍)
  • DFIR: Digital Forensics & Incident Response(数字取证与应急)→ T14
  • Chain of Custody(保全链)→ T14
  • Write blocker(写阻断)→ T14
  • Practical pentest flow(三步法)→ T23
  • Careers & Certs(行业与证书)→(如需保留,可并入 T23 备注或另开页)

T01) Exam Info & Technique(考试信息与答题技巧)

  • Format: 120 min + 10 min reading; 15 MCQ (15 marks) + 5 mixed Qs (35 marks); Restricted open-book: 1×A4 double-sided (受限开卷,一张 A4 双面).
  • Pass rule: Final exam ≥ 40% and overall ≥ 50%(期末≥40%,总评≥50%).

  • U–A–C answering:

    • U: 1-line definition/context(定义/背景)
    • A: steps/controls/examples(步骤/控制/示例)
    • C: impact/why it works/limitations(结论/影响/局限)
  • Line budget: 2 marks ≈ 2–3 lines; 5 marks ≈ 4–6 lines; 8–10 marks ≈ 8–10 lines(按分值控行数).
  • Draw tiny zone diagram for architecture Qs(架构题画小分区图):External → DMZ → App → DB → Mgmt (bastion), mark ACL/TLS/KMS.
  • Legal/ETH quick cue: explicit authorization/scope/DoR/NDA/“get‑out‑of‑jail” letter; actions without permission are illegal(明确授权/范围是合法关键)

T02) Networking Fundamentals — OSI & Layer 6(OSI 与表示层要点)

  • Models: OSI vs TCP/IP(模型对比)

    • OSI (conceptual, 7 layers), TCP/IP (practical Internet stack, simpler/flexible)(OSI 概念;TCP/IP 实用).
    • MCQ tip: Layer 6 (Presentation) handles encoding/encryption/compression; troubleshoot decryption issues here(表示层=编解码/加解密/压缩,解密问题定位).

  • OSI Quick Map(OSI 速记)

    • L1 Physical: bits, modulation/multiplexing/encoding(物理)
    • L2 Data Link: frames, MAC, LAN delivery, error checking, collision detection(数据链路)
    • L3 Network: packets, IP addressing, routing(网络)
    • L4 Transport: TCP/UDP, ports, reliability/congestion control(传输)
    • L5 Session: establish/maintain/terminate sessions, checkpoints/recovery(会话)
    • L6 Presentation: format/encode, encryption/decryption, compression, protocol conversion(表示)
    • L7 Application: HTTP/SMTP/FTP/DNS/SSH/RDP(应用)

  • L1–L2 Essentials(物理/数据链路)

    • MAC address: 48-bit; OUI identifies vendor; used for L2 delivery(MAC 唯一;OUI 厂商).
    • ARP: resolve IP→MAC within LAN if only IP known(ARP 映射).

  • L5–L7: Key Functions & Examples(会话/表示/应用;L6含TLS/编解码)

    • Session: setup/maintain/teardown; examples: NetBIOS, SAP(会话维护/示例).
    • Presentation: TLS, encoding/decoding, compression(表示层职能).
    • Application: SMTP/HTTP/FTP/DNS/SSH/RDP(应用协议).

T03) Networking Fundamentals — IP Addressing & Subnets(子网/CIDR/可用主机数)

  • L3: IP Addressing & Subnets(IP 与子网)

    • IPv4: 32-bit; IPv6: 128-bit(IPv4/IPv6).
    • Two parts: network + host; subnet mask/CIDR decide boundary(网络+主机;掩码决定边界).

    • CIDR quick calc: usable hosts = 2^(32−prefix) − 2(可用主机公式).

      • /22 → mask 255.255.252.0 → usable 1022 → binary: 11111111.11111111.11111100.00000000(/22 模板).
      • Quick counts: /24 → 254; /26 → 62; /30 → 2(快表).
    • Special addresses per subnet: first = network; last = broadcast(首地址网络;末地址广播).
    • Private ranges (RFC1918): 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16(私网段).

T04) Networking Fundamentals — NAT, Port Forwarding & PAT(SNAT/DNAT/PAT)

  • NAT & Port Forwarding(NAT 与端口转发)

    • SNAT (Source NAT) = change source IP for outbound traffic(出站改源)
      [example] Many LAN hosts (10.0.0.0/24) go to Internet appearing as 203.0.113.5(多内网共享一个公网源IP)
      [rule] Outbound egress address unification → SNAT(出网同源=SNAT)
    • DNAT / Port Forwarding = change destination for inbound traffic(入站改目的/端口映射)
      [example] 203.0.113.5:22 → 10.0.0.10:22(公网22转到内网SSH)
      [rule] One external service to one internal host/service → DNAT(单服务入站=DNAT)
    • PAT (Port Address Translation, NAT overload) = share one public IP using different ports(端口复用,同一公网IP承载多服务)
      [example] 203.0.113.5:80 → 10.0.0.11:80 (Web A) AND 203.0.113.5:25 → 10.0.0.12:25 (Mail B)
      [rule] One public IP, multiple internal services distinguished by ports → PAT(“一公网多服务=PAT”)
    • Tip: MCQ on “one public IP, multiple internal services exposed” → PAT(考点提示).

T05) Networking Fundamentals — Routing/ACL/VLAN/Firewalls(路由/ACL/VLAN/防火墙)

  • Routing & Default Gateway(路由)

    • Different subnets require a router to forward(跨网段需路由).
    • Default route 0.0.0.0/0 → Internet;black‑hole/null routes drop traffic silently(默认/黑洞路由).
    • Asymmetric ACLs: A→B allowed but B→A denied; can break protocols expecting replies(单向 ACL 造成回程不通).

  • Firewalking(通过 TTL 探测 ACL)

    • Idea: send probes with TTL that expires just past a firewall; responses reveal which ports can traverse the filter(TTL 设定在防火墙后一跳,回包推断哪类端口被放行).
    • If you get ICMP time‑exceeded beyond the FW → likely “allowed path”;no response/filtered → likely “blocked”(有 ICMP 超时=似乎放行;静默=疑似拦截).

  • VLANs(虚拟局域网)

    • Tagged ports, same VLAN acts as one virtual switch; inter‑VLAN requires routing(VLAN 隔离/标记).

  • Network Devices & Firewalls(设备与防火墙类型速查)

    • Router (L3), Switch (L2), Access Point(设备职能).
    • Firewalls: Packet Filtering, Stateful, Proxy, NGFW, Software FW(类型对比要点).

  • Exam cues(速判)

    • “跨网段直通?”→ 需路由 + 对应 ACL
    • “探测被 FW 放行的端口路径?”→ Firewalking(TTL 法)
    • “一侧能通另一侧不通?”→ Asymmetric ACL

T06) Networking Fundamentals — TCP/UDP & Scanning(TCP/UDP 与扫描判定)

  • L4: TCP vs UDP(传输层基础)

    • TCP: 3‑way handshake, reliability, sliding window(连接/可靠/滑窗).
    • UDP: connectionless, low overhead(无连接/低开销).
    • Ports: 16‑bit; dest well‑known; source ephemeral(端口基本).

  • Port states(端口状态常用术语)

    • open / closed / filtered / unfiltered / open|filtered(开放/关闭/被过滤/未过滤/开放或被过滤)

  • Scan semantics(高频扫描语义)

    • TCP SYN (default):

      • open → SYN‑ACK; closed → RST; filtered → no response/ICMP(SYN 判开关/过滤)

    • TCP ACK (-sA):

      • RST → Unfiltered; no response/ICMP → Filtered; cannot tell open/closed(仅判过滤)

    • Xmas/FIN (-sX/-sF):

      • closed → RST; open → no response(依实现差异)

    • UDP (-sU):

      • no response → open|filtered; ICMP port‑unreachable (type 3 code 3) → closed(UDP 判定关键)

  • Exam cues(速判)

    • “能否区分 open/closed/filtered?”→ 先想 SYN/UDP 语义;ACK 只能判过滤
    • “UDP 无响应=?”→ open|filtered

T07) Proxies & Tunneling(代理与隧道)

  • Web proxy (Squid etc.): HTTP(S) auth/caching, L7 control; outbound web may be forced via proxy(Web 代理,常见于校园/企业).
  • SOCKS proxy: protocol‑agnostic TCP; SOCKS5 supports UDP and auth; great for pivoting(SOCKS 更通用,横移).
    [example] ssh -D 1080 user@jump -N → set browser SOCKS5 127.0.0.1:1080(多站点/多协议经代理)

  • SSH port forwarding(SSH 端口转发):

    • Local (-L): bind local port → specific internal service; best for single internal web/DB(单服务直达,常考).
      [example] ssh -L 33306:db.internal:3306 user@jump -N(本地33306→内网 db:3306)[example]临时访问内网数据库
    • Dynamic (-D): local SOCKS proxy → many protocols/destinations via one tunnel(动态=SOCKS,多目标).
      [example] ssh -D 1080 user@jump -N → apps use SOCKS5 127.0.0.1:1080(浏览多个内网站点/Git/SSH)
    • Reverse (-R): remote listens → connections go back to your local service(反向转发,让远端访问你本地).
      [example] ssh -R 0.0.0.0:2222:127.0.0.1:22 user@vps -N(远端2222→本地22)[example]NAT 背后回连

  • VPN: route traffic into remote network (full/split‑tunnel) for system‑wide multi‑protocol(整网/系统级多协议).

    • TUN vs TAP: TUN = L3 IP tunnel (typical); TAP = L2 bridge (same broadcast domain, chatty)(TUN 层3常用;TAP 层2嘈杂)
      [example] Need ICMP/traceroute or cross‑subnet transparency → use VPN, not SSH(SSH 不转 ICMP)

  • Quick selection(速判):

    • Single internal service now → -L,Many dest/protocols via one proxy → -D,Others need to reach your local via remote → -R
    • System‑wide routing/ICMP/multi‑subnet → VPN,Don’t expose DB on edge for temporary access(避免边界直暴露)
    • Web proxy: HTTP(S)-aware, L7 policy(HTTP 感知/L7) → 不是任意协议。SOCKS: protocol-agnostic TCP; SOCKS5 adds UDP/auth(协议无关,SOCKS5 还支持 UDP)。Apps beyond browsers can use SOCKS (git/curl/ssh via proxy)(不止浏览器)

T08) Web Security (XSS/CSRF/SQLi/RCE)(Web 安全)

  • XSS: injected script runs in victim’s browser; impacts: cookie/token theft, session hijack, defacement(脚本在受害者浏览器执行).
    Defend: context-aware output encoding at sinks; CSP (restrict script-src); HttpOnly/SameSite cookies; validate/normalize input(输出点按上下文编码/CSP/HttpOnly+SameSite/输入校验).
    Examples:

    • Encode HTML text:
       赏 
感谢您的支持,我会继续努力哒!
支付宝收款码
tips
文章二维码 分类标签:博客TypechoAutoUpload
文章标题:5618cheetsheet
文章链接:https://www.fangshaonian.cn/archives/143/
最后编辑:2025 年 11 月 25 日 01:01 By 方少年
许可协议: 署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)

相关推荐

热门推荐

(*) 3 + 3 =
快来做第一个评论的人吧~