看资料,遇到一个术语名词,Drive-by Compromise,搜了一波资料。基本弄懂了一些。
  以下,摘录一些我看的文献的节选,有空(基本不会)再翻译吧。

Technique: Drive-by Compromise - MITRE ATT&CK™ https://attack.mitre.org/techniques/T1189/

drive-by compromise
A drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing. With this technique, the user’s web browser is targeted for exploitation. This can happen in several ways, but there are a few main components:

Multiple ways of delivering exploit code to a browser exist, including:

  • A legitimate website is compromised where adversaries have injected some form of malicious code such as JavaScript, iFrames, cross-site scripting.
  • Malicious ads are paid for and served through legitimate ad providers.
  • Built-in web application interfaces are leveraged for the insertion of any other kind of object that can be used to display web content or contain a script that executes on the visiting client (e.g. forum posts, comments, and other user controllable web content).

Often the website used by an adversary is one visited by a specific community, such as government, a particular industry, or region, where the goal is to compromise a specific user or set of users based on a shared interest. This kind of targeted attack is referred to a strategic web compromise or watering hole attack. There are several known examples of this occurring.

Typical drive-by compromise process:

  1. A user visits a website that is used to host the adversary controlled content.
  2. Scripts automatically execute, typically searching versions of the browser and plugins for a potentially vulnerable version.
      - The user may be required to assist in this process by enabling scripting or active website components and ignoring warning dialog boxes.
  3. Upon finding a vulnerable version, exploit code is delivered to the browser.
  4. If exploitation is successful, then it will give the adversary code execution on the user’s system unless other protections are in place.
      - In some cases a second visit to the website after the initial scan is required before exploit code is delivered.

Unlike Exploit Public-Facing Application, the focus of this technique is to exploit software on a client endpoint upon visiting a website. This will commonly give an adversary access to systems on the internal network instead of external systems that may be in a DMZ.

Detection
Firewalls and proxies can inspect URLs for potentially known-bad domains or parameters. They can also do reputation-based analytics on websites and their requested resources such as how old a domain is, who it’s registered to, if it’s on a known bad list, or how many other users have connected to it before.

Network intrusion detection systems, sometimes with SSL/TLS MITM inspection, can be used to look for known malicious scripts (recon, heap spray, and browser identification scripts have been frequently reused), common script obfuscation, and exploit code.

Detecting compromise based on the drive-by exploit from a legitimate website may be difficult. Also look for behavior on the endpoint system that might indicate successful compromise, such as abnormal behavior of browser processes. This could include suspicious files written to disk, evidence of Process Injection for attempts to hide execution, evidence of Discovery, or other unusual network traffic that may indicate additional tools transferred to the system.

其他文献:(本文没引述)

Red Team: Initial Access – Daniel A. Bloom – Medium https://medium.com/@danielabloom/red-team-initial-access-2cec2ed47d83

Drive-by Compromise 术语名词概念相关推荐

  1. 音视频入门知识-- --相关名词、术语、概念

    音视频相关名词.术语.概念 1.帧率 每秒中显示帧数,表示图形处理器处理场每秒能更新的次数.高帧率就会更流畅.逼真.一般来说30fps就可以接受了.注意:如果帧率超过屏幕的刷新率,就只会浪费图像处理器 ...

  2. 2021-10-20名词概念

    名词概念 序号 业务术语 说明 MRP 物料需求计划,MRP是根据市场需求预测和顾客订单制定产品的生产计划,然后基于产品生成进度计划,组成产品的材料结构表和库存状况,通过计算机计算所需物料的需求量和需 ...

  3. 【Java】Java Socket编程(1)基本的术语和概念

    计算机程序能够相互联网,相互通讯,这使一切都成为可能,这也是当今互联网存在的基础.那么程序是如何通过网络相互通信的呢?这就是我记录这系列的笔记的原因.Java语言从一开始就是为了互联网而设计的,它为实 ...

  4. 股市入门基础 :基本术语和概念的解读

    文章目录 股市入门基础 :基本术语和概念的解读 1.换手率 2.溢价率 3.市净率 4.市盈率 5.资产负债率 6.实体涨幅 7.现均差 8.委比 9.内盘 10.外盘 11.每股净资产 12.潮汐 ...

  5. Camera开发常见专业术语名词解释

    相机常见专业术语名词解释 1. . ISO: 感光度 就是CMOS(或胶卷)对光线的敏感程度,如果 用ISO100的感光片,相机2秒可以正确曝光的话, 同样光线条件下 用ISO200的只需要1秒即可, ...

  6. 常见专业术语名词解释(持续更新)

    常见专业术语名词解释 1.SDRAM:Synchronous Dynamic Random Access Memory,同步动态随机存储器, 同步是指内存工作需要同步时钟,内部的命令的发送与数据的传输 ...

  7. Android Camera 开发常见专业术语名词解释

    Android Camera 开发常见专业术语名词解释 参考网址:http://m.blog.csdn.net/king1425/article/details/62224468 相机常见专业术语名词 ...

  8. 常见的计算机组成原理专业术语名词总结:

    常见的计算机组成原理专业术语名词总结: IAS计算机:the Institute for Advance Study at Princeton,IAS CPU:中央处理器:PC:程序计数器:MAR:存 ...

  9. html5专业术语叫啥,HTML5的一些术语和概念

    HTML5是html标准的下一个版本,它並沒有完全颠覆後者,依然有很多相似之处,但是也有10个关键不同之处.(从头用html5建站更方便) HTML5与HTML4区别不是特别的大,新增了很多直观的新功 ...

  10. HTML5网页术语,web前端之HTML5的一些术语和概念

    HTML5是html标准的下一个版本,它並沒有完全颠覆後者,依然有很多相似之处,但是也有10个关键不同之处.(从头用html5建站更方便) HTML5与HTML4区别不是特别的大,新增了很多直观的新功 ...

最新文章

  1. 51nod 1298:圆与三角形(计算几何)
  2. 一道异常处理执行顺序面试题的简单分析
  3. 11组软件工程组队项目计划安排及项目介绍——失误招领系统
  4. Java中switch语句支持的类型
  5. python 多进程 循环_python 多进程读取同一个循环处理、可以用multiprocessing
  6. Magical Sticks 棍子拼接
  7. 可以发外链的网站_SEO分享:网站推广的四大推广方法
  8. openwrt dhcp 无法获取ip_电脑的 ip 是怎么来的呢?我又没有配置过
  9. SuSE 10操作系统中设置系统时间的方法
  10. 如何在旧 Mac 或 MacBook 上安装 Chrome 操作系统?
  11. 华为畅享8plus停产了吗_华为99元起换电池新增27款机型!同时新增一项实用功能...
  12. Python UDP broadcast PermissionError: [Errno 13] Permission denied
  13. dw生日祝福网页制作教程_怎样制作生日祝福网页
  14. 支持商用,开源的商城系统,推荐给你
  15. 中兴2016校招软件在线笔试题
  16. Swarm-bzz/Ipfs-fil的去中心化存储到底是什么?
  17. bzoj1754 [Usaco2005 qua]Bull Math
  18. SpringCloud项目搭建(六) —elastic-job的使用,以及consul的配置使用(衔接上篇)
  19. python刷步数程序设计_乐心健康间接修改微信步数-Docker持久运行python脚本
  20. iCoud-MaciCoud上传文件时卡住-卡死-iCoud文件无法上传解决办法

热门文章

  1. c语言确定闰月的步骤,怎么判断是闰月,农历闰月是如何确定的?
  2. java阳历转阴历_java,阳历转阴历(农历)
  3. 想转行学IT,Java怎么样?
  4. 常见的日期计算问题(模板)
  5. oracle排除非数字,oracle字段中找出字段中含有非数字的方法!!!
  6. 解决word各级标题序号后面有长空格
  7. 2.Hadoop_入门_模板机IP地址和主机名称配置
  8. 2022西工大网络安全知识竞赛赛后回顾资料
  9. 计算机课程word教学,Word教学方法及使用技巧
  10. 前端性能优化:前端接口缓存方案