CSO·Insight

1. Introduction On the evening of December 9, 2021, the Apache Log4j2 remote code execution vulnerability (CVE-2021-44228) detonated the world. This vulnerability can be called an epic vulnerability, with a CVSS score of 10 out of 10, affecting…

Foreword The outbreak of the COVID-19 epidemic has accelerated the digital transformation process of the whole society, and industries such as remote office, online education, and online live broadcast have developed rapidly. With the advent of the digital economy era, emerging technologies such as cloud computing, big data, and the Internet of Things are deeply applied in various industries, and various industries are changing their production methods...

The US military believes that cloud computing is a shared computing resource pool that can meet the rapidly changing needs of users at any time. By building a cloud environment, military data processing advantages can be ensured, thereby ensuring military advantages in the digital and physical worlds. The US military believes that its cloud technology for joint operations...

Foreword: As the situation in the Russia-Ukraine war becomes increasingly anxious, Western countries have successively announced plans to impose comprehensive sanctions on Russia, and the United States has even included Russia in its technology export control list. Surprisingly, the impact of the Russo-Ukrainian war was so wide that it affected almost the entire global technology network. Many...

Red and blue confrontation is an important means to attack and promote defense, the key to the real network environment, the use of the attacker's perspective to discover the threat factors, so as to enhance the security protection capabilities, help enterprise security construction.

ATT&CK, as an attack modeling framework developed by the MITRE organization, is a collection of real attack vectors based on real-world observations, which contains numerous threat organizations that have been publicly reported and the tools and attack techniques they use, and can serve as a good reference and learning guide for red-blue confrontation. Therefore, the learning study of ATT&CK is used as the opening of the Red-Blue Confrontation series of articles.