1、企業信息安全防護概述MITRE ATT&CK企業不斷受到圍攻攻擊者潛伏在我們的網絡中他們是怎么進來的？他們如何四處走動？他們在做什么？Omri Segev Moyal福布斯發布30位未滿30歲的企業家和安全研究員Profero首席執行官Minerva Labs聯合創始人OmriSM Omriprofero.ioMITRE 對抗戰術、技術和常識（ATT&CK）云集攻擊者使用的書面戰術、技術與程序（TTP）網址：基于現實世界的觀測包羅11類戰術中的244項技巧MITRE對抗戰術、技術和常識（ATT&CK）攻擊者如何滲透網絡他們如何橫向移動 他們如何升級特權他們如何躲避防御他們如何泄露信息MITRE

2、 ATT&CK矩陣MITRE ATT&CK優勢通用語言外部遠程服務MITRE ATT&CK優勢輕松鎖定安全漏洞MITRE ATT&CK優勢比感染指標（IOC）更加全面、廣泛緩解措施MITRE ATT&CK 優勢攻擊模擬自動化和指南模擬測試偵測/緩解的技術開源工具MITRE Caldera /mitre/calderaUber Metta /uber-common/mettaEndgame Red Team Automation （RTA） /endgameinc/RTARed Canary Atomic Red /redcanaryco/atomic-red-team可與內部紅隊共同完成 也可

3、臨時完成將滲透測試映射到ATT&CKATT&CK使用對象首席信息 安全官威脅情報 團隊紅隊產品經理啟程案例研究為電子游戲公司提供防護案例研究為電子游戲公司提供防護MITRE ATT&CK 網址 案例研究為電子游戲公司提供防護MITRE ATT&CK FIN5 條款 /groups/G0053/技術運用案例研究為電子游戲公司提供防護MITRE ATT&CK FIN5 條款 /groups/G0053/軟件參考文獻案例研究為電子游戲公司提供防護MITRE ATT&CK Winnti 小組條款 /groups/G0044/Winnti小組相關小組說明技術運用案例研究為電子游戲公司提供防護MITRE

4、ATT&CK 導航 https:/mitre-attack.github.io/attack-navigator/enterprise/2019北京網絡安全大會2019 RFI.JINr. CVRFR SFCll RITV CONFFRFNCF J, UI VULLateral M ovem ent!I n i t i al AccessExecut ionPersist encePr ivi lege Escalat ionDefense Evas ionCr e d enti al AccessDiscovery11 items33 items59 items28 items67 i te

5、ms19 i t ems22 item sDrive-by Comprom歸AppleScrip t.b ash _p ro ii le and .bashrcAccess Token汰 c,ess Token ManipulationAccount Manipulat i onAcco unt Discovery配ltrationIm pact17 i temsThripVI已W,s e le c tdeselect|,te m$1 4 i t emsTro pic Tro op 可、Jl e, us e l e c tdeselectAppleScrip t伽o mated Exfiltr

6、ationData DestructionM anipulation, I ev;s e le c td e s e le c ta Co m p r essedCM STPAccessib il it/ f eaturesTu由Application Deploy壓ploit Public- Facing Ap plicationCommand-Line InterfaceAcco unt M anip1Jl at i onAccessibi1ilr-/ FeaturesSoftw areWIRTE、 /l ev, sele ctdeselectEnc ryptedData En crypt

7、ed for ImpactExt e rn al Remote ServicesCom piled HTM L FileAppCert DLl sAppCert Dl l sDi,st ibu t ed Compo Winnti Go ups el e 宅 desele c tOb ject Mo:lelV1eu,ardware Addi ti onsApplnit DLLsCo n tro l Pan el It已In sApplni t Dl l ;Bin ar,/ Pacld i n gBash Histo ryApplication Window Disw veryBITS JobsB

8、r ute ForceBrowser ,Bo o kmark DiscoveryBypass U ser Acco unt ControlCr 的 ential D um p ingDomain Trus t DiscovelJClear Comm and HistoryCre-dentials in lf i l esFile and Director/ Disco veryVI已wExp l o i tation of Rem ad m i n338Application Sh i mming|Defacemen ta Tr ansfer Size l imitsDisk Conten t

9、 Wipecfil tr ation Over.,. .!rnafo, e ProtocolDisk Structure WipeDynam ic Data ExchangeApplication Sh im mingCMSTPC尺 JN etwork Service Sca nningSer, icesReplica! ion Thro ugh Removabl己 l忙 d i amenuPassselectdeselects e le c td es e le c t、I l eu,了Execulion through APIAuthenti cation PackageBypass Us

10、er Account ControlCode SigningN etwork Share DiscovenJLcgcn Script sSof tw areiltration Over mmand and ControlEn d po i n t D enia1 of ServiceSp已arphish in g Att achm entBITS Job sCompile A代er DeliveryExploitation for C尺 den tial Acc essN etwotk SniffingPass l h己 Hash3PAR.A. RATVI evsele ctdeselect.

11、 .t.Fi rm ware Corruption壓eculi on through M od ule Lea dfo rced Aut he ntk at ionSp earphish in g LinkBoo t kitDLL Sea-rch Ord er HijackingCompiled HTM L Fil ePassword Po l icy DiscoveryPass l h己 TicketHooking4H RATVI已認sele ctd es ele cti 1t,啊tr._擒 a，.,.dtLoi n Over Ot her LA.:iAi11”Sp earph ish in

12、 g vi a Servi c侖壓ploitation for Clieflt ExecutionBro w ser ExtensionsDylib HijackingComponent F i m war ePeripheral Device Disco1eryInput CaptureRem o e Deslctop P o t oco lADVSTORESHELLs e le ctdes e le c tPermissio n Groups DiscoveryVI巳wIn hibit Syst em Recover/Ne 佃 ork Denial of ServiceGraphical

13、User Interf aceOver ediumSupply Chain Com promiseCh 扣 9 e Default F 歸 Ass:i ciationExploitation for Privileg已 EscalationCompon ent Obj ect M od el HijackingInput PromptRem ot e F仆e CopyPreJ laj ect io nQuery Reg哎ryAgent TeslaV飛巳v.,sele ctdes e le c tValid Acc-ou n t sDC:ShadowKeych ainRu n time Dat

14、a ManipulationLocal Jo b SchedulingCo mponent Object M od el HijackingRemote S.y stem DiscoveryR己p l ica t ion Th- roug Rem ovab le Med舊Agent.btzVI ev;sele ctdesele c tF仆e System Permissi o鄧Weakne ss111Se函ce Sto pLSASS DriverCreate Ac.countDeob扣scat e/ Decode Fi les or Inform ationSh ared Webroo tAr

15、pHookingMsh taDl l Sear h Order Hija, king:Disabling Security ToolsLLM N閔NBTN S Po isoning and Re l ayNetwork SniffingSSH Hijaclin g、I; eu ， s e l e c tdeselect.M 碩 ayer En c,ry,p ti o nSto red Data M anipulationPo werShellDLL Search Order Hij ackingPassword Fil t er DLLTaint Sh ared ContentImage Fi

16、le Execution Options In j ectionSe:u, r i t y So ft ware Disco 尺 rySystem In fomation DiscoverySy stem N的 心 rk Configuratio A Disc overyPort KnockingTransmi tt ed Data M anipulatioRegsvcs/ RegasmDylib Hijackin g壓ternal Rem ote ServicesLaumch D aemonDLL Sid e-Loa d in gPr ivate Keys而 rd -part y So 徹

17、，areRem o te Access Tools氐 g svr32New S 臼 v ice七ecu1ion Guordrail sSecurityd Memor 1Sy st em N etwork Co nn己ctions Discov可 yWindows Admin Shar esRemote Fil e Co pyRund ll 32Fil e Syst叩m Permissions Weakn essExploitation for Defense Evasio nTwo-Factor Au th芒n tication Sy stem Owne 凡 ser Discover /Pat

18、h Interceptionln tercep, ti o nWindows R芒m o te M anag ement氐 ra Wind ow Memory InjectionSyst em Service Discovet/ISt an dar d Applica沁 n Layer Pro toco lcheduled TaskHidden Files an d Directo riesPlist M c d i fi cal ionScriptingHookingPort M o n it or.Fi le DeletionSyst em Tim e DiscoverySt and a

19、d C) p t o g r aphic Pr,o t ocolService Execu tionHyp e動 so rPm cess In jectionF仆e Permissions M odificationVirt ualization/ Sandbox EvasionSch e-d u l ed TaskFi le System Logical Off setsSt an dar d N on-Application Layer Proi o co lSigned Bi n ary Proxy壓 eculi onImage Fil e Ex ecution Options Inje

20、ctionGa往k七eper BypassUnrn mmonly Used Po rtService RegistryPermissions Weakn essGroup Po l icy Modifi cationSig n ed Scrip t Proxy ExecutionWeb ServiceKern el M odules and Ext ensionsSetuid and Setg idSo urceHidden Fi les and Directories2019北京網絡安全大會2019RFI.JINr.CVRFR SFCllRITVCONFFR FNC F悶FIN5 xWi n

21、nt i x select on co n t ro ls白 Q .=-.x比layer contro凸目 生 曲O-=- .l .0Ap plicationCom mand-Line Int七rf aceAcco unt M anip ulationAcc己ssib il i切 Featur生5BITS JobsAppCert Dl l sAppCert DLL;Bypass User Accoun t Co,nt o lI Extema l 如 m o te S ervci es I Comp i le d HT M L F i le Hardwar七 Add itionsCon trol

22、 Panel ItemsApplnit DLLsAppln it DL匕Clear Com ma nd Hist o ryDynam ic Oa均 ExchangeApplication Sh i mmingApplication Sh im mingCMSTPReplicat ion Thr ough Rem ovable Medi己Executi on through APIAuthenticat ion Packa geCode Sig n in gByp ass User Account Con trolSp 已arphishing Att; In j ect io nI Hoo in

23、gPo rt M o ni to rs1 父 ri p t ing Se函 ce Executki nHyp卻爾orP 文 邸 s I nj ectionSch eduled Ta吐File System l cgicaI 0 芘 etsSigned Bi nary Pro 勸氐 ecu ti o11Im age :Fil己 Execution O p tio n s InjectionGatekeeper BypassService R 巳 g i5t” Permission s Weakn essGroup Poli守 M odificationSi g n ed Seri pt Pro

24、xy Execu tionSetuid and Setgid$ourceHidden Fi les and DirectoriesKernel Modules and Ex住 n sionsLaunch A g entSID - Histo ry InjectionHidden UsersBrute Fo rceBrow ser Bookmark DiscoverySo fhvareCllpboard 0 ataRemovable MediaIC 心 ential DumpingI DDmooamian Tru st Discov 芒Conn ection Pr,o燈Di,st ibu t e

25、d Com p a ne , t Obj ect M o delCred entials in f iles印 e and Direct-o 戶 y Disco ve ryData fr.o m Inforrnati on Rep osi to ri esCustom Co m mand and Co ntro l ProtocolData fr.om Local Syst emCreden tia ls in RegistryN etw ork Service Scann ingEx p lo it atio n of Remote Sen,icesN et-vork Share Disco

26、ve ;Log o n Script sCustom Cn1ptographic Pr.ot 災 olData fr,o m Netw ork Shared DriveExp loitation fo八: e J f eatures8inary PaddingBa; h Histo fjApplication Window DiscoveryAp plication Deployment !Auto mated Collection |com mun icati on Thro ughMediaData Obfuscation o血lStagedI Domain Fr o n t i119I

27、n p u t Captu 億Remote D己5kt o p Pr o to colPermi ssion Groups Disco歸 燈Em ail CollectionInput Pro m p tPro ess Discovery氐 mote Fil e CopyInput Ca pt u reDomain Generation Alg orithmsk 釬 b ercasl in gRemote ServicesFallb ack ChannelsQuery Regist0 1M an in th e BrowserKeyc hain伈yst 如 DiSC ryand RelayLL

28、M N RJN BT-N S PoisoningSecurit y So ft ware DiscoveryNetwork Sn iffi n gPassword Filt e r DLLPrivat e KeysSecurib(d M em or/Sy st em lnfo n11a!ion DiscoverySyst em Netw ork Con fi guration Disco v eryk Con n ed ionsSy st em Netw o Discovery廿itecllniQu e controls勿 土. 匝曰. 紊Two -Factor Authentication

29、Sy st em 扣 ner/U ser Discover,/ In! erceptionSy st em Servic e Discover;IFile DeletionSy st em Time Discov eryFile Perm i ssions M o difi cationVirt uaizat io n / Sar,d 婦 x Ev asionl氐 p | i cat ion ThOU吵 Removab le MediaSh ared WebrootSSH HijackingT已in t Shared Co n tentTh心p arty So如 ar,eWindows Ad

30、min Sh aresWindows Remote M ana g ementScree 11 Cap tureVid-e: Captu氏Multi-h op Pro x;M u lti - St age ChannelsMultiband Communicatio nM u lti layer Enc,y ptionPo rt KnockingRemot己 Acc 還ss TooIsRemot已 Fi l也 CopySt an dad Ap plication Lay己r p fo to colSt an da rd C)，p t o g r aphic Pro tocolSt anda d

31、 N on - Ap pl ication Layer Pro toco lUnco m m o n ly U托 d PortWeb $ert o co l壓 行l t r ation OveCommand and Control Channel壓行l t, ation Over Oth er Network Medium壓行l t r ation Ove Ph ysical 札l ediumSch ed uled TransferDisk Cont 的 t WipeDisk St ru ctue WipeEn d p o in t D enial of Se rviceFi rm w己re

32、CorruptionInhibit Sy stem RecoveryNetwork Denial of ServiceResou rce H ij ack ingRuntime Data M anipulationService Sto pSt o red Data ManipulationTransmitt ed Data Manipulation2019北京網絡安全大會201 9 RFI.JI Nr. CVR FR S FC ll R IT V CON FFR FNC FFIN S XWi nnt i xl a y e r by o p e r a t i o n x嶺 se|ectic

33、n ccntroIst江 hniqJe ccntro|5 白Q=-嘈ayer cortro,sx.目善匪| 0-=-Tl拿 。iiiI nitial AccessExecut io nPe rs iste ncePrivileg e 壓 calationDe fe.nse Evasio nCrede ntial AccessDiscove ryLate ral MovementCo lle ctio nCo mma 11d A11d Co11t ro lExfilt r.at io nI mpact11 items33 i住 ms59 items28 ite ms67 items19 item

34、s22 i住 ms17 it己ms13 items22 items9 it口ms14 i 住 m s,a曰 眾Drive-by Com promiseExplo it Public-Facing Ap plicationApp le Script CMSTPCo mmand-Line Int己rfac己 Ext 如 al 比 mote Servic es . Compiled HTM L File|Hardware AdditionsRe plicatio n Through Re mo vable Me d iaSpea rphishing AttachmentSp已a rphishing

35、LinkSpea rphishing via Service Supply ChainCo mpro m1s eTrusted Re latio nship iValid AccountsContro l Panel It ems Dyna m ic Data Exe ha nge 壓ecutio n thro ugh APIExe cutio n through Module Lo adExplo itation for Client籃 cutio nGraphical Us e r Interface I nst al IUt ilLaunchctlLeJ Pa dding BITS Jo

36、 bsBypass User Accou nt Co nt,ro l Clear Co mm and HistoptPTSMCCode SigningCo mpile A, fter Delive ry Co mpil 過 HTML f ile Co mpone n t f irmwa reCo mpone n t Ob丿ect Model H i acki ngCo ntrol Pa ne l Ite ms DCS had owDeo b伈scate/ Decod七 f ile s. orInfom的 o nDisa bl ing Se curity Too ls DLL Search Or

37、der Hijacking DLL Si 姐 LoadingExe c ution Guard railsExplo it atio n for Defense Evas ion氐 ra Windo w MemOI/ l nject io11 File De letionFil e Pe rmissions M odificationFii e Sysle m l og ical Offs啦 Gate ke eper BypassGroup Policy Mo di 朊 的 o nH idd白n File s and Di rect orie sAcco u nt Manipu la tio

38、n 8ash HistoryBrut 亡 Fo rceCredentials in File s。 過 e ntials in Re g ist,r;,壓 ploitat ion for Credential AccessForced Authe nticatio n Ho okingI nput Ca ptureI n put Pr,omptKerbero asti ng Keychainand Rela yN e two rk Sniffing Password Filter Dl l Priva te Ke ysSecu r,ityd Me mo ryAcco u nt Discove

39、IApplicatio n Window Dis cove ry B owse r Bookm a rk Disco， 可y Credential OumDomain Trus t Discove n;F 仆 e and Directory Discove ryN e ti.vork S可 vice Sea nningN e 如 ork Share Disco 咬 N e twork SniffingPasswo rd Po licy Dis cove l/ Pe ri pheral De vice DiscoveJPe rmis sio n Gro u ps Dis00ve ryProces

40、s Discovery Query Reg is! /LLMNR/N BT-NS Poisoning S己cu ity Software Dis cov可rySystem Info rma tion Dis cove rySyste m Netwo rk Co nfig u ration Dis coverySystem Netwo rk Co nn它ctions Dis coveryTwo-Factor Authenticatio n System Owne /U5er Discove nIl n te 心 ptiOASystem Service Discovre 1 Syste m, Ti

41、me Dis cove ryVirtualization/Sandbox Evasio nAp pleScriptApplication De plo me nt Softwa reDist, ibut七d Co mponent Object M攻 伈lExplo itatio n o f Remo te Se rvicesLogcn Scripts Pass the Hash Pass lh七 TicketRe mo te De 5Hop Pro 壇 o l氐 mo te File Copy Re mo t七 ServicesRe plicatio n Through 應 m 啦 S 呻 m

42、 OiscoveRe mo va ble Med iaShar 的 Webro o tSSH Hijac ingTa int Shared Co nte nt Third-pa rty Sc 知 ar,e Windows Admin Shares Windows Re mo teMa nagementAudio Capture utomated Col 氐 io n Clipboard Da taData fro m I nform ation Re positoriesData from Local System Data fro m NetworkShare d DriveData fro

43、m R由 mo 、, a bleM動 a IData StaEma il Collection I nput CaptureMan in the Bro wse r Scree n CaptureVideo Captu r亡Com monly Us ed PortCom mu nicatio n Thro ug h Remov able Me d iaCo nnection ProxyCustom Command and Control Proto colCustom CP J ptog raphic Pro tccolData E ncoding Data Obf uscation Do m

44、ai n FrontingDo mai n Generatio n Algorit hmsFa llback Cha nnels Multi-hop Pro 勸Multi-Stage ChannelsMultiba nd Commu nicatic n Multilayer Encryptio nPort KnockingRemo te Access Too!5 Remo te File CopySta ndard 知plication Lay可 Protocol如 ndard Cr,pto graphic Prot 歹 o lSta ndard Non-A pplicatio n Layer

45、 Protoco lUncomm o nly Used Po rt Web S己八iceAuto mated Exf iltratio n Data Compressed Data Enc ryp1edData Transfe r Siz.e Limits De facementExfil tra tiori Ove r Alternative Protoco lExfillratiori Ove r Comm and a nd Contro l ChannelExfil tr.atiori Ov由 0 th可 Ne twork Mediu mExfil tratiori Ove r Phys

46、ical Mediu mSch eduled Tra nsfe rDa ta Destructio nData E ncrypted fo r I mp actDis k Content Wipe Dis k Structure W 咋Endpoint De nia-l of 5 e wiceFi rmware Corruptio nI nhi bit Sy.stem R 釭 OVeJ N etwork Denial ofSe rv ice氐 sou rc-e H因acJ, ice Sto pStored Data Manipulatio nTransmitted Data Marl ipul

47、atio n2019北京網絡安全大會2019 RFI.JI Nr. CVRFR S FCll R IT V CON FF R FN C FFI N5 xWi nnt i xl a y e rExfilt ra t io n口口I nit ia l Acc es sExe cut io nPe rs ist e ncePrivile g e Escala t io nDefe nse Evasio nCre d e ntia l Acc es sDisco veryLa t e ra l Move mentCo lle ct .io nCo m ma nd An d Co nt ro l11 i

48、t ems33 it ems59 ite ms28 ite ms67 ite ms19 items22 items17 item513 it ems2,2 ite ms9 it e m5by o p e r a ti o n x 5e le.C1o n contro15幼 Q. =-+.零 l爭. ono co lo r|口口口A pp le Sc rip t.b還 h_p rofil七 and .b as hrcAcc己ss Tok己n Ma nipula tio nAcco u nt Ma nip ulatio nAcco unt O15COve fjA pp le Sc rip t 沁

49、d io Ca p t ur 亡Co mmonly Use d Po rtAuto mated Exiilt ra tio n飛二IDrive -by Co mpro mis e壓 p lo it Pu blic- f acingC MST PAce己ss ib ilit-J f eatu resAccess Toke n Manip u卻 o nBi na P/ Padd ingBash His to ryAp plic a 1ion Window Disc o vefData Co m pre sse d口口 o rApplica t io nl e o mm unica tio n Th

50、ro ugh氐 mo vable M 己 dia Co mmand - li ne l nte rfa.ceA,cco unt Ma nip ulat io nBr ute Fo rceData Encryp ted| 壓 t e rna l Re mo te Se rvice s CApp lic a t io n De ployme nt Auto mated Col lection SofuvareClipb oa rd DataDist r ib uted Co mponentCo nnectio n Prc xyAp pCe rt Oll sBITS JobsBypass Use r

51、 Account Co rlt ro l| C咄 ential Dumpi笠Browse r Bo o kma rk Dis co ve ryl Do ma i儼 n Trus t Disco vefl/口口口Data Transfe r S ize U miiD 口口ompi led HTML File，飛Acces sib ili切 Fe a t uresAp pCert Dl l s罩廣 .D 口口peData from Info r matio n Re p o sit o rie sData fro m Lo ca l SystemCusto m Co m ITTand and Co

52、 n1m l Pro toco l碩 Ir 己 lion Ove rAl t e rn ative Proto co lip eRe movable Me d iaSpea rp his hing Att achmentSpeap his hing LinkSpea rp hi shing via Se rvic e沁 p p ly Cha in Co mpro miseTrust ed Re latio ns hi pDyna mic Da 掃 Excha nge籃 cutio n through APIExe c utio n thro ugh Mo d ule Lo adExp lo i

53、t a t io n ,fo Clie nt氐 cutio nGra p hica l Use r Inte rfacelnstallUt ilLa unc hctlLocal Jo b Sc hed uli ng氐沁 S DriverM如Po werShel lRe g s vcs/Reg as mRe g svr32R und ll3 2Sched ule d Ta s kSe r,ice Exe c utio nSig n e d Bina ry Pro xy Exe c utio nS ig 砬 d S c ri p t Pro xy壓ecutionSo urceSpace afte

54、r f ile nameAp plica t io n Sh,mm,ngCMSTPAuthenticat io n Packag eBITS Jo bsBo o t kitBypa ss Us e r Acco unt Co ntrolDl l Sea rch O rd e r Hijac ki ngCo mpile Afte r DeliveryCo mpile d H 丁 ML FileBrow se Extens io nsCo mpo ne nt Fi rmwa reChange Default File Asso cia t io nDyli b H ija c kingExp lo

55、 ita tio n fo r Privileg e Es ca la tionCo mponent O bject M過 e l HijackingCo mpone nt Fi r mwa reCo八t ro1 Pa nel It e ,mExt ra Window Me mo r;, I nject io nOCShad owCo mpon己nt O bject Mod e l Hijacki ngFile Syst芒m Pe rmissions Wea k ne ssCreat 侖 Acco untOeo bfusca te/ Dec o de File s or Inform a ti

56、o nDLL S已a rch Ord er Hijac kingHo o kingDy lib HijackingI mage File Execut io nDisa b ling s curity To o lsOLL Sea rh Order Hija king O ptio ns Injectio nIExt e rnal Re mote Seiv，c e sJ La unch Da己 mo nDL L Side - Lo adingExec utio n Gua rd ra il;F 仆 e Syste m Pe rmis sio ns Weakne ss氐 p lo ita t i

57、o n fo r Oe 住nse Evasio nNe ,v Se rv忙亡Pat h Inte rce pt io nExtr a Wi nd o w Memo 戶y Inject io nHid d e n Files a nd Dire, to riesHo o kingPlis t Mod ifi c atio nPo rt Mo nit o 飛IFile Deletion白 le Pe rmiss io ns Mo dificatio nPro ce 55 | njecio nSched u led TaskHy p e rvi o rImage File Exe cutio n O

58、ptio ns I njectio nf ile S ys te m Lo g ic a l O ffs e tsGa te kee pe r BypassSe rvice Re g is t ryPe rmiss io ns Wea kn essGro up Policy :M o d 巾 ca tio nKe rnel Mo d ules and Exte nsio nsSetuid a nd Setg idLa uric h Ag entSID- Histo ry Inject io nHid d e n f ile s a nd Direct o rie sHid d e11 Us e

59、 rsCredentia ls in Re g ist r;, 壓p lo ita t io n fo r Credentia lAcces sFor:e d Au thentica t io nHo o kin gI nput Ca p幻reI nput Pro m ptKe rbe ro a 又ingKe ychainLLMNR/N BT-NS Po is o ning a nd Rela yN忒 wo rk S ni伍ngPas sword Filte r OUPriva te Ke ysSe:u r,ity d Me mo r,N e t wo rk Se rvice Sca nnin

60、gN e two rk S har,e Disco ver;N e twork S niff i ngPa sswo rd Polic y Disc o ve ryPe, ip he ra l De vice Dis cove ;Pe rmis s io n Gro ups Ois co ve r1Securit So ftwa re Disc o v e rySystem Info rm atio n Dis c o ve rysystem Netwo rk Config_，ura t io n Disco verySystem Ne t wo rk Co nn己c tio ns Disco