{"id":3032,"date":"2026-01-01T00:51:00","date_gmt":"2025-12-31T16:51:00","guid":{"rendered":"https:\/\/systw.net\/note\/?p=3032"},"modified":"2026-02-12T00:59:14","modified_gmt":"2026-02-11T16:59:14","slug":"red-teaming","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/3032","title":{"rendered":"Red Teaming"},"content":{"rendered":"\n<p>Red Team\uff08\u7d05\u968a\uff09\u662f\u6307\u4e00\u500b\u7372\u5f97\u6388\u6b0a\u7684\u5718\u968a\uff0c\u5c0d\u7d44\u7e54\u7684\u7cfb\u7d71\u3001\u6d41\u7a0b\u3001\u4eba\u54e1\u6216\u7269\u7406\u5b89\u5168\u9032\u884c\u653b\u64ca\u6a21\u64ec\u3002\u76ee\u6a19\u4e0d\u662f\u9020\u6210\u5be6\u969b\u640d\u5bb3\uff0c\u800c\u662f\u5e6b\u5fd9\u767c\u73fe\u85cd\u968a\u7684\u5f31\u9ede\u3001\u9a57\u8b49\u9632\u79a6\u6548\u80fd\uff0c\u4e26\u63d0\u4f9b\u6539\u9032\u5efa\u8b70\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6b77\u53f2\u8d77\u6e90 <\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u8ecd\u4e8b\u8d77\u6e90<\/strong>\uff0819\u4e16\u7d00\u20131960\u5e74\u4ee3\uff09\uff1a\u6700\u65e9\u51fa\u73fe\u5728\u8ecd\u4e8b\u6230\u722d\u904a\u6232\u3002\u51b7\u6230\u6642\u671f\uff0c\u7f8e\u570b\u8ecd\u65b9\u8b93\u300c\u7d05\u968a\u300d\u626e\u6f14\u8607\u806f\u7b49\u6575\u65b9\uff0c\u6311\u6230\u300c\u85cd\u968a\u300d\uff08\u5df1\u65b9\uff09\u7684\u8a08\u756b\uff0c\u907f\u514d\u7fa4\u9ad4\u601d\u7dad\u548c\u7b56\u7565\u76f2\u9ede\u3002<\/li>\n\n\n\n<li><strong>\u8f49\u5165\u8cc7\u5b89<\/strong>\uff081990\u5e74\u4ee3\u20132000\u5e74\u4ee3\u521d\uff09\uff1a\u96a8\u8457\u7db2\u8def\u6210\u70ba\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\uff0cRed Teaming \u88ab\u5f15\u5165\u8cc7\u5b89\u9818\u57df\uff0c\u7528\u4f86\u6a21\u64ec\u771f\u5be6\u99ed\u5ba2\u653b\u64ca\u3002<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u65e9\u671f\u7d93\u5178\u7684\u8cc7\u5b89\u7d05\u968a\u6f14\u7fd2<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u80cc\u666f\uff1a<\/strong> 1997 \u5e74\uff0c\u7f8e\u570b\u570b\u5b89\u5c40 (NSA) \u57f7\u884c\u4e86\u4e00\u5834\u540d\u70ba <strong>Eligible Receiver 97<\/strong> \u7684\u6f14\u7fd2\u3002<\/li>\n\n\n\n<li><strong>\u5167\u5bb9\uff1a<\/strong> NSA \u7d44\u6210\u7d04 35 \u4eba\u7684\u7d05\u968a\uff0c\u4e3b\u8981\u91dd\u5c0d\u7f8e\u570b\u570b\u9632\u90e8\u8207\u76f8\u95dc\u653f\u5e9c\u6a5f\u69cb\u7684\u7db2\u8def\u7cfb\u7d71\uff0c\u4e26\u6a21\u64ec\u653b\u64ca\u5305\u542b\u96fb\u529b\u3001\u901a\u4fe1\u7b49\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\uff0c\u4e14\u4e3b\u8981\u4f7f\u7528\u516c\u958b\u53ef\u5f97\u7684\u5de5\u5177\u8207\u5df2\u77e5\u5f31\u9ede<\/li>\n\n\n\n<li><strong>\u5f71\u97ff\uff1a<\/strong> \u7d05\u968a\u5728\u6578\u5929\u5167\u9054\u6210\u6ef2\u900f\u76ee\u6a19\uff0c\u6f14\u7fd2\u63d0\u524d\u7d50\u675f\uff0c\u66b4\u9732\u51fa\u7576\u6642\u7f8e\u8ecd\u8207\u653f\u5e9c\u7db2\u8def\u9632\u79a6\u7684\u91cd\u5927\u8106\u5f31\u6027\uff0c\u4e26\u4fc3\u6210\u5f8c\u7e8c\u5c08\u8cac\u7db2\u8def\u9632\u79a6\u55ae\u4f4d\u548c\u5e38\u614b\u5316\u7db2\u8def\u7d05\u968a\u6f14\u7df4\u7684\u5efa\u7acb\u3002<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u512a\u9ede <\/h2>\n\n\n\n<p>\u5e38\u898b\u7d05\u968a\u512a\u9ede\u6574\u7406\u5982\u4e0b <\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u6700\u63a5\u8fd1\u771f\u5be6\u653b\u64ca\u8005\u7684\u6a21\u64ec<\/strong><\/h4>\n\n\n\n<p>\u7d05\u968a\u4f7f\u7528\u771f\u5be6\u653b\u64ca\u8005\u601d\u7dad\uff08adversary emulation\uff09\u3001TTPs\uff08MITRE ATT&amp;CK\uff09\uff0c\u80fd\u767c\u73fe\u50b3\u7d71\u5f31\u6383 + PT \u5f88\u96e3\u627e\u5230\u7684\u653b\u64ca\u7d44\u5408\u3001\u7e5e\u904e\u6a5f\u5236\u8207\u5075\u6e2c\u76f2\u9ede\u3002\u9019\u662f\u5b83\u901a\u5e38\u88ab\u8996\u70ba\u8cc7\u5b89\u6e2c\u8a66\u91d1\u5b57\u5854\u9802\u7aef\u7684\u4e3b\u8981\u539f\u56e0\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u5168\u9762\u9a57\u8b49\u6574\u9ad4\u5b89\u5168\u614b\u52e2<\/strong><\/h4>\n\n\n\n<p>\u4e0d\u53ea\u5f31\u9ede\u6383\u63cf\u6ef2\u900f\u6280\u8853\uff0c\u9084\u5305\u542b\u4ee5\u4e0b\uff08\u4f46\u5be6\u52d9\u4e0a\u6703\u4f9d\u7d04\u5b9a\u7bc4\u570d\u4f86\u505a\uff0c\u4e0d\u662f\u6bcf\u5834\u7d05\u968a\u4e00\u5b9a\u90fd\u6db5\u84cb\u4ee5\u4e0b\u6240\u6709\u9805\u76ee\uff09\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u793e\u4ea4\u5de5\u7a0b\uff08\u91e3\u9b5aemail\u91e3\u9b5a\u3001vishing\u8a9e\u97f3\u91e3\u9b5a\u3001smishing\u7c21\u8a0a\u91e3\u9b5a\uff09<\/li>\n\n\n\n<li>\u7269\u7406\u5165\u4fb5<\/li>\n\n\n\n<li>\u7121\u7dda\u653b\u64ca<\/li>\n\n\n\n<li>\u4f9b\u61c9\u93c8 \/ \u7b2c\u4e09\u65b9\u98a8\u96aa<\/li>\n\n\n\n<li>\u5167\u90e8\u5a01\u8105 \/ \u8eab\u5206\u6feb\u7528<\/li>\n\n\n\n<li>\u5075\u6e2c\u3001\u56de\u61c9\u3001\u6062\u5fa9\u80fd\u529b\uff08\u85cd\u968a\u5be6\u6230\u8868\u73fe\uff09<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u5927\u5e45\u63d0\u5347\u85cd\u968a\u8207\u7d44\u7e54\u97cc\u6027<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u900f\u904e Purple Teaming \u5373\u6642\u56de\u994b \uff0c\u5e6b\u52a9\u85cd\u968a\u5feb\u901f\u6539\u5584\u5075\u6e2c\u898f\u5247\u3001SOP\u7b49<\/li>\n\n\n\n<li>\u8b93 SOC \/ IR \u5718\u968a\u7d93\u6b77\u300c\u771f\u5be6\u58d3\u529b\u6e2c\u8a66\u300d\uff0c\u53cd\u61c9\u8207\u6c7a\u7b56\u6703\u8b8a\u597d<\/li>\n\n\n\n<li>\u57f9\u990a\u5168\u7d44\u7e54\u5b89\u5168\u610f\u8b58\uff08\u54e1\u5de5\u88ab\u91e3\u9b5a\u5f8c\u7684\u6559\u8a13\u6700\u6df1\u523b\uff09<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u63d0\u4f9b\u9ad8\u968e\u7ba1\u7406\u5c64\u53ef\u7406\u89e3\u7684\u98a8\u96aa\u8a9e\u8a00<\/strong><\/h4>\n\n\n\n<p>\u5831\u544a\u4e0d\u662f\u5217\u4e00\u5806 CVE\uff0c\u800c\u662f\u8b1b\u300c\u6211\u5011\u5f9e\u5916\u90e8\u91e3\u9b5a \u2192 \u62ff\u5230 Domain Admin \u2192 \u52a0\u5bc6\u6838\u5fc3\u8cc7\u6599\u5eab\uff0c\u53ea\u82b1\u4e86 X \u5929\u300d\uff0c\u76f4\u63a5\u5c0d\u61c9\u696d\u52d9\u5f71\u97ff\uff08\u71df\u6536\u640d\u5931\u3001\u8072\u8b7d\u3001\u7f70\u6b3e\uff09\uff0c\u8b93\u9ad8\u5c64\u9858\u610f\u64a5\u9810\u7b97\u4fee\u88dc\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u767c\u73fe\u7cfb\u7d71\u6027\u3001\u7d44\u7e54\u7d1a\u5f31\u9ede<\/strong><\/h4>\n\n\n\n<p>\u5e38\u898b\u767c\u73fe\uff1aEDR \u898f\u5247\u5931\u6548\u3001\u5e33\u865f\u7279\u6b0a\u904e\u9ad8\u3001\u8b8a\u66f4\u7ba1\u7406\u6f0f\u6d1e\u3001\u76e3\u63a7\u6b7b\u89d2\u3001\u54e1\u5de5\u5b89\u5168\u8a13\u7df4\u7121\u6548\u7b49\uff0c\u4e00\u822c\u5f31\u9ede\u6383\u63cf\u5f88\u96e3\u5168\u9762\u5448\u73fe\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u7b26\u5408\u9ad8\u968e\u5408\u898f\u8207\u76e3\u7ba1\u671f\u5f85<\/strong><\/h4>\n\n\n\n<p>\u91d1\u878d\uff08TIBER-EU\u3001MAS TRM\uff09\u3001\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u3001\u534a\u5c0e\u9ad4\u3001\u653f\u5e9c\u55ae\u4f4d\u8d8a\u4f86\u8d8a\u8981\u6c42\u5b9a\u671f\u7d05\u968a\u6f14\u7df4\uff0c\u4f5c\u70ba\u6210\u719f\u5ea6\u8b49\u660e\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">\u7f3a\u9ede <\/h2>\n\n\n\n<p>\u5e38\u898b\u7d05\u968a\u7f3a\u9ede\u6574\u7406\u5982\u4e0b <\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u6210\u672c\u975e\u5e38\u9ad8<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4eba\u529b\u5bc6\u96c6\uff08\u8cc7\u6df1\u7d05\u968a\u5de5\u7a0b\u5e2b\u65e5\u85aa\u9ad8\uff09\uff1a\u9700\u8981\u5927\u91cf\u9ad8\u968e\u4eba\u529b\uff08\u8cc7\u6df1\u7d05\u968a\u5de5\u7a0b\u5e2b\u8207 TI\u3001\u85cd\u968a\u5354\u4f5c\u4eba\u54e1\uff09\uff0c\u55ae\u6b21\u5c08\u6848\u6295\u5165\u6210\u672c\u9ad8\u3002<\/li>\n\n\n\n<li>\u6642\u9593\u9577\uff08\u6578\u9031\u5230\u6578\u6708\uff09\uff1a\u5c08\u6848\u9031\u671f\u901a\u5e38\u5f9e\u6578\u9031\u5230\u6578\u6708\u4e0d\u7b49\uff0c\u9084\u5305\u542b\u524d\u671f\u6e96\u5099\u3001\u60c5\u8cc7\u6536\u96c6\u8207\u5f8c\u671f\u5831\u544a\u8207\u4fee\u88dc\u8ffd\u8e64\u3002<\/li>\n\n\n\n<li>\u5de5\u5177\u8207\u57fa\u790e\u8a2d\u65bd\u6602\u8cb4\uff08Cobalt Strike\u3001\u5546\u7528 C2\u3001\u6a21\u64ec\u74b0\u5883\uff09<\/li>\n\n\n\n<li>\u5c0d\u4e2d\u5c0f\u4f01\u696d\u6216\u8cc7\u5b89\u4e0d\u6210\u719f\u7d44\u7e54\u4f86\u8aaa\uff0c\u6027\u50f9\u6bd4\u504f\u4f4e\uff0c\u55ae\u6b21\u6295\u5165\u7684\u6027\u50f9\u6bd4\u5f80\u5f80\u4e0d\u5982\u5148\u5f37\u5316\u57fa\u790e\u9632\u79a6\u8207\u76e3\u63a7\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u8986\u84cb\u7bc4\u570d\u6709\u9650 <\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u7d05\u968a\u901a\u5e38\u570d\u7e5e\u300c\u660e\u78ba\u5b9a\u7fa9\u7684\u653b\u64ca\u76ee\u6a19\u8207\u7bc4\u570d\u300d\u8a2d\u8a08\u884c\u52d5\uff0c\u800c\u4e0d\u662f\u5c0d\u6240\u6709\u8cc7\u7522\u505a\u5b8c\u6574\u5f31\u9ede\u76e4\u9ede\u3002<\/li>\n\n\n\n<li>\u5728\u6709\u9650\u6642\u9593\u5167\u6703\u512a\u5148\u8d70\u6700\u6709\u6548\u7387\u7684\u653b\u64ca\u8def\u5f91\uff0c\u56e0\u6b64\u53ef\u80fd\u7565\u904e\u67d0\u4e9b\u4f4e\u6a5f\u7387\u4f46\u9ad8\u5f71\u97ff\u7684\u60c5\u5883\u3002<\/li>\n\n\n\n<li>\u6f14\u7df4\u7d50\u679c\u53ea\u53cd\u6620\u300c\u8a72\u6bb5\u671f\u9593\u300d\u7684\u5b89\u5168\u614b\u52e2\uff0c\u9762\u5c0d\u5feb\u901f\u8b8a\u5316\u7684\u5a01\u8105\u8207\u74b0\u5883\u8b8a\u66f4\uff0c\u5f88\u5feb\u5c31\u6703\u9700\u8981\u5f8c\u7e8c\u6f14\u7df4\u6216\u6301\u7e8c\u6027\u6e2c\u8a66\u4f86\u88dc\u5f37\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u5c0d\u7d44\u7e54\u6210\u719f\u5ea6\u8981\u6c42\u6975\u9ad8<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5982\u679c\u85cd\u968a\u57fa\u790e\u592a\u5f31\uff08\u9023\u57fa\u672c\u65e5\u8a8c\u90fd\u6c92\u958b\u3001EDR \u6c92\u8abf\u597d\uff09\uff0c\u7d05\u968a\u5f88\u5bb9\u6613\u4e00\u8def\u66a2\u901a\uff0c\u5831\u544a\u8b8a\u6210\u300c\u4f60\u5011\u4ec0\u9ebc\u90fd\u6e2c\u4e0d\u5230\u300d\uff0c\u53cd\u800c\u6d6a\u8cbb\u9322<\/li>\n\n\n\n<li>\u5efa\u8b70\u5148\u628a\u5f31\u6383 + PT + \u57fa\u672c\u76e3\u63a7\u505a\u6210\u719f\uff0c\u518d\u4e0a\u7d05\u968a<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u53ef\u80fd\u9020\u6210\u696d\u52d9\u5e72\u64fe\u6216\u610f\u5916\u5f71\u97ff<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5373\u4f7f\u6709 RoE\uff08Rules of Engagement\uff09\uff0c\u6a21\u64ec\u52d2\u7d22\u3001\u522a\u9664\u8cc7\u6599\u3001\u65b7\u7dda\u7b49\u4ecd\u53ef\u80fd\u8aa4\u89f8\u751f\u7522\u74b0\u5883<\/li>\n\n\n\n<li>\u5927\u91cf\u793e\u4ea4\u5de5\u7a0b\uff08\u5c24\u5176\u662f\u91e3\u9b5a\u6d3b\u52d5\uff09\u5982\u679c\u6e9d\u901a\u7ba1\u7406\u4e0d\u597d\uff0c\u5bb9\u6613\u8b93\u54e1\u5de5\u7522\u751f\u632b\u6298\u611f\u6216\u9632\u79a6\u75b2\u52de\uff0c\u751a\u81f3\u5f71\u97ff\u5c0d\u8cc7\u5b89\u5718\u968a\u7684\u4fe1\u4efb\u611f\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u7d50\u679c\u9ad8\u5ea6\u4f9d\u8cf4\u7d05\u968a\u54c1\u8cea<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u6f14\u7df4\u7684\u6df1\u5ea6\u8207\u50f9\u503c\uff0c\u5f37\u70c8\u53d6\u6c7a\u65bc\u7d05\u968a\u6210\u54e1\u7684\u7d93\u9a57\u3001\u5275\u610f\u3001\u5c0d\u653b\u64ca\u8005\u884c\u70ba\u7684\u7406\u89e3\uff0c\u4ee5\u53ca\u5c0d\u5ba2\u6236\u696d\u52d9\u8207\u6280\u8853\u74b0\u5883\u7684\u719f\u6089\u5ea6\u3002<\/li>\n\n\n\n<li>\u82e5\u7d05\u968a\u50c5\u5957\u7528\u300c\u6a19\u6e96\u5287\u672c\u300d\u6216\u53ea\u505a\u8868\u5c64\u653b\u64ca\uff0c\u8f38\u51fa\u7684\u5831\u544a\u53ef\u80fd\u53ea\u505c\u7559\u5728\u300c\u8b49\u660e\u53ef\u4ee5\u6253\u9032\u4f86\u300d\uff0c\u7121\u6cd5\u771f\u6b63\u6316\u51fa\u7cfb\u7d71\u6027\u5f31\u9ede\u8207\u5177\u9ad4\u6539\u5584\u65b9\u5411\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u7121\u6cd5\u53d6\u4ee3\u65e5\u5e38\u5b89\u5168\u63aa\u65bd<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u7d05\u968a\u6f14\u7df4\u672c\u8cea\u4e0a\u662f\u4e00\u7a2e\u300c\u58d3\u529b\u6e2c\u8a66\u300d\u8207\u300c\u9ad4\u6aa2\u300d\uff0c\u76ee\u7684\u5728\u65bc\u6aa2\u9a57\u6574\u9ad4\u9632\u79a6\u8207\u56de\u61c9\u7684\u5be6\u6230\u80fd\u529b\uff0c\u800c\u4e0d\u662f\u65e5\u5e38\u71df\u904b\u7684\u5b89\u5168\u7dad\u8b77\u624b\u6bb5\u3002<\/li>\n\n\n\n<li>\u5b83\u7121\u6cd5\u53d6\u4ee3\u6301\u7e8c\u6027\u7684\u5f31\u9ede\u6383\u63cf\u3001\u88dc\u4e01\u8207\u914d\u7f6e\u7ba1\u7406\u3001\u653b\u64ca\u9762\u7ba1\u7406\u3001\u65e5\u8a8c\u76e3\u63a7\u8207\u5a01\u8105\u7375\u6355\uff0c\u9019\u4e9b\u65e5\u5e38\u5de5\u4f5c\u5982\u679c\u505a\u4e0d\u597d\uff0c\u7d05\u968a\u7d50\u679c\u4e5f\u5f88\u96e3\u771f\u6b63\u88ab\u8f49\u5316\u70ba\u9577\u671f\u9632\u79a6\u80fd\u529b\u3002<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u670d\u52d9\u6bd4\u8f03<\/h2>\n\n\n\n<p>Red Team\u3001Penetration Testing\u3001Vulnerability Scanning\u9019\u4e09\u8005\u662f\u8cc7\u5b89\u6aa2\u6e2c\u4e2d\u5e38\u898b\u7684\u4e09\u500b\u5c64\u7d1a\uff0c\u5f9e\u5ee3\u5ea6\u512a\u5148\u5230\u6df1\u5ea6\u512a\u5148\u518d\u5230\u5be6\u6230\u6a21\u64ec\uff0c\u5b83\u5011\u7684\u5b9a\u4f4d\u3001\u6df1\u5ea6\u3001\u6210\u672c\u8207\u50f9\u503c\u5b8c\u5168\u4e0d\u540c\uff0c\u4ee5\u4e0b\u7528\u8868\u683c\u7cfb\u7d71\u5316\u6bd4\u8f03\u3002<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u9805\u76ee<\/th><th>\u5f31\u9ede\u6383\u63cf (Vulnerability Scanning)<\/th><th>\u6ef2\u900f\u6e2c\u8a66 (Penetration Testing, PT)<\/th><th>\u7d05\u968a\u6f14\u7df4 (Red Teaming)<\/th><\/tr><\/thead><tbody><tr><td><strong>\u4e3b\u8981\u76ee\u7684<\/strong><\/td><td>\u5feb\u901f\u627e\u51fa\u5df2\u77e5\u6f0f\u6d1e\u6e05\u55ae<\/td><td>\u9a57\u8b49\u6f0f\u6d1e\u662f\u5426\u53ef\u88ab\u5229\u7528\u3001\u627e\u51fa\u53ef\u653b\u64ca\u8def\u5f91<\/td><td>\u6a21\u64ec\u771f\u5be6\u9032\u968e\u5a01\u8105\u653b\u64ca\u8005\uff0c\u6e2c\u8a66\u6574\u9ad4\u5075\u6e2c\u8207\u61c9\u8b8a\u80fd\u529b<\/td><\/tr><tr><td><strong>\u6e2c\u8a66\u65b9\u5f0f<\/strong><\/td><td>\u9ad8\u5ea6\u81ea\u52d5\u5316\uff08\u5de5\u5177\u4e3b\u5c0e\uff09<\/td><td>\u81ea\u52d5\u5316 + \u5927\u91cf\u624b\u52d5\uff08\u5c08\u5bb6\u4e3b\u5c0e\uff09<\/td><td>\u9ad8\u5ea6\u624b\u52d5 + \u5275\u610f\u653b\u64ca\uff08\u6a21\u64ec\u771f\u5be6\u653b\u64ca\u8005\u601d\u7dad\uff09<\/td><\/tr><tr><td><strong>\u6df1\u5ea6<\/strong><\/td><td>\u6dfa\uff08\u5217\u51fa\u53ef\u80fd\u6f0f\u6d1e\uff09<\/td><td>\u4e2d\uff5e\u6df1\uff08\u8b49\u660e\u53ef\u5229\u7528\u6027\u3001\u653b\u64ca\u93c8\uff09<\/td><td>\u6700\u6df1\uff08\u5168\u93c8\u8def\u3001\u8de8\u9818\u57df\u3001\u7e5e\u904e\u9632\u79a6\uff09<\/td><\/tr><tr><td><strong>\u7bc4\u570d<\/strong><\/td><td>\u5ee3\uff08\u7db2\u8def\u3001\u7cfb\u7d71\u3001\u61c9\u7528\u5168\u9762\u6383\uff09<\/td><td>\u4e2d\uff08\u901a\u5e38\u9650\u5b9a\u7bc4\u570d\uff0c\u5982\u5916\u90e8\u3001\u5167\u7db2\u3001Web\u3001API\uff09<\/td><td>\u6700\u5ee3\uff08\u6280\u8853 + \u793e\u5de5 + \u7269\u7406 + \u7121\u7dda + \u4f9b\u61c9\u93c8\u7b49\uff09<\/td><\/tr><tr><td><strong>\u662f\u5426\u6a21\u64ec\u771f\u5be6\u653b\u64ca<\/strong><\/td><td>\u5426<\/td><td>\u90e8\u5206\uff08\u6703\u5617\u8a66\u5229\u7528\uff0c\u4f46\u53d7\u7bc4\u570d\u9650\u5236\uff09<\/td><td>\u662f\uff08\u6700\u63a5\u8fd1\u771f\u5be6 APT \/ \u52d2\u7d22\u5718\u9ad4\uff09<\/td><\/tr><tr><td><strong>\u6642\u9593<\/strong><\/td><td>\u5e7e\u5c0f\u6642\uff5e\u5e7e\u5929<\/td><td>1\uff5e6 \u9031\uff08\u8996\u7bc4\u570d\uff09<\/td><td>\u6578\u9031\uff5e\u6578\u6708\uff08\u5e38\u96b1\u85cf\u5f0f\u3001\u9577\u6642\u9593\uff09<\/td><\/tr><tr><td><strong>\u6210\u672c<\/strong><\/td><td>\u4f4e\uff08\u53ef\u5167\u90e8\u81ea\u884c\u8dd1\uff09<\/td><td>\u4e2d\uff5e\u9ad8\uff08\u9700\u5c08\u696d\u9867\u554f\uff09<\/td><td>\u6700\u9ad8\uff08\u4eba\u529b\u3001\u6642\u9593\u3001\u5de5\u5177\u5bc6\u96c6\uff09<\/td><\/tr><tr><td><strong>\u5831\u544a\u5167\u5bb9<\/strong><\/td><td>\u6f0f\u6d1e\u6e05\u55ae + CVSS \u5206\u6578 + \u5efa\u8b70<\/td><td>\u653b\u64ca\u8def\u5f91\u8b49\u660e\u3001PoC\u3001\u5f71\u97ff\u8a55\u4f30\u3001\u4fee\u88dc\u5efa\u8b70<\/td><td>\u5b8c\u6574\u653b\u64ca\u6545\u4e8b\u7dda\u3001TTPs\u3001\u85cd\u968a\u5075\u6e2c\u76f2\u9ede\u3001\u7d44\u7e54\u7d1a\u5efa\u8b70<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u5e38\u898b\u89d2\u8272<\/h2>\n\n\n\n<p>\u5be6\u52d9\u4e0a\uff0c\u8a31\u591a\u516c\u53f8\u53ea\u6709\u300c\u7d05\u968a\u300d\u8207\u300c\u85cd\u968a\u300d\uff0c\u4f46\u6700\u5f8c\u5f80\u5f80\u6f14\u8b8a\u6210\u300c\u7d05\u968a\u60f3\u8b49\u660e\u4f60\u5f88\u721b\uff0c\u85cd\u968a\u60f3\u8b49\u660e\u6211\u6c92\u932f\u300d\u7684\u8077\u5834\u610f\u6c23\u4e4b\u722d\u3002\u6240\u4ee5\u6f14\u9032\u51fa\u9019\u4e0d\u540c\u89d2\u8272\uff0c\u5c07\u4e00\u5834\u55ae\u7d14\u7684\u300c\u6280\u8853\u6bd4\u8cfd\u300d\uff0c\u63d0\u5347\u70ba\u300c\u4f01\u696d\u8cc7\u5b89\u80fd\u529b\u7684\u7cfb\u7d71\u5316\u9032\u5316\u300d\u3002\u9019\u4e9b\u89d2\u8272\u5206\u5225\u89e3\u6c7a\u4e86\u8cc7\u5b89\u6f14\u7df4\u4e2d\u7684\u4e00\u4e9b\u95dc\u9375\u75db\u9ede\uff1a<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u7d05\u968a (Red Team) \/\u6a21\u64ec\u8005 (The Attacker)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u6838\u5fc3\u76ee\u6a19\uff1a<\/strong> \u900f\u904e\u6a21\u64ec\u771f\u5be6\u99ed\u5ba2\u624b\u6cd5\uff0c\u9054\u6210\u7279\u5b9a\u7684\u696d\u52d9\u885d\u64ca\uff08Flag\uff09\u3002<\/li>\n\n\n\n<li><strong>\u5de5\u4f5c\u5167\u5bb9\uff1a<\/strong> \u5305\u542b\u60c5\u5831\u8490\u96c6\u3001\u6f0f\u6d1e\u5229\u7528\u3001\u5167\u7db2\u79fb\u52d5\uff0c\u8a2d\u6cd5\u7e5e\u904e\u9632\u6bd2\u8207\u76e3\u63a7\uff0c\u4e0d\u88ab\u767c\u73fe<\/li>\n\n\n\n<li><strong>\u614b\u5ea6\uff1a<\/strong> \u53ea\u8981\u6709\u4e00\u689d\u8def\u80fd\u9032\u53bb\uff0c\u4f60\u5c31\u4e0d\u662f\u5b89\u5168\u7684\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u85cd\u968a (Blue Team) \/\u9632\u79a6\u8005 (The Defender)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u6838\u5fc3\u76ee\u6a19\uff1a<\/strong> \u4fdd\u8b77\u7d44\u7e54\u8cc7\u7522\uff0c\u4e26\u5728\u7b2c\u4e00\u6642\u9593\u5075\u6e2c\u3001\u963b\u65b7\u653b\u64ca\u3002<\/li>\n\n\n\n<li><strong>\u5de5\u4f5c\u5167\u5bb9\uff1a<\/strong> \u76e3\u63a7\u7dad\u904b\uff0c\u76ef\u8457 SOC \u87a2\u5e55\u8207\u65e5\u8a8c\uff08Log\uff09\uff0c\u767c\u73fe\u7570\u5e38\u5f8c\u9032\u884c\u8abf\u67e5\u3002<\/li>\n\n\n\n<li><strong><strong>\u614b\u5ea6\uff1a<\/strong><\/strong> \u6211\u770b\u5f97\u5230\u4f60\uff0c\u800c\u4e14\u6211\u80fd\u628a\u4f60\u64cb\u4e0b\u4f86\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u767d\u968a (White Team) \/\u88c1\u5224\u9577 (The Referee)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u6838\u5fc3\u76ee\u6a19\uff1a<\/strong> \u78ba\u4fdd\u6f14\u7df4\u5728\u5b89\u5168\u3001\u5408\u898f\u4e14\u5177\u5099\u6559\u80b2\u50f9\u503c\u7684\u6846\u67b6\u4e0b\u9032\u884c\u3002<\/li>\n\n\n\n<li><strong>\u5de5\u4f5c\u5167\u5bb9\uff1a<\/strong> \u5287\u672c\u8207\u76ee\u6a19\u5b9a\u7fa9\uff0c\u6c7a\u5b9a Flag \u5728\u54ea\u3001\u6c7a\u5b9a RoE (\u898f\u5247)\u3002\u76e3\u63a7\u6f14\u7df4\u662f\u5426\u5f71\u97ff\u751f\u7522\u904b\u4f5c\uff0c\u5fc5\u8981\u6642\u558a\u505c\u3002<\/li>\n\n\n\n<li><strong><strong>\u614b\u5ea6\uff1a<\/strong><\/strong>\u9019\u5834\u6f14\u7fd2\u5fc5\u9808\u771f\u5be6\uff0c\u4f46\u7d55\u4e0d\u80fd\u51fa\u4e8b\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u7d2b\u968a (Purple Team) \/\u6e9d\u901a\u8005 (The Integrator)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u6838\u5fc3\u76ee\u6a19\uff1a<\/strong> \u6d88\u9664\u7d05\u85cd\u5169\u968a\u7684\u8cc7\u8a0a\u4e0d\u5c0d\u7a31\uff0c\u5c07\u653b\u64ca\u6210\u679c\u76f4\u63a5\u8f49\u5316\u70ba\u9632\u79a6\u529b\u3002<\/li>\n\n\n\n<li><strong>\u5de5\u4f5c\u5167\u5bb9\uff1a<\/strong>\u5e36\u9818\u7d05\u85cd\u5169\u968a\u9032\u884c Log \u5c0d\u63a5\uff0c\u78ba\u4fdd\u7d05\u968a\u6253\u904e\u7684\u6d1e\uff0c\u8b93\u85cd\u968a\u5b78\u6703\u600e\u9ebc\u88dc\u3001\u600e\u9ebc\u6e2c\u3002<\/li>\n\n\n\n<li><strong>\u614b\u5ea6\uff1a<\/strong>\u7d05\u85cd\u5c0d\u6297\u7684\u7d42\u9ede\uff0c\u662f\u70ba\u4e86\u5171\u540c\u8b8a\u5f37\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u7da0\u968a (Green Team) \/\u5efa\u8a2d\u8005 (The Optimizer)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u6838\u5fc3\u76ee\u6a19\uff1a<\/strong> \u900f\u904e\u81ea\u52d5\u5316\u8207\u67b6\u69cb\u512a\u5316\uff0c\u8b93\u9632\u79a6\u8b8a\u6210\u9577\u671f\u7684\u300c\u514d\u75ab\u529b\u300d\u3002<\/li>\n\n\n\n<li><strong>\u5de5\u4f5c\u5167\u5bb9\uff1a<\/strong> \u81ea\u52d5\u5316\u90e8\u7f72\uff0c\u5c07\u7d05\u968a\u7684\u624b\u6cd5\u81ea\u52d5\u5316\uff0c\u5efa\u7acb\u6301\u7e8c\u6027\u7684\u5075\u6e2c\u6a5f\u5236\uff0c\u67b6\u69cb\u52a0\u56fa \u3002<\/li>\n\n\n\n<li><strong>\u614b\u5ea6\uff1a<\/strong>\u628a\u9632\u79a6\u5beb\u9032\u7a0b\u5f0f\u78bc\u88e1\uff0c\u8b93\u5b89\u5168\u81ea\u52d5\u5316\u3002<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td><strong>\u89d2\u8272<\/strong><\/td><td><strong>\u53c3\u8207\u6027\u8cea<\/strong><\/td><td><strong>\u95dc\u9375\u7522\u51fa<\/strong><\/td><td><strong>\u6210\u529f\u5b9a\u7fa9<\/strong><\/td><\/tr><\/thead><tbody><tr><td><strong>\u7d05\u968a<\/strong><\/td><td>\u5916\u90e8\/\u79d8\u5bc6<\/td><td>\u653b\u64ca\u8def\u5f91\u5716\u3001\u53d6\u8b49\u622a\u5716<\/td><td>\u6210\u529f\u9054\u6210\u76ee\u6a19 (Flag)<\/td><\/tr><tr><td><strong>\u85cd\u968a<\/strong><\/td><td>\u5167\u90e8\/\u7dad\u904b<\/td><td>\u5075\u6e2c\u544a\u8b66\u3001\u8655\u7406\u7d00\u9304<\/td><td>\u6210\u529f\u963b\u65b7\u653b\u64ca\u6216\u7e2e\u77ed\u767c\u73fe\u6642\u9593<\/td><\/tr><tr><td><strong>\u767d\u968a<\/strong><\/td><td>\u7ba1\u7406\/\u4ef2\u88c1<\/td><td>\u898f\u5247 (RoE)\u3001\u6f14\u7df4\u5831\u544a<\/td><td>\u6f14\u7fd2\u5713\u6eff\u4e14\u672a\u5f71\u97ff\u71df\u904b<\/td><\/tr><tr><td><strong>\u7d2b\u968a<\/strong><\/td><td>\u9867\u554f\/\u5354\u4f5c<\/td><td>\u7d05\u85cd Log \u6bd4\u5c0d\u8868<\/td><td>\u85cd\u968a\u5075\u6e2c\u80fd\u529b\u6709\u5be6\u8cea\u63d0\u5347<\/td><\/tr><tr><td><strong>\u7da0\u968a<\/strong><\/td><td>\u6280\u8853\/\u5efa\u8a2d<\/td><td>\u81ea\u52d5\u5316\u5075\u6e2c\u8173\u672c<\/td><td>\u653b\u64ca\u624b\u6cd5\u88ab\u6210\u529f\u300c\u5e38\u614b\u5316\u300d\u9632\u79a6<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u6d41\u7a0b<\/h2>\n\n\n\n<p>\u6839\u64da\u570b\u969b\u6a19\u6e96\uff08\u5982 TIBER-EU \u6216 MITRE\uff09\u8207\u5be6\u52d9\u7d93\u9a57\uff0c\u4e00\u500b\u5b8c\u6574\u7684\u7d05\u968a\u5c08\u6848\u6709\u4ee5\u4e0b\u968e\u6bb5\uff1a<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Phase 1: \u5c08\u6848\u555f\u52d5\u8207\u76ee\u6a19\u5b9a\u7fa9 (Preparation &amp; Scoping)<\/h3>\n\n\n\n<p>\u9019\u662f\u300c\u96d9\u65b9\u5354\u4f5c\u300d\u6700\u591a\u7684\u968e\u6bb5\uff0c\u6c7a\u5b9a\u4e86\u6f14\u7fd2\u7684\u908a\u754c\u3002\u5728\u6b63\u5f0f\u7684 Red Team \u6f14\u7df4\u958b\u59cb\u524d\uff0c\u7d05\u968a\u8207\u5ba2\u6236\uff08\u901a\u5e38\u662f CISO \/ \u8cc7\u5b89\u9577 \/ \u767d\u968a\u4ee3\u8868\uff09\u6703\u9032\u884c\u975e\u5e38\u8a73\u7d30\u7684\u898f\u5283\u6703\u8b70\uff0c\u5171\u540c\u5b9a\u7fa9\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u9019\u6b21\u8981\u6a21\u64ec\u7684\u4e3b\u8981\u76ee\u6a19\uff08Objective \/ Flag\uff09\uff0c\u4f8b\u5982\uff1a\n<ul class=\"wp-block-list\">\n<li>\u62ff\u5230 Domain Admin<\/li>\n\n\n\n<li>\u7aca\u53d6\u7279\u5b9a\u654f\u611f\u8cc7\u6599\uff08\u4f8b\u5982\u8ca1\u52d9\u5831\u8868\u3001\u5ba2\u6236\u8cc7\u6599\u5eab\u7279\u5b9a\u6b04\u4f4d\uff09<\/li>\n\n\n\n<li>\u63a7\u5236\u7279\u5b9a\u95dc\u9375\u7cfb\u7d71\uff08SCADA\u3001\u6838\u5fc3 ERP\uff09<\/li>\n\n\n\n<li>\u6210\u529f\u57f7\u884c\u52d2\u7d22\u8edf\u9ad4\u6a21\u64ec\u4e26\u52a0\u5bc6\u7279\u5b9a\u76ee\u9304<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u6a21\u64ec\u7684\u5a01\u8105\u89d2\u8272\uff08Threat Actor Profile\uff09\uff1a\u50cf\u54ea\u4e00\u985e\u653b\u64ca\u8005\uff1f\uff08\u4f8b\u5982\u4e2d\u570b APT\u3001\u52d2\u7d22\u5718\u9ad4\u3001\u5167\u90e8\u5a01\u8105\u3001\u7af6\u722d\u5c0d\u624b\u59d4\u8a17\u7684\u99ed\u5ba2\u2026\uff09<\/li>\n<\/ul>\n\n\n\n<p>\u6700\u5f8c\u9700\u8981\u78ba\u5b9a\u7684\u4e8b\u9805\u5305\u62ec\u4ee5\u4e0b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>RoE \u5236\u5b9a (Rules of Engagement)\uff1a<\/strong> \u8a0e\u8ad6\u54ea\u4e9b\u624b\u6bb5\u7981\u6b62\u4f7f\u7528\uff08\u5982\u7834\u58de\u6027\u653b\u64ca\uff09\u3001\u54ea\u4e9b\u6642\u9593\u4e0d\u80fd\u52d5\u624b\u3002<\/li>\n\n\n\n<li><strong>\u5b9a\u7fa9 Flag\uff1a<\/strong> \u5ba2\u6236\uff08White Cell\uff09\u6307\u6d3e\u76ee\u6a19\u6a5f\u5668\u6216\u696d\u52d9\u60c5\u5883\uff08\u4f8b\u5982\uff1a\u53d6\u5f97\u6838\u5fc3\u8cc7\u6599\u5eab\u63a7\u5236\u6b0a\uff09\u3002<\/li>\n\n\n\n<li><strong>\u901a\u5831\u6a5f\u5236\uff1a<\/strong> \u5efa\u7acb\u7d05\u968a\u8207\u5ba2\u6236\u4ee3\u8868\u7684\u7dca\u6025\u806f\u7e6b\u71b1\u7dda\uff08\u907f\u514d\u771f\u7684\u6253\u639b\u7cfb\u7d71\u6642\u6c42\u52a9\u7121\u9580\uff0c\u6216\u662f\u9047\u5230\u771f\u5be6\u653b\u64ca\u8981\u5168\u90e8\u66ab\u505c\uff09\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Phase 2: \u7d05\u968a\u958b\u59cb\u653b\u64ca\u8207\u76ee\u6a19\u9054\u6210 (Execution &amp; Objective)<\/h3>\n\n\n\n<p>\u7d05\u968a\u958b\u59cb\u50cf\u771f\u5be6\u99ed\u5ba2\u4e00\u6a23\uff0c\u5148\u9032\u884c\u60c5\u5831\u6536\u96c6\uff0c\u4f8b\u5982\u4ee5\u4e0b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OSINT \u8490\u96c6\uff1a<\/strong> \u5f9e GitHub\u3001LinkedIn\u3001\u6697\u7db2\u8490\u96c6\u54e1\u5de5\u8cc7\u8a0a\u3001\u6d29\u6f0f\u6191\u8b49\u6216\u6280\u8853\u67b6\u69cb\u3002<\/li>\n\n\n\n<li><strong>\u57fa\u790e\u8a2d\u65bd\u5e03\u5efa\uff1a<\/strong> \u7d05\u968a\u5728\u6b64\u6642\u8981\u67b6\u8a2d\u81ea\u5df1\u7684 C2 \u57fa\u5730\u3001\u7533\u8acb\u507d\u88dd\u7db2\u57df\u3001\u914d\u7f6e\u8df3\u677f\u6a5f\uff08VPS\uff09\uff0c\u78ba\u4fdd\u653b\u64ca\u6d41\u91cf\u770b\u8d77\u4f86\u50cf\u6b63\u5e38\u7684\u5916\u4f86\u9023\u7dda\u3002<\/li>\n\n\n\n<li><strong>\u653b\u64ca\u65b9\u5411\u8a55\u4f30\uff1a<\/strong> \u6839\u64da\u8490\u96c6\u7684\u60c5\u5831\uff0c\u6c7a\u5b9a\u662f\u8981\u7528\u300c\u793e\u4ea4\u5de5\u7a0b\u91e3\u9b5a\u300d\u9084\u662f\u300c\u5916\u7db2\u670d\u52d9\u6f0f\u6d1e\u300d\u4f5c\u70ba\u7a81\u7834\u53e3\u3002<\/li>\n<\/ul>\n\n\n\n<p>\u63a5\u8457\u7d05\u968a\u6839\u64da\u5f97\u5230\u7684\u60c5\u5831\uff0c\u4f7f\u7528\u5404\u7a2e\u624b\u6cd5\u5617\u8a66\u9054\u6210\u76ee\u6a19\uff0c\u4f8b\u5982\u4ee5\u4e0b<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u521d\u6b65\u9032\u5165 (Initial Access)\uff1a<\/strong> \u900f\u904e\u91e3\u9b5a\u90f5\u4ef6\u3001\u5916\u7db2\u670d\u52d9\u5f31\u9ede\u3001\u5bc6\u78bc\u5674\u7051\u7b49\u65b9\u5f0f\u53d6\u5f97\u7b2c\u4e00\u500b\u64da\u9ede foothold\u3002<\/li>\n\n\n\n<li><strong>\u6301\u7e8c\u6f5b\u4f0f\u8207\u63d0\u6b0a\uff1a<\/strong> \u7e5e\u904e EDR\/AV \u76e3\u63a7\uff0c\u4e26\u5728\u53d7\u611f\u67d3\u4e3b\u6a5f\u4e0a\u63d0\u5347\u81f3\u7ba1\u7406\u54e1\u6b0a\u9650\u3002<\/li>\n\n\n\n<li><strong>\u6a6b\u5411\u79fb\u52d5 (Lateral Movement)\uff1a<\/strong> \u5728\u5167\u7db2\u4e2d\u5c0b\u627e AD \u7db2\u57df\u63a7\u5236\u6b0a\u6216\u524d\u5f80 White Cell \u6307\u5b9a\u7684 Flag \u6a5f\u5668\u3002<\/li>\n\n\n\n<li><strong>\u596a\u53d6\u76ee\u6a19\uff1a<\/strong> \u8b49\u660e\u5177\u5099 Flag \u7684\u64cd\u4f5c\u6b0a\uff08\u5982\u8b80\u53d6\u8cc7\u6599\u593e\u3001\u4fee\u6539\u6e2c\u8a66\u6a94\uff09\uff0c\u4e26\u5728\u4e0d\u89f8\u767c\u544a\u8b66\u7684\u60c5\u6cc1\u4e0b\u5b8c\u6210\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Phase 3: \u6230\u5834\u6e05\u7406 (Cleanup)<\/h3>\n\n\n\n<p>\u9019\u662f\u5728\u653b\u64ca\u7d50\u675f\u5f8c\uff0c\u78ba\u4fdd\u74b0\u5883\u5b89\u5168\u7684\u5fc5\u8981\u5de5\u4f5c\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u885d\u7a81\u6bd4\u5c0d (De-confliction)\uff1a<\/strong> \u6700\u5f8c\u518d\u78ba\u8a8d\u4e00\u4e0b\u73fe\u5728\u6c92\u6709\u771f\u5be6\u653b\u64ca\u88ab\u8aa4\u7576\u7d05\u968a\u653b\u64ca<\/li>\n\n\n\n<li><strong>\u6e05\u7406\u75d5\u8de1 (Cleanup)\uff1a<\/strong> \u9019\u662f\u7d05\u968a\u7684\u91cd\u8981\u5de5\u4f5c\uff0c\u5fc5\u9808\u64a4\u9664\u6240\u6709\u4e0a\u50b3\u7684\u5de5\u5177\u3001\u522a\u9664\u5f8c\u9580\u5e33\u865f\u3001\u9084\u539f\u767b\u9304\u6a94\uff0c\u9019\u4e9b\u90fd\u6703\u5728White Cell \u76e3\u7763\u4e0b\u9032\u884c\u3002<\/li>\n\n\n\n<li><strong>\u74b0\u5883\u7a3d\u6838\uff1a<\/strong> \u78ba\u8a8d\u5ba2\u6236\u7cfb\u7d71\u5df2\u6062\u5fa9\u5230\u6f14\u7df4\u524d\u7684\u539f\u59cb\u72c0\u614b\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Phase 4: \u6bd4\u5c0d\u8a55\u4f30\u8207\u7e3d\u7d50\u5831\u544a (Analysis &amp; Reporting)<\/h3>\n\n\n\n<p>\u9019\u662f\u5c07\u6f14\u7df4\u8f49\u5316\u70ba\u300c\u5546\u696d\u50f9\u503c\u300d\u7684\u6700\u95dc\u9375\u74b0\u7bc0\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Log \u5c0d\u63a5 (Log Correlation)\uff1a<\/strong> \u7d05\u85cd\u96d9\u65b9\u5750\u4e0b\u4f86\u6bd4\u5c0d\u6642\u9593\u8ef8\u3002 \u7d05\u968a\u8aaa\u300c\u6211 14:00 \u9032\u4f86\u300d\uff0c\u85cd\u968a\u67e5\u300c\u6211 14:05 \u624d\u6709\u544a\u8b66\u300d\uff0c\u9019 5 \u5206\u9418\u5c31\u662f\u9632\u79a6\u7f3a\u53e3\u3002<\/li>\n\n\n\n<li><strong>\u9632\u79a6\u512a\u5316\u5efa\u8b70 (Remediation)\uff1a<\/strong> \u7d05\u968a\u91dd\u5c0d\u6c92\u88ab\u5075\u6e2c\u5230\u7684\u52d5\u4f5c\uff0c\u63d0\u4f9b\u5177\u9ad4\u7684\u9632\u79a6\u5efa\u8b70\uff08\u4f8b\u5982\uff1a\u8a72\u589e\u52a0\u54ea\u689d\u5075\u6e2c\u898f\u5247\uff09\u8207\u6d41\u7a0b\u512a\u5316\uff08SOP\u3001\u5206\u5de5\u3001\u901a\u5831\u6a5f\u5236\uff09\u3002<\/li>\n\n\n\n<li><strong>\u6230\u7565\u5efa\u8b70\u5831\u544a\uff1a<\/strong> \u7522\u51fa\u7d66\u9ad8\u5c64\u770b\u7684\u7e3d\u7d50\u5831\u544a\uff0c\u8aaa\u660e\u6574\u9ad4\u9632\u79a6\u97cc\u6027\u7684\u6210\u719f\u5ea6\u3002\u4ee5\u696d\u52d9\u8a9e\u8a00\u8aaa\u660e\uff0c\u54ea\u4e9b\u653b\u64ca\u8def\u5f91\u6210\u529f\u3001\u80fd\u9020\u6210\u54ea\u7a2e\u5be6\u969b\u71df\u904b\u8207\u5408\u898f\u98a8\u96aa\uff0c\u4e26\u63d0\u4f9b\u512a\u5148\u4fee\u88dc\u6e05\u55ae\u8207\u5f8c\u7e8c\u6f14\u7df4\u5efa\u8b70<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u7cfb\u7d71\u5316\u6d41\u7a0b\u7e3d\u7d50\u8868<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td><strong>\u968e\u6bb5<\/strong><\/td><td><strong>\u5de5\u4f5c\u91cd\u9ede<\/strong><\/td><td><strong>\u7522\u51fa\u7269<\/strong><\/td><\/tr><\/thead><tbody><tr><td><strong>\u555f\u52d5\u671f<\/strong><\/td><td>\u5b9a\u7fa9\u908a\u754c\u8207\u76ee\u6a19<\/td><td>RoE \u6388\u6b0a\u6587\u4ef6\u3001Flag \u6e05\u55ae\u3001\u901a\u5831\u6a5f\u5236<\/td><\/tr><tr><td><strong>\u5be6\u65bd\u671f<\/strong><\/td><td>\u84cb\u57fa\u5730\u3001\u8490\u96c6\u60c5\u5831\u3001\u7a81\u7834\u3001\u6f5b\u4f0f\u3001\u62ff AD\/Flag<\/td><td>\u5a01\u8105\u60c5\u8cc7\u5831\u544a\u3001\u653b\u64ca\u884c\u70ba\u7d00\u9304\u3001\u53d6\u8b49\u622a\u5716<\/td><\/tr><tr><td><strong>\u6536\u5c3e\u671f<\/strong><\/td><td>\u6062\u5fa9\u74b0\u5883\u3001\u6392\u9664\u885d\u7a81<\/td><td>\u6062\u5fa9\u78ba\u8a8d\u6e05\u55ae<\/td><\/tr><tr><td><strong>\u5206\u6790\u671f<\/strong><\/td><td>\u7d05\u85cd Log \u5c0d\u63a5<\/td><td>\u6230\u7565\u5efa\u8b70\u5831\u544a\u3001\u9632\u79a6\u512a\u5316\u5efa\u8b70\u7b49<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u5206\u5de5<\/h2>\n\n\n\n<p>\u7d05\u968a\u6f14\u7df4\u4e0d\u662f\u628a\u9322\u4e1f\u7d66\u8cc7\u5b89\u516c\u53f8\u5c31\u7d50\u675f\u4e86\uff0c\u5ba2\u6236\uff08\u7532\u65b9\uff09\u7684\u53c3\u8207\u7a0b\u5ea6\uff0c\u76f4\u63a5\u6c7a\u5b9a\u4e86\u6f14\u7df4\u7684\u542b\u91d1\u91cf\u3002\u7d05\u968a\u6f14\u7df4\u7684\u5de5\u4f5c\u53ef\u62c6\u89e3\u70ba\u300c<strong>\u7d05\u968a\u5c08\u5c6c<\/strong>\u300d\u3001\u300c<strong>\u5ba2\u6236\u5c08\u5c6c<\/strong>\u300d\u4ee5\u53ca\u300c<strong>\u96d9\u65b9\u5354\u4f5c<\/strong>\u300d\u4e09\u5927\u5340\u584a\uff0c\u4ee5\u4e0b\u662f\u7d05\u968a\u6f14\u7df4\u5de5\u4f5c\u8077\u638c\u8868 (Work Responsibility Matrix)\uff1a<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1. \u7d05\u968a\u8981\u505a\u7684\u4e8b (Red Team Tasks)  <\/h4>\n\n\n\n<p>\u9019\u662f\u7d05\u968a\u5c55\u73fe\u5c08\u696d\u6280\u8853\u7684\u6230\u5834\uff0c\u6838\u5fc3\u662f\u300c\u96b1\u853d\u300d\u8207\u300c\u7a81\u7834\u300d\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u57fa\u790e\u5efa\u8a2d\u8207\u5de5\u5177\u6e96\u5099\uff1a<\/strong> \u79df\u7528 VPS\u3001\u7533\u8acb\u7db2\u57df\u3001\u67b6\u8a2d C2 \u63a7\u5236\u4e2d\u5fc3\u3001\u6e96\u5099\u514d\u6bba (Evasion) \u5de5\u5177\u3002<\/li>\n\n\n\n<li><strong>\u5a01\u8105\u60c5\u5831\u8490\u96c6\uff1a<\/strong> \u57f7\u884c OSINT (\u516c\u958b\u4f86\u6e90\u60c5\u5831)\uff0c\u8abf\u67e5\u76ee\u6a19\u516c\u53f8\u7684\u6578\u4f4d\u8db3\u8de1\u3001\u793e\u4ea4\u5a92\u9ad4\u8cc7\u8a0a\u3002<\/li>\n\n\n\n<li><strong>\u653b\u64ca\u884c\u70ba\u5be6\u4f5c\uff1a<\/strong> \u57f7\u884c\u7db2\u8def\u91e3\u9b5a\u3001\u6f0f\u6d1e\u63a2\u6e2c\u3001\u6b0a\u9650\u63d0\u5347\u3001\u5167\u7db2\u6a6b\u5411\u79fb\u52d5 (Lateral Movement)\u3002<\/li>\n\n\n\n<li><strong>\u76ee\u6a19\u9054\u6210\u8207\u53d6\u8b49\uff1a<\/strong> \u5728\u76ee\u6a19 Flag \u4e3b\u6a5f\u7559\u4e0b\u6a19\u8a18\uff0c\u4e26\u622a\u5716\u6216\u9304\u5f71\u8b49\u660e\u300c\u6211\u5df2\u5177\u5099\u63a7\u5236\u6b0a\u300d\u3002<\/li>\n\n\n\n<li><strong>\u6230\u5834\u6e05\u7406\uff1a<\/strong> \u64a4\u96e2\u5f8c\u9580\u3001\u522a\u9664\u66ab\u5b58\u6a94\u3001\u78ba\u4fdd\u4e0d\u7559\u4e0b\u984d\u5916\u98a8\u96aa\u4e26\u76e1\u91cf\u9084\u539f\u81f3\u6f14\u7df4\u524d\u72c0\u614b\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">2. \u5ba2\u6236\u8981\u505a\u7684\u4e8b (Client\/White Cell Tasks) <\/h4>\n\n\n\n<p>\u9019\u662f\u78ba\u4fdd\u6f14\u7df4\u300c\u4e0d\u51fa\u4e8b\u300d\u4e14\u300c\u6709\u50f9\u503c\u300d\u7684\u95dc\u9375\uff0c\u7531\u5ba2\u6236\u7684 White Cell \u8ca0\u8cac\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u5b9a\u7fa9\u6f14\u7df4\u76ee\u6a19 (Flags)\uff1a<\/strong> \u7d66\u51fa\u5177\u9ad4\u76ee\u6a19\u8207\u908a\u754c\uff08\u4f8b\u5982\u54ea\u4e9b\u6a5f\u5668\uff0f\u6d41\u7a0b\u662f\u8981\u6253\u3001\u54ea\u4e9b\u662f\u7981\u5340\uff09\uff0c\u6216\u54ea\u5e7e\u9805\u696d\u52d9\u6d41\u7a0b\uff08\u5982 SWIFT \u8f49\u5e33\uff09\u662f\u596a\u65d7\u76ee\u6a19\u3002<\/li>\n\n\n\n<li><strong>\u5167\u90e8\u6e9d\u901a\u5c4f\u853d\uff1a<\/strong> \u8996\u6f14\u7df4\u8a2d\u8a08\uff0c\u53ef\u80fd\u4fdd\u5bc6\u4e5f\u53ef\u80fd\u534a\u900f\u660e\uff08\u4f8b\u5982\u51fa\u65bc\u7df4\u7fd2\u76ee\u7684\u6703\u8b93 Blue \u77e5\u9053\u6709\u5728\u6f14\u7df4\uff0c\u4f46\u7d30\u7bc0\u4fdd\u5bc6\uff09\u3002\u540c\u6642\u9700\u7167\u61c9\u597d\u9ad8\u5c64\uff0c\u907f\u514d\u6f14\u7df4\u88ab\u8aa4\u8a8d\u70ba\u771f\u6b63\u7684\u99ed\u5ba2\u5165\u4fb5\u800c\u5c0e\u81f4\u4e0d\u5fc5\u8981\u7684\u6cd5\u5f8b\u6216\u884c\u653f\u52d5\u4f5c\u3002<\/li>\n\n\n\n<li><strong>\u6cd5\u5f8b\u8207\u5408\u898f\u6388\u6b0a\uff1a<\/strong> \u7c3d\u7f72 RoE (\u6f14\u7df4\u898f\u5247) \u8207\u6388\u6b0a\u66f8\uff0c\u78ba\u4fdd\u7d05\u968a\u7684\u653b\u64ca\u884c\u70ba\u5728\u6cd5\u5f8b\u4fdd\u969c\u5167\u9032\u884c\u3002<\/li>\n\n\n\n<li><strong>\u61c9\u8b8a\u6d41\u7a0b\u8a18\u9304\uff1a<\/strong> \u7576\u7d05\u968a\u5728\u653b\u64ca\u6642\uff0cWhite Cell \u8981\u5728\u65c1\u89c0\u5bdf\u4e26\u8a18\u9304\u85cd\u968a\u7684\u5075\u6e2c\u8207\u56de\u61c9\u6d41\u7a0b\uff0c\u4f5c\u70ba\u4e8b\u5f8c\u5206\u6790\u8207\u6539\u5584\u4f9d\u64da\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">3. \u7d05\u968a\u8207\u5ba2\u6236\u8981\u4e00\u8d77\u505a\u7684\u4e8b (Collaborative Tasks)  <\/h4>\n\n\n\n<p>\u9019\u662f\u6c7a\u5b9a\u5c08\u6848\u6210\u6557\u7684\u300c\u6e9d\u901a\u8207\u6587\u66f8\u300d\u5de5\u4f5c\uff0c\u4e5f\u662f\u60a8\u63d0\u5230\u6700\u8017\u6642\u7684\u90e8\u5206\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u6f14\u7df4\u524d\u7684\u5287\u672c\u8a0e\u8ad6\u8207 RoE \u5236\u5b9a\uff1a<\/strong> \u8a0e\u8ad6\u8981\u6a21\u64ec\u54ea\u7a2e\u99ed\u5ba2\uff08APT\u3001\u5167\u9b3c\u3001\u6216\u52d2\u7d22\u75c5\u6bd2\uff09\uff1f\u54ea\u4e9b\u662f\u7d55\u5c0d\u4e0d\u80fd\u78b0\u7684\u7981\u5340 (Blacklist)\uff1f<\/li>\n\n\n\n<li><strong>\u6f14\u7df4\u4e2d\u7684\u885d\u7a81\u6392\u9664 (De-confliction)\uff1a<\/strong> \u7576\u85cd\u968a\u5831\u6848\u300c\u6709\u4eba\u5728\u6253\u6211\u5011\u300d\u6642\uff0c\u96d9\u65b9\u8981\u7acb\u5373\u5c0d\u7167\uff1a\u9019\u662f\u7d05\u968a\u505a\u7684\uff1f\u9084\u662f\u771f\u7684\u99ed\u5ba2\uff1f<\/li>\n\n\n\n<li><strong>\u6f14\u7df4\u5f8cLog \u5c0d\u63a5\u8207\u6bd4\u5c0d\uff1a<\/strong> \u7d05\u968a\u62ff\u51fa\u653b\u64ca\u65e5\u8a8c\uff0c\u5ba2\u6236\u62ff\u51fa SOC \u65e5\u8a8c\u3002\u96d9\u65b9\u4e00\u8d77\u5750\u4e0b\u4f86\uff0c\u5c0d\u7167\u6bcf\u4e00\u5206\u9418\u7684\u52d5\u4f5c\u6709\u6c92\u6709\u88ab\u5075\u6e2c\u5230\u3001\u544a\u8b66\u662f\u5426\u6b63\u78ba\u3002<\/li>\n\n\n\n<li><strong>\u6f14\u7df4\u5f8c\u5831\u544a\u8a0e\u8ad6\uff1a<\/strong> \u6839\u64da\u6bd4\u5c0d\u7d50\u679c\uff0c\u5171\u540c\u8a0e\u8ad6\u51fa\u4e00\u4efd\u7d50\u5408\u6280\u8853\u7d30\u7bc0\u8207\u696d\u52d9\u98a8\u96aa\u7684\u8cc7\u5b89\u6539\u5584\u5efa\u8b70\uff0c\u63d0\u51fa\u512a\u5148\u9806\u4f4d\u8207\u77ed\u671f\u3001\u4e2d\u671f\u8207\u9577\u671f\u5efa\u8b70\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u5be6\u52d9\u7e3d\u7d50\u8868<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td><strong>\u5de5\u4f5c\u7bc4\u7587<\/strong><\/td><td><strong>\u7d05\u968a\u8981\u505a (Red Team)<\/strong><\/td><td><strong>\u5ba2\u6236\u8981\u505a <\/strong><\/td><td><strong>\u96d9\u65b9\u5354\u4f5c <\/strong><\/td><\/tr><\/thead><tbody><tr><td><strong>\u6e96\u5099\u968e\u6bb5<\/strong><\/td><td>\u5e03\u5efa C2\u3001\u5075\u5bdf OSINT<\/td><td>\u6307\u5b9a Flag \u6a5f\u5668\u8207\u76ee\u6a19<\/td><td>\u8a0e\u8ad6\u653b\u64ca\u5287\u672c\u8207 RoE<\/td><\/tr><tr><td><strong>\u57f7\u884c\u968e\u6bb5<\/strong><\/td><td>\u6280\u8853\u6ef2\u900f\u3001\u596a\u53d6 Flag<\/td><td>\u89c0\u5bdf\u85cd\u968a\u53cd\u61c9 <\/td><td>\u885d\u7a81\u6392\u9664 (De-confliction)<\/td><\/tr><tr><td><strong>\u7d50\u6848\u968e\u6bb5<\/strong><\/td><td>\u6e05\u7406\u6230\u5834 (Cleanup)<\/td><td>\u63d0\u4f9b\u85cd\u968a Log \u8207\u61c9\u8b8a\u7d00\u9304<\/td><td>Log \u5c0d\u63a5\u8207\u6230\u7565\u5831\u544a<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u6846\u67b6<\/h2>\n\n\n\n<p>\u7d05\u968a\u5e38\u7528\u6846\u67b6\u53ef\u4ee5\u5206\u70ba2\u5927\u985e\uff0c\u300c\u6d41\u7a0b\u7ba1\u7406\u300d\u6c7a\u5b9a\u4e86\u5c08\u6848\u7684\u5ee3\u5ea6\u3001\u5408\u898f\u8207\u5b89\u5168\u6027\uff1b\u800c\u300c\u6280\u8853\u5c0d\u6297\u300d\u5247\u6c7a\u5b9a\u4e86\u6f14\u7df4\u7684\u6df1\u5ea6\u3001\u96b1\u853d\u6027\u8207\u771f\u5be6\u611f\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u4e00\u3001 \u6d41\u7a0b\u7ba1\u7406\u985e <\/h3>\n\n\n\n<p>\u9019\u985e\u6846\u67b6\u662f\u70ba\u4e86\u8b93\u300c\u4f01\u696d\u7ba1\u7406\u8005\u300d\u8207\u300c\u76e3\u7ba1\u6a5f\u69cb\u300d\u5efa\u7acb\u5171\u8b58\u3002\u5b83\u5b9a\u7fa9\u4e86\u8ab0\u8a72\u8ca0\u8cac\u4ec0\u9ebc\u3001\u4ec0\u9ebc\u6642\u5019\u53ef\u4ee5\u653b\u64ca\u3001\u4ee5\u53ca\u5982\u4f55\u8a55\u4f30\u6f14\u7df4\u6210\u679c\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1. TIBER-EU (Threat Intelligence-based Ethical Red Teaming)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u4f86\u6e90\uff1a<\/strong> \u6b50\u76df\u4e2d\u592e\u9280\u884c (ECB)\u3002<\/li>\n\n\n\n<li><strong>\u6838\u5fc3\u7279\u8272\uff1a<\/strong> \u5f37\u8abf\u300c\u5a01\u8105\u60c5\u5831 (Threat Intelligence)\u300d\u5fc5\u9808\u5148\u65bc\u300c\u653b\u64ca\u300d\u3002\u5b83\u5f37\u5236\u8981\u6c42\u60c5\u5831\u516c\u53f8\u7522\u51fa\u8a72\u7d44\u7e54\u5c08\u5c6c\u7684\u5831\u544a\uff0c\u7d05\u968a\u518d\u64da\u6b64\u8a2d\u8a08\u5287\u672c\u3002<\/li>\n\n\n\n<li><strong>\u50f9\u503c\uff1a<\/strong> \u63d0\u4f9b\u9ad8\u5ea6\u6a19\u6e96\u5316\u7684\u4e09\u968e\u6bb5\uff08\u6e96\u5099\u3001\u6e2c\u8a66\u3001\u7d50\u6848\uff09\u4e03\u5c0f\u6b65\u9a5f\uff08Initiation \u3001Scoping\u3001Threat Intelligence \u3001Test Planning \u3001Red Team Test\u3001 Blue Team Report \u3001 Remediation\uff09\uff0c\u78ba\u4fdd\u8de8\u570b\u91d1\u878d\u6a5f\u69cb\u6709\u7d71\u4e00\u7684\u8cc7\u5b89\u97cc\u6027\u8861\u91cf\u6a19\u6e96\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">2. CBEST (Intelligence-Led Testing Framework)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u4f86\u6e90\uff1a<\/strong> \u82f1\u570b\u592e\u884c (Bank of England)\u3002<\/li>\n\n\n\n<li><strong>\u6838\u5fc3\u7279\u8272\uff1a<\/strong> \u5b83\u662f\u5168\u7403\u7b2c\u4e00\u500b\u5c07\u76e3\u7ba1\u6a5f\u69cb\u3001\u60c5\u5831\u4f9b\u61c9\u5546\u8207\u7d05\u968a\u516c\u53f8\u7d0d\u5165\u540c\u4e00\u6846\u67b6\u7684\u6a19\u6e96\u3002<\/li>\n\n\n\n<li><strong>\u50f9\u503c\uff1a<\/strong> \u6975\u5ea6\u5f37\u8abf\u300c\u771f\u5be6\u6027\u300d\u3002\u5b83\u8981\u6c42\u6e2c\u8a66\u5fc5\u9808\u6a21\u64ec\u73fe\u5be6\u4e2d\u5c0d\u8a72\u9280\u884c\u5a01\u8105\u6700\u5927\u7684\u99ed\u5ba2\u7d44\u7e54\uff08\u4f8b\u5982\u7279\u5b9a APT \u5718\u9ad4\uff09\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">3. CREST STAR (Simulated Target Attack &amp; Response)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u4f86\u6e90\uff1a<\/strong> \u570b\u969b\u975e\u71df\u5229\u8a8d\u8b49\u6a5f\u69cb CREST\u3002<\/li>\n\n\n\n<li><strong>\u6838\u5fc3\u7279\u8272\uff1a<\/strong> \u5b9a\u7fa9\u4e86\u5f9e\u9078\u5546\u3001\u7c3d\u7d04\u5230\u7d50\u6848\u7684\u5546\u696d\u6d41\u7a0b\u3002<\/li>\n\n\n\n<li><strong>\u50f9\u503c\uff1a<\/strong> \u63d0\u4f9b\u4e00\u5957\u696d\u754c\u8a8d\u53ef\u7684\u8b49\u7167\u5236\u5ea6\u8207\u670d\u52d9\u898f\u7bc4\uff0c\u662f\u76ee\u524d\u5168\u7403\u8cc7\u5b89\u9867\u554f\u516c\u53f8\u6700\u5e38\u5f15\u7528\u7684\u300c\u670d\u52d9\u6a19\u6e96\u300d\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u4e8c\u3001 \u6280\u8853\u5c0d\u6297\u985e (Tactical &amp; Technical)<\/h3>\n\n\n\n<p>\u9019\u985e\u6846\u67b6\u662f\u70ba\u4e86\u8b93\u300c\u6280\u8853\u5c08\u5bb6\u300d\u8207\u300c\u85cd\u968a\u9632\u79a6\u8005\u300d\u6e9d\u901a\u3002\u5b83\u5b9a\u7fa9\u4e86\u653b\u64ca\u7684\u5177\u9ad4\u624b\u6cd5\uff08TTPs\uff09\u4ee5\u53ca\u9632\u79a6\u7684\u6620\u5c04\u95dc\u4fc2\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1. MITRE ATT&amp;CK  (Adversary Emulation Plans)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u6838\u5fc3\uff1a<\/strong> \u5168\u7403\u6700\u5b8c\u6574\u7684\u99ed\u5ba2\u884c\u70ba\u77e5\u8b58\u5eab\u3002<\/li>\n\n\n\n<li><strong><strong>\u6838\u5fc3\u7279\u8272\uff1a<\/strong> <\/strong> \u63d0\u4f9b\u6a19\u6e96\u5316\u7684\u6230\u8853\uff08Tactics\uff09\u8207\u6280\u8853\uff08Techniques\uff09\u5217\u8868\u3002<\/li>\n\n\n\n<li><strong>\u50f9\u503c\uff1a<\/strong> \u76ee\u524d 2026 \u5e74\u7d05\u968a\u7684\u4e3b\u6d41\u3002 \u5b83\u8b93\u7d05\u968a\u80fd\u7cbe\u6e96\u6a21\u64ec\u7279\u5b9a\u5c0d\u624b\uff08\u5982 APT29\uff09\u7684\u8173\u672c\u3002 <\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">2. Unified Kill Chain (\u7d71\u4e00\u6bba\u50b7\u93c8)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u4f86\u6e90\uff1a<\/strong> \u7531 Lockheed Martin \u7684\u539f\u59cb Kill Chain \u6f14\u5316\u800c\u4f86\u3002<\/li>\n\n\n\n<li><strong>\u6838\u5fc3\u7279\u8272\uff1a<\/strong> \u5c07\u653b\u64ca\u62c6\u89e3\u70ba 18 \u500b\u5fae\u5c0f\u968e\u6bb5\uff08\u5982\u5075\u5bdf\u3001\u6b66\u5668\u5316\u3001\u6a6b\u5411\u79fb\u52d5\u3001\u76ee\u6a19\u9054\u6210\uff09\u3002<\/li>\n\n\n\n<li><strong>\u50f9\u503c\uff1a<\/strong> \u6bd4\u50b3\u7d71\u6bba\u50b7\u93c8\u66f4\u7cbe\u7d30\u3002\u7d05\u968a\u5e38\u7528\u5b83\u4f86\u6aa2\u6838\u300c\u6211\u5011\u5728\u54ea\u4e00\u500b\u7d30\u7bc0\u88ab\u85cd\u968a\u767c\u73fe\u4e86\uff1f\u300d\uff0c\u9019\u5c0d\u65bc\u7d30\u7bc0\u5c0e\u5411\u7684\u5167\u7db2\u6ef2\u900f\u975e\u5e38\u6709\u5e6b\u52a9\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">3. RTFM (Red Team Field Manual) \u5be6\u52d9\u9ad4\u7cfb<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><strong>\u4f86\u6e90\uff1a<\/strong><\/strong> Ben Clark \u6240\u64b0\u5beb\u7684\u4e00\u672c\u5de5\u5177\u66f8<\/li>\n\n\n\n<li><strong>\u6838\u5fc3\u7279\u8272\uff1a<\/strong> \u63d0\u4f9b\u4e00\u884c\u53c8\u4e00\u884c\u7684\u6307\u4ee4 (One-liners)\u3002\u5b83\u6db5\u84cb\u4e86 Linux\u3001Windows\u3001\u7db2\u8def\u8a2d\u5099\u3001\u8cc7\u6599\u5eab\u7b49\u5404\u7a2e\u74b0\u5883\u4e0b\u7684\u653b\u64ca\u8a9e\u6cd5\u3002<\/li>\n\n\n\n<li><strong>\u50f9\u503c\uff1a<\/strong> \u662f\u7d05\u968a\u7684\u300c\u901f\u67e5\u624b\u518a\u300d\uff0c\u5305\u542b\u5927\u91cf\u547d\u4ee4\u7bc4\u4f8b\u8207 evasion \u6280\u5de7\u3002<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Red Team\uff08\u7d05\u968a\uff09\u662f\u6307\u4e00\u500b\u7372\u5f97\u6388\u6b0a\u7684\u5718\u968a\uff0c\u5c0d\u7d44\u7e54\u7684\u7cfb\u7d71\u3001\u6d41\u7a0b\u3001\u4eba\u54e1\u6216\u7269\u7406\u5b89\u5168\u9032\u884c\u653b\u64ca\u6a21\u64ec\u3002\u76ee\u6a19\u4e0d\u662f\u9020\u6210\u5be6\u969b\u640d\u5bb3\uff0c\u800c\u662f\u5e6b\u5fd9\u767c\u73fe\u85cd\u968a\u7684\u5f31\u9ede\u3001\u9a57\u8b49\u9632\u79a6\u6548\u80fd\uff0c\u4e26\u63d0\u4f9b\u6539\u9032\u5efa\u8b70\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10],"tags":[],"class_list":["post-3032","post","type-post","status-publish","format-standard","hentry","category-securitysloution"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/3032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=3032"}],"version-history":[{"count":5,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/3032\/revisions"}],"predecessor-version":[{"id":3038,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/3032\/revisions\/3038"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=3032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=3032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=3032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}