GitHub Commit Guide

• git add . #To stage all changes
• git commit -m “Your descriptive commit message”
• git push origin main
• git push -u origin main #If you are pushing to a new remote for the first time

Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.

Quick Start

Create a new post

1

$ hexo new "My New Post"

More info: Writing

Run server

1

$ hexo server

More info: Server

Generate static files

1

$ hexo generate

More info: Generating

Deploy to remote sites

1

$ hexo deploy

More info: Deployment

Mimikatz 是一款功能強大的輕量級調試神器，透過它你可以提升進程權限注入進程讀取進程內存，當然他最大的亮點就是他可以直接從lsass.exe 進程中獲取當前登入系統用戶名的密碼， lsass是微軟Windows系統的安全機制它主要用於本地安全和登陸策略，通常我們在登陸系統時輸入密碼之後，密碼便會儲存在lsass內存中，經過其wdigest 和tspkg 兩個模組調用後，對其使用可逆的演算法進行加密並儲存在記憶體之中， 而mimikatz 正是透過對lsass逆算獲取到明文密碼！也就是說只要不重開電腦，就可以透過他取得到登陸密碼，只限目前登陸系統！

Reference Link:
https://www.cnblogs.com/-mo-/p/11890232.html
https://ithelp.ithome.com.tw/articles/10332941
https://github.com/gentilkiwi/mimikatz

Metasploit專案是一個旨在提供安全漏洞資訊電腦安全專案，可以協助安全工程師進行滲透測試（penetration testing）及入侵檢測系統簽章開發。
Metasploit專案最為知名的子專案是開源的Metasploit框架，一套針對遠端主機進行開發和執行「exploit代碼」的工具。其他重要的子專案包括Opcode資料庫、shellcode檔案、安全研究等內容。
Metasploit專案知名的功能還包括反取證與規避工具，其中的某些工具已經內建在Metasploit Framework裡面。

Refernce Link
https://github.com/rapid7/metasploit-framework
https://www.metasploit.com/

Penetration testing (often called “pen testing”) is a simulated cyberattack carried out by security professionals to identify and exploit vulnerabilities in a system before real attackers can. It’s essentially an authorized, controlled form of hacking designed to strengthen defenses rather than break them.

🔍 Core idea

Simulated attack: Ethical hackers mimic the techniques of malicious actors to test how well your systems hold up.

Authorized and controlled: Unlike real attacks, penetration tests are agreed upon in scope and rules, ensuring no harm is done.

Goal-oriented: The aim is to uncover weaknesses—whether in applications, networks, or infrastructure—so they can be fixed.

🛠️ Types of penetration testing

Network penetration testing: Checks firewalls, routers, and servers for exploitable flaws.

Web application testing: Probes websites and APIs for issues like SQL injection or cross-site scripting.

Wireless testing: Examines Wi-Fi networks for weak encryption or unauthorized access points.

Social engineering testing: Simulates phishing or impersonation attacks to test human factors.

Physical penetration testing: Attempts to breach physical security controls, like locks or access cards.

Bitdefender
Best overall protection, performance, and lightweight use

Norton 360
Best overall, for families, and for extra security features like identity theft protection and cloud backup

McAfee
Unlimited devices, families, and mobile security

Aura
Identity theft protection

TotalAV
Web protection and budget-friendly options

Surfshark
Value and antivirus with a VPN combo

Malwarebytes
Speedy scans and maintaining user privacy

ESET
Advanced users and web protection

Sophos
Thrifty users

https://www.av-test.org/en/antivirus/home-windows/