Analysis ideas after discovering that the on duty equipment is attacked

① Discover the attack action and block the attack
② By analyzing the data package , Confirm the authenticity of the attack action , Excluded as load and agent devices , Avoid affecting the business .
③ By analyzing the data packets, we can judge whether the data initiator has attack behavior or business , Simulate trigger scenario , And confirm whether the vulnerability exists and give targeted suggestions .
④ If it is determined to be an attack :
Locate the payload, Analyze what the attack action is , Read the file 、 Printouts 、
Write files and try to download files 、 Execute functions or commands , Then analyze the alarm response body 、 Whether the network behavior is moving
Make the desired result , If it meets the expectation, the attack will succeed , Give targeted disposal and vulnerability repair suggestions. If it is a business
Trigger , It is necessary to analyze vulnerability points, provide utilization details and give targeted repair suggestions .