CanonEngineer/DangerZone

GitHub: CanonEngineer/DangerZone

一个基于虚拟文件系统的网络安全教学实验室,通过模拟恶意软件行为与防御检测来安全地传授威胁分析知识。

Stars: 0 | Forks: 0

# DangerZone ### 网络安全教育实验室 — CanonEngineer **用于研究恶意软件行为的受控环境,包含示例代码、虚拟文件系统、遥测和防御机制 —— 不会感染真实系统。** [实验室](#-labs) · [架构](#-arquitetura) · [流程图](#-fluxogramas) · [演讲](#-conferência) · [知识树](#-tree-of-knowledge) · [如何运行](#-como-rodar) ## 存在意义 在会议和课程中,观众需要**查看代码**才能学习。发布真实的恶意软件是不负责任的。DangerZone 通过以下方式解决了这个问题: | 方法 | 结果 | |-----------|-----------| | **VirtualFileSystem** | 仅在内存中感染 | | **TelemetryBus** | 面向教学“SOC”的 JSON 事件 | | **Lab 01–05** | 经典家族(概念) | | **Lab 06–09** | 检测、完整性、行为、签名 | | **演讲稿** | 准备好用于演讲的 `conference/outline.md` | ## 示意图 — 思维导图 ``` mindmap root((DangerZone)) Simulações Vírus Worm Trojan Ransomware Spyware Defesa IOC Detector Hash Integrity Behavior Score YARA-like Conferência Outline Talking points Taxonomia ``` ## 架构 ``` flowchart TB subgraph SIM["Labs 01–05 · Simulação"] VFS["VirtualFileSystem"] BUS["TelemetryBus"] L1[Vírus] L2[Worm] L3[Trojan] L4[Ransomware] L5[Spyware] end subgraph DEF["Labs 06–09 · Defesa"] D6[IOC Detector] D7[SHA-256] D8[Behavior] D9[Pattern Scanner] end subgraph OUT["demos/"] JSON[telemetry_*.json] ALERTS[alerts.json] REP[integrity + scores] end L1 & L2 & L3 & L4 & L5 --> VFS L1 & L2 & L3 & L4 & L5 --> BUS BUS --> JSON JSON --> D6 & D8 VFS --> D7 & D9 D6 --> ALERTS D7 & D8 --> REP ``` ## 流程图 ### 病毒生命周期 (Lab 01) ``` flowchart LR A[Entrada ilustrativa] --> B[Varre /opt/apps no VFS] B --> C{Arquivo .py?} C -->|sim| D[Anexa marcador EDU] C -->|não| B D --> E[Emite virus.infect] E --> F[JSON de telemetria] ``` ### 蠕虫传播 (Lab 02) ``` flowchart TB A[host-A seed] --> B[host-B] A --> C[host-C] B --> D[host-D] C --> E[host-E] E --> F[host-F] ``` ### 现场演示 Pipeline ``` sequenceDiagram participant P as Palestrante participant S as Sims 01-05 participant T as demos/*.json participant D as Defesa 06-09 P->>S: python demos/run_all_sims.py S->>T: telemetria T->>D: regras + scores D-->>P: alertas na tela ``` ## 实验室 | # | 文件夹 | 侧重点 | 命令 | |---|-------|------|---------| | 01 | `labs/01_virus_lifecycle` | 文件感染 (VFS) | `python labs/01_virus_lifecycle/simulate_virus.py` | | 02 | `labs/02_worm_propagation` | 虚拟图中的 BFS | `python labs/02_worm_propagation/simulate_worm.py` | | 03 | `labs/03_trojan_behavior` | 伪装 × payload | `python labs/03_trojan_behavior/simulate_trojan.py` | | 04 | `labs/04_ransomware_concept` | 教学用 XOR + 恢复 | `python labs/04_ransomware_concept/simulate_ransomware.py` | | 05 | `labs/05_spyware_telemetry` | 模拟过度收集 | `python labs/05_spyware_telemetry/simulate_spyware.py` | | 06 | `labs/06_ioc_detector` | 基于遥测的规则 | `python labs/06_ioc_detector/detector.py` | | 07 | `labs/07_hash_integrity` | SHA-256 基准 | `python labs/07_hash_integrity/integrity.py` | | 08 | `labs/08_behavioral_analyzer` | 行为评分 | `python labs/08_behavioral_analyzer/analyzer.py` | | 09 | `labs/09_yara_like_scanner` | 模式匹配 | `python labs/09_yara_like_scanner/pattern_scanner.py` | ## 演讲 | 文档 | 用途 | |-----------|-----| | [conference/outline.md](conference/outline.md) | 35–45 分钟演讲稿 | | [conference/talking-points.md](conference/talking-points.md) | 现成话术 | | [docs/taxonomy.md](docs/taxonomy.md) | 家族 + ATT&CK 示例 | | [docs/kill-chain.md](docs/kill-chain.md) | Kill chain | | [docs/detection-playbook.md](docs/detection-playbook.md) | 防御流程 | ## 如何运行 ``` git clone https://github.com/CanonEngineer/DangerZone.git cd DangerZone python demos/run_all_sims.py ``` 要求:**Python 3.10+**,仅使用标准库。 ## 结构 ``` DangerZone/ ├── README.md ├── DISCLAIMER.md ├── common/ # VFS + telemetria + banner ├── labs/01..09/ # sims + defesa ├── demos/run_all_sims.py # pipeline da palestra ├── docs/ # taxonomia, kill chain, playbook └── conference/ # outline + talking points ``` ## 知识树 本项目的交互式思维树位于: **[canonengineer.github.io/TreeofKnowledge](https://canonengineer.github.io/TreeofKnowledge/)** → **DangerZone** 卡片 每个气泡都会打开相应实验室的代码。 ## 道德规范 示例代码的存在是为了**教授防御知识**。仅在授权环境中使用。请勿改编这些实验室以攻击第三方。 作者:**Alessandro Canon** — [CanonEngineer](https://github.com/CanonEngineer)
标签:DAST, 云资产清单, 安全教育, 实验室, 恶意软件分析, 虚拟文件系统, 逆向工程