CanonEngineer/DangerZone
GitHub: CanonEngineer/DangerZone
一个基于虚拟文件系统的网络安全教学实验室,通过模拟恶意软件行为与防御检测来安全地传授威胁分析知识。
Stars: 0 | Forks: 0
# DangerZone
### 网络安全教育实验室 — CanonEngineer
**用于研究恶意软件行为的受控环境,包含示例代码、虚拟文件系统、遥测和防御机制 —— 不会感染真实系统。**
[实验室](#-labs) · [架构](#-arquitetura) · [流程图](#-fluxogramas) · [演讲](#-conferência) · [知识树](#-tree-of-knowledge) · [如何运行](#-como-rodar)
## 存在意义
在会议和课程中,观众需要**查看代码**才能学习。发布真实的恶意软件是不负责任的。DangerZone 通过以下方式解决了这个问题:
| 方法 | 结果 |
|-----------|-----------|
| **VirtualFileSystem** | 仅在内存中感染 |
| **TelemetryBus** | 面向教学“SOC”的 JSON 事件 |
| **Lab 01–05** | 经典家族(概念) |
| **Lab 06–09** | 检测、完整性、行为、签名 |
| **演讲稿** | 准备好用于演讲的 `conference/outline.md` |
## 示意图 — 思维导图
```
mindmap
root((DangerZone))
Simulações
Vírus
Worm
Trojan
Ransomware
Spyware
Defesa
IOC Detector
Hash Integrity
Behavior Score
YARA-like
Conferência
Outline
Talking points
Taxonomia
```
## 架构
```
flowchart TB
subgraph SIM["Labs 01–05 · Simulação"]
VFS["VirtualFileSystem"]
BUS["TelemetryBus"]
L1[Vírus]
L2[Worm]
L3[Trojan]
L4[Ransomware]
L5[Spyware]
end
subgraph DEF["Labs 06–09 · Defesa"]
D6[IOC Detector]
D7[SHA-256]
D8[Behavior]
D9[Pattern Scanner]
end
subgraph OUT["demos/"]
JSON[telemetry_*.json]
ALERTS[alerts.json]
REP[integrity + scores]
end
L1 & L2 & L3 & L4 & L5 --> VFS
L1 & L2 & L3 & L4 & L5 --> BUS
BUS --> JSON
JSON --> D6 & D8
VFS --> D7 & D9
D6 --> ALERTS
D7 & D8 --> REP
```
## 流程图
### 病毒生命周期 (Lab 01)
```
flowchart LR
A[Entrada ilustrativa] --> B[Varre /opt/apps no VFS]
B --> C{Arquivo .py?}
C -->|sim| D[Anexa marcador EDU]
C -->|não| B
D --> E[Emite virus.infect]
E --> F[JSON de telemetria]
```
### 蠕虫传播 (Lab 02)
```
flowchart TB
A[host-A seed] --> B[host-B]
A --> C[host-C]
B --> D[host-D]
C --> E[host-E]
E --> F[host-F]
```
### 现场演示 Pipeline
```
sequenceDiagram
participant P as Palestrante
participant S as Sims 01-05
participant T as demos/*.json
participant D as Defesa 06-09
P->>S: python demos/run_all_sims.py
S->>T: telemetria
T->>D: regras + scores
D-->>P: alertas na tela
```
## 实验室
| # | 文件夹 | 侧重点 | 命令 |
|---|-------|------|---------|
| 01 | `labs/01_virus_lifecycle` | 文件感染 (VFS) | `python labs/01_virus_lifecycle/simulate_virus.py` |
| 02 | `labs/02_worm_propagation` | 虚拟图中的 BFS | `python labs/02_worm_propagation/simulate_worm.py` |
| 03 | `labs/03_trojan_behavior` | 伪装 × payload | `python labs/03_trojan_behavior/simulate_trojan.py` |
| 04 | `labs/04_ransomware_concept` | 教学用 XOR + 恢复 | `python labs/04_ransomware_concept/simulate_ransomware.py` |
| 05 | `labs/05_spyware_telemetry` | 模拟过度收集 | `python labs/05_spyware_telemetry/simulate_spyware.py` |
| 06 | `labs/06_ioc_detector` | 基于遥测的规则 | `python labs/06_ioc_detector/detector.py` |
| 07 | `labs/07_hash_integrity` | SHA-256 基准 | `python labs/07_hash_integrity/integrity.py` |
| 08 | `labs/08_behavioral_analyzer` | 行为评分 | `python labs/08_behavioral_analyzer/analyzer.py` |
| 09 | `labs/09_yara_like_scanner` | 模式匹配 | `python labs/09_yara_like_scanner/pattern_scanner.py` |
## 演讲
| 文档 | 用途 |
|-----------|-----|
| [conference/outline.md](conference/outline.md) | 35–45 分钟演讲稿 |
| [conference/talking-points.md](conference/talking-points.md) | 现成话术 |
| [docs/taxonomy.md](docs/taxonomy.md) | 家族 + ATT&CK 示例 |
| [docs/kill-chain.md](docs/kill-chain.md) | Kill chain |
| [docs/detection-playbook.md](docs/detection-playbook.md) | 防御流程 |
## 如何运行
```
git clone https://github.com/CanonEngineer/DangerZone.git
cd DangerZone
python demos/run_all_sims.py
```
要求:**Python 3.10+**,仅使用标准库。
## 结构
```
DangerZone/
├── README.md
├── DISCLAIMER.md
├── common/ # VFS + telemetria + banner
├── labs/01..09/ # sims + defesa
├── demos/run_all_sims.py # pipeline da palestra
├── docs/ # taxonomia, kill chain, playbook
└── conference/ # outline + talking points
```
## 知识树
本项目的交互式思维树位于:
**[canonengineer.github.io/TreeofKnowledge](https://canonengineer.github.io/TreeofKnowledge/)** → **DangerZone** 卡片
每个气泡都会打开相应实验室的代码。
## 道德规范
示例代码的存在是为了**教授防御知识**。仅在授权环境中使用。请勿改编这些实验室以攻击第三方。
作者:**Alessandro Canon** — [CanonEngineer](https://github.com/CanonEngineer)
标签:DAST, 云资产清单, 安全教育, 实验室, 恶意软件分析, 虚拟文件系统, 逆向工程