中文摘要：

随着APT攻击的逐年增长,常规的渗透测试方法已经无法满足当前环境下对网络安全检测多元化的需求。由此,针对隐蔽式渗透方法进行研究,以常被忽视的物理安全漏洞为出发点,提出一种以树莓派作为间谍机的植入式PT渗透方法。该方法利用隧道技术与伪装技术,将控制流伪装成HTTPS流,实现树莓派与C＆C服务器之间的隐蔽通信;同时,使用Tor网络,实现渗透人员的匿名控制,最终达到隐蔽的效果。最后,通过渗透测试模拟实验,证明了该方法的隐蔽性,说明了此类攻击可能导致的潜在威胁,为安全人员对APT/PT攻击的防御与检测提供参考。

英文摘要：

With the increase of APT attacks year by year, conventional penetration test approaches cannot meet the requirements of the diverse network security detections in current network environment. In this paper, evasive penetration test methods are investigat-ed from the physically security vulnerabilities. A PT penetration test approach that seeding the raspberry pi as a spy is proposed as well. The approach disguises the control flows as the HTTPS flows using the tunnel technologies and camouflage techniques, which enable secure communication between raspberry pi and CC server. Meanwhile, to achieve the evasive effects eventually, the Tor network is used to realize the anonymity for penetration testers. Finally, the experiment results show the evasive of the approach and clarify the threats that such attack can cause. The proposed approach provides reference for the security for officer to defend and detect the APT / PT attack.