{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"採訪嘉賓 | 吳石、蔡軍、聶森"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"採訪 | Tina、魏星、蔡芳芳"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"撰稿 | Tina"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個行業,沒有傳說中的江湖,沒有莫名其妙的絕招,也沒有那麼多各種莫名其妙的天才。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一個時代的優秀人才總是成批的湧現,再成批的褪去。中國上一代最優秀的安全人才,有的禁不住誘惑去做了黑產,有的看着安全行業沒前途選擇了轉行,還有一部分在“3Q 大戰”中被大企業收編。之前憑着熱血和激情入行的“草莽之衆”,逐漸大浪淘沙轉變爲了企業裏的正規軍。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這些選擇進入大企業的人中,不乏當年最頂尖的高手(又被稱爲“白帽”),他們逐漸成爲了這個時代的中堅力量,用自己的一言一行,以及做事的邏輯和方法,爲這個圈子培養出了更優秀的“新生代網安人”。科恩就是一支被這樣的頂尖人才引導成長起來的隊伍,他們更鋒利、自信、有實力,比上一代網安人更有力量去實現“改變行業、保護世界”的理想。"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"(本文節選自"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/minibook\/rqvZHbKLePA4eE8G85kp","title":"xxx","type":null},"content":[{"type":"text","text":"《中國頂尖技術團隊訪談錄》2021年第四季"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":")"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"安全人才等來了黃金時代"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在中國做安全研究的不多,而能稱之爲頂級選手的人數更是稀少。早期的從業人員,普遍“半路出家”,專業背景包括中文、生物、法律、醫學等等五花八門,大多是出於對網絡安全技術的熱愛而自學成才。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2006 年之後,因爲網絡遊戲的流行,一些早期“黑客”發現可以通過外掛、木馬等方式盜取遊戲用戶信息和虛擬資產進行變現,因此在“3Q 大戰”之前,幾乎一半的安全人才禁不住誘惑逐漸從事黑產違法活動,人才流失極爲嚴重。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"剩下爲數不多的網安人,普遍拿着不及 IT 行業平均水平的薪資,擁有一身本領,卻始終堅持正義和初心艱苦地熬着日子。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"吳石,是這些人中“殿堂級”的大師人物之一。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從復旦大學數學系畢業後,吳石在一家 IT 企業任職,因爲興趣開始利用業餘時間查找漏洞。吳石曾在微軟 Word 裏發現了一個嚴重漏洞(CVE-2010-3333),這個漏洞導致的最嚴重的場景是,比如你發送一封郵件給任何一個人,他不用點開郵件打開附件,只要到達服務端,用戶的電腦就會被遠程控制。在微軟正式修復之後,仍有地下黑客通過比對分析得出利用原理,還進行了很長一段時間的攻擊活動。因爲 0-Day 漏洞極具價值,曾"},{"type":"link","attrs":{"href":"http:\/\/m.techweb.com.cn\/article\/2010-07-16\/642663.shtml","title":"xxx","type":null},"content":[{"type":"text","text":"有黑市買家"}]},{"type":"text","text":"想以十倍於 ZDI 的價錢購買他發現的漏洞,但吳石並不爲所動。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"到 2010 年"},{"type":"link","attrs":{"href":"http:\/\/m.techweb.com.cn\/article\/2010-07-16\/642663.shtml","title":"xxx","type":null},"content":[{"type":"text","text":"《福布斯》報道"}]},{"type":"text","text":"他時,吳石已經發現並報告了 IE、Safari 和 Chrome 等瀏覽器中存在的 100 多個嚴重漏洞。安全專家查理•米勒(Charlie Miller)說:“或許蘋果應當聘請吳石來幫助他們,因爲他發現的蘋果操作系統的漏洞數量是蘋果整個安全團隊的兩倍還多。”福布斯評論說,蘋果很幸運,因爲遇到了“像吳石這麼厚道的人”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2012 年,上海碁震雲計算科技(Keen Team)在上海成立,當時人數不多,只有三五位在職人員。2013 年吳石以首席科學家的身份加入了 Keen Team,Keen Team 也從此迎來了大發展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2013 年 11 月 13 日,Keen Team 團隊在東京 Pwn2Own Mobile 比賽中攻破 iOS 7.0.3,成爲亞洲和國內第一個拿到頂級賽事冠軍的團隊。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於上海交大碩士畢業加入 Keen Team 的聶森來說,吳石既是這個行業的領軍人物,也是行業的一面旗幟,指引着新人前進道路的方向。因爲從小對黑客技術感興趣,在上海交大讀書時,聶森每週會讀一兩篇行業內的論文,並在微博上記錄讀後感。作爲前輩的吳石是爲數不多的、願意以網友身份無償地給予點評意見和建議的人。聶森回憶說,當時他正處於瓶頸期,真心能體會到自身技術發展上和國際前沿之間的差距,這些點撥讓他有了一個能突破自我的機會。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同時他對吳石充滿了欽佩,“在他那個時代做安全,收入不好也沒有什麼人關注。現在的年輕人可能只看到了大家風光的時候,誰能想象得到這個行業在前一二十年間慘淡的狀況。在行業沒那麼好的時候,還能脫穎而出,這靠的是定力、不斷的積累,以及足夠的熱情… 能堅持下來的,只有也唯有真愛。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2013 年,“斯諾登事件”爆發,從國家層面開始重視安全,奇虎 360、騰訊和阿里巴巴等互聯網企業也願意在安全上做投入,紛紛開始收購市面上不錯的安全團隊。Pwn2Own 奪冠,使這支一貫低調的團隊走進入了公衆視野,吸引了包括騰訊在內至少 5 家大型公司的投資意向,COO 任宇昕和騰訊副總裁丁珂甚至帶着多位總經理直接飛到上海與他們聊收購意向。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2014 年 1 月,Keen Team 正式加盟騰訊,2016 年正式成立“科恩實驗室”,結合早期的積累,騰訊旋即推出了玄武實驗室、雲鼎實驗室等“七劍下天山”的安全矩陣。騰訊給科恩最初的定位是基於 Keen Team 的漏洞挖掘能力,支持公司的內部產品安全,並不要求幫助公司掙錢,也沒有什麼 KPI 考覈限制。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"選擇加入騰訊是當時的最優選擇,同時也能“使我們當時能夠達到比較好的收入水平”,吳石表示。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"騰訊對加盟的安全人員也極爲重視:整個騰訊 16 級以上的專家只有 3 位,吳石是其中之一。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"互聯網企業開始收編安全人才,帶來一個明顯的趨勢是“從業人員的待遇越來越好”。科恩副總經理蔡軍,在安全行業從業 30 多年,也是早年加入 Keen Team 的老員工,據他回憶,“從畢業生薪資統計來看,連續有幾年,網絡安全人才薪資福利在 IT 科技行業裏都是最高的。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"老一輩的網安人更多是因爲個人的興趣愛好,比如 TK 教主原來是學醫出身,他加入騰訊也是行業裏的一個標誌性事件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我們那個時代還有很多也都不是科班出身,但現在我們招收的網絡安全專業畢業的科班同事越來越多了,”蔡軍補充說,“科恩團隊現在 90% 以上新加盟的都是經過七八年計算機專業學習、科班出身的年輕人。”大廠在安全上的投入改善的不僅僅是網安從業者的生存現狀,更影響了整個行業,“我還聽說有很多黑產洗白的故事,不再去做違法亂紀的事情,因爲現在正常合法的途徑和空間已經很大了。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"沒有飛花拈葉的絕招,也沒有所謂的江湖"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"過去十年,網安從業者的形象已經被塑造成了掌管着開啓網絡世界大門鑰匙的人,只需一個動作,便能穿梭屏障來去自如… 如果說頂級玩家真的擁有絕招,那麼吳石的祕訣是什麼?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"《福布斯》的報道中提到,吳石掌握了一種獨特的“fuzzing”方法,關注的是軟件架構,而不是細節。業界還傳說他有一套自己的“漏洞數學模型”,能從編譯過的二進制文件中,逆向找到軟件裏的算法邏輯或業務邏輯的問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"發現微軟 Word 軟件漏洞(CVE-2010-3333),也是基於這種 fuzzing 分析。微軟有一種富文本(RTF)格式,在 2011 年前這個格式基本不公開,但如果用文本編輯器打開 RTF 的一些文本,你會發現它的格式很有規律。通過查看這些樣本,吳石手工構造了一些對於 Word 程序來說比較奇怪的樣本,再將它們不斷“喂”給 Word 程序,Word 很快就崩潰了。通過對崩潰過程的分析,一步一步地找到漏洞。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"吳石說,理論上 Word 經過了比較嚴格的測試,這是一個一般程序員、一般公司都不會犯的軟件錯誤。“漏洞挖掘的過程實際上是在符合規則的前提下,構造了程序員很難想到的一些樣本去尋找軟件的斷點,這是最關鍵的一點。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“其次是讓構造的樣本數據或程序代碼儘可能互相關聯,這樣能較快地進行收斂。一開始目標程序可能是個黑盒,通過投餵精心構造的樣本數據瞭解軟件的處理邏輯,能夠知道在哪些地方可能有點問題——目標程序就逐漸變成了灰盒。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微軟谷歌這樣的大廠產品,實際是很安全的,他們會想出各種方法測試自己的軟件,安全問題最主要還是依賴於測試。所以可以理解爲漏洞挖掘本質考驗的是網安工程師"},{"type":"text","marks":[{"type":"strong"}],"text":"對軟件的理解程度"},{"type":"text","text":",通過動態分析和靜態分析,瞭解程序在做什麼以及是怎麼做的,並在測試條件下挑程序員意想不到的地方。所以某種程度上,也是要求開發者不要犯同一個能讓別人反覆猜到並利用的錯誤,“只要程序員每次能犯不同的錯誤,我覺得是可以接受的”,吳石說。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"漏洞挖掘過程中的手工分析同時也考驗攻防雙方的"},{"type":"text","marks":[{"type":"strong"}],"text":"編程基本功"},{"type":"text","text":"。編程中任何容易出錯的地方,都有可能產生被利用的漏洞。比如如果使用 C 語言,要寫得比較安全,得去了解前人總結的幾十或上百種不同程序員容易出錯的模型,“看完這個才能上崗”。目前開發者比較容易出安全問題的地方包括代碼的“邊界檢查”——尤其是那些容易造成堆棧溢出的邏輯,“老實說,大部分程序員的算數不是很好,有稍微複雜一點的加減乘除運算的地方,甚至包括谷歌和微軟的程序員都容易犯錯。”另一個值得開發者警惕的是程序執行時的“競爭條件”,典型如不同進程操作同一塊數據,非常容易帶來各種各樣的安全問題,並且一般的測試很難發現這樣的問題,是一個需要程序員予以警惕的漏洞模式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"吳石認爲,信息安全已經成爲了工程技術領域內的一個行業。做得好的話,跟其他的工程技術領域沒有什麼區別。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“一開始大家覺得這是一個江湖的事情,有很多各種莫名其妙的天才,有各種各樣莫名其妙的絕招。"},{"type":"text","marks":[{"type":"strong"}],"text":"其實沒有"},{"type":"text","text":"。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/53\/5340c2e0b63921ea7e1c251cecc462ec.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“因爲經過三十多年的發展,這個領域沒有什麼東西是你想得到而別人想不到的。2000 年左右,國內開始有一種奇怪的風氣,喜歡把網絡安全跟武俠文化結合在一起,好像每個人都是有一些不傳的祕籍,只要能夠一使出來,就可以飛花摘葉、取敵人首級於千里之外。實際上這個領域不存在特別神祕的東西,也不應該有神祕的東西,尤其不需要人爲地製造這種神祕感。而且這個領域沒有、也不應該有那種江湖俠義或‘黑客精神’。目前它還是會影響很多年輕人,導致他們很崇尚個人主義或名利上一些比較奇怪的追求。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我們應該以一種平常心來看待這個行業。要成爲一名安全領域的高手,所需要做的就是不斷學習,把過去幾十年已有的知識變成自己的能力,這是一個痛苦的、需要不斷花精力去不斷練習的過程。最重要的就是有自驅動力,踏踏實實地做事,每天進步一點點,日積月累最後終能取得比較大的成就。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個領域,對個人能力的依賴性或關聯性的確相對於其它領域高一點,安全行業曲折地發展到現在,不缺聰明厲害、非常有個性和能力的人,但崇尚“俠客風範、個人英雄主義”反而有礙於自身發展了。行業在進化,"},{"type":"text","marks":[{"type":"strong"}],"text":"任何一個大的技術進步都是靠一羣默默貢獻、踏踏實實的人共同完成的。"},{"type":"text","text":"個人成就已經和團隊緊密相連,需要大家懂得合作。這個行業已經不鼓勵獨狼行爲,而是希望團隊至上,能將個人的成功、興趣愛好疊加到公司需求、行業需求上,包括對國家、對一些技術承載有責任擔當,個人才能走得更紮實更遠。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“板凳能坐十年冷”是吳石的口頭禪,他強調:“安全這個行業最看重的不是天賦、智商,最關鍵的是要能堅持下去,只要能堅持下去,一定能夠比大多數人眼裏的聰明人做得更好。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"如何運營一支安全團隊"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"安全的軟件是經過不斷地攻防對抗演化出來的;而網絡安全上的競爭,歸根到底是人才的競爭。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從 2014 年 1 月被收購,到 2018 年騰訊“9·30 變革”,科恩團隊一直相對獨立運作,類似學校的研究實驗室,針對網絡安全做漏洞攻防領域的研究,輸出重點是爲騰訊的業務保駕護航,作爲子公司也需要以人力形式幫客戶提供一些軟件安全服務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"作爲騰訊安全“七劍”之一,吳石給科恩設定的目標之一是成爲騰訊安全的一張名片,通過 CTF 比賽或一些比較困難的技術研究,讓外界瞭解到騰訊安全有能力幫助客戶做好網絡安全服務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"收購之後,科恩代表騰訊安全在國際性比賽中拿了 17 個冠軍,贏得了三次世界破解大師(Master of Pwn)的稱號。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2016 年,特斯拉風頭正勁。它的安全防護技術也是全球領先的,在信息安全技術、包括人力上的投入可能是全球汽車行業裏面最多的一個。2016 年 9 月,科恩成功實現無物理接觸環境下遠程操控特斯拉,這在全球範圍是是頭一次,同時也向特斯拉報告了多項安全漏洞,馬斯克親自寫信致謝,並隨信頒發了兩塊“鐵牌牌”——即代表特斯拉安全研究最高榮譽的“特斯拉安全挑戰徽章”。2017 年,科恩實驗室再次實現了其無物理接觸遠程攻擊,能夠在駐車模式和行駛模式下對特斯拉進行任意遠程操控。特斯拉也連續兩年授予科恩實驗室“特斯拉安全研究名人堂”稱號。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/9b\/9b737e0b9b2da236e48e56d49cd4916c.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"“特斯拉安全挑戰徽章”和馬斯克親筆簽名感謝信"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在這期間,科恩還有一個任務,就是通過組織 CTF 比賽和破解特斯拉等活動來挖掘和選拔人才,將合適的苗子吸收到團隊中。找好苗子不是容易的事情,人才培養儲備問題是安全行業發展的一大困境。以前安全行業苦,也不掙錢,很難留住人才,大多數高校也沒有設立安全專業,“70 後”做安全的屈指可數,“80 後”這一代就已經有了巨大的人才斷層。根據調研機構數據,整個信息安全行業總體人員缺口在十幾萬到幾十萬之間,做漏洞研究的更加稀缺。隨着大家對安全越來越重視,待遇水漲船高,企業間人才爭奪也愈加激烈。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"利用比賽來“掐尖兒”,科恩儲備了不少好苗子,如專注於車聯網安全的聶森、拿了 11 個 Pwn2Own 冠軍的 zhen、CTF 比賽冠軍專業戶 jacky、在國家實戰演練中拿到冠軍的活動負責人 shu…"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最開始這是一個研究團隊,對大家沒有條條框框的限制,天高任鳥飛,無論是移動、PC,還是智能汽車或者電力設備,只要有興趣都可以隨意研究。大家也非常容易沉浸到自己的研究中,聶森就注意到這些優異的人擁有一個共同特質,就是隨時遇到問題就有去研究透徹的衝動,能立馬將自己關進“籠子裏”,“有可能你跟他說着話,或喫着飯的時候,他突然間陷入了一個狀態,具備了排斥外界氛圍的能力了,多半是大腦裏在演練解決思路。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理這麼多優秀的人,吳石坦言一開始有點“沒信心”,但由於單靠個人所取得的成就相對有限,像參加 Pwn2Own、CTF 這些國際性比賽都必須要有團隊一起合作。在談到帶團隊的感受時他說,“首先,將一羣聰明的人擰成一股繩,讓大家朝着一個目標去努力並取得比較大的成績,這個很有成就感。其次,能幫助一些年輕人比較快地成長,少走彎路,這個也很有成就感。”科恩的“戰績”能長盛不衰,吳石自然功不可沒。在聶森看來,安全技術以前肯定存在中外技術差距,隨着大環境變化,科恩裏聰明的年輕人越來越多,且有像吳石這樣資深、專業的前輩指導,團隊達到國際一流水平已經沒有什麼阻力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"網安研究團隊建設,與一般技術團隊不同,行業裏沒有太多值得大家互相借鑑的成功經驗。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於蔡軍歲數相對較大,在團隊屬於老大哥的角色,不少人會問他如何運營一支網絡安全團隊。他表示,“這個問題我也想了很多年,我覺得大概分幾個方面。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第一,常在河邊走,但是一定不能溼鞋。不碰高壓線,不做任何瓜田李下的事情。很重要的是要有一個很好的帶頭人。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我一直開玩笑說我們有一個德藝雙馨的吳石總,他爲人很低調,有非常紮實的功底,厚積薄發。他決定了這個團隊的氣質和價值觀。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在科恩團隊,很多小夥子手上的那些手藝和功夫業界一流,但凡動點歪心思就能獲取巨大的利益。面對這種誘惑,對人的道德修養和品德要求是很高的。所以科恩對加入團隊的這些人的品質,要求非常高。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“吳石本身是一個很好的典範,他作爲一個神一樣的存在,天天跟大家一起,樹立的榜樣就是再能幹的人也是要堅持研究和付出的。吳石也四十多歲了,每天晚上也都是看資料看論文,要跟我們討論,經常都是一兩點鐘才睡。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第二,這個團隊近幾年已經形成一個新老搭配、優勢互補的格局。有老人兒,有後起之秀,大家在不同的領域都取得過非常突出的成績,可以互相碰撞工作研究思路和心得體會。新老搭配,同時又能夠互補,這就形成了團隊的整體實力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我們有非常正向的積極的價值觀和團隊文化:追求極致,團隊至上,勇於擔當。這對於新加入的一些同事會有一些潛移默化的影響。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第三,重視人才的梯隊建設,以及對外交流互動。這也是團隊過去取得成績很重要的一個保證。比如在騰訊我們以科恩爲技術支持,持續舉辦的 TCTF 信息安全爭霸賽。對於科恩來說,更重要的是想通過這樣的賽事在專業領域去發現一些好的苗子和人才,也通過把國內高校戰隊和國際頂尖 CTF 戰隊放到一個賽場上競技,提升國內高校學生的視野,逐步縮小、追平和國外的差距。另外科恩也非常注重跟高校合作,吸引 CTF 戰隊的同學來這學習和交流。還有一些金融客戶、大企業客戶的安全團隊,他們經常也有些人來實習和交流。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我覺得科恩的團隊建設目前看還是比較成功的,當然在這個過程中也有一些人和我們志趣不同,離開團隊,但是我們發現團隊的整體實力強,不依賴於一兩個天才。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"讓安全研究走出實驗室"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"黑產利潤再大,但也比不上用正大光明的手段掙錢。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2018 年 9 月 30 日,騰訊宣佈了重大組織架構調整,成立了新的 CSIG 雲與智慧產業事業羣,同時提倡科技向善,面向 To B 市場,爲政府、企業提供技術支持。科恩團隊在這次調整中,從 MIG 換到了雲和智慧產業事業羣,這個階段配合着騰訊主體業務發展的要求,科恩的定位也有了變化,除“保駕護航”之外,還有了幫助騰訊安全以及騰訊整個雲的業務做“開疆拓土”的要求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而且任何企業運營都需要一些開銷。作爲一支高水平的研究團隊,科恩也不希望只被“包養”,而是希望自己去創造一些價值,產生營收。吳石給科恩設定的另一個目標是把一些安全能力,即漏洞研究的心得和成果,包裝成工具和產品,並將其推向市場。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這也就要求在鼓勵大家做自由的安全研究探索之外,還需要有一些特定的方向,其中之一就是車聯網。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"聶森從 2016 年開始帶領一個小團隊負責科恩的車聯網安全業務。智能汽車系統跟手機不同,是建立在可能幾十個單片機系統之上的,比如剎車、娛樂大屏都各有自己的單機系統,那麼它的攻防找的是漏洞鏈條,整個環節可能涉及至少大大小小 3 到 5 個漏洞,研究週期很長,需要的技術棧也比較複雜。車載系統的破解,相對來說過去缺乏相關的技術積累,不是站在前人的肩膀上,而是一個從 0 到 1 的過程。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這一年,特斯拉的關注度非常高,每一次更新、每一個新功能的發佈都受到整個行業的高度關注,所以科恩選擇挑戰破解特斯拉。他們花了兩個月特斯拉進行了實車拆解,通過深入的逆向分析,找到了一個可以讓特斯拉車輛主動連入科恩特製 Wi-Fi 的邏輯漏洞,利用瀏覽器的內存漏洞以及操作系統內核漏洞控制了影音娛樂大屏,隨後通過入侵車載網關 FreeRTOS 系統控制了 CAN Bus,進而成功破解了特斯拉的雨刷、車速控制等功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在特斯拉的攻防研究的基礎上,科恩陸續開展了對"},{"type":"link","attrs":{"href":"https:\/\/keenlab.tencent.com\/zh\/2018\/05\/22\/New-CarHacking-Research-by-KeenLab-Experimental-Security-Assessment-of-BMW-Cars\/","title":"xxx","type":null},"content":[{"type":"text","text":"寶馬"}]},{"type":"text","text":"、雷克薩斯等品牌的研究,覆蓋了德國、日本和美國等全球主流的車聯架構。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/16\/16df6cfada9c331e1a8d93a508ac8643.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我們 2016 年的這次特斯拉研究,包括後續的研究,我能切身感受到它對整個汽車行業的影響,讓汽車行業看到這個車竟然可以被這樣攻破,那些出現在如《速度與激情 8》電影裏的情景可能會變成現實、帶來人身和財產安全上的威脅。”聶森說。科恩在車聯網安全等細分領域也闖出了自己的地位,不少中外汽車廠商慕名而來。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在此之前,車聯網安全漏洞測試主要靠專家進行人工服務,破解特斯拉後,科恩逐漸將這些研究成果沉澱下來,形成了一個通用的工具和平臺 SysAuditor。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"車聯網是一個比較好的安全漏洞研究載體,但實際上還有更廣泛的領域,比如說工業互聯網或者物聯網,如家用的智能電錶、骨幹網上的路由器、大型電廠裏的工控設備、車載的單片機。以攝像頭爲例,科恩之前的研究證實黑客在攝像頭上完全可以做到電影裏的效果:比如黑進監控攝像頭的系統,用一段已經錄好的視頻替換攝像頭實時監控的視頻。SysAuditor 工具針對的就是這些含嵌入式硬件的行業,以保證 IoT 固件的安全。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,科恩還針對 Android 平臺發佈了 App 漏洞掃描工具 APKPecker,面向大型移動互聯網公司、做應用市場的手機廠商等。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以及最近發佈的面向全行業的自動分析工具 "},{"type":"link","attrs":{"href":"https:\/\/keenlab.tencent.com\/zh\/2021\/08\/11\/2021-binaryai-public-release\/","title":"xxx","type":null},"content":[{"type":"text","text":"BinaryAI"}]},{"type":"text","text":",可以通過檢測編譯後的二進制文件分析軟件中的漏洞情況。比如軟件開發過程中,不斷引入第三方代碼和組件,這時候安全風險可能就來自這些包含了漏洞的第三方組件。這是一項填補了業界空白的比較特殊的創新產品,目前業內的同類產品,比如美國惠普的 Fortify 等都是分析的軟件源代碼。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從 2018 年初開始,科恩主動創新,已經產生了千萬級別的項目收入。原來作爲一支研究團隊,科恩並不特別強調“錢”的事情,評判成員貢獻主要依據技術突破和研究成果。而現在,在此基礎上又增加了一點收入上的權重和比重,如果技術轉化或者對外價值輸出能夠帶來收入,也可以作爲評判個人貢獻的依據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在未來發展方向上,科恩短期目標是繼續引入 AI 和大數據相關要素,完善產品線,打造爆款產品。中期目標是幫助騰訊安全和騰訊雲擴展業務。長期目標仍然是堅持一些新的技術前瞻性研究,走在安全行業前面。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"寫在最後"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於通常不產生明面上的業績,網絡安全行業在中國受重視程度不及其他 IT 行業。歐盟推出 GDPR 後,美國加強安全監管,一般企業對網絡安全投入的佔比能達到 12% 以上。而在中國,即使是對安全比較重視的金融行業,網絡安全投入佔比還不足整個 IT 投入的 4%-5%,一般企事業單位可能都達不到 IT 投入的 2%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"最近幾年,國家愈加重視信息安全,相繼出臺了《"},{"type":"link","attrs":{"href":"http:\/\/www.npc.gov.cn\/npc\/c1481\/201507\/82ce4cb5549c4f56be8a6744cf2b3273.shtml","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"網絡安全法"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"》、《"},{"type":"link","attrs":{"href":"https:\/\/new.qq.com\/omn\/20210821\/20210821A0BFOD00.html","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"個人信息保護法"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"》、《"},{"type":"link","attrs":{"href":"http:\/\/www.xinhuanet.com\/2021-06\/11\/c_1127552204.htm","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"數據安全法(草案)"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"》以及《"},{"type":"link","attrs":{"href":"http:\/\/www.gov.cn\/zhengce\/zhengceku\/2021-07\/14\/content_5624965.htm","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"網絡產品安全漏洞管理規定"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"》。"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#000000","name":"user"}}],"text":"如果網絡安全相關工作做的不到位,企業將需要承擔相關責任。"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"這些舉措對企業起到了監督的作用,同時"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#000000","name":"user"}}],"text":"推動着行業向良性方向發展,網絡安全也將踏入黃金時代。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“這個行業一路走過來真的不容易”,在安全一線從業三十年的蔡軍感慨,“科恩能發展到現在,我們覺得很難得,很珍惜(當前的機遇)。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"嘉賓簡介:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"聶森(snie)"},{"type":"text","text":",騰訊安全科恩實驗室專家研究員,車聯物聯安全技術負責人。目前在騰訊負責軟件安全的前沿研究工作,研究成果發表在 BlackHat,AAAI,NIPS 等國際會議,並應用於智能網聯汽車等安全場景。曾帶領團隊實現特斯拉、寶馬等的遠程破解案例,在汽車和安全行業有較大影響力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"蔡軍"},{"type":"text","text":",科恩實驗室副總經理,騰訊安全高級專家,負責科恩實驗室核心安全研究能力輸出和自研產品市場推廣,參與領導了特斯拉全球遠程破解及成果展示項目,組織協調科恩戰隊榮獲 “強網杯”、“網鼎杯”和“護網杯”國家級安全賽事,並全部獲得冠軍。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"吳石"},{"type":"text","text":",騰訊安全科恩實驗室負責人。20 年來一直從事網絡安全方面的研究及開發工作。曾在瀏覽器領域、PC 軟件領域的漏洞挖掘取得了系列研究性創新成果。其本人領導的科恩團隊專注於移動互聯網安全、車聯網安全研究,與特斯拉、奧迪、寶馬等主流車廠建立了合作關係,爲消費者的出行安全做出了較大貢獻。吳石還注重人才的培養,先後組建的 Keen Team 安全研究團隊、eee CTF 戰隊,以及現在領導的科恩實驗室,培育出了數十位具有世界先進水平的研究員。團隊在國內、國際安全大賽均取得了卓越成績。在世界級的網絡安全競技大賽 Pwn2Own 上斬獲了 3 個團體冠軍,並在有“黑客世界盃”之稱的 DEFCON CTF 上拿到了總冠軍。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"迷你書推薦"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中國頂尖技術團隊訪談錄(2021 年第四季)開放下載"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本期《中國頂尖技術團隊訪談錄》精選了騰訊科恩、金蝶、海爾集團 IT、小紅書、網易、阿里等技術團隊在技術落地、團隊建設方面的實踐經驗及心得體會。InfoQ 希望通過這樣的記錄,向外界傳遞頂尖技術團隊的做事方法 \/ 技術實踐,讓開發者瞭解他們的知識積累、技術演進、產品錘鍊與團隊文化等,並從中獲得有價值的見解。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你身處傳統企業經歷了完整的數字化轉型過程或者正在互聯網公司進行創新技術的研發,並希望 InfoQ 可以關注並採訪你所在的技術團隊,可以添加微信:whitecrow-tina,請註明來意及公司名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"掃描二維碼或點擊【閱讀原文】下載本期訪談錄電子書↓"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/f8\/f8b0576bbf74310b172e79131c403506.jpeg","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"下載鏈接:"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/minibook\/rqvZHbKLePA4eE8G85kp","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/www.infoq.cn\/minibook\/rqvZHbKLePA4eE8G85kp"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
深度揭祕中國頂尖安全團隊:網安不應有江湖,安全研究是另一個工程技術
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"採訪嘉賓 | 吳石、蔡軍、聶森"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"採訪 | Tina、魏星、蔡芳芳"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"撰稿 | Tina"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個行業,沒有傳說中的江湖,沒有莫名其妙的絕招,也沒有那麼多各種莫名其妙的天才。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一個時代的優秀人才總是成批的湧現,再成批的褪去。中國上一代最優秀的安全人才,有的禁不住誘惑去做了黑產,有的看着安全行業沒前途選擇了轉行,還有一部分在“3Q 大戰”中被大企業收編。之前憑着熱血和激情入行的“草莽之衆”,逐漸大浪淘沙轉變爲了企業裏的正規軍。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這些選擇進入大企業的人中,不乏當年最頂尖的高手(又被稱爲“白帽”),他們逐漸成爲了這個時代的中堅力量,用自己的一言一行,以及做事的邏輯和方法,爲這個圈子培養出了更優秀的“新生代網安人”。科恩就是一支被這樣的頂尖人才引導成長起來的隊伍,他們更鋒利、自信、有實力,比上一代網安人更有力量去實現“改變行業、保護世界”的理想。"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"(本文節選自"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/minibook\/rqvZHbKLePA4eE8G85kp","title":"xxx","type":null},"content":[{"type":"text","text":"《中國頂尖技術團隊訪談錄》2021年第四季"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":")"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"安全人才等來了黃金時代"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在中國做安全研究的不多,而能稱之爲頂級選手的人數更是稀少。早期的從業人員,普遍“半路出家”,專業背景包括中文、生物、法律、醫學等等五花八門,大多是出於對網絡安全技術的熱愛而自學成才。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2006 年之後,因爲網絡遊戲的流行,一些早期“黑客”發現可以通過外掛、木馬等方式盜取遊戲用戶信息和虛擬資產進行變現,因此在“3Q 大戰”之前,幾乎一半的安全人才禁不住誘惑逐漸從事黑產違法活動,人才流失極爲嚴重。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"剩下爲數不多的網安人,普遍拿着不及 IT 行業平均水平的薪資,擁有一身本領,卻始終堅持正義和初心艱苦地熬着日子。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"吳石,是這些人中“殿堂級”的大師人物之一。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從復旦大學數學系畢業後,吳石在一家 IT 企業任職,因爲興趣開始利用業餘時間查找漏洞。吳石曾在微軟 Word 裏發現了一個嚴重漏洞(CVE-2010-3333),這個漏洞導致的最嚴重的場景是,比如你發送一封郵件給任何一個人,他不用點開郵件打開附件,只要到達服務端,用戶的電腦就會被遠程控制。在微軟正式修復之後,仍有地下黑客通過比對分析得出利用原理,還進行了很長一段時間的攻擊活動。因爲 0-Day 漏洞極具價值,曾"},{"type":"link","attrs":{"href":"http:\/\/m.techweb.com.cn\/article\/2010-07-16\/642663.shtml","title":"xxx","type":null},"content":[{"type":"text","text":"有黑市買家"}]},{"type":"text","text":"想以十倍於 ZDI 的價錢購買他發現的漏洞,但吳石並不爲所動。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"到 2010 年"},{"type":"link","attrs":{"href":"http:\/\/m.techweb.com.cn\/article\/2010-07-16\/642663.shtml","title":"xxx","type":null},"content":[{"type":"text","text":"《福布斯》報道"}]},{"type":"text","text":"他時,吳石已經發現並報告了 IE、Safari 和 Chrome 等瀏覽器中存在的 100 多個嚴重漏洞。安全專家查理•米勒(Charlie Miller)說:“或許蘋果應當聘請吳石來幫助他們,因爲他發現的蘋果操作系統的漏洞數量是蘋果整個安全團隊的兩倍還多。”福布斯評論說,蘋果很幸運,因爲遇到了“像吳石這麼厚道的人”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2012 年,上海碁震雲計算科技(Keen Team)在上海成立,當時人數不多,只有三五位在職人員。2013 年吳石以首席科學家的身份加入了 Keen Team,Keen Team 也從此迎來了大發展。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2013 年 11 月 13 日,Keen Team 團隊在東京 Pwn2Own Mobile 比賽中攻破 iOS 7.0.3,成爲亞洲和國內第一個拿到頂級賽事冠軍的團隊。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於上海交大碩士畢業加入 Keen Team 的聶森來說,吳石既是這個行業的領軍人物,也是行業的一面旗幟,指引着新人前進道路的方向。因爲從小對黑客技術感興趣,在上海交大讀書時,聶森每週會讀一兩篇行業內的論文,並在微博上記錄讀後感。作爲前輩的吳石是爲數不多的、願意以網友身份無償地給予點評意見和建議的人。聶森回憶說,當時他正處於瓶頸期,真心能體會到自身技術發展上和國際前沿之間的差距,這些點撥讓他有了一個能突破自我的機會。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同時他對吳石充滿了欽佩,“在他那個時代做安全,收入不好也沒有什麼人關注。現在的年輕人可能只看到了大家風光的時候,誰能想象得到這個行業在前一二十年間慘淡的狀況。在行業沒那麼好的時候,還能脫穎而出,這靠的是定力、不斷的積累,以及足夠的熱情… 能堅持下來的,只有也唯有真愛。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2013 年,“斯諾登事件”爆發,從國家層面開始重視安全,奇虎 360、騰訊和阿里巴巴等互聯網企業也願意在安全上做投入,紛紛開始收購市面上不錯的安全團隊。Pwn2Own 奪冠,使這支一貫低調的團隊走進入了公衆視野,吸引了包括騰訊在內至少 5 家大型公司的投資意向,COO 任宇昕和騰訊副總裁丁珂甚至帶着多位總經理直接飛到上海與他們聊收購意向。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2014 年 1 月,Keen Team 正式加盟騰訊,2016 年正式成立“科恩實驗室”,結合早期的積累,騰訊旋即推出了玄武實驗室、雲鼎實驗室等“七劍下天山”的安全矩陣。騰訊給科恩最初的定位是基於 Keen Team 的漏洞挖掘能力,支持公司的內部產品安全,並不要求幫助公司掙錢,也沒有什麼 KPI 考覈限制。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"選擇加入騰訊是當時的最優選擇,同時也能“使我們當時能夠達到比較好的收入水平”,吳石表示。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"騰訊對加盟的安全人員也極爲重視:整個騰訊 16 級以上的專家只有 3 位,吳石是其中之一。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"互聯網企業開始收編安全人才,帶來一個明顯的趨勢是“從業人員的待遇越來越好”。科恩副總經理蔡軍,在安全行業從業 30 多年,也是早年加入 Keen Team 的老員工,據他回憶,“從畢業生薪資統計來看,連續有幾年,網絡安全人才薪資福利在 IT 科技行業裏都是最高的。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"老一輩的網安人更多是因爲個人的興趣愛好,比如 TK 教主原來是學醫出身,他加入騰訊也是行業裏的一個標誌性事件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我們那個時代還有很多也都不是科班出身,但現在我們招收的網絡安全專業畢業的科班同事越來越多了,”蔡軍補充說,“科恩團隊現在 90% 以上新加盟的都是經過七八年計算機專業學習、科班出身的年輕人。”大廠在安全上的投入改善的不僅僅是網安從業者的生存現狀,更影響了整個行業,“我還聽說有很多黑產洗白的故事,不再去做違法亂紀的事情,因爲現在正常合法的途徑和空間已經很大了。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"沒有飛花拈葉的絕招,也沒有所謂的江湖"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"過去十年,網安從業者的形象已經被塑造成了掌管着開啓網絡世界大門鑰匙的人,只需一個動作,便能穿梭屏障來去自如… 如果說頂級玩家真的擁有絕招,那麼吳石的祕訣是什麼?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"《福布斯》的報道中提到,吳石掌握了一種獨特的“fuzzing”方法,關注的是軟件架構,而不是細節。業界還傳說他有一套自己的“漏洞數學模型”,能從編譯過的二進制文件中,逆向找到軟件裏的算法邏輯或業務邏輯的問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"發現微軟 Word 軟件漏洞(CVE-2010-3333),也是基於這種 fuzzing 分析。微軟有一種富文本(RTF)格式,在 2011 年前這個格式基本不公開,但如果用文本編輯器打開 RTF 的一些文本,你會發現它的格式很有規律。通過查看這些樣本,吳石手工構造了一些對於 Word 程序來說比較奇怪的樣本,再將它們不斷“喂”給 Word 程序,Word 很快就崩潰了。通過對崩潰過程的分析,一步一步地找到漏洞。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"吳石說,理論上 Word 經過了比較嚴格的測試,這是一個一般程序員、一般公司都不會犯的軟件錯誤。“漏洞挖掘的過程實際上是在符合規則的前提下,構造了程序員很難想到的一些樣本去尋找軟件的斷點,這是最關鍵的一點。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“其次是讓構造的樣本數據或程序代碼儘可能互相關聯,這樣能較快地進行收斂。一開始目標程序可能是個黑盒,通過投餵精心構造的樣本數據瞭解軟件的處理邏輯,能夠知道在哪些地方可能有點問題——目標程序就逐漸變成了灰盒。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微軟谷歌這樣的大廠產品,實際是很安全的,他們會想出各種方法測試自己的軟件,安全問題最主要還是依賴於測試。所以可以理解爲漏洞挖掘本質考驗的是網安工程師"},{"type":"text","marks":[{"type":"strong"}],"text":"對軟件的理解程度"},{"type":"text","text":",通過動態分析和靜態分析,瞭解程序在做什麼以及是怎麼做的,並在測試條件下挑程序員意想不到的地方。所以某種程度上,也是要求開發者不要犯同一個能讓別人反覆猜到並利用的錯誤,“只要程序員每次能犯不同的錯誤,我覺得是可以接受的”,吳石說。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"漏洞挖掘過程中的手工分析同時也考驗攻防雙方的"},{"type":"text","marks":[{"type":"strong"}],"text":"編程基本功"},{"type":"text","text":"。編程中任何容易出錯的地方,都有可能產生被利用的漏洞。比如如果使用 C 語言,要寫得比較安全,得去了解前人總結的幾十或上百種不同程序員容易出錯的模型,“看完這個才能上崗”。目前開發者比較容易出安全問題的地方包括代碼的“邊界檢查”——尤其是那些容易造成堆棧溢出的邏輯,“老實說,大部分程序員的算數不是很好,有稍微複雜一點的加減乘除運算的地方,甚至包括谷歌和微軟的程序員都容易犯錯。”另一個值得開發者警惕的是程序執行時的“競爭條件”,典型如不同進程操作同一塊數據,非常容易帶來各種各樣的安全問題,並且一般的測試很難發現這樣的問題,是一個需要程序員予以警惕的漏洞模式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"吳石認爲,信息安全已經成爲了工程技術領域內的一個行業。做得好的話,跟其他的工程技術領域沒有什麼區別。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“一開始大家覺得這是一個江湖的事情,有很多各種莫名其妙的天才,有各種各樣莫名其妙的絕招。"},{"type":"text","marks":[{"type":"strong"}],"text":"其實沒有"},{"type":"text","text":"。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/53\/5340c2e0b63921ea7e1c251cecc462ec.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“因爲經過三十多年的發展,這個領域沒有什麼東西是你想得到而別人想不到的。2000 年左右,國內開始有一種奇怪的風氣,喜歡把網絡安全跟武俠文化結合在一起,好像每個人都是有一些不傳的祕籍,只要能夠一使出來,就可以飛花摘葉、取敵人首級於千里之外。實際上這個領域不存在特別神祕的東西,也不應該有神祕的東西,尤其不需要人爲地製造這種神祕感。而且這個領域沒有、也不應該有那種江湖俠義或‘黑客精神’。目前它還是會影響很多年輕人,導致他們很崇尚個人主義或名利上一些比較奇怪的追求。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我們應該以一種平常心來看待這個行業。要成爲一名安全領域的高手,所需要做的就是不斷學習,把過去幾十年已有的知識變成自己的能力,這是一個痛苦的、需要不斷花精力去不斷練習的過程。最重要的就是有自驅動力,踏踏實實地做事,每天進步一點點,日積月累最後終能取得比較大的成就。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個領域,對個人能力的依賴性或關聯性的確相對於其它領域高一點,安全行業曲折地發展到現在,不缺聰明厲害、非常有個性和能力的人,但崇尚“俠客風範、個人英雄主義”反而有礙於自身發展了。行業在進化,"},{"type":"text","marks":[{"type":"strong"}],"text":"任何一個大的技術進步都是靠一羣默默貢獻、踏踏實實的人共同完成的。"},{"type":"text","text":"個人成就已經和團隊緊密相連,需要大家懂得合作。這個行業已經不鼓勵獨狼行爲,而是希望團隊至上,能將個人的成功、興趣愛好疊加到公司需求、行業需求上,包括對國家、對一些技術承載有責任擔當,個人才能走得更紮實更遠。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“板凳能坐十年冷”是吳石的口頭禪,他強調:“安全這個行業最看重的不是天賦、智商,最關鍵的是要能堅持下去,只要能堅持下去,一定能夠比大多數人眼裏的聰明人做得更好。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"如何運營一支安全團隊"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"安全的軟件是經過不斷地攻防對抗演化出來的;而網絡安全上的競爭,歸根到底是人才的競爭。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從 2014 年 1 月被收購,到 2018 年騰訊“9·30 變革”,科恩團隊一直相對獨立運作,類似學校的研究實驗室,針對網絡安全做漏洞攻防領域的研究,輸出重點是爲騰訊的業務保駕護航,作爲子公司也需要以人力形式幫客戶提供一些軟件安全服務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"作爲騰訊安全“七劍”之一,吳石給科恩設定的目標之一是成爲騰訊安全的一張名片,通過 CTF 比賽或一些比較困難的技術研究,讓外界瞭解到騰訊安全有能力幫助客戶做好網絡安全服務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"收購之後,科恩代表騰訊安全在國際性比賽中拿了 17 個冠軍,贏得了三次世界破解大師(Master of Pwn)的稱號。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2016 年,特斯拉風頭正勁。它的安全防護技術也是全球領先的,在信息安全技術、包括人力上的投入可能是全球汽車行業裏面最多的一個。2016 年 9 月,科恩成功實現無物理接觸環境下遠程操控特斯拉,這在全球範圍是是頭一次,同時也向特斯拉報告了多項安全漏洞,馬斯克親自寫信致謝,並隨信頒發了兩塊“鐵牌牌”——即代表特斯拉安全研究最高榮譽的“特斯拉安全挑戰徽章”。2017 年,科恩實驗室再次實現了其無物理接觸遠程攻擊,能夠在駐車模式和行駛模式下對特斯拉進行任意遠程操控。特斯拉也連續兩年授予科恩實驗室“特斯拉安全研究名人堂”稱號。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/9b\/9b737e0b9b2da236e48e56d49cd4916c.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"“特斯拉安全挑戰徽章”和馬斯克親筆簽名感謝信"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在這期間,科恩還有一個任務,就是通過組織 CTF 比賽和破解特斯拉等活動來挖掘和選拔人才,將合適的苗子吸收到團隊中。找好苗子不是容易的事情,人才培養儲備問題是安全行業發展的一大困境。以前安全行業苦,也不掙錢,很難留住人才,大多數高校也沒有設立安全專業,“70 後”做安全的屈指可數,“80 後”這一代就已經有了巨大的人才斷層。根據調研機構數據,整個信息安全行業總體人員缺口在十幾萬到幾十萬之間,做漏洞研究的更加稀缺。隨着大家對安全越來越重視,待遇水漲船高,企業間人才爭奪也愈加激烈。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"利用比賽來“掐尖兒”,科恩儲備了不少好苗子,如專注於車聯網安全的聶森、拿了 11 個 Pwn2Own 冠軍的 zhen、CTF 比賽冠軍專業戶 jacky、在國家實戰演練中拿到冠軍的活動負責人 shu…"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最開始這是一個研究團隊,對大家沒有條條框框的限制,天高任鳥飛,無論是移動、PC,還是智能汽車或者電力設備,只要有興趣都可以隨意研究。大家也非常容易沉浸到自己的研究中,聶森就注意到這些優異的人擁有一個共同特質,就是隨時遇到問題就有去研究透徹的衝動,能立馬將自己關進“籠子裏”,“有可能你跟他說着話,或喫着飯的時候,他突然間陷入了一個狀態,具備了排斥外界氛圍的能力了,多半是大腦裏在演練解決思路。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理這麼多優秀的人,吳石坦言一開始有點“沒信心”,但由於單靠個人所取得的成就相對有限,像參加 Pwn2Own、CTF 這些國際性比賽都必須要有團隊一起合作。在談到帶團隊的感受時他說,“首先,將一羣聰明的人擰成一股繩,讓大家朝着一個目標去努力並取得比較大的成績,這個很有成就感。其次,能幫助一些年輕人比較快地成長,少走彎路,這個也很有成就感。”科恩的“戰績”能長盛不衰,吳石自然功不可沒。在聶森看來,安全技術以前肯定存在中外技術差距,隨着大環境變化,科恩裏聰明的年輕人越來越多,且有像吳石這樣資深、專業的前輩指導,團隊達到國際一流水平已經沒有什麼阻力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"網安研究團隊建設,與一般技術團隊不同,行業裏沒有太多值得大家互相借鑑的成功經驗。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於蔡軍歲數相對較大,在團隊屬於老大哥的角色,不少人會問他如何運營一支網絡安全團隊。他表示,“這個問題我也想了很多年,我覺得大概分幾個方面。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第一,常在河邊走,但是一定不能溼鞋。不碰高壓線,不做任何瓜田李下的事情。很重要的是要有一個很好的帶頭人。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我一直開玩笑說我們有一個德藝雙馨的吳石總,他爲人很低調,有非常紮實的功底,厚積薄發。他決定了這個團隊的氣質和價值觀。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在科恩團隊,很多小夥子手上的那些手藝和功夫業界一流,但凡動點歪心思就能獲取巨大的利益。面對這種誘惑,對人的道德修養和品德要求是很高的。所以科恩對加入團隊的這些人的品質,要求非常高。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“吳石本身是一個很好的典範,他作爲一個神一樣的存在,天天跟大家一起,樹立的榜樣就是再能幹的人也是要堅持研究和付出的。吳石也四十多歲了,每天晚上也都是看資料看論文,要跟我們討論,經常都是一兩點鐘才睡。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第二,這個團隊近幾年已經形成一個新老搭配、優勢互補的格局。有老人兒,有後起之秀,大家在不同的領域都取得過非常突出的成績,可以互相碰撞工作研究思路和心得體會。新老搭配,同時又能夠互補,這就形成了團隊的整體實力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我們有非常正向的積極的價值觀和團隊文化:追求極致,團隊至上,勇於擔當。這對於新加入的一些同事會有一些潛移默化的影響。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"第三,重視人才的梯隊建設,以及對外交流互動。這也是團隊過去取得成績很重要的一個保證。比如在騰訊我們以科恩爲技術支持,持續舉辦的 TCTF 信息安全爭霸賽。對於科恩來說,更重要的是想通過這樣的賽事在專業領域去發現一些好的苗子和人才,也通過把國內高校戰隊和國際頂尖 CTF 戰隊放到一個賽場上競技,提升國內高校學生的視野,逐步縮小、追平和國外的差距。另外科恩也非常注重跟高校合作,吸引 CTF 戰隊的同學來這學習和交流。還有一些金融客戶、大企業客戶的安全團隊,他們經常也有些人來實習和交流。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我覺得科恩的團隊建設目前看還是比較成功的,當然在這個過程中也有一些人和我們志趣不同,離開團隊,但是我們發現團隊的整體實力強,不依賴於一兩個天才。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"讓安全研究走出實驗室"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"黑產利潤再大,但也比不上用正大光明的手段掙錢。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2018 年 9 月 30 日,騰訊宣佈了重大組織架構調整,成立了新的 CSIG 雲與智慧產業事業羣,同時提倡科技向善,面向 To B 市場,爲政府、企業提供技術支持。科恩團隊在這次調整中,從 MIG 換到了雲和智慧產業事業羣,這個階段配合着騰訊主體業務發展的要求,科恩的定位也有了變化,除“保駕護航”之外,還有了幫助騰訊安全以及騰訊整個雲的業務做“開疆拓土”的要求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而且任何企業運營都需要一些開銷。作爲一支高水平的研究團隊,科恩也不希望只被“包養”,而是希望自己去創造一些價值,產生營收。吳石給科恩設定的另一個目標是把一些安全能力,即漏洞研究的心得和成果,包裝成工具和產品,並將其推向市場。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這也就要求在鼓勵大家做自由的安全研究探索之外,還需要有一些特定的方向,其中之一就是車聯網。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"聶森從 2016 年開始帶領一個小團隊負責科恩的車聯網安全業務。智能汽車系統跟手機不同,是建立在可能幾十個單片機系統之上的,比如剎車、娛樂大屏都各有自己的單機系統,那麼它的攻防找的是漏洞鏈條,整個環節可能涉及至少大大小小 3 到 5 個漏洞,研究週期很長,需要的技術棧也比較複雜。車載系統的破解,相對來說過去缺乏相關的技術積累,不是站在前人的肩膀上,而是一個從 0 到 1 的過程。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這一年,特斯拉的關注度非常高,每一次更新、每一個新功能的發佈都受到整個行業的高度關注,所以科恩選擇挑戰破解特斯拉。他們花了兩個月特斯拉進行了實車拆解,通過深入的逆向分析,找到了一個可以讓特斯拉車輛主動連入科恩特製 Wi-Fi 的邏輯漏洞,利用瀏覽器的內存漏洞以及操作系統內核漏洞控制了影音娛樂大屏,隨後通過入侵車載網關 FreeRTOS 系統控制了 CAN Bus,進而成功破解了特斯拉的雨刷、車速控制等功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在特斯拉的攻防研究的基礎上,科恩陸續開展了對"},{"type":"link","attrs":{"href":"https:\/\/keenlab.tencent.com\/zh\/2018\/05\/22\/New-CarHacking-Research-by-KeenLab-Experimental-Security-Assessment-of-BMW-Cars\/","title":"xxx","type":null},"content":[{"type":"text","text":"寶馬"}]},{"type":"text","text":"、雷克薩斯等品牌的研究,覆蓋了德國、日本和美國等全球主流的車聯架構。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/16\/16df6cfada9c331e1a8d93a508ac8643.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我們 2016 年的這次特斯拉研究,包括後續的研究,我能切身感受到它對整個汽車行業的影響,讓汽車行業看到這個車竟然可以被這樣攻破,那些出現在如《速度與激情 8》電影裏的情景可能會變成現實、帶來人身和財產安全上的威脅。”聶森說。科恩在車聯網安全等細分領域也闖出了自己的地位,不少中外汽車廠商慕名而來。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在此之前,車聯網安全漏洞測試主要靠專家進行人工服務,破解特斯拉後,科恩逐漸將這些研究成果沉澱下來,形成了一個通用的工具和平臺 SysAuditor。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"車聯網是一個比較好的安全漏洞研究載體,但實際上還有更廣泛的領域,比如說工業互聯網或者物聯網,如家用的智能電錶、骨幹網上的路由器、大型電廠裏的工控設備、車載的單片機。以攝像頭爲例,科恩之前的研究證實黑客在攝像頭上完全可以做到電影裏的效果:比如黑進監控攝像頭的系統,用一段已經錄好的視頻替換攝像頭實時監控的視頻。SysAuditor 工具針對的就是這些含嵌入式硬件的行業,以保證 IoT 固件的安全。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,科恩還針對 Android 平臺發佈了 App 漏洞掃描工具 APKPecker,面向大型移動互聯網公司、做應用市場的手機廠商等。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以及最近發佈的面向全行業的自動分析工具 "},{"type":"link","attrs":{"href":"https:\/\/keenlab.tencent.com\/zh\/2021\/08\/11\/2021-binaryai-public-release\/","title":"xxx","type":null},"content":[{"type":"text","text":"BinaryAI"}]},{"type":"text","text":",可以通過檢測編譯後的二進制文件分析軟件中的漏洞情況。比如軟件開發過程中,不斷引入第三方代碼和組件,這時候安全風險可能就來自這些包含了漏洞的第三方組件。這是一項填補了業界空白的比較特殊的創新產品,目前業內的同類產品,比如美國惠普的 Fortify 等都是分析的軟件源代碼。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從 2018 年初開始,科恩主動創新,已經產生了千萬級別的項目收入。原來作爲一支研究團隊,科恩並不特別強調“錢”的事情,評判成員貢獻主要依據技術突破和研究成果。而現在,在此基礎上又增加了一點收入上的權重和比重,如果技術轉化或者對外價值輸出能夠帶來收入,也可以作爲評判個人貢獻的依據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在未來發展方向上,科恩短期目標是繼續引入 AI 和大數據相關要素,完善產品線,打造爆款產品。中期目標是幫助騰訊安全和騰訊雲擴展業務。長期目標仍然是堅持一些新的技術前瞻性研究,走在安全行業前面。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"寫在最後"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於通常不產生明面上的業績,網絡安全行業在中國受重視程度不及其他 IT 行業。歐盟推出 GDPR 後,美國加強安全監管,一般企業對網絡安全投入的佔比能達到 12% 以上。而在中國,即使是對安全比較重視的金融行業,網絡安全投入佔比還不足整個 IT 投入的 4%-5%,一般企事業單位可能都達不到 IT 投入的 2%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"最近幾年,國家愈加重視信息安全,相繼出臺了《"},{"type":"link","attrs":{"href":"http:\/\/www.npc.gov.cn\/npc\/c1481\/201507\/82ce4cb5549c4f56be8a6744cf2b3273.shtml","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"網絡安全法"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"》、《"},{"type":"link","attrs":{"href":"https:\/\/new.qq.com\/omn\/20210821\/20210821A0BFOD00.html","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"個人信息保護法"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"》、《"},{"type":"link","attrs":{"href":"http:\/\/www.xinhuanet.com\/2021-06\/11\/c_1127552204.htm","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"數據安全法(草案)"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"》以及《"},{"type":"link","attrs":{"href":"http:\/\/www.gov.cn\/zhengce\/zhengceku\/2021-07\/14\/content_5624965.htm","title":null,"type":null},"content":[{"type":"text","marks":[{"type":"underline"}],"text":"網絡產品安全漏洞管理規定"}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"》。"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#000000","name":"user"}}],"text":"如果網絡安全相關工作做的不到位,企業將需要承擔相關責任。"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"這些舉措對企業起到了監督的作用,同時"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#000000","name":"user"}}],"text":"推動着行業向良性方向發展,網絡安全也將踏入黃金時代。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“這個行業一路走過來真的不容易”,在安全一線從業三十年的蔡軍感慨,“科恩能發展到現在,我們覺得很難得,很珍惜(當前的機遇)。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"嘉賓簡介:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"聶森(snie)"},{"type":"text","text":",騰訊安全科恩實驗室專家研究員,車聯物聯安全技術負責人。目前在騰訊負責軟件安全的前沿研究工作,研究成果發表在 BlackHat,AAAI,NIPS 等國際會議,並應用於智能網聯汽車等安全場景。曾帶領團隊實現特斯拉、寶馬等的遠程破解案例,在汽車和安全行業有較大影響力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"蔡軍"},{"type":"text","text":",科恩實驗室副總經理,騰訊安全高級專家,負責科恩實驗室核心安全研究能力輸出和自研產品市場推廣,參與領導了特斯拉全球遠程破解及成果展示項目,組織協調科恩戰隊榮獲 “強網杯”、“網鼎杯”和“護網杯”國家級安全賽事,並全部獲得冠軍。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"吳石"},{"type":"text","text":",騰訊安全科恩實驗室負責人。20 年來一直從事網絡安全方面的研究及開發工作。曾在瀏覽器領域、PC 軟件領域的漏洞挖掘取得了系列研究性創新成果。其本人領導的科恩團隊專注於移動互聯網安全、車聯網安全研究,與特斯拉、奧迪、寶馬等主流車廠建立了合作關係,爲消費者的出行安全做出了較大貢獻。吳石還注重人才的培養,先後組建的 Keen Team 安全研究團隊、eee CTF 戰隊,以及現在領導的科恩實驗室,培育出了數十位具有世界先進水平的研究員。團隊在國內、國際安全大賽均取得了卓越成績。在世界級的網絡安全競技大賽 Pwn2Own 上斬獲了 3 個團體冠軍,並在有“黑客世界盃”之稱的 DEFCON CTF 上拿到了總冠軍。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"迷你書推薦"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中國頂尖技術團隊訪談錄(2021 年第四季)開放下載"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本期《中國頂尖技術團隊訪談錄》精選了騰訊科恩、金蝶、海爾集團 IT、小紅書、網易、阿里等技術團隊在技術落地、團隊建設方面的實踐經驗及心得體會。InfoQ 希望通過這樣的記錄,向外界傳遞頂尖技術團隊的做事方法 \/ 技術實踐,讓開發者瞭解他們的知識積累、技術演進、產品錘鍊與團隊文化等,並從中獲得有價值的見解。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你身處傳統企業經歷了完整的數字化轉型過程或者正在互聯網公司進行創新技術的研發,並希望 InfoQ 可以關注並採訪你所在的技術團隊,可以添加微信:whitecrow-tina,請註明來意及公司名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"掃描二維碼或點擊【閱讀原文】下載本期訪談錄電子書↓"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/f8\/f8b0576bbf74310b172e79131c403506.jpeg","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"下載鏈接:"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/minibook\/rqvZHbKLePA4eE8G85kp","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/www.infoq.cn\/minibook\/rqvZHbKLePA4eE8G85kp"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章