裘褐为衣
跂礄為服
《墨子‧公輸篇》
公輸盤為楚造雲梯之械,成,將以攻宋。子墨子聞之,起於齊,行十日十夜而至於郢,見公輸盤。公輸盤曰:『夫子何命焉為?』子墨子曰:『北方有侮臣,願藉子殺之。』公輸盤不悅。子墨子曰:『請獻十金。』公輸盤曰:『吾義固不殺人。』子墨子起,再拜曰:『請說之。吾從北方,聞子為梯,將以攻宋。宋何罪之有?荊國有余於地,而不足於民。殺所不足,而爭所有余,不可謂智;宋無罪而攻之,不可謂仁。知而不爭,不可謂忠。爭而不得,不可謂強。義不殺少而殺眾,不可謂知類。』公輸盤服。子墨子曰:『然,胡不已乎?』公輸盤曰:『不可,吾既已言之王矣。』子墨子曰:『胡不見我於王?』公輸盤曰:『諾。』
子墨子見王,曰:『今有人於此,舍其文軒,鄰有敝輿而欲竊之;舍其錦繡,鄰有短褐,而欲竊之;舍其粱肉,鄰有穅糟,而欲竊之。此為何若人?』王曰: 『必為有竊疾矣。』子墨子曰:『荊之地,方五千里,宋之地,方五百里,此猶文軒之與敝輿也;荊有雲夢,犀兕麋鹿滿之,江漢之魚鱉黿鼉為天下富,宋所為無雉兔狐狸者也,此猶粱肉之與糠糟也;荊有長松、文梓、楩、枬、豫章,宋元長木,此猶錦繡之與短褐也。臣以王之攻宋也,為與此同類,臣見大王之必傷義而不得。』王曰:『善哉!雖然,公輸盤為我為雲梯,必取宋。』
於是見公輸盤,子墨子解帶為城,以牒為械,公輸盤九設攻城之機變,子墨子九距之。 公輸盤之攻械盡,子墨子之守圍有餘。公輸盤詘,而曰:『吾知所以距子矣,吾不言。』子墨子亦曰:『吾知子之所以距我,吾不言。』楚王問其故,子墨子曰: 『公輸子之意,不過欲殺臣。殺臣,宋莫能守,乃可攻也。然臣之弟子禽滑厘等三百人,已持臣守圉之器在宋城上而待楚寇矣。雖殺臣,不能絕也。』楚王曰:『善哉!吾請無攻宋矣。』
子墨子歸,過宋,天雨,庇其閭中,守閭者不內也。故曰:『治於神者,眾人不知其功,爭於明者,眾人知之。』
好一場墨子與公輸盤的『帶城牒械』的『紙上談兵』,輸贏自能互見省卻多少生靈塗炭,此不可謂之『智』乎??
─── 《Λ 運算︰概念導引之《補充》※有名的組合子!!》
『善守』者,能不知『攻城』之術乎?
故說此『滲透測試』︰
Penetration test
A penetration test, colloquially known as a pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system’s features and data,[1][2] as well as strengths,[3] enabling a full risk assessment to be completed.
The process typically identifies the target systems and a particular goal—then reviews available information and undertakes various means to attain the goal. A penetration test target may be a white box (which provides background and system information) or black box (which provides only basic or no information except the company name). A penetration test can help determine whether a system is vulnerable to attack if the defenses were sufficient, and which defenses (if any) the test defeated.[4][3]
Security issues that the penetration test uncovers should be reported to the system owner.[5] Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce risk.[5]
The goals of a penetration test vary depending on the type of approved activity for any given engagement with the primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor and informing the client of those vulnerabilities along with recommended mitigation strategies.[6]
Penetration tests are a component of a full security audit. For example, the Payment Card Industry Data Security Standard requires penetration testing on a regular schedule, and after system changes.[7]
Flaw hypothesis methodology is a systems analysis and penetration prediction technique where a list of hypothesized flaws in a software system are compiled through analysis of the specifications and documentation for the system. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists, and on the ease of exploiting it to the extent of control or compromise. The prioritized list is used to direct the actual testing of the system.
……
特介紹『咖哩這味』也!
Kali Linux
Kali Linux 是基於Debian的Linux發行版,設計用於數位鑑識和滲透測試。由 Offensive Security Ltd 維護和資助。
Kali Linux既有32位元又有64位元的映像。可用於x86指令集的中央處理器。同時還有基於ARM架構的映像,可用於樹莓派和三星的ARM Chromebook.[3]
開發
Kali Linux 擁有超過600個預裝的滲透測試程式,包括 Armitage(一個圖形化網路攻擊管理工具, Nmap(一個埠和服務掃描工具), Wireshark, John the Ripper password cracker, Aircrack-ng, Burp Suite 和 OWASP ZAP 網路應用程式安全掃描器。
最先由 Offensive Security 的 Mati Aharoni 和 Devon Kearns 通過重寫 BackTrack 來完成,BackTrack 是他們之前寫的用於取證的 Linux 發行版 [4]。
Kali Linux 是建立在安全的環境中,只有可信的人才可以提交安裝套件,並且每一個包都含有開發者的數位簽章。kali還有一個為802.11無線注入打修補程式的客製化內核。這主要是因為開發團隊發現他們需要進行大量的無線評估。
………
About the Kali Linux Distribution
Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database and the free online course, Metasploit Unleashed.
Kali Linux Core Developers
Mati Aharoni (muts) is the lead Kali developer, trainer and founder of Offensive Security. With over 10 years of experience as a professional penetration tester, Mati has uncovered several major security flaws and is actively involved in the offensive security arena.
Devon Kearns (dookie) is an Offensive Security instructor, Kali Linux developer, the administrator of the Exploit Database, co-creator of the Metasploit Unleashed project, exploitation fanatic, and co-author of Metasploit: The Penetration Tester’s Guide.
Raphaël Hertzog (buxy) is an experienced Debian developer and consultant, author of the well known Debian Administrator’s Handbook. He’s the packaging wizard in our team and manages our continuously growing development infrastructure.
Kali Linux Developers and Forum Moderators
bolexxx has been administering the Kali forums (and previously BackTrack forums) for over 7 years now, keeping the forums running and spam free.
steev does our ARM development for Kali Linux. Steev has been working with and on arm devices since 2009 and is also a co-lead of the Gentoo ARM team.
g0tmi1k has been a helping hand and active member since remote-exploit.org. Promoted to staff in 2010, building VMs from 2014 and packaging since 2015.
Sickness is an object of torture and abuse in Offensive Security, and often gets the bad end of our masochistic jokes. He also does kernel exploit stuff.
雖然目前並沒有樹莓派 3B+ 之正式『映像』檔
RPi 3 model B+ — any success booting kali linux?
Really frustrated here. Been using this firmware from offensive downloads: Kali Linux RaspberryPi 2 and 3 VERSION: 2018.1a (the nexmon.img)
so its been updated since june 2014…
any i missing something? 
this live micro sd will NOT boot my new RPi 3 B+… no rainbow screen, only the red power like button comes on, no signal goes to HDMI… 
anyone else have any luck or am i missing something 
im gonna see if it will boot with my RPi 3B and if it does then i know theres gotta be something im missing about setting up the 3B+
please help if you can. or if you have any ideas 
thank you 
有興趣的人或可嘗試哩★
Kali Linux image for Raspberry Pi 3 B+
只有 3B+ 可用者,那就嚐鮮吧☆
STICKY FINGER’S KALI-PI – Pre-installed
Kali Linux on Raspberry Pi 1/2/3(+)/Zero(W) with touch optimized interface in a ready-to-go image
(Refreshed 23-September-2018)
Sticky Finger’s Kali-Pi – The pocket size, finger friendly, lean mean hacking machine
Need practice targets? Checkout Sticky Finger’s DV-Pi
Sticky Finger’s Quick Start Guide:
Sticky Finger’s Kali-Pi image comes with the following features out of the box:
- 2GB image ready to go with all common touch screens.
- Kali Linux Rolling edition with MSF meta package and all other essential tools
- Re4son Kali-Pi Kernel 4.14 with bluetooth, touch screen support and wifi injection patch
- “re4son-pi-tft-setup” tool to set up all common touch screens, enable auto-logon, etc.
- “kalipi-config” tool to set up the raspberry pi (improved raspi-config for kali)
- Apache, Pure-FTP, SDR-Scanner, Screenshot Tool, ntop, darkstats, mana-toolkit,
Kismet classic, Kismet development, Remote Access AP, Sticky Finger’s Kali-Pi Launcher - Boots into vanilla kali gui but comes with user “pi” pre-configured to launch
the “Sticky Finger’s Kali-Pi Launcher” (touch screen interface) after login - Just run “re4son-pi-tft-setup” tool for your particular screen and you are up and running.
- Out of the box support for on-board Bluetooth & wifi with nexmon patches
且讓我們從 3B 開始呦☺
root@LEDE:~# ssh -l root 5.168.128.250 Host '5.168.128.250' is not in the trusted hosts file. (ssh-rsa fingerprint md5 7f:94:b3:44:c2:39:dc:98:e4:4e:f4:57:90:18:d9:0a) Do you want to continue connecting? (y/n) yes root@5.168.128.250's password: The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@kali:~#