Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
あの日学んだ攻撃の方法を僕達はまだ知らない。
Search
Mr.Rabbit
December 07, 2017
0
180
あの日学んだ攻撃の方法を僕達はまだ知らない。
2017年8月2日(水) 濱せっく 出張版#3で発表させてもらった資料です。
Mr.Rabbit
December 07, 2017
Tweet
Share
More Decks by Mr.Rabbit
See All by Mr.Rabbit
BOCCHI
01rabbit
0
11
KaliPAKU
01rabbit
0
10
Babbly
01rabbit
0
57
P.A.K.U.R.I SECCON2019 Akihabara YOROZU
01rabbit
1
110
P.A.K.U.R.I AVTOKYO HIVE
01rabbit
0
70
The Empire Strikes Back ~MR.RABBIT 帝国の逆襲~
01rabbit
0
230
地雷探しに脆弱性を使うのは間違っているだろうか Hack a Minesweeper
01rabbit
0
190
MR.RABBIT 聞いた事はあるけど、実際には見た事がないハッキングガジェット
01rabbit
2
7.3k
Featured
See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
980
Code Review Best Practice
trishagee
69
19k
Designing Experiences People Love
moore
142
24k
How to train your dragon (web standard)
notwaldorf
96
6.1k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Unsuck your backbone
ammeep
671
58k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.7k
Git: the NoSQL Database
bkeepers
PRO
430
65k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.4k
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.5k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.2k
Transcript
ᖛͤͬ͘ग़ு൛ !SBJU
͋͐͡Μͩ w ແઢ-"/ͷڴҖ w )PXUP+BNNJOH w ߈ܸɾޚγφϦΦ w ·ͱΊ
ࣗݾհ ͏͗͞ w झຯͰηΩϡϦςΟใͷऩूɺ߈ܸݕূ Λͯ͠ΔࣗশϖςϯࢣڃΫϥοΧʔ w ॏ͍தೋපΛױ͍ͬͯΔϥϊϕѪಡՈ w झຯےτϨͱαόήʔ ͏͞ϒϩ
ɹIUUQSBJUCMPHIBUFCMPKQ 5XJUUFS ɹ!SBJU
–ͱ͋Δຐज़ͷېॻ lຐज़ͱɺ࠽ೳͷແ͍ਓ͕ؒͦΕͰ࠽ೳ͋Δ ਓؒͱରʹͳΔҝͷٕज़z
ແઢ-"/ͷ͓
ແઢ-"/ͷڴҖ w ػີੑͷ߈ܸ ʢෆਖ਼ΞΫηεϙΠϯτɺೝূ߈ܸʣ w Մ༻ੑͷ߈ܸ ʢαʔϏεڋ൱߈ܸʣ
ػີੑͷ߈ܸ
ແઢ-"/ͷڴҖ ػີੑͷ߈ܸɿෆਖ਼ΞΫηεϙΠϯτ
ແઢ-"/ͷڴҖ ػີੑͷ߈ܸɿ҉߸伴ͷΫϥοΩϯά
ແઢ-"/ͷڴҖ ػີੑͷ߈ܸํ๏
Մ༻ੑͷ߈ܸ
ແઢ-"/ͷڴҖ Մ༻ੑͷ߈ܸɿαʔϏεڋ൱߈ܸ
ແઢ-"/ͷڴҖ Մ༻ੑͷ߈ܸํ๏ ͱ͜ΖͰɾɾɾ ແઢ-"/ͷδϟϛϯάͬͯͲ͏Δͷʁ
ແઢ-"/ͷ௨৴ ύογϒPSΞΫςΟϒεΩϟϯ ೝূ σʔλϑϨʔϜͷૹड৴ ͬ͘͟Γͱͨ͠
ແઢ-"/ͷڴҖ δϟϛϯάͷํ๏ %F"VUIFOUJDBUJPO ʢೝূऔΓফ͠ʣ ೝূࡁ
)PXUP+BNNJOH
)PXUP+BNNJOH BJSNPOOHϞχλʔϞʔυʹมߋ BJSPEVNQOH௨৴ड BJSFQMBZOHδϟϛϯά
)PXUP+BNNJOH ϞχλʔϞʔυʹมߋ JXDPOpHͰΠϯλʔϑΣʔεΛ֬ೝ
)PXUP+BNNJOH ϞχλʔϞʔυʹมߋ BJSNPOOHTUBSUʲΠϯλʔϑΣʔεʳ ΠϯλʔϑΣʔεΛϞχλʔϞʔυมߋ͢Δ BJSNPOOHͰΠϯλʔϑΣʔεΛϞχλʔϞʔυʹมߋ
)PXUP+BNNJOH ϞχλʔϞʔυʹมߋ ϞχλʔϞʔυʹมߋ͞Εͨ͜ͱΛ֬ೝ
)PXUP+BNNJOH ௨৴ड BJSPEVNQOHͰ௨৴डʢBJSPEVNQOHXMBONPOʣ
)PXUP+BNNJOH δϟϛϯά BJSFQMBZOHͰδϟϛϯάΛ͔͚Δ w BJSFQMBZOHBʲ#44*%ʳʲΠϯλʔϑΣʔεʳ w ɹEF"VUIFOUJDBUJPO༻Φϓγϣϯ w ɹEF"VUIFOUJDBUJPOύέοτͷૹ৴ճʢ̌࿈ଓʣ w
Bʲ#44*%ʳඪతͱͳΔωοτϫʔΫͷ#44*%
)PXUP+BNNJOH δϟϛϯά ඪత͕νϟϯωϧͳͷͰɺJXDPOpHίϚϯυͰʹมߋ νϟϯωϧΛἧ͑ͨΒBJSFQMBZOHͰδϟϛϯά։࢝
δϟϛϯάΛ༻ͨ͠ ߈ܸɾޚγφϦΦ
߈ܸγφϦΦ
߈ܸγφϦΦɹͦͷ̍ αʔϏεڋ൱߈ܸ 44*%GSFF@DBGF
߈ܸγφϦΦɹͦͷ̍ ࣮ࡍʹඃʹ͋ͬͯΈΑ͏ʂ 44*%GSFF@DBGF
߈ܸγφϦΦɹͦͷ̎ ൜Χϝϥఀࢭ
߈ܸγφϦΦɹͦͷ̎ ແઢ-"/Χϝϥ w ൺֱత҆ՁͰઃஔՄೳ w ϧʔλʔʹଓ͢Δ͚ͩͰར༻Ͱ͖Δ w ϧʔλʔͱͷؒ҉߸Խ͞Ε͍Δ ʢΧϝϥө૾Λ͖ݟΔͷ͍͠ʣ ͔͠͠ɺΧϝϥͷΛ௵͢͜ͱෆՄೳͰͳ͍
߈ܸγφϦΦɹͦͷ̎ ൜Χϝϥఀࢭ
ޚγφϦΦ
ฌݿݝܯͷʮूதՍి࡞ઓʯ ɹ.4/࢈ܦXFTUͷ݄ͷهࣄ ʹΑΔͱɺฌݿݝܯʮूதՍి࡞ ઓʯͱ͍͏ɺৼΓࠐΊٗάϧʔϓ ʹରͯ͠ͻͨ͢ΒిΛ͔͚ଓ͚ͯ ճઢΛڌͯ͠༻ෆೳʹ͢Δ͍Θ ΏΔʮαʔϏεڋ൱߈ܸʯΛͬͯ ৼΓࠐΊٗΛ͗ٗඃΛݮΒ ͨ͠ͱใ͡ΒΕ͍ͯͨɻ ͜Εɺ͑ΔΜ͡ΌͶʁ
ޚγφϦΦɹͦͷ̍ ෆਖ਼ΞΫηεϙΠϯτରࡦ 44*%GSFF@DBGF 44*%GSFF@DBGF@
ޚγφϦΦɹͦͷ̎ ౪ࡱυϩʔϯରࡦ
ޚγφϦΦɹͦͷ̎ ౪ࡱυϩʔϯରࡦɿ࣮ԋ
·ͱΊ w 8J'Jͷ߈ܸʹ8&1ɺ81"81"ͷΫϥοΩϯάͩ ͚Ͱͳ͍ w %P4߈ܸ͕ܧଓతʹߦΘΕΔͱɺՄ༻ੑ͕ࣦΘΕΔ͚ͩ Ͱͳ͘৴༻ࣦ͏͜ͱʹͭͳ͕Δ w ਖ਼͍͠ํ๏ͱݴ͍Εͳ͍͕ɺ߈ܸऀͱಉ͡ख๏Λ ޚʹస༻͢Δ͜ͱͰ͖Δ
͓ΘΓ