Looking Back: 2022

Transcript

1. LOOKING BACK 2022 20.12.2022 OWASP SAITAMA MTG #11, TALK #1

2. TEXT SESSION FLAGS ▸ ࿥ըɾ࿥Իɾެ։: OK Image by Nico Kaiser

   on flickr, CC-BY 2.0

3. TEXT WHO I AM ▸ Takahiro Yoshimura (@alterakey) 
 https://keybase.io/alterakey

   ▸ Monolith Works Inc. 
 Co-founder, CTO 
 Security researcher ▸ ໌࣏େֶαΠόʔηΩϡϦςΟݚڀॴ 
 ٬һݚڀһ

4. TEXT WHAT I DO ▸ Security research and development ▸

   iOS/Android Apps 
 →Financial, Games, IoT related, etc. (>200) 
 →trueseeing: Non-decompiling Android Application Vulnerability Scanner [2017] ▸ Windows/Mac/Web/HTML5 Apps 
 →POS, RAD tools etc. ▸ Network/Web penetration testing 
 →PCI-DSS etc. ▸ Search engine reconnaissance 
 (aka. Google Hacking) ▸ Whitebox testing ▸ Forensic analysis

5. TEXT WHAT I DO ▸ CTF ▸ Enemy10, Sutegoma2 ▸

   METI CTFCJ 2012 Qual.: Won ▸ METI CTFCJ 2012: 3rd ▸ DEF CON 21 CTF: 6th ▸ DEF CON 22 OpenCTF: 4th ▸ ൃදɾߨԋͳͲ 
 DEF CON 25 Demo Labs (2017) 
 DEF CON 27 AI Village (2019) 
 CODE BLUE (2017, 2019) 
 CYDEF (2020) etc. Image by Wiyre Media on flickr, CC-BY 2.0

6. 2022 ..

7. JANUARY

8. TEXT FRONT: BEIJING REPORT ▸ ๺ژΦϦϯϐοΫ͕։ນ݄ͨ͠ ▸ ެࣜΞϓϦ͕৘ใΛൈ͖ग़͍ͯ͠ΔͷͰ͸ͳ͍ ͔ͱ͍͏ٙ࿭ →

   ݕূͩʂ

9. TEXT TAKEAWAYS ▸ ๺ژޒྠެࣜΞϓϦ ▸ ౰ہ͸શؔ܎ऀʹΠϯετʔϧΛཁٻ ▸ ֤ࠃ͸બखͳͲʹݸਓ୺຤Λ࣋ͪࠐ·ͳ͍Α͏ ʹ௨஌ ▸

   ถCitizen Labs͔Βͷݒ೦ 
 →ݱࡏੈքதͷ஫໨ΛूΊ͍ͯΔ໰୊

10. TEXT TAKEAWAYS ▸ ݒ೦͸ࢸۃଥ౰ͱߟ͑ΒΕΔ ▸ େྔͷݖݶཁٻ͓Αͼฏจ௨৴ ▸ DNS over API

    + ʮෆਖ਼ʯޠ۟ 
 →ݕ஌͞ΕͨΒͲ͏ͳͬͯ͠·͏ͷ͔…ʁ ▸ ΄΅શҬʹ౉Δ҉߸ԽϩδοΫ 
 →Ӆṭͷڧ͍ҙਤΛײ͡Δ໘ന͍ߏ଄ ▸ ΞϓϦͷػೳશ͕ͯϦϞʔτ͔Βίϯτϩʔϧ Մೳͳঢ়ଶ → ΄΅όοΫυΞͱݟͯྑ͍ Image by *Yu7yU* on flickr, CC-BY-NC-ND 2.0

11. TEXT TAKEAWAYS ▸ radare2ͷ෼෍ղੳ͸͔ͳΓ༗ޮ 
 (VV → p → p

    → p → p) ▸ ·ͨr2͸dalvikίʔυղੳʹ΋͔ͳΓ༗ޮ ▸ trueseeing: rebooted (2.1.1.1; ~4w iter.) 
 https://github.com/alterakey/trueseeing ▸ ॻ͍ͨextension͸ͪ͜Β: 
 https://gist.github.com/alterakey/ e1e92bdfdad25587ebeda2267b389fc2

12. TEXT TAKEAWAYS ▸ Related works: 
 [1] https://github.com/ jonathandata1/2022_beijing

13. TEXT FRONT: BEIJING REPORT ▸ ๺ژΦϦϯϐοΫ͕։ນ݄ͨ͠ ▸ ެࣜΞϓϦ͕৘ใΛൈ͖ग़͍ͯ͠ΔͷͰ͸ͳ͍ ͔ͱ͍͏ٙ࿭ →

    ݕূͩʂ ▸ େྔͷݖݶཁٻͱېࢭޠ۟ͱ҉߸Խdexͷڪා 
 →ݱࡏ஍΋ͩͩ࿙Ε 
 →ݕ஌͞ΕͨΒͳʹ͕ى͖ͯ͠·͏ͷ͔ ▸ trueseeingɾghidraɾradare2ͷ໠Җ

14. TEXT BACK: CIS BENCHMARKING OF MANAGED K8S ▸ k8sΫϥελͷ҆શੑධՁʹCISϕϯνϚʔΫΛ ద༻ͨ͠࿩

15. TEXT TAKEAWAYS ▸ Ϋϥ΢υ؀ڥͰӡ༻͍ͯ͠Δ=managed ▸ มߋՄೳͳͷ͸Ұ෦ͷઃఆ஋ͷΈ ▸ ϊʔυ͕͏ͭΖ͍มΘΔ 
 →఻೻Ͱ͖ͳ͍΋ͷ͸࣮࣭తʹઃఆෆೳ

    ▸ ϚϧνΫϥ΢υ: ֤ࣾϊ΢ϋ΢͕͋Δ 
 →֤ࣾͱ΋Benchmarkͷଘࡏ͸ҙࣝ 
 →͕ͩ౷੍͕औΕ͍ͯͳ͍ʂ ▸ ݕূπʔϧ͸໾ʹཱͨͳ͍ Image by Elliot Brown on flickr, CC-BY-SA 2.0

16. TEXT TAKEAWAYS ▸ Benchmark͸ͱ͍͑͹ ▸ ݴ͍ͬͯΔ͜ͱ͸ۃΊͯଥ౰ ▸ ֬ೝ͢΂͖ࢹ఺͸֤ࣾڞ௨ ▸ ݖݶ/߈ܸαʔϑΣεͷ࠷খԽ

    ▸ ඞཁݖݶ͸໌֬Խ͠ೝՄػߏΛ࢖͏ ▸ ಛݖͷ੍໿: PSPେࣄ ▸ ؂ࠪࢹ໺ͷ֬อ Image by Dr Case on flickr, CC-BY-NC 2.0

17. TEXT TAKEAWAYS ▸ Benchmark͸ͱ͍͑͹ ▸ ଥ౰ੑʹٙ໰ූ͕͖͔ͭͶͳ͍هड़ ▸ ϊʔυ୯Ґͷઃఆ஋มߋ͕scoredѻ͍ ▸ ᐆດ͔ͭแׅతͰఆੑతͳهड़͕์ஔ

    ▸ ॻ͖͔͚͋Δ͍͸ෆਖ਼֬ͳهड़͕์ஔ ▸ ܁Γฦ͕͢͜Ε͸ճސ࿥… 
 ࠓ͸Ϛγʹͳ͍ͬͯΔ͜ͱΛئ͏͹͔Γ Image by Mike Finn on flickr, CC-BY 2.0

18. TEXT BACK: CIS BENCHMARKING OF MANAGED K8S ▸ k8sΫϥελͷ҆શੑධՁʹCISϕϯνϚʔΫΛ ద༻ͨ͠࿩

    ▸ ͏ͪͷνϟϓλʔʹͯ͠͸௝͘͠खݎ͍࿩ 
 ↑͢Έ·ͤΜ ▸ πʔϧ͕໾ʹཱͨͳ্͍ʹɺج४΋͍ͣͿΜͱ ఆੑతͳॻ͖ํ͕͞Ε͍ͯͯ೰·͞Εͨ…

19. MARCH

20. TEXT FRONT: SECURING SUPPLY CHAIN ▸ ͜ͷ݄ͷલ݄ʹϩγΞɾ΢ΫϥΠφ܉ࣄিಥ 
 →͜Ε͕ςʔϚʹͳ͍ͬͯͨճͩͬͨ 


    →1प೥Ͱ΋͕͋ͬͨઓ૪ͰբΜͩɻ߹ঠ ▸ ૬͙࣍αϘλʔδϡ: faker.js, node-ipc etc. 
 NPMʹ͓͚ΔύοέʔδϋΠδϟοΫ… 
 → αϓϥΠνΣʔϯ߈ܸͷݱঢ়ͱରࡦ͸Ͳ͏ ͳ͍ͬͯΔΜͩʁ

21. TEXT TAKEAWAYS ▸ FLOSSΤίγεςϜʹજΉ໰୊ ▸ جຊతʹળҙͰ੒Γཱ͍ͬͯΔ ▸ ΤίγεςϜͷ໰୊Λಥ͍ͨ߈ܸ͕ 
 αϓϥΠνΣʔϯ߈ܸ

    ▸ typosquatting ▸ dep. confusion ▸ Account takeover ▸ Delibrate sabotage Image by Richard Says on flickr, CC-BY-NC-ND 2.0

22. TEXT TAKEAWAYS ▸ SBOMͷਖ਼֬ͳ೺Ѳɾϝϯςφϯε͕େࣄ ▸ SBOM: pin͞Εͨdependency graph ▸ Private

    indexΛ࢖͏ͳΒ͍ͭͰ΋࠷༏ઌʹ ▸ ࣄނ΋͕͋ͬͨπʔϧνΣΠϯ΋ͦΖ͖ͬͯͨ ▸ Python: pip-tools / poetry ▸ JS: package lock + npm ci Image by Jazz DiMauro on flickr, CC-BY-NC-ND 2.0

23. TEXT FRONT: SECURING SUPPLY CHAIN ▸ ͜ͷ݄ͷલ݄ʹϩγΞɾ΢ΫϥΠφ܉ࣄিಥ 
 →͜Ε͕ςʔϚʹͳ͍ͬͯͨճͩͬͨ 


    →1प೥Ͱ΋͕͋ͬͨઓ૪ͰբΜͩɻ߹ঠ ▸ ૬͙࣍αϘλʔδϡ: faker.js, node-ipc etc. 
 NPMʹ͓͚ΔύοέʔδϋΠδϟοΫ… 
 → αϓϥΠνΣʔϯ߈ܸͷݱঢ়ͱରࡦ͸Ͳ͏ ͳ͍ͬͯΔΜͩʁ ▸ ͜Ε΋खݎ͍࿩ʹͳͬͯ͠·ͬͨ

24. TEXT BACK: WARTIME PIGEONS ▸ ΢ΫϥΠφଆͷIT Army͕շਐܸ 
 →αΠόʔຽฌͱͰ΋͍͏΂͖૊৫… ▸

    ࢦشܥ౷͕ͳΜͱTelegram; 
 ͜Εͬͯ҆શͳΜͩΖ͏͔ʁ → ݕূͩʂ

25. TEXT TAKEAWAYS ▸ IT ArmyͷࢦشʹTelegram͕࢖༻͞Ε͍ͯΔ ▸ TelegramΫϥΠΞϯτ͸FLOSS ▸ αʔό͸ӳࠃ·ͨ͸Φϥϯμ ▸

    ໨ཱͬͯ҆શͱ͍͏Θ͚Ͱ͸ͳ͍ ▸ Ή͠Ζएׯͷෆ͕҆࢒Δ 
 →͍͔ͭ͘ͷ໰୊ɺՃ͑ͯӡӦ͕ෆಁ໌ 
 →ݸਓతʹ͸࢖͍ͨ͘ͳ͍

26. TEXT TAKEAWAYS ▸ ͲͪΒ͔ͱ͍͑͹Signalͷ΄͏͕͍͍͕… ▸ ి࿩൪߸ʹؔ࿈෇͚Δͷ͸΍Ίͯ΄͍͠

27. TEXT OPEN QUESTIONS, REVISITED ▸ αʔό͸Ͳ͜ʹ͋Δͷ͔ ▸ ੓ݖͷख͕ಧ͘Մೳੑ͸ʁ → ଟ෼ͳ͍

    ▸ ٛ༐܉ͷࢦشʹ଱͑ΔΑ͏ͳ҆શੑͳͷ͔ ▸ Ϣʔβͷ਎ݩׂ͕ΕΔՄೳੑ͸ʁˠ͋Δ ▸ Ϣʔβͷपลਓ෺ׂ͕ΕΔՄೳੑ͸ʁˠ͋Δ ▸ ཪ੾Γ͔Ͷͳ͍Ӆ͠ػೳͳͲͷଘࡏ͸ʁ 
 →ଟ෼ͳ͍ Image by ☼☼Jo Zimny Photos☼☼ on flickr, CC-BY-NC-ND 2.0

28. TEXT BACK: WARTIME PIGEONS ▸ ΢ΫϥΠφଆͷIT Army͕շਐܸ 
 →αΠόʔຽฌͱͰ΋͍͏΂͖૊৫… ▸

    ࢦشܥ౷͕ͳΜͱTelegram; 
 ͜Εͬͯ҆શͳΜͩΖ͏͔ʁ → ݕূͩʂ ▸ ଟ෼େৎ෉͕ͩɺݸਓతʹ͸࢖͍ͨ͘ͳ͍݁Ռ

29. JUNE

30. TEXT FRONT: NYARLATHOTEP ▸ Ӎ͕গͳ͔݄ͬͨ; ͜ͷճ͔Βۮ਺݄։࠵ʹ… ▸ ʮṜ͍دΔࠞಱʯ 
 →Ϣʔβ௥੻ͷݱঢ়ʹ͍ͭͯ

31. None

32. HTTP COOKIE Tracking cookies, and especially third-party tracking cookies

33. HTTP COOKIE ➤ GDPRΛ͸͡Ίɺ֤ࠃʹͯن੍͕ਐΉ ʢ೔ຊͰ΋2022೥4݄ʹվਖ਼ݸਓ৘ใ อޢ๏ࢪߦࡁʣ ➤ ϢʔβʔͷಉҙΛٻΊΔ

34. None

35. IS IT SAFE IF WE DENY?

36. HTTP COOKIE ➤ ऩूͷಉҙʹڋ൱ͨ͠৔߹ ➤ ࣮͸େ͖ͳӨڹ͸ͳ͍ ➤ ͦ΋ͦ΋Cookieͱ͍͏ͷ͸…

37. TEXT FRONT: NYARLATHOTEP ▸ Ӎ͕গͳ͔݄ͬͨ; ͜ͷճ͔Βۮ਺݄։࠵ʹ… ▸ ʮṜ͍دΔࠞಱʯ 
 →CookieʹΑΔ௥੻ɺGDPR…

    
 →CookieΛڋ൱͢Ε͹ϓϥΠόγʔ͸ສશʂʁ 
 →ܰ͘ݟͯ΋Βͬͯ͸ࠔΔΑɻ ▸ ͜Ε͸୯ͳΔ࢝·Γʹա͗ͳ͔ͬͨͷͩɻ

38. TEXT BACK: STARING INTO CHAOS ▸ Android͕յΕ…iOSʹ10೥ͿΓʹճؼ 
 ͦ͜Ͱݟͨ஍ฏ͸…

39. TEXT CONCLUSION ▸ ਓྗϨϏϡʔ͸ࣗಈղੳ+σετϥοϓΑΓ΋༗ޮͱ ͸ܾͯ͠ݴ͑ͳ͍ ▸ iOS͸ਓ͕ؒݟ͍ͯΔ͔Β҆શͱ͍͏େऺ৴ڼʹ͸ 
 શࠜ͘ڌ͕ͳ͍; Ή͠Ζةݥ

    (i.e. false sense of …) ▸ ͨͩͷҰ఺ͷঢ়ଶΛݕূ͍ͯ͠Δ͚ͩ 
 →Androidํࣜʹ͸ࢍ൱྆࿦͋Δ͕༏ल ▸ ਓؒʹ͸ਓؒͷϛε; ར఺ͱͯ͠͸ײੑͷΈ 
 →ݟམ͠ɺ৺ཧঢ়ଶͳͲ

40. TEXT CONCLUSION ▸ Stay safe!

41. TEXT BACK: STARING INTO CHAOS ▸ Android͕յΕ…iOSʹ10೥ͿΓʹճؼ 
 ͦ͜Ͱݟͨ஍ฏ͸… ▸

    खಈ֬ೝΛ͔͍͙͘ΔΞϓϦͷวࡏ 
 ِઆ໌ɾϦϞʔτϑϥάɾ͔·ͤίϯςϯπ etc. ▸ ҰൠʹݴΘΕΔΑ͏ͳ҆શੑ͸΄΅օແ 
 →։ൃଆͷࣄ৘΋෼͔Δ͕͍͔͞͞΍Γ͗͢ 
 →False sense of security͕࣮৘

42. AUGUST

43. TEXT FRONT: NYARLATHOTEP ▸ ॵ͔݄ͬͨ ▸ ଓʮṜ͍دΔࠞಱʯ ▸ Cookieless monsterʂ

44. COOKIELESS MONSTER New Tracking Tool Is Like a Cookie That

    Can't be Blocked

45. FURTHER FINGERPRINTING ➤ ࠃ಺Ͱ͸໌࣏େֶͷᜊ౻ϥϘ͕ઌߦ ➤ ͞·͟·ͳख๏͕ߟҊ͞Ε͍ͯΔ ➤ ܾఆ࿦తϑΟϯΨʔϓϦϯτ ➤ ֬཰తϑΟϯΨʔϓϦϯτ

    ➤ ۭ࣌తྨࣅੑ (e.g. DrawBridge etc.) ➤ ؔ৺తྨࣅੑ (e.g. GraphTrack, [Wang et al. 2022]) ➤ ϑΟϯΨʔϓϦϯτର৅͸ϒϥ΢β΍σ όΠε͔ΒϢʔβࣗ਎΁
46. None
47. None

48. “ H.P.LOVECRAFT Nyarlathotep…the crawling chaos…I am the last…I will tell

    the audient void… 
 
 I do not destinctly when it began, but it was month ago. The general tension was horrible. To a season of political and social upheaval was added a strange and brooding apprehension of hideous physical danger; a danger widespread and all-embracing, such a danger as may be imagined only in the most…

49. TEXT FRONT: NYARLATHOTEP ▸ ॵ͔݄ͬͨ ▸ ଓʮṜ͍دΔࠞಱʯ ▸ Cookieless monsterʂ

    
 →CookieΛ࢖Θͣ೜ͼدΔ ▸ Fingerprinting 
 →σόΠεͷಛఆ͔ΒϢʔβࣗମͷಛఆ΁ ▸ എے΋ౚΔ…Ӊ஦తڪාΛಧ͚ͨճ

50. TEXT BACK: CHASING IN THE BACKSTAGE ▸ TikTok, ͠͹Β͘ݟ͍ͯͳ͔ͬͨͷͰ࠶๚

51. TEXT PROTECTION ▸ ੩తʹଘࡏ͠ͳ͍ 
 →Objective-C 2.0 Messageղੳ͕ޮ͔ͳ͍ 
 →iOSΞϓϦղੳʹ͓͍ͯ͸க໋త

    ▸ ਵ෼ͱಛघͳߏ଄ ▸ ྺ୅ͷTikTokɺ͓ΑͼಉࣾʹΑΔฒߦϓϩμΫ τ (e.g. Lemon8) Ͱ͸ྫΛݟͳ͍… ݼଉͳखஈ

52. TEXT BREACHING THE PROTECTION ▸ ϝϞϦμϯϓ߈ܸ ▸ ࣮ࡍʹಈ࡞ͤ͞Ծ૝ϝϞϦΛࠜͦ͗͜ऩू 
 →ಈత৘ใΛԣऔΓ͢Δৗ౟खஈ

    ▸ Fridump 
 →readonly/writableͷ2ηοτऔΔ ▸ cfstring, selrefs΋͜ΕͰऔΕΔ…͸ͣ

53. TEXT BREACHING THE PROTECTION ▸ ϝϞϦμϯϓ߈ܸ ▸ …͕ɺASLRͷհࡏʹ஫ҙ ▸ ASLR:

    Address Space Layout Randomization ▸ ୺຤͕࣮ߦ࣌ʹΞυϨεۭؒΛγϟοϑϧ ▸ ϝϞϦഁյܥ߈ܸʹର͢Δॏཁͳ๷ޚػߏ 
 ʢBuffer over fl ow, Return-oriented programmingͳͲʣ

54. TEXT PROTECTION IS HISTORY ▸ ༗ҙٛͳ৘ใ͕औΕΔΑ͏ʹͳͬͨ 
 (~30min. / M1

    MacBookPro) ▸ एׯͷ໰୊ ▸ objc_msgSendͳͲͷC APIίʔϧͷղܾ ▸ ηΫγϣϯͷܧଓతͳషΓࠐΈ

55. TEXT TAKEAWAYS ▸ In-app browserԚછݕग़αΠτ͸ສೳͰ͸ͳ͍ ▸ Android΋͓ͦΒ͘ಉ༷ (payload͕֬ೝͰ͖Δ) ▸ In-app

    browser͸֎͔Β͍Ζ͍ΖհೖͰ͖Δ ▸ In-app browserΛ༏ઌ͢Δ෩ை͸Ͳ͏ͳͷ͔ 
 →Ϣʔβʹબ୒ࢶΛఏڙ͢΂͖ 
 →Android΋ಉ༷

56. TEXT BACK: CHASING IN THE BACKSTAGE ▸ TikTok, ͠͹Β͘ݟ͍ͯͳ͔͕ͬͨ… ▸

    iOS: ؂ࢹػߏʹϝϞϦϨΠΞ΢τͷύζϧ 
 →๬Ήͱ͜Ζͩɺͱ͍͏ͱ͜ΖͰղಡ੒ޭ ▸ Android: ࣌ؒ੾Ε… orz ▸ in-app browser͸ࢥͬͨΑΓ͍Ζ͍ΖͰ͖Δ 
 →༏ઌ͢Δ෩ை͸΋͏͍͍Ճݮʹ໓ͼΔ΂͖ 
 ʢe.g. LINE/Facebook etc.ʣ

57. OCTOBER

58. TEXT FRONT: HAZY DATAGRAMS ▸ ϏʔϧࡇΓͷ݄; ॳͷϋΠϒϦου։࠵ 
 य़೔෦ࢢ;Ε͍͋Ωϡʔϒ →

    ԕ͔ͬͨͰ͢Α Ͷ… ▸ Noise Protocol Framework: 
 ҉߸ϓϩτίϧͷϑϨʔϜϫʔΫ 
 → ҆શͳͷʁ

59. TEXT TAKEAWAYS ▸ Noise͸҉߸ϓϩτίϧϑϨʔϜϫʔΫ ▸ ߏ੒ཁૉΛݫબɾϒϩοΫԽɾύλʔϯԽ 
 →৽نʹ௥Ճ΋Ͱ͖Δ͕… ▸ ୯७ɾߴ଎ɾ҆શͳϓϩτίϧઃܭʹد༩

    
 →ઌਐతಛੑΛ࣋ͭϓϩτίϧઃܭʹ΋ରԠ 
 (0-RTT, post-quantum resistanceͳͲ) ▸ ূ໌ՄೳੑΛ։͍ͨͱ΋ݴ͑Δ… Image by Daisuke Matsumura on flickr, CC-BY-NC 2.0

60. TEXT TAKEAWAYS ▸ Noise Explorer: KobeissiΒʹΑΔઃܭɾϞσϦϯ άܥ [Kobeissi18] ▸ ެࣜ57ύλʔϯͷΈͳΒͣ೚ҙઃܭʹରͯ͠΋

    ProVerifϞσϧΛੜ੒Մೳ ▸ ProVerif: INRIA੍࡞ͷ҉߸ϓϩτίϧݕূπʔϧ 
 ߈ܸతωοτϫʔΫʢDolev-YaoϞσϧʣԼʹ͓ ͍ͯܥͷ࣋ͭ҆શੑΛ୅਺తʹূ໌ ▸ ূ໌Մೳͳ҆શੑ͕͔ͳΓaccessibleʹͳͬͨ

61. TEXT TAKEAWAYS ▸ NoiseΛ࢖༻͍ͯ͠Δ͔Βͱ͍ͬͯશ͕ͯ҆શͳ Θ͚Ͱ͸ͳ͍ ▸ ྫ: NN (= anonymous

    DHͱ౳Ձ) ▸ ࣗ࡞͢Δ৔߹: 
 υΩϡϝϯτ7.3߲ͷΨΠυϥΠϯʹै͏ଞʹɺ 
 Ͱ͖ΔݶΓূ໌Λߦ͏ Image by SonnyandSandy on flickr, CC-BY-NC-ND 2.0

62. TEXT FRONT: HAZY DATAGRAMS ▸ ϏʔϧࡇΓͷ݄; ॳͷϋΠϒϦου։࠵ 
 य़೔෦ࢢ;Ε͍͋Ωϡʔϒ →

    ԕ͔ͬͨͰ͢ΑͶ… ▸ Noise Protocol Framework: 
 ҉߸ϓϩτίϧͷϑϨʔϜϫʔΫ 
 → Ұݟ෼͔Γʹ͍͕࣮͘͸߹ཧత 
 → ҆શͳͷʁ … ূ໌Մೳੑ͕։͔Ε͍ͯͨ ▸ ProVerif: ҉߸ϓϩτίϧʹର͢Δܗ࣭ূ໌πʔϧ ▸ ͨͩ࢖ͬͯ΋ࣗಈతʹ҆શʹ͸ͳΒͳ͍ͷͰ 
 ઃܭͨ͠৔߹ʹ͸ࣗ਎Ͱূ໌͠Α͏ͷר

63. TEXT BACK: CHAPTER INTRODUCTION ▸ ͍ͭ΋ͷνϟϓλʔ঺հ; ยखམͪͷ݄ͩͬͨ…

64. DECEMBER

65. TEXT FRONT: LOOKING BACK 2022 ▸ Ұ೥ͷ࠷ޙͷ݄; 2ճ໨ͷϋΠϒϦου 
 ͍ͨ͞·ࢢRaiBoCձٞࣨ

    ▸ ;Γ͔͑Γͩʂ

66. KEEP

67. TEXT WHAT TO KEEP ▸ Ұ೥։࠵Ͱ͖ͨ͜ͱ ▸ νϟϓλʔgithubͰϓϩδΣΫτͱͯ͠௥੻ ▸ ݟ΍͍͢

    ▸ ΍Ζ͏ͱ͍͏ؾʹͯ͘͠Εͨ ▸ ͜Ε͸ྑ͔ͬͨ…

68. TEXT WHAT TO KEEP ▸ ࣮ફతͳ࿩୊ΛఏڙͰ͖ͨ͜ͱ ▸ ΞϓϦͳͲͷղੳ ▸ ݕূ

    ▸ ϋΠϒϦου։࠵͕Ͱ͖ͨ͜ͱ ▸ ۮ਺݄։࠵΁ͷεΠον͕Ͱ͖ͨ͜ͱ

69. PROBLEM

70. TEXT WHAT IS PROBLEM? ▸ ࠂ஌͕ຖ౓ͷ͝ͱ͘ࡶ ▸ ૣΊૣΊͰࠂ஌͍ͯ͜͠͏ͱࢥ͍ͬͯΔ͕… ▸ ֎෦͔ΒߨࢣΛݺ΂͍ͯͳ͍

    ▸ ࣌ؒత༨༟ͷͳ͞; ݄຤… ▸ ϫʔΫγϣοϓ΍Δ΍Δ࠮ٗ ▸ ίϩφՒ͸͍͍Ճݮʹ໓΂

71. TRY

72. TEXT WHAT TO TRY NEXT YEAR ▸ ϋΠϒϦουަޓ։࠵ͷܧଓ ▸ ΑΓ௅ઓతͳ࿩୊ͷఏڙ

    ▸ ϫʔΫγϣοϓΛ΍Δ 
 →Juice ShopͰCTFͱ͔… ▸ ֎෦͔ΒߨࢣΛݺͿ ʢ୭͔ʂʣ

73. Q?

74. FIN. 20.12.2022 TAKAHIRO YOSHIMURA (@ALTERAKEY)