Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Attack N Defence
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Buzzvil
January 23, 2019
220
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Attack N Defence
Buzzvil
January 23, 2019
More Decks by Buzzvil
See All by Buzzvil
220903_GFS
buzzvil
0
660
Git 해부하기 2 + 3
buzzvil
0
68
Metastable Failure
buzzvil
0
360
Git 해부하기
buzzvil
0
85
Introduction to Plate Solving
buzzvil
0
76
Airbnb Minerva
buzzvil
0
520
Shape up 방법론
buzzvil
0
1.1k
Buzzvil Billing Data Pipeline
buzzvil
0
730
Journey of Dash's release-cycle
buzzvil
0
280
Featured
See All Featured
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
190
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
200
My Coaching Mixtape
mlcsv
0
170
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
250
Building Adaptive Systems
keathley
44
3.1k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.7k
Being A Developer After 40
akosma
91
590k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
170
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.5k
The Spectacular Lies of Maps
axbom
PRO
1
850
GraphQLとの向き合い方2022年版
quramy
50
15k
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
180
Transcript
Attack N Defence - 0101 - JD
Notice • Solution is not perfect. • Also, sample is
not perfect. • So, we should have imagine.
Process Product Attack Defence
Setup • docker pull jongsu253/dev-seminar:0.1 • docker run --privileged --cap-add=SYS_PTRACE
--security-opt seccomp=unconfined -it ed79ba87900b /bin/bash
Let’s do it now!
Section I - Hooking Dynamic Linking libc.so program call printf@PLT
PLT[0]: call resolver PLT[X]: jmp *GOT[X] push XX jmp PLT[0] GOT[X]: &printf printf: … ld.so resolver: … program call printf@PLT PLT[0]: call resolver PLT[X]: jmp *GOT[X] push XX jmp PLT[0] GOT[X]: &hooker libc.so printf: … ld.so resolver: … hook.so hooker: …
Section I - Hooking Dynamic Loading ld.so libc.so libm.so libhook.so
printf read write pow sqrt ceil printf read write libraries: libc.so libm.so libhook.so ld.so libraries: libhook.so libc.so libm.so libc.so libm.so libhook.so printf read write printf read write pow sqrt ceil
Section II - Debugger Process A Process B name phone
address … Process A Process B name phone address … access / control kernel access / control
Section II - Debugger Process A Process B name phone
address … kernel access / control Process C 1 2
Section II - Debugger Process A Process B name phone
address … kernel Process B` fork Attached Not Attached
Section II - Debugger Process A Process B kernel Attached
Thread 1 Thread 2 Thread 3 Thread N
Section II - Debugger Process A Process B kernel Thread
1 Thread 2 Thread 3 Thread N Attached Process C
What do you think …?
Q & A
Thank you!