Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Attack N Defence
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Buzzvil
January 23, 2019
220
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Attack N Defence
Buzzvil
January 23, 2019
More Decks by Buzzvil
See All by Buzzvil
220903_GFS
buzzvil
0
640
Git 해부하기 2 + 3
buzzvil
0
68
Metastable Failure
buzzvil
0
360
Git 해부하기
buzzvil
0
84
Introduction to Plate Solving
buzzvil
0
74
Airbnb Minerva
buzzvil
0
510
Shape up 방법론
buzzvil
0
1.1k
Buzzvil Billing Data Pipeline
buzzvil
0
720
Journey of Dash's release-cycle
buzzvil
0
270
Featured
See All Featured
Scaling GitHub
holman
464
140k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.5k
What's in a price? How to price your products and services
michaelherold
247
13k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
370
A Soul's Torment
seathinner
6
2.9k
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
250
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8.2k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
410
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
160
Transcript
Attack N Defence - 0101 - JD
Notice • Solution is not perfect. • Also, sample is
not perfect. • So, we should have imagine.
Process Product Attack Defence
Setup • docker pull jongsu253/dev-seminar:0.1 • docker run --privileged --cap-add=SYS_PTRACE
--security-opt seccomp=unconfined -it ed79ba87900b /bin/bash
Let’s do it now!
Section I - Hooking Dynamic Linking libc.so program call printf@PLT
PLT[0]: call resolver PLT[X]: jmp *GOT[X] push XX jmp PLT[0] GOT[X]: &printf printf: … ld.so resolver: … program call printf@PLT PLT[0]: call resolver PLT[X]: jmp *GOT[X] push XX jmp PLT[0] GOT[X]: &hooker libc.so printf: … ld.so resolver: … hook.so hooker: …
Section I - Hooking Dynamic Loading ld.so libc.so libm.so libhook.so
printf read write pow sqrt ceil printf read write libraries: libc.so libm.so libhook.so ld.so libraries: libhook.so libc.so libm.so libc.so libm.so libhook.so printf read write printf read write pow sqrt ceil
Section II - Debugger Process A Process B name phone
address … Process A Process B name phone address … access / control kernel access / control
Section II - Debugger Process A Process B name phone
address … kernel access / control Process C 1 2
Section II - Debugger Process A Process B name phone
address … kernel Process B` fork Attached Not Attached
Section II - Debugger Process A Process B kernel Attached
Thread 1 Thread 2 Thread 3 Thread N
Section II - Debugger Process A Process B kernel Thread
1 Thread 2 Thread 3 Thread N Attached Process C
What do you think …?
Q & A
Thank you!
buzzvil
holman
kevinliebholz
michaelherold
akashhashmi
seathinner
427marketing
eileencodes
aleyda
aarron
inesmontani
reverentgeek
ryanjones
