Upgrade to Pro — share decks privately, control downloads, hide ads and more …

とある診断員とSecurity-JAWS#02座学資料

 とある診断員とSecurity-JAWS#02座学資料

詳細は以下ブログへ
https://dev.classmethod.jp/articles/review-security-camp-and-tigersecjaws-02/

以下2つのイベントの前半の資料です。

C1 なぜ、Webサイトは乗っ取られたのか?AWS環境における実践的なインシデントレスポンス - セキュリティ・キャンプ全国大会2020オンライン
https://www.ipa.go.jp/jinzai/camp/2020/zenkoku2020_program_list.html#list_c1
とある診断員とSecurity-JAWS#02
https://tigersecjaws.connpass.com/event/196448/

cm-usuda-keisuke

December 15, 2020
Tweet

More Decks by cm-usuda-keisuke

Other Decks in Technology

Transcript

  1. ͱ͋Δ਍அһͱ4FDVSJUZ+"84
    ࠲ֶฤࢿྉ

    View Slide

  2. ໨࣍
    Πϕϯτ֓ཁ
    ߨࢣ঺հ
    "84ηΩϡϦςΟͷجૅߨٛ
    "84ʹର͢Δ߈ܸͷઆ໌
    ՝୊આ໌
    ՝୊࣮ࢪ
    ৼΓฦΓ

    View Slide

  3. Πϕϯτ֓ཁ
    ● ֓ཁ
    ● ΠϕϯτͷਐΊํ
    ● λΠϜςʔϒϧ

    View Slide

  4. ֓ཁ
    ຊΠϕϯτͰ͸ɺΫϥ΢υ؀ڥͳΒͰ͸ͷηΩϡϦ
    ςΟΠϯγσϯτϨεϙϯεΛܦݧ͢Δ͜ͱΛ໨త
    ͱͯ͠ɺ৵֐͞Εͯ͠·ͬͨ"84؀ڥʹରͯ͠ௐ
    ࠪΛߦ͍·͢ɻ
    Քಇ͍ͯͨ͠&$αʔόʔ΍ϚωʔδυαʔϏεɺ
    ֤छΞΫηεϩάɺ"84؀ڥͷઃఆঢ়گΛղੳ͠
    ͯɺ৵֐ͷݪҼ΍ඃ֐ൣғͷಛఆɺҰ࿈ͷ߈ܸ΁ͷ
    ରࡦҊͷݕ౼Λߦ͍·͢ɻ

    View Slide

  5. ֶश໨ඪ
    ● "84؀ڥͷηΩϡϦςΟΛֶͿ ޕલ

    ● ࣮ફతͳ"84؀ڥͷΠϯγσϯτௐࠪΛ௨ͯ͡
    "84؀ڥͰͷରࡦΛମݧ͠׆͔͢ ޕޙ

    View Slide

  6. ߨࢣ঺հ
    ● ӓాՂ༞
    ● ऱ࡚ढ़

    View Slide

  7. ߨࢣ঺հӓాՂ༞
    Ϋϥεϝιουגࣜձࣾ
    ɾ"84ࣄۀຊ෦
    ιϦϡʔγϣϯΞʔΩςΫτ
    ηΩϡϦςΟνʔϜϦʔμʔ
    ɾ4FDVSJUZ+"84ӡӦ
    ɾ޷͖ͳαʔϏε
    "848"'Ϛωʔδυϧʔϧ
    ɾ୲౰"84؀ڥߏங
    https://dev.classmethod.jp/author/usuda-keisuke/

    View Slide

  8. ߨࢣ঺հऱ࡚ढ़
    ऱ࡚ ढ़ʢ4IVO4V[BLJʣ
    ࡾҪ෺࢈ηΩϡΞσΟϨΫγϣϯגࣜձࣾʹॴଐ
    ϖωτϨʔγϣϯςετͳͲΛத৺ͱͨ͠ηΩϡϦςΟαʔϏεఏڙʹ
    ैࣄ͢Δɺͱ͋ΔηΩϡϦςΟΤϯδχΞ
    公開スライド:http://www.slideshare.net/zaki4649/
    Blog:http://tigerszk.hatenablog.com/
    著書(翻訳):詳解HTTP/2
    Twitter:とある診断員@tigerszk
    ● ISOG-J WG1
    ● Burp Suite Japan User Group
    ● OWASP JAPAN Promotion
    Team
    ● #ssmjp
    ● MINI Hardening Project
    I‘M A CERTAIN
    PENTESTER!
    ୲౰ɿ߈ܸγφϦΦ࡞੒

    View Slide

  9. "84ηΩϡϦςΟͷجૅߨٛ
    ● "84ηΩϡϦςΟجૅ
    ● ࠷ۙͷ߈ܸऀͷಈ޲
    ● "84ͰͷηΩϡϦςΟରࡦ

    View Slide

  10. ηΩϡϦςΟͷલʹͦ΋ͦ΋"84ͷϝϦοτͱ͸ʁ
    "84ͷ Ϋϥ΢υ͕બ͹ΕΔ ͷཧ༝
    IUUQTBXTBNB[PODPNKQBXTUFOSFBTPOT
    ཧ༝ॳظඅ༻θϩʗ௿Ձ֨

    View Slide

  11. ηΩϡϦςΟͷલʹͦ΋ͦ΋"84ͷϝϦοτͱ͸ʁ
    ॊೈੑ΍ढ़හੑ

    View Slide

  12. ηΩϡϦςΟͷલʹͦ΋ͦ΋"84ͷϝϦοτͱ͸ʁ
    ϚωʔδυαʔϏεʹΑΔӡ༻ෛՙͷܰݮ

    View Slide

  13. ηΩϡϦςΟͷલʹͦ΋ͦ΋"84ͷϝϦοτͱ͸ʁ
    ߴ͍ηΩϡϦςΟΛ֬อͰ͖Δͷ΋ϝϦοτ

    View Slide

  14. ϝϦοτ͸͍Ζ͍Ζ͋Δ
    ● શͯ͸ϏδωεΛՃ଎͢ΔͨΊʹ͋Δ
    ● ηΩϡϦςΟ΋ϏδωεΛՃ଎ͤ͞ΔͨΊʹ͋
    Δ
    ● ηΩϡϦςΟ͕ͦΕΛ๦֐ͯ͠͸ͳΒͳ͍
    ● "84Ͱ͸ಛʹଞͷཁૉͱτϨʔυΦϑͤͣʹη
    ΩϡϦςΟΛڧԽͰ͖Δ ߈ΊͷηΩϡϦςΟ
    ● ໨త͸ҰॹͳΒखΛऔΓ߹͍ਐΊΒΕΔ

    View Slide

  15. "84ηΩϡϦςΟجૅ
    "84ͷηΩϡϦ
    ςΟͰ·ͣҙࣝ
    ͢Δͷ͸੹೚ڞ
    ༗Ϟσϧ
    "84ͱϢʔβʔ
    ͷ੹೚Λ࣋ͭൣ
    ғ͸໌֬

    View Slide

  16. "84ηΩϡϦςΟجૅ
    "84ηΩϡϦςΟ͸େ͖͘෼͚Δͱͭ
    ● "84ϨΠϠʔͷηΩϡϦςΟ
    ˓ "84ಛ༗ͷ΋ͷͳͷͰ֮͑Δ
    ● 04ϨΠϠʔҎ্ͷηΩϡϦςΟ
    ˓ طଘͱಉ͡Ͱ஌ࣝΛ࢖͍ճͤΔ
    ˓ "84΍αʔυύʔςΟͷΤίγεςϜΛ׆༻Ͱ͖Δ

    View Slide

  17. "84ηΩϡϦςΟجૅ"84ϨΠϠʔ
    ● ඞͣ࢖͏"84αʔϏε
    ˓ $MPVE5SBJM
    ˙ "84ͷ"1*࣮ߦཤྺΛอଘ͢Δ
    ˙ ٯʹݴ͏ͱϢʔβʔଆͰऔಘ͢Δඞཁ͕͋Δ
    ˓ $POGJH
    ˙ "84ϦιʔεͷมߋཤྺΛอଘ͢Δ
    ˓ (VBSE%VUZ
    ˙ *".&$4ͷ༷ʑͳڴҖΛݕ஌͢Δ
    ˙ ίΠϯϚΠχϯάͱ͔ΞΫηεΩʔ࿙Ӯͱ͔

    View Slide

  18. "84ηΩϡϦςΟجૅ"84ϨΠϠʔ
    ● ॏཁͳઃఆ
    ˓ 4ͷΞΫηε੍ޚ
    ˙ ઈରʹେࣄͳ৘ใΛެ։͠ͳ͍
    ˙ όέοτϙϦγʔ"$-ύϒϦοΫΞΫηεϒϩ
    οΫͳͲෳ਺ͷ੍ޚखஈ͕͋Δ
    ˓ *".6TFSͷΞΫηεΩʔ؅ཧ
    ˙ ઈରʹίʔυʹຒΊࠐΜͰ(JUͰެ։͠ͳ͍
    ˓ 4FDVSJUZ(SPVQ
    ˙ 44)3%1ͳͲΛͰެ։ͨ͠Γ͠ͳ͍

    View Slide

  19. "84ηΩϡϦςΟجૅ04ϨΠϠʔҎ্
    ● 04ηΩϡϦςΟ͸͕Μ͹Δ
    ● "848"'͸҆ͯ͘਌࿨ੑͷߴ͍8"'
    ● ϩάϝτϦΫε͸$MPVE8BUDI
    ● ϩά෼ੳ͸"UIFOBՄࢹԽʹ2VJDL4JHIU
    ● ೝূ͸$PHOJUP
    ˓ ϦεΫϕʔεೝূͳͲՄೳ
    ● ίϯςφΠϝʔδ͸&$3ϦϙδτϦεΩϟϯ

    View Slide

  20. ৄࡉ͸ϒϩάͰ
    ʮΫϥ΢υγϑτʹ͋Θ
    ͤͨ"84ηΩϡϦςΟ
    ڧԽͷ͸͡Ίํʯͱ͍͏
    λΠτϧͰొஃ͠·ͨ͠
    https://dev.classmethod.jp/articles/en
    hanced-aws-security-in-cloud-shift/
    "84ηΩϡϦςΟجૅ

    View Slide

  21. "84ηΩϡϦςΟͷࡉ͔͍࿩
    ● ηΩϡϦςΟػೳͷ࢖͍ํ
    ˓ $MPVE5SBJM
    ˓ $POGJH
    ˓ (VBSE%VUZ
    ˓ %FUFDUJWF
    ˓ "UIFOB

    View Slide

  22. ηΩϡϦςΟػೳͷ࢖͍ํ$MPVE5SBJM
    Πϕϯτཤྺ͔Β؆୯ͳΫΤϦ͸͔͚ΕΔ
    ৄࡉ͸"UIFOBͰௐ΂Δ΂͠

    View Slide

  23. "84ϩά֬ೝͷ஫ҙ఺
    ● $MPVE5SBJMͷϩά͸छྨ͋Δ
    ˓ ؅ཧΠϕϯτ
    ˙ ௨ৗͷ"84؀ڥΛૢ࡞͢Δ"1*Λه࿥
    ˙ ຆͲͷૢ࡞͕͜Εʹ֘౰
    ˙ 5SBJMΛ༗ޮԽ͢Δͱࣗಈతʹऔಘ͞ΕΔ
    ˓ σʔλΠϕϯτ
    ˙ 4ͱ-BNCEBͷσʔλӾཡ (FU0CKFDU
    ΍࣮ߦ *OWPLF

    ͳͲͷ"1*Λه࿥
    ˙ 5SBJMΛ༗ޮԽ͢Δ͚ͩͰ͸औಘ͞Εͳ͍ Ұൠతʹඅ༻͕
    ര্͕Γ͢ΔͨΊ

    ˙ 5SBJMඪ४ίϯιʔϧ΍%FUFDUJWFͳͲͰ͸ݟΕͳ͍ 4ͷ
    ϩάΛνΣοΫ͢Δඞཁ͕͋Δ

    View Slide

  24. "84"1*ͷ໊લͷେମͷ๏ଇ
    ● ໊લΛݟͨΒ͍͍ͩͨԿ͍ͯ͠Δ͔Θ͔Δ
    ● େ͖͘छྨ
    ˓ ಡΈࠐΈ ୯ମऔಘ
    (FU
    ˓ Ϧετ ෳ਺औಘ
    -JTU
    ˓ ॻ͖ࠐΈ ࡞੒ɾ࣮ߦͳͲ
    1VU $SFBUF౳
    ● Πϯγσϯτ࣌ʹಛʹؾʹ͢Δͷ͸ҎԼ
    ˓ ॻ͖ࠐΈܥ
    ˓ ݖݶͷૢ࡞ *".ͷૢ࡞

    View Slide

  25. ηΩϡϦςΟػೳͷ࢖͍ํ$POGJH
    ϦιʔελΠϓ΍*%ͰߜΓࠐΈ

    View Slide

  26. ηΩϡϦςΟػೳͷ࢖͍ํ$POGJH
    ઃఆλΠϜϥΠϯͰมߋཤྺΛ֬ೝ

    View Slide

  27. ηΩϡϦςΟػೳͷ࢖͍ํ$POGJH
    ࣌ؒຖͷม
    ߋՕॴ͕֬
    ೝͰ͖Δ

    View Slide

  28. ηΩϡϦςΟػೳͷ࢖͍ํ(VBSE%VUZ
    ݕ஌ͨ͠'JOEJOHTΛӈଆͰৄࡉ֬ೝ
    ʮ-FBSO.PSFʯ͔ΒΑΓৄࡉʹ

    View Slide

  29. ηΩϡϦςΟػೳͷ࢖͍ํ%FUFDUJWF
    બΜͰΞΫγϣϯ͔ΒʮௐࠪʯͰ%FUFDUJWF΁

    View Slide

  30. ηΩϡϦςΟػೳͷ࢖͍ํ%FUFDUJWF
    ؔ࿈͢Δ&$Πϯελϯε΍*".ͳͲ͕ฒΜͰΔ
    ୧Γͳ͕ΒԿ͕ߦΘΕ͍ͯΔ͔֬ೝ͢Δ

    View Slide

  31. ηΩϡϦςΟػೳͷ࢖͍ํ%FUFDUJWF
    ֘౰ΫϨσϯγϟϧ͔ΒͲͷ"1*͕࣮ߦ͞Ε͔ͨ
    Ͳͷ*1͔Β࣮ߦ͞Ε͔ͨαϚϦͰදࣔ

    View Slide

  32. ηΩϡϦςΟػೳͷ࢖͍ํ"UIFOB
    ࢖͍࢝Ί͸ΫΤϦΛอଘ͢Δ৔ॴͷઃఆΛߦ͏

    View Slide

  33. ηΩϡϦςΟػೳͷ࢖͍ํ"UIFOB
    "UIFOBͷΫΤϦΤϯδϯ͸1SFTUP
    େମී௨ͷ42-ͩͱࢥ͍͍ͬͯ ςΩτ΢
    $MPVE5SBJMͷςʔϒϧߏ੒͸ҎԼࢀর
    https://docs.aws.amazon.com/ja_jp/athena/latest/ug/cloudtrail-logs.html

    View Slide

  34. ηΩϡϦςΟػೳͷ࢖͍ํ"UIFOB
    ओཁͳ߲໨
    ● FWFOU5JNF"1*ίʔϧͨ࣌ؒ͠
    ● FWFOU/BNF"1*ͷ໊લ
    ● FWFOU4PVSDF"1*ͷର৅"84αʔϏε
    ● BXT3FHJPOϦʔδϣϯ
    ● TPVSDF*Q"EESFTTૹ৴ݩ*1
    ● VTFS*EFOUJUZ
    ˓ VTFS/BNF*".Ϣʔβ໊
    ˓ TFTTJPO$POUFYUTFTTJPO*TTVFSVTFS/BNF*".ϩʔϧ໊

    View Slide

  35. ͓·͚4*&.PO"NB[PO&4
    "84ͷ֤छϩάΛՄࢹԽ͢Δ044ͷ4*&.ιϦϡʔγϣϯ
    ʮ4*&.PO"NB[PO&4ʯ͕"84͔Βެ։͞ΕͨͷͰ
    $MPVE5SBJMϩάΛՄࢹԽͯ͠Έͨ
    https://dev.classmethod.jp/articles/getting-started-siem-on-amazon-elasticsearch-service/

    View Slide

  36. "84ʹର͢Δ߈ܸͷઆ໌
    ● ΫϨσϯγϟϧͷ࿙Ӯ ݖݶঢ֨
    ● 443'

    View Slide

  37. ΫϨσϯγϟϧͷ࿙Ӯ
    ● ీʹ΋֯ʹ΋*".ΫϨσϯγϟϧ͕࿙Ӯ͢Δ
    ˓ *".6TFSͷΞΫηεΩʔΛϋʔυίʔυ͠ͳ͍
    ˓ HJUTFDSFUTΛར༻͢Δ
    ˓ શͯͷ"84ར༻ऀʹ*".ͷجຊతͳڭҭΛߦ͏
    ˙ ࠷௿ݶͷηΩϡϦςΟશൠͦ͏͚ͩͲ

    ˓ ։ൃɾݕূ؀ڥͦ͜༉அ͠ͳ͍
    ˓ ෆཁͳΞΫηεΩʔ࡞੒Λݕ஌ɾ๷ࢭ͢Δ
    ˓ (VBSE%VUZͰෆਖ਼ར༻Λݕ஌͢Δ
    ˓ ηΩϡϦςΟʹؔ͢Δ࿈བྷઌͰϝʔϧΛνΣοΫ͢Δ

    View Slide

  38. ݖݶ͕ߜΒΕ͍ͯͯ΋ݖݶঢ֨͞ΕΔ
    ● 1PXFS6TFS͸౰વ΍ΒΕΔ ϚΠχϯά

    ● ࿙Ӯͨ͠ݖݶ͕"ENJO΍1PXFS6TFSͰͳͯ͘΋
    ༉அͯ͠͸͍͚ͳ͍ɺݖݶঢ֨͞ΕΔ৔߹΋͋
    Δ
    ● ݹ͍ϙϦγʔόʔδϣϯ͔Βঢ֨
    ● &$༻ͷ*".3PMF ΠϯελϯεϓϩϑΝΠϧ

    ● JBN1BTT3PMF͔Β-BNCEB΍$MPVE'PSNBUJPO

    View Slide

  39. ● &$ʹ͸ϝλσʔλαʔϏε͕͋Δ
    ● ʹΞΫηε͢Δͱ৭ʑऔΕΔ
    ● &$ʹΞλον͞Ε͍ͯΔ*".3PMFͷҰ࣌ΫϨσϯ
    γϟϧ΋औಘͰ͖Δ
    ● 443' 4FSWFS4JEF3FRVFTU'PSHFSZ
    ͸߈ܸऀ͔Β
    ௚઀౸ୡͰ͖ͳ͍αʔόʔʹର͢Δ߈ܸख๏ͷҰछ
    ● ৄࡉ͸443' 4FSWFS4JEF3FRVFTU'PSHFSZ
    పఈೖ
    ໳ cಙؙߒͷ೔ه
    ˓ https://blog.tokumaru.org/2018/12/introduction-to-ssrf-server-side-request-forgery.html
    443'

    View Slide

  40. 443'
    ● ࠷ۙ͸*.%4WΛར༻͢Δ͜ͱ΋Ͱ͖Δ
    ˓ ͨͩະରԠͷ෦෼͕ଟ͍
    ˓ ׬ᘳʹ๷͛ΔΘ͚Ͱ͸ͳ͍
    ● ͦ΋ͦ΋೚ҙ63-Λड͚औΔॲཧ͕ඞཁ͔Ͳ͏
    ͔Λݕ౼

    View Slide

  41. ՝୊આ໌
    ● എܠ
    ● ΞϓϦέʔγϣϯઆ໌
    ● "84؀ڥઆ໌
    ● Πϯγσϯτઆ໌
    ● Ξϓϩʔνઆ໌
    ● ՝୊આ໌

    View Slide

  42. എܠ
    ࣌͸99೥ɺ৘ใηΩϡϦςΟք۾Ͱ͸
    ʮ4FDVUUFSʯͱ͍͏Ϣʔβʔ౤ߘܕͭͿ΍͖αΠτ͕
    ྲྀߦ͍ͯͨ͠ɻ
    ͋Δ೔ɺεʔύʔΠϯγσϯτϋϯυϥʔͷ͋ͳͨͷ
    ΋ͱʹҰͭͷґཔ͕෣͍ࠐΜͰ͖ͨʜ
    ʮ4FDVUUFS͕΍ΒΕͨʂʂʯ
    ͦͷ೔͔Βɺ৘ใηΩϡϦςΟք۾ͷྺ࢙͕มΘͬͨ
    ͷͰ͋Δ

    View Slide

  43. ొ৔ਓ෺
    ● 4FDVUUFSࣾ
    ˓ $&0ࠓճͷґཔओɻ4FDVUUFSͷ૑ۀऀʹͯ͠α
    ʔϏε։ൃऀɻ
    ˓ ΤϯδχΞ"#$4FDVUUFSͷ։ൃӡ༻อकͳΜ
    Ͱ΋΍Γ·͢ɻத਎͸զʑɻ
    ˓ TVQFSEFWFMPQFS࠷ۙδϣΠϯͨ͠εʔύʔͳ
    σϕϩούʔɻ4FDVUUFSΛαʔόʔϨεʹϦχ
    ϡʔΞϧ͢ΔͨΊʹςετΛ͍ͯͨ͠ɻ

    View Slide

  44. ґཔ಺༰
    ● $&0ʮ͓͓ͬɺΑ͘དྷͯ͘Εͨɺ͖Έʂ࣮͸
    4FDVUUFS͸"84্Ͱಈ͔͍ͯ͠Δͷ͕ͩɺઌఔ
    "84͔Β"CVTFϨϙʔτ͕ಧ͍ͯɺௐ΂ͯΈͨΒ
    4FDVUUFSͷ"84ΞΧ΢ϯτ্ͰίΠϯϚΠφʔ͕
    ಈ͍͍ͯͨΜͩʂͱΓ͋͑ͣαʔϏε͸Ұ࣌ఀࢭ͠
    ͯίΠϯϚΠφʔΛࢭΊͨΓόοΫΞοϓΛऔಘ͠
    ͨΓͨ͠ɻ͜ͷ"84؀ڥͷௐࠪΛ͖Έʹ͓ئ͍ͨ͠
    ͍ʂʯ

    View Slide

  45. ΞϓϦέʔγϣϯৄࡉ
    ηΩϡΞͳͭͿ΍͖ܕ4/4ʮ4FDVUUFSʯ
    ओͳػೳ
    ● ϩάΠϯ
    ● ϓϩϑΟʔϧมߋ
    ● ͭͿ΍͖౤ߘ
    ● ͍͍Ͷ

    View Slide

  46. ΞϓϦέʔγϣϯৄࡉ
    4FDVUUFSͷཪଆ
    Nginx
    PHP
    MySQL
    Client
    Internet
    Intranet

    View Slide

  47. "84؀ڥઆ໌
    શମ૾͸͜Μ
    ͳײ͡

    View Slide

  48. "84؀ڥઆ໌
    ● Α͋͘Δ૚ߏ଄8FCΞϓϦέʔγϣϯ
    ˓ ϑϩϯτ͸"-#
    ˓ 8FCαʔόʔͰ&$
    ˓ %#͸3%4 .Z42-

    ˓ ౿Έ୆αʔόʔ͸؅ཧऀ͕44)͢Δ
    ● ϩά͸4
    ˓ "84ϩά͸"84-PHT΁
    ˓ ΞϓϦϩά͸4FDVUUFS-PHT΁

    View Slide

  49. Πϯγσϯτઆ໌
    ● ࣌ࠒ"84͔Βͷ"CVTFϨϙʔ
    τ ϝʔϧ
    ʹͯΠϯγσϯτ͕ൃੜͨ͜͠ͱΛ֬

    ● (VBSE%VUZʹͯΦϨΰϯϦʔδϣϯͰෆਖ਼ͳ
    &$͕࡞੒͞ΕԾ૝௨՟͕࠾۷ʢϚΠχϯάʣ
    ͞Ε͍ͯΔ͜ͱΛ֬ೝ͠ఀࢭ
    ● 4FDVUUFSαʔϏε΋৵֐͞Ε͍ͯΔՄೳੑ͕͋
    Δ

    View Slide

  50. Πϯγσϯτઆ໌
    ● ؀ڥอશͷͨΊɺTFDVUUFSQSEXFC&$ͷ
    ".*όοΫΞοϓΛऔಘ
    ● ௐࠪ༻VCVOUVΛ࡞੒͠෮ݩͨ͠ΛϚ΢ϯτ
    ● ֘౰࣌ؒͷ4FDVUUFSΞϓϦϩά"84ϩάΛ
    DBNQTFDVUUFSMPHTDBNQ
    BXTMPHTόέοτʹෳ੡
    ● "UIFOBͰ্هϩάΛղੳͰ͖ΔΑ͏४උ

    View Slide

  51. Πϯγσϯτઆ໌
    ● ॳಈରԠޙ
    ͷ؀ڥ

    View Slide

  52. ՝୊આ໌
    ● ֤छϩάΛௐࠪ͠ɺҎԼͷ؍఺Ͱௐࠪ಺༰Λ·ͱ
    Ί͍ͯͩ͘͞ɻ
    ˓ ࠓճͷΠϯγσϯτʹ͍ͭͯ4FDVUUFSαʔϏε΁ͷӨ
    ڹͷ༗ແΛ֬ೝͯ͠ใࠂ͍ͯͩ͘͠͞ɻ
    ˓ ෆਖ਼ͳ&$͕ಈ࡞͍ͯͨ͠ݪҼʹ͍ͭͯௐࠪΛͯ͘͠
    ͍ͩ͞ɻ
    ˓ αʔϏε࠶։ͷͨΊͷରࡦҊʹ͍ͭͯఏҊ͍ͯͩ͘͠͞ɻ
    ˓ ഑෍ͨ͠ใࠂॻςϯϓϨʔτ͸ࣗ༝ʹ࢖͍ͬͯͩ͘͞
    ఏग़ͷඞཁ͸͋Γ·ͤΜ

    View Slide

  53. Ξϓϩʔνઆ໌
    ● ҎԼͷͲΕ͔޷͖ͳͱ͜Ζ͔Β࢝ΊΔͱྑͦ͞
    ͏
    ˓ ෆਖ਼ͳ&$͕ىಈ͞Εͨํ๏͔Β
    ˓ (VBSE%VUZͷݕ஌ͨ͠಺༰͔Β
    ˓ 8FCαʔόʔͷத਎͔Β
    ˓ /HJOYͷϩά͔Β
    ˓ ࣮ࡍͷ8FCΞϓϦͷಈ͖͔Β

    View Slide

  54. "UIFOB࢖༻։࢝࣌ͷઃఆ
    ● ࢖༻։࢝࣌ͷઃఆ
    ˓ <4FUUJOHT> <2VFSZSFTVMUMPDBUJPO>ʹ TBXT
    BUIFOBRVFSZSFTVMUTBQ
    OPSUIFBTUΛઃఆ͢Δ
    ● ࢖͍ํͷίπ
    ˓ ΫΤϦޙӈͷϘλϯ͔Β$47μ΢ϯϩʔυͨ͠΄͏
    ͕͜Ͷ͜Ͷ͠΍͍͢

    View Slide

  55. ৵֐͞Εͨ&$؀ڥͷௐࠪʹ͍ͭͯ
    ● ৵֐͞Εͨ&$؀ڥ͸ࣄނ౰೔ʹεφοϓγϣοτ͕औಘ͞Εɺอ
    શ͞Ε͍ͯ·͢ɻ
    ● ͜ͷεφοϓγϣοτΛར༻ͯ͠ɺϘϦϡʔϜΛ෮ݩ͠ɺ৵֐
    ͞Εͯ͠·ͬͨ&$಺ͷϦιʔεΛௐࠪ͠·͢ɻ
    ● ࠓճͷԋशͰ͸&$ͷσΟεΫΠϝʔδΛར༻ͯ͠ɺϩʔΧϧͰௐ
    ࠪΛߦ͍·͢ɻ
    ● ௐࠪํ๏ʹ͍ͭͯ͸Πϕϯτࣄલ഑෍ࢿྉͷʮ৵֐͞Εͨ&$؀ڥ
    ͷσΟεΫΠϝʔδʹؔ͢Δௐࠪʹ͍ͭͯʯΛ֬͝ೝ͍ͩ͘͞ɻ
    【参考】AWS EC2 のHDD解析(フォレンジック)
    https://ierae.co.jp/blog/awsec2-hdd-analytics/

    View Slide

  56. ௐࠪͷϙΠϯτ
    ͔͜͜Β͸ɺࠓ··Ͱ͋·ΓϩάղੳΛ΍ͬͨ͜ͱ͕
    ͳ͍ਓ޲͚ʹɺௐࠪͷϙΠϯτΛ؆୯ʹઆ໌͠·͢ɻ
    ࣗ৴͕͋Δํ͸ղੳΛελʔτ͍͍ͯͨͩͯ͠΋શવ
    0,Ͱ͢ʂ

    View Slide

  57. ͜Μͳײ͡Ͱௐࠪ͢Δͱྑ͍͔΋
    ͜Ε͸͋͘·Ͱਪ঑ͷΞϓϩʔνͰɺઈର͜͏͠ͳ͚Ε͹ͳΒͳ
    ͍ͱ͍͏΋ͷͰ͸͋Γ·ͤΜɻղੳ࣌ͷࢀߟͱ͍ͯͩ͘͠͞ɻ
    ● ·ͣ͸ศརͳ%FUFDUJWFͷػೳΛ্ख͘࢖͓͏ʂ
    (VBSE%VUZͰͷݕग़߲໨ΛτϦΨͱͯ͠ɺ%FUFDUJWFΛར༻ͯ͠ɺ
    ߈ܸऀͷେ·͔ͳಈ͖΍߈ܸʹؔ࿈͢ΔϦιʔεΛνΣοΫͯ͠Έ
    Α͏
    ˓ ߈ܸऀͷ*1ΞυϨεԿ͔ʁ
    ˓ ߈ܸʹؔ࿈͢Δ"84ͷϦιʔε͸ʁ
    ˓ ո͛͠ͳ"1*Λ࣮ߦ͍ͯ͠ͳ͍ͩΖ͏͔ʁ
    ˓ ࣄ৅Λݕग़͍ͯͨ࣌ؒ͠͸ʁ

    View Slide

  58. ͜Μͳײ͡Ͱௐࠪ͢Δͱྑ͍͔΋
    ● "84ͷϦιʔε΋֬ೝ
    %FUFDUJWFͷ಺༰͔Βɺ߈ܸʹؔ࿈͢Δͱ͞Ε͍ͯͨϦιʔεͷத
    ਎Λ࣮ࡍʹ֬ೝͯ͠ΈΔɻ
    ˓ Կ͔͓͔͠ͳ఺͸ͳ͍͔ʁ
    ˓ ߈ܸऀʹΑͬͯ࡞੒ͨ͠΋ͷ͕͋Δ͔΋͠Εͳ͍ɻ
    ● ෼͔ͬͨ͜ͱΛҰ୴੔ཧ
    ϩάΛݟΔલʹҰ୴৘ใΛ੔ཧͯ͠ղੳͷํ਑Λཱͯ·͠ΐ͏
    ˓ ೺Ѳͨ͜͠ͱΛฒ΂ͯΈΔɻ
    ˓ ݱࡏ൑໌͍ͯ͠Δࣄ৅Λجʹɺ߈ܸΛਪଌͯ͠ΈΔɻ
    ˓ ௐ΂Δ΂͖͜ͱ͸Կ͔ϙΠϯτΛߜͬͯΈΔɻ

    View Slide

  59. ͜Μͳײ͡Ͱௐࠪ͢Δͱྑ͍͔΋
    ● ֤छϩάͷղੳΛߦ͏
    ઌ΄Ͳཱͯͨํ਑Λجʹɺ֤छϩά $MPVE5SBUJMɺ/HJOYɺ&$಺
    ͷϦιʔεɺ3%4
    Λݟͯߦ͖·͠ΐ͏
    ˓ ࠓ·Ͱʹಘͨ৘ใΛݩʹߜΓࠐΈΛߦ͍ɺϙΠϯτΛߜ֤ͬͯ
    छϩάΛղੳ
    ˓ ղੳ͢ΔதͰ൑໌ͨ͜͠ͱΛ࣌ܥྻͰॻ͖ཹΊͯΈΔɻ
    ˓ ߈ܸͷࠟ੻Λݟ͚ͭͨ৔߹ʹ͸ؔ࿈͢Δϩά͕ଞͷϩάʹ΋ͳ
    ͍͔Λ߹Θͤͯ֬ೝ͢Δͱྑ͍ɻ

    View Slide

  60. ղઆ΁ଓ͘

    View Slide