とある診断員とSecurity-JAWS#02座学資料

Transcript

1. ͱ͋Δ਍அһͱ4FDVSJUZ+"84
   ࠲ֶฤࢿྉ
   
   

   View Slide

2. ໨࣍
   Πϕϯτ֓ཁ
   ߨࢣ঺հ
   "84ηΩϡϦςΟͷجૅߨٛ
   "84ʹର͢Δ߈ܸͷઆ໌
   ՝୊આ໌
   ՝୊࣮ࢪ
   ৼΓฦΓ
   

   View Slide

3. Πϕϯτ֓ཁ
   ● ֓ཁ
   ● ΠϕϯτͷਐΊํ
   ● λΠϜςʔϒϧ
   

   View Slide

4. ֓ཁ
   ຊΠϕϯτͰ͸ɺΫϥ΢υ؀ڥͳΒͰ͸ͷηΩϡϦ
   ςΟΠϯγσϯτϨεϙϯεΛܦݧ͢Δ͜ͱΛ໨త
   ͱͯ͠ɺ৵֐͞Εͯ͠·ͬͨ"84؀ڥʹରͯ͠ௐ
   ࠪΛߦ͍·͢ɻ
   Քಇ͍ͯͨ͠&$αʔόʔ΍ϚωʔδυαʔϏεɺ
   ֤छΞΫηεϩάɺ"84؀ڥͷઃఆঢ়گΛղੳ͠
   ͯɺ৵֐ͷݪҼ΍ඃ֐ൣғͷಛఆɺҰ࿈ͷ߈ܸ΁ͷ
   ରࡦҊͷݕ౼Λߦ͍·͢ɻ
   

   View Slide

5. ֶश໨ඪ
   ● "84؀ڥͷηΩϡϦςΟΛֶͿ ޕલ
   
   ● ࣮ફతͳ"84؀ڥͷΠϯγσϯτௐࠪΛ௨ͯ͡
   "84؀ڥͰͷରࡦΛମݧ͠׆͔͢ ޕޙ
   
   

   View Slide

6. ߨࢣ঺հ
   ● ӓాՂ༞
   ● ऱ࡚ढ़
   

   View Slide

7. ߨࢣ঺հӓాՂ༞
   Ϋϥεϝιουגࣜձࣾ
   ɾ"84ࣄۀຊ෦
   ιϦϡʔγϣϯΞʔΩςΫτ
   ηΩϡϦςΟνʔϜϦʔμʔ
   ɾ4FDVSJUZ+"84ӡӦ
   ɾ޷͖ͳαʔϏε
   "848"'Ϛωʔδυϧʔϧ
   ɾ୲౰"84؀ڥߏங
   https://dev.classmethod.jp/author/usuda-keisuke/
   

   View Slide

8. ߨࢣ঺հऱ࡚ढ़
   ऱ࡚ ढ़ʢ4IVO4V[BLJʣ
   ࡾҪ෺࢈ηΩϡΞσΟϨΫγϣϯגࣜձࣾʹॴଐ
   ϖωτϨʔγϣϯςετͳͲΛத৺ͱͨ͠ηΩϡϦςΟαʔϏεఏڙʹ
   ैࣄ͢Δɺͱ͋ΔηΩϡϦςΟΤϯδχΞ
   公開スライド:http://www.slideshare.net/zaki4649/
   Blog:http://tigerszk.hatenablog.com/
   著書（翻訳）:詳解HTTP/2
   Twitter:とある診断員@tigerszk
   ● ISOG-J WG1
   ● Burp Suite Japan User Group
   ● OWASP JAPAN Promotion
   Team
   ● #ssmjp
   ● MINI Hardening Project
   I‘M A CERTAIN
   PENTESTER!
   ୲౰ɿ߈ܸγφϦΦ࡞੒
   

   View Slide

9. "84ηΩϡϦςΟͷجૅߨٛ
   ● "84ηΩϡϦςΟجૅ
   ● ࠷ۙͷ߈ܸऀͷಈ޲
   ● "84ͰͷηΩϡϦςΟରࡦ
   

   View Slide

10. ηΩϡϦςΟͷલʹͦ΋ͦ΋"84ͷϝϦοτͱ͸ʁ
    "84ͷ Ϋϥ΢υ͕બ͹ΕΔ ͷཧ༝
    IUUQTBXTBNB[PODPNKQBXTUFOSFBTPOT
    ཧ༝ॳظඅ༻θϩʗ௿Ձ֨
    

    View Slide

11. ηΩϡϦςΟͷલʹͦ΋ͦ΋"84ͷϝϦοτͱ͸ʁ
    ॊೈੑ΍ढ़හੑ
    

    View Slide

12. ηΩϡϦςΟͷલʹͦ΋ͦ΋"84ͷϝϦοτͱ͸ʁ
    ϚωʔδυαʔϏεʹΑΔӡ༻ෛՙͷܰݮ
    

    View Slide

13. ηΩϡϦςΟͷલʹͦ΋ͦ΋"84ͷϝϦοτͱ͸ʁ
    ߴ͍ηΩϡϦςΟΛ֬อͰ͖Δͷ΋ϝϦοτ
    

    View Slide

14. ϝϦοτ͸͍Ζ͍Ζ͋Δ
    ● શͯ͸ϏδωεΛՃ଎͢ΔͨΊʹ͋Δ
    ● ηΩϡϦςΟ΋ϏδωεΛՃ଎ͤ͞ΔͨΊʹ͋
    Δ
    ● ηΩϡϦςΟ͕ͦΕΛ๦֐ͯ͠͸ͳΒͳ͍
    ● "84Ͱ͸ಛʹଞͷཁૉͱτϨʔυΦϑͤͣʹη
    ΩϡϦςΟΛڧԽͰ͖Δ ߈ΊͷηΩϡϦςΟ
    ● ໨త͸ҰॹͳΒखΛऔΓ߹͍ਐΊΒΕΔ
    

    View Slide

15. "84ηΩϡϦςΟجૅ
    "84ͷηΩϡϦ
    ςΟͰ·ͣҙࣝ
    ͢Δͷ͸੹೚ڞ
    ༗Ϟσϧ
    "84ͱϢʔβʔ
    ͷ੹೚Λ࣋ͭൣ
    ғ͸໌֬
    

    View Slide

16. "84ηΩϡϦςΟجૅ
    "84ηΩϡϦςΟ͸େ͖͘෼͚Δͱͭ
    ● "84ϨΠϠʔͷηΩϡϦςΟ
    ˓ "84ಛ༗ͷ΋ͷͳͷͰ֮͑Δ
    ● 04ϨΠϠʔҎ্ͷηΩϡϦςΟ
    ˓ طଘͱಉ͡Ͱ஌ࣝΛ࢖͍ճͤΔ
    ˓ "84΍αʔυύʔςΟͷΤίγεςϜΛ׆༻Ͱ͖Δ
    

    View Slide

17. "84ηΩϡϦςΟجૅ"84ϨΠϠʔ
    ● ඞͣ࢖͏"84αʔϏε
    ˓ $MPVE5SBJM
    ˙ "84ͷ"1*࣮ߦཤྺΛอଘ͢Δ
    ˙ ٯʹݴ͏ͱϢʔβʔଆͰऔಘ͢Δඞཁ͕͋Δ
    ˓ $POGJH
    ˙ "84ϦιʔεͷมߋཤྺΛอଘ͢Δ
    ˓ (VBSE%VUZ
    ˙ *".&$4ͷ༷ʑͳڴҖΛݕ஌͢Δ
    ˙ ίΠϯϚΠχϯάͱ͔ΞΫηεΩʔ࿙Ӯͱ͔
    

    View Slide

18. "84ηΩϡϦςΟجૅ"84ϨΠϠʔ
    ● ॏཁͳઃఆ
    ˓ 4ͷΞΫηε੍ޚ
    ˙ ઈରʹେࣄͳ৘ใΛެ։͠ͳ͍
    ˙ όέοτϙϦγʔ"$-ύϒϦοΫΞΫηεϒϩ
    οΫͳͲෳ਺ͷ੍ޚखஈ͕͋Δ
    ˓ *".6TFSͷΞΫηεΩʔ؅ཧ
    ˙ ઈରʹίʔυʹຒΊࠐΜͰ(JUͰެ։͠ͳ͍
    ˓ 4FDVSJUZ(SPVQ
    ˙ 44)3%1ͳͲΛͰެ։ͨ͠Γ͠ͳ͍
    

    View Slide

19. "84ηΩϡϦςΟجૅ04ϨΠϠʔҎ্
    ● 04ηΩϡϦςΟ͸͕Μ͹Δ
    ● "848"'͸҆ͯ͘਌࿨ੑͷߴ͍8"'
    ● ϩάϝτϦΫε͸$MPVE8BUDI
    ● ϩά෼ੳ͸"UIFOBՄࢹԽʹ2VJDL4JHIU
    ● ೝূ͸$PHOJUP
    ˓ ϦεΫϕʔεೝূͳͲՄೳ
    ● ίϯςφΠϝʔδ͸&$3ϦϙδτϦεΩϟϯ
    

    View Slide

20. ৄࡉ͸ϒϩάͰ
    ʮΫϥ΢υγϑτʹ͋Θ
    ͤͨ"84ηΩϡϦςΟ
    ڧԽͷ͸͡Ίํʯͱ͍͏
    λΠτϧͰొஃ͠·ͨ͠
    https://dev.classmethod.jp/articles/en
    hanced-aws-security-in-cloud-shift/
    "84ηΩϡϦςΟجૅ
    

    View Slide

21. "84ηΩϡϦςΟͷࡉ͔͍࿩
    ● ηΩϡϦςΟػೳͷ࢖͍ํ
    ˓ $MPVE5SBJM
    ˓ $POGJH
    ˓ (VBSE%VUZ
    ˓ %FUFDUJWF
    ˓ "UIFOB
    

    View Slide

22. ηΩϡϦςΟػೳͷ࢖͍ํ$MPVE5SBJM
    Πϕϯτཤྺ͔Β؆୯ͳΫΤϦ͸͔͚ΕΔ
    ৄࡉ͸"UIFOBͰௐ΂Δ΂͠
    

    View Slide

23. "84ϩά֬ೝͷ஫ҙ఺
    ● $MPVE5SBJMͷϩά͸छྨ͋Δ
    ˓ ؅ཧΠϕϯτ
    ˙ ௨ৗͷ"84؀ڥΛૢ࡞͢Δ"1*Λه࿥
    ˙ ຆͲͷૢ࡞͕͜Εʹ֘౰
    ˙ 5SBJMΛ༗ޮԽ͢Δͱࣗಈతʹऔಘ͞ΕΔ
    ˓ σʔλΠϕϯτ
    ˙ 4ͱ-BNCEBͷσʔλӾཡ (FU0CKFDU
    ΍࣮ߦ *OWPLF
    
    ͳͲͷ"1*Λه࿥
    ˙ 5SBJMΛ༗ޮԽ͢Δ͚ͩͰ͸औಘ͞Εͳ͍ Ұൠతʹඅ༻͕
    ര্͕Γ͢ΔͨΊ
    
    ˙ 5SBJMඪ४ίϯιʔϧ΍%FUFDUJWFͳͲͰ͸ݟΕͳ͍ 4ͷ
    ϩάΛνΣοΫ͢Δඞཁ͕͋Δ
    
    

    View Slide

24. "84"1*ͷ໊લͷେମͷ๏ଇ
    ● ໊લΛݟͨΒ͍͍ͩͨԿ͍ͯ͠Δ͔Θ͔Δ
    ● େ͖͘छྨ
    ˓ ಡΈࠐΈ ୯ମऔಘ
    (FU
    ˓ Ϧετ ෳ਺औಘ
    -JTU
    ˓ ॻ͖ࠐΈ ࡞੒ɾ࣮ߦͳͲ
    1VU $SFBUF౳
    ● Πϯγσϯτ࣌ʹಛʹؾʹ͢Δͷ͸ҎԼ
    ˓ ॻ͖ࠐΈܥ
    ˓ ݖݶͷૢ࡞ *".ͷૢ࡞
    
    

    View Slide

25. ηΩϡϦςΟػೳͷ࢖͍ํ$POGJH
    ϦιʔελΠϓ΍*%ͰߜΓࠐΈ
    

    View Slide

26. ηΩϡϦςΟػೳͷ࢖͍ํ$POGJH
    ઃఆλΠϜϥΠϯͰมߋཤྺΛ֬ೝ
    

    View Slide

27. ηΩϡϦςΟػೳͷ࢖͍ํ$POGJH
    ࣌ؒຖͷม
    ߋՕॴ͕֬
    ೝͰ͖Δ
    

    View Slide

28. ηΩϡϦςΟػೳͷ࢖͍ํ(VBSE%VUZ
    ݕ஌ͨ͠'JOEJOHTΛӈଆͰৄࡉ֬ೝ
    ʮ-FBSO.PSFʯ͔ΒΑΓৄࡉʹ
    

    View Slide

29. ηΩϡϦςΟػೳͷ࢖͍ํ%FUFDUJWF
    બΜͰΞΫγϣϯ͔ΒʮௐࠪʯͰ%FUFDUJWF΁
    

    View Slide

30. ηΩϡϦςΟػೳͷ࢖͍ํ%FUFDUJWF
    ؔ࿈͢Δ&$Πϯελϯε΍*".ͳͲ͕ฒΜͰΔ
    ୧Γͳ͕ΒԿ͕ߦΘΕ͍ͯΔ͔֬ೝ͢Δ
    

    View Slide

31. ηΩϡϦςΟػೳͷ࢖͍ํ%FUFDUJWF
    ֘౰ΫϨσϯγϟϧ͔ΒͲͷ"1*͕࣮ߦ͞Ε͔ͨ
    Ͳͷ*1͔Β࣮ߦ͞Ε͔ͨαϚϦͰදࣔ
    

    View Slide

32. ηΩϡϦςΟػೳͷ࢖͍ํ"UIFOB
    ࢖͍࢝Ί͸ΫΤϦΛอଘ͢Δ৔ॴͷઃఆΛߦ͏
    

    View Slide

33. ηΩϡϦςΟػೳͷ࢖͍ํ"UIFOB
    "UIFOBͷΫΤϦΤϯδϯ͸1SFTUP
    େମී௨ͷ42-ͩͱࢥ͍͍ͬͯ ςΩτ΢
    $MPVE5SBJMͷςʔϒϧߏ੒͸ҎԼࢀর
    https://docs.aws.amazon.com/ja_jp/athena/latest/ug/cloudtrail-logs.html
    

    View Slide

34. ηΩϡϦςΟػೳͷ࢖͍ํ"UIFOB
    ओཁͳ߲໨
    ● FWFOU5JNF"1*ίʔϧͨ࣌ؒ͠
    ● FWFOU/BNF"1*ͷ໊લ
    ● FWFOU4PVSDF"1*ͷର৅"84αʔϏε
    ● BXT3FHJPOϦʔδϣϯ
    ● TPVSDF*Q"EESFTTૹ৴ݩ*1
    ● VTFS*EFOUJUZ
    ˓ VTFS/BNF*".Ϣʔβ໊
    ˓ TFTTJPO$POUFYUTFTTJPO*TTVFSVTFS/BNF*".ϩʔϧ໊
    

    View Slide

35. ͓·͚4*&.PO"NB[PO&4
    "84ͷ֤छϩάΛՄࢹԽ͢Δ044ͷ4*&.ιϦϡʔγϣϯ
    ʮ4*&.PO"NB[PO&4ʯ͕"84͔Βެ։͞ΕͨͷͰ
    $MPVE5SBJMϩάΛՄࢹԽͯ͠Έͨ
    https://dev.classmethod.jp/articles/getting-started-siem-on-amazon-elasticsearch-service/
    

    View Slide

36. "84ʹର͢Δ߈ܸͷઆ໌
    ● ΫϨσϯγϟϧͷ࿙Ӯ ݖݶঢ֨
    ● 443'
    

    View Slide

37. ΫϨσϯγϟϧͷ࿙Ӯ
    ● ీʹ΋֯ʹ΋*".ΫϨσϯγϟϧ͕࿙Ӯ͢Δ
    ˓ *".6TFSͷΞΫηεΩʔΛϋʔυίʔυ͠ͳ͍
    ˓ HJUTFDSFUTΛར༻͢Δ
    ˓ શͯͷ"84ར༻ऀʹ*".ͷجຊతͳڭҭΛߦ͏
    ˙ ࠷௿ݶͷηΩϡϦςΟશൠͦ͏͚ͩͲ
    
    ˓ ։ൃɾݕূ؀ڥͦ͜༉அ͠ͳ͍
    ˓ ෆཁͳΞΫηεΩʔ࡞੒Λݕ஌ɾ๷ࢭ͢Δ
    ˓ (VBSE%VUZͰෆਖ਼ར༻Λݕ஌͢Δ
    ˓ ηΩϡϦςΟʹؔ͢Δ࿈བྷઌͰϝʔϧΛνΣοΫ͢Δ
    

    View Slide

38. ݖݶ͕ߜΒΕ͍ͯͯ΋ݖݶঢ֨͞ΕΔ
    ● 1PXFS6TFS͸౰વ΍ΒΕΔ ϚΠχϯά
    
    ● ࿙Ӯͨ͠ݖݶ͕"ENJO΍1PXFS6TFSͰͳͯ͘΋
    ༉அͯ͠͸͍͚ͳ͍ɺݖݶঢ֨͞ΕΔ৔߹΋͋
    Δ
    ● ݹ͍ϙϦγʔόʔδϣϯ͔Βঢ֨
    ● &$༻ͷ*".3PMF ΠϯελϯεϓϩϑΝΠϧ
    
    ● JBN1BTT3PMF͔Β-BNCEB΍$MPVE'PSNBUJPO
    

    View Slide

39. ● &$ʹ͸ϝλσʔλαʔϏε͕͋Δ
    ● ʹΞΫηε͢Δͱ৭ʑऔΕΔ
    ● &$ʹΞλον͞Ε͍ͯΔ*".3PMFͷҰ࣌ΫϨσϯ
    γϟϧ΋औಘͰ͖Δ
    ● 443' 4FSWFS4JEF3FRVFTU'PSHFSZ
    ͸߈ܸऀ͔Β
    ௚઀౸ୡͰ͖ͳ͍αʔόʔʹର͢Δ߈ܸख๏ͷҰछ
    ● ৄࡉ͸443' 4FSWFS4JEF3FRVFTU'PSHFSZ
    పఈೖ
    ໳ cಙؙߒͷ೔ه
    ˓ https://blog.tokumaru.org/2018/12/introduction-to-ssrf-server-side-request-forgery.html
    443'
    

    View Slide

40. 443'
    ● ࠷ۙ͸*.%4WΛར༻͢Δ͜ͱ΋Ͱ͖Δ
    ˓ ͨͩະରԠͷ෦෼͕ଟ͍
    ˓ ׬ᘳʹ๷͛ΔΘ͚Ͱ͸ͳ͍
    ● ͦ΋ͦ΋೚ҙ63-Λड͚औΔॲཧ͕ඞཁ͔Ͳ͏
    ͔Λݕ౼
    

    View Slide

41. ՝୊આ໌
    ● എܠ
    ● ΞϓϦέʔγϣϯઆ໌
    ● "84؀ڥઆ໌
    ● Πϯγσϯτઆ໌
    ● Ξϓϩʔνઆ໌
    ● ՝୊આ໌
    

    View Slide

42. എܠ
    ࣌͸99೥ɺ৘ใηΩϡϦςΟք۾Ͱ͸
    ʮ4FDVUUFSʯͱ͍͏Ϣʔβʔ౤ߘܕͭͿ΍͖αΠτ͕
    ྲྀߦ͍ͯͨ͠ɻ
    ͋Δ೔ɺεʔύʔΠϯγσϯτϋϯυϥʔͷ͋ͳͨͷ
    ΋ͱʹҰͭͷґཔ͕෣͍ࠐΜͰ͖ͨʜ
    ʮ4FDVUUFS͕΍ΒΕͨʂʂʯ
    ͦͷ೔͔Βɺ৘ใηΩϡϦςΟք۾ͷྺ࢙͕มΘͬͨ
    ͷͰ͋Δ
    

    View Slide

43. ొ৔ਓ෺
    ● 4FDVUUFSࣾ
    ˓ $&0ࠓճͷґཔओɻ4FDVUUFSͷ૑ۀऀʹͯ͠α
    ʔϏε։ൃऀɻ
    ˓ ΤϯδχΞ"#$4FDVUUFSͷ։ൃӡ༻อकͳΜ
    Ͱ΋΍Γ·͢ɻத਎͸զʑɻ
    ˓ TVQFSEFWFMPQFS࠷ۙδϣΠϯͨ͠εʔύʔͳ
    σϕϩούʔɻ4FDVUUFSΛαʔόʔϨεʹϦχ
    ϡʔΞϧ͢ΔͨΊʹςετΛ͍ͯͨ͠ɻ
    

    View Slide

44. ґཔ಺༰
    ● $&0ʮ͓͓ͬɺΑ͘དྷͯ͘Εͨɺ͖Έʂ࣮͸
    4FDVUUFS͸"84্Ͱಈ͔͍ͯ͠Δͷ͕ͩɺઌఔ
    "84͔Β"CVTFϨϙʔτ͕ಧ͍ͯɺௐ΂ͯΈͨΒ
    4FDVUUFSͷ"84ΞΧ΢ϯτ্ͰίΠϯϚΠφʔ͕
    ಈ͍͍ͯͨΜͩʂͱΓ͋͑ͣαʔϏε͸Ұ࣌ఀࢭ͠
    ͯίΠϯϚΠφʔΛࢭΊͨΓόοΫΞοϓΛऔಘ͠
    ͨΓͨ͠ɻ͜ͷ"84؀ڥͷௐࠪΛ͖Έʹ͓ئ͍ͨ͠
    ͍ʂʯ
    

    View Slide

45. ΞϓϦέʔγϣϯৄࡉ
    ηΩϡΞͳͭͿ΍͖ܕ4/4ʮ4FDVUUFSʯ
    ओͳػೳ
    ● ϩάΠϯ
    ● ϓϩϑΟʔϧมߋ
    ● ͭͿ΍͖౤ߘ
    ● ͍͍Ͷ
    

    View Slide

46. ΞϓϦέʔγϣϯৄࡉ
    4FDVUUFSͷཪଆ
    Nginx
    PHP
    MySQL
    Client
    Internet
    Intranet
    

    View Slide

47. "84؀ڥઆ໌
    શମ૾͸͜Μ
    ͳײ͡
    

    View Slide

48. "84؀ڥઆ໌
    ● Α͋͘Δ૚ߏ଄8FCΞϓϦέʔγϣϯ
    ˓ ϑϩϯτ͸"-#
    ˓ 8FCαʔόʔͰ&$
    ˓ %#͸3%4 .Z42-
    
    ˓ ౿Έ୆αʔόʔ͸؅ཧऀ͕44)͢Δ
    ● ϩά͸4
    ˓ "84ϩά͸"84-PHT΁
    ˓ ΞϓϦϩά͸4FDVUUFS-PHT΁
    

    View Slide

49. Πϯγσϯτઆ໌
    ● ࣌ࠒ"84͔Βͷ"CVTFϨϙʔ
    τ ϝʔϧ
    ʹͯΠϯγσϯτ͕ൃੜͨ͜͠ͱΛ֬
    ೝ
    ● (VBSE%VUZʹͯΦϨΰϯϦʔδϣϯͰෆਖ਼ͳ
    &$͕࡞੒͞ΕԾ૝௨՟͕࠾۷ʢϚΠχϯάʣ
    ͞Ε͍ͯΔ͜ͱΛ֬ೝ͠ఀࢭ
    ● 4FDVUUFSαʔϏε΋৵֐͞Ε͍ͯΔՄೳੑ͕͋
    Δ
    

    View Slide

50. Πϯγσϯτઆ໌
    ● ؀ڥอશͷͨΊɺTFDVUUFSQSEXFC&$ͷ
    ".*όοΫΞοϓΛऔಘ
    ● ௐࠪ༻VCVOUVΛ࡞੒͠෮ݩͨ͠ΛϚ΢ϯτ
    ● ֘౰࣌ؒͷ4FDVUUFSΞϓϦϩά"84ϩάΛ
    DBNQTFDVUUFSMPHTDBNQ
    BXTMPHTόέοτʹෳ੡
    ● "UIFOBͰ্هϩάΛղੳͰ͖ΔΑ͏४උ
    

    View Slide

51. Πϯγσϯτઆ໌
    ● ॳಈରԠޙ
    ͷ؀ڥ
    

    View Slide

52. ՝୊આ໌
    ● ֤छϩάΛௐࠪ͠ɺҎԼͷ؍఺Ͱௐࠪ಺༰Λ·ͱ
    Ί͍ͯͩ͘͞ɻ
    ˓ ࠓճͷΠϯγσϯτʹ͍ͭͯ4FDVUUFSαʔϏε΁ͷӨ
    ڹͷ༗ແΛ֬ೝͯ͠ใࠂ͍ͯͩ͘͠͞ɻ
    ˓ ෆਖ਼ͳ&$͕ಈ࡞͍ͯͨ͠ݪҼʹ͍ͭͯௐࠪΛͯ͘͠
    ͍ͩ͞ɻ
    ˓ αʔϏε࠶։ͷͨΊͷରࡦҊʹ͍ͭͯఏҊ͍ͯͩ͘͠͞ɻ
    ˓ ഑෍ͨ͠ใࠂॻςϯϓϨʔτ͸ࣗ༝ʹ࢖͍ͬͯͩ͘͞
    ఏग़ͷඞཁ͸͋Γ·ͤΜ
    
    

    View Slide

53. Ξϓϩʔνઆ໌
    ● ҎԼͷͲΕ͔޷͖ͳͱ͜Ζ͔Β࢝ΊΔͱྑͦ͞
    ͏
    ˓ ෆਖ਼ͳ&$͕ىಈ͞Εͨํ๏͔Β
    ˓ (VBSE%VUZͷݕ஌ͨ͠಺༰͔Β
    ˓ 8FCαʔόʔͷத਎͔Β
    ˓ /HJOYͷϩά͔Β
    ˓ ࣮ࡍͷ8FCΞϓϦͷಈ͖͔Β
    

    View Slide

54. "UIFOB࢖༻։࢝࣌ͷઃఆ
    ● ࢖༻։࢝࣌ͷઃఆ
    ˓ <4FUUJOHT> <2VFSZSFTVMUMPDBUJPO>ʹ TBXT
    BUIFOBRVFSZSFTVMUTBQ
    OPSUIFBTUΛઃఆ͢Δ
    ● ࢖͍ํͷίπ
    ˓ ΫΤϦޙӈͷϘλϯ͔Β$47μ΢ϯϩʔυͨ͠΄͏
    ͕͜Ͷ͜Ͷ͠΍͍͢
    

    View Slide

55. ৵֐͞Εͨ&$؀ڥͷௐࠪʹ͍ͭͯ
    ● ৵֐͞Εͨ&$؀ڥ͸ࣄނ౰೔ʹεφοϓγϣοτ͕औಘ͞Εɺอ
    શ͞Ε͍ͯ·͢ɻ
    ● ͜ͷεφοϓγϣοτΛར༻ͯ͠ɺϘϦϡʔϜΛ෮ݩ͠ɺ৵֐
    ͞Εͯ͠·ͬͨ&$಺ͷϦιʔεΛௐࠪ͠·͢ɻ
    ● ࠓճͷԋशͰ͸&$ͷσΟεΫΠϝʔδΛར༻ͯ͠ɺϩʔΧϧͰௐ
    ࠪΛߦ͍·͢ɻ
    ● ௐࠪํ๏ʹ͍ͭͯ͸Πϕϯτࣄલ഑෍ࢿྉͷʮ৵֐͞Εͨ&$؀ڥ
    ͷσΟεΫΠϝʔδʹؔ͢Δௐࠪʹ͍ͭͯʯΛ֬͝ೝ͍ͩ͘͞ɻ
    【参考】AWS EC2 のHDD解析（フォレンジック）
    https://ierae.co.jp/blog/awsec2-hdd-analytics/
    

    View Slide

56. ௐࠪͷϙΠϯτ
    ͔͜͜Β͸ɺࠓ··Ͱ͋·ΓϩάղੳΛ΍ͬͨ͜ͱ͕
    ͳ͍ਓ޲͚ʹɺௐࠪͷϙΠϯτΛ؆୯ʹઆ໌͠·͢ɻ
    ࣗ৴͕͋Δํ͸ղੳΛελʔτ͍͍ͯͨͩͯ͠΋શવ
    0,Ͱ͢ʂ
    

    View Slide

57. ͜Μͳײ͡Ͱௐࠪ͢Δͱྑ͍͔΋
    ͜Ε͸͋͘·Ͱਪ঑ͷΞϓϩʔνͰɺઈର͜͏͠ͳ͚Ε͹ͳΒͳ
    ͍ͱ͍͏΋ͷͰ͸͋Γ·ͤΜɻղੳ࣌ͷࢀߟͱ͍ͯͩ͘͠͞ɻ
    ● ·ͣ͸ศརͳ%FUFDUJWFͷػೳΛ্ख͘࢖͓͏ʂ
    (VBSE%VUZͰͷݕग़߲໨ΛτϦΨͱͯ͠ɺ%FUFDUJWFΛར༻ͯ͠ɺ
    ߈ܸऀͷେ·͔ͳಈ͖΍߈ܸʹؔ࿈͢ΔϦιʔεΛνΣοΫͯ͠Έ
    Α͏
    ˓ ߈ܸऀͷ*1ΞυϨεԿ͔ʁ
    ˓ ߈ܸʹؔ࿈͢Δ"84ͷϦιʔε͸ʁ
    ˓ ո͛͠ͳ"1*Λ࣮ߦ͍ͯ͠ͳ͍ͩΖ͏͔ʁ
    ˓ ࣄ৅Λݕग़͍ͯͨ࣌ؒ͠͸ʁ
    

    View Slide

58. ͜Μͳײ͡Ͱௐࠪ͢Δͱྑ͍͔΋
    ● "84ͷϦιʔε΋֬ೝ
    %FUFDUJWFͷ಺༰͔Βɺ߈ܸʹؔ࿈͢Δͱ͞Ε͍ͯͨϦιʔεͷத
    ਎Λ࣮ࡍʹ֬ೝͯ͠ΈΔɻ
    ˓ Կ͔͓͔͠ͳ఺͸ͳ͍͔ʁ
    ˓ ߈ܸऀʹΑͬͯ࡞੒ͨ͠΋ͷ͕͋Δ͔΋͠Εͳ͍ɻ
    ● ෼͔ͬͨ͜ͱΛҰ୴੔ཧ
    ϩάΛݟΔલʹҰ୴৘ใΛ੔ཧͯ͠ղੳͷํ਑Λཱͯ·͠ΐ͏
    ˓ ೺Ѳͨ͜͠ͱΛฒ΂ͯΈΔɻ
    ˓ ݱࡏ൑໌͍ͯ͠Δࣄ৅Λجʹɺ߈ܸΛਪଌͯ͠ΈΔɻ
    ˓ ௐ΂Δ΂͖͜ͱ͸Կ͔ϙΠϯτΛߜͬͯΈΔɻ
    

    View Slide

59. ͜Μͳײ͡Ͱௐࠪ͢Δͱྑ͍͔΋
    ● ֤छϩάͷղੳΛߦ͏
    ઌ΄Ͳཱͯͨํ਑Λجʹɺ֤छϩά $MPVE5SBUJMɺ/HJOYɺ&$಺
    ͷϦιʔεɺ3%4
    Λݟͯߦ͖·͠ΐ͏
    ˓ ࠓ·Ͱʹಘͨ৘ใΛݩʹߜΓࠐΈΛߦ͍ɺϙΠϯτΛߜ֤ͬͯ
    छϩάΛղੳ
    ˓ ղੳ͢ΔதͰ൑໌ͨ͜͠ͱΛ࣌ܥྻͰॻ͖ཹΊͯΈΔɻ
    ˓ ߈ܸͷࠟ੻Λݟ͚ͭͨ৔߹ʹ͸ؔ࿈͢Δϩά͕ଞͷϩάʹ΋ͳ
    ͍͔Λ߹Θͤͯ֬ೝ͢Δͱྑ͍ɻ
    

    View Slide

60. ղઆ΁ଓ͘
    

    View Slide