2015.01.09 HITCON 戴夫寇爾 2014 年度弱點回顧

Ⴍચ౗ᯍฎฯດ㣟य㕏 ธ๝ຮ#PXFO)TV CPXFOITV<BU>EFWDPSF ࿵ৢடᬕ⒘̶ፒ㊶Ӭٰ

ⴢℨ֝౎ Ø ࿵ৢடᬕᣑ⼈ᡄ⮜խ˸য়ො㞾 Ø ⶠ⃳┠፭ሟᇌ$SPTT4JUF4DSJQUJOH Ø ⳽ቛൻᝥӧሟᇌ42-*OKFDUJPO Ø ݘᓹ⽦⺔ᣩដ#VTJOFTT-PHJD7VMOFSBCJMJUZ Ø
ⶠ⃳Ӿٽ⯤ᛩ$SPTT4JUF3FRVFTU'PSHFSZ Ø ⳽⭠ធᣩ*OGPSNBUJPO-FBLBHF Ø ̹ᓹ⳽୷˱̳࿜ࡻ Ø ⊛⯬ 2

⹖↫◘ᐥ዗ኄ $SPTT4JUF4DSJQUJOH 944

$SPTT4JUF4DSJQUJOH Ø ൖ൷ො㞾ḍՁᚚ㡩 4 Ӱ̜ො㞼 944 Ø ḋᴚ̹ᓹḍՁᚚ㡩
፫ḋᴚ̸ᓹ ḋᴚ̸ᓹ

$SPTT4JUF4DSJQUJOH Ø ࿜ࡻ㡩㉐ḋ␹፫⼱ᦝ⺛ӧВ㡦ṛჽ௉ٍቆሡӧ⋣㏣ˆ㡦Βሟ ᇌ␹٩̵༦ᄝӧ)5.-ӏ≸㡦ΝਗJGSBNFơTDSJQU℻ Ø ሟᇌ⊛Ꮏ㡩 ➡ ⃮ٕʬ▪ᴟ࿶ơⅳ᱙␹ന⢬ ➡ ぜቭௐځ༃༦⋣⃳
➡ ⃪ሞ⋣⃳৖⬵ᕼ෇ Ø ข㏡㡩Βᴟ␹ന⢬⩰⃮ٕ㡢ኴ⽈⮍㔔㌉࢙ᴟΙṇٕϫ⳽˂⼟ ʬᙑ՗ᴟ㡦࢒ӨഀፒᐲΝ㡣 5

↦܋෠⥣ᡢℨ 6 Ḋӧ ٕผ$PPLJF ⋍ᴨ944ᣩដ  $PPLJF⽈⃮ ٕผ$PPLJF .BMJDJPVT4FSWFS "UUBDLFS 7VMOFSBCMF4FSWFS
7JDUJN ჾ՟ന⢬

෤⯊ᓪђ IUUQZPVSDPNQBOZDPNTFBSDIQIQ LX%&7$03&  LX፫⼱ᦝ㡦̧ӧሟᇌ⯅᝖  LXTDSJQUTSDIUUQEFWDPSFYTTKT IUUQZPVSDPNQBOZDPNFSSPSQIQ NFTTBHFUFTU  NFTTBHF፫⼱ᦝ㡦̧ӧሟᇌ⯅᝖
IUUQZPVSDPNQBOZDPNMPHJOQIQ OFYUNBJOQIQ  OFYU፫⼱ᦝ㡦̧ӧሟᇌ⯅᝖ Ùኂ⍑ʵِё⹶ 7

෤⯊㉌Ɀ㏄⃥ጫ๿ Ø ࢢDMJFOUTJEFΒᴟ+BWB4DSJQU⼟⨭㊣‭  Βᴟʬ˼⳽୷೸Ӳأ٩⍧⼱+BWB4DSJQUḑᗏᏱ 8

෤⯊㉌Ɀ㏄⃥ጫ๿ Ø ̧ٕ୕ˊ㡩⼫՚TDSJQU࿡TDSJQU௡̧ٕ࿜₶୕ˊ Ø ⺛ӧTDTDSJQUSJQUâ̧ٕ୹ทսʳTDSJQU Ø ⺛ӧDSJQUâ፫̧ٕTDSJQU 9

͡ೇ〔ᐊ͡ೇ㚙 Ø 944'JMUFS&WBTJPO$IFBU4IFFU  IUUQTXXXPXBTQPSHJOEFYQIQ 944@'JMUFS@&WBTJPO@$IFBU@4IFFU Ø 944႖࿲ⴧ  IUUQQSPNQUNM 10

944'JMUFS&WBTJPO$IFBU4IFFU 11

944ᅎႪⷝ 12

ᜇ⁁㏄⃥⯫༕ Ý ࢯวℑ⼰⨿㊴‾㡯 Ø 'JMUFSJOQVU &TDBQFPVUQVU Ø ࿼ፒ⺛ӧВ⾱⼱ᦝ୹ᵇทဆୖ՚⳽ቛൻ Ø ม⳽ቛൻٕԺḑ⳽ቛ⾱Ӕ⋍⼱⺨ת˘ทဆ㐳ῠࢢ⋣㏣ʲ㡦
ΝਗΒᴟ)5.-&OUJUJFT⌋ᾋ⺨ᄥᬿᙥ୕ӏ㡦Ѹዅ௉ ⺨ᄥ࿜RVPU࿡ዅ⺨ᄥ࿜MU℻℻ Ø ୹ቂ㊣‭ᔈ๝٩ٍ␷IUUQTXXXPXBTQPSHJOEFYQIQ 944@ $SPTT@4JUF@4DSJQUJOH @1SFWFOUJPO@$IFBU@4IFFU 13

ⶳጓำ᠝֜዗ኄ 42-*OKFDUJPO

42-*OKFDUJPO Ø ൖ൷ො㞾ḍՁᚚ㡩 15 Ӱ̜ො㞼 42-*OKFDUJPO Ø ḋᴚ̹ᓹḍՁᚚ㡩

42-*OKFDUJPO Ø ࿜ࡻ㡩㉐ḋ␹Βᴟ୕ˊ⊓ٸḑታ෇ය⃯42-⯅٠㡦ټዏَ ፫⼱ᦝٍቆ㡦Βሟᇌ␹٩ᒸӧ༃༦42-⯅᝖ Ø ሟᇌ⊛Ꮏ㡩 ➡ ϫ⳽৖ធ ➡ ⅳ᱙␹ന⢬ஞᾋ৖ធ
Ø ข㏡㡩য়ぞϫ⳽৖ធơ̹ᓹ᫙⼮⳽ቛ৖ធ 16

㘓ా༰⎖ Ø ٕผIBTI㡦ˀ՚HPPHMF࿡Ἲ⭄⋣⃳Ᏹ⮚ዅڑፊԺ᱒⼱ Ø ٕผΒᴟ␹ኯቒஞᾋ㡦ႈًἺ⭄QIQNZBENJOന⢬ Ø ဪ்ዅڑፒ≕⊶ⶦนơ͙ፖࠨᘐ㊶ჾⅳʵᵑ℻ො㞾 Ø ஺ӧXFCTIFMM Ø
߲⮜ٓ⼙ơᄛᘐ 17

ῲ⯺IBTI 18

Ể֜QIQ.Z"ENJO 19

ტಅ㉌ⱿⰖཬ 20

౲֜XFCTIFMM 21

ࠎᖱ〜⽊ᦡᡂ #VTJOFTT-PHJD7VMOFSBCJMJUZ

#VTJOFTT-PHJD7VMOFSBCJMJUZ Ø ൖ൷ො㞾ḍՁᚚ㡩 23 Ӱ̜ො㞼 #VTJOFTT -PHJD7VMOFSBCJMJUZ Ø
ḋᴚ̹ᓹḍՁᚚ㡩 ፫ḋᴚ̸ᓹ ḋᴚ̸ᓹ

#VTJOFTT-PHJD7VMOFSBCJMJUZ Ø ࿜ࡻ㡩㉐ḋ␹፫ᗏᏱΒᴟ␹ዅڑፒᘐ㊶௏ᬿஂ⳽ቛ⼟⨭Ᏹ⮚ơ ϙሞơ՘㋃㡦ௐ╿Βᴟ␹٩̵༦ᇎ͵⮦⳽ቛ Ø ሟᇌ⊛Ꮏ㡩 ➡ ̂ኴだ㐙⽈՚⃪ሞ ➡ ⭛ޢኯ⊁ơϫ⳽৖ធ
➡ ⅳ᱙␹ന⢬⽈՚⃪ሞ Ø ข㏡㡩য়ぞϫ⳽৖ធơΒᴟ␹ന⢬⩰⃮ٕ 24

෤⯊ᓪђ 25 IUUQEFWDPSFQBZQIQ JUFNBCDBNPVOU

෤⯊ᓪђ $POUE Ø ࢢፒˊだឪḑ̹ᓹˆ㡦㕸⼷ḑ̹ᓹḋᴚᙐݞ㐘 Ø ḋᴚػࡻ㡩ṛჽ᪊だឪݘᄛΩḑↂ፭ᆼ஺⁰෇㡦˥፫㕇ⱍ̂ ኴ⊛Ꮏዅڑᙏᾉ Ø ข㏡㡩 Ø
ᩜ̍೸௏ന㡩য়ぞだㅓᅆ১ Ø ፒ̍೸௏ന㡩঎֥௏ന֣̍Ⳛᇓ 26

෤⯊ᓪђ $POUE Ø ⭄ᜐታᐲ㡢⬙だឪݘᄛΩ"1*␽ፒ࿼ʵټ㡣㡩㕇ⱍだឪݘࡹѡḑፌ⊑̂ኴだ㐙ዅڑᙏᾉ Βᴟ4FSWFSUP4FSWFSḑታ෇ѡ⼿ٍቆ ࢢḋ⻿ḑٍቆˆ֥ӧʬ⊓㕇ⱍᾋ㡦ⲂだឪݘᗏᏱჽማ՚
ḑٍቆዅڑᙏᾉ 27

෤⯊ᓪђ 28 IUUQEFWDPSFVTFS@JOGPQIQ JE%&7$03&

෤⯊ᓪђ $POUE 29 IUUQEFWDPSFVTFS@JOGPQIQ JE)*5$0/

෤⯊ᓪђ 30 IUUQEFWDPSFNPEJGZQIQ 1045EBUB JEBENJOOBNF%&7$03&FNBJME!EFWDPSF

⹖↫ֳܳⲚឡ $SPTT4JUF3FRVFTU'PSHFSZ $43'

$SPTT4JUF3FRVFTU'PSHFSZ Ø ൖ൷ො㞾ḍՁᚚ㡩 32 Ӱ̜ො㞼 $43' Ø ḋᴚ̹ᓹḍՁᚚ㡩

$SPTT4JUF3FRVFTU'PSHFSZ Ø ࿜ࡻ㡩㉐ḋ␹፫ᗏᏱSFRVFTUዅڑ᨟Βᴟ␹፭⸽ḋԺḑֽ͵㡦 ௐ╿ሟᇌ␹٩̩Ӿᴟʬ▪Βᴟ␹ḑ⸽̶घ⨭ᬿஂᇎ͵ Ø ሟᇌᐲΝ ➡ Βᴟ␹╹ֽʳޢ⴦ᬳ ➡ Βᴟ␹╹ֽϙሞஞᾋ
➡ ⧾⧠ሟᇌ Ø ข㏡㡩Βᴟ␹ኴࢢʵἃ໬᭱ᝄघ⨭ᬿஂֽ͵ 33

$43'዗ኄᡢℨ 34 Ḋӧ ㉐ݧ༃ ༦⼙⊛࿡ ϕ̳ .BMJDJPVT 4FSWFS WVMTFSWFS 7JDUJN
JNHTSDIUUQWVMTFSWFSCVZQIQ JUFNBCD (&5CVZQIQ JUFNBCD

෤⯊ᓪђ 35

ⶳⰖᡊᦡ *OGPSNBUJPO-FBLBHF

*OGPSNBUJPO-FBLBHF Ø ൖ൷ො㞾ḍՁᚚ㡩 37 Ӱ̜ො㞼 *OGPNBUJPO-FBLBHF Ø ḋᴚ̹ᓹḍՁᚚ㡩

*OGPSNBUJPO-FBLBHF Ø ࿜ࡻ㡩⋞⼮̍ܓ࿡㉐ḋ␹⭶ஂㅟ⯉㡦ௐ╿≕⊶ᖤሪ⳽⭠ធᣩ ት⋣⃳ʲ Ø ബ⬔᭱ᝄ ➡ ػ੉ᾋធᣩന⢬ஞᾋơធᣩท٪ṕㄻ ➡ ㅟ⯉⭠ິធᣩ⋣⃳⁰෇ⶦนơធᣩ⾠Ձػ੉ᾋ
➡ ធᣩ͵ᓹ≕⊶ơ'SBNFXPSL㐦ِࣘᬝ፭ ➡ ё̶ᗃᐲធᣩ⋣⃳Ꮜᕀơػ੉ᾋ Ø ข㏡㡩ʵʬஂፒ⃯أ㐹㋵㡦͡⊛ٸӱ̝ො㞾ዏข㏡٩য়٩௑ 38

۱ଁ⁃ᡊᦡⶳጓำ෠⥣ౖ⁃ 39

ᡊᦡ໏ܠЛ⑸ 40

Ԇϫᙻᡊᦡ⎛↫۱ଁ⁃ 41

ϮᖱⶳయΦϨ႔ऱ

ⶳయዢ㇠ฯМ Ø ̩᨟ᜥፒṛჽṬ՚ḑ᎛⬊௡ʵፎ⩰ဋ ➡ "OESPJEBQQơJ04BQQḑ"1*TFSWFS Ø ᜥፒ㊋ᝥፌቭᣩដ ➡ 0QFO44-)FBSUCMFFE ➡
4IFMMTIPDL ➡ 100%-& Ø ⺀๢ො㞾⊓ٸሟᇌḑ੶֣㡦Νਗ$43' 944 43

⼶༚໏ܠ㏄⃥ Ø ࢢӨ⋣ḑ≕⊶୹өᜥፒ㊣‭ᖤ՟ ➡ ท٪ӑᣜٵ₇*OKFDUJPO㡦㉐ⵖ৙TFSWJDF GUQ STZOD Ø ท٪ͦ⏀ৡ਒ᮯ
➡ IUUQEFWDPSFBENJO ➡ IUUQBENJOEFWDPSF Ø ท٪ٕϫ຃ٽ୕͹⍍ဪʵ՚˯ڒ ➡ (PPHMF)BDLJOH 44

ӛ⿧ӥᚇಙ໶యΤ㦖 Ø ̩խፊЦ⼱ᣑ⼈ᡄ⮜㡦ℨ˲ᘟЦᣑ⼈ᡄ⮜ӻ൷ဪ՚⭸৙㕸㐹㋵ො㞾 Ø ොஞᾋဋᙛʵሞ Ø Ϋⴟ⭶ё㡢8"'㡣 45

⑓ΐΦ໏⾱⺼ᙜؕ Ø Ṍჾ≕⊶ ➡ *%4ơ*14 ➡ ឪぞ ➡ ᗃᐲᵐֽ Ø
-PH ➡ ϑୖ።㊶ৡἈ㡢යⱬ╾௓ϑୖ؍ൖ㡣 ➡ ፫ᵐࢩё̶ 46

⍓Ⲣ

ς༸ᐥ࠶࡯㦖 Ø ̵ͮJOQVU⾱ʵ٩ϕⴟ㡛 Ø ̵ͮ≕⊶⾱ፒᖤፎ⩰ሟᇌ㡛 Ø ⋣⃳ Ø BQQ Ø
⭶ё Ø *P5 Ø ⳽୷⭶ё 48

ఢⓉ૏Уक़ᐊ㘓ాỉͱᷲ᷒ఎ Ø ⳽୷⬵๝㌴⬋ዏዏፄቭ Ø Ղכ๢⬙ᚖϫᣩដḑข㏡֣ ➡ ʵټᣩដ⊓ٸ⼮ᴟท㡦ء஑௉⽀য়ት̝ϰٵ╹ḑข㏡ Ø ˂ʵዅЦ˯ʬᘟᣑ⼈ᡄ⮜௡✈ᩜʬ১ Ø
ஂዏ௏╹ஔᴜ܃㡢⋣⃳ơBQQơ⭶ё㡣⼟⨭⳽୷ᗏᡄ Ø ஂ።ሲ⒣⭧⌕ 49

♆㘓ా֤᷒ Ø ぜⴌ˘ʳ฿ፒַৢ ➡ (PPHMF$ISPNF3FXBSE1SPHSBN ➡ :BIPP#VH#PVOUZ1SPHSBN Ø ᣩដᄳ㍝ൕ٪ ➡
7VM3FQPSU IUUQTWVMSFQPSUOFU Ø ံḌഭ㓲ஆᵑ࿜╹೿̍㡦㞴◜ᴜᓹဆዅ̹ᓹḑቃ̍㡛 50

5IBOLZPV

2015.01.09 HITCON 戴夫寇爾 2014 年度弱點回顧

2015.01.09 HITCON 戴夫寇爾 2014 年度弱點回顧

More Decks by DEVCORE

Other Decks in Technology

Featured

Transcript