Upgrade to Pro — share decks privately, control downloads, hide ads and more …

黑客技術,黑科技樹 II

Funny Systems
February 27, 2017

黑客技術,黑科技樹 II


Funny Systems

February 27, 2017

More Decks by Funny Systems

Other Decks in Technology


  1. 軟體 De- compiler IDA Pro REIL Binary Analysis Binary Diff

    Analysis DBI Emulation Firmware Analysis File ID File Format Debugger
  2. Anti-Anti- Debug Anti- Debug Anti- Dump Packer Anti-DBI Anti- Sandbox

    Anti- Disasm Anti-VM Anti- Emulator Unpacker Anti-Anti- VM
  3. Anti- Debug Packer Anti- Sandbox Anti-VM Anti-Virus Virus Anti- Rootkit

    Anti-Anti- Virus Rootkit Malware Botnet Anti- Botnet Anti- Malware
  4. ASLR Malware Anti- Malware DEP ROP UAC W^X EMET JIT

    Spray GrSecurity Anti-Anti- Virus
  5. 需求 架構 開發 測試 部署 API SOAP RESTful JSON Data

    Format XML Authentication Cookie HTTP Header Token User Input Injection OAuth Cross-Domain Sever-side Proxy SSRF Javascript Hijacking CSP Secure Transport SSL/TLS HSTS NoSQL Cert Validation CORS CSRF JSONP Callback Resource Upload/Download Upload Enumeration CSRF CSRF Security Header Pinning XXE
  6. 流程、標準 Null Pointer Race Condition Dangling Pointer Data Race Double

    Free Double Destruct Use-After-Free Use-After-Destruct Integer Overflow Counter Overflow Heap Overflow Pool Overflow Stack Overflow Format String JMS & JMX File Inclusion Object Injection 框 架 OGNL Injection HQL Injection 執 行 環 境 Java PHP 通 用 Web Native SQL Injection XSS Cmd Injection Path Traversal Code Injection Unserialization Template Injection Python Template Injection Race Condition CSRF YAML Evaluation Mass Assignment Spring i18n Injection OOB Read Arbitrary Write Info Leak Type Confusion Undef Behavior Uninit Memory