Upgrade to Pro — share decks privately, control downloads, hide ads and more …

黑客技術,黑科技樹 II

D69e77fd50edf1a9c6d5ffcddd03dd90?s=47 Funny Systems
February 27, 2017

黑客技術,黑科技樹 II

UCCU Talk

D69e77fd50edf1a9c6d5ffcddd03dd90?s=128

Funny Systems

February 27, 2017
Tweet

Transcript

  1. 黑客、技術 黑、科技樹 2017/02/27 II

  2. Kuon 喜歡學習,特別是「安全技術」。

  3. None
  4. 逆向 工程 其 他 軟體 破解 惡意 程式 漏洞 攻防

  5. 硬體 軟體

  6. 硬體 Logic Analysis PCB Reversing ROM Extraction IC Reversing

  7. Emulation Flash Dump JTAG Firmware Analysis FS Extraction Firmware Download

    File ID
  8. 軟體 De- compiler IDA Pro REIL Binary Analysis Binary Diff

    Analysis DBI Emulation Firmware Analysis File ID File Format Debugger
  9. Anti-Anti- Debug Anti- Debug Anti- Dump Packer Anti-DBI Anti- Sandbox

    Anti- Disasm Anti-VM Anti- Emulator Unpacker Anti-Anti- VM
  10. Anti- Debug Packer Anti- Sandbox Anti-VM Anti-Virus Virus Anti- Rootkit

    Anti-Anti- Virus Rootkit Malware Botnet Anti- Botnet Anti- Malware
  11. ASLR Malware Anti- Malware DEP ROP UAC W^X EMET JIT

    Spray GrSecurity Anti-Anti- Virus
  12. Anti- Dump Debugger Memory Hacking Anti-Anti- Debug Anti- Debug VM

    Anti-VM Anti-Anti- VM
  13. Hooking Rootkit Malware Injection SMM VM

  14. None
  15. 需求 架構 開發 測試 部署 API SOAP RESTful JSON Data

    Format XML Authentication Cookie HTTP Header Token User Input Injection OAuth Cross-Domain Sever-side Proxy SSRF Javascript Hijacking CSP Secure Transport SSL/TLS HSTS NoSQL Cert Validation CORS CSRF JSONP Callback Resource Upload/Download Upload Enumeration CSRF CSRF Security Header Pinning XXE
  16. None
  17. 流程、標準 Null Pointer Race Condition Dangling Pointer Data Race Double

    Free Double Destruct Use-After-Free Use-After-Destruct Integer Overflow Counter Overflow Heap Overflow Pool Overflow Stack Overflow Format String JMS & JMX File Inclusion Object Injection 框 架 OGNL Injection HQL Injection 執 行 環 境 Java PHP 通 用 Web Native SQL Injection XSS Cmd Injection Path Traversal Code Injection Unserialization Template Injection Python Template Injection Race Condition CSRF YAML Evaluation Mass Assignment Spring i18n Injection OOB Read Arbitrary Write Info Leak Type Confusion Undef Behavior Uninit Memory
  18. Q&A 問題‧討論