Upgrade to Pro — share decks privately, control downloads, hide ads and more …

黑客技術,黑科技樹 II

Funny Systems
February 27, 2017
Technology
1
820

黑客技術,黑科技樹 II

UCCU Talk

Funny Systems

February 27, 2017
Tweet

More Decks by Funny Systems

See All by Funny Systems
雲端 DHCP 安全問題
funnysystems
1
1k
雲端資料掉光光 - GCP 事件調查真實案例
funnysystems
2
1.6k
頑固吧!GCP Cloud SQL (Why Hardening GCP Cloud SQL)
funnysystems
0
450
SMB 捲土重來 (Turning SMB Server Side Bug to Client Side)
funnysystems
0
220
跟壞鄰居想的一樣,供應鏈安全與硬體後門
funnysystems
1
700
以安全工程角度,連結實務與設計
funnysystems
0
350
FunnyPot ‐ 改造 Windows 核心,強固化、蜜罐化
funnysystems
0
660
攻擊者的視角 - 兼談匿名識別度與可追蹤性
funnysystems
1
440
黑科技樹,黑客技術
funnysystems
1
540

Other Decks in Technology

See All in Technology
DevIO2024_レガシー運用からの脱却 -クラウド活用の実践事例とベストプラクティス-
jun2882
0
210
LINE WORKSへ簡単通知!Incoming Webhookアプリの紹介
mmclsntr
0
110
データ分析基盤を作ってみよう~設計編~
nrinetcom
PRO
1
110
コミュニティサービスに「あなたへ」フィードを リリースするまでの試行錯誤
takapy
1
150
Luupの開発組織におけるインシデントマネジメントの変遷 ver.RoadtoSRENEXT2024
grimoh
1
270
サーバーレスAPI(API Gateway+Lambda)とNext.jsで 個人ブログを作ろう!
shuntaka
PRO
0
560
MySQLのロックの種類とその競合
yoku0825
6
1.6k
ゆめみのアクセシビリティの現在地と今後
ryokatsuse
3
290
[NIKKEI Tech Talk] KDDI/KAG Scrum & Community for Engineering Training
curanosuke
2
220
開発と事業を繋ぐ!SREのオブザーバビリティ戦略 ~ Developers Summit 2024 Summer ~
leveragestech
0
630
年間一億円削減した時系列データベースのアーキテクチャ改善~不確実性の高いプロジェクトへの挑戦~
lycorptech_jp
PRO
3
2.9k
20240717_イケコパ代表Copilot_in_Teams会社でこう使ってます
ponponmikankan
2
430

Featured

See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Creatively Recalculating Your Daily Design Routine
revolveconf
214
11k
Web Components: a chance to create the future
zenorocha
307
41k
Typedesign – Prime Four
hannesfritz
37
2.2k
Web development in the modern age
philhawksworth
203
10k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
24
1.8k
The Mythical Team-Month
searls
217
43k
Clear Off the Table
cherdarchuk
89
320k
RailsConf 2023
tenderlove
16
720
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
224
21k
Done Done
chrislema
179
15k

Transcript

  1. 黑客、技術 黑、科技樹 2017/02/27 II

  2. Kuon 喜歡學習,特別是「安全技術」。

  3. None

  4. 逆向 工程 其 他 軟體 破解 惡意 程式 漏洞 攻防

  5. 硬體 軟體

  6. 硬體 Logic Analysis PCB Reversing ROM Extraction IC Reversing

  7. Emulation Flash Dump JTAG Firmware Analysis FS Extraction Firmware Download

    File ID

  8. 軟體 De- compiler IDA Pro REIL Binary Analysis Binary Diff

    Analysis DBI Emulation Firmware Analysis File ID File Format Debugger

  9. Anti-Anti- Debug Anti- Debug Anti- Dump Packer Anti-DBI Anti- Sandbox

    Anti- Disasm Anti-VM Anti- Emulator Unpacker Anti-Anti- VM

  10. Anti- Debug Packer Anti- Sandbox Anti-VM Anti-Virus Virus Anti- Rootkit

    Anti-Anti- Virus Rootkit Malware Botnet Anti- Botnet Anti- Malware

  11. ASLR Malware Anti- Malware DEP ROP UAC W^X EMET JIT

    Spray GrSecurity Anti-Anti- Virus

  12. Anti- Dump Debugger Memory Hacking Anti-Anti- Debug Anti- Debug VM

    Anti-VM Anti-Anti- VM

  13. Hooking Rootkit Malware Injection SMM VM

  14. None

  15. 需求 架構 開發 測試 部署 API SOAP RESTful JSON Data

    Format XML Authentication Cookie HTTP Header Token User Input Injection OAuth Cross-Domain Sever-side Proxy SSRF Javascript Hijacking CSP Secure Transport SSL/TLS HSTS NoSQL Cert Validation CORS CSRF JSONP Callback Resource Upload/Download Upload Enumeration CSRF CSRF Security Header Pinning XXE
  16. None

  17. 流程、標準 Null Pointer Race Condition Dangling Pointer Data Race Double

    Free Double Destruct Use-After-Free Use-After-Destruct Integer Overflow Counter Overflow Heap Overflow Pool Overflow Stack Overflow Format String JMS & JMX File Inclusion Object Injection 框 架 OGNL Injection HQL Injection 執 行 環 境 Java PHP 通 用 Web Native SQL Injection XSS Cmd Injection Path Traversal Code Injection Unserialization Template Injection Python Template Injection Race Condition CSRF YAML Evaluation Mass Assignment Spring i18n Injection OOB Read Arbitrary Write Info Leak Type Confusion Undef Behavior Uninit Memory

  18. Q&A 問題‧討論