Upgrade to Pro — share decks privately, control downloads, hide ads and more …

黑客技術,黑科技樹 II

Funny Systems
February 27, 2017
Technology
1
820

黑客技術,黑科技樹 II

UCCU Talk

Funny Systems

February 27, 2017
Tweet

More Decks by Funny Systems

See All by Funny Systems
雲端 DHCP 安全問題
funnysystems
1
1k
雲端資料掉光光 - GCP 事件調查真實案例
funnysystems
2
1.6k
頑固吧!GCP Cloud SQL (Why Hardening GCP Cloud SQL)
funnysystems
0
460
SMB 捲土重來 (Turning SMB Server Side Bug to Client Side)
funnysystems
0
240
跟壞鄰居想的一樣,供應鏈安全與硬體後門
funnysystems
1
720
以安全工程角度,連結實務與設計
funnysystems
0
350
FunnyPot ‐ 改造 Windows 核心,強固化、蜜罐化
funnysystems
0
690
攻擊者的視角 - 兼談匿名識別度與可追蹤性
funnysystems
1
440
黑科技樹,黑客技術
funnysystems
1
560

Other Decks in Technology

See All in Technology
SREによる隣接領域への越境とその先の信頼性
shonansurvivors
2
520
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
120
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
410
フルカイテン株式会社 採用資料
fullkaiten
0
40k
AGIについてChatGPTに聞いてみた
blueb
0
130
Application Development WG Intro at AppDeveloperCon
salaboy
0
180
TypeScript、上達の瞬間
sadnessojisan
46
13k
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
620
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
300

Featured

See All Featured
Typedesign – Prime Four
hannesfritz
40
2.4k
Into the Great Unknown - MozCon
thekraken
32
1.5k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
A Philosophy of Restraint
colly
203
16k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Adopting Sorbet at Scale
ufuk
73
9.1k
Writing Fast Ruby
sferik
627
61k
We Have a Design System, Now What?
morganepeng
50
7.2k
Unsuck your backbone
ammeep
668
57k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k

Transcript

  1. 黑客、技術 黑、科技樹 2017/02/27 II

  2. Kuon 喜歡學習,特別是「安全技術」。

  3. None

  4. 逆向 工程 其 他 軟體 破解 惡意 程式 漏洞 攻防

  5. 硬體 軟體

  6. 硬體 Logic Analysis PCB Reversing ROM Extraction IC Reversing

  7. Emulation Flash Dump JTAG Firmware Analysis FS Extraction Firmware Download

    File ID

  8. 軟體 De- compiler IDA Pro REIL Binary Analysis Binary Diff

    Analysis DBI Emulation Firmware Analysis File ID File Format Debugger

  9. Anti-Anti- Debug Anti- Debug Anti- Dump Packer Anti-DBI Anti- Sandbox

    Anti- Disasm Anti-VM Anti- Emulator Unpacker Anti-Anti- VM

  10. Anti- Debug Packer Anti- Sandbox Anti-VM Anti-Virus Virus Anti- Rootkit

    Anti-Anti- Virus Rootkit Malware Botnet Anti- Botnet Anti- Malware

  11. ASLR Malware Anti- Malware DEP ROP UAC W^X EMET JIT

    Spray GrSecurity Anti-Anti- Virus

  12. Anti- Dump Debugger Memory Hacking Anti-Anti- Debug Anti- Debug VM

    Anti-VM Anti-Anti- VM

  13. Hooking Rootkit Malware Injection SMM VM

  14. None

  15. 需求 架構 開發 測試 部署 API SOAP RESTful JSON Data

    Format XML Authentication Cookie HTTP Header Token User Input Injection OAuth Cross-Domain Sever-side Proxy SSRF Javascript Hijacking CSP Secure Transport SSL/TLS HSTS NoSQL Cert Validation CORS CSRF JSONP Callback Resource Upload/Download Upload Enumeration CSRF CSRF Security Header Pinning XXE
  16. None

  17. 流程、標準 Null Pointer Race Condition Dangling Pointer Data Race Double

    Free Double Destruct Use-After-Free Use-After-Destruct Integer Overflow Counter Overflow Heap Overflow Pool Overflow Stack Overflow Format String JMS & JMX File Inclusion Object Injection 框 架 OGNL Injection HQL Injection 執 行 環 境 Java PHP 通 用 Web Native SQL Injection XSS Cmd Injection Path Traversal Code Injection Unserialization Template Injection Python Template Injection Race Condition CSRF YAML Evaluation Mass Assignment Spring i18n Injection OOB Read Arbitrary Write Info Leak Type Confusion Undef Behavior Uninit Memory

  18. Q&A 問題‧討論