Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
HITCON 2017 Zeroday 發表會
Search
Inndy
August 26, 2017
Technology
0
1.3k
HITCON 2017 Zeroday 發表會
https://zeroday.hitcon.org/vulnerability/ZD-2016-00306
Inndy
August 26, 2017
Tweet
Share
More Decks by Inndy
See All by Inndy
工程師一定要懂的 Text Encoding
inndy
1
540
資訊安全:麻瓜的黑魔法防禦術
inndy
3
2.7k
HackmeCTF 平台背後的心酸血淚史
inndy
2
770
COSCUP 2018 Lightning Talk - 審稿好難,所以我們來寫程式吧
inndy
0
370
逆向工程:從入門到放棄
inndy
7
3.4k
No More Crypto Fails
inndy
33
7.8k
你再共用密碼啊
inndy
1
700
CTF From Zero To One
inndy
5
4.7k
逆向工程基礎
inndy
4
1.4k
Other Decks in Technology
See All in Technology
AI研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
130
Azure AI ことはじめ
tsubakimoto_s
0
130
20240717_イケコパ代表Copilot_in_Teams会社でこう使ってます
ponponmikankan
2
430
Classmethod流のPlatform Engineering / classmethod-platform-engineering-devio2024
tomoki10
0
470
頼られるのが大好きな 皆さんへ - 支援相手との期待の合わせ方、突き放し方 -/For_people_who_like_to_be_relied_on
naitosatoshi
1
290
What if...? 처음부터 다시 LLM 어플리케이션을 개발한다면
huffon
0
1k
【基調講演】変える、今ここから ― IoTとAIで紡ぐ未来
soracom
PRO
0
320
DDDにおける認可の扱いとKotlinにおける実装パターン / authorization-for-ddd-and-kotlin-implement-pattern
urmot
4
390
地理情報とAPIのトレンド
nagix
0
160
DevIO2024_レガシー運用からの脱却 -クラウド活用の実践事例とベストプラクティス-
jun2882
0
210
大規模ドラレコデータ収集・機械学習基盤を支える AWS CDK 〜導入・運用事例紹介〜
pemugi
0
110
テスト・設計研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170
Featured
See All Featured
How to train your dragon (web standard)
notwaldorf
79
5.5k
Faster Mobile Websites
deanohume
303
30k
What’s in a name? Adding method to the madness
productmarketing
PRO
21
2.9k
Robots, Beer and Maslow
schacon
PRO
157
8.1k
The Invisible Side of Design
smashingmag
294
50k
Raft: Consensus for Rubyists
vanstee
134
6.5k
Gamification - CAS2011
davidbonilla
78
4.9k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
23
1.9k
Leading Effective Engineering Teams 2024
addyosmani
3
300
Adopting Sorbet at Scale
ufuk
71
8.8k
Git: the NoSQL Database
bkeepers
PRO
423
64k
What's new in Ruby 2.0
geeforr
338
31k
Transcript
)*5$0/;FSPEBZ 䧮䟝銴⤑㹆涸J1IPOF4&⛓飑暟"QQ䢔呪
)J 䧮僽*OOEZ BLB加啄
➛㣔䧮銴铞♧⦐ 飑暟"QQ剤㥪㢵䓳럊涸佦✲ @ sཀպ̼ @
䎃厥♧㣔 䧮罉꠸騈䧮铞 ؇̫٥
厥飑暟笪畀剤馄⤑㹆ꣳꆀ㉂ㅷ ⿶ⶍ㥪䧮䟝䳖䩛堥 s٥Ī٥A
None
搭䖕䧮⦛㽠䩧 #VSQ4VJUF㨥溏溏 ง๑•̀@•́ ง
䧮欽7VFKT㻨✫♧⦐溏匢 ⢵䮋鼇⤑㹆涸㉂ㅷ 齡儘⦬䊨⡲ⶍ㥪㖈欽7VFKT鄄OPEFKT䵆䖤㥪汥蕲 Aİs
٧(́◕◞౪◟◕
䱺衽涮植♴鎎㋲涸"1* 须俲剤⸈㺙 ಠ@ಠ
剤⦐䊨Ⱘ〭⨞KBEY 〳⟃管陼"OESPJE"QQ ҙŐ ұѨѠѽ♧
s̫A _ԍ
s̫A _ԍ
昸✫䵻⤑㹆涸J1IPOF4& ٧ ԫӟ ظ
㻨玑䒭䵻飑
穡卓剤"1*鸠䏞ꣳⵖ 鼩剤♧❉㼭稣眏尝岤䠑ⵌ İ
穡卓䧮♧⦐鿪尝䵻ⵌ இŐஇ
㔐곃♧♴ s٥Ī٥A
"&4$#$1,$4 s٥Ī٥A
1BEEJOH0SBDMF sİA
'JYFE,FZ*7 sİA
䧮ⶍⶍ僽♶僽铞䧮⦛欽 #SVQ4VJUF s٥Ī٥A
飑暟笪畀䥰鑪剤 44-5-4ゅ s٥Ī٥A
sİA
䖕⢵䟝䟝"QQ鿪㻨涸鸏 랃昈✫㥪⫹剤溏ⵌTRMJUF sŐA
@ sཀպ̼ @
卓搭剤42-*OKFDUJPO @ sཀպ̼ @
˙08"415PQ.PCJMF3JTLT'JOBM-JTU ˙.8FBL4FSWFS4JEF$POUSPMT ˙.*OTFDVSF%BUB4UPSBHF ˙.*OTVDJFOU5SBOTQPSU-BZFS1SPUFDUJPO ˙.6OJOUFOEFE%BUB-FBLBHF ˙.1PPS"VUIPSJ[BUJPOBOE"VUIFOUJDBUJPO ˙.#SPLFO$SZQUPHSBQIZ ˙.$MJFOU4JEF*OKFDUJPO ˙ 鸏䧮尝剤庠麕
魨⟨阮㶶贫㶸㖈1SFGFSFODF.BOBHFS酆
㥶卓䧮僽䟅䠑余乹罏 ̫
䎙㣔䖕䧮䪾须俲侮椚♧♴ ⚓♳)*5$0/;FSPEBZ
None
⼿⸔鹎遤醳庠
恠Ꟁ涸麕玑н sŐA й • 2016/11 送出 • ⽉月底廠商才有回應 • 修到⼀一半請我複測,接著交給其他廠商做檢測
• 拖了了半年年,2017/05 終於公開了了!⼼心好累
鸏⚆歲涸怪峯⿶㼱✫♧⦐ sӟA
昸➊랃剚剤鸏랃㢵怪峯 sŐ
醳醢顦♳䊨玑䌌 ಠ@ಠ
IUUQTMBVSFOUHJUIVCJPTPJOKFDUJPOT
䖰㷸绢㻨玑䒭涸儘⦬ 㽠ⴀ✫㉏겗 ⡹涸罉䌌铞♶㹁㽠僽怪峯⢵彂 䠮闒➮雊䧮⦛剤䊨⡲
䖎㢵剅硃䲿⣘涸眕⢿玑䒭 㽠剤㉏겗 ⡹剅㽷缺1)1涸剅♧㹁䪪涸ⵌ42-*OKFDUJPO
♧饱㔐㜡怪峯 鍑对剤㉏겗涸➃來肬➮⦛ ؇̫٥