「サイバーセキュリティ (2020夏)」第7-8回「サイバー攻撃・防御とサイバー法」 / Cyber Attacks - Protections and Cyber Law

Transcript

1. 2020 7-8 (WBS) 2020 7-8 — 2020-07-06 – p.1/57

2. https://speakerdeck.com/ks91 ( ) WBS ( ) 2020 7-8 — 2020-07-06

   – p.2/57

3. 1 6 15 • 2 6 15 • 3 6

   22 • 4 6 22 • 5 6 29 I • 6 6 29 I • 7 7 6 • 8 7 6 • 9 7 13 10 7 13 11 7 20 II 12 7 20 II 13 7 27 14 7 27 2020 7-8 — 2020-07-06 – p.3/57

4. 7 6 2013 Winny P2P P2P 2020 7-8 — 2020-07-06

   – p.4/57

5. (1) Winny 7 (2020) Winny WIDE ( ) 2020 7-8

   — 2020-07-06 – p.5/57

6. + I ( ) + 2020 7-8 — 2020-07-06 –

   p.6/57

7. 2020 7-8 — 2020-07-06 – p.7/57

8. 3. (1) (2) 2020 7 2 ( ) 23:59 JST

   ( ) Waseda Moodle 2020 7-8 — 2020-07-06 – p.8/57

9. ( ) (1 ) 2020 7-8 — 2020-07-06 – p.9/57

10. . . . . . . 14 13 ( )

    ( ) ^^; . . . NPC (Non Player Character) 2020 7-8 — 2020-07-06 – p.10/57

11. S 1 1 ⇒ . . . (1): (2018) (2):

    (2019) 2020 7-8 — 2020-07-06 – p.11/57

12. S ⇒ (CTO) ( Zoom ) CTO . . .

    2020 7-8 — 2020-07-06 – p.12/57

13. S ⇒ Yahoo! JAPAN ( ) https://about.yahoo.co.jp/info/blog/20161108/hardening.html Yahoo! JAPAN ·

    2020 7-8 — 2020-07-06 – p.13/57

14. S S ⇒ ( ) . . . (1 ^^;)

    2020 7-8 — 2020-07-06 – p.14/57

15. T 5 2 3 1 5 → 1 3 ∼

    1 2 ⇒ ( ) 2020 7-8 — 2020-07-06 – p.15/57

16. T ⇒ (NPC ^^;) 2020 7-8 — 2020-07-06 – p.16/57

17. W (11-908) ⇒ 2020 ( ) 2020 7-8 — 2020-07-06

    – p.17/57

18. W T / IT ⇒ II Eats 2020 7-8 —

    2020-07-06 – p.18/57

19. I ⇒ ( ) COCOA2 ( ) Eats COCOA2 and/or

    2020 7-8 — 2020-07-06 – p.19/57

20. T ⇒ 2020 7-8 — 2020-07-06 – p.20/57

21. T ⇒ ( ) ^^; 2020 7-8 — 2020-07-06 –

    p.21/57

22. K ⇒ (BCP) 2020 7-8 — 2020-07-06 – p.22/57

23. T CTO ENG IT ⇒ ICT OK ( ) 2020

    7-8 — 2020-07-06 – p.23/57

24. T ⇒ 2020 7-8 — 2020-07-06 – p.24/57

25. N CTO ⇒ Eats 2020 7-8 — 2020-07-06 – p.25/57

26. T CTO ⇒ ( ) 66 2020 7-8 — 2020-07-06

    – p.26/57

27. T ⇒ CSIRT ( ) I Eats CTO ( CTO)

    2020 7-8 — 2020-07-06 – p.27/57

28. K ⇒ 2020 7-8 — 2020-07-06 – p.28/57

29. (1/2) NPC NPC . . . CTO ( ^^;) 2020

    7-8 — 2020-07-06 – p.29/57

30. (2/2) ( ) ( ) Discord Zoom ( ) sudoers

    bitcoin ^^; ( ) CTO 2020 7-8 — 2020-07-06 – p.30/57

31. 2020 7-8 — 2020-07-06 – p.31/57

32. I ( . . . ) ( ) 2020 7-8

    — 2020-07-06 – p.32/57

33. ( ) (1/5) Ubuntu 18.04 ( ) 2 (Parallels) $

    ip address IP alice ( ), bob ( ) # adduser alice . . . Enter new UNIX password: structure . . . # adduser bob . . . Enter new UNIX password: quicksand . . . 2020 7-8 — 2020-07-06 – p.33/57

34. ( ) (2/5) alice (sudo : superuser do) # gpasswd

    -a alice sudo $ grep "sudo" /etc/group alice malissa ( ) # adduser malissa . . . Enter new UNIX password: irresistible . . . “structure quicksand irresistible . . .” ( ) 1 1 ( ) 2020 7-8 — 2020-07-06 – p.34/57

35. ( ) (3/5) SSH (Secure Shell) ( ) ( 1)

    (apt : Advanced Packaging Tool) $ sudo apt install openssh-server SSH ( ) (Ed25519 ) $ ssh-keygen -t ed25519 . . . Enter passphrase (empty for no passphrase): . . . $ cat .ssh/id_ed25519.pub alice: “heartbeat”, bob: “okinawa”, malissa: “darkness” ( ) cat ( ) cat catenate ( ) ( ) 2020 7-8 — 2020-07-06 – p.35/57

36. ( ) (4/5) SSH ( ) ( 2) ( )

    $ mkdir .ssh $ chmod 700 .ssh $ cd .ssh $ nano authorized_keys ( ) $ chmod 600 authorized_keys ( ) alice, bob malissa $ slogin IP $ exit 2020 7-8 — 2020-07-06 – p.36/57

37. ( ) (5/5) $ sudo apt install git nmap john

    git nmap “Matrix Reloaded” (https://nmap.org/images/matrix/matrix-hack-screen3.png) SSH john (John the Ripper) bob 2020 7-8 — 2020-07-06 – p.37/57

38. I . . . . . . ^^; 2020 7-8

    — 2020-07-06 – p.38/57

39. Tor (The Onion Router) Mail2Tor → ( ) 1 Tor

    : https://www.torproject.org Mail2Tor : http://free.arinco.org/mail/mail2tor/ (Tor ) Tor ( ) 2020 7-8 — 2020-07-06 – p.39/57

40. I malissa $ passwd ESC recovery mode root # mount

    -o remount,rw / # passwd malissa # exit malissa Ubuntu OS ( ) 2020 7-8 — 2020-07-06 – p.40/57

41. (1) I malissa bob 22 SSH $ nmap -sV -p

    22 IP $ git clone https://github.com/danielmiessler/SecLists.git bob malissa bob “/etc/ssh/sshd_config” #PasswordAuthentication yes # ( ) no $ sudo systemctl restart ssh SSH malissa bob 2020 7-8 — 2020-07-06 – p.41/57

42. SSH alice = malissa alice bob “authorized_keys” bob $ sudo

    -s # cd ../bob/.ssh # nano authorized_keys ( malissa ) bob alice (bob ) malissa bob 2020 7-8 — 2020-07-06 – p.42/57

43. alice = malissa $ sudo gpasswd -a bob sudo sudo

    malissa bob 2020 7-8 — 2020-07-06 – p.43/57

44. (2) “/etc/shadow” “/etc/passwd” alice malissa $ unshadow passwdfile.txt shadowfile.txt >

    crackfile.txt $ john --wordlist=SecLists/Passwords/Common-Credentials/10-million-password-list-top-100000.txt crackfile.txt . . . quicksand (bob) . . . 8 bob “10-million-password-list-top-100000.txt” bob bob John the Ripper 2020 7-8 — 2020-07-06 – p.44/57

45. ( ) (1) JavaScript ( ) (2) (3) (1) (3)

    (2) (3) (A) (B) A ≡ B 2020 7-8 — 2020-07-06 – p.45/57

46. GitHub ( ) Git - https://git-scm.com/book/ja/v2/Git- - Git https://gist.github.com/ktx2207/3167fa69531bdd6b44f1 (

    ) GitHub “The Octopus Scanner Malware: Attacking the open source supply chain” 2020 7-8 — 2020-07-06 – p.46/57

47. & (C&C) IRC (Internet Relay Chat) IRC ( ) Bitcoin

    IRC & “Glupteba – the malware that gets secret messages from the Bitcoin blockchain” Bitcoin 2020 7-8 — 2020-07-06 – p.47/57

48. I COCOA2 ( & ) Eats 2020 7-8 — 2020-07-06

    – p.48/57

49. (1) : I 2020 7-8 — 2020-07-06 – p.49/57

50. ( ) 2020 7-8 — 2020-07-06 – p.50/57

51. (2) Q&A (2020) https://www.nisc.go.jp/security-site/law_handbook/index.html 2020 7-8 — 2020-07-06 – p.51/57

52. ( ) 2020 7-8 — 2020-07-06 – p.52/57

53. (2) : 2020 7-8 — 2020-07-06 – p.53/57

54. (3) : Coinhive : https://ja.wikipedia.org/wiki/Coinhive 2020 7-8 — 2020-07-06 –

    p.54/57

55. 2020 7-8 — 2020-07-06 – p.55/57

56. 4. (1) (2) 2020 7 9 ( ) 23:59 JST

    ( ) Waseda Moodle 2020 7-8 — 2020-07-06 – p.56/57

57. 2020 7-8 — 2020-07-06 – p.57/57