「サイバーセキュリティ (2020夏)」第11-12回「実践的総合演習 II」 / Practical and Comprehensive Drill 2

Transcript

1. 2020 11-12 II (WBS) 2020 11-12 II — 2020-07-20 –

   p.1/29

2. https://speakerdeck.com/ks91 ( ) WBS ( ) 2020 11-12 II —

   2020-07-20 – p.2/29

3. 1 6 15 • 2 6 15 • 3 6

   22 • 4 6 22 • 5 6 29 I • 6 6 29 I • 7 7 6 • 8 7 6 • 9 7 13 • 10 7 13 • 11 7 20 II • 12 7 20 II • 13 7 27 14 7 27 2020 11-12 II — 2020-07-20 – p.3/29

4. II 2020 11-12 II — 2020-07-20 – p.4/29

5. 2020 11-12 II — 2020-07-20 – p.5/29

6. 5. (1) (2) I Eats Eats 2020 7 16 (

   ) 23:59 JST ( ) Waseda Moodle 2020 11-12 II — 2020-07-20 – p.6/29

7. . . . . . . 14 14 ( )

   ( ) . . . ( ) ^^; ( ) Eats 2020 11-12 II — 2020-07-20 – p.7/29

8. T 1 100 ⇒ 2020 11-12 II — 2020-07-20 –

   p.8/29

9. T ⇒ 2020 11-12 II — 2020-07-20 – p.9/29

10. N ⇒ (introspection) 2020 11-12 II — 2020-07-20 – p.10/29

11. S branch protection branch 2 merge ⇒ Eats 2020 11-12

    II — 2020-07-20 – p.11/29

12. S ⇒ 2020 11-12 II — 2020-07-20 – p.12/29

13. T ⇒ 2020 11-12 II — 2020-07-20 – p.13/29

14. K CSO ⇒ 2021 “FinTech 2020 Fall” ( ) 2020

    11-12 II — 2020-07-20 – p.14/29

15. 3 2020 9 23 ( ) 2020 11-12 II —

    2020-07-20 – p.15/29

16. Eats https://demae-eats.com 7 CTO → Eats Kokutter CEO → 9

    1 Eats ( ) ( ) ( ) ( ) - + version 1.5 2020 11-12 II — 2020-07-20 – p.16/29

17. Eats 2020 https://campaign2020.demae-eats.com ( : 9 18 ∼10 18 )

    2 , 5 B 2 3 2020 11-12 II — 2020-07-20 – p.17/29

18. A , B COVID-19 C . . . HK D

    2050 100% E DX e-residency 2020 11-12 II — 2020-07-20 – p.18/29

19. AI (NPC : Non Player Character) @ / Eats @ceo

    : : @cto : CTO ( ) : @eng : : , ( : Bitcoiner) @cr : ( / / ) : @pr : Eats : @ir : : @personnel : : @sns : Kokutter : @tv : TV : @police : ( ) : 2020 11-12 II — 2020-07-20 – p.19/29

20. – (1/3) APT (Advanced Persistent Threat; ) : APT33 (

    ), APT29 ( ), APT38 ( ), etc. AWS (Amazon Web Services; ) Amazon.com Azure ( ) CNAME (Canonical Name record; ) DNS ( ) ( ) 2020 11-12 II — 2020-07-20 – p.20/29

21. – (2/3) DNS (Domain Name System; ) IP memcached (memory

    cache daemon; ) < , > Web ( ) (public key certificate) ( ) 2020 11-12 II — 2020-07-20 – p.21/29

22. – (3/3) (subdomain) DNS : demae-eats.com campaign2020.demae-eats.com (hacktivist) (hacktivism) 2020

    11-12 II — 2020-07-20 – p.22/29

23. → 2020 11-12 II — 2020-07-20 – p.23/29

24. 10 CSIRT (Computer Security Incident Response Team) 5 CSIRT Zoom

    (19:30∼) 5 ( ) CTO CSIRT Zoom 2020 11-12 II — 2020-07-20 – p.24/29

25. II 10 21:45 21:45 10 21:55 2020 11-12 II —

    2020-07-20 – p.25/29

26. 2020 11-12 II — 2020-07-20 – p.26/29

27. 6. II (1) ( ) (2) 2020 7 23 (

    ) 23:59 JST ( ) Waseda Moodle 2020 11-12 II — 2020-07-20 – p.27/29

28. (1 ) 2020 11-12 II — 2020-07-20 – p.28/29

29. Zoom 2020 11-12 II — 2020-07-20 – p.29/29