Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
50
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.7k
Reverse Engineering - 2
ljptw
0
730
Reverse Engineering - 3
ljptw
0
580
Re:0 從零開始的逆向工程
ljptw
1
1.2k
Linux 極入門篇
ljptw
1
290
Fuzzing 101
ljptw
1
180
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
120
Other Decks in Technology
See All in Technology
GitLab Duo Agent Platform × AGENTS.md で実現するSpec-Driven Development / GitLab Duo Agent Platform × AGENTS.md
n11sh1
0
110
Meshy Proプラン課金した
henjin0
0
180
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
120
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
2
500
toCプロダクトにおけるAI機能開発のしくじりと学び / ai-product-failures-and-learnings
rince
6
5.4k
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
maaaato
0
120
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
tatsukoni
0
190
Kiro IDEのドキュメントを全部読んだので地味だけどちょっと嬉しい機能を紹介する
khmoryz
0
130
20260129_CB_Kansai
takuyay0ne
1
270
AIとともに歩む情報セキュリティ / Information Security with AI
kanny
4
3.2k
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
73k
GSIが複数キー対応したことで、俺達はいったい何が嬉しいのか?
smt7174
3
130
Featured
See All Featured
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.8k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
55
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
630
Color Theory Basics | Prateek | Gurzu
gurzu
0
190
Chasing Engaging Ingredients in Design
codingconduct
0
110
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
240
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
240
AI Search: Where Are We & What Can We Do About It?
aleyda
0
6.9k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
170
GraphQLの誤解/rethinking-graphql
sonatard
74
11k
KATA
mclloyd
PRO
34
15k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
n11sh1
henjin0
shibayu36
hiroyaonoe
rince
maaaato
tatsukoni
khmoryz
takuyay0ne
kanny
cybozuinsideout
smt7174
aleyda
ryanjones
nmsamuel
gurzu
codingconduct
morganepeng
skipperchong
tmiket
frankvandijk
sonatard
mclloyd
