Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
57
1
Share
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.8k
Reverse Engineering - 2
ljptw
0
760
Reverse Engineering - 3
ljptw
0
620
Re:0 從零開始的逆向工程
ljptw
1
1.3k
Linux 極入門篇
ljptw
1
310
Fuzzing 101
ljptw
1
220
Binary Exploitation - File Structure
ljptw
1
310
Binary Exploitation - Heap
ljptw
1
180
Binary Exploitation - Basic
ljptw
1
140
Other Decks in Technology
See All in Technology
AI全盛の今だからこそ、あえてもう一度振り返るAPIの基礎
smt7174
3
150
R&D 祭 2024 UE5で絵コンテ・作画の制作支援ツールをつくる話
olmdrd
PRO
0
210
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
6
1.7k
最新技術を"今は選ばない"という技術選定
leveragestech
PRO
0
360
ECSのTerraformモジュールにコントリビュートした話
harukasakihara
0
280
コーポレートサイトのアクセシビリティ改善とJIS準拠への実践
lycorptech_jp
PRO
2
110
ジュニアエンジニアはSREとどう向き合うべきか
nrinetcom
PRO
0
100
DI コンテナ自動生成ツールを実装してみた / intro-autodi
uhzz
0
770
[4] Power BI Deep Dive [2026-05]
ohata_bi
0
110
AIAgentと取り組むKaggle
508shuto
2
470
Agent Development Kit (ADK)で学ぶ実践Context Engineeringと社内での応用例
lycorptech_jp
PRO
0
140
JTCでRedmine利用者2700人を実現した手法 第二部
nobuonakamura
0
150
Featured
See All Featured
Evolving SEO for Evolving Search Engines
ryanjones
0
200
A designer walks into a library…
pauljervisheath
211
24k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Navigating Weather and Climate Data
rabernat
0
190
Building Applications with DynamoDB
mza
96
7k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
The Cult of Friendly URLs
andyhume
79
6.9k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
510
Thoughts on Productivity
jonyablonski
76
5.2k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
9.9k
Prompt Engineering for Job Search
mfonobong
0
310
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
smt7174
olmdrd
oracle4engineer
leveragestech
harukasakihara
lycorptech_jp
nrinetcom
uhzz
ohata_bi
508shuto
nobuonakamura
ryanjones
pauljervisheath
garrettdimon
rabernat
mza
aleyda
wjessup
andyhume
honzajavorek
jonyablonski
mongodb
mfonobong
