Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
62
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.8k
Reverse Engineering - 2
ljptw
0
790
Reverse Engineering - 3
ljptw
0
640
Re:0 從零開始的逆向工程
ljptw
1
1.3k
Linux 極入門篇
ljptw
1
320
Fuzzing 101
ljptw
1
240
Binary Exploitation - File Structure
ljptw
1
320
Binary Exploitation - Heap
ljptw
1
190
Binary Exploitation - Basic
ljptw
1
150
Other Decks in Technology
See All in Technology
初めてのDatabricks勉強会
taka_aki
2
210
Hatena Engineer Seminar 37 jj1uzh
jj1uzh
0
300
AI Agentをシステムに組み込む前にゆるく向き合ってみる
hayama17
0
180
AIで政治は変わるのか? — 中高生と考えたAI時代の民主主義(東海高校サタデープログラム)
eitarosuda
0
220
テスト設計の本質を改めて考えてみる~生成AIを活用する時代だからこそ、作ったテストの説明性を高めよう~
yamasaki696
1
210
AWS PrivateLink × SCIM で実現する セキュアで運⽤負荷の低い Databricks 基盤の構築
tsuda7
0
120
NDIAS CTF 2026 問題解説会資料
bata_24
0
140
#エンジニアBooks 30分でわかる 「技術記事を書く技術」 / engineer-books 2026-06-30
jnchito
1
150
デジタル・デザイン:次の50年を描く「進化する青写真」
y150saya
0
620
MySQL & MySQL HeatWave Report - June 2026
freshdaz
0
240
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
200
Zenoh on Zephyr on LiteX
takasehideki
2
140
Featured
See All Featured
The untapped power of vector embeddings
frankvandijk
2
1.8k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.8k
Mind Mapping
helmedeiros
PRO
1
270
The Spectacular Lies of Maps
axbom
PRO
1
830
Designing for humans not robots
tammielis
254
26k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
590
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
150
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.5k
Site-Speed That Sticks
csswizardry
13
1.2k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
The World Runs on Bad Software
bkeepers
PRO
72
12k
Context Engineering - Making Every Token Count
addyosmani
9
990
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8