Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ハニーポットとチューリングテスト

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Kazuaki Morihisa Kazuaki Morihisa
January 26, 2017
Technology
1.4k
1

 ハニーポットとチューリングテスト

2017年1月25日 AISECjp #8 発表資料
https://aisecjp.connpass.com/event/48253/
#Honeypot #Security

Avatar for Kazuaki Morihisa

Kazuaki Morihisa

January 26, 2017

More Decks by Kazuaki Morihisa

See All by Kazuaki Morihisa
まだ見ぬ攻撃を求めて
Avatar for Kazuaki Morihisa morihi_soc
1
1.1k
ハニーポットのログを国別で傾向分析してみた
Avatar for Kazuaki Morihisa morihi_soc
1
2.1k
ハニーポットで見る攻撃の検知傾向 〜秘密のファイル〜
Avatar for Kazuaki Morihisa morihi_soc
2
2k
あの脆弱性は今 ~ハニーポットで追ってみた~
Avatar for Kazuaki Morihisa morihi_soc
5
3.3k
ハニーポット活用事例紹介
Avatar for Kazuaki Morihisa morihi_soc
0
1.3k
ハニーポットの育てかた
Avatar for Kazuaki Morihisa morihi_soc
0
1.3k
Satori 系ボットネット観察 Attack from Japan
Avatar for Kazuaki Morihisa morihi_soc
0
2k
ハニーポットと脆弱性スキャン
Avatar for Kazuaki Morihisa morihi_soc
2
1.4k
Drupalgeddon2 をハニーポットで観察してみた
Avatar for Kazuaki Morihisa morihi_soc
1
1.4k

Other Decks in Technology

See All in Technology
小説執筆のハーネスエンジニアリング
Avatar for osushi_cr yoshitetsu
0
720
実践ハーネスエンジニアリング:TAKTで実現するAIエージェント制御 / Practical Harness Engineering: AI Agent Control Enabled by TAKT
Avatar for nrs nrslib
11
4.6k
[OAWTT26][THR1028] Oracle AI Database 26ai へのアップグレード:ベストプラクティスと最新情報
Avatar for oracle4engineer oracle4engineer
PRO
1
110
AI: Making Admin and Users, Lives Better
Avatar for Keith Brooks kbmsg
0
100
自立を加速させる神器 - EMOasis #11
Avatar for スタンバイ stanby_inc
0
150
エージェントスキルを作って自分のインプットに役立てよう
Avatar for Yuta Matsumura tsubakimoto_s
0
390
AWS DevOps Agentはチームメイトになれるのか?/ Can AWS DevOps Agent become a teammate
Avatar for Masanori Yamaguchi kinunori
6
750
Pure Intonation on Browser: Building a Sequencer with Ruby
Avatar for nagachika nagachika
0
130
No Types Needed, Just Callable Method Check
Avatar for dak2 dak2
1
1.4k
Do Ruby::Box dream of Modular Monolith?
Avatar for Tomohiro Hashidate joker1007
1
350
Practical TypeProf: Lessons from Analyzing Optcarrot
Avatar for Yusuke Endoh mame
0
390
EBS暗号化に失敗してEC2が動かなくなった話
Avatar for Moe Hamaguchi hamaguchimmm
2
210

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
160
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
Avatar for Helen Beal helenjbeal
1
170
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
85
9.5k
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
Avatar for Aleyda Solis aleyda
1
1.9k
The AI Search Optimization Roadmap by Aleyda Solis
Avatar for Aleyda Solis aleyda
1
5.6k
Efficient Content Optimization with Google Search Console & Apps Script
Avatar for Katarina Dahlin katarinadahlin
PRO
1
510
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
63k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
378
71k
The #1 spot is gone: here's how to win anyway
Avatar for Tamara Novitovic tamaranovitovic
2
1k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
2
1.7k

Transcript

  1. ϋχʔϙοτͱνϡʔϦϯάςετ ϋχʔϙολʔ !NPSJIJ@TPD ೥݄೔"*4&$KQൃදࢿྉ

  2. XIPBNJ w ৿ٱ࿨ত !NPSJIJ@TPD  w େֶੜͷͱ͖ʹϚϧνΤʔδΣϯτγϛϡϨʔγϣϯΛ ͔ͬͯ͡·ͨ͠ lڠௐಈ࡞zΛػցֶशͰߟ͑Δ 

    w ηΩϡϦςΟΤϯδχΞɾΞφϦετ w झຯͰϋχʔϙοτͷӡ༻Λ͢Δϋχʔϙολʔ w ϒϩάˠIUUQXXXNPSJIJTPDOFU 2 ˡϒϩάͷϋχʔϙοτ؍࡯ه࿥͕ຊʹͳΓ·ͨ͠ ೥݄೔ൃച ʮαΠόʔ߈ܸͷ଍੻Λ෼ੳ͢Δϋχʔϙοτ؍࡯ه࿥ʯ ஶऀɿ৿ٱ࿨ত ग़൛ɿल࿨γεςϜ

  3. ϋχʔϙοτͱ͸ ϋχʔϙοτ )POFZQPU ͱ͸ɺ
 ߈ܸऀͷѱҙΛͭ·ͼΒ͔ʹ͢ΔγεςϜ 3 ߈ܸ͞Εͯ΋͍͍؀ڥΛ༻ҙͯ͠ɺ͋͑ͯ߈ܸ͞ΕΔ ˣ ϋχʔϙολʔ͸ੜͷ߈ܸϩάΛ෼ੳ͢Δ͜ͱ͕Ͱ͖Δ

  4. 44)ϋχʔϙοτ঺հ wෆਖ਼ϩάΠϯ͞Εͯ΋͍͍ശఉ04Λ༻ҙͯ͠
 Πϯλʔωοτʹެ։͢Δɻ w߈ܸऀ͕44)௨৴ͰΞΧ΢ϯτʹෆਖ਼ϩάΠϯ ͯ͠ೖྗ͢ΔίϚϯυΛ෼ੳ͢Δɻ w ࢀߟಈը w 44)ϋχʔϙοτ ,JQQP

    Ͱ࠾औͨ͠ෆਖ਼ϩάΠϯޙͷܗ੻ w IUUQTZPVUVCFJ'W-S"O6 4

  5. ϋχʔϙολʔͷ೰Έ w෼ੳ͢Δϩά͕ଟ͗͢Δɾɾɾɻ 5 ਤɿ44)ϋχʔϙοτͷϩάϑΝΠϧϦετ ˞ϑΝΠϧ͕ճͷෆਖ਼ϩάΠϯͷೖྗ಺༰ͱϋχʔϙοτ͔ΒͷԠ౴͕ه࿥͞Ε͍ͯΔ ϑΝΠϧαΠζ ϩάϑΝΠϧ໊

  6. ϋχʔϙολʔͷ೰Έ wޮ཰తʹϋχʔϙοτͷϩάΛ෼ੳ͍ͨ͠ w໨తʹ߹ΘͤͯϩάΛநग़͢Δج४͕ཉ͍͠ wͨͱ͑͹ɺਓͷߦಈΛ෼ੳ͍͕ͨ͠ɺ
 ϘοτʹΑΔػցతͳߦಈ͸෼ੳͨ͘͠ͳ͍ ˠਓͱϘοτΛݟ෼͚Δํ๏͕ඞཁ 6

  7. νϡʔϦϯάςετ w ػցͷਓؒΒ͠͞ΛܭΔςετ w ػց " ͱਓؒ # ͷΞ΢τϓοτΛୈࡾऀͷਓؒ $

    ͕
 "ͱ#Λݟ෼͚ΒΕΔ͔Ͳ͏͔Λࢼ͢ w 44)ϋχʔϙοτʹஔ͖׵͑Δͱ w "ɿϘοτʹΑΔίϚϯυೖྗ w #ɿਓؒͷखೖྗ w $ɿϋχʔϙολʔ ˠ"ͱ#Λݟ෼͚Δํ๏Λߟ͑ͯΈͨɻ 7 Ҿ༻ݩɿIUUQTKBXJLJQFEJBPSHXJLJνϡʔϦϯάɾςετ

  8. ʮίϚϯυೖྗ஋ϋογϡʯΛߟ͑ͯΈͨ w ஫໨ϙΠϯτ  Ϙοτͷೖྗ͸ػցతͳͷͰຖճಉ͡ʹͳΔͩΖ͏  ਓؒ͸ೖྗϛεΛͨ͠Γɺؾ·͙ΕʹΤϯλʔΛ
 ೖྗͨ͠Γͯ͠ɺຖճಉ͡ʹ͸ͳΒͳ͍ͩΖ͏ w ෆਖ਼ϩάΠϯ͞ΕͨޙͷίϚϯυΛ࿈݁ͤͨ͞จࣈྻ


    ͷϋογϡ஋Λܭࢉ͢Δɻ
 ಉ͡ϋογϡ஋͕ͭҎ্͋Ε͹ɺϘοτͱ൑அ͢Δɻ 8

  9. ʮίϚϯυೖྗ஋ϋογϡʯΛߟ͑ͯΈͨ 9 ߈ܸऀͷೖྗ಺༰ͷΈநग़ ͜ͷจࣈྻͷϋογϡ஋Λܭࢉ͢Δ

  10. ࣮ݧ݁Ռ w ςετର৅ϩά਺ ɿ ݸ w ॏෳͨ͠ϋογϡ஋ɿ ݸ w ϢχʔΫͳϋογϡ஋ɿݸ

    w 44)ϋχʔϙοτͰऩूͨ͠ϩάͷ͏ͪɺ෼ੳର৅Λ w ਓ͕ؒखಈೖྗͨ͠ ϋχʔϙολʔ͕෼ੳ͢΂͖ ͱ
 ߟ͑ΒΕΔϩά͸ˋఔ౓͔͠ͳ͍ 10 ໿࡟ݮͰ͖ͨ ※1೥ؒ෼ͷϩάΛର৅

  11. վળ఺ w ϋογϡ஋ͷܭࢉΛ͢Δ·Ͱ΋ͳ͍৔߹͕͋Δ w &4$Ωʔ΍#BDLTQBDFΩʔͷೖྗ͕͋Δ৔߹͸ɺ खೖྗͷՄೳੑ͕ߴ͍ɻ w ೖྗϛεͳͲͷਓؒΒ͠͞Λ൑அج४ʹՃ͑Δͱɺ
 ਫ਼౓͕޲্͢Δ͔΋ɻ w

    Ϙοτ͕ར༻͢ΔεΫϦϓτͷޡಈ࡞Ͱɺϋογϡ஋͕
 ҟͳͬͯ͠·͏৔߹͕͋Δ w 44)ͷίωΫγϣϯΛ੾ΔλΠϛϯά͕ຖճͣΕͯ
 ͍ͨΓɺ܁Γฦ͠ճ਺͕ҟͳΔ͜ͱΛ֬ೝ͍ͯ͠Δɻ w ೖྗ͞Ε͍ͯΔίϚϯυͷηϚϯςΟοΫͳղऍΛ
 औΓೖΕΔ͜ͱͰਫ਼౓͕޲্͢Δ͔΋ɻ 11

  12. ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ w ཧ࿦Ͱ೰ΉΑΓ΋ɺσʔλ͕͋ΔͳΒखΛಈ͔ͯ͠ ΈΑ͏ɻൃݟ͕͋Δ͔΋  w ࣭ٙԠ౴ 12 ˡࠓճͷൃද಺༰͸ؚ·Ε͍ͯ·ͤΜ͕ɺ ϋχʔϙοτӡ༻ͷςΫχοΫ͸΋ͪΖΜɺ

    ϩά෼ੳʹ͍ͭͯ঺հ͍ͯ͠·͢ ೥݄೔ൃച ʮαΠόʔ߈ܸͷ଍੻Λ෼ੳ͢Δϋχʔϙοτ؍࡯ه࿥ʯ ஶऀɿ৿ٱ࿨ত ग़൛ɿल࿨γεςϜ IUUQXXXNPSJIJTPDOFU Q