Hardening for cyber security — generated by Stable Diffusion XL v1.0 2024 7-8 (WBS) 2024 7-8 — 2024-07-01 – p.1/46

https://speakerdeck.com/ks91/collections/cyber-security-2024-summer 2024 7-8 — 2024-07-01 – p.2/46

( ) 1 6 10 (1) • 2 6 10 (2) • 3 6 17 • 4 6 17 • 5 6 24 I ( ) • 6 6 24 I ( ) • 7 7 1 • 8 7 1 • 9 7 8 10 7 8 11 7 15 II ( ) 12 7 15 II ( ) 13 7 22 14 7 22 W-IOI / ( ) 2024 7-8 — 2024-07-01 – p.3/46

( 20 ) 1 • 2 • 3 • 4 (TCP/IP ) • 5 • 6 • 7 • 8 • 9 • 10 World Wide Web • 11 Web API • 12 • 13 git GitHub • 14 • (6/24 ) / (2 ) OK / 2024 7-8 — 2024-07-01 – p.4/46

( ) I 2024 7-8 — 2024-07-01 – p.5/46

+ I ( ) + 2024 7-8 — 2024-07-01 – p.6/46

2024 7-8 — 2024-07-01 – p.7/46

3. (1) ( ) (2) 2024 6 27 ( ) 23:59 JST Waseda Moodle (Q & A ) 2024 7-8 — 2024-07-01 – p.8/46

. . . . . . 13 11 (6/29( ) ) ( ) CSIRT 2024 7-8 — 2024-07-01 – p.9/46

W [ ] AI SNS ⇒ 2024 7-8 — 2024-07-01 – p.10/46

A Discord ( ) ⇒ NPC ^^; NPC <(_ _)> 2024 7-8 — 2024-07-01 – p.11/46

L ⇒ 2024 7-8 — 2024-07-01 – p.12/46

M CEO 100 ⇒ 1 1 AI ( ← ) CEO NPC 2024 7-8 — 2024-07-01 – p.13/46

I ( ) ⇒ 2024 7-8 — 2024-07-01 – p.14/46

T OvenAI @cr,@br,@pr @cr / / @cr,@br,@pr @eng @cr @cr ⇒ @cr,@br,@pr NPC @cto NPC 2024 7-8 — 2024-07-01 – p.15/46

(1) OvenAI CEO AI CTO OvenAI Vision OvenAI OvenAI 2024 7-8 — 2024-07-01 – p.16/46

(2) OvenAI (1) (2) OvenAI OvenAI OvenAI OvenAI W OvenAI 2024 7-8 — 2024-07-01 – p.17/46

I ( . . . ) ( ) 2024 7-8 — 2024-07-01 – p.18/46

Alice Alice sudo (superuser do/substitute user do) sudo UNIX Malissa (= Alice) Malissa OvenAI 2024 7-8 — 2024-07-01 – p.19/46

( ) αʔό ʮ0WFO"*ʯαʔϏεӡ༻؀ڥ ΫϥΠΞϯτ ࡏ୐؀ڥ ಉ Ұ ਓ ෺ · ͨ ͸ ஥ ؒ ௨৴ܦ࿏ .BMJTTB߈ܸऀ ౻ଜ͞Μʁ ᶃͦͷลͷίϯϐϡʔλͷݖݶΛୣऔ ɹ Φϓγϣφϧ #PC Ұൠ ΤϯδχΞ ࡾ୩͞Μ "MJDF؅ཧऀ ౻ଜ͞Μ ؅ཧऀ͔͠ॻ͖ࠐΊͳ͍ ϑΝΠϧ܈ FUDQBTTXE FUDHSPVQ FUDTIBEPX ؅ཧऀ͔͠ಡΈग़ͤͳ͍ ϑΝΠϧ܈ & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . # " ެ։伴 ᶈެ։伴Λ౉͢ ᶅQBTTXEͱTIBEPX ɹΛ౉͢ ᶆαʔόͷ6/*9ύεϫʔυΛΫϥοΫͯ͠ ɹ#PCͷύεϫʔυ͕ऑ͍͜ͱΛൃݟˠ#PC஫ҙਂ͘ͳ͍ΤϯδχΞೝఆʂ ᶉ؅ཧऀͱͯ͠௥ه͢Δ ᶊ.BMJTTB͸#PCͱͯ͠ ɹϦϞʔτϩάΠϯՄೳʜ ˞ࠓճ͸੨ࣈͷ෦෼Λ࣮ԋ͠·͢ .BMJTTB͸#PCʹͳΓ͢·ͭͭ͠ ɹ؅ཧऀͷΑ͏ʹৼΔ෣͑Δʜ ˕"MJDF͸ୀ৬ޙ΋αʔόΛίϯτϩʔϧͰ͖Δ ɹͨΊͷखஈΛಘͨ ᶋ#PCΛTVEPՄʹ ᶄಡΈग़͠ ᶄಡΈग़͠ 伴ϖΞ ൿີ伴 Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ ൿີ伴 伴 ެ։伴 伴ϖΞ ൿີ伴 Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ ൿີ伴 伴 ެ։伴 ᶇ伴ϖΞੜ੒ ʮ४උʯ ʹͯํ๏Λॻ͖·͢ ൿີ伴 ൿີ伴 伴 "MJDFͷެ։伴 "MJDFͷ࡞ۀ؀ڥ 44) 4FDVSF4IFMM 44) 44)PWFS5PS 5IF0OJPO3PVUFS #PCͷ࡞ۀ؀ڥ #PCͷެ։伴 .BMJTTBͷެ։伴 2024 7-8 — 2024-07-01 – p.20/46

UNIX ҉߸ֶతϋογϡؔ਺ 4)" ιϧτ ϥϯμϜ஋ ੜ੒͞ΕͨμΠδΣετ “/etc/shadow” $ $ $ 1 MD5 5 SHA-256 6 SHA-512 y yescrypt base64 (64 ) 2024 7-8 — 2024-07-01 – p.21/46

( ) (1/5) Ubuntu 22.04 ( ) 2 (Parallels) $ ip address IP alice ( ), bob ( ) (BAD PASSWORD ^^;) # adduser alice . . . Enter new UNIX password: structure . . . # adduser bob . . . Enter new UNIX password: quicksand . . . 2024 7-8 — 2024-07-01 – p.22/46

( ) (2/5) alice bob (sudo : superuser do/substitute user do) # usermod -aG sudo alice $ grep "sudo" /etc/group alice malissa ( ) # adduser malissa . . . Enter new UNIX password: irresistible . . . “structure quicksand irresistible . . . ” ( ) 1 1 ( ) 2024 7-8 — 2024-07-01 – p.23/46

( ) (3/5) SSH (Secure Shell) ( ) ( 1) (apt : Advanced Packaging Tool)( ) $ sudo apt install openssh-server SSH ( ) (Ed25519 ) $ ssh-keygen -t ed25519 . . . Enter passphrase (empty for no passphrase): . . . $ cat .ssh/id_ed25519.pub alice: “heartbeat”, bob: “okinawa”, malissa: “darkness” ( ) cat ( ) cat catenate ( ) ( ) 2024 7-8 — 2024-07-01 – p.24/46

( ) (4/5) SSH ( ) ( 2) ( ) $ mkdir .ssh $ chmod 700 .ssh $ cd .ssh $ nano authorized_keys ( ) $ chmod 600 authorized_keys ( ) alice, bob malissa $ slogin IP $ exit 2024 7-8 — 2024-07-01 – p.25/46

( ) (5/5) $ sudo apt install git nmap john git nmap “Matrix Reloaded” (https://nmap.org/images/matrix/matrix-hack-screen3.png) SSH john (John the Ripper) bob (1.9.0) 2024 7-8 — 2024-07-01 – p.26/46

I . . . . . . ^^; 2024 7-8 — 2024-07-01 – p.27/46

Tor (The Onion Router) → ( ) 1 Tor : https://www.torproject.org Tor ( ) 2024 7-8 — 2024-07-01 – p.28/46

I malissa $ passwd ESC (GRUB normal + ESC) recovery mode root # mount -o remount,rw / # passwd malissa # exit malissa Ubuntu OS ( ) 2024 7-8 — 2024-07-01 – p.29/46

(1) I ( ) malissa bob 22 SSH $ nmap -sV -p 22 IP $ git clone https://github.com/danielmiessler/SecLists.git bob malissa bob “/etc/ssh/sshd_config” #PasswordAuthentication yes # ( ) no $ sudo systemctl restart ssh SSH malissa bob 2024 7-8 — 2024-07-01 – p.30/46

SSH alice = malissa alice bob “authorized_keys” bob $ sudo -s # cd ../bob/.ssh # nano authorized_keys ( malissa ) bob alice (bob ) malissa bob 2024 7-8 — 2024-07-01 – p.31/46

(bob ) alice = malissa $ sudo usermod -aG sudo bob sudo malissa bob 2024 7-8 — 2024-07-01 – p.32/46

(2) “/etc/shadow” “/etc/passwd” alice malissa $ unshadow passwdfile.txt shadowfile.txt > crackfile.txt $ john --wordlist=SecLists/Passwords/Common-Credentials/10-million-password-list-top-100000.txt crackfile.txt . . . quicksand (bob) . . . 5 bob “10-million-password-list-top-100000.txt” bob bob John the Ripper 2024 7-8 — 2024-07-01 – p.33/46

( ) (1) JavaScript ( ) (2) (3) (1) (3) (2) (3) (A) (B) A ≡ B 2024 7-8 — 2024-07-01 – p.34/46

GitHub ( ) Git - https://git-scm.com/book/ja/v2/Git- - Git https://gist.github.com/ktx2207/3167fa69531bdd6b44f1 ( ) GitHub “The Octopus Scanner Malware: Attacking the open source supply chain” 2024 7-8 — 2024-07-01 – p.35/46

( ) 2024 7-8 — 2024-07-01 – p.36/46

(1) : I 2024 7-8 — 2024-07-01 – p.37/46

( ) 2024 7-8 — 2024-07-01 – p.38/46

Q&A Ver2.0 (2023) https://www.nisc.go.jp/security-site/law_handbook/index.html 2024 7-8 — 2024-07-01 – p.39/46

( ) 2024 7-8 — 2024-07-01 – p.40/46

(2) : 2024 7-8 — 2024-07-01 – p.41/46

(3) : Coinhive : https://ja.wikipedia.org/wiki/Coinhive 2024 7-8 — 2024-07-01 – p.42/46

(4) : AI I OvenAI ( ) (1) ( ) : AI ( 5 ) https://www.bunka.go.jp/seisaku/chosakuken/pdf/93903601_01.pdf (2) OvenAI 2024 7-8 — 2024-07-01 – p.43/46

2024 7-8 — 2024-07-01 – p.44/46

4. (1) ( ) (2) 2024 7 4 ( ) 23:59 JST Waseda Moodle (Q & A ) 2024 7-8 — 2024-07-01 – p.45/46

2024 7-8 — 2024-07-01 – p.46/46