Upgrade to Pro — share decks privately, control downloads, hide ads and more …

JC3が教える! Gozi/DreamBot 判別法 / analysis_JC3_checksite

shutingrz
March 28, 2017
Technology
1
500

JC3が教える! Gozi/DreamBot 判別法 / analysis_JC3_checksite

shutingrz

March 28, 2017
Tweet

More Decks by shutingrz

See All by shutingrz
イ良い日ンマを作る(USBストレージ容量偽装の手法) / USB Storage Capacity Faking Techniques
shutingrz
0
720
Analyze AutoMotive ECU
shutingrz
2
2.2k
KnotResolverへの毒入れ~世にも珍しいKashpureff型攻撃~ / Hack_to_KnotResolver
shutingrz
0
370
DNSトンネリングの手法 / A technique of DNS tunneling (#ssmjp)
shutingrz
12
3.2k

Other Decks in Technology

See All in Technology
javapを使ってクラスファイルを読んでみよう!
yujisoftware
1
170
1人目QA奮闘記-2023年ver-/QA Engineer's Struggle 2023
mii3king
1
660
Oracle Exadata Database Service on [email protected] ([email protected]) - UI スクリーン・キャプチャ集
oracle4engineer
PRO
0
420
FaaS における Java 起動時間の比較 (AWS / Azure / GCP) #jjug_ccc #jjug_ccc_d
tacck
2
780
NestJS をかじってみた / MIERUNE BBQ #01 / #mierune
tacck
0
240
Microsoft Build 2023 で発表された Cosmos DB の注目アップデート / Microsoft Build 2023 Cosmos DB update
miyake
1
200
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
10
26k
今後の開発規模拡大、QA人材を爆速で立ち上げる
ymty
1
1.2k
高さ比べじゃない、キャリアは歩んできた道
dzeyelid
0
230
Go1.20からサポートされるtree構造のerrの紹介と、treeを考慮した複数マッチができるライブラリを作った話/introduction of tree structure err added since go 1_20
convto
0
180
net/http/httptest.Server のアプローチをテスト戦略に活用する / Go Conference 2023
k1low
7
1k
Impressions of the Ruby Kaigi
suzukahr
1
5.3k

Featured

See All Featured
Web development in the modern age
philhawksworth
197
9.7k
Building Flexible Design Systems
yeseniaperezcruz
315
35k
A Philosophy of Restraint
colly
195
15k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
50k
Git: the NoSQL Database
bkeepers
PRO
420
60k
For a Future-Friendly Web
brad_frost
166
8k
Support Driven Design
roundedbygravity
88
9k
Statistics for Hackers
jakevdp
787
210k
Typedesign – Prime Four
hannesfritz
34
1.6k
A Tale of Four Properties
chriscoyier
149
21k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
A designer walks into a library…
pauljervisheath
199
17k

Transcript

  1. +$͕ڭ͑Δʂ
    (P[J%SFBN#PU൑ผ๏
    ͠Ύʔͱ !TIVUJOHS[

    View Slide

  2. ஫ҙ఺
    w +$ͷํʹฉ͍ͨΘ͚Ͱ͸ͳ͍ͷͰɺਪଌͰ͢
    w ຊ෺ͷ(P[J ผ໊6STOJG
    %SFBN#PUͰࢼͯ͠·ͤΜ
    w

    View Slide

  3. +$ͬͯԿɻɻɻ
    w ೔ຊαΠόʔ൜ࡑରࡦηϯλʔͱ͸ɺαΠόʔۭؒͷڴҖ
    ʹ࢈׭ֶ࿈ܞͰରॲ͢Δ͜ͱΛ໨తͱͯ͠೔ຊͰઃཱ͞Ε
    ͨඇӦརஂମͷ໊শͰ͋Δ


    αΠόʔۭؒͷ҆શͷͨΊʹ৭ʑ΍ͬͯΔͱ͜ΖΈ͍ͨ

    View Slide

  4. ͳͥ+$͕ڭ͑ͯ͘ΕΔͷʁ
    w ͦ͏͍͏νΣοΫαΠτ࡞͔ͬͨΒ

    View Slide

  5. ಈ͖

    View Slide

  6. νΣοΫͨ࣌͠ͷ௨৴ઌ
    IUUQTXXXKDPSKQJOGPEHDIFDLDIFDLIUNM

    IUUQTXXXKDPSKQJOGPEHDIFDLKRVFSZNJOKT

    IUUQTXXXKDPSKQJOGPEHDIFDLNBJOKT


    ͔͜͜ΒԼ͸ϦιʔεΆ͘ͳ͍಺༰ͩɾɾɾ


    IUUQTXXXKDPSKQJOGPEHDIFDLDIFDLDPN

    IUUQTEJSFDUKDPSKQDIFDLTNCDDPKQDIFDLJOEFYKTQIUNM

    IUUQTXXXKDPSKQJOGPEHDIFDLDIFDLNJ[VIPCBOLDPKQJOEFYIUNM

    IUUQTXXXKDPSKQJOGPEHDIFDL4ZTUFN$POUFOUT$*#.;4KT

    ҎԼུ
    ո͍͠

    View Slide

  7. NBJOKTͷத਎
    WBS
    @YCE<aYaYBaYaYaYaYaYaYaY aYaYaYaYaYaYBaYGaYGaYaYaYaYaYaYaYFaYBaYaY
    aYFaYGaYaYFaYBaYaYGaYaYaYaYaYCaYFaYaYEaYaYaYFaYaYGaYFaYBaYaYGaYaYaYaYaYCa
    YGaYaYFaYaYaYaYFaYBaYaYaYFaYaYaYEaYD aYFaYGaYaYaYaYaYCaYFaYEaYaYBaYaYaYGaY
    aYaYFaYCaYFaYaYGaYFaYBaYaYGaYaYFaYaYaYaYFaYaYaYEaYD aYFaYGaYaYaYaYaYaYEaY
    aYGaYFaYaYaYFaYaYaYGaYaYaYaYEaYBaYaYaYaYFaYBaY aYFaYGaYaYGaYBaYaYGaYCaYaYa
    YGaYaYGaYEaYEaYGaYFaYFaYBaY aYaYaYaYaYaYBaYGaYGaYaYaYaYaYaYaYFaYBaYaYaYFaY
    GaYaYFaYBaYaYGaYaYaYaYaYCaYFaYaYEaYaYaYFaYaYGaYFaYBaYaYGaYaYaYaYaYDaYaYa
    YGaYaYGaYEaYFaYaYEaYaYaYFaYaYaYaYaYaYaYaYaYaYaYaYaYaYaYaYDaYaY aYa
    YaYaY aYFaYGaYFaYGaYaYaYFaYaYaYaYaYaYaYFaYaYaYEaYD aYFaYGaYaYFaYaYaYaYa
    YaYaYFaYaYaYEaYDaYG aYaYaYaYDaY aYaYaYaYaYaYFaYaYaYaYaYFaYaYaYaYGaYF
    aYaYaY aYCaYEaYFaYaYGaYFaYaYaYaYaYaYaYGaYaYaYaYaYaYaYaYaYFaYaYaYaY
    aYaYaYaYaYaY aYaYGaYFaYaYGaYDaY aYDaYGaY aYaYaYaYF aYaYaYaYaY aYaYFaY
    aYG aYaYaYaYGaY aYaYaYaYaYaYaYaYGaYF aYaYaYaYaY aYaYaYaY aYaYGaYaY
    aYDaYaYFaYaYaY aYaYaYaY aYaYaYaYaY> GVODUJPO @YBCB @YGB
    \WBS
    @YBCGVODUJPO @YBC
    \XIJMF @YBC
    \@YBCB<aYaYaYaY> @YBCB<aYaYaYaYaY>


    ^^@YBC @YGB
    ^ @YCE YFB

    [email protected] @YF @Y
    \@[email protected]
    @[email protected]<@YF>[email protected]^[email protected]
    \[email protected]<>SFUVSO
    GVODUJPO @YG @YC
    \[email protected]@YF GVODUJPO
    \JG @YC
    \[email protected]@YC<@YEC Y
    >
    @YG BSHVNFOUT
    @[email protected]^^GVODUJPO
    \^@YF<>[email protected]^^
    WBS
    @[email protected] UIJT GVODUJPO
    \[email protected]'VODUJPO @YEC Y
    @YEC Y
    aYaYC
    [email protected]

    \^[email protected]@YC
    JG @YDC<aYaYGaYFaYaYGaYDaY>
    \@YDC<@YEC Y
    >GVODUJPO @YG
    \WBS
    @YGGB\^@YGGB<@YEC Y
    >@[email protected]<@YEC Y
    >@[email protected]<@YEC Y
    >@[email protected]
    GB<@YEC Y
    >@[email protected]<@YEC Y
    >@[email protected]<@YEC Y
    >@[email protected]<@YEC YB

    >@[email protected]^ @YF
    ^FMTF\@YDC<@YEC Y
    ><@YEC Y
    >@[email protected]<@YEC Y
    >
    <@YEC Y
    >@[email protected]<@YEC Y
    ><@YEC Y
    >@[email protected]<@YEC Y
    >
    <@YEC Y
    >@[email protected]<@YEC Y
    ><@YEC Y
    >@[email protected]<@YEC Y
    >
    <@YEC Y
    >@[email protected]<@YEC Y
    ><@YEC YB
    >@YF^^
    @YGD
    GVODUJPODIFDL @Y

    View Slide

  8. ೉ಡԽղআޙ

    View Slide

  9. ௨৴ൃੜઌ

    IUUQTXXXKDPSKQJOGPEHDIFDLDIFDLDPN

    ˠʁ

    IUUQTEJSFDUKDPSKQDIFDLTNCDDPKQDIFDLJOEFYKTQIUNM

    ˠࡾҪॅ༑ۜߦ 4.#$μΠϨΫτ


    IUUQTXXXKDPSKQJOGPEHDIFDLDIFDLNJ[VIPCBOLDPKQ
    JOEFYIUNM

    ˠΈͣ΄ۜߦ ۜߦτοϓϖʔδ

    View Slide

  10. ௨৴ൃੜઌ

    IUUQTXXXKDPSKQJOGPEHDIFDL4ZTUFN$POUFOUT$*#.;4KT

    ˠ$*.#όϯΫ ϚϨʔγΞͷۜߦ
    ʁ


    IUUQTXXXKDPSKQJOGPEHDIFDL#KT,#"@$PNNPOKT

    ˠʁ


    IUUQTEJSFDUKDPSKQDIFDLKQCBOLKBQBOQPTUKQUQXFCQDBTEGEP
    3FEJSFDU5PLFO

    ˠΏ͏ͪΐۜߦ


    IUUQTEJSFDUKDPSKQDIFDLTNCDDPKQTFSWMFU
    DPNTNCD4613FEJSFDU4FSWMFU

    ˠࡾҪॅ༑৴ୗۜߦʁ


    View Slide

  11. ײછ͔ͨ͠ͷ൑ఆ
    w ֤ૹ৴ઌ63-ͷϋογϡʹ͸ɺ૝ఆ͢ΔԠ౴αΠζؚ͕·
    Ε͍ͯΔ

    \VDIFDLNJ[VIPCBOLDPKQJOEFYIUNM 

    `T`Y^͜ͷ63-ͷԠ౴αΠζ͸CZUF
    w ֤ૹ৴ઌ63-ʹΞΫηεͯ͠Έͯɺ࣮ࡍͷԠ౴αΠζ͕૝
    ఆ͢ΔԠ౴αΠζΛ্ճͬͨ৔߹ɺײછ͍ͯ͠Δͱ൑அ

    ˠ+$͸ɺײછͨ͠ࡍͷॻ͖׵͑ΒΕͨ63-ͷԠ౴͸

    ૝ఆ͞ΕͨԠ౴αΠζΑΓେ͖͘ͳΔͱߟ͍͑ͯΔ
    w

    View Slide

  12. ٙ໰఺
    w ͷ஋ͬͯ࢖Θͳ͍ͷʁ
    w ͷ஋ͬͯԿΛ͍ࣔͯ͠Δͷʁ
    w ͳΜͰ೉ಡԽͯ͠Δͷʁ

    View Slide

  13. ͦͷଞ
    4PQIPTͷ7BXUSBL /FWFSRVFTU
    ͷղੳϨϙʔτʹ༗༻ͳ৘ใ͋Γ

    IUUQTXXXTPQIPTDPNFOVTNFEJBMJCSBSZ1%'TUFDIOJDBMQBQFSTTPQIPT
    WBXUSBLWTBIJOXZLFQEG MBFO
    ୭ͩ͜Ε࢖ͬͨ΍ͭ

    View Slide