Upgrade to Pro — share decks privately, control downloads, hide ads and more …

古典的なStack Overflow から JIT-ROPまで

20c5ddcad23304aed77ce8c3aa020562?s=47 @tkmru
December 15, 2016
Programming
1
260

古典的なStack Overflow から JIT-ROPまで

ゼミにて

20c5ddcad23304aed77ce8c3aa020562?s=128

@tkmru

December 15, 2016
Tweet

More Decks by @tkmru

See All by @tkmru
LazyCSRF: A More Useful CSRF PoC Generator on BurpSuite@Black Hat EUROPE 2021 Arsenal/lazyCSRF-bh2021-europe
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
0
52
趣味と実益のための著名なOSSライブラリ起因の脆弱性の探求/seccamp2021-b5
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
0
3.1k
Ipa-medit: Memory Search and Patch Tool for IPA Without Jailbreaking @Black Hat USA 2021 Arsenal/ipa-medit-bh2021-usa
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
1
2.4k
Learn the essential way of thinking about vulnerabilities through post-exploitation on middlewares (MySQL/PostgreSQL編)/seccamp2020-b8
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
3
570
apk-medit: memory search and patch tool for debuggable APK @CODE BLUE 2020 Bluebox
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
0
150
apk-medit: memory search and patch tool for debuggable APK @Black Hat USA 2020 Arsenal/apk-medit-bh2020-usa
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
0
3.3k
めんどうくさいゲームセキュリティ
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
20
9.9k
Linux Rootkit Internals
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
1
1.5k
Unicornを用いたDead Code除去
20c5ddcad23304aed77ce8c3aa020562?s=48 tkmru
0
160

Other Decks in Programming

See All in Programming
[월간 데이터리안 세미나 6월] 스스로 성장하는 분석가 커리어 이야기
Fc03caed2b0f2a29992487fcf50dfd81?s=48 datarian
0
210
Angular-basierte Micro Frontends mit Module Federation @API Summit
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
100
iOS 16からの ロック画面Widget争奪戦に備える
D4f04ef104c8fbfc9caa3c80e41692fd?s=48 tsuzuki817
0
220
Independently together: 
better developer experience & App performance
80d92d5d0bd0170aebf6e07589a0b571?s=48 bcinarli
0
170
"What's new in Swift"の要約 / swift_5_7_summary
42a6a049ac8f5265f31858a9509217fb?s=48 uhooi
1
310
チームでカレーを作ろう!アジャイルカレークッキング
D30220c903365b2170e791313296b2f9?s=48 akitotsukahara
0
800
はてなフォトライフをECSに移行した話 / Hatena Engineer Seminar #20
5e1d0f7877241ad4447c6611d9a51fd7?s=48 cohalz
1
830
Scrum Fest Osaka 2022/5年で200人になったスタートアップの アジャイル開発の歴史とリアル
F0a8d07597a19192791bf663504d2a17?s=48 atamaplus
1
870
Swift Regex
0b26590a0a8b0f1da140ed5de9b68379?s=48 usamik26
0
160
実践エクストリームプログラミング / Extreme Programming in Practice
00cbada6669966805d91061d5a234d3b?s=48 enk
1
520
IE Graduation (IE の功績を讃える)
1ff811939fd0923df8321ec6d8bf9d4b?s=48 jxck
20
12k
Cross Deviceチームにおけるスマートテレビアプリ開発ってどんな感じ?
95f926465b1c71fbb49850c5b6223c4d?s=48 cokaholic
0
120

Featured

See All Featured
Fontdeck: Realign not Redesign
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
73
4.1k
Building Your Own Lightsaber
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
94
4.6k
The Straight Up "How To Draw Better" Workshop
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
225
120k
Producing Creativity
Ae14cc4491ac334f9cd23f9f93b4305e?s=48 orderedlist
PRO
334
37k
Building Adaptive Systems
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
25
1.1k
Support Driven Design
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
86
8.5k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
237
19k
Helping Users Find Their Own Way: Creating Modern Search Experiences
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
7
1.1k
How STYLIGHT went responsive
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
85
3.9k
The Cult of Friendly URLs
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
68
4.8k
Testing 201, or: Great Expectations
A9704266587836f7e784235e5073b93e?s=48 jmmastey
21
5.4k
Designing for humans not robots
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
241
23k

Transcript

  1. ݹయతͳ4UBDL0WFSqPX ͔Β +*5301·Ͱ θϛ !ULNSV

  2. ؔ਺ݺͼग़࣌͠ͷελοΫ w DBMMGVODUJPOOBNF w ΞηϯϒϦͰ͸DBMM໋ྩͰؔ਺͕͋ΔΞυϨεʹඈͿ w ͦͷࡍɺ໭ΓઌͷΞυϨεΛϦλʔϯΞυϨεͱͯ͠
 ελοΫʹஔ͘ w ؔ਺Λ࣮ߦ͠ऴ͑ΔͱSFU໋ྩͰϦλʔϯΞυϨεʹ໭Δ

    w DBMMGVODUJPOOBNFΛ࣮ߦͨ͠ͱ͖ͷ
 ɹɹɹɹɹɹɹɹɹɹɹɹɹελοΫͷ༷ࢠ
 ม਺ ม਺ ϦλʔϯΞυϨε

  3. PWFSqPX͢Δίʔυྫ w ಡΈࠐΈαΠζΛνΣοΫ͠ͳ͍ؔ਺Λ࢖͍ͬͯΔͱ
 PWFSqPXͷݪҼͱͳΔ w FY TUSDQZ HFUT

  4. 4UBDL0WFSqPX w PWFSqPXͤ͞ɺ࣮ߦ͍ͨ͠ίʔυΛελοΫʹॻ͖ࠐΉ w ͦͷࡍɺϦλʔϯΞυϨεΛ࣮ߦ͍ͨ͠ίʔυ͕͋Δ
 ΞυϨεʹॻ͖׵͑Δ w ॻ͖׵͑ΒΕͨΞυϨεʹ͋Δίʔυ͕࣮ߦ͞ΕΔ CVG<> PME&#1

    ϦλʔϯΞυϨε BBBB BBBB BBBB BBBB Y PWFSqPX͢ΔલͷελοΫͷ༷ࢠ PWFSqPXͨ͠ޙͷελοΫͷ༷ࢠ

  5. ରࡦͷҰྫ w $16ͷ/9CJU /PF9FDVUFCJU  w ελοΫʹ࣮ߦͰ͖ͳ͍ྖҬΛ࡞Δ w ࣮૷ྫʣ-JOVY&YFD4IJFMEɺ8JO%&1 w

    PWFSqPXʹΑΓελοΫ্ʹ߈ܸίʔυΛ഑ஔ͞Εͯ΋
 ελοΫ্ͷίʔυ͸࣮ߦͰ͖ͳ͍

  6. 301 w 3FUVSO0SJFOUFE1SPHSBNNJOH w /9CJU༗ޮԼͰ͸TUBDL্ͷίʔυΛ࣮ߦͰ͖ͳ͍ w ͔͠͠ɺ࣮ߦՄೳͳྖҬ FYϥΠϒϥϦ ͸͋Δ w

    ࣮ߦՄೳͳྖҬͷதͰ࢖͑ͦ͏ͳίʔυΛ
 அยతʹݺͼग़͢͜ͱͰ೚ҙͷಈ࡞Λͤ͞Δ͜ͱ͕
 Ͱ͖Δ

  7. w 301Ͱར༻͢Δஅยతͳίʔυͷ͜ͱΛ301HBEHFUͱ ݺͿ w SFU໋ྩ͕ޙΖʹ͍͍ͭͯΔίʔυ w FY QPQSEJSFU w SFU໋ྩΛ࣮ߦ͠Ϧλʔϯ͢ΔஅยతͳίʔυΛ


    ෳ਺ݺͿ͜ͱͰ໨తͷಈ࡞Λୡ੒͢Δ͜ͱ͔Β
 3FUVSO0SJFOUFE1SPHSBNNJOHͱ໊෇͚ΒΕͨ 301

  8. FYQMPJUͷྫ w ϦλʔϯΞυϨεΛҎԼͷॱͰॻ͖׵͑Δ w TZTUFN lCJOTIz Λ࣮ߦ͠γΣϧΛىಈ w QPQSEJSFUͷΞυϨεҾ਺Ληοτ͢Δ w

    ελοΫʹ͸CJOTIͷΞυϨεΛੵΜͰ͓͘ w DBMMTZTUFN ͷΞυϨεTZTUFN ΛݺͿ

  9. 301ͷσϞ

  10. ରࡦͷҰྫ w "4-3 "EESFTT4QBDF-BZPVU3BOEPNJ[BUJPO  w ΞυϨεۭؒ഑ஔΛϥϯμϜʹ͢Δ w ελοΫɺώʔϓɺσʔλྖҬͷΞυϨε͕ϥϯμϜʹ w

    ܾΊଧͪͰΞυϨεΛࢦఆ͢Δ߈ܸΛແޮԽͰ͖Δ

  11. "4-3 -JOVY ͷ໰୊఺ w (05ͷΞυϨε͕ݻఆͷ·· w (05 (MPCBM0⒎TFU5BCMF  w

    γϯϘϧ ؔ਺ ΁ͷϙΠϯλͷ഑ྻ w ؔ਺ͷΞυϨεΛղܾ͢ΔͨΊͷྖҬ

  12. +*5301 w +VTU*O5JNF301 w (05ʹొ࿥͞Ε͍ͯΔؔ਺Λ࢖ͬͯɺ࣮ߦதʹ
 ࣮ߦՄೳྖҬΛಡΈऔΔ w ಡΈऔͬͨྖҬʹ͋Δ301HBEHFUΛ࢖͏ w ΞυϨε͕ϥϯμϜԽ͞Εͨ͋ͱʹಡΈऔΔ͜ͱͰɹ

    "4-3Λճආ

  13. +*5301ͷରࡦ w ͍Ζ͍Ζ࿦จ͕ग़͍ͯΔ͕ɺ࣮ࡍʹ04΍ίϯύΠϥʹ࣮ ૷͞Εͨ΋ͷ͸ݱ࣌఺Ͱ͸ͳ͍ɻ w ࠓޙɺ஫ࢹ͍͖͍ͯͨ͠

  14. ࢀߟจݙ w "OUJ301ࡇΓͩͥʂ64&/*94FDVSJUZ301 3FUVSOPGUIFFEJZV[VIBSBͷ೔ه
 IUUQZV[VIBSBIBUFOBCMPHKQFOUSZ  w +*5301؇࿨ख๏)FJTFOCZUFʹ͍ͭͯ·ͱΊͯΈΔ΋ ΋͍ΖςΫϊϩδʔIUUQJOB[IBUFOBCMPHDPN FOUSZ