Goなどで作る脆弱性対策ゲーム / go-bigbridge

2cf373725ded741824c50fd571eda6e1?s=47 KONDO Uchio
June 14, 2018
Technology
1
650

Goなどで作る脆弱性対策ゲーム / go-bigbridge

@Fukuoka.go #11

https://fukuokago.connpass.com/event/87684/

2cf373725ded741824c50fd571eda6e1?s=128

KONDO Uchio

June 14, 2018
Tweet

Want more?

2cf373725ded741824c50fd571eda6e1?s=48 udzura
1
760
2cf373725ded741824c50fd571eda6e1?s=48 udzura
1
1.1k
2cf373725ded741824c50fd571eda6e1?s=48 udzura
3
930
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
2
550
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
14
880
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
6
480
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
310
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
8
630
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
9
330
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
3
370
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
5
910
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
240

Transcript

  1. 1.

    6DIJP,POEP 'VLVPLBHP (PͳͲͰ࡞Δ੬ऑੑରࡦήʔϜ

  2. 2.

    (.0ϖύϘγχΞϓϦϯγύϧ ۙ౻͏͓ͪ!VE[VSB 044ϓϩμΫτ w NSVCZͷίϯςφϥϯλΠϜ)BDPOJXB w 3VCZͷ ZFU"OPUIFS 0QFO4UBDLDMJFOU:BP 3VCZ͸೥΄Ͳɺ(P͸೥͙Β͍ʁ

    ޷͖ͳϥΠϒϥϦIBTIJDPSQIDM ར༻ϒΩϓϥΠϜγϡʔλʔίϥϘ ηΩϡϦςΟ͸ษڧ࢝͠Ίͨ͹͔ΓͰ͢
  3. 3.

    "MTPB3VCZJTU

  4. 4.

    13

  5. 5.

    'VLVPLBSC ! ԙϖύες

  6. 6.

    8FCΞϓϦέʔγϣϯͷ ੬ऑੑ

  7. 7.

    944

  8. 8.

    $43'

  9. 9.

    42- *OKFDUJPO

  10. 10.

    ߈ܸ͞Εͨ͜ͱ ͋Γ·͔͢ʁ

  11. 11.

    ߈ܸΛ஌Γ͍ͨ ๷ޚ͍ͨ͠

  12. 12.

    ࿅शʢʁʣ͠Α͏

  13. 13.

    DG%78" w%BNO7VMOFSBCMF8FC"QQMJDBUJPO w͋͑ͯ੬ऑͳ࡞Γʹͨ͠΢ΣϒΞϓϦέʔγϣϯ w༷ʑͳ߈ܸΛ࣮ࡍʹߦ͏͜ͱͰɺ߈ܸଆͷؾ࣋ͪʹͳΓ
 ͦΕ͕։ൃʹ͓͍ͯ΋໾ʹཱͭ wΞϓϦέʔγϣϯͷ੬ऑ౓߹͍ΛઃఆͰ͖ͯศརʢʁʣ IUUQXXXEWXBDPVL

  14. 14.

    ߈ܸΛͯ͠ΈΔͱ

  15. 15.
    None
  16. 16.

    ͜ΕΛࣗಈԽ͢Δͱ

  17. 17.

    ๷ޚଆͷ ࿅शʹ΋࢖͑ΔͷͰ͸ʁ

  18. 18.

    CJHCSJEHFϓϩδΣΫτʢԾʣ wೋͭͷίϯςφΛ࡞Δ߈ܸଆɺ๷ޚଆ w߈ܸଆ͸όΠφϦͰϒϥοΫϘοΫεͷϓϩάϥϜ w๷ޚଆ͸"QBDIF NPE@QIQͳ੬ऑͳΞϓϦέʔγϣϯ
 TTIͰௐࠪՄೳͳΑ͏ɺγεςϜίϯςφʹͳ͍ͬͯΔ

  19. 19.

    CJHCSJEHF IUUQTDTLZVTIVVBDKQFOQJUQSP

  20. 20.

    ߏ੒ Binary Apache MySQL App (PHP) SSHD Attacker Defender

  21. 21.

    ๷ޚଆ͔ΒৄࡉΛɻ wTPWFSMBZͱ͍͏ɺ%PDLFS΍ίϯςφʹಛԽͨ͠γϯϓϧͳJOJUͷ࢓ ૊ΈΛ࢖ͬͯγεςϜίϯςφΛ࡞Δɻ wTTIE ϩάͷͨΊSTZTMPH ɺBQBDIFɺ.Z42-Λࣂ͍ͬͯΔ wPDUPQBTTͰTTIϩάΠϯपΓΛ؆୯ʹ IUUQTHJUIVCDPNKVTUDPOUBJOFSTTPWFSMBZ

  22. 22.

    ߈ܸଆɻ wṖͷόΠφϦ͕͋Δ wઃఆʹ͸ɺ߈ܸઌͷΞυϨεͳͲͷ৘ใ͔͠౉ͤͳ͘ɺͲ͏͍͏߈ܸ Λ͍ͯ͠Δ͔͸Θ͔Βͳ͍ wىಈ͢Δͱɺର৅΁ͷ߈ܸͷ੒ޭࣦഊ͚͕ͩΘ͔Δ wˠ๷ޚଆͷϩάͳͲΛ֬ೝ͠ɺΞϓϦΛվमͯ͠

  23. 23.

    ߈ܸϕϯνϚʔΫͷྲྀΕ w߈ܸଆͰόΠφϦىಈˠ๷ޚଆͰϩάͳͲΛ֬ೝ wˠ๷ޚଆͷઃఆΛมߋͨ͠ΓɺΞϓϦΛվम wˠ࠶౓߈ܸΛ͠ɺࣦഊͨ͠Β๷Ӵ੒ޭʂʂʂ̍

  24. 24.

    ṖͷόΠφϦ

  25. 25.

    ͦ͜ͰɺΛ࢖͏

  26. 26.

    ࣮૷ͷྫ

  27. 27.

    ໾ʹཱͭ΋ͷ wIFBE[PPTVSG wঢ়ଶΛอͭ͜ͱ͕Ͱ͖Δ΢ΣϒεΫϨΠύʔϥΠϒϥϦ IUUQTHJUIVCDPNIFBE[PPTVSG

  28. 28.

    EFNP wʢतۀͰ࢖͏ͱ͍͏͜ͱͰɺৄࡉ͸·ͩφΠγϣʣ

  29. 29.

    ࠓޙ΍Γ͍ͨ͜ͱ w߈ܸͷόϦΤʔγϣϯΛ૿΍͢ w؆୯ͳରࡦͰ͋ͬͨΒ߈ܸଆͰݟൈ͔Εͯ͢Γൈ͚Δ΍ͭͱ͔ w߈ܸόΠφϦΛ΋ͬͱ೉ಡԽ͢Δ w๷ޚଆɺ1)1Ҏ֎ͷݴޠϑϨʔϜϫʔΫΛ૿΍͢

  30. 30.

    จࣈྻΛӅ͍ͨ͠ w(Pݴޠ੡ͷόΠφϦͰ΋ɺ΋ͪΖΜTUSJOHT  ͳͲͰ߈ܸख๏ʹؔ ܎͢Δจࣈྻ͸ݟ͑ͯ͠·͏ɻ wจࣈσʔλΛ·ͱΊͯ֎෦͔Βఏڙͭͭɺ҉߸Խ͞ΕͨܗͰόΠφϦ ؚΉΑ͏ͳπʔϧΛ࡞ΕΔͱྑͦ͞͏ʁ wʢ΋ͪΖΜɺҰൠతͳ࿩ͰόΠφϦ಺ͷจࣈྻΛ҉߸Խͯ͠΋
 ɹͦΜͳʹηΩϡϦςΟରࡦʹ͸ͳΒͳ͍ɻΫΠζͷ೉қ౓తͳ࿩Ͱʣ

  31. 31.
    None
  32. 32.

    PT&YJU