Goなどで作る脆弱性対策ゲーム / go-bigbridge

Transcript

1. 6DIJP
   ,POEP
   'VLVPLBHP
    (PͳͲͰ࡞Δ੬ऑੑରࡦήʔϜ

2. (.0ϖύϘ
   γχΞϓϦϯγύϧ ۙ౻͏͓ͪ
   !VE[VSB 044ϓϩμΫτ
   w NSVCZ
   ͷίϯςφϥϯλΠϜ
   )BDPOJXB
   w 3VCZ
   ͷ
   ZFU
   "OPUIFS
   0QFO4UBDL
   DMJFOU
   :BP 3VCZ͸೥΄Ͳɺ(P͸೥͙Β͍ʁ
   

   ޷͖ͳϥΠϒϥϦ
   IBTIJDPSQIDM
   ར༻ϒΩ
   ϓϥΠϜγϡʔλʔίϥϘ
   ηΩϡϦςΟ͸ษڧ࢝͠Ίͨ͹͔ΓͰ͢

3. "MTP
   B
   3VCZJTU

4. 
   13

5. 'VLVPLBSC
   
   !
   ԙ
   ϖύες

6. 8FCΞϓϦέʔγϣϯͷ
   ੬ऑੑ

7. 944

8. $43'

9. 42-
   *OKFDUJPO

10. ߈ܸ͞Εͨ͜ͱ
    ͋Γ·͔͢ʁ

11. ߈ܸΛ஌Γ͍ͨ
    ๷ޚ͍ͨ͠

12. ࿅शʢʁʣ͠Α͏

13. DG
    %78"
    w%BNO
    7VMOFSBCMF
    8FC
    "QQMJDBUJPO
    w͋͑ͯ੬ऑͳ࡞Γʹͨ͠΢ΣϒΞϓϦέʔγϣϯ
    w༷ʑͳ߈ܸΛ࣮ࡍʹߦ͏͜ͱͰɺ߈ܸଆͷؾ࣋ͪʹͳΓ
 ͦΕ͕։ൃʹ͓͍ͯ΋໾ʹཱͭ
    wΞϓϦέʔγϣϯͷ੬ऑ౓߹͍ΛઃఆͰ͖ͯศརʢʁʣ IUUQXXXEWXBDPVL
    

14. ߈ܸΛͯ͠ΈΔͱ

15. None

16. ͜ΕΛࣗಈԽ͢Δͱ

17. ๷ޚଆͷ
    ࿅शʹ΋࢖͑ΔͷͰ͸ʁ

18. CJHCSJEHFϓϩδΣΫτʢԾʣ wೋͭͷίϯςφΛ࡞Δ
    ߈ܸଆɺ๷ޚଆ
    w߈ܸଆ͸όΠφϦͰϒϥοΫϘοΫεͷϓϩάϥϜ
    w๷ޚଆ͸"QBDIF NPE@QIQͳ੬ऑͳΞϓϦέʔγϣϯ
 TTIͰௐࠪՄೳͳΑ͏ɺγεςϜίϯςφʹͳ͍ͬͯΔ

19. CJHCSJEHF IUUQTDTLZVTIVVBDKQFOQJUQSP

20. ߏ੒ Binary Apache MySQL App (PHP) SSHD Attacker Defender

21. ๷ޚଆ͔ΒৄࡉΛɻ wTPWFSMBZͱ͍͏ɺ%PDLFS΍ίϯςφʹಛԽͨ͠γϯϓϧͳJOJUͷ࢓ ૊ΈΛ࢖ͬͯγεςϜίϯςφΛ࡞Δɻ
    wTTIE ϩάͷͨΊSTZTMPH ɺBQBDIFɺ.Z42-Λࣂ͍ͬͯΔ
    wPDUPQBTT
    ͰTTIϩάΠϯपΓΛ؆୯ʹ IUUQTHJUIVCDPNKVTUDPOUBJOFSTTPWFSMBZ
    

22. ߈ܸଆɻ wṖͷόΠφϦ͕͋Δ
    wઃఆʹ͸ɺ߈ܸઌͷΞυϨεͳͲͷ৘ใ͔͠౉ͤͳ͘ɺͲ͏͍͏߈ܸ Λ͍ͯ͠Δ͔͸Θ͔Βͳ͍
    wىಈ͢Δͱɺର৅΁ͷ߈ܸͷ੒ޭࣦഊ͚͕ͩΘ͔Δ
    wˠ๷ޚଆͷϩάͳͲΛ֬ೝ͠ɺΞϓϦΛվमͯ͠

23. ߈ܸϕϯνϚʔΫͷྲྀΕ w߈ܸଆͰόΠφϦىಈ
    ˠ
    ๷ޚଆͰϩάͳͲΛ֬ೝ
    wˠ
    ๷ޚଆͷઃఆΛมߋͨ͠ΓɺΞϓϦΛվम
    wˠ
    ࠶౓߈ܸΛ͠ɺࣦഊͨ͠Β๷Ӵ੒ޭʂʂʂ̍

24. ṖͷόΠφϦ

25. ͦ͜Ͱɺ
    
    
    
    
    
    
    
    Λ࢖͏

26. ࣮૷ͷྫ

27. ໾ʹཱͭ΋ͷ wIFBE[PPTVSG
    wঢ়ଶΛอͭ͜ͱ͕Ͱ͖Δ΢ΣϒεΫϨΠύʔϥΠϒϥϦ IUUQTHJUIVCDPNIFBE[PPTVSG

28. EFNP wʢतۀͰ࢖͏ͱ͍͏͜ͱͰɺৄࡉ͸·ͩφΠγϣʣ

29. ࠓޙ΍Γ͍ͨ͜ͱ w߈ܸͷόϦΤʔγϣϯΛ૿΍͢
    w؆୯ͳରࡦͰ͋ͬͨΒ߈ܸଆͰݟൈ͔Εͯ͢Γൈ͚Δ΍ͭͱ͔
    w߈ܸόΠφϦΛ΋ͬͱ೉ಡԽ͢Δ
    w๷ޚଆɺ1)1Ҏ֎ͷݴޠϑϨʔϜϫʔΫΛ૿΍͢

30. จࣈྻΛӅ͍ͨ͠ w(Pݴޠ੡ͷόΠφϦͰ΋ɺ΋ͪΖΜ
    TUSJOHT 
    ͳͲͰ߈ܸख๏ʹؔ ܎͢Δจࣈྻ͸ݟ͑ͯ͠·͏ɻ
    wจࣈσʔλΛ·ͱΊͯ֎෦͔Βఏڙͭͭɺ҉߸Խ͞ΕͨܗͰόΠφϦ ؚΉΑ͏ͳπʔϧΛ࡞ΕΔͱྑͦ͞͏ʁ
    wʢ΋ͪΖΜɺҰൠతͳ࿩ͰόΠφϦ಺ͷจࣈྻΛ҉߸Խͯ͠΋
 ɹͦΜͳʹηΩϡϦςΟରࡦʹ͸ͳΒͳ͍ɻΫΠζͷ೉қ౓తͳ࿩Ͱʣ

31. None

32. PT&YJU