Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
淡路島で開催されたhardening2017fesにプレミアムサポートメンバーで参加してきたよ...
Search
delphinz
December 02, 2017
Technology
0
120
淡路島で開催されたhardening2017fesにプレミアムサポートメンバーで参加してきたよ。/20171202-go-for-hardening2017fes
2017年11月23日から3日間淡路島で開催されたhardening 2017 fesに参加してきた記録と紹介です。
次はあなたが地球を守る番ですよ!
delphinz
December 02, 2017
Tweet
Share
More Decks by delphinz
See All by delphinz
【セキュリティ競技】MINI Hardeningのご紹介 / MINI Hardneing4 introduction
delphinz
1
1k
20200209MINI_INFRA
delphinz
1
340
MINI Hardening Road to Taiwan(2019 HITCON CMT)
delphinz
0
830
WAFのルールである OWASP ModSecurity Core Rule Set (CRS)を 使った可視化までの苦労話/20180921_owasp_connect_crs
delphinz
2
1.5k
Other Decks in Technology
See All in Technology
Classmethod AI Talks(CATs) #1 司会進行スライド(2024.09.19) / classmethod-ai-talks-aka-cats_moderator-slides_vol1_2024-09-19
shinyaa31
0
260
とあるOSSを継続可能にするための取り組みについて / OSS Refactoring Process
bun913
1
220
2ヶ月かかるDBアップグレード検証を最大2週間に短縮した自作Go製CLIツール「Platinum」を紹介する / Introducing Go CLI tool "Platinum" for shortened DB upgrade validation
vtryo
2
130
『GRANBLUE FANTASY: Relink』最高の「没入感」を実現するカットシーン制作手法とそれを支える技術
cygames
1
160
APIファースト、そしてTime To First Call削減への道筋
nagix
1
110
公共交通データとアプリ制作 - Mini Tokyo 3D の初期制作過程を振り返る
nagix
1
120
あなたの知らないiOS開発の世界
recruitengineers
PRO
3
190
【株式会社ELYZA】|GENIAC成果報告会 自社開発モデルプレゼンテーション
elyza
1
450
Segment Anything Model 2
tenten0727
3
720
Creative UIs with Compose: DroidKaigi 2024
chrishorner
1
610
より快適なエラーログ監視を目指して
leveragestech
4
1.5k
AIで変わるテスト自動化:最新ツールの多様なアプローチ/ 20240910 Takahiro Kaneyama
shift_evolve
0
250
Featured
See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
278
13k
Art, The Web, and Tiny UX
lynnandtonic
294
20k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
158
15k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
5
490
Statistics for Hackers
jakevdp
794
220k
VelocityConf: Rendering Performance Case Studies
addyosmani
322
23k
How GitHub Uses GitHub to Build GitHub
holman
472
290k
RailsConf 2023
tenderlove
28
820
Practical Orchestrator
shlominoach
185
10k
The Illustrated Children's Guide to Kubernetes
chrisshort
47
48k
The Cult of Friendly URLs
andyhume
76
6k
Transcript
Copyright © 2017 delphinz All Rights Reserved. ୶࿏ౡͰ։࠵͞Εͨ IBSEFOJOHGFTʹ ϓϨϛΞϜαϙʔτϝϯόʔͰ
ࢀՃ͖ͯͨ͠Αɻ 403".".&̑ !EFMQIJO[ ᖛͤͬ͘ʹ Զ͕ ग़ு൛ 4BU
Copyright © 2017 delphinz All Rights Reserved. ࣗݾհ ໊લɿMasahiro Tabataʢ@delphinzʣ
ࣄɿγεςϜίϯαϧλϯτͯ͠·͢ɻ ηΩϡϦςΟͨ͠ͳΈఔɻ झຯओʹ֨ಆٕ؍ઓͱྉཧɻBBQͰϚάϩͦͯ͠ಲΛ͖͞·͢ɻ MINI Hardening ӡӦϝϯόʔ(ϑΝγϦςʔγϣϯʣͬͯ·͢♫ ʢඇެೝʣ ᖛͤͬ͘উखʹԠԉஂஂʂҿΈ·͠ΐ͏ʂ
Copyright © 2017 delphinz All Rights Reserved. )BSEFOJOHGFTʹߦ͖ͬͯͨ ʮHardening 2017
Fesͱ໊͚ΒΕͨ͜ͷڝٕձɺ͜ͷɺ11݄23͔ Β25·Ͱͷ̏ؒɺຊඪ४࣌ࢠޕઢͷ௨ΔౡͰ͋Δฌݿݝ୶࿏ౡͰ։ ࠵͠·͢ɻʯ ճॏͶΔ͝ͱʹਓ૿͍͖͑ͯɺԠืഒ̑ഒ͔ۙͬͨΒ͍͠ʂ ʢ16νʔϜ Ͱ1νʔϜ6,7໊ʣ
Copyright © 2017 delphinz All Rights Reserved. )FEFOJOH1SPKFDUͱ ηΩϡϦςΟɾΠϕϯτʮHardening Projectʯͱɺ࠷ߴͷʮकΔʯٕ
ज़Λ࣋ͭτοϓΤϯδχΞΛൃ۷ɾݦজ͢ΔͷͰ͋Γɺٕज़ڝٕ(ίϯ ϖςΟγϣϯ)ͷܗࣜͰ࣮ࢪ͍ͯ͠·͢ɻ Hardening ProjectͰ։࠵͢ΔڝٕɺجຊతʹνʔϜର߅Ͱɺ੬ऑੑͷ ͋ΔECαΠτͷϋʔυχϯά(ݎ࿚Խ)ྗͷڧ͞Λ૯߹తʹڝ͏ίϯϖ ςΟγϣϯͷܗΛͱΓ·͢ɻڝٕ༰ɺηΩϡϦςΟΛѻ͏ਓ͕ߩݙ ͢Δɺݱ࣮తͳΛͲͷΑ͏ʹѻ͔ͬͯ͘ʹয͕͋ͯΒΕ·͢ɻ ࢀՃνʔϜɺใ௨৴ݚڀػߏͷ༗͢ΔStarBEDʹߏங͞ΕͨɺԾ ͷωοτϫʔΫڥͰڝٕ͠·͢ɻ IUUQTXBTGPSVNKQIBSEFOJOHQSPKFDU
Copyright © 2017 delphinz All Rights Reserved. ҙ༁͢Δͱ
Copyright © 2017 delphinz All Rights Reserved. ͋ͳͨୡࠓ͔ΒγεςϜཧऀͶɻ ࠓ͔Β๊͓͑ϋοΧʔ͕̍μʔε ·ͱΊͯϋοΩϯά͠ʹ͘Δ͔Β͏ͪ
ͷECαΠτΛམͱ͞ͳ͍Α͏ʹ࣌̕ ؒ͘Β͍ɺ͍͍ײ͡Ͱक͓͍ͬͯͯͶ ♫
Copyright © 2017 delphinz All Rights Reserved. ӡӦ͢Δਓͨͪ ,630.".& •
ֳαΠόʔηΩϡϦςΟηϯλʔ • ηΩϡϦςΟاۀ ݚڀॴॴ • ηΩϡϦςΟΩϟϯϓओࠪ • ౦ژΦϦϯϐοΫҕһ ܯඋہ • ࠃ࠷ߴๆϖϯςελʔ • ݩJPCERT/CC ϚϧΣΞݚڀऀ • ૯ল ྅ ʢ͘͝Ұ෦հʣ ͳΜ͔ͦ͏ʂʂʂ
Copyright © 2017 delphinz All Rights Reserved. ڝٕ෩ܠͦͷ̍ औకձʹݺΕͯ ใ࿙Ӯࣄ݅ͷઆ໌த
ࣾཪ൪ͷ08"41 ,"/4"*ొஃத 403".".&͓ങ্͍͛ ച্ͱ4-"Λදࣔ͢Δ είΞϘʔυʹώϯτ͕ʂʁ
Copyright © 2017 delphinz All Rights Reserved. ڝٕ෩ܠͦͷ̎ Ջͱ͍͏ཧ༝Ͱ Ϧϒʔτ͞ΕΔαʔό
෮چͰ͖ͳ͍ ϚϧΣΞ෮چαʔϏε (PPHMF)PNFʹΑΔ ύεϫʔυ࿐
Copyright © 2017 delphinz All Rights Reserved. ϚʔέοτϓϨΠεΛ׆༻͠Α͏ ڝٕதνʔϜͷ֎෦͔ΒαʔϏεɾΛௐୡͰ͖ΔʮϚʔέοτϓϨΠ ε(ڝٕϦιʔεɾαʔϏεௐୡ)ʯ͕༻ҙ͞Ε·͢ɻ
͜ΕʹΑΓɺνʔϜʹෆ͍ͯ͠ΔϦιʔεɺڝٕʹඞཁͱࢥΘΕΔ༻ Λόʔ νϟϧʹʮߪೖʯ͠ɺཱͯΔ͜ͱ͕Ͱ͖·͢ɻ (Ұ෦ൈਮʣ ϚʔέοτϓϨΠεࢀՃاۀ ߽՚ͳηΩϡϦςΟاۀͷதʹ ͳ͔ͥݱΕΔl403".".&z
Copyright © 2017 delphinz All Rights Reserved. ͳΜͰ403".".&ͳͷʁ • 2016݄̎ʹWAS
ForumදͷԬాྑଠ͞Μ໊͕͚ MINI hardening ͰKuromameʹଓ͘ελʔΛൃ۷͠Α͏ʂ ʮͰԶͨͪ·ͩࠇ͘ͳ͍ʂʯ 5FBN403".".& ͦΜͳܦҢ͋ͬͯॳ৺ऀΛαϙʔτ͢ΔͨΊͷ νʔϜʹબൈ͞Ε·ͨ͠! ͦΒ౾ͷՖݴ༿ ʮಌΕʯ
Copyright © 2017 delphinz All Rights Reserved. SORAMAME5 ϓϨϛΞϜαϙʔτ
Copyright © 2017 delphinz All Rights Reserved. αʔϏε֓ཁ ▸ Hardeningͷͯ͢ΛΓਚͨ͘͠SORAMAME5ϝϯόʔ͕
͋ͳͨͷνʔϜͷڝٕӡӦΛαϙʔτʂ SORAMAME5ϝϯόʔ͕͋ͳͨͷνʔϜʹ࠷ΠϯύΫτͷ͋Δ ࢪࡦΛఏҊ͠·͢ɻ ▸ ڝٕΛڧྗʹαϙʔτ͢ΔͨΊͷπʔϧΛඪ४ఏڙ ɾ౷߹ϩάࢹڥ ɾશνʔϜͷϓϥΠενΣοΫ ɾ֎෦͔ΒݟͨECαΠτͷεΫϦʔϯγϣοτΛνΣοΫ ΤʔδΣϯτΠϯετʔϧʹ͔͔࣌ؒΓ͗ͯ͢அ೦ ࣌ؒͰΫϩʔϥॻ͍ͨʂ ॏ͗ͯ͢ಈ͔ͳ͍ɻ֎෦͔ΒͷONBQͱεΩϟϯπʔϧͰ༻ νʔϜதνʔϜʹ͓ങ্͍͖͛·ͨ͠ʂ
Copyright © 2017 delphinz All Rights Reserved. ʢ൵ใʣਓࣄҟಈͷ͓Βͤ ·͔͞ͷ͓͔ΘΓʢ̎࣌ؒԆೖΓ·͢ʂʣ ΈΜͳେ͖ɺ࡞ۀҾ͖ܧ͗࡞ۀ
ࣾΛ͠ɺϝϯόʔ ผͷνʔϜҠಈ βϫβϫ
Copyright © 2017 delphinz All Rights Reserved. ࠓޙΛߟ͑ΔΞϯΧϯϑΝϨϯε ԶͨͪͷhardeningڝٕΛ࡞Ζ͏ʂηΩϡϦςΟਓࡐͷࠓޙΛߟ͑Δʂɺ ͳͲ͍͕ٞߦΘΕ·ͨ͠ɻ
Copyright © 2017 delphinz All Rights Reserved. ΈΜͳͰߦ͜͏ʮਫ਼ਆͱ࣌ͷ෦ʯ ʮਫ਼ਆͱ࣌ͷ෦ʯອըυϥΰϯϘʔϧʹग़ͯ͘Δमߦͷͷ͜ͱɻ ֎քͰͷ1͕͜ͷ෦ͷதͰ1ʢ365ʣʹ૬͢Δɻ
ʢ࠷ۙए͍ࢠʹυϥΰϯϘʔϧݟͯͳ͍ΜͰΒͳ͍ͬ͢ɺͱݴΘΕ· ͨ͠ɻʣ աڈʹHardening Projectͷओ࠵ͷྛઌੜʹฉ͍ͨͱ͜ΖʹΑΔͱʮ2ϲ݄ ͘Β͍Ͱൃੜ͢ΔͰ͋Ζ͏ηΩϡϦςΟΠϯγσϯτΛ̔࣌ؒͷڝٕʹ٧ ΊࠐΜͩʯͱͷ͜ͱɻ ѹॖͨ࣌ؒ͠ͷΠϯγσϯτମݧ͍͢͝εϐʔυͰΛଅ͠·͢ʂ
Copyright © 2017 delphinz All Rights Reserved. ٿΛʮӴΔʯؒΛ୳͠ʹߦ͜͏ʂ ୩ढ़ଠ ʮேͷϦϨʔʯͷҰઅΑΓ
”ΒேΛϦϨʔ͢Δͷͩɺܦ͔Βܦͱ ͦ͏͍ͯ͠ΘަͰٿΛकΔ” Έͳ͞ΜؒͱҰॹʹ୭͔ͷேΛक͍͖ͬͯ·͠ΐ͏ɻ ࣍ճ͋ͳͨͷ൪Ͱ͢Αʂ
Copyright © 2017 delphinz All Rights Reserved. ΞφλͷʮӴΔʯʹدΓఴ͍͍ͨ 403".".& ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ