黑客技術，黑科技樹 II

Transcript

1. 黑客、技術 黑、科技樹 2017/02/27 II

2. Kuon 喜歡學習，特別是「安全技術」。

3. None

4. 逆向 工程 其 他 軟體 破解 惡意 程式 漏洞 攻防

5. 硬體 軟體

6. 硬體 Logic Analysis PCB Reversing ROM Extraction IC Reversing

7. Emulation Flash Dump JTAG Firmware Analysis FS Extraction Firmware Download

   File ID

8. 軟體 De- compiler IDA Pro REIL Binary Analysis Binary Diff

   Analysis DBI Emulation Firmware Analysis File ID File Format Debugger

9. Anti-Anti- Debug Anti- Debug Anti- Dump Packer Anti-DBI Anti- Sandbox

   Anti- Disasm Anti-VM Anti- Emulator Unpacker Anti-Anti- VM

10. Anti- Debug Packer Anti- Sandbox Anti-VM Anti-Virus Virus Anti- Rootkit

    Anti-Anti- Virus Rootkit Malware Botnet Anti- Botnet Anti- Malware

11. ASLR Malware Anti- Malware DEP ROP UAC W^X EMET JIT

    Spray GrSecurity Anti-Anti- Virus

12. Anti- Dump Debugger Memory Hacking Anti-Anti- Debug Anti- Debug VM

    Anti-VM Anti-Anti- VM

13. Hooking Rootkit Malware Injection SMM VM

14. None

15. 需求 架構 開發 測試 部署 API SOAP RESTful JSON Data

    Format XML Authentication Cookie HTTP Header Token User Input Injection OAuth Cross-Domain Sever-side Proxy SSRF Javascript Hijacking CSP Secure Transport SSL/TLS HSTS NoSQL Cert Validation CORS CSRF JSONP Callback Resource Upload/Download Upload Enumeration CSRF CSRF Security Header Pinning XXE
16. None

17. 流程、標準 Null Pointer Race Condition Dangling Pointer Data Race Double

    Free Double Destruct Use-After-Free Use-After-Destruct Integer Overflow Counter Overflow Heap Overflow Pool Overflow Stack Overflow Format String JMS & JMX File Inclusion Object Injection 框 架 OGNL Injection HQL Injection 執 行 環 境 Java PHP 通 用 Web Native SQL Injection XSS Cmd Injection Path Traversal Code Injection Unserialization Template Injection Python Template Injection Race Condition CSRF YAML Evaluation Mass Assignment Spring i18n Injection OOB Read Arbitrary Write Info Leak Type Confusion Undef Behavior Uninit Memory

18. Q&A 問題‧討論