Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
HITCON 2017 Zeroday 發表會
Search
Inndy
August 26, 2017
Technology
0
1.3k
HITCON 2017 Zeroday 發表會
https://zeroday.hitcon.org/vulnerability/ZD-2016-00306
Inndy
August 26, 2017
Tweet
Share
More Decks by Inndy
See All by Inndy
工程師一定要懂的 Text Encoding
inndy
1
700
資訊安全:麻瓜的黑魔法防禦術
inndy
3
3k
HackmeCTF 平台背後的心酸血淚史
inndy
2
840
COSCUP 2018 Lightning Talk - 審稿好難,所以我們來寫程式吧
inndy
0
450
逆向工程:從入門到放棄
inndy
7
3.6k
No More Crypto Fails
inndy
33
8.1k
你再共用密碼啊
inndy
1
760
CTF From Zero To One
inndy
5
5.1k
逆向工程基礎
inndy
4
1.4k
Other Decks in Technology
See All in Technology
コンパウンド組織のCRE #cre_meetup
layerx
PRO
0
210
[2025年10月版] Databricks Data + AI Boot Camp
databricksjapan
1
240
AWS UG Grantでグローバル20名に選出されてre:Inventに行く話と、マルチクラウドセキュリティの教科書を執筆した話 / The Story of Being Selected for the AWS UG Grant to Attending re:Invent, and Writing a Multi-Cloud Security Textbook
yuj1osm
1
120
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.8k
Azureコストと向き合った、4年半のリアル / Four and a half years of dealing with Azure costs
aeonpeople
1
250
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
8.9k
HonoとJSXを使って管理画面をサクッと型安全に作ろう
diggymo
0
160
「最速」で Gemini CLI を使いこなそう! 〜Cloud Shell/Cloud Run の活用〜 / The Fastest Way to Master the Gemini CLI — with Cloud Shell and Cloud Run
aoto
PRO
0
140
JSConf JPのwebsiteをGatsbyからNext.jsに移行した話 - Next.jsの多言語静的サイトと課題
leko
2
170
あなたの知らない Linuxカーネル脆弱性の世界
recruitengineers
PRO
3
130
現場データから見える、開発生産性の変化コード生成AI導入・運用のリアル〜 / Changes in Development Productivity and Operational Challenges Following the Introduction of Code Generation AI
nttcom
1
430
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3k
Featured
See All Featured
Gamification - CAS2011
davidbonilla
81
5.5k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
10
880
Practical Orchestrator
shlominoach
190
11k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Thoughts on Productivity
jonyablonski
70
4.9k
RailsConf 2023
tenderlove
30
1.3k
Faster Mobile Websites
deanohume
310
31k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
How STYLIGHT went responsive
nonsquared
100
5.8k
GraphQLとの向き合い方2022年版
quramy
49
14k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
Transcript
)*5$0/;FSPEBZ 䧮䟝銴⤑㹆涸J1IPOF4&⛓飑暟"QQ䢔呪
)J 䧮僽*OOEZ BLB加啄
➛㣔䧮銴铞♧⦐ 飑暟"QQ剤㥪㢵䓳럊涸佦✲ @ sཀպ̼ @
䎃厥♧㣔 䧮罉꠸騈䧮铞 ؇̫٥
厥飑暟笪畀剤馄⤑㹆ꣳꆀ㉂ㅷ ⿶ⶍ㥪䧮䟝䳖䩛堥 s٥Ī٥A
None
搭䖕䧮⦛㽠䩧 #VSQ4VJUF㨥溏溏 ง๑•̀@•́ ง
䧮欽7VFKT㻨✫♧⦐溏匢 ⢵䮋鼇⤑㹆涸㉂ㅷ 齡儘⦬䊨⡲ⶍ㥪㖈欽7VFKT鄄OPEFKT䵆䖤㥪汥蕲 Aİs
٧(́◕◞౪◟◕
䱺衽涮植♴鎎㋲涸"1* 须俲剤⸈㺙 ಠ@ಠ
剤⦐䊨Ⱘ〭⨞KBEY 〳⟃管陼"OESPJE"QQ ҙŐ ұѨѠѽ♧
s̫A _ԍ
s̫A _ԍ
昸✫䵻⤑㹆涸J1IPOF4& ٧ ԫӟ ظ
㻨玑䒭䵻飑
穡卓剤"1*鸠䏞ꣳⵖ 鼩剤♧❉㼭稣眏尝岤䠑ⵌ İ
穡卓䧮♧⦐鿪尝䵻ⵌ இŐஇ
㔐곃♧♴ s٥Ī٥A
"&4$#$1,$4 s٥Ī٥A
1BEEJOH0SBDMF sİA
'JYFE,FZ*7 sİA
䧮ⶍⶍ僽♶僽铞䧮⦛欽 #SVQ4VJUF s٥Ī٥A
飑暟笪畀䥰鑪剤 44-5-4ゅ s٥Ī٥A
sİA
䖕⢵䟝䟝"QQ鿪㻨涸鸏 랃昈✫㥪⫹剤溏ⵌTRMJUF sŐA
@ sཀպ̼ @
卓搭剤42-*OKFDUJPO @ sཀպ̼ @
˙08"415PQ.PCJMF3JTLT'JOBM-JTU ˙.8FBL4FSWFS4JEF$POUSPMT ˙.*OTFDVSF%BUB4UPSBHF ˙.*OTVDJFOU5SBOTQPSU-BZFS1SPUFDUJPO ˙.6OJOUFOEFE%BUB-FBLBHF ˙.1PPS"VUIPSJ[BUJPOBOE"VUIFOUJDBUJPO ˙.#SPLFO$SZQUPHSBQIZ ˙.$MJFOU4JEF*OKFDUJPO ˙ 鸏䧮尝剤庠麕
魨⟨阮㶶贫㶸㖈1SFGFSFODF.BOBHFS酆
㥶卓䧮僽䟅䠑余乹罏 ̫
䎙㣔䖕䧮䪾须俲侮椚♧♴ ⚓♳)*5$0/;FSPEBZ
None
⼿⸔鹎遤醳庠
恠Ꟁ涸麕玑н sŐA й • 2016/11 送出 • ⽉月底廠商才有回應 • 修到⼀一半請我複測,接著交給其他廠商做檢測
• 拖了了半年年,2017/05 終於公開了了!⼼心好累
鸏⚆歲涸怪峯⿶㼱✫♧⦐ sӟA
昸➊랃剚剤鸏랃㢵怪峯 sŐ
醳醢顦♳䊨玑䌌 ಠ@ಠ
IUUQTMBVSFOUHJUIVCJPTPJOKFDUJPOT
䖰㷸绢㻨玑䒭涸儘⦬ 㽠ⴀ✫㉏겗 ⡹涸罉䌌铞♶㹁㽠僽怪峯⢵彂 䠮闒➮雊䧮⦛剤䊨⡲
䖎㢵剅硃䲿⣘涸眕⢿玑䒭 㽠剤㉏겗 ⡹剅㽷缺1)1涸剅♧㹁䪪涸ⵌ42-*OKFDUJPO
♧饱㔐㜡怪峯 鍑对剤㉏겗涸➃來肬➮⦛ ؇̫٥