Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
41
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.5k
Reverse Engineering - 2
ljptw
0
650
Reverse Engineering - 3
ljptw
0
540
Re:0 從零開始的逆向工程
ljptw
1
990
Linux 極入門篇
ljptw
1
280
Fuzzing 101
ljptw
1
160
Binary Exploitation - File Structure
ljptw
1
260
Binary Exploitation - Heap
ljptw
1
130
Binary Exploitation - Basic
ljptw
1
100
Other Decks in Technology
See All in Technology
事業と組織から目を逸らずに技術でリードする
ogugu9
19
5.4k
技術的負債を「戦略的投資」にするためのPdMとエンジニアの連携と実践
satomino
3
790
激動の一年を通じて見えてきた「技術でリードする」ということ
ktr_0731
8
8.5k
Tailwind CSS の小話「コンテナークエリーって便利」
yamaday
0
150
GrafanaをClaude DesktopからMCPで触ってみた
hamadakoji
0
900
SRE/インフラエンジニアの市場価値とキャリアパス/Market value and career path for SRE-infrastructure engineers
takumakume
0
120
使えるデータ基盤を作る技術選定の秘訣 / selecting-the-right-data-technology
pei0804
10
1.7k
名単体テスト 禁断の傀儡(モック)
iwamot
PRO
1
330
スイッチのBMC、つかってますか?
sonic
0
440
木を見て森も見る-モジュールが織りなすプロダクトの森
kworkdev
PRO
0
300
Software Delivery Observability CI・CD , DORA metrics も Datadog で可視化しよう / datadog-ci-cd-observability
parupappa2929
0
170
20250514 1Passwordを使い倒す道場 vol.1
east_takumi
0
160
Featured
See All Featured
Unsuck your backbone
ammeep
671
58k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
810
Designing for Performance
lara
608
69k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.3k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
180
53k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.7k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Six Lessons from altMBA
skipperchong
28
3.8k
We Have a Design System, Now What?
morganepeng
52
7.6k
Building Applications with DynamoDB
mza
94
6.4k
Being A Developer After 40
akosma
91
590k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
ogugu9
satomino
ktr_0731
yamaday
hamadakoji
takumakume
pei0804
iwamot
sonic
kworkdev
parupappa2929
east_takumi
ammeep
tammyeverts
lara
eileencodes
soudai
bluesmoon
keavy
skipperchong
morganepeng
mza
akosma
chriscoyier
