Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
LJP-TW
May 26, 2021
Technology
1
50
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.7k
Reverse Engineering - 2
ljptw
0
730
Reverse Engineering - 3
ljptw
0
590
Re:0 從零開始的逆向工程
ljptw
1
1.2k
Linux 極入門篇
ljptw
1
290
Fuzzing 101
ljptw
1
190
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
120
Other Decks in Technology
See All in Technology
30分でわかるアーキテクチャモダナイゼーション
nwiizo
8
3.5k
Goで実現する堅牢なアーキテクチャ:DDD、gRPC-connect、そしてAI協調開発の実践
fujidomoe
3
740
【Developers Summit 2026】Memory Is All You Need:コンテキストの「最適化」から「継続性」へ ~RAGを進化させるメモリエンジニアリングの最前線~
shisyu_gaku
5
710
使って学ぼう MCP (と GitHub Codespaces)
tsubakimoto_s
1
220
What's new in Go 1.26?
ciarana
2
190
AI Coding Agentの地殻変動 ~ ai-coding.info の定点観測 ~
kotauchisunsun
0
300
今、求められるデータエンジニア
waiwai2111
2
1.4k
「技術的にできません」を越えて価値を生み出せ──研究開発チームをPMが率いて生み出した価値創出
hiro93n
1
330
教育現場のプロンプトエンジニアリング問題を 解決するAIエージェントを作成してみた
ryoshun
0
120
[続・営業向け 誰でも話せるOCI セールストーク] AWSよりOCIの優位性が分からない編(2026年2月20日開催)
oracle4engineer
PRO
0
110
Claude Codeはレガシー移行でどこまで使えるのか?
ak2ie
0
850
全自動で回せ!Claude Codeマーケットプレイス運用術
yukyu30
3
130
Featured
See All Featured
Designing Powerful Visuals for Engaging Learning
tmiket
0
250
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
1
140
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
160
Deep Space Network (abreviated)
tonyrice
0
77
The Pragmatic Product Professional
lauravandoore
37
7.2k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
2
460
The Limits of Empathy - UXLibs8
cassininazir
1
230
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.1k
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
130
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
nwiizo
fujidomoe
shisyu_gaku
tsubakimoto_s
ciarana
kotauchisunsun
waiwai2111
hiro93n
ryoshun
oracle4engineer
ak2ie
yukyu30
tmiket
stephenakadiri
samtorres
tonyrice
lauravandoore
tomoyanonymous
cassininazir
aleyda
wjessup
tanoku
.png){kind=avatar}
helenjbeal
