Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
46
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.7k
Reverse Engineering - 2
ljptw
0
720
Reverse Engineering - 3
ljptw
0
570
Re:0 從零開始的逆向工程
ljptw
1
1.2k
Linux 極入門篇
ljptw
1
290
Fuzzing 101
ljptw
1
180
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
120
Other Decks in Technology
See All in Technology
Amazon Quick Suite で始める手軽な AI エージェント
shimy
1
1.5k
マイクロサービスへの5年間 ぶっちゃけ何をしてどうなったか
joker1007
17
7.4k
ZOZOの独自性を生み出す「似合う4大要素」の開発サイクル
zozotech
PRO
0
110
NIKKEI Tech Talk #41: セキュア・バイ・デザインからクラウド管理を考える
sekido
PRO
0
200
コンテキスト情報を活用し個社最適化されたAI Agentを実現する4つのポイント
kworkdev
PRO
1
1.8k
LayerX QA Night#1
koyaman2
0
180
さくらのクラウド開発ふりかえり2025
kazeburo
2
200
Strands Agents × インタリーブ思考 で変わるAIエージェント設計 / Strands Agents x Interleaved Thinking AI Agents
takanorig
4
1.7k
MLflowダイエット大作戦
lycorptech_jp
PRO
1
160
20251222_next_js_cache__1_.pdf
sutetotanuki
0
130
会社紹介資料 / Sansan Company Profile
sansan33
PRO
11
390k
高度サイバー人材育成専科(後半)
nomizone
0
440
Featured
See All Featured
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
2
61
How to Talk to Developers About Accessibility
jct
1
83
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
980
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
110
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
70k
From π to Pie charts
rasagy
0
88
Designing for Timeless Needs
cassininazir
0
87
It's Worth the Effort
3n
187
29k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
120
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
140
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
shimy
joker1007
zozotech
sekido
kworkdev
koyaman2
kazeburo
takanorig
lycorptech_jp
sutetotanuki
sansan33
nomizone
addyosmani
cargoodrich
jct
tammyeverts
dugsong
jeffersonlam
soudai
rasagy
cassininazir
3n
nikkihalliwell
427marketing
