SlideShare ist ein Scribd-Unternehmen logo

Trend briefs security

J
Jongseok Choi

This presentation is briefly describing trends of security

Software
1 von 14
Downloaden Sie, um offline zu lesen
Cyber Security IoT Security Trend Briefs of Security th!nkh@ck-hackartist cafe.thinkhack.org September 13, 2014 th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security 1 Cyber Security Exploitation Web Security Reversing 2 IoT Security IoT Architecture IoT Platform IoT Device th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security Exploitation Web Security Reversing Buer Over ow Buer Over ow €? T¨¬ üÐ $X| t©Xì XÄ T¨¬ õt DÌ óÐ pt0| ½…X” õ© Buer Over owX …X Stack Over ow Heap Over ow Buer Over ow ¥ TÜ #include stdio.h int main(int argc, char **argv) f char buf[8]; gets(buf); printf(%snn, buf); return 0; g th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security Exploitation Web Security Reversing Shellcode Shellcode € 4Çx? ShellD )Xì …9´| ä‰Ü¤” TÜ Shellcode ‘ )• ´H¬ TÜ ‘1 0Ä´ ÀX XTÜ ‘1 Shellcode X : BSD setuid/execve nx31nxc0nx50nx50nxb0nx17nxcdnx80 nx31nxc0nx50nx68//shnx68/binnx89nxe3nx50 nx54nx53nx50nxb0nx3bnxcdnx80 th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security Exploitation Web Security Reversing Protection of Buer Over ow Buer Over ow Q0• H |t
ì¬ ¬© Stack Protection LibSafe StackGuard ProPolice DEP Pointer Protection PointGuard Executable space protection PaX BuerShield Address Space Layout Randomization Depp Packet Inspection th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security Exploitation Web Security Reversing Bypassing BoF Protection Brute Force Canary Ð t ¬© ROP õ© ASLR, DEP/NX, ASCII-Armor protectionÐ t ¬© RTL, Chaining RTL, GOT 0•t ˆL th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security Exploitation Web Security Reversing SQL Injection SQL Injection t€? ù
|ø0X „XX SQL TÜ| ½…Xì õ©D ‰ SQL InjectionX …X Form Injection Blind Injection Cookie Injection Union Injection SQL Injection ‰Ü SQL ü¬X Áü¬ : SELECT * FROM members WHERE uid='admin' and upw='xxx'; õ©ü¬ : SELECT * FROM members WHERE uid=or '1'='1' and upw= or '1'='1'; th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security Exploitation Web Security Reversing XSS XSS €? Cross Site Scripting }´ CSS|àÄ €tÀÌ, Cascading Style Sheet @ Ù´ XSS ü ˆ¼. ùÐ HTMLÜø| „X ½…Xì T| ‰X” õ©. |” ¬©X Cookie| ÈèX” ƒD ©h XSS õ©X Re ective XSS Stored XSS XSS õ©X scriptalert(document.cookie);/script th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security Exploitation Web Security Reversing CSRF CSRF €? Cross Site Request Forgery X }´tp, HTTP Request| ÀpX” õ© CSRF õ© a href=http://localhost/admin/chpw.php?pw=1234Go to localhost/a Q)• GET TŒÜôä” POST TŒÜ| ¬© ” ô À½ÜД 2( € ‰ th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security Exploitation Web Security Reversing Dynamic Analysis Dynamic Analysis €? ø¨D ä‰Xì T¨¬Ð ) ÁÜÐ „D ‰X” ƒ ¥ Packing D à$XÀ JDÄ ( Ù‘X” üD äÜ ¨È0Á ` ˆL Dynamic AnalysisÐ ü ¬©X” 4 Virtualization, Sandbox 4 Ollydbg, imunity debugger, windbg ñ th!nkh@ck-hackartist Trend Briefs of Security
Cyber Security IoT Security Exploitation Web Security Reversing Static Analysis Static Analysis €? ø¨D ä‰XÀ Jà „X” )• ¥ Sandbox D”ÆL Anti-DebuggingÐ x¬À JL ô
| ¥ Static AnalysisÐ ü ¬©X” 4 IDA, objdump th!nkh@ck-hackartist Trend Briefs of Security

Empfohlen

Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORTSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Rethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native eraRethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native eraPriyanka Aash
 
G Data Retail 2011 English
G Data Retail 2011 EnglishG Data Retail 2011 English
G Data Retail 2011 EnglishDaniel Chee
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of SecuritySaumil Shah
 
Ben herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacksBen herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacksChungSC_tw
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 

Empfohlen

Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORTSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Rethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native eraRethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native eraPriyanka Aash
 
G Data Retail 2011 English
G Data Retail 2011 EnglishG Data Retail 2011 English
G Data Retail 2011 EnglishDaniel Chee
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of SecuritySaumil Shah
 
Ben herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacksBen herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacksChungSC_tw
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016Saumil Shah
 
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】Hacks in Taiwan (HITCON)
 
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】Hacks in Taiwan (HITCON)
 
อาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้อง
อาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้องอาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้อง
อาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้องSupaporn21
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
ویروسهای رایانه ای
ویروسهای رایانه ایویروسهای رایانه ای
ویروسهای رایانه ایShahid Beheshti University
 
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판Minseok(Jacky) Cha
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingКомсс Файквэе
 
The IoT Attack Surface
The IoT Attack SurfaceThe IoT Attack Surface
The IoT Attack SurfaceDaniel Miessler
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviourDefCamp
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017Brad Antoniewicz
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSylvain Martinez
 
Catálogo
CatálogoCatálogo
CatálogoIñaki Cabral
 
Catalogo ZONI
Catalogo ZONICatalogo ZONI
Catalogo ZONIIñaki Cabral
 
Structure - Processing Linkages in Polyethylene
Structure - Processing Linkages in PolyethyleneStructure - Processing Linkages in Polyethylene
Structure - Processing Linkages in Polyethylenedavid_brough1
 
Decreto 1850 de 2002
Decreto 1850 de 2002Decreto 1850 de 2002
Decreto 1850 de 2002Saku Garcia
 
Dr Awad CV
Dr Awad CVDr Awad CV
Dr Awad CVDr Awad Hassan
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016Saumil Shah
 
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】Hacks in Taiwan (HITCON)
 
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】Hacks in Taiwan (HITCON)
 
อาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้อง
อาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้องอาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้อง
อาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้องSupaporn21
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판Minseok(Jacky) Cha
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingКомсс Файквэе
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviourDefCamp
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017Brad Antoniewicz
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSylvain Martinez
 

Was ist angesagt? (17)

The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016
 
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
 
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
 
อาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้อง
อาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้องอาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้อง
อาชญากรรมคอมพิวเตอร์และกฎหมายที่เกี่ยวข้อง
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
ویروسهای رایانه ای
ویروسهای رایانه ایویروسهای رایانه ای
ویروسهای رایانه ای
 
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijacking
 
The IoT Attack Surface
The IoT Attack SurfaceThe IoT Attack Surface
The IoT Attack Surface
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviour
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture Training
 
Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
 

Andere mochten auch

Structure - Processing Linkages in Polyethylene
Structure - Processing Linkages in PolyethyleneStructure - Processing Linkages in Polyethylene
Structure - Processing Linkages in Polyethylenedavid_brough1
 
Decreto 1850 de 2002
Decreto 1850 de 2002Decreto 1850 de 2002
Decreto 1850 de 2002Saku Garcia
 
Lgpl license
Lgpl licenseLgpl license
Lgpl licenseEric Juan
 
GAP_Phase1_Completion_Report
GAP_Phase1_Completion_ReportGAP_Phase1_Completion_Report
GAP_Phase1_Completion_ReportTatjana Muhic
 
Increase your Following on Twitter With Hashtags!
Increase your Following on Twitter With Hashtags!Increase your Following on Twitter With Hashtags!
Increase your Following on Twitter With Hashtags!Megan Davis
 
PPDHTH3_HoangNhi
PPDHTH3_HoangNhiPPDHTH3_HoangNhi
PPDHTH3_HoangNhinhi104
 
Lgpl license
Lgpl licenseLgpl license
Lgpl licenseEric Juan
 

Andere mochten auch (12)

Catálogo
CatálogoCatálogo
Catálogo
 
Catalogo ZONI
Catalogo ZONICatalogo ZONI
Catalogo ZONI
 
Structure - Processing Linkages in Polyethylene
Structure - Processing Linkages in PolyethyleneStructure - Processing Linkages in Polyethylene
Structure - Processing Linkages in Polyethylene
 
Decreto 1850 de 2002
Decreto 1850 de 2002Decreto 1850 de 2002
Decreto 1850 de 2002
 
Dr Awad CV
Dr Awad CVDr Awad CV
Dr Awad CV
 
Rural dev
Rural devRural dev
Rural dev
 
Lgpl license
Lgpl licenseLgpl license
Lgpl license
 
GAP_Phase1_Completion_Report
GAP_Phase1_Completion_ReportGAP_Phase1_Completion_Report
GAP_Phase1_Completion_Report
 
Increase your Following on Twitter With Hashtags!
Increase your Following on Twitter With Hashtags!Increase your Following on Twitter With Hashtags!
Increase your Following on Twitter With Hashtags!
 
Usage of GDB
Usage of GDBUsage of GDB
Usage of GDB
 
PPDHTH3_HoangNhi
PPDHTH3_HoangNhiPPDHTH3_HoangNhi
PPDHTH3_HoangNhi
 
Lgpl license
Lgpl licenseLgpl license
Lgpl license
 

Ähnlich wie Trend briefs security

Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber SecurityAyoma Wijethunga
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfacesmichelemanzotti
 
Minor Mistakes In Web Portals
Minor Mistakes In Web PortalsMinor Mistakes In Web Portals
Minor Mistakes In Web Portalsmsobiegraj
 
"Designing Secure Infrastructure for High Growth Product" by Rendra Perdana (...
"Designing Secure Infrastructure for High Growth Product" by Rendra Perdana (..."Designing Secure Infrastructure for High Growth Product" by Rendra Perdana (...
"Designing Secure Infrastructure for High Growth Product" by Rendra Perdana (...Tech in Asia ID
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
 
Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mike West
 
Security of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To AvoidSecurity of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To Avoidslicklash
 
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdfEN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdfGiorgiRcheulishvili
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)mike parks
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Jeremiah Grossman
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonStefan Streichsbier
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defenseamiable_indian
 
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptxTrack 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptxAmazon Web Services
 
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全Amazon Web Services
 

Ähnlich wie Trend briefs security (20)

Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
 
Minor Mistakes In Web Portals
Minor Mistakes In Web PortalsMinor Mistakes In Web Portals
Minor Mistakes In Web Portals
 
"Designing Secure Infrastructure for High Growth Product" by Rendra Perdana (...
"Designing Secure Infrastructure for High Growth Product" by Rendra Perdana (..."Designing Secure Infrastructure for High Growth Product" by Rendra Perdana (...
"Designing Secure Infrastructure for High Growth Product" by Rendra Perdana (...
 
How to use shodan more powerful
How to use shodan more powerful How to use shodan more powerful
How to use shodan more powerful
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
 
Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013
 
Security of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To AvoidSecurity of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To Avoid
 
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdfEN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} Hackathon
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defense
 
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptxTrack 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
 
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
 

Mehr von Jongseok Choi

Hyperledger 구조 분석
Hyperledger 구조 분석Hyperledger 구조 분석
Hyperledger 구조 분석Jongseok Choi
 
Blockchain trends and research
Blockchain trends and researchBlockchain trends and research
Blockchain trends and researchJongseok Choi
 
Bitcoin and Ethereum
Bitcoin and EthereumBitcoin and Ethereum
Bitcoin and EthereumJongseok Choi
 
oneM2M security summary
oneM2M security summaryoneM2M security summary
oneM2M security summaryJongseok Choi
 
Case Study on Intelligent IoT Platform
Case Study on Intelligent IoT PlatformCase Study on Intelligent IoT Platform
Case Study on Intelligent IoT PlatformJongseok Choi
 
oneM2M Introduction and security
oneM2M Introduction and securityoneM2M Introduction and security
oneM2M Introduction and securityJongseok Choi
 
IoT Introduction and Security
IoT Introduction and SecurityIoT Introduction and Security
IoT Introduction and SecurityJongseok Choi
 
Basic of Exploitation
Basic of ExploitationBasic of Exploitation
Basic of ExploitationJongseok Choi
 
wordpress with nginx on virtualization, jail
wordpress with nginx on virtualization, jailwordpress with nginx on virtualization, jail
wordpress with nginx on virtualization, jailJongseok Choi
 

Mehr von Jongseok Choi (17)

Hyperledger 구조 분석
Hyperledger 구조 분석Hyperledger 구조 분석
Hyperledger 구조 분석
 
Blockchain trends and research
Blockchain trends and researchBlockchain trends and research
Blockchain trends and research
 
블록체인 개요
블록체인 개요블록체인 개요
블록체인 개요
 
Bitcoin and Ethereum
Bitcoin and EthereumBitcoin and Ethereum
Bitcoin and Ethereum
 
Effective Go
Effective GoEffective Go
Effective Go
 
oneM2M security summary
oneM2M security summaryoneM2M security summary
oneM2M security summary
 
Case Study on Intelligent IoT Platform
Case Study on Intelligent IoT PlatformCase Study on Intelligent IoT Platform
Case Study on Intelligent IoT Platform
 
oneM2M Introduction and security
oneM2M Introduction and securityoneM2M Introduction and security
oneM2M Introduction and security
 
IoT Introduction and Security
IoT Introduction and SecurityIoT Introduction and Security
IoT Introduction and Security
 
Gitlab.key
Gitlab.keyGitlab.key
Gitlab.key
 
Basic of Exploitation
Basic of ExploitationBasic of Exploitation
Basic of Exploitation
 
Web penetration
Web penetrationWeb penetration
Web penetration
 
Svn
SvnSvn
Svn
 
wordpress with nginx on virtualization, jail
wordpress with nginx on virtualization, jailwordpress with nginx on virtualization, jail
wordpress with nginx on virtualization, jail
 
Web hacking 개요
Web hacking 개요Web hacking 개요
Web hacking 개요
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Forensic 2
Forensic 2Forensic 2
Forensic 2
 

Kürzlich hochgeladen

Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 

Kürzlich hochgeladen (20)

Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 

Trend briefs security

  • 1. Cyber Security IoT Security Trend Briefs of Security th!nkh@ck-hackartist cafe.thinkhack.org September 13, 2014 th!nkh@ck-hackartist Trend Briefs of Security
  • 2. Cyber Security IoT Security 1 Cyber Security Exploitation Web Security Reversing 2 IoT Security IoT Architecture IoT Platform IoT Device th!nkh@ck-hackartist Trend Briefs of Security
  • 3. Cyber Security IoT Security Exploitation Web Security Reversing Buer Over ow Buer Over ow €? T¨¬ üÐ $X| t©Xì XÄ T¨¬ õt DÌ óÐ pt0| ½…X” õ© Buer Over owX …X Stack Over ow Heap Over ow Buer Over ow ¥ TÜ #include stdio.h int main(int argc, char **argv) f char buf[8]; gets(buf); printf(%snn, buf); return 0; g th!nkh@ck-hackartist Trend Briefs of Security
  • 4. Cyber Security IoT Security Exploitation Web Security Reversing Shellcode Shellcode € 4Çx? ShellD )Xì …9´| ä‰Ü¤” TÜ Shellcode ‘ )• ´H¬ TÜ ‘1 0Ä´ ÀX XTÜ ‘1 Shellcode X : BSD setuid/execve nx31nxc0nx50nx50nxb0nx17nxcdnx80 nx31nxc0nx50nx68//shnx68/binnx89nxe3nx50 nx54nx53nx50nxb0nx3bnxcdnx80 th!nkh@ck-hackartist Trend Briefs of Security
  • 5. Cyber Security IoT Security Exploitation Web Security Reversing Protection of Buer Over ow Buer Over ow Q0• H |t
  • 6. ì¬ ¬© Stack Protection LibSafe StackGuard ProPolice DEP Pointer Protection PointGuard Executable space protection PaX BuerShield Address Space Layout Randomization Depp Packet Inspection th!nkh@ck-hackartist Trend Briefs of Security
  • 7. Cyber Security IoT Security Exploitation Web Security Reversing Bypassing BoF Protection Brute Force Canary Ð t ¬© ROP õ© ASLR, DEP/NX, ASCII-Armor protectionÐ t ¬© RTL, Chaining RTL, GOT 0•t ˆL th!nkh@ck-hackartist Trend Briefs of Security
  • 8. Cyber Security IoT Security Exploitation Web Security Reversing SQL Injection SQL Injection t€? ù
  • 9. |ø0X „XX SQL TÜ| ½…Xì õ©D ‰ SQL InjectionX …X Form Injection Blind Injection Cookie Injection Union Injection SQL Injection ‰Ü SQL ü¬X Áü¬ : SELECT * FROM members WHERE uid='admin' and upw='xxx'; õ©ü¬ : SELECT * FROM members WHERE uid=or '1'='1' and upw= or '1'='1'; th!nkh@ck-hackartist Trend Briefs of Security
  • 10. Cyber Security IoT Security Exploitation Web Security Reversing XSS XSS €? Cross Site Scripting }´ CSS|àÄ €tÀÌ, Cascading Style Sheet @ Ù´ XSS ü ˆ¼. ùÐ HTMLÜø| „X ½…Xì T| ‰X” õ©. |” ¬©X Cookie| ÈèX” ƒD ©h XSS õ©X Re ective XSS Stored XSS XSS õ©X scriptalert(document.cookie);/script th!nkh@ck-hackartist Trend Briefs of Security
  • 11. Cyber Security IoT Security Exploitation Web Security Reversing CSRF CSRF €? Cross Site Request Forgery X }´tp, HTTP Request| ÀpX” õ© CSRF õ© a href=http://localhost/admin/chpw.php?pw=1234Go to localhost/a Q)• GET TŒÜôä” POST TŒÜ| ¬© ” ô À½ÜД 2( € ‰ th!nkh@ck-hackartist Trend Briefs of Security
  • 12. Cyber Security IoT Security Exploitation Web Security Reversing Dynamic Analysis Dynamic Analysis €? ø¨D ä‰Xì T¨¬Ð ) ÁÜÐ „D ‰X” ƒ ¥ Packing D à$XÀ JDÄ ( Ù‘X” üD äÜ ¨È0Á ` ˆL Dynamic AnalysisÐ ü ¬©X” 4 Virtualization, Sandbox 4 Ollydbg, imunity debugger, windbg ñ th!nkh@ck-hackartist Trend Briefs of Security
  • 13. Cyber Security IoT Security Exploitation Web Security Reversing Static Analysis Static Analysis €? ø¨D ä‰XÀ Jà „X” )• ¥ Sandbox D”ÆL Anti-DebuggingÐ x¬À JL ô
  • 14. | ¥ Static AnalysisÐ ü ¬©X” 4 IDA, objdump th!nkh@ck-hackartist Trend Briefs of Security
  • 15. Cyber Security IoT Security IoT Architecture IoT Platform IoT Device IoT Architecture œ˜ : http://www.magic.ubc.ca/wiki/uploads/Projects/IoTportal2.png th!nkh@ck-hackartist Trend Briefs of Security
  • 16. Cyber Security IoT Security IoT Architecture IoT Platform IoT Device IoT Platform Security ¬© x x IoT ¬©äÐ t x ¬© Ä ´ ¥ t¤Ð ü´ MAC,DAC, Non-DAC, RBAC ñ” Ä ˆL. CapBACt ˜TÀÌ, ìˆ ììÀ tˆ ˆ´ t°t|h. Privacy IoT” User-Friendly X½ ¬©X ô| Ît xœh Ept0Ð |t„Ü| ô8` ˆ” )• D” ììÀ 0•t Hà ˆÀÌ, 1¥ÁX 8 ˆL. DDoS High-rate DoS õ©@ 0ø xœ´ ˆL Low-rate DoS õ©Ä à$Xì| h Load-Balancing à$t|h th!nkh@ck-hackartist Trend Briefs of Security
  • 17. Cyber Security IoT Security IoT Architecture IoT Platform IoT Device IoT Device Security Device Authentication Device to Device xD à$t| h | Serial 0X xD ü ¬©Xà ˆÀÌ, Ä ˆL Certi
  • 18. cate 0X xD õt| h SAML, SOAP ñD ü t©Xà ˆÀÌ, Ä ˆL Device Certi
  • 19. cate x X D”h Device Access Control DeviceÐ Access ControlD ‰X0 t” ½ÉT ´| h MAC, DAC, RBAC ñX 0tX ü´” IoT X½Ð Ä Ý@ CapBACt tˆ à ˆÀÌ, IoT X½D Dˆ XÀ »Xà ˆL ABE0X ü´ 0•Ð äÈ ðl D”h th!nkh@ck-hackartist Trend Briefs of Security