ã©ã¹ãã¬ã¹ã§éå¬ãããBlack Hat USAã«ã³ãã¡ã¬ã³ã¹ã«ãŠ
- æé«ã®ãµãŒããŒãã°ã ãããã¯ãŒã¯ ãµãŒãã¹ã«ãããæè¡çã«æãè€éã§èå³æ·±ããã°ãç¹å®ããæªçšããããšã«å¯ŸããŠæäžãããŸãã åè
ã¯ç 究è
ãã¡ã§ãã
æããã«ãã VPN ãããã€ã㌠Pulse Secure ã®è匱æ§ããã® VPN ãµãŒãã¹ã¯ãTwitterãUberãMicrosoftãslaãSpaceXãAkamaiãIntelãIBMãVMwareãç±³åœæµ·è»ãç±³åœåå®å šä¿éç (DHS)ãããã³ããããäžçã®ååã®äŒæ¥ã«ãã£ãŠäœ¿çšãããŠããŸããç 究è ãã¯ãèªèšŒãããŠããªãæ»æè ãä»»æã®ãŠãŒã¶ãŒã®ãã¹ã¯ãŒããå€æŽã§ããããã¯ãã¢ãçºèŠããŸããã ãã®åé¡ãæªçšããŠãHTTPS ããŒãã®ã¿ãéããŠãã VPN ãµãŒããŒãžã® root ã¢ã¯ã»ã¹ãååŸããå¯èœæ§ãå®èšŒãããŠããŸããè³ãåè³ã§ããªãã£ãåè£è ã®äžã«ã¯ã次ã®ãããªç¹ãæããããŸãã
- äºåèªèšŒæ®µéã§éçš
èåŒ±æ§ Jenkins ç¶ç¶ççµ±åã·ã¹ãã ã§ã¯ããµãŒããŒäžã§ã³ãŒããå®è¡ã§ããŸãã ãã®è匱æ§ã¯ããµãŒããŒäžã§æå·é貚ãã€ãã³ã°ãçµç¹ããããã«ãããã«ãã£ãŠç©æ¥µçã«äœ¿çšãããŸãã - ã¯ãªãã£ã«ã«
èåŒ±æ§ Exim ã¡ãŒã« ãµãŒããŒã§ã¯ãroot æš©éã§ãµãŒããŒäžã§ã³ãŒããå®è¡ã§ããŸãã -
èåŒ±æ§ Xiongmai XMeye P2P IP ã«ã¡ã©ã«æèŒãããŠãããããã€ã¹ãå¶åŸ¡ã§ããããã«ãªããŸãã ã«ã¡ã©ã«ã¯ãšã³ãžãã¢ãªã³ã°ãã¹ã¯ãŒããæäŸããããã¡ãŒã ãŠã§ã¢ã®æŽæ°æã«ããžã¿ã«çœ²åæ€èšŒã¯äœ¿çšãããŸããã§ããã - ã¯ãªãã£ã«ã«
èåŒ±æ§ Windows ã§ã® RDP ãããã³ã«ã®å®è£ ã§ã¯ãã³ãŒãããªã¢ãŒãã§å®è¡ã§ããŸãã -
èåŒ±æ§ WordPress ã§ã¯ãç»åãè£ ã£ã PHP ã³ãŒãã®èªã¿èŸŒã¿ã«é¢é£ä»ããããŠããŸãã ãã®åé¡ã«ããããµã€ãäžã®åºçç©ã®èè (Author) ã®æš©éãååŸããŠããµãŒããŒäžã§ä»»æã®ã³ãŒããå®è¡ã§ããããã«ãªããŸãã
- äºåèªèšŒæ®µéã§éçš
- ãã¹ãã¯ã©ã€ã¢ã³ããœãããŠã§ã¢ã®ãã°ã åè
ã¯äœ¿ããããã§ãã
èåŒ±æ§ Apple FaceTime ã°ã«ãŒãé話ã·ã¹ãã ã§ãã°ã«ãŒãé話ã®éå§è ãçä¿¡åŽã«é話ã匷å¶çã«åãå ¥ããããšãèš±å¯ããŸã (ããšãã°ããªã¹ãã³ã°ãã¹ããŒãã³ã°ã®ãã)ããŸãã次ã®è³ã«ãããããŒããããŸããã
-
èåŒ±æ§ WhatsApp ã§ã¯ãç¹å¥ã«èšèšãããé³å£°é話ãéä¿¡ããããšã§ã³ãŒããå®è¡ã§ããŸãã -
èåŒ±æ§ Chrome ãã©ãŠã¶ã§äœ¿çšããã Skia ã°ã©ãã£ã㯠ã©ã€ãã©ãªã§ã¯ãäžéšã®å¹ŸäœåŠçå€æã«ãããæµ®åå°æ°ç¹ãšã©ãŒã«ããã¡ã¢ãªç Žæãçºçããå¯èœæ§ããããŸãã
-
- æé©ãªç¹æš©ææ Œã®è匱æ§ã ç¹å®ããããšã§åå©ãäžããããŸãã
èåŒ±æ§ iOS ã«ãŒãã«å ã«ãããSafari ãã©ãŠã¶ããã¢ã¯ã»ã¹ã§ãã ipc_voucher çµç±ã§æªçšã§ããŸãããŸãã次ã®è³ã«ãããããŒããããŸããã
-
èåŒ±æ§ Windows ã§ã¯ãCreateWindowEx (win32k.sys) é¢æ°ã䜿çšããæäœãéããŠã·ã¹ãã ãå®å šã«å¶åŸ¡ã§ããããã«ãªããŸãã ãã®åé¡ã¯ãè匱æ§ãä¿®æ£ãããåã«ããã®è匱æ§ãæªçšãããã«ãŠã§ã¢ã®åæäžã«ç¹å®ãããŸããã -
èåŒ±æ§ runc ãš LXC ã§ã¯ãDocker ããã®ä»ã®ã³ã³ããåé¢ã·ã¹ãã ã«åœ±é¿ãåãŒããæ»æè ã«ãã£ãŠå¶åŸ¡ãããåé¢ãããã³ã³ããã runc å®è¡å¯èœãã¡ã€ã«ãå€æŽãããã¹ã ã·ã¹ãã åŽã§ root æš©éãååŸã§ããããã«ãªããŸãã -
èåŒ±æ§ iOS (CFPrefsDaemon) ã§ã¯ãåé¢ã¢ãŒãããã€ãã¹ããroot æš©éã§ã³ãŒããå®è¡ã§ããŸãã -
èåŒ±æ§ Android ã§äœ¿çšããã Linux TCP ã¹ã¿ãã¯ã®ãšãã£ã·ã§ã³ã§ãããŒã«ã« ãŠãŒã¶ãŒãããã€ã¹äžã§æš©éãææ Œã§ããããã«ããŸãã -
èåŒ±æ§ systemd-journald ã§ã¯ãroot æš©éãååŸã§ããŸãã -
èåŒ±æ§ /tmp ãã¯ãªãŒãã³ã°ããããã® tmpreaper ãŠãŒãã£ãªãã£ãããã«ããããã¡ã€ã« ã·ã¹ãã ã®ä»»æã®éšåã«ãã¡ã€ã«ãä¿åã§ããŸãã
-
- æåªç§æå·æ»æã å®éã®ã·ã¹ãã ããããã³ã«ãæå·åã¢ã«ãŽãªãºã ã«ãããæãé倧ãªã®ã£ãããç¹å®ããããšã«å¯ŸããŠæäžãããŸãã ãç¹å®ããããšã§è³ãæäžãããŸãã
èåŒ±æ§ WPA3 ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ ã»ãã¥ãªã㣠ãã¯ãããžãš EAP-pwd ã«ãããæ¥ç¶ãã¹ã¯ãŒããåäœæãããã¹ã¯ãŒããç¥ããªããŠãã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãããã®ä»ã®åè³åè£è ã¯æ¬¡ã®ãšããã§ãã
-
æ¹æ³ é»åã¡ãŒã« ã¯ã©ã€ã¢ã³ãã® PGP ããã³ S/MIME æå·åã«å¯Ÿããæ»æã -
ã¢ããªã±ãŒã·ã§ã³ æå·åããã Bitlocker ããŒãã£ã·ã§ã³ã®å 容ã«ã¢ã¯ã»ã¹ããããã®ã³ãŒã«ã ããŒãæ¹åŒã -
èåŒ±æ§ OpenSSL ã§ã¯ãäžæ£ãªããã£ã³ã°ãšäžæ£ãª MAC ãåä¿¡ããç¶æ³ãåºå¥ã§ããŸãã ãã®åé¡ã¯ãããã£ã³ã° Oracle ã§ã®ãŒã ãã€ãã®åŠçãééã£ãŠããããšãåå ã§çºçããŸãã -
åé¡ ãã€ãã§äœ¿çšãããŠãã SAML ã䜿çšãã ID ã«ãŒãã -
åé¡ ChromeOS ã§ã® U2F ããŒã¯ã³ã®ãµããŒãã®å®è£ ã«ãããä¹±æ°ã®ãšã³ããããŒã䜿çšããŸãã -
èåŒ±æ§ Monocypher ã§ã¯ããã«ã® EdDSA 眲åãæ£ãããã®ãšããŠèªèãããŸããã
-
- ãããŸã§ã§æãé©æ°çãªç 究ã è³ã¯æè¡éçºè
ã«æäžãããŸãã
ãã¯ãã«åããããšãã¥ã¬ãŒã·ã§ã³ ãAVX-512 ãã¯ãã«åœä»€ã䜿çšããŠããã°ã©ã ã®å®è¡ããšãã¥ã¬ãŒããããã¡ãžã³ã° ãã¹ãã®é床ãå€§å¹ ã«åäžãããããšãã§ããŸã (40 ç§ãããæ倧 120 ïœ 8 ååœä»€)ã ãã®æè¡ã«ãããå CPU ã³ã¢ã¯ã¢ããªã±ãŒã·ã§ã³ã®ãã¡ãžã³ã° ãã¹ãã®åœä»€ãšäžŠè¡ã㊠64 å°ã® 16 ãããä»®æ³ãã·ã³ãŸã㯠32 å°ã® XNUMX ãããä»®æ³ãã·ã³ãå®è¡ã§ããŸããåè³å¯Ÿè±¡è ã¯ä»¥äžã®ãšããã§ããã
-
èåŒ±æ§ MS Excel ã® Power Query ãã¯ãããžãããã«ãããã³ãŒãã®å®è¡ãæŽçããç¹å¥ã«èšèšãããã¹ãã¬ããã·ãŒããéããšãã«ã¢ããªã±ãŒã·ã§ã³åé¢ã¡ãœããããã€ãã¹ã§ããŸãã -
æ¹æ³ ãã¹ã©è»ã®èªåæ瞊ã欺ãã察åè»ç·ãžã®èµ°è¡ãèªçºããã -
åã ASICS ããã Siemens S7-1200 ã®ãªããŒã¹ ãšã³ãžãã¢ãªã³ã°ã -
ãœããŒã¹ããŒã - ãœããŒã®åäœåçã«åºã¥ããŠãæºåž¯é»è©±ã®ããã¯è§£é€ã³ãŒããç¹å®ããããã®æã®åãã®è¿œè·¡æè¡ - ã¹ããŒããã©ã³ã®äžéšãšäžéšã®ã¹ããŒã«ãŒãäžå¯èŽã®æ¯åãçæããå èµãã€ã¯ããããæŸã£ãŠã¹ããŒããã©ã³ããåå°ãããæ¯åã®ååšãåæããŸããæ; -
éçº NSA ã® Ghidra ãªããŒã¹ ãšã³ãžãã¢ãªã³ã° ããŒã«ãããã -
SAFE â ãã€ã㪠ã¢ã»ã³ããªã®åæã«åºã¥ããŠãè€æ°ã®å®è¡å¯èœãã¡ã€ã«å ã§åäžã®é¢æ°ã®ã³ãŒãã䜿çšãããŠãããã©ãããå€æããææ³ã -
åµé Intel Boot Guard ã¡ã«ããºã ããã€ãã¹ããŠãããžã¿ã«çœ²åã®æ€èšŒãè¡ããã«å€æŽããã UEFI ãã¡ãŒã ãŠã§ã¢ãããŒãããæ¹æ³ã
-
- ãã³ããŒã®æãã²ã©ãåå¿ (æãæäœãªãã³ããŒã®å¯Ÿå¿)ã èªç€Ÿè£œåã®è匱æ§ã«é¢ããã¡ãã»ãŒãžã«å¯Ÿããæãäžé©åãªå¯Ÿå¿ã«ããããŒããããŸãã åè
ã¯BitFiæå·é貚ãŠã©ã¬ããã®éçºè
ã§ã圌ãã¯èªç€Ÿè£œåã®è¶
ã»ãã¥ãªãã£ãå«ã³ãå®éã¯æ³åäžã®ãã®ã§ããããšãå€æããè匱æ§ãç¹å®ããç 究è
ã«å«ããããããåé¡ã®ç¹å®ã«å¯ŸããŠçŽæãããããŒãã¹ãæ¯æããªãã
ãã®è³ã®å¿åè ã®äžã«ã¯ã以äžã®ç¹ãèæ ®ãããŸããã
- ã»ãã¥ãªãã£ç 究è ã¯ãAtrient瀟ã®ãã£ã¬ã¯ã¿ãŒããèªèº«ãç¹å®ããè匱æ§ã«é¢ããã¬ããŒãã®åé€ã匷å¶ããããã«åœŒãæ»æãããšéé£ãããããã£ã¬ã¯ã¿ãŒã¯ãã®äºä»¶ãåŠå®ããŠãããç£èŠã«ã¡ã©ã«ã¯æ»æãèšé²ãããŠããªãã£ãã
- Zoomãé倧ãªåé¡ã®ä¿®æ£ãé
ããã
èåŒ±æ§ äŒè°ã·ã¹ãã ã§åé¡ãä¿®æ£ããå ¬éåŸã«ã®ã¿åé¡ãä¿®æ£ããŸããã ãã®è匱æ§ã«ãããå€éšã®æ»æè ã¯ããã©ãŠã¶ã§ç¹å¥ã«èšèšãããããŒãžãéãããšãã«ãmacOS ãŠãŒã¶ãŒã® Web ã«ã¡ã©ããããŒã¿ãååŸã§ããŸã (Zoom ã¯ãããŒã«ã« ã¢ããªã±ãŒã·ã§ã³ããã³ãã³ããåä¿¡ããã¯ã©ã€ã¢ã³ãåŽã§ http ãµãŒããŒãèµ·åããŸãã)ã - 10幎以äžç¯æ£ãæ ã£ãå Žå
åé¡ ã³ãŒããç¹å®ã® OCaml èšèªã§æžãããŠãããã¡ã³ãããªãã§æ®ãããŠãããšããäºå®ãåŒçšããŠãOpenPGP æå·åã㌠ãµãŒããŒã䜿çšããŠããŸãã
ãããŸã§ã§æãèªå€§å®£äŒãããè匱æ§ã«é¢ããçºè¡šã ã€ã³ã¿ãŒããããã¡ãã£ã¢äžã§ãç¹ã«è匱æ§ãæçµçã«å®éã«ã¯æªçšã§ããªãããšãå€æããå Žåã«ããã®åé¡ã«ã€ããŠæãåãã§å€§èŠæš¡ãªå ±éãè¡ã£ãå Žåã«æäžãããŸãã è³ã¯ãã«ãŒã ããŒã°ã«æäžãããŸãã
声æ Super Micro ããŒãå ã®ã¹ã〠ãããã®èå¥ã«ã€ããŠã¯ç¢ºèªãããŠããããåºå žã¯çµ¶å¯Ÿçã«ç€ºãããŠããŸããã®ä»ã®æ å ± .æšèŠã®äžã§èšåãããŠããïŒ
- libssh ã®è匱æ§
觊ãã åäžãµãŒã㌠ã¢ããªã±ãŒã·ã§ã³ (libssh ããµãŒããŒã«äœ¿çšãããããšã¯ã»ãšãã©ãããŸãã) ã§ãããNCC ã°ã«ãŒãã«ãã£ãŠãä»»æã® OpenSSH ãµãŒããŒãæ»æã§ããè匱æ§ãšããŠæ瀺ãããŸããã - DICOMç»åãå©çšããæ»æã éèŠãªã®ã¯ãæå¹ãª DICOM ã€ã¡ãŒãžã®ããã«èŠãã Windows çšã®å®è¡å¯èœãã¡ã€ã«ãæºåã§ããããšã§ãã ãã®ãã¡ã€ã«ã¯å»çæ©åšã«ããŠã³ããŒãããŠå®è¡ã§ããŸãã
- è匱æ§
ã¹ã©ã³ã°ãªãŒãã£ãã ããã«ãããCisco ããã€ã¹ã®ã»ãã¥ã¢ ããŒã ã¡ã«ããºã ããã€ãã¹ã§ããŸãã æ»æããã«ã¯ root æš©éãå¿ èŠãªããããã®è匱æ§ã¯å€§ãããªåé¡ãšããŠåé¡ãããŠããŸãããæ»æè ããã§ã« root ã¢ã¯ã»ã¹ãååŸã§ããŠããå Žåãã©ã®ãããªã»ãã¥ãªãã£ã«ã€ããŠè©±ãã°ããã®ã§ããããã ãã®è匱æ§ã¯ãFlash ã«æ°žç¶çãªããã¯ãã¢ãå°å ¥ã§ãããããæãéå°è©äŸ¡ãããŠããåé¡ã®ã«ããŽãªãŒã«ãéžã°ããŠããŸãã
- æ倧ã®å€±æ (æããšããã¯ã¯å€±æ)ã ãã®åå©ã¯ã倧ã
çã«èŠåºããä»ããªããäºå®ãã§ã£ã¡äžããæ
å ±æºã®é èœãé°è¬è«ãžã®é¥èœãããµã€ããŒå
µåšããªã©ã®çšèªã®äœ¿çšããããŠå®¹èªã§ããªãäžè¬åã䌎ãäžé£ã®ã»ã³ã»ãŒã·ã§ãã«ãªèšäºã«å¯ŸããŠãã«ãŒã ããŒã°ã«äžããããã ä»ã®åè£è
ã¯æ¬¡ã®ãšããã§ãã
- Asusãã¡ãŒã ãŠã§ã¢ã¢ããããŒããµãŒãã¹ã«å¯ŸããShadowhammeræ»æã
- ããããã³ã°äžå¯èœããšããŠå®£äŒãããŠãã BitFi ããŒã«ãããããã³ã°ããã
- å人æ
å ±ã®æŒæŽ©ãã
ããŒã¯ã³ Facebookã«ã¢ã¯ã»ã¹ããŸãã
åºæïŒ ãªãŒãã³ããã.ru