SlideShare a Scribd company logo

Cyber Grand Challenge及DEFCON 24 CTF决赛介绍

Ray Song
Ray Song

在SHLUG 2016年9月月度技术分享会上做的展示。 距离9月6日主办方Legitimate Business Syndicate发布2016 DEF CON CTF Final Scores已久,仍然没有公布源代码,不得已根据libmaru、Riatre等的逆向结果,再粗糙分析了一些。

Software
1 of 78
Download to read offline
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay https://maskray.me
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 1 Capture the Flag 2 Cyber Grand Challenge 3 CB, Poller, POV, IDS 4 Shellphish 的 CRS 5 DEFCON 24 CTF Finals 6 DEFCON 24 CTF CB 7 References
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 MaskRay 过期的算法竞赛 + 超算赛棍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 MaskRay 过期的算法竞赛 + 超算赛棍 发霉的运维 +FP 爱好者
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 MaskRay 过期的算法竞赛 + 超算赛棍 发霉的运维 +FP 爱好者 变质的四届 DEFCON CTF 酱油
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 两个竞赛 Cyber Grand Challenge (CGC) Final Event,8 月 4 日 DEFCON 24 Capture the Flag,8 月 5∼7 日
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag Capture the Flag 逆向技术, 协议分析, 网络嗅探, 密码破解, 计算机取证, 编程 Codegate CTF, DEFCON CTF, Hack.lu CTF, Plaid CTF, SECCON CTF, . . . 0CTF, BCTF, HCTF, L-CTF, XCTF, . . .
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag 形式 jeopardy,Online Judge
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag 形式 jeopardy,Online Judge attack-defense
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag 形式 jeopardy,Online Judge attack-defense Cyber Grand Challenge
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge Cyber Grand Challenge Cyber Reasoning System 寻找漏洞 修补漏洞 分析攻击 设置防火墙 利用漏洞 (exploit) 1280 cores, 16TB ram, 128 TB storage
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge CGC Qualifying Event 24 小时分析 126 个 challenge binary (CB) 产生让 CB 崩溃的交互 修补 CB,保留功能,性能也影响分数
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge DECREE 环境 修改的 Linux 3.13.0,32 位 x86 ELF -> CGC(可执行文件格式) allocate(mmap), deallocate(munmap), fdwait(select), random, receive(read), terminate(exit), transmit(write) SIGPIPE Ign,SIGSEGV SIGILL SIGBUS Core,其他 Term 禁用 address space layout randomization,禁用 non-executable stack CR4 寄存器禁用 performance monitoring center static linking, homebrew libc
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 CodeJitsu University of California, Berkeley BitBlaze Binary Analysis Platform: Vine(static analysis), TEMU(dynamic analysis), Rudder(symbolic execution)
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 ForAllSecure CMU 教授 David Brumley 發起的 startup,成员多来自 CyLab Binary Analysis Platform Plaid Parliament of Pwning 是其 undergraduate computer security research group。
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 TECHx GrammaTech & University of Virginia Technology Preventing Exploits of Software of Unknown Provenance
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 CSDS University of Idaho Jim Alves-Foss, Jia Song
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 DeepRed Raytheon
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 disekt University Of Georgia 2009 年成立 disekt CTF 战队
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 Shellphish University of California, Santa Barbara angr, a python framework for analyzing binaries. It focuses on both static and dynamic symbolic (”concolic”) analysis
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 CGC Final Event 96 轮 比赛开始时 CRS 接收 CB,每个 CB 以类似 socat tcp-l:9999 exec:cb 的形式提供服务 每轮为每个 (round, team, service) 产生分数,(∗, team, ∗) 和为该队伍累计分数
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 (round, team, service) score = 100 × availability × security × evaluation availability ∈ [0, 1],通过 poller 的比例和内存时间开销 security ∈ {1, 2},被其他 CRS 攻击成功? evaluation ∈ [1, 2],攻击其他 CRS
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 attack-defense CGC 题目数量 ∼6 82 challenge sets(CFE)/ 8(DEFCON CTF) 流量 主办方提供 tcpdump 自行在 1999/udp 接收 (服务编号, 连接号, 流 序号, 消息长度等) 平台 amd64, aarch64, mipsel, . . . DECREE 服务 可 ssh,替换服务文件 API 提交修补过的 可用性检测 主办方伪装成其他队伍 检测 平台测试提交的 CB 攻击方式 手工, 程序 提 交 proof-of- vulnerability flag 主办方每轮生成,服务 程序有权限读取的文件 magic page 填充随机值 防火墙 executable wrapper 类 snort 规则
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Challenge binary 题目用的可执行文件,特意设置了若干漏洞 分析、修补、利用 API 上传修补后的 CB static linking,手写 libc,鼓励每道题用不同 libc
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Poller generator 检测 CB 可用性 finite state automaton 每条边指定转移概率 每个顶点指定停止概率 Python 脚本指定各个顶点执行的操作,产生输入或输出 等
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS nodes: - name: start - name: top - name: endIt - name: printAirports - name: addAirport - name: deleteAirport - name: findRoutes edges: - start: top - top: printAirports - printAirports: top - top: addAirport - addAirport: top - top: deleteAirport - deleteAirport: top - top: findRoutes - findRoutes: top - top: endIt weight: .20
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Proof of vulnerability C 编写的 CGC 可执行文件 构建方式和 CB 相同 Type 1 & Type 2
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 1 vulnerability 控制 EIP 与 8 个 general purpose register 中任意一个
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 1 vulnerability 控制 EIP 与 8 个 general purpose register 中任意一个 如果证明能控制?
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 1 vulnerability 控制 EIP 与 8 个 general purpose register 中任意一个 如果证明能控制? Challenge response, POV 程序向平台宣称能控制寄存器 的特定 20 bits,平台指定 20 bits 的值
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 1 vulnerability 控制 EIP 与 8 个 general purpose register 中任意一个 如果证明能控制? Challenge response, POV 程序向平台宣称能控制寄存器 的特定 20 bits,平台指定 20 bits 的值 程序崩溃时两个寄存器的值与 challenge 匹配
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 2 vulnerability magic page CGC 可执行文件执行时,0x4347c000 处内核分配一页, 填充随机值 Challenge response,平台指定要输出 magic page 指定区 间内的 4 字节 POV 程序设法获取
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Intrusion detection system (IDS) 防火墙规则 可以阻挡攻击,也可能误伤 poller generator domain-specific language
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Proof of vulnerability (POV) C 编写的 CGC 可执行文件 构建方式和 CB 相同 Type 1 & Type 2
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Oracle Input: CB, POV, IDS Output: score, packet captures, others’ CB & IDS 可以下载其他队伍的 CB 和 IDS
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Shellphish 的 CRS 实 https://github.com/mechaphish angr: binary loader + static analysis (control-flow graph, data-flow analysis, value-set analysis) + symbolic execution Driller: fuzzying with selective symbolic execution (American fuzzy lop + angr) patcherex: extended malloc, protect indirect call/jmp, return pointer encryption, randomly shift the stack, stack canary, backdoor, . . . database ORM model, qemu, scheduler, POV simulator, API interaction, . . .
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Shellphish 的 CRS 计 82 Challenge Sets 2442 exploits generated longest exploit: 3791 lines of C code shortest exploit: 226 lines of C code
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals DEFCON 24 CTF Finals CTF 届世界杯 Las Vegas,8 月 5∼7 日
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals b1o0p blue-lotus + 0ops = b1o0p blue-lotus 成立于清华大学网络与信息安全实验室,是中 国首支入围 DEFCON CTF 全球决赛的战队 上海交通大学 0ops 成立于 2013 年,成员主要来自于计 算机系密码学与计算机安全实验室、信息安全工程学院 等,大陆首支国际 CTF 赛事冠军战队,2015 年 ctftime 排名第 3。
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 果 PPP 第一,b1o0p 第二,DEFKOR 第三
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 果 PPP 第一,b1o0p 第二,DEFKOR 第三 奖品 = null
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 果 PPP 第一,b1o0p 第二,DEFKOR 第三 奖品 = null 不是我军无能,而是敌人太狡猾
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 我军 neoni,BinDiff,找出修补 CB 与原 CB 差异 azure.kdays.cn,F.L.I.R.T signatures、executable loader hen,反汇编工具 小花椒,可执行文件修补工具、流量分析重放 . . . libmaru,网络环境、主办方平台监控发送到 slack yu4fn、firesun、BrieflyX 等,team interface 网站 MaskRay,PCAP 搜索、packet captures、POV 检测
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 Mayhem ForAllSecure 的 Cyber Reasoning System
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 Mayhem ForAllSecure 的 Cyber Reasoning System DEFCON CTF 与 CGC 平台不一致,比赛前两天收到的 流量有问题
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 Mayhem ForAllSecure 的 Cyber Reasoning System DEFCON CTF 与 CGC 平台不一致,比赛前两天收到的 流量有问题 没能公平的较量实属遗憾
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 Mayhem ForAllSecure 的 Cyber Reasoning System DEFCON CTF 与 CGC 平台不一致,比赛前两天收到的 流量有问题 没能公平的较量实属遗憾 8 题做出 7 题应该不实,一题往往藏有数个漏洞。所有可 执行文件都经过 binary recompiler,MaskRay 喵逆向不来
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 PPP DEFCON 21,22,24 CTF 第一,2011、2013、2015 ctftime 第一
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 PPP DEFCON 21,22,24 CTF 第一,2011、2013、2015 ctftime 第一 geohot 和 Ricky Zhou 为代表的 Pwn 机
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 PPP DEFCON 21,22,24 CTF 第一,2011、2013、2015 ctftime 第一 geohot 和 Ricky Zhou 为代表的 Pwn 机 参与 Mayhem 开发的 ForAllSecure 成员
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 PPP DEFCON 21,22,24 CTF 第一,2011、2013、2015 ctftime 第一 geohot 和 Ricky Zhou 为代表的 Pwn 机 参与 Mayhem 开发的 ForAllSecure 成员 binary recompiler,Shellphish、binja 等也有
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 DEFKOR 韩国梦之队,Best of Best 计划学生
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 DEFKOR 韩国梦之队,Best of Best 计划学生 Jung Hoon Lee(lokihardt),Pwn2Own 2015 攻破 IE 11 Chrome Safari
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 DEFKOR 韩国梦之队,Best of Best 计划学生 Jung Hoon Lee(lokihardt),Pwn2Own 2015 攻破 IE 11 Chrome Safari DEFCON 23 CTF 第一
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 LCBC 俄罗斯,Yellowstone Yachtsclub of Yawning
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 LCBC 俄罗斯,Yellowstone Yachtsclub of Yawning OpenCTF 2016, 0CTF 2016 第一
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 HITCON 大量 ICPC 选手:peter50216, Shik, seanwu, david942j
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 HITCON 大量 ICPC 选手:peter50216, Shik, seanwu, david942j Orange Tsai,找出过 Facebook, Uber, Yahoo 多家大厂漏 洞
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF CB 实战 https://github.com/MaskRay/ 2016-09-24-cgc-defcon-ctf-presentation
Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 References References Cyber Grand Challenge 簡介 從 HITCON 駭客戰隊挑戰美國 CGC 天網機器人探討自 動攻防技術發展 Cyber Grand Shellphish A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge 机器的黎明–第 24 届 DEF CON CTF 总决赛亚军队员访 谈

Recommended

PyConPL 2017 - with python: security
PyConPL 2017 - with python: securityPyConPL 2017 - with python: security
PyConPL 2017 - with python: security
Piotr Dyba
 
Grincon U.S. 2019 Grin Security Audit Results
Grincon U.S. 2019 Grin Security Audit ResultsGrincon U.S. 2019 Grin Security Audit Results
Grincon U.S. 2019 Grin Security Audit Results
Karen Hsu
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...
Priyanka Aash
 
Dev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and ComplianceDev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and Compliance
Yi-Feng Tzeng
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
Secview
 
Severless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board APISeverless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board API
Yi-Feng Tzeng
 
Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試
Secview
 
De invloed van "cloud" op het dreigingslanschap
De invloed van "cloud" op het dreigingslanschapDe invloed van "cloud" op het dreigingslanschap
De invloed van "cloud" op het dreigingslanschap
Frank Breedijk
 

Recommended

PyConPL 2017 - with python: security
PyConPL 2017 - with python: securityPyConPL 2017 - with python: security
PyConPL 2017 - with python: security
Piotr Dyba
 
Grincon U.S. 2019 Grin Security Audit Results
Grincon U.S. 2019 Grin Security Audit ResultsGrincon U.S. 2019 Grin Security Audit Results
Grincon U.S. 2019 Grin Security Audit Results
Karen Hsu
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...
Priyanka Aash
 
Dev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and ComplianceDev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and Compliance
Yi-Feng Tzeng
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
Secview
 
Severless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board APISeverless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board API
Yi-Feng Tzeng
 
Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試
Secview
 
De invloed van "cloud" op het dreigingslanschap
De invloed van "cloud" op het dreigingslanschapDe invloed van "cloud" op het dreigingslanschap
De invloed van "cloud" op het dreigingslanschap
Frank Breedijk
 
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
CODE BLUE
 
Mechanical phish
Mechanical phishMechanical phish
Mechanical phish
Debdeep Banerjee
 
Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...
Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...
Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...
Tim Vidas
 
Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...
Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...
Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...
Grigori Fursin
 
Next Stop, Android
Next Stop, AndroidNext Stop, Android
Next Stop, Android
National Cheng Kung University
 
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
Marina Krotofil
 
Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)
ITCamp
 
Unit testing on Android (Droidcon Dubai 2015)
Unit testing on Android (Droidcon Dubai 2015)Unit testing on Android (Droidcon Dubai 2015)
Unit testing on Android (Droidcon Dubai 2015)
Danny Preussler
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE - ATT&CKcon
 
Kernel Recipes 2013 - Overview display in the Linux kernel
Kernel Recipes 2013 - Overview display in the Linux kernelKernel Recipes 2013 - Overview display in the Linux kernel
Kernel Recipes 2013 - Overview display in the Linux kernel
Anne Nicolas
 
Android RenderScript on LLVM
Android RenderScript on LLVMAndroid RenderScript on LLVM
Android RenderScript on LLVM
John Lee
 
Upgrading_your_microservices_to_next_level_v1.0.pdf
Upgrading_your_microservices_to_next_level_v1.0.pdfUpgrading_your_microservices_to_next_level_v1.0.pdf
Upgrading_your_microservices_to_next_level_v1.0.pdf
VladimirRadzivil
 
Cgc2
Cgc2Cgc2
Cgc2
Chong-Kuan Chen
 
Build Programming Language Runtime with LLVM
Build Programming Language Runtime with LLVMBuild Programming Language Runtime with LLVM
Build Programming Language Runtime with LLVM
National Cheng Kung University
 
Cvpr2010 open source vision software, intro and training part v open cv and r...
Cvpr2010 open source vision software, intro and training part v open cv and r...Cvpr2010 open source vision software, intro and training part v open cv and r...
Cvpr2010 open source vision software, intro and training part v open cv and r...
zukun
 
Kotlin Backend Development 6 Yrs Recap. The Good, the Bad and the Ugly
Kotlin Backend Development 6 Yrs Recap. The Good, the Bad and the UglyKotlin Backend Development 6 Yrs Recap. The Good, the Bad and the Ugly
Kotlin Backend Development 6 Yrs Recap. The Good, the Bad and the Ugly
Haim Yadid
 
C++ exception handling
C++ exception handlingC++ exception handling
C++ exception handling
Ray Song
 
RISC-V Linker Relaxation and LLD
RISC-V Linker Relaxation and LLDRISC-V Linker Relaxation and LLD
RISC-V Linker Relaxation and LLD
Ray Song
 
gcov和clang中的实现
gcov和clang中的实现gcov和clang中的实现
gcov和clang中的实现
Ray Song
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCy
Ray Song
 
OI算法竞赛中树形数据结构
OI算法竞赛中树形数据结构OI算法竞赛中树形数据结构
OI算法竞赛中树形数据结构
Ray Song
 
Implementing a Simple Interpreter
Implementing a Simple InterpreterImplementing a Simple Interpreter
Implementing a Simple Interpreter
Ray Song
 

More Related Content

Similar to Cyber Grand Challenge及DEFCON 24 CTF决赛介绍

[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
CODE BLUE
 
Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...
Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...
Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...
Tim Vidas
 
Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...
Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...
Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...
Grigori Fursin
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE - ATT&CKcon
 
Cvpr2010 open source vision software, intro and training part v open cv and r...
Cvpr2010 open source vision software, intro and training part v open cv and r...Cvpr2010 open source vision software, intro and training part v open cv and r...
Cvpr2010 open source vision software, intro and training part v open cv and r...
zukun
 

Similar to Cyber Grand Challenge及DEFCON 24 CTF决赛介绍 (16)

[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
 
Mechanical phish
Mechanical phishMechanical phish
Mechanical phish
 
Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...
Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...
Cyber Security Forum: DARPA's Cyber Grand Challenge. What Happened and What'...
 
Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...
Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...
Adapting to a Cambrian AI/SW/HW explosion with open co-design competitions an...
 
Next Stop, Android
Next Stop, AndroidNext Stop, Android
Next Stop, Android
 
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
 
Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)
 
Unit testing on Android (Droidcon Dubai 2015)
Unit testing on Android (Droidcon Dubai 2015)Unit testing on Android (Droidcon Dubai 2015)
Unit testing on Android (Droidcon Dubai 2015)
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
 
Kernel Recipes 2013 - Overview display in the Linux kernel
Kernel Recipes 2013 - Overview display in the Linux kernelKernel Recipes 2013 - Overview display in the Linux kernel
Kernel Recipes 2013 - Overview display in the Linux kernel
 
Android RenderScript on LLVM
Android RenderScript on LLVMAndroid RenderScript on LLVM
Android RenderScript on LLVM
 
Upgrading_your_microservices_to_next_level_v1.0.pdf
Upgrading_your_microservices_to_next_level_v1.0.pdfUpgrading_your_microservices_to_next_level_v1.0.pdf
Upgrading_your_microservices_to_next_level_v1.0.pdf
 
Cgc2
Cgc2Cgc2
Cgc2
 
Build Programming Language Runtime with LLVM
Build Programming Language Runtime with LLVMBuild Programming Language Runtime with LLVM
Build Programming Language Runtime with LLVM
 
Cvpr2010 open source vision software, intro and training part v open cv and r...
Cvpr2010 open source vision software, intro and training part v open cv and r...Cvpr2010 open source vision software, intro and training part v open cv and r...
Cvpr2010 open source vision software, intro and training part v open cv and r...
 
Kotlin Backend Development 6 Yrs Recap. The Good, the Bad and the Ugly
Kotlin Backend Development 6 Yrs Recap. The Good, the Bad and the UglyKotlin Backend Development 6 Yrs Recap. The Good, the Bad and the Ugly
Kotlin Backend Development 6 Yrs Recap. The Good, the Bad and the Ugly
 

More from Ray Song

More from Ray Song (9)

C++ exception handling
C++ exception handlingC++ exception handling
C++ exception handling
 
RISC-V Linker Relaxation and LLD
RISC-V Linker Relaxation and LLDRISC-V Linker Relaxation and LLD
RISC-V Linker Relaxation and LLD
 
gcov和clang中的实现
gcov和clang中的实现gcov和clang中的实现
gcov和clang中的实现
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCy
 
OI算法竞赛中树形数据结构
OI算法竞赛中树形数据结构OI算法竞赛中树形数据结构
OI算法竞赛中树形数据结构
 
Implementing a Simple Interpreter
Implementing a Simple InterpreterImplementing a Simple Interpreter
Implementing a Simple Interpreter
 
2011年信息学竞赛冬令营《星际探险》
2011年信息学竞赛冬令营《星际探险》2011年信息学竞赛冬令营《星际探险》
2011年信息学竞赛冬令营《星际探险》
 
8门编程语言的设计思考
8门编程语言的设计思考8门编程语言的设计思考
8门编程语言的设计思考
 
Introduction to makefile
Introduction to makefileIntroduction to makefile
Introduction to makefile
 

Recently uploaded

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 

Recently uploaded (20)

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 

Cyber Grand Challenge及DEFCON 24 CTF决赛介绍

  • 1. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay https://maskray.me
  • 2. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 1 Capture the Flag 2 Cyber Grand Challenge 3 CB, Poller, POV, IDS 4 Shellphish 的 CRS 5 DEFCON 24 CTF Finals 6 DEFCON 24 CTF CB 7 References
  • 3. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 MaskRay 过期的算法竞赛 + 超算赛棍
  • 4. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 MaskRay 过期的算法竞赛 + 超算赛棍 发霉的运维 +FP 爱好者
  • 5. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 MaskRay 过期的算法竞赛 + 超算赛棍 发霉的运维 +FP 爱好者 变质的四届 DEFCON CTF 酱油
  • 6. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 两个竞赛 Cyber Grand Challenge (CGC) Final Event,8 月 4 日 DEFCON 24 Capture the Flag,8 月 5∼7 日
  • 7. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag Capture the Flag 逆向技术, 协议分析, 网络嗅探, 密码破解, 计算机取证, 编程 Codegate CTF, DEFCON CTF, Hack.lu CTF, Plaid CTF, SECCON CTF, . . . 0CTF, BCTF, HCTF, L-CTF, XCTF, . . .
  • 8. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag 形式 jeopardy,Online Judge
  • 9. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag 形式 jeopardy,Online Judge attack-defense
  • 10. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag 形式 jeopardy,Online Judge attack-defense Cyber Grand Challenge
  • 11. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Capture the Flag
  • 12. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge Cyber Grand Challenge Cyber Reasoning System 寻找漏洞 修补漏洞 分析攻击 设置防火墙 利用漏洞 (exploit) 1280 cores, 16TB ram, 128 TB storage
  • 13. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge
  • 14. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge CGC Qualifying Event 24 小时分析 126 个 challenge binary (CB) 产生让 CB 崩溃的交互 修补 CB,保留功能,性能也影响分数
  • 15. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge DECREE 环境 修改的 Linux 3.13.0,32 位 x86 ELF -> CGC(可执行文件格式) allocate(mmap), deallocate(munmap), fdwait(select), random, receive(read), terminate(exit), transmit(write) SIGPIPE Ign,SIGSEGV SIGILL SIGBUS Core,其他 Term 禁用 address space layout randomization,禁用 non-executable stack CR4 寄存器禁用 performance monitoring center static linking, homebrew libc
  • 16. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 CodeJitsu University of California, Berkeley BitBlaze Binary Analysis Platform: Vine(static analysis), TEMU(dynamic analysis), Rudder(symbolic execution)
  • 17. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
  • 18. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 ForAllSecure CMU 教授 David Brumley 發起的 startup,成员多来自 CyLab Binary Analysis Platform Plaid Parliament of Pwning 是其 undergraduate computer security research group。
  • 19. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
  • 20. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 TECHx GrammaTech & University of Virginia Technology Preventing Exploits of Software of Unknown Provenance
  • 21. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
  • 22. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 CSDS University of Idaho Jim Alves-Foss, Jia Song
  • 23. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
  • 24. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 DeepRed Raytheon
  • 25. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
  • 26. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 disekt University Of Georgia 2009 年成立 disekt CTF 战队
  • 27. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
  • 28. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 Shellphish University of California, Santa Barbara angr, a python framework for analyzing binaries. It focuses on both static and dynamic symbolic (”concolic”) analysis
  • 29. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
  • 30. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
  • 31. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 CGC Final Event 96 轮 比赛开始时 CRS 接收 CB,每个 CB 以类似 socat tcp-l:9999 exec:cb 的形式提供服务 每轮为每个 (round, team, service) 产生分数,(∗, team, ∗) 和为该队伍累计分数
  • 32. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍
  • 33. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 (round, team, service) score = 100 × availability × security × evaluation availability ∈ [0, 1],通过 poller 的比例和内存时间开销 security ∈ {1, 2},被其他 CRS 攻击成功? evaluation ∈ [1, 2],攻击其他 CRS
  • 34. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Cyber Grand Challenge 入围队伍 attack-defense CGC 题目数量 ∼6 82 challenge sets(CFE)/ 8(DEFCON CTF) 流量 主办方提供 tcpdump 自行在 1999/udp 接收 (服务编号, 连接号, 流 序号, 消息长度等) 平台 amd64, aarch64, mipsel, . . . DECREE 服务 可 ssh,替换服务文件 API 提交修补过的 可用性检测 主办方伪装成其他队伍 检测 平台测试提交的 CB 攻击方式 手工, 程序 提 交 proof-of- vulnerability flag 主办方每轮生成,服务 程序有权限读取的文件 magic page 填充随机值 防火墙 executable wrapper 类 snort 规则
  • 35. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Challenge binary 题目用的可执行文件,特意设置了若干漏洞 分析、修补、利用 API 上传修补后的 CB static linking,手写 libc,鼓励每道题用不同 libc
  • 36. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Poller generator 检测 CB 可用性 finite state automaton 每条边指定转移概率 每个顶点指定停止概率 Python 脚本指定各个顶点执行的操作,产生输入或输出 等
  • 37. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS nodes: - name: start - name: top - name: endIt - name: printAirports - name: addAirport - name: deleteAirport - name: findRoutes edges: - start: top - top: printAirports - printAirports: top - top: addAirport - addAirport: top - top: deleteAirport - deleteAirport: top - top: findRoutes - findRoutes: top - top: endIt weight: .20
  • 38. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Proof of vulnerability C 编写的 CGC 可执行文件 构建方式和 CB 相同 Type 1 & Type 2
  • 39. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 1 vulnerability 控制 EIP 与 8 个 general purpose register 中任意一个
  • 40. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 1 vulnerability 控制 EIP 与 8 个 general purpose register 中任意一个 如果证明能控制?
  • 41. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 1 vulnerability 控制 EIP 与 8 个 general purpose register 中任意一个 如果证明能控制? Challenge response, POV 程序向平台宣称能控制寄存器 的特定 20 bits,平台指定 20 bits 的值
  • 42. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 1 vulnerability 控制 EIP 与 8 个 general purpose register 中任意一个 如果证明能控制? Challenge response, POV 程序向平台宣称能控制寄存器 的特定 20 bits,平台指定 20 bits 的值 程序崩溃时两个寄存器的值与 challenge 匹配
  • 43. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Type 2 vulnerability magic page CGC 可执行文件执行时,0x4347c000 处内核分配一页, 填充随机值 Challenge response,平台指定要输出 magic page 指定区 间内的 4 字节 POV 程序设法获取
  • 44. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Intrusion detection system (IDS) 防火墙规则 可以阻挡攻击,也可能误伤 poller generator domain-specific language
  • 45. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Proof of vulnerability (POV) C 编写的 CGC 可执行文件 构建方式和 CB 相同 Type 1 & Type 2
  • 46. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 CB, Poller, POV, IDS Oracle Input: CB, POV, IDS Output: score, packet captures, others’ CB & IDS 可以下载其他队伍的 CB 和 IDS
  • 47. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Shellphish 的 CRS 实 https://github.com/mechaphish angr: binary loader + static analysis (control-flow graph, data-flow analysis, value-set analysis) + symbolic execution Driller: fuzzying with selective symbolic execution (American fuzzy lop + angr) patcherex: extended malloc, protect indirect call/jmp, return pointer encryption, randomly shift the stack, stack canary, backdoor, . . . database ORM model, qemu, scheduler, POV simulator, API interaction, . . .
  • 48. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 Shellphish 的 CRS 计 82 Challenge Sets 2442 exploits generated longest exploit: 3791 lines of C code shortest exploit: 226 lines of C code
  • 49. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals DEFCON 24 CTF Finals CTF 届世界杯 Las Vegas,8 月 5∼7 日
  • 50. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals
  • 51. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals b1o0p blue-lotus + 0ops = b1o0p blue-lotus 成立于清华大学网络与信息安全实验室,是中 国首支入围 DEFCON CTF 全球决赛的战队 上海交通大学 0ops 成立于 2013 年,成员主要来自于计 算机系密码学与计算机安全实验室、信息安全工程学院 等,大陆首支国际 CTF 赛事冠军战队,2015 年 ctftime 排名第 3。
  • 52. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals
  • 53. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals
  • 54. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 果 PPP 第一,b1o0p 第二,DEFKOR 第三
  • 55. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 果 PPP 第一,b1o0p 第二,DEFKOR 第三 奖品 = null
  • 56. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 果 PPP 第一,b1o0p 第二,DEFKOR 第三 奖品 = null 不是我军无能,而是敌人太狡猾
  • 57. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 我军 neoni,BinDiff,找出修补 CB 与原 CB 差异 azure.kdays.cn,F.L.I.R.T signatures、executable loader hen,反汇编工具 小花椒,可执行文件修补工具、流量分析重放 . . . libmaru,网络环境、主办方平台监控发送到 slack yu4fn、firesun、BrieflyX 等,team interface 网站 MaskRay,PCAP 搜索、packet captures、POV 检测
  • 58. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 Mayhem ForAllSecure 的 Cyber Reasoning System
  • 59. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 Mayhem ForAllSecure 的 Cyber Reasoning System DEFCON CTF 与 CGC 平台不一致,比赛前两天收到的 流量有问题
  • 60. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 Mayhem ForAllSecure 的 Cyber Reasoning System DEFCON CTF 与 CGC 平台不一致,比赛前两天收到的 流量有问题 没能公平的较量实属遗憾
  • 61. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 Mayhem ForAllSecure 的 Cyber Reasoning System DEFCON CTF 与 CGC 平台不一致,比赛前两天收到的 流量有问题 没能公平的较量实属遗憾 8 题做出 7 题应该不实,一题往往藏有数个漏洞。所有可 执行文件都经过 binary recompiler,MaskRay 喵逆向不来
  • 62. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍
  • 63. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍
  • 64. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 PPP DEFCON 21,22,24 CTF 第一,2011、2013、2015 ctftime 第一
  • 65. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 PPP DEFCON 21,22,24 CTF 第一,2011、2013、2015 ctftime 第一 geohot 和 Ricky Zhou 为代表的 Pwn 机
  • 66. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 PPP DEFCON 21,22,24 CTF 第一,2011、2013、2015 ctftime 第一 geohot 和 Ricky Zhou 为代表的 Pwn 机 参与 Mayhem 开发的 ForAllSecure 成员
  • 67. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 PPP DEFCON 21,22,24 CTF 第一,2011、2013、2015 ctftime 第一 geohot 和 Ricky Zhou 为代表的 Pwn 机 参与 Mayhem 开发的 ForAllSecure 成员 binary recompiler,Shellphish、binja 等也有
  • 68. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍
  • 69. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍
  • 70. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 DEFKOR 韩国梦之队,Best of Best 计划学生
  • 71. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 DEFKOR 韩国梦之队,Best of Best 计划学生 Jung Hoon Lee(lokihardt),Pwn2Own 2015 攻破 IE 11 Chrome Safari
  • 72. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 DEFKOR 韩国梦之队,Best of Best 计划学生 Jung Hoon Lee(lokihardt),Pwn2Own 2015 攻破 IE 11 Chrome Safari DEFCON 23 CTF 第一
  • 73. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 LCBC 俄罗斯,Yellowstone Yachtsclub of Yawning
  • 74. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 LCBC 俄罗斯,Yellowstone Yachtsclub of Yawning OpenCTF 2016, 0CTF 2016 第一
  • 75. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 HITCON 大量 ICPC 选手:peter50216, Shik, seanwu, david942j
  • 76. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF Finals 参赛队伍 HITCON 大量 ICPC 选手:peter50216, Shik, seanwu, david942j Orange Tsai,找出过 Facebook, Uber, Yahoo 多家大厂漏 洞
  • 77. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 DEFCON 24 CTF CB 实战 https://github.com/MaskRay/ 2016-09-24-cgc-defcon-ctf-presentation
  • 78. Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 宋方睿 MaskRay Capture the Flag Cyber Grand Challenge 入围队伍 CB, Poller, POV, IDS Shellphish 的 CRS DEFCON 24 CTF Finals 参赛队伍 DEFCON 24 CTF CB References Rise of the Machines: Cyber Grand Challenge 及 DEFCON 24 CTF 决赛介绍 References References Cyber Grand Challenge 簡介 從 HITCON 駭客戰隊挑戰美國 CGC 天網機器人探討自 動攻防技術發展 Cyber Grand Shellphish A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge 机器的黎明–第 24 届 DEF CON CTF 总决赛亚军队员访 谈