SlideShare a Scribd company logo
BBuugg--hhuunntteerr’’ss
JJooyy
Masato	
  Kinugawa	
  
Name Masato Kinugawa
Nationality Japanese(maybe)
Hobby Listening Music and XSS
Profession BBuugg--hhuunntteerr
FFiirrsstt
BBuugg--HHuunntteerr’’ss LLiiffee aanndd
BBoouunnttyy PPrrooggrraamm
SSeeccoonndd DDeelliigghhttffuull BBuuggss
TThhiirrdd
TThhee rreeaassoonnss wwhhyy II
bbeeccaammee BBuugg--hhuunntteerr
BBuugg--hhuunntteerr’’ss LLiiffee aanndd
BBoouunnttyy PPrrooggrraamm
Workplace Home
Working
Hours
Any time I want
Work Finding Security Bugs
Income BBuugg BBoouunnttyy
➡Does it make enough money to live?
2277113355334466 ((JJPPYY))
$$114422772233
(($$11 == 112200 JJPPYY))
2277113355334466 ((JJPPYY))
$$114422772233
(($$11 == 112200 JJPPYY))
((iinn OOccttaall ddiiggiittss))
! GGooooggllee launched in 2010
! Followed by MMaannyy CCoommppaanniieess
! GGooooggllee VVulnerability RReward PProgram
! 1 bug = $100~20,000
$$113300,,880033..77
TToottaall BBoouunnttiieess
NNuummbbeerr ooff bbuuggss rreeppoorrtteedd
112277((119911 including duplicated and/or not rewarded ones)
EEvveenn mmoorree mmoottiivvaatteedd bbyy tthhee
iinnccrreeaasseedd bboouunnttyy rraatteess!!$	
  
II aamm aaccttuuaallllyy nniigghhtt oowwll……
! QQuuiicckk RReeppoossee since the program is
launched.
! CCoonnssiiddeerr NOT ONLY seriousness, but also
tthhee lleevveell ooff ““iinntteerreessttiinngg””,, ooff tthhee bbuugg..
! Require only ssiimmppllee eexxppllaannaattiioonn ttoo hhaavvee
tthheemm uunnddeerrssttaanndd tthhee pprroobblleemm..
! PPrroovviiddee ffuunn to the reporters.
! TThhee MMoosstt IImmppoorrttaanntt DDoommaaiinn ooff GGooooggllee
! Bounty was $$55,,000000 (Exceeds the regulated maximum
amount at that time)
https://accounts.google.com/example?oe=utf-‐‑‒32	
  
HTTP/1.1	
  200	
  OK	
  
Alternate-‐‑‒Protocol:	
  443:quic,p=0.01	
  
Cache-‐‑‒Control:	
  private,	
  max-‐‑‒age=0	
  
Content-‐‑‒Encoding:	
  gzip	
  
Content-‐‑‒Type:	
  text/html;	
  charset=UTF-‐‑‒32	
  
...	
  
! Character Code can be set by URL
! UUTTFF--3322 was able to be set
∀㸀㸀㰀㰀script㸀㸀alert(1)㰀㰀/script㸀㸀�
➊➊ AArrrraayy ooff tthhee BByytteess
❷❷
CChhaarraacctteerr CCooddee ooff tthhee
PPaaggee
❸❸ HHaannddlliinngg 00xx0000 CChhaarraacctteerrss
00	
  00	
  22	
  00	
  00	
  00	
  3E	
  00	
  00	
  00	
  3C	
  00	
  
00	
  00	
  00	
  73	
  00	
  00	
  00	
  63	
  00	
  00	
  00	
  72	
  
00	
  00	
  00	
  69	
  00	
  00	
  00	
  70	
  00	
  00	
  00	
  74	
  
00	
  00	
  3E	
  00	
  00	
  00	
  00	
  61	
  00	
  00	
  00	
  6C	
  
00	
  00	
  00	
  65	
  00	
  00	
  00	
  72	
  00	
  00	
  00	
  74	
  
00	
  00	
  00	
  28	
  00	
  00	
  00	
  31	
  00	
  00	
  00	
  29	
  
00	
  00	
  3C	
  00	
  00	
  00	
  00	
  2F	
  00	
  00	
  00	
  73	
  
00	
  00	
  00	
  63	
  00	
  00	
  00	
  72	
  00	
  00	
  00	
  69	
  
00	
  00	
  00	
  70	
  00	
  00	
  00	
  74	
  00	
  00	
  3E	
  00	
  
∀㸀㸀㰀㰀�
s  c    r�
i    p    t�
㸀㸀a    l�
e  r    t�
(  1    )�
㰀㰀/    s�
c  r    i�
p  t  㸀㸀�
In UTF-32, 1 character requires 4 bytes
➊�
IE	
  does	
  not	
  support	
  UTF-‐‑‒32	
  
	
  ➡Character	
  Code	
  shall	
  be	
  “recognized”	
  to	
  be	
  
something	
  
00	
  00	
  22	
  00	
  00	
  00	
  3E	
  00	
  00	
  00	
  3C	
  00	
  
00	
  00	
  00	
  73	
  00	
  00	
  00	
  63	
  00	
  00	
  00	
  72	
  
00	
  00	
  00	
  69	
  00	
  00	
  00	
  70	
  00	
  00	
  00	
  74	
  
00	
  00	
  3E	
  00	
  00	
  00	
  00	
  61	
  00	
  00	
  00	
  6C	
  
00	
  00	
  00	
  65	
  00	
  00	
  00	
  72	
  00	
  00	
  00	
  74	
  
00	
  00	
  00	
  28	
  00	
  00	
  00	
  31	
  00	
  00	
  00	
  29	
  
00	
  00	
  3C	
  00	
  00	
  00	
  00	
  2F	
  00	
  00	
  00	
  73	
  
00	
  00	
  00	
  63	
  00	
  00	
  00	
  72	
  00	
  00	
  00	
  69	
  
00	
  00	
  00	
  70	
  00	
  00	
  00	
  74	
  00	
  00	
  3E	
  00	
  
∀㸀㸀㰀㰀�
s  c    r�
i    p    t�
㸀㸀a    l�
e  r    t�
(  1    )�
㰀㰀/    s�
c  r    i�
p  t  㸀㸀�
❷
This “super great” web site provides the support
status of character codes, of all web browser
http://l0.cm/encodings/table/
IE(<=9) ignores the characters
➡the “00” are uunnddeerrssttoooodd aass nnootthhiinngg..
00	
  00	
  22	
  00	
  00	
  00	
  3E	
  00	
  00	
  00	
  3C	
  00	
  
00	
  00	
  00	
  73	
  00	
  00	
  00	
  63	
  00	
  00	
  00	
  72	
  
00	
  00	
  00	
  69	
  00	
  00	
  00	
  70	
  00	
  00	
  00	
  74	
  
00	
  00	
  3E	
  00	
  00	
  00	
  00	
  61	
  00	
  00	
  00	
  6C	
  
00	
  00	
  00	
  65	
  00	
  00	
  00	
  72	
  00	
  00	
  00	
  74	
  
00	
  00	
  00	
  28	
  00	
  00	
  00	
  31	
  00	
  00	
  00	
  29	
  
00	
  00	
  3C	
  00	
  00	
  00	
  00	
  2F	
  00	
  00	
  00	
  73	
  
00	
  00	
  00	
  63	
  00	
  00	
  00	
  72	
  00	
  00	
  00	
  69	
  
00	
  00	
  00	
  70	
  00	
  00	
  00	
  74	
  00	
  00	
  3E	
  00	
  
�  >  ��
s  c    r�
i    p  t�
>  a  l�
e  r    t�
(  1    )�
�  /  s�
c  r    i�
p  t  >�
❸
Message from the web page
Seek browser and plug-in bugs also
������1�������
������1�������
������1�������
������1�������
������1�������
������1����1��
������1��1����
������11������
������1�������
������1�������
������1��1����
������1����1��
������1���1���
������1�������������11������
������11������
������1����1��
������1�����1�
������1�������
������1�������
������1����1��
������1�������
������1�������
������1�������
������1�������
������1�������
! 2288..77%% of total number of bugs I reported
! TThhee 8877%% ooff tthheemm aarree wwiitthh IIEE
! Take longer to fix
! Even if it is fixed, it is NOT likely to applied to
the different IE version.
Something is required at the Web
service level
Therefore
location.href is aa mmeetthhoodd ttoo ggeett tthhee UURRLL ooff
tthhee ppaaggee by JavaScript
http://example.com/
http://example.com/
location.href
http://evil%2F@eexxaammppllee..ccoomm/
location.href is
http://eevviill/@example.com/
The URL part before @ is aauuttoommaattiiccaallllyy ddeeccooddeedd!!
➡IItt ggeenneerraatteess UURRLL ppooiinnttss ttoo eexxtteerrnnaall WWeebb ssiittee
AAllll ccooddeess iinncclluuddee llooccaattiioonn..hhrreeff ppooiinnttiinngg ttoo
sseellff--ddoommaaiinn aarree ppootteennttiiaallllyy vvuullnneerraabbllee
Added characters before “@”, then checked
any web pages if it send request to the
external sites
Therefore
http://evil%2F@www.youtube.com/	
  
! Found ffaattaall bbuugg, at same time
! Exist in feed:// URL that represents RSS
! Can extract unrelated feed to any domain
by ccuussttoommiizziinngg the part of URL before @.
! Put the scripts in the unrelated feeds,
XSS works on the extracted domain
WWee ccaann eennffoorrccee XXSSSS oonn aannyy wweebb ssiitteess
\\((^^oo^^))// yyeeaahh☆☆
therefore
In feed:// URL, characters which can run
scripts are restricted.
(=Blacklist)
It is easy; jjuusstt ppaassssiinngg tthhrroouugghh tthhee
bbllaacckklliisstt!
Things to do
<a href="javascript:alert(1)">XSS</a>
<a>XSS</a>
FFiinndd oouutt tthhee cchhaarraacctteerrss wwhhiicchh ccaann ppaassss tthhrroouugghh
bbaasseedd oonn tthhee cchhaarraacctteerr rreemmoovvaall ppaatttteerrnn
BBeeeeppiinngg!!
<svg>

<a xmlns:xlink="http://www.w3.org/1999/xlink"

xxlliinnkk::hhrreeff==""jjaavvaassccrriipptt::aalleerrtt((11))"">

<rect width="1000" height="1000" />

</a>

</svg> SSiilleennccee……
feed://l0.cm%2Fcb.rss%3F@codeblue.jp/	
  
feed://l0.cm%2Fcb.rss%3F@codeblue.jp/	
  
alert('CODE	
  BLUE、2回⽬目開催おめでとう!n'+	
  
document.domain+'から')	
  
(Congratulation	
  for	
  
the	
  2nd	
  Code	
  Blue)	
  
! Web applications are in jeopardies caused by
character codes, browser behaviors / bugs, and so
on…
! Finding out mysteriously complicated bugs is
tthhee uullttiimmaattee ddeelliigghhtt..
You want to see more?
http://masatokinugawa.l0.cm/
! Grow up in touch of computers.
! Love to disassemble anything
! Debut as XSS “attacker” in the 6th grade
! Grow up with in touch of computers.
	
  ➡	
  I	
  got	
  to	
  knew	
  what	
  is	
  binary	
  in	
  2009	
  
! Love to disassemble anything	
  
	
  ➡	
  Donʼ’t	
  love	
  to	
  do	
  (so	
  lot)	
  
! Debut as XSS “attacker” in the 6th grade	
  
	
  ➡	
  I	
  got	
  interested	
  in	
  security	
  in	
  2009	
  
Decided to ddoo wwhhaatt II wwaanntt,, iinn mmyy wwaayy
���������������������
~2009 A lot happened
 2010 Left computer vocational school
What  I  want  to  do:  Seeking  vulnerabilities	
  
FFoouunndd ssoo lloott!!
Soon after, GGooooggllee llaauunncchheedd bug bounty program
Spent all waking hours
to find vulnerabilities.
Bug	
  hunting	
  house-‐‑‒husband?	
  
	
  	
  ➡	
  Need	
  to	
  gain	
  girl	
  hunt	
  skill	
  also	
  ☺	
  
! Extension	
  of	
  what	
  	
  I	
  want	
  to	
  do	
  
! Found	
  my	
  self	
  as	
  bug̶—hunter,	
  one	
  day	
  
WWiisshh ffoorr ffuuttuurree……
! Must spent most of the time to repeating
unsophisticated verification test
! No income unless find anything
! FFeeeelliinngg aaccccoommpplliisshhmmeenntt iiss ggrreeaatt, as what I
achieved, directly become money
! NNootthhiinngg iinn tthhee wwoorrlldd ttoo ffeeeell ddeelliigghhtt like
treasure hunting.
! Abnormal behaviors are mmuucchh ffuunn ttoo sseeee
However…
TThhee ffiinnddiinngg sskkiillll iiss aallll wwhhaatt yyoouu nneeeedd
Can concentrate on to improving skill
CCaann ddoo bbyy yyoouurrsseellff
Almost no human relationship issue
CCaann ddoo aatt yyoouurr hhoommee
No commuting time
CCaann wwoorrkk aatt oowwnn ppaaccee
Can do when you want
 “Listen music” as a hobby
 “Bug-hunt” as a hobby (same as above)
““HHoobbbbyy””
Do anything you want! Then, you may
find your own way.
FFoorr tthhoossee wwhhoo aarree ttrryyiinngg ttoo ffiinndd yyoouurr wwaayy......
UUnnddeerrssttoooodd??!!
Thank	
  You!	
  
@kinugawamasato	
  
✉	
   masatokinugawa	
  [at]	
  gmail.com	
  
Contact	
  

More Related Content

What's hot

JavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UXJavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UX
JWORKS powered by Ordina
 
Akka streams vs spark structured streaming
Akka streams vs spark structured streamingAkka streams vs spark structured streaming
Akka streams vs spark structured streaming
株式会社ジオロジック
 
은닉 마르코프 모델, Hidden Markov Model(HMM)
은닉 마르코프 모델, Hidden Markov Model(HMM)은닉 마르코프 모델, Hidden Markov Model(HMM)
은닉 마르코프 모델, Hidden Markov Model(HMM)
찬희 이
 
Php Tutorial
Php TutorialPhp Tutorial
Php Tutorial
pratik tambekar
 
Asynchronous JavaScript & XML (AJAX)
Asynchronous JavaScript & XML (AJAX)Asynchronous JavaScript & XML (AJAX)
Asynchronous JavaScript & XML (AJAX)
Adnan Sohail
 
Introduction to jQuery
Introduction to jQueryIntroduction to jQuery
Introduction to jQuery
manugoel2003
 
What is Ajax technology?
What is Ajax technology?What is Ajax technology?
What is Ajax technology?
JavaTpoint.Com
 
Servlet
Servlet Servlet
Servlet
Dhara Joshi
 
Updated html programs
Updated html programsUpdated html programs
Updated html programs
Deepali54
 
Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]
Aaron Gustafson
 
jQuery
jQueryjQuery
PHP
PHPPHP
WEB TECHNOLOGIES- PHP Programming
WEB TECHNOLOGIES-  PHP ProgrammingWEB TECHNOLOGIES-  PHP Programming
Ajax presentation
Ajax presentationAjax presentation
Ajax presentation
engcs2008
 
NEXT.JS
NEXT.JSNEXT.JS
JavaScript Basics
JavaScript BasicsJavaScript Basics
JavaScript Basics
Mats Bryntse
 
FS_module_functions.pptx
FS_module_functions.pptxFS_module_functions.pptx
FS_module_functions.pptx
Bareen Shaikh
 
CSS Pseudo Classes
CSS Pseudo ClassesCSS Pseudo Classes
CSS Pseudo Classes
frontendne
 
An Overview on Nuxt.js
An Overview on Nuxt.jsAn Overview on Nuxt.js
An Overview on Nuxt.js
Squash Apps Pvt Ltd
 

What's hot (19)

JavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UXJavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UX
 
Akka streams vs spark structured streaming
Akka streams vs spark structured streamingAkka streams vs spark structured streaming
Akka streams vs spark structured streaming
 
은닉 마르코프 모델, Hidden Markov Model(HMM)
은닉 마르코프 모델, Hidden Markov Model(HMM)은닉 마르코프 모델, Hidden Markov Model(HMM)
은닉 마르코프 모델, Hidden Markov Model(HMM)
 
Php Tutorial
Php TutorialPhp Tutorial
Php Tutorial
 
Asynchronous JavaScript & XML (AJAX)
Asynchronous JavaScript & XML (AJAX)Asynchronous JavaScript & XML (AJAX)
Asynchronous JavaScript & XML (AJAX)
 
Introduction to jQuery
Introduction to jQueryIntroduction to jQuery
Introduction to jQuery
 
What is Ajax technology?
What is Ajax technology?What is Ajax technology?
What is Ajax technology?
 
Servlet
Servlet Servlet
Servlet
 
Updated html programs
Updated html programsUpdated html programs
Updated html programs
 
Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]
 
jQuery
jQueryjQuery
jQuery
 
PHP
PHPPHP
PHP
 
WEB TECHNOLOGIES- PHP Programming
WEB TECHNOLOGIES-  PHP ProgrammingWEB TECHNOLOGIES-  PHP Programming
WEB TECHNOLOGIES- PHP Programming
 
Ajax presentation
Ajax presentationAjax presentation
Ajax presentation
 
NEXT.JS
NEXT.JSNEXT.JS
NEXT.JS
 
JavaScript Basics
JavaScript BasicsJavaScript Basics
JavaScript Basics
 
FS_module_functions.pptx
FS_module_functions.pptxFS_module_functions.pptx
FS_module_functions.pptx
 
CSS Pseudo Classes
CSS Pseudo ClassesCSS Pseudo Classes
CSS Pseudo Classes
 
An Overview on Nuxt.js
An Overview on Nuxt.jsAn Overview on Nuxt.js
An Overview on Nuxt.js
 

Viewers also liked

Bug-hunter's Sorrow
Bug-hunter's SorrowBug-hunter's Sorrow
Bug-hunter's Sorrow
Masato Kinugawa
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterX-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
Masato Kinugawa
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Websecurify
 
Advanced JS Deobfuscation
Advanced JS DeobfuscationAdvanced JS Deobfuscation
Advanced JS Deobfuscation
Minded Security
 
SecurityCamp2015「バグハンティング入門」
SecurityCamp2015「バグハンティング入門」SecurityCamp2015「バグハンティング入門」
SecurityCamp2015「バグハンティング入門」
Masato Kinugawa
 
Unicode - Hacking The International Character System
Unicode - Hacking The International Character SystemUnicode - Hacking The International Character System
Unicode - Hacking The International Character System
Websecurify
 
Security Challenges in Node.js
Security Challenges in Node.jsSecurity Challenges in Node.js
Security Challenges in Node.js
Websecurify
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
NoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDBNoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDB
Sqreen
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanning
Synack
 
無瑕的程式碼 Clean Code 心得分享
無瑕的程式碼 Clean Code 心得分享無瑕的程式碼 Clean Code 心得分享
無瑕的程式碼 Clean Code 心得分享
Win Yu
 

Viewers also liked (11)

Bug-hunter's Sorrow
Bug-hunter's SorrowBug-hunter's Sorrow
Bug-hunter's Sorrow
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterX-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best Practices
 
Advanced JS Deobfuscation
Advanced JS DeobfuscationAdvanced JS Deobfuscation
Advanced JS Deobfuscation
 
SecurityCamp2015「バグハンティング入門」
SecurityCamp2015「バグハンティング入門」SecurityCamp2015「バグハンティング入門」
SecurityCamp2015「バグハンティング入門」
 
Unicode - Hacking The International Character System
Unicode - Hacking The International Character SystemUnicode - Hacking The International Character System
Unicode - Hacking The International Character System
 
Security Challenges in Node.js
Security Challenges in Node.jsSecurity Challenges in Node.js
Security Challenges in Node.js
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
NoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDBNoSQL Injections in Node.js - The case of MongoDB
NoSQL Injections in Node.js - The case of MongoDB
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanning
 
無瑕的程式碼 Clean Code 心得分享
無瑕的程式碼 Clean Code 心得分享無瑕的程式碼 Clean Code 心得分享
無瑕的程式碼 Clean Code 心得分享
 

Similar to CODE BLUE 2014 : Joy of a bug hunter by Masato Kinugawa

Making Mobile Sites Faster
Making Mobile Sites FasterMaking Mobile Sites Faster
Making Mobile Sites Faster
Andy Davies
 
Big Data mit Microsoft?
Big Data mit Microsoft?Big Data mit Microsoft?
Big Data mit Microsoft?
Olivia Klose
 
Webconf 2013 - Media Query 123
Webconf 2013 - Media Query 123Webconf 2013 - Media Query 123
Webconf 2013 - Media Query 123
Hina Chen
 
15 Ways To A Blistering-Fast Web Site
15 Ways To A Blistering-Fast Web Site15 Ways To A Blistering-Fast Web Site
15 Ways To A Blistering-Fast Web Site
Ian Lurie
 
Speed matters, So why is your site so slow?
Speed matters, So why is your site so slow?Speed matters, So why is your site so slow?
Speed matters, So why is your site so slow?
Andy Davies
 
Unity3D Basic Concepts by: shamal aryan
Unity3D Basic Concepts by: shamal aryan Unity3D Basic Concepts by: shamal aryan
Unity3D Basic Concepts by: shamal aryan
Shamal Aryan
 
Taipei gtug opening
Taipei gtug openingTaipei gtug opening
Taipei gtug opening
Fred Lin
 
Arduino
ArduinoArduino
Arduino
Wayne Huang
 
Android Wear のムダ知識
Android Wear のムダ知識Android Wear のムダ知識
Android Wear のムダ知識
Satoshi Noda
 
LDAのハイパーパラメータの性質
LDAのハイパーパラメータの性質LDAのハイパーパラメータの性質
LDAのハイパーパラメータの性質
Yusuke Takagi
 
Is observability good for your brain?
Is observability good for your brain?Is observability good for your brain?
Is observability good for your brain?
Sematext Group, Inc.
 
@sugree and Twitter
@sugree and Twitter@sugree and Twitter
@sugree and Twitter
Sugree Phatanapherom
 
超音波でフルメッシュボイスチャットを可視化してみた
超音波でフルメッシュボイスチャットを可視化してみた超音波でフルメッシュボイスチャットを可視化してみた
超音波でフルメッシュボイスチャットを可視化してみた
Ryosuke Otsuya
 
Medicina Veterinaria y zootecnia
Medicina Veterinaria y zootecnia Medicina Veterinaria y zootecnia
Medicina Veterinaria y zootecnia
Laura Nikole Sierra Quintero
 
Excel Sheet for Memory Recall New
Excel Sheet for Memory Recall NewExcel Sheet for Memory Recall New
Excel Sheet for Memory Recall New
Cameron Kreider
 
Three important aspects of E-Waste Recycling
Three important aspects of E-Waste Recycling Three important aspects of E-Waste Recycling
Three important aspects of E-Waste Recycling
Bob Harris
 
IST 561 Session2--Feb 2, 2009 Basic XHTML Concepts
IST 561 Session2--Feb 2, 2009 Basic XHTML ConceptsIST 561 Session2--Feb 2, 2009 Basic XHTML Concepts
IST 561 Session2--Feb 2, 2009 Basic XHTML Concepts
D.A. Garofalo
 
Oracle cloudworld な〜んでだ?#3
Oracle cloudworld な〜んでだ?#3Oracle cloudworld な〜んでだ?#3
Oracle cloudworld な〜んでだ?#3
Hiroshi Sekiguchi
 
Go for web
Go for webGo for web
Go for web
Weng Wei
 
spanning tree
spanning treespanning tree
spanning tree
Roman Vladynskyi
 

Similar to CODE BLUE 2014 : Joy of a bug hunter by Masato Kinugawa (20)

Making Mobile Sites Faster
Making Mobile Sites FasterMaking Mobile Sites Faster
Making Mobile Sites Faster
 
Big Data mit Microsoft?
Big Data mit Microsoft?Big Data mit Microsoft?
Big Data mit Microsoft?
 
Webconf 2013 - Media Query 123
Webconf 2013 - Media Query 123Webconf 2013 - Media Query 123
Webconf 2013 - Media Query 123
 
15 Ways To A Blistering-Fast Web Site
15 Ways To A Blistering-Fast Web Site15 Ways To A Blistering-Fast Web Site
15 Ways To A Blistering-Fast Web Site
 
Speed matters, So why is your site so slow?
Speed matters, So why is your site so slow?Speed matters, So why is your site so slow?
Speed matters, So why is your site so slow?
 
Unity3D Basic Concepts by: shamal aryan
Unity3D Basic Concepts by: shamal aryan Unity3D Basic Concepts by: shamal aryan
Unity3D Basic Concepts by: shamal aryan
 
Taipei gtug opening
Taipei gtug openingTaipei gtug opening
Taipei gtug opening
 
Arduino
ArduinoArduino
Arduino
 
Android Wear のムダ知識
Android Wear のムダ知識Android Wear のムダ知識
Android Wear のムダ知識
 
LDAのハイパーパラメータの性質
LDAのハイパーパラメータの性質LDAのハイパーパラメータの性質
LDAのハイパーパラメータの性質
 
Is observability good for your brain?
Is observability good for your brain?Is observability good for your brain?
Is observability good for your brain?
 
@sugree and Twitter
@sugree and Twitter@sugree and Twitter
@sugree and Twitter
 
超音波でフルメッシュボイスチャットを可視化してみた
超音波でフルメッシュボイスチャットを可視化してみた超音波でフルメッシュボイスチャットを可視化してみた
超音波でフルメッシュボイスチャットを可視化してみた
 
Medicina Veterinaria y zootecnia
Medicina Veterinaria y zootecnia Medicina Veterinaria y zootecnia
Medicina Veterinaria y zootecnia
 
Excel Sheet for Memory Recall New
Excel Sheet for Memory Recall NewExcel Sheet for Memory Recall New
Excel Sheet for Memory Recall New
 
Three important aspects of E-Waste Recycling
Three important aspects of E-Waste Recycling Three important aspects of E-Waste Recycling
Three important aspects of E-Waste Recycling
 
IST 561 Session2--Feb 2, 2009 Basic XHTML Concepts
IST 561 Session2--Feb 2, 2009 Basic XHTML ConceptsIST 561 Session2--Feb 2, 2009 Basic XHTML Concepts
IST 561 Session2--Feb 2, 2009 Basic XHTML Concepts
 
Oracle cloudworld な〜んでだ?#3
Oracle cloudworld な〜んでだ?#3Oracle cloudworld な〜んでだ?#3
Oracle cloudworld な〜んでだ?#3
 
Go for web
Go for webGo for web
Go for web
 
spanning tree
spanning treespanning tree
spanning tree
 

More from CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
CODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
CODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
CODE BLUE
 

More from CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Recently uploaded

Leadership Ambassador club Adventist module
Leadership Ambassador club Adventist moduleLeadership Ambassador club Adventist module
Leadership Ambassador club Adventist module
kakomaeric00
 
在线办理(UOIT毕业证书)安大略省理工大学毕业证在读证明一模一样
在线办理(UOIT毕业证书)安大略省理工大学毕业证在读证明一模一样在线办理(UOIT毕业证书)安大略省理工大学毕业证在读证明一模一样
在线办理(UOIT毕业证书)安大略省理工大学毕业证在读证明一模一样
yhkox
 
How to overcome obstacles in the way of success.pdf
How to overcome obstacles in the way of success.pdfHow to overcome obstacles in the way of success.pdf
How to overcome obstacles in the way of success.pdf
Million-$-Knowledge {Million Dollar Knowledge}
 
Leave-rules.ppt CCS leave rules 1972 for central govt employees
Leave-rules.ppt CCS leave rules 1972 for central govt employeesLeave-rules.ppt CCS leave rules 1972 for central govt employees
Leave-rules.ppt CCS leave rules 1972 for central govt employees
Sreenivas702647
 
Connect to Grow: The power of building networks
Connect to Grow: The power of building networksConnect to Grow: The power of building networks
Connect to Grow: The power of building networks
Eirini SYKA-LERIOTI
 
A Guide to a Winning Interview June 2024
A Guide to a Winning Interview June 2024A Guide to a Winning Interview June 2024
A Guide to a Winning Interview June 2024
Bruce Bennett
 
All Of My Java Codes With A Sample Output.docx
All Of My Java Codes With A Sample Output.docxAll Of My Java Codes With A Sample Output.docx
All Of My Java Codes With A Sample Output.docx
adhitya5119
 
体育博彩论坛-十大体育博彩论坛-体育博彩论坛|【​网址​🎉ac55.net🎉​】
体育博彩论坛-十大体育博彩论坛-体育博彩论坛|【​网址​🎉ac55.net🎉​】体育博彩论坛-十大体育博彩论坛-体育博彩论坛|【​网址​🎉ac55.net🎉​】
体育博彩论坛-十大体育博彩论坛-体育博彩论坛|【​网址​🎉ac55.net🎉​】
waldorfnorma258
 
一比一原版布拉德福德大学毕业证(bradford毕业证)如何办理
一比一原版布拉德福德大学毕业证(bradford毕业证)如何办理一比一原版布拉德福德大学毕业证(bradford毕业证)如何办理
一比一原版布拉德福德大学毕业证(bradford毕业证)如何办理
taqyea
 
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
2zjra9bn
 
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
Switching Careers Slides - JoyceMSullivan SocMediaFin -  2024Jun11.pdfSwitching Careers Slides - JoyceMSullivan SocMediaFin -  2024Jun11.pdf
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
SocMediaFin - Joyce Sullivan
 
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
2zjra9bn
 
Lbs last rank 2023 9988kr47h4744j445.pdf
Lbs last rank 2023 9988kr47h4744j445.pdfLbs last rank 2023 9988kr47h4744j445.pdf
Lbs last rank 2023 9988kr47h4744j445.pdf
ashiquepa3
 
Learnings from Successful Jobs Searchers
Learnings from Successful Jobs SearchersLearnings from Successful Jobs Searchers
Learnings from Successful Jobs Searchers
Bruce Bennett
 
0624.speakingengagementsandteaching-01.pdf
0624.speakingengagementsandteaching-01.pdf0624.speakingengagementsandteaching-01.pdf
0624.speakingengagementsandteaching-01.pdf
Thomas GIRARD BDes
 
按照学校原版(UofT文凭证书)多伦多大学毕业证快速办理
按照学校原版(UofT文凭证书)多伦多大学毕业证快速办理按照学校原版(UofT文凭证书)多伦多大学毕业证快速办理
按照学校原版(UofT文凭证书)多伦多大学毕业证快速办理
evnum
 
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAANBUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
cahgading001
 
Community Skills Building Workshop | PMI Silver Spring Chapter | June 12, 2024
Community Skills Building Workshop | PMI Silver Spring Chapter  | June 12, 2024Community Skills Building Workshop | PMI Silver Spring Chapter  | June 12, 2024
Community Skills Building Workshop | PMI Silver Spring Chapter | June 12, 2024
Hector Del Castillo, CPM, CPMM
 
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
GabrielleSinaga
 
办理阿卡迪亚大学毕业证(uvic毕业证)本科文凭证书原版一模一样
办理阿卡迪亚大学毕业证(uvic毕业证)本科文凭证书原版一模一样办理阿卡迪亚大学毕业证(uvic毕业证)本科文凭证书原版一模一样
办理阿卡迪亚大学毕业证(uvic毕业证)本科文凭证书原版一模一样
kkkkr4pg
 

Recently uploaded (20)

Leadership Ambassador club Adventist module
Leadership Ambassador club Adventist moduleLeadership Ambassador club Adventist module
Leadership Ambassador club Adventist module
 
在线办理(UOIT毕业证书)安大略省理工大学毕业证在读证明一模一样
在线办理(UOIT毕业证书)安大略省理工大学毕业证在读证明一模一样在线办理(UOIT毕业证书)安大略省理工大学毕业证在读证明一模一样
在线办理(UOIT毕业证书)安大略省理工大学毕业证在读证明一模一样
 
How to overcome obstacles in the way of success.pdf
How to overcome obstacles in the way of success.pdfHow to overcome obstacles in the way of success.pdf
How to overcome obstacles in the way of success.pdf
 
Leave-rules.ppt CCS leave rules 1972 for central govt employees
Leave-rules.ppt CCS leave rules 1972 for central govt employeesLeave-rules.ppt CCS leave rules 1972 for central govt employees
Leave-rules.ppt CCS leave rules 1972 for central govt employees
 
Connect to Grow: The power of building networks
Connect to Grow: The power of building networksConnect to Grow: The power of building networks
Connect to Grow: The power of building networks
 
A Guide to a Winning Interview June 2024
A Guide to a Winning Interview June 2024A Guide to a Winning Interview June 2024
A Guide to a Winning Interview June 2024
 
All Of My Java Codes With A Sample Output.docx
All Of My Java Codes With A Sample Output.docxAll Of My Java Codes With A Sample Output.docx
All Of My Java Codes With A Sample Output.docx
 
体育博彩论坛-十大体育博彩论坛-体育博彩论坛|【​网址​🎉ac55.net🎉​】
体育博彩论坛-十大体育博彩论坛-体育博彩论坛|【​网址​🎉ac55.net🎉​】体育博彩论坛-十大体育博彩论坛-体育博彩论坛|【​网址​🎉ac55.net🎉​】
体育博彩论坛-十大体育博彩论坛-体育博彩论坛|【​网址​🎉ac55.net🎉​】
 
一比一原版布拉德福德大学毕业证(bradford毕业证)如何办理
一比一原版布拉德福德大学毕业证(bradford毕业证)如何办理一比一原版布拉德福德大学毕业证(bradford毕业证)如何办理
一比一原版布拉德福德大学毕业证(bradford毕业证)如何办理
 
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
 
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
Switching Careers Slides - JoyceMSullivan SocMediaFin -  2024Jun11.pdfSwitching Careers Slides - JoyceMSullivan SocMediaFin -  2024Jun11.pdf
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
 
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
 
Lbs last rank 2023 9988kr47h4744j445.pdf
Lbs last rank 2023 9988kr47h4744j445.pdfLbs last rank 2023 9988kr47h4744j445.pdf
Lbs last rank 2023 9988kr47h4744j445.pdf
 
Learnings from Successful Jobs Searchers
Learnings from Successful Jobs SearchersLearnings from Successful Jobs Searchers
Learnings from Successful Jobs Searchers
 
0624.speakingengagementsandteaching-01.pdf
0624.speakingengagementsandteaching-01.pdf0624.speakingengagementsandteaching-01.pdf
0624.speakingengagementsandteaching-01.pdf
 
按照学校原版(UofT文凭证书)多伦多大学毕业证快速办理
按照学校原版(UofT文凭证书)多伦多大学毕业证快速办理按照学校原版(UofT文凭证书)多伦多大学毕业证快速办理
按照学校原版(UofT文凭证书)多伦多大学毕业证快速办理
 
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAANBUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
 
Community Skills Building Workshop | PMI Silver Spring Chapter | June 12, 2024
Community Skills Building Workshop | PMI Silver Spring Chapter  | June 12, 2024Community Skills Building Workshop | PMI Silver Spring Chapter  | June 12, 2024
Community Skills Building Workshop | PMI Silver Spring Chapter | June 12, 2024
 
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
 
办理阿卡迪亚大学毕业证(uvic毕业证)本科文凭证书原版一模一样
办理阿卡迪亚大学毕业证(uvic毕业证)本科文凭证书原版一模一样办理阿卡迪亚大学毕业证(uvic毕业证)本科文凭证书原版一模一样
办理阿卡迪亚大学毕业证(uvic毕业证)本科文凭证书原版一模一样
 

CODE BLUE 2014 : Joy of a bug hunter by Masato Kinugawa

  • 2. Name Masato Kinugawa Nationality Japanese(maybe) Hobby Listening Music and XSS Profession BBuugg--hhuunntteerr
  • 3. FFiirrsstt BBuugg--HHuunntteerr’’ss LLiiffee aanndd BBoouunnttyy PPrrooggrraamm SSeeccoonndd DDeelliigghhttffuull BBuuggss TThhiirrdd TThhee rreeaassoonnss wwhhyy II bbeeccaammee BBuugg--hhuunntteerr
  • 5. Workplace Home Working Hours Any time I want Work Finding Security Bugs Income BBuugg BBoouunnttyy ➡Does it make enough money to live?
  • 6.
  • 8. 2277113355334466 ((JJPPYY)) $$114422772233 (($$11 == 112200 JJPPYY)) ((iinn OOccttaall ddiiggiittss))
  • 9. ! GGooooggllee launched in 2010 ! Followed by MMaannyy CCoommppaanniieess
  • 10. ! GGooooggllee VVulnerability RReward PProgram ! 1 bug = $100~20,000 $$113300,,880033..77 TToottaall BBoouunnttiieess NNuummbbeerr ooff bbuuggss rreeppoorrtteedd 112277((119911 including duplicated and/or not rewarded ones)
  • 11.
  • 12. EEvveenn mmoorree mmoottiivvaatteedd bbyy tthhee iinnccrreeaasseedd bboouunnttyy rraatteess!!$  
  • 13. II aamm aaccttuuaallllyy nniigghhtt oowwll……
  • 14.
  • 15. ! QQuuiicckk RReeppoossee since the program is launched. ! CCoonnssiiddeerr NOT ONLY seriousness, but also tthhee lleevveell ooff ““iinntteerreessttiinngg””,, ooff tthhee bbuugg.. ! Require only ssiimmppllee eexxppllaannaattiioonn ttoo hhaavvee tthheemm uunnddeerrssttaanndd tthhee pprroobblleemm.. ! PPrroovviiddee ffuunn to the reporters.
  • 16.
  • 17. ! TThhee MMoosstt IImmppoorrttaanntt DDoommaaiinn ooff GGooooggllee ! Bounty was $$55,,000000 (Exceeds the regulated maximum amount at that time)
  • 18. https://accounts.google.com/example?oe=utf-‐‑‒32   HTTP/1.1  200  OK   Alternate-‐‑‒Protocol:  443:quic,p=0.01   Cache-‐‑‒Control:  private,  max-‐‑‒age=0   Content-‐‑‒Encoding:  gzip   Content-‐‑‒Type:  text/html;  charset=UTF-‐‑‒32   ...   ! Character Code can be set by URL ! UUTTFF--3322 was able to be set
  • 20. ➊➊ AArrrraayy ooff tthhee BByytteess ❷❷ CChhaarraacctteerr CCooddee ooff tthhee PPaaggee ❸❸ HHaannddlliinngg 00xx0000 CChhaarraacctteerrss
  • 21. 00  00  22  00  00  00  3E  00  00  00  3C  00   00  00  00  73  00  00  00  63  00  00  00  72   00  00  00  69  00  00  00  70  00  00  00  74   00  00  3E  00  00  00  00  61  00  00  00  6C   00  00  00  65  00  00  00  72  00  00  00  74   00  00  00  28  00  00  00  31  00  00  00  29   00  00  3C  00  00  00  00  2F  00  00  00  73   00  00  00  63  00  00  00  72  00  00  00  69   00  00  00  70  00  00  00  74  00  00  3E  00   ∀㸀㸀㰀㰀� s  c    r� i    p    t� 㸀㸀a    l� e  r    t� (  1    )� 㰀㰀/    s� c  r    i� p  t  㸀㸀� In UTF-32, 1 character requires 4 bytes ➊�
  • 22. IE  does  not  support  UTF-‐‑‒32    ➡Character  Code  shall  be  “recognized”  to  be   something   00  00  22  00  00  00  3E  00  00  00  3C  00   00  00  00  73  00  00  00  63  00  00  00  72   00  00  00  69  00  00  00  70  00  00  00  74   00  00  3E  00  00  00  00  61  00  00  00  6C   00  00  00  65  00  00  00  72  00  00  00  74   00  00  00  28  00  00  00  31  00  00  00  29   00  00  3C  00  00  00  00  2F  00  00  00  73   00  00  00  63  00  00  00  72  00  00  00  69   00  00  00  70  00  00  00  74  00  00  3E  00   ∀㸀㸀㰀㰀� s  c    r� i    p    t� 㸀㸀a    l� e  r    t� (  1    )� 㰀㰀/    s� c  r    i� p  t  㸀㸀� ❷
  • 23. This “super great” web site provides the support status of character codes, of all web browser http://l0.cm/encodings/table/
  • 24. IE(<=9) ignores the characters ➡the “00” are uunnddeerrssttoooodd aass nnootthhiinngg.. 00  00  22  00  00  00  3E  00  00  00  3C  00   00  00  00  73  00  00  00  63  00  00  00  72   00  00  00  69  00  00  00  70  00  00  00  74   00  00  3E  00  00  00  00  61  00  00  00  6C   00  00  00  65  00  00  00  72  00  00  00  74   00  00  00  28  00  00  00  31  00  00  00  29   00  00  3C  00  00  00  00  2F  00  00  00  73   00  00  00  63  00  00  00  72  00  00  00  69   00  00  00  70  00  00  00  74  00  00  3E  00   �  >  �� s  c    r� i    p  t� >  a  l� e  r    t� (  1    )� �  /  s� c  r    i� p  t  >� ❸
  • 25. Message from the web page
  • 26. Seek browser and plug-in bugs also ������1������� ������1������� ������1������� ������1������� ������1������� ������1����1�� ������1��1���� ������11������ ������1������� ������1������� ������1��1���� ������1����1�� ������1���1��� ������1�������������11������ ������11������ ������1����1�� ������1�����1� ������1������� ������1������� ������1����1�� ������1������� ������1������� ������1������� ������1������� ������1�������
  • 27. ! 2288..77%% of total number of bugs I reported ! TThhee 8877%% ooff tthheemm aarree wwiitthh IIEE
  • 28. ! Take longer to fix ! Even if it is fixed, it is NOT likely to applied to the different IE version. Something is required at the Web service level Therefore
  • 29. location.href is aa mmeetthhoodd ttoo ggeett tthhee UURRLL ooff tthhee ppaaggee by JavaScript http://example.com/ http://example.com/ location.href
  • 30. http://evil%2F@eexxaammppllee..ccoomm/ location.href is http://eevviill/@example.com/ The URL part before @ is aauuttoommaattiiccaallllyy ddeeccooddeedd!! ➡IItt ggeenneerraatteess UURRLL ppooiinnttss ttoo eexxtteerrnnaall WWeebb ssiittee
  • 31. AAllll ccooddeess iinncclluuddee llooccaattiioonn..hhrreeff ppooiinnttiinngg ttoo sseellff--ddoommaaiinn aarree ppootteennttiiaallllyy vvuullnneerraabbllee Added characters before “@”, then checked any web pages if it send request to the external sites Therefore
  • 33. ! Found ffaattaall bbuugg, at same time ! Exist in feed:// URL that represents RSS ! Can extract unrelated feed to any domain by ccuussttoommiizziinngg the part of URL before @. ! Put the scripts in the unrelated feeds, XSS works on the extracted domain WWee ccaann eennffoorrccee XXSSSS oonn aannyy wweebb ssiitteess \\((^^oo^^))// yyeeaahh☆☆ therefore
  • 34. In feed:// URL, characters which can run scripts are restricted. (=Blacklist) It is easy; jjuusstt ppaassssiinngg tthhrroouugghh tthhee bbllaacckklliisstt! Things to do
  • 35. <a href="javascript:alert(1)">XSS</a> <a>XSS</a> FFiinndd oouutt tthhee cchhaarraacctteerrss wwhhiicchh ccaann ppaassss tthhrroouugghh bbaasseedd oonn tthhee cchhaarraacctteerr rreemmoovvaall ppaatttteerrnn BBeeeeppiinngg!!
  • 38. feed://l0.cm%2Fcb.rss%3F@codeblue.jp/   alert('CODE  BLUE、2回⽬目開催おめでとう!n'+   document.domain+'から')   (Congratulation  for   the  2nd  Code  Blue)  
  • 39. ! Web applications are in jeopardies caused by character codes, browser behaviors / bugs, and so on… ! Finding out mysteriously complicated bugs is tthhee uullttiimmaattee ddeelliigghhtt.. You want to see more? http://masatokinugawa.l0.cm/
  • 40.
  • 41. ! Grow up in touch of computers. ! Love to disassemble anything ! Debut as XSS “attacker” in the 6th grade
  • 42. ! Grow up with in touch of computers.  ➡  I  got  to  knew  what  is  binary  in  2009   ! Love to disassemble anything    ➡  Donʼ’t  love  to  do  (so  lot)   ! Debut as XSS “attacker” in the 6th grade    ➡  I  got  interested  in  security  in  2009  
  • 43. Decided to ddoo wwhhaatt II wwaanntt,, iinn mmyy wwaayy ��������������������� ~2009 A lot happened  2010 Left computer vocational school
  • 44. What  I  want  to  do:  Seeking  vulnerabilities   FFoouunndd ssoo lloott!! Soon after, GGooooggllee llaauunncchheedd bug bounty program Spent all waking hours to find vulnerabilities.
  • 45.
  • 46. Bug  hunting  house-‐‑‒husband?      ➡  Need  to  gain  girl  hunt  skill  also  ☺   ! Extension  of  what    I  want  to  do   ! Found  my  self  as  bug̶—hunter,  one  day   WWiisshh ffoorr ffuuttuurree……
  • 47. ! Must spent most of the time to repeating unsophisticated verification test ! No income unless find anything ! FFeeeelliinngg aaccccoommpplliisshhmmeenntt iiss ggrreeaatt, as what I achieved, directly become money ! NNootthhiinngg iinn tthhee wwoorrlldd ttoo ffeeeell ddeelliigghhtt like treasure hunting. ! Abnormal behaviors are mmuucchh ffuunn ttoo sseeee However…
  • 48. TThhee ffiinnddiinngg sskkiillll iiss aallll wwhhaatt yyoouu nneeeedd Can concentrate on to improving skill CCaann ddoo bbyy yyoouurrsseellff Almost no human relationship issue CCaann ddoo aatt yyoouurr hhoommee No commuting time CCaann wwoorrkk aatt oowwnn ppaaccee Can do when you want
  • 49.  “Listen music” as a hobby  “Bug-hunt” as a hobby (same as above) ““HHoobbbbyy”” Do anything you want! Then, you may find your own way. FFoorr tthhoossee wwhhoo aarree ttrryyiinngg ttoo ffiinndd yyoouurr wwaayy......
  • 51. Thank  You!   @kinugawamasato   ✉   masatokinugawa  [at]  gmail.com   Contact