CTF for ビギナーズのネットワーク講習で使用した資料です。
講習に使用したファイルは、以下のリンク先にあります。
https://onedrive.live.com/redir?resid=5EC2715BAF0C5F2B!10056&authkey=!ANE0wqC_trouhy0&ithint=folder%2czip
mod_auth_ticket - Bringing Single-Sign-On to lighttpdTaisuke Yamada
Explains mod_auth_ticket, a newly developed module for lighttpd to make any website SSO-enabled. Also discusses development experience for lighttpd and some strength evaluation of crypto used by this module.
CTF for ビギナーズのネットワーク講習で使用した資料です。
講習に使用したファイルは、以下のリンク先にあります。
https://onedrive.live.com/redir?resid=5EC2715BAF0C5F2B!10056&authkey=!ANE0wqC_trouhy0&ithint=folder%2czip
mod_auth_ticket - Bringing Single-Sign-On to lighttpdTaisuke Yamada
Explains mod_auth_ticket, a newly developed module for lighttpd to make any website SSO-enabled. Also discusses development experience for lighttpd and some strength evaluation of crypto used by this module.
July Tech Festa, August 2017
Alternate URL: https://speakerdeck.com/s1061123/kontenafalsenetutowakuintahuesu-sofalseshi-zhuang-shou-fa-tosofalseying-yong-nituite
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
TrustZone use case and trend (FFRI Monthly Research Mar 2017) FFRI, Inc.
Table of Contents
• About TrustZone
– Use case of TrustZone
– Cortex-A TrustZone
– Cortex-M TrustZone
– TEE implementation
• Vulnerability of TEE implementation
• Conclusions
• References
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...FFRI, Inc.
Table of Contents
• Background • Use case and Weave
• Android Things Security Considerations
• Android Things Version Information
• File system information • Firewall setting
• ADB port setting
• SELinux setting
• Conclusions
• Reference
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) FFRI, Inc.
• Security incidents related to IoT devices
• About the Android Things
• Major features
• Installation and Settings
• Accessible network service
• Security configurations
• Conclusions
• References
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) FFRI, Inc.
• About Black Hat
• Intriguing reports – Breaking BHAD: Abusing Belkin Home Automation Devices – (PEN)TESTING VEHICLES WITH CANTOOLZ YACHT – YET ANOTHER CAR HACKING TOOL – Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks
• Conclusions
• References
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
• About threat analysis support tool
• Examples of tools
• Analysis target system
• Analysis result
– How to read result
– Overview of threats
• Effective usage
– About template
– Additional definition of threat information
• Conclusions
• References
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)FFRI, Inc.
• About Black Hat USA
• Hot Research
• Vehicle
– CANSPY: A Platform For Auditing CAN Devices
– Advanced CAN Injection Techniques For Vehicle Networks
– Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle
• IoT
– Into The Core – In-Depth Exploration of Windows 10 IoT Core
– GATTAttacking Bluetooth Smart Devices
– Introducing A New BLE Proxy Tool
– GreatFET: Making GoodFET Great Again
• Conclusions
• References
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)FFRI, Inc.
In this report, we pick up briefings of Black Hat Asia 2016
• Mobile Security
– Android Commercial Spyware Disease and Medication, Mustafa Saad
– Su-a-Cyder: Home-Brewing iOS Malware Like a B0$$!, Chilik Tamir
• IoT Security
– Lets See Whats Out There Mapping The Wireless IOT, Tobias Zillner
– Hacking a Professional Drone, Nils Rodday
• Windows Security
– DSCompromised:A Windows DSC Attack Framework, Ryan Kazanciyan & Matt Hastings
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
In this slide, we introduce the TrustZone of information that has published at this time in relation to ARMv8-M.
It is possible to separate/isolate the security level by adding the security state.
ARMv8-M architecture has a different mechanism than TrustZone to provide traditional ARMv8-A architecture, which is optimized for embedded systems.
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)FFRI, Inc.
•CODE BLUE 2015 had over 600 visitors from many countries.
–It had started two track presentation and youth track.
–Two teenagers and a student were on stage.
•IoT Security
–Medical equipment and social infrastructure were studied.
–The white hackers reported these vulnerabilities.
•Bug Bounty
–Japanese bug hunters are active in the world.
–There are things to learn from their way.
•APT
–APT would have invaded various organizations in Japan.
–Forum for information exchange, such as the CODE BLUE is required to counter APT.
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...FFRI, Inc.
•Automobile security is hot topic in many conferences.
•Cyber security measures are essential for the automobile.
•We summarize the following topics based on the above background.
–Presentations at the conferences other than Black Hat USA 2015 and DEF CON 23.
–Introduction of vulnerability assessment methods of automobile security by CVSS v3.
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)FFRI, Inc.
Recently, OS X and iOS are becoming target of cyber attacks.
–As a result, attack technique peculiar to OS X and iOS comes up.(e.g. Abuse of sync function, malware distribution by AdHocetc.)
We recommend some security settings for Mac and iPhone based on current state of threats.
–Target system is OS X 10.10.x (Yosemite) and iOS 8.x.
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)FFRI, Inc.
•Windows 10 IoT is successor platform of Windows Embedded that optimized for embedded devices.
•Windows 10 IoT Core Insider Preview has been provided for single-board computers such as the Raspberry Pi 2.
•We show tutorial about security of Windows 10 IoT Core using the Raspberry Pi 2.
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...FFRI, Inc.
Background
•Automobiles equip a lot of ECUs which communicate mutually on In-Vehicle Network to control engine, power window, and so on
•IVI devices such as navigation system and ADAS*known-as lane-keeping or brake-assist systems often are connected in the same network
•BecauseIn-Vehicle network becoming complicated by various devices, next-generation In-Vehicle network attracts interest as feasible technology at low cost
•This slide summarized about following topics
–Ethernet prospective as next-generation In-Vehicle network
–Recent security research about conventional In-Vehicle network andproposal of measures for the CAN
【DLゼミ】XFeat: Accelerated Features for Lightweight Image Matchingharmonylab
公開URL:https://arxiv.org/pdf/2404.19174
出典:Guilherme Potje, Felipe Cadar, Andre Araujo, Renato Martins, Erickson R. ascimento: XFeat: Accelerated Features for Lightweight Image Matching, Proceedings of the 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2023)
概要:リソース効率に優れた特徴点マッチングのための軽量なアーキテクチャ「XFeat(Accelerated Features)」を提案します。手法は、局所的な特徴点の検出、抽出、マッチングのための畳み込みニューラルネットワークの基本的な設計を再検討します。特に、リソースが限られたデバイス向けに迅速かつ堅牢なアルゴリズムが必要とされるため、解像度を可能な限り高く保ちながら、ネットワークのチャネル数を制限します。さらに、スパース下でのマッチングを選択できる設計となっており、ナビゲーションやARなどのアプリケーションに適しています。XFeatは、高速かつ同等以上の精度を実現し、一般的なラップトップのCPU上でリアルタイムで動作します。
セル生産方式におけるロボットの活用には様々な問題があるが,その一つとして 3 体以上の物体の組み立てが挙げられる.一般に,複数物体を同時に組み立てる際は,対象の部品をそれぞれロボットアームまたは治具でそれぞれ独立に保持することで組み立てを遂行すると考えられる.ただし,この方法ではロボットアームや治具を部品数と同じ数だけ必要とし,部品数が多いほどコスト面や設置スペースの関係で無駄が多くなる.この課題に対して音𣷓らは組み立て対象物に働く接触力等の解析により,治具等で固定されていない対象物が組み立て作業中に運動しにくい状態となる条件を求めた.すなわち,環境中の非把持対象物のロバスト性を考慮して,組み立て作業条件を検討している.本研究ではこの方策に基づいて,複数物体の組み立て作業を単腕マニピュレータで実行することを目的とする.このとき,対象物のロバスト性を考慮することで,仮組状態の複数物体を同時に扱う手法を提案する.作業対象としてパイプジョイントの組み立てを挙げ,簡易な道具を用いることで単腕マニピュレータで複数物体を同時に把持できることを示す.さらに,作業成功率の向上のために RGB-D カメラを用いた物体の位置検出に基づくロボット制御及び動作計画を実装する.
This paper discusses assembly operations using a single manipulator and a parallel gripper to simultaneously
grasp multiple objects and hold the group of temporarily assembled objects. Multiple robots and jigs generally operate
assembly tasks by constraining the target objects mechanically or geometrically to prevent them from moving. It is
necessary to analyze the physical interaction between the objects for such constraints to achieve the tasks with a single
gripper. In this paper, we focus on assembling pipe joints as an example and discuss constraining the motion of the
objects. Our demonstration shows that a simple tool can facilitate holding multiple objects with a single gripper.
1. Fourteenforty Research Institute, Inc.
Confidential
Fourteenforty Research Institute, Inc.
Fourteenforty Research Institute, Inc.
株式会社 フォティーンフォティ技術研究所
http://www.fourteenforty.jp
Monthly Research
OpenFlowセキュリティ
ver2.00.02
5. Fourteenforty Research Institute, Inc.
Confidential
• SDN
– 従来のネットワークは、各構成要素(L2/L3スイッチ、ルーター等)の物理的な
配置、接続、設定に依存した固定的なシステム
– データセンター等を中心にサーバ、及びストレージの仮想化が進んでいるが、
ネットワークは都度構成変更、機器個別の設定が必要(VMのマシン間移動時等)
→ オペレーションの複雑化、運用負荷増大
– SDNは、ネットワークをソフトウェアとして定義し、柔軟な構成、制御、管理を
実現しようとする概念
• OpenFlow
– SDNという概念を具現化する技術仕様のひとつ
Software Defined Network(SDN)及びOpenFlow
5
6. Fourteenforty Research Institute, Inc.
Confidential
• 現在はOpen Networking Foundation(ONF)が仕様を策定
– https://www.opennetworking.org/
• ONFのボードメンバーは下記の通り(2013年4月15日現在)
– Deutsche Telekom, Facebook, Goldman Sachs, Google, Microsoft,
NTTコミュニケーションズ, Verizon, Yahoo!
• 現時点では、バージョン1.0に準拠した実装が主流
背景及び周辺状況
6
年月日 出来事
2009年12月31日 スタンフォード大学が中心となりバージョン1.0策定
2011年2月28日 バージョン1.1策定
2011年3月21日 Open Networking Foundation設立
2011年12月5日 バージョン1.2策定
2012年5月25日 バージョン1.3.0策定
2012年9月6日 バージョン1.3.1策定
7. Fourteenforty Research Institute, Inc.
Confidential
• OpenFlowの基本的な考え方
– 従来NW機器に統合されていたコントロールプレーン(経路制御等)、
データプレーン(フレーム転送等)を分離
– NWをOpenFlowスイッチ及びOpenFlowコントローラーで構成
– 仕様は、主にスイッチの動作及びスイッチ-コントローラー間の通信を規定
技術概要(1/5)
7
データプレーン
コントロールプレーン
アプリケーション
データプレーン
コントロールプレーン
アプリケーション
従来のネットワーク機器 OpenFlowスイッチ
OpenFlowコントローラー
OpenFlow仕様
インターフェイス
スイッチ動作
8. Fourteenforty Research Institute, Inc.
Confidential
• フロー
– OpenFlowにおける通信の取扱い単位
• フローエントリー:下記の3要素から構成されるフローの管理構造
– ヘッダーフィールド:処理対象のフローを定義
– アクション:該当フローの処理方法を定義
– カウンタ:該当フローの統計情報を保持
技術概要(2/5)
8
ヘッダーフィールドで利用可能な項目
Ingress port IP src
Ether src IP dst
Ether dst IP proto
Ether type IP ToS bits
VLAN id TCP/UDP src port
VLAN priority TCP/UDP dst port
利用可能なアクション例
Forward 指定したポートからパケットを出力
DROP パケットを破棄
Modify-Field 指定したフィールドを書き換え
15. Fourteenforty Research Institute, Inc.
Confidential
実際の通信例(2/3)
15
OFTP_FEATURES_REQUESTOFTP_FEATURES_REPLY
物理ポートの構成情報状態等を通知
■コントローラーからのFeatures要求及びスイッチからの応答
16. Fourteenforty Research Institute, Inc.
Confidential
実際の通信例(3/3)
16
OFTP_PACKET_IN
OFTP_FLOW_MOD
■コントローラーからスイッチへの初期設定及びフローエントリーの書き込み、
スイッチからのPACKET_IN
12 bytes
OFTP_SET_CONFIG
26. Fourteenforty Research Institute, Inc.
Confidential
1. 書籍
a. クラウド時代のネットワーク技術 OpenFlow実践入門
(ISBN-10: 4774154652)
2. オンライン
a. Openflow Networking Foundation
https://www.opennetworking.org/
b. OpenFlow Switch Specifications version 1.0.0
http://www.openflow.org/documents/openflow-spec-v1.0.0.pdf
c. SDNのセキュリティ / Inter-Domain Routing Security 23
http://irs.ietf.to/wiki.cgi?page=IRS23
参考情報
26
28. Fourteenforty Research Institute, Inc.
Confidential
本調査に当り協力・助言頂いた下記の方にこの場をお借りして
心より御礼申し上げます(ヒアリング実施順に記載)
NTTコミュニケーションズ(株)畑田充弘様、渡辺渉様、古澤徹様
NTTアドバンステクノロジ(株)深澤友雄様、伊藤光恭様、大嶋寛様、酒井清隆様
日本電信電話(株)NTTセキュアプラットフォーム研究所一同様
謝辞
28