NSCTF
- 6. About Takeshi
HITCON staff 2012, 2013, 2014
SITCON staff 2013, 2014, 2015
COSCUP, WebConf…..
C, Python, JavaScript…….
RuCTF, CTCTF
Web security
- 12. Before before CTF
分析用的 python script
For binary — system, scanf, strcpy, memcpy
For web — mysql_*, echo, eval, system….
熟悉 gdb
先把可用的 sqli 先蒐集一遍
- 16. SSP
Buffer Overflow : login, leave message, change
money, initial_pinfo
Integer overflow : million, betting, changeback
Command execution : changeback
Logic error : betting
Default password : login
Malicious login session
- 17. PMC
SQLi : id query, name query
XSS : message
Backdoor upload : upload
Upload header bypass : upload
getimagesize bypass : upload
.htaccess : upload
Malicious function execution