Hacking Book | Free Online Hacking Learning

Home

xcon2014 &geekpwn2014

Posted by herskovits at 2020-03-05
all

Catalog

1. Application of linker and loader technology in protective shell

0x1: speaker

Safety programming moderator (Yan Wenbin, technical director of 4D Chuangzhi)

0x2: technical background

Traditional PC software and mobile terminal app go through the following stages

0x3: Key Technologies / technical difficulties in the topic

The core idea of TDK

0x4: technology related to similar principles

In xkunfoo2014, Pengzhou shared the topic of virus technology research based on Android local binary file, and realized the technology similar to the technology of custom linker & & loader with the help of custom Java classloader

0x5: Thoughts on attack and defense

In the attack and defense confrontation with hackers, security researchers are often in a higher dimension of depth than hackers, the key is how to use this advantage

For host intrusion detection, defense and repair system, we can do the following things

2. Large scale vulnerability mining in Android application market

0x1: speaker

Guo Tianfang, a member of the founding team of trustlook, currently focuses on malware sandbox detection technology and vulnerability research on Android platform

0x2: technical background

The mobile terminal traffic entry, which is typical of the mobile app market, contains a large number of APP applications, and lacks the security detection threshold for the app online, which makes the app market a hotbed for malicious programs. At present, the security problems in the app market are as follows:

0x3: Key Technologies / technical difficulties in the topic

Implementation steps

Vulnerability mining

0x4: technology related to similar principles

0x5: Thoughts on attack and defense

If the password is not saved in the app local, how should it be saved? This is a kind of problem with the sensitive information disclosure of the config file of the website on the PC side. How can I solve this problem when such sensitive configuration files are read arbitrarily (or even in reverse) by hackers?

Solution:

3. Android simulation avoidance detection and response

0x1: speaker

Hu Wenjun, Xiao Xinhang

0x2: technical background

This topic is about how to "confront" the existing simulator detection technology, that is, how to make the existing simulator detection mechanism unable to detect the current simulator debugging through hacker means

Classification of detection technology

0x3: Key Technologies / technical difficulties in the topic

The basic idea of simulator detection is to check whether the current running environment conforms to the static and dynamic characteristics of the preset simulator. Therefore, in order to carry out targeted confrontation, hackers have two ideas of simulator transformation

Advantages and disadvantages of modifying source code

Android runtime hook framework

Characteristic

Tools used

0x4: technology related to similar principles

0x5: Thoughts on attack and defense

The detection of anti simulator behavior and the attack and defense confrontation of simulator detection technology, both sides of attack and defense are not constantly exploring the possible behaviors of the other side, which is a bit like the feeling of left-right interaction

In essence, the detection technology of simulator is a technology of perception and detection, which can identify the

Whether we want to determine the type of an object or whether a series of behaviors are intrusion behaviors, the key lies in whether the dimension basis we refer to is "accurate" enough, and whether we can simply and effectively distinguish 1 / 0 from the other two

At present, malicious code detection can be monitored. The difficulty lies in how to trigger more target program behaviors

For the detection of intrusion state mode, we can introduce some state ideas

4. Mysteries of kernel linked list

0x1: speaker

peter hlavaty

0x2: technical background 0x3: Key Technologies / technical difficulties in the topic

0x4: technology related to similar principles

0x5: Thoughts on attack and defense

Peter Hlavaty, a former ESET software engineer and now a senior researcher of keen, shared advanced knowledge about windows kernel heap mechanism and linked list, and analyzed how to use a kernel linked list related initialization vulnerability to conduct DWORD shut, and achieve memory coverage, kernel sensitive information acquisition and other goals

To be honest, I can only understand half of his English. It seems that it is not a slogan to learn English well in the field of safety, which is a very important thing

5. Signal discoverability -- what else can we do besides WiFi

0x1: speaker

Microelectronics and embedded R & D center of Antan Laboratory

0x2: technical background

For the security of radio frequency and wireless signal, in addition to the content security of data signal that we often discuss, the security of wireless signal itself (electromagnetic characteristics) also needs to be paid attention to

0x3: Key Technologies / technical difficulties in the topic

All wireless related devices, including smart home, WiFi signal, Bluetooth, remote control and other devices, are electromagnetic signals of a certain frequency band from the perspective of electromagnetic wave

Passive reception of these signals is very easy to achieve, even through a common TV stick

The solution of short range wireless signal communication protocol

0x4: technology related to similar principles

0x5: Thoughts on attack and defense

The protection of core information, or the protection of level 1 privacy information, often has targeted methods, but it is relatively difficult to defend against the security problems of channel measurement, level 3 and above information leakage, because the problem of input-output ratio is considered

6. Geekpwn2014

The first time I participated in geekpwn, I felt very shocked. The research on intelligent terminal equipment involves the knowledge of hardware code reverse / repackaging, network protocol analysis, interface vulnerability testing and other fields. If cloud computing is a reflection of the deepening of informatization, smart home is the best interpretation of the deepening of informatization in people's lives

In the round table interview on the last day of geekpwn and xcon, TK also said that the security research of such new things as smart home is essentially based on the original basic knowledge, but the form of expression has changed. Of course, for smart home, there are some new situations: there are many kinds of smart home, even if the same system is on different products, it will produce Different changes, therefore, the hacking behavior of smart home is often based on products, which also makes future security research more possible and surprising

Copyright (c) 2014 LittleHann All rights reserved