SlideShare uma empresa Scribd logo

CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Seidman

CODE BLUE
CODE BLUE

当マイクロソフトでは、社員がしばしば他のベンダー製品のセキュリティ上の問題を発見しており、その原因となるバグの修正のためには、製品のベンダーと一緒に解決を図る協調的な取り組みが必要であることを訴えている。マイクロソフト脆弱性調査 (MSVR) は、企業や研究者が脆弱性を発見し報告する際、マイクロソフトの対応方法を参考としてもらうことを支援するために制定された。MSVRは、この事前対策プログラムのライフタイムの間に重要なソフトウェア中の多数の脆弱性を修正する社内のバグハンターと協力するために重要な役割を演じてきている。我々のやり方を知れば、貴社で同様の脆弱性コーディネーションプログラムをどのように始めればよいか分かるだろう。 この講演では、MSVRの立ち上げ時の詳細な過程と、MSVRと同様の集中型プログラムを制定したい組織のための方法を取りあげる。弊社の技術者が発見しMSVRを通し報告したいくつかの脆弱性を技術的な点からベンダーと協力して脆弱性を修正し、その後、脆弱性に関するアドバイザリーを発行するまでを通しで説明する。

Apresentações e oratória
1 de 76
Baixar para ler offline
!  !  !  !  !  ! 
!  !  !  ! 
!  !  !  !  !  ! 
!  !  !  ! 
!  !  ! 
!  ! 
MSVR !  MSRC   !  Microso+  Security  Response  Center   !    !  Microso+  Bounty  Programs   !  Web     !   
MSVR !  HackerOne   !    !    !  Facebook  
MSVR !      !    !    !    !   
MSVR !    !    !    !   
MSVR !  Web   !  h>p://technet.microso+.com/en-­‐us/security/msvr   !    !   
!  Windows     !  Adobe  Reader,  Oracle  Java PC     !  PC   !    !    !  Reference:  h>p://download.microso+.com/download/5/0/3/50310CCE-­‐8AF5-­‐4FB4-­‐83E2-­‐03F1DA92F33C/Microso+_Security_Intelligence_Report_Volume_15_English.pdf  
!    !    !  DNS   !  SSL   !   
!  MSVR   !  Adobe,  AOL,  Apple,  Blackberry,  CA,  Cisco,  CiZbank,  Comodo,  Fidelity,  Google,   Hex-­‐Rays,  HP,  IBM,  Intel,  Intuit,  Lenovo,  Mozilla,  Nullso+,  Nvidia,  OpenOffice,   Opera,  Oracle,  PGP,  RealNetworks,  SAP,  Symantec,  VMware,  Wireshark,   WordPress,  Yahoo!   !   
!      !  0-­‐day   !    !    Reference:  h>p://blogs.technet.com/b/msrc/archive/2011/04/19/coordinated-­‐vulnerability-­‐disclosure-­‐from-­‐philosophy-­‐to-­‐pracZce.aspx  
!    !    !    !    !   
? !    !    !    !    !  :  Office Word PDF    Adobe  Reader   !    !    !   
!    !    !  SDL   !    XSS SQL   !      !  iPhone   !  ROI  
MSVR !  …   !  CVD   !  CVD:  Coordinated  Vulnerability  Disclosure  -­‐     ( “responsible  disclosure  -­‐   ” )   !  0-­‐day   !  MSVR   !  :     !  MSVR  
!    CVD   !    !  ( )     !  Microso+   ( )     !  Online  Service  ( )   !  MiZgaZon  Bypass  ( )   !  :   !    !   
MSVR
1:
1 : !  <insert  any  Windows  0day  full  disclosure  post  here  in  the  last  20  years>  
2: !  :   !    !    !    !    !    !    !   
2 : !  Windows   !  8   !  NumLock     !  8   !     
3: !  ?   !  SSL SSL ?   !  Web Internet  Explorer ?   !   
3 : 0-DAY !  Microso+ :         !  Bing   !  :  “Bing ”  
4: !  ( Web   !  ☺   !  PGP S/MIME   !  PGP …   !   
4 : !  :   ID   !  :   ID Web         !  :   ID     ?   !  :                 !  :                
5: !    !    !      !   
5 : ! !  6  
6: !    !    !  ” ” ☺  
6 : !  :   !    <   >   !  :   !  
7: MSVR !    !    !    !    !    !    !    MSVR  
7B: MSVR !   
: LIBAVCODEC !  MSVR12-­‐017   !  FFmpeg  Libavcodec   !  VLC WMA !   !      Reference:  h>p://technet.microso+.com/en-­‐us/security/msvr/msvr12-­‐017  
: LIBAVCODEC !  !Exploitable (Windbg)   libavcodec_plugin.dll WriteAV   !  VLC A/V   !  WMA    
: LIBAVCODEC
: LIBAVCODEC !  0x0001 0x0007   !  word ?   !  ?  
: LIBAVCODEC !  OffVis   !  “Microso+  Office  VisualizaZon  Tool(Offivis) IT doc*,  xls*,  ppt* Microso+  Office ”   !  Web   !    GUT   Reference:  h>p://www.microso+.com/en-­‐us/download/details.aspx?id=2096  
: LIBAVCODEC
: LIBAVCODEC !  !   !  ASF WMA   !  ASF “Number  of  Channels”   !  16bit   !  WAVEFORMATEX   !  “number  of  audio  channels”( )   !  0x0003 0x0008   !  0x0009 VLC WMA2     Reference:  h>p://msdn.microso+.com/en-­‐us/library/bb643323.aspx  
: LIBAVCODEC !  2   !  pop  ebx   !  call  dword  ptr[ebx+30h]   !    ?  ☺   !    !  ebx   !  call pop  
: LIBAVCODEC !  msvr@microso+.com     !  MSVR   !    !    !   
: LIBAVCODEC !  2012 5  
: LIBAVCODEC
: VMWARE !  MSVR13-­‐002   !  VMware  OVF  Tool   !   1:  VMware   ?   !  VMX   !  VMDK   !  OVF   !  …more   Reference:  h>p://technet.microso+.com/en-­‐us/security/msvr/msvr13-­‐002  
: VMWARE !  2:  OVF ?   !  (Open  Virtual  Machine  Format)   !  “   ”   Reference:  h>p://www.vmware.com/pdf/ovf_whitepaper_specificaZon.pdf  
: VMWARE !    XML   !  XML    
: VMWARE !  3:   VMware OVF ?   !  ov+ool.exe     !  VMware  player OVF  
: VMWARE  4:  OVFTool ?  
: VMWARE  5:     <?xml  version="1.0"  encoding="uy-­‐8"?>   <ovf:Envelope  xmlns:xsi="h>p://www.w3.org/2001/XMLSchema-­‐instance"  xmlns:ovf="%p. %p.%p.%p.%p.%p.%p.%p"  xmlns:vssd="h>p://schemas.dmy.org/wbem/wscim/1/cim-­‐ schema/2/CIM_VirtualSystemSe{ngData"     …   </ovf:Envelope>    
: VMWARE …  
: VMWARE
: BLACKBERRY PTG !  “Blackberry  Print  To  Go  Auth  Bypass”   !  ?   !  Blackberry  PTG ?   !  PC BlackBerry  Playbook ” ”   !  PC     PDF Playbook  
: BLACKBERRY PTG
: BLACKBERRY PTG !  Playbook   !  BlackBerry  ID( ID/ )   !  Playbook PTG   !  PIN Playbook   !    !  Playbook ” ” BlackBerry  
: BLACKBERRY PTG
: BLACKBERRY PTG !  1234 …     !  URL Web h>p://localhost:1234/myserverlet/   !    !   
: BLACKBERRY PTG !    !  1234    
: BLACKBERRY PTG
: BLACKBERRY PTG
: BLACKBERRY PTG
: BLACKBERRY PTG !  ?   !  Playbook   !  BlackBerry     BlackBerry  security   !  BlackBerry     !  “ BlackBerry  ID   ”   !  Playbook   !    !   
!    !    !    !   
!    !  Web     !    !  MSVR !  
MSVR !    !    !  ROI   !    !  ” ”   !  :  HackerOne ” ”  
!    !  (PGP   S/MIME)   !    !  !  
!    !    !    !    !   ( )   !    !    !   
! msvr@microso+.com  
©2014  Microso+  CorporaZon.  All  Rights  Reserved.   This  document  is  provided  "as-­‐is."  InformaZon  and  views  expressed  in  this   document,  including  URL  and  other  Internet  Web  site  references,  may  change   without  noZce.  You  bear  the  risk  of  using  it.  Some  examples  are  for  illustraZon   only  and  are  ficZZous.  No  real  associaZon  is  intended  or  inferred.  This  document   does  not  provide  you  with  any  legal  rights  to  any  intellectual  property  owned  by   Microso+.  You  may  copy  and  use  this  document  for  your  internal,  reference   purposes.  

Recomendados

CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Http
HttpHttp
Http
nando2207
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource tools
Security B-Sides
 
Cryptography implementation weaknesses: based on true story
Cryptography implementation weaknesses: based on true storyCryptography implementation weaknesses: based on true story
Cryptography implementation weaknesses: based on true story
Vlatko Kosturjak
 
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
Tim Hsu
 
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
jack51706
 
儲かるドキュメント
儲かるドキュメント儲かるドキュメント
儲かるドキュメント
Yoshiki Shibukawa
 

Recomendados

CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Http
HttpHttp
Http
nando2207
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource tools
Security B-Sides
 
Cryptography implementation weaknesses: based on true story
Cryptography implementation weaknesses: based on true storyCryptography implementation weaknesses: based on true story
Cryptography implementation weaknesses: based on true story
Vlatko Kosturjak
 
如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全如何利用 Docker 強化網站安全
如何利用 Docker 強化網站安全
Tim Hsu
 
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
jack51706
 
儲かるドキュメント
儲かるドキュメント儲かるドキュメント
儲かるドキュメント
Yoshiki Shibukawa
 
Download idm
Download idmDownload idm
Download idm
Sentot Kurniawan
 
"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов
"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов
"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов
HackIT Ukraine
 
Lange
LangeLange
Lange
Droidcon Berlin
 
Bobby97
Bobby97Bobby97
Bobby97
bpantuso
 
Wordpress Security 101
Wordpress Security 101Wordpress Security 101
Wordpress Security 101
Robert Rowley
 
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
CODE BLUE
 
Puertos
PuertosPuertos
Puertos
Eddy Pacheco
 
What happens when firefox crashes?
What happens when firefox crashes?What happens when firefox crashes?
What happens when firefox crashes?
Erik Rose
 
State of Web APIs 2017
State of Web APIs 2017State of Web APIs 2017
State of Web APIs 2017
Carsten Sandtner
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
Men and Mice
 
Speech-Enabling Web Apps
Speech-Enabling Web AppsSpeech-Enabling Web Apps
Speech-Enabling Web Apps
Mojo Lingo
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
Men and Mice
 
Transforming WebSockets
Transforming WebSocketsTransforming WebSockets
Transforming WebSockets
Arnout Kazemier
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
Men and Mice
 
Make the Cloud Less Cloudy: A Perspective for Software Development Teams
Make the Cloud Less Cloudy: A Perspective for Software Development TeamsMake the Cloud Less Cloudy: A Perspective for Software Development Teams
Make the Cloud Less Cloudy: A Perspective for Software Development Teams
TechWell
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
SiteGround.com
 
Web mapping with vector data. Is it the future ? 2012
Web mapping with vector data. Is it the future ? 2012Web mapping with vector data. Is it the future ? 2012
Web mapping with vector data. Is it the future ? 2012
Moullet
 
T
TT
T
guest3b5b4e
 
Internet, Web and Freedom
Internet, Web and FreedomInternet, Web and Freedom
Internet, Web and Freedom
Paolo Massa
 
Play withmultimedia mac
Play withmultimedia macPlay withmultimedia mac
Play withmultimedia mac
Maso Lin
 
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Puppet
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror Stories
EC-Council
 

Mais conteúdo relacionado

Mais procurados

"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов
"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов
"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов
HackIT Ukraine
 
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
CODE BLUE
 

Mais procurados (7)

Download idm
Download idmDownload idm
Download idm
 
"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов
"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов
"Безопасные Биткоин-транзакции без специального оборудования", Алексей Каракулов
 
Lange
LangeLange
Lange
 
Bobby97
Bobby97Bobby97
Bobby97
 
Wordpress Security 101
Wordpress Security 101Wordpress Security 101
Wordpress Security 101
 
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015
 
Puertos
PuertosPuertos
Puertos
 

Semelhante a CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Seidman

Make the Cloud Less Cloudy: A Perspective for Software Development Teams
Make the Cloud Less Cloudy: A Perspective for Software Development TeamsMake the Cloud Less Cloudy: A Perspective for Software Development Teams
Make the Cloud Less Cloudy: A Perspective for Software Development Teams
TechWell
 
Play withmultimedia mac
Play withmultimedia macPlay withmultimedia mac
Play withmultimedia mac
Maso Lin
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror Stories
EC-Council
 
A DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMFA DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMF
MapMyFitness
 
HTML5 is the Future of Mobile, PhoneGap Takes You There Today
HTML5 is the Future of Mobile, PhoneGap Takes You There TodayHTML5 is the Future of Mobile, PhoneGap Takes You There Today
HTML5 is the Future of Mobile, PhoneGap Takes You There Today
davyjones
 

Semelhante a CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Seidman (20)

What happens when firefox crashes?
What happens when firefox crashes?What happens when firefox crashes?
What happens when firefox crashes?
 
State of Web APIs 2017
State of Web APIs 2017State of Web APIs 2017
State of Web APIs 2017
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 
Speech-Enabling Web Apps
Speech-Enabling Web AppsSpeech-Enabling Web Apps
Speech-Enabling Web Apps
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
Transforming WebSockets
Transforming WebSocketsTransforming WebSockets
Transforming WebSockets
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
 
Make the Cloud Less Cloudy: A Perspective for Software Development Teams
Make the Cloud Less Cloudy: A Perspective for Software Development TeamsMake the Cloud Less Cloudy: A Perspective for Software Development Teams
Make the Cloud Less Cloudy: A Perspective for Software Development Teams
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
 
Web mapping with vector data. Is it the future ? 2012
Web mapping with vector data. Is it the future ? 2012Web mapping with vector data. Is it the future ? 2012
Web mapping with vector data. Is it the future ? 2012
 
T
TT
T
 
Internet, Web and Freedom
Internet, Web and FreedomInternet, Web and Freedom
Internet, Web and Freedom
 
Play withmultimedia mac
Play withmultimedia macPlay withmultimedia mac
Play withmultimedia mac
 
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror Stories
 
A DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMFA DevOps Perspective: MongoDB & MMF
A DevOps Perspective: MongoDB & MMF
 
HTML5 is the Future of Mobile, PhoneGap Takes You There Today
HTML5 is the Future of Mobile, PhoneGap Takes You There TodayHTML5 is the Future of Mobile, PhoneGap Takes You There Today
HTML5 is the Future of Mobile, PhoneGap Takes You There Today
 
Change by HTML5
Change by HTML5Change by HTML5
Change by HTML5
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades short
 
An Empirical Study on the Risks of Using Off-the-Shelf Techniques for Process...
An Empirical Study on the Risks of Using Off-the-Shelf Techniques for Process...An Empirical Study on the Risks of Using Off-the-Shelf Techniques for Process...
An Empirical Study on the Risks of Using Off-the-Shelf Techniques for Process...
 

Mais de CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
CODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
CODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
CODE BLUE
 

Mais de CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Último

BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Kayode Fayemi
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 

Último (20)

Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 

CODE BLUE 2014 : マイクロソフトの脆弱性調査 : ベンダーでありながら発見者となるために by デイヴィッド・シードマン David Seidman

  • 1.
  • 6.
  • 9. MSVR !  MSRC   !  Microso+  Security  Response  Center   !    !  Microso+  Bounty  Programs   !  Web     !   
  • 10. MSVR !  HackerOne   !    !    !  Facebook  
  • 11. MSVR !      !    !    !    !   
  • 12. MSVR !    !    !    !   
  • 13. MSVR !  Web   !  h>p://technet.microso+.com/en-­‐us/security/msvr   !    !   
  • 14. !  Windows     !  Adobe  Reader,  Oracle  Java PC     !  PC   !    !    !  Reference:  h>p://download.microso+.com/download/5/0/3/50310CCE-­‐8AF5-­‐4FB4-­‐83E2-­‐03F1DA92F33C/Microso+_Security_Intelligence_Report_Volume_15_English.pdf  
  • 15. !    !    !  DNS   !  SSL   !   
  • 16. !  MSVR   !  Adobe,  AOL,  Apple,  Blackberry,  CA,  Cisco,  CiZbank,  Comodo,  Fidelity,  Google,   Hex-­‐Rays,  HP,  IBM,  Intel,  Intuit,  Lenovo,  Mozilla,  Nullso+,  Nvidia,  OpenOffice,   Opera,  Oracle,  PGP,  RealNetworks,  SAP,  Symantec,  VMware,  Wireshark,   WordPress,  Yahoo!   !   
  • 17. !      !  0-­‐day   !    !    Reference:  h>p://blogs.technet.com/b/msrc/archive/2011/04/19/coordinated-­‐vulnerability-­‐disclosure-­‐from-­‐philosophy-­‐to-­‐pracZce.aspx  
  • 18. !    !    !    !    !   
  • 19. ? !    !    !    !    !  :  Office Word PDF    Adobe  Reader   !    !    !   
  • 20. !    !    !  SDL   !    XSS SQL   !      !  iPhone   !  ROI  
  • 21. MSVR !  …   !  CVD   !  CVD:  Coordinated  Vulnerability  Disclosure  -­‐     ( “responsible  disclosure  -­‐   ” )   !  0-­‐day   !  MSVR   !  :     !  MSVR  
  • 22. !    CVD   !    !  ( )     !  Microso+   ( )     !  Online  Service  ( )   !  MiZgaZon  Bypass  ( )   !  :   !    !   
  • 23. MSVR
  • 24. 1:
  • 25. 1 : !  <insert  any  Windows  0day  full  disclosure  post  here  in  the  last  20  years>  
  • 26. 2: !  :   !    !    !    !    !    !    !   
  • 27. 2 : !  Windows   !  8   !  NumLock     !  8   !     
  • 28. 3: !  ?   !  SSL SSL ?   !  Web Internet  Explorer ?   !   
  • 29. 3 : 0-DAY !  Microso+ :         !  Bing   !  :  “Bing ”  
  • 30. 4: !  ( Web   !  ☺   !  PGP S/MIME   !  PGP …   !   
  • 31. 4 : !  :   ID   !  :   ID Web         !  :   ID     ?   !  :                 !  :                
  • 32. 5: !    !    !      !   
  • 33. 5 : ! !  6  
  • 34. 6: !    !    !  ” ” ☺  
  • 35. 6 : !  :   !    <   >   !  :   !  
  • 36. 7: MSVR !    !    !    !    !    !    !    MSVR  
  • 37.
  • 39.
  • 40. : LIBAVCODEC !  MSVR12-­‐017   !  FFmpeg  Libavcodec   !  VLC WMA !   !      Reference:  h>p://technet.microso+.com/en-­‐us/security/msvr/msvr12-­‐017  
  • 41. : LIBAVCODEC !  !Exploitable (Windbg)   libavcodec_plugin.dll WriteAV   !  VLC A/V   !  WMA    
  • 43. : LIBAVCODEC !  0x0001 0x0007   !  word ?   !  ?  
  • 44. : LIBAVCODEC !  OffVis   !  “Microso+  Office  VisualizaZon  Tool(Offivis) IT doc*,  xls*,  ppt* Microso+  Office ”   !  Web   !    GUT   Reference:  h>p://www.microso+.com/en-­‐us/download/details.aspx?id=2096  
  • 46. : LIBAVCODEC !  !   !  ASF WMA   !  ASF “Number  of  Channels”   !  16bit   !  WAVEFORMATEX   !  “number  of  audio  channels”( )   !  0x0003 0x0008   !  0x0009 VLC WMA2     Reference:  h>p://msdn.microso+.com/en-­‐us/library/bb643323.aspx  
  • 47. : LIBAVCODEC !  2   !  pop  ebx   !  call  dword  ptr[ebx+30h]   !    ?  ☺   !    !  ebx   !  call pop  
  • 48. : LIBAVCODEC !  msvr@microso+.com     !  MSVR   !    !    !   
  • 51. : VMWARE !  MSVR13-­‐002   !  VMware  OVF  Tool   !   1:  VMware   ?   !  VMX   !  VMDK   !  OVF   !  …more   Reference:  h>p://technet.microso+.com/en-­‐us/security/msvr/msvr13-­‐002  
  • 52. : VMWARE !  2:  OVF ?   !  (Open  Virtual  Machine  Format)   !  “   ”   Reference:  h>p://www.vmware.com/pdf/ovf_whitepaper_specificaZon.pdf  
  • 53. : VMWARE !    XML   !  XML    
  • 54. : VMWARE !  3:   VMware OVF ?   !  ov+ool.exe     !  VMware  player OVF  
  • 55. : VMWARE  4:  OVFTool ?  
  • 56. : VMWARE  5:     <?xml  version="1.0"  encoding="uy-­‐8"?>   <ovf:Envelope  xmlns:xsi="h>p://www.w3.org/2001/XMLSchema-­‐instance"  xmlns:ovf="%p. %p.%p.%p.%p.%p.%p.%p"  xmlns:vssd="h>p://schemas.dmy.org/wbem/wscim/1/cim-­‐ schema/2/CIM_VirtualSystemSe{ngData"     …   </ovf:Envelope>    
  • 59. : BLACKBERRY PTG !  “Blackberry  Print  To  Go  Auth  Bypass”   !  ?   !  Blackberry  PTG ?   !  PC BlackBerry  Playbook ” ”   !  PC     PDF Playbook  
  • 61. : BLACKBERRY PTG !  Playbook   !  BlackBerry  ID( ID/ )   !  Playbook PTG   !  PIN Playbook   !    !  Playbook ” ” BlackBerry  
  • 63. : BLACKBERRY PTG !  1234 …     !  URL Web h>p://localhost:1234/myserverlet/   !    !   
  • 64. : BLACKBERRY PTG !    !  1234    
  • 68. : BLACKBERRY PTG !  ?   !  Playbook   !  BlackBerry     BlackBerry  security   !  BlackBerry     !  “ BlackBerry  ID   ”   !  Playbook   !    !   
  • 69. !    !    !    !   
  • 70. !    !  Web     !    !  MSVR !  
  • 71. MSVR !    !    !  ROI   !    !  ” ”   !  :  HackerOne ” ”  
  • 72. !    !  (PGP   S/MIME)   !    !  !  
  • 73. !    !    !    !    !   ( )   !    !    !   
  • 74.
  • 76. ©2014  Microso+  CorporaZon.  All  Rights  Reserved.   This  document  is  provided  "as-­‐is."  InformaZon  and  views  expressed  in  this   document,  including  URL  and  other  Internet  Web  site  references,  may  change   without  noZce.  You  bear  the  risk  of  using  it.  Some  examples  are  for  illustraZon   only  and  are  ficZZous.  No  real  associaZon  is  intended  or  inferred.  This  document   does  not  provide  you  with  any  legal  rights  to  any  intellectual  property  owned  by   Microso+.  You  may  copy  and  use  this  document  for  your  internal,  reference   purposes.  

Notas do Editor

  1. If you happen to work at a company that produces lots of different products, you may not only being looking for bugs in your own code, but also in other vendor’s products as well I’ll show you how it’s possible to have a coordinated approach to getting bugs fixed outside your company, which is especially valuable if your platform supports or relies on them
  2. High level of what we’re doing now David is working on new ways to handle authentication that don’t depend on humans generating and remembering text for their security
  3. MSVR is a program within Microsoft that handles bugs in non-Microsoft software Bugs are usually found and submitted by security researchers at Microsoft across the divisions and this program coordinates fixes and advisories with the third-party vendors
  4. MSVR is a program within Microsoft that handles bugs in non-Microsoft software Bugs are usually found and submitted by security researchers at Microsoft across the divisions and this program coordinates fixes and advisories with the third-party vendors
  5. More on this later
  6. Reference for Reader+Java remark = SIR
  7. Example: Subtle bug in BIND DNS Server that could affect Microsoft DNS Server
  8. Reference: “Microsoft Vulnerability Research: Playing Well with Others Since 2009”
  9. This is not about trying to force companies or researchers to work with us, but rather make sure we also live up to Microsoft’s standards and work to make everyone involved happy
  10. Not complete but gives you a picture of the circumstances in which we tend to find vulnerabilities
  11. Key point: it is okay to use company resources and tools to find vulnerabilities on company time, as long as you also do your job Bugs that are below the bar still have some requirements (see later slide) but MSVR doesn’t have resources to help report them.
  12. CVD ensures the vendor is notified and given a reasonable amount of time to fix CVD requirement is actually in our employee handbook
  13. CVD ensures the vendor is notified and given a reasonable amount of time to fix CVD requirement is actually in our employee handbook
  14. Also logged in a tracking database Or send a mail to msvr@Microsoft
  15. Qualifying bug = high enough severity, Microsoft platform We don’t want to waste others’ time with incorrect or nonspecific reports If the bug is a design flaw, maybe you have an idea to design it better
  16. Human error doesn’t really qualify here
  17. Hypothetical example
  18. Lots of legwork here
  19. Optional for MSVR The finder always has an option to release their own content too, as long as the vendor has patched The idea here is to attract attention to noteworthy vulnerabilities that may not otherwise attract it. E.g. we may not need to do an advisory for an Adobe issue because it’s something everyone already knows about (unless it’s under attack), nor an advisory for an XSS flaw where there’s no user action, but might do one for a vuln in a common piece of software that isn’t often patched.
  20. There’s a tension between wanting to avoid warning the world when the danger isn’t that high, while still wanting to provide credit to your people. Having two advisory forms lets us do both.
  21. http://technet.microsoft.com/en-us/security/msvr/msvr12-017
  22. http://technet.microsoft.com/en-us/security/msvr/msvr12-017
  23. http://technet.microsoft.com/en-us/security/msvr/msvr12-017
  24. http://technet.microsoft.com/en-us/security/msvr/msvr12-017
  25. http://technet.microsoft.com/en-us/security/msvr/msvr12-017 This is one of the tools we use in MMPC (Microsoft Malware Protection Center) to analyze and visualize file formats
  26. http://technet.microsoft.com/en-us/security/msvr/msvr12-017
  27. http://technet.microsoft.com/en-us/security/msvr/msvr13-002
  28. http://technet.microsoft.com/en-us/security/msvr/msvr13-002
  29. http://technet.microsoft.com/en-us/security/msvr/msvr13-002
  30. http://technet.microsoft.com/en-us/security/msvr/msvr13-002
  31. Imports and exports OVF files
  32. Partial paste of PoC adjusted from a fuzzer-mutated OVF file The xmlsns:ovf envelope property is malformed; instead of pointing to the ovf schema url, it’s full of %p’s, which when interrupted by a function that takes format specifies, will print values as pointers
  33. http://technet.microsoft.com/en-us/security/msvr/msvr12-017
  34. Enter a random pin/password number here
  35. We didn’t have a BB Playbook to test
  36. Their team likely has access to internal knowledge about BB products, so they could see further than we could on if this was an issue or not Thanks BlackBerry Security team!
  37. Why use your own program instead of brokers? Maybe your company has some great resources you can utilize to make bug hunting more interesting and efficient If we all do this it’s good for everyone. Even if we don’t all do it, it’s still good just for you.
  38. We understand complex software and know which fixes should and should not take a long time
  39. We understand complex software and know which fixes should and should not take a long time