SlideShare uma empresa Scribd logo

HTML5 Security & Headers - X-Crawling-Response-Header -  by Tomoyuki Shigemori

CODE BLUE
CODE BLUE

HTML 5 enables data storage within the website visitor’s browser , bidirectional communication between the client and server, the gathering of location information all of which allow for a highly usable website however all of these new technologies can also be leveraged by malicious actors and the impact that this will affect the visitors to the site are not being fully discussed or researched and there is a significant danger that the technology will be widely adapted without sufficient security precautions. At JPCERT/CC we have issued a report titled “Security issues and findings regarding web applications using HTML 5.” In this report we outline items that should be considered in the development of web application using HTML5 and security issues that arise when transitioning web applications to HTML 5. The goal of the report is to disclose all our findings in an organised fashion and enable web security researchers and web application developers to have a basic foundational document. In this presentation I will present based on the report and through demos, security issues to consider when developing web applications using HTML 5. Also I will present our findings regarding the current state of security of HTML 5 usage based on the data of 95000 website’s response headers. Tomoyuki Shigemori Tomoyuki Shigemori is an Information Security Analyst of Watch and Warning Group at JPCERT/CC (Japan Computer Emergency Response Team Coordination Center). His expertise lies in information gathering and providing early warnings on cyber threats to relevant organizations including governmental entities and infrastructures. He has delivered presentations in many conferences such as Open Source Conference 2013, Enterprise and Parallels Summit 2013 Japan. He has also contributed as a coauthor in publishing “How to protect your business from cyber attacks (NTT Publishing)” and some other books.

Tecnologia
1 de 43
Baixar para ler offline
HTML5 Security & Headers - X-Crawling-Response-Header- JPCERT Coordination Center Watch and Warning Group, Information Security Analyst Tomoyuki Shigemori
Copyright©2014 JPCERT/CC All rights reserved. Overview of JPCERT/CC Japan Computer Emergency Response Team Coordination Center • Founded in 1996 • An independent, non-profit organization • National CSIRT (Computer Security Incident Response Team) • Coordination center  JPCERT/CC, as a national CSIRT, monitors computer security incidents at a national level, identifies and handles incidents that could affect the economy and critical infrastructures, and warns critical stakeholders and the nation about computer security threats.  JPCERT/CC, as a coordination center, provides technical support in response to computer security incidents through coordination with other local and overseas CSIRTs. 1
Copyright©2014 JPCERT/CC All rights reserved. Overview of JPCERT/CC - 3 pillars and 4 foundations -Prevent -Vulnerability Information Handling Monitor -Information gathering / analysis / sharing -Internet Traffic Monitoring Respond - Incident Handling Early Warning Information Information sharing with critical infrastructure enterprises, etc. CSIRT Establishment Support Capacity building for internal CSIRTs in enterprises / overseas national CSIRTs Artifact Analysis Analysis on attack methods / behavior of malware (unauthorized program) International Collaboration Collaboration with overseas organizations for smoother handling of incidents and vulnerabilities  Coordinate with developers on unknown vulnerability information  Secure Coding  Mitigating the damage through efficient incident handling  Information sharing to prevent similar incidents  Alerts / Advisories 2
Copyright©2014 JPCERT/CC All rights reserved. What is HTML5? HTML5 is the next HTML standard. HTML5 enables us to build more flexible and highly convenient websites. It allows us to store data within the visitor’s browser, enables full-duplex communication between the visitor’s browser and web servers, obtain location information of the visitor, etc. It is becoming widely utilized in Asia-Pacific region including Japan. Major browsers are compatible with HTML5 (Some functions are not enabled). 3 Cross-domain Communication Full-duplex Communication Browser- Embedded MultimediaUI Enhancements Acceleration Online Application
Copyright©2014 JPCERT/CC All rights reserved. What is HTML5? 4 While HTML5 enhances browser capabilities, it also brings new security concerns which were not an issue in previous versions of HTML. The possible impacts are not fully verified or widely known, which may affect users by attackers leveraging the security flaws of these new architectures. DoS Information Leakage XSSCSRF Open Redirect HTML5 is the next HTML standard. HTML5 enables us to build more flexible and highly convenient websites. It allows us to store data within the visitor’s browser, enables full-duplex communication between the visitor’s browser and web servers, obtain location information of the visitor, etc. It is becoming widely utilized in Asia-Pacific region including Japan. Major browsers are compatible with HTML5 (Some functions are not enabled).
Copyright©2014 JPCERT/CC All rights reserved. Research Report on Security Issues of HTML5 Japanese version was published on October 2013 and English version will be coming up soon. https://www.jpcert.or.jp/research/html5.html (Japanese ver.) 5
Copyright©2014 JPCERT/CC All rights reserved. Research Report Terms of Use The report is expected to be utilized as… Technical paper, basic information for guidelines Material for study meetings Reference for seminars For citing or reproducing the original document, please refer to the following: JPCERT/CC Terms of use https://www.jpcert.or.jp/guide.html (Japanese only) Sample) Source: JPCERT Coordination Center “Technical research report on security issue of web applications utilizing HTML5” https://www.jpcert.or.jp/research/HTML5-20131030.pdf 6
Copyright©2014 JPCERT/CC All rights reserved.7 JavaScript API XMLHttpRequest
Copyright©2014 JPCERT/CC All rights reserved. XMLHttpRequest(XHR) Summary 8 XMLHttpRequest (XHR) : —an API to communicate with HTTP using JavaScript —enables interactive web contents by asynchronous communication —widely used due to increased usage of AJAX —this function could only communicate with same origin in versions earlier than HTML5 Java Script ' Access-Control-Allow-Origin' : authorized origin or ‘*’ (wildcard) example.jp other.example.jp ' Origin' : loaded by the original source In order to allow Cookie, “Access-Control-Allow-Credentials” needs to be configured ※Origin : combination of host name, protocol and port number
Copyright©2014 JPCERT/CC All rights reserved. Current Status of HTML5 9
Copyright©2014 JPCERT/CC All rights reserved. Previous Survey Results Survey against 2,359 sites was conducted on November 2012 How about Cross-Origin Resource Sharing (CORS) headers with values other than ' Access-Control-Allow-Origin’? 10 Source:http://www.veracode.com/blog/2012/11/security-headers-report/ 0.25% of websites supports CORS
Copyright©2014 JPCERT/CC All rights reserved. Fact-Finding on Websites utilizing HTML5 Following points were checked: —CORS headers (*1) —Headers with security features (*2) Approach to fact-finding —Crawl top page of websites on Alexa Top 1,000,000 (*3) —Check the HTTP header of the curl command response —If the website redirects to other points, final redirection point will be surveyed —Origin request header will be added to the sending request —Survey was conducted from 2013/12/26 to 2013/12/30 11 (*1) Response header which starts with ’Access-Control-’on headers used by CORS (*2) Specific headers with security features introduced in the research report (*3) http://www.alexa.com/topsites
Copyright©2014 JPCERT/CC All rights reserved. CORS Headers Access-Control-Allow-Origin —Specifies the Origin that is allowed to access to resource Access-Control-Allow-Credentials —Configured ‘true’ for permission on accessing to response towards requests with authentication information such as Cookie Access-Control-Expose-Headers —Specifies the header which the browser can use Access-Control-Allow-Methods (preflight) —Specifies the method which allows transmission Access-Control-Allow-Headers (preflight) —Specifies the header which allows transmission Access-Control-Max-Age (preflight) —Specifies the time to cache a preflight response 12
Copyright©2014 JPCERT/CC All rights reserved. Headers with Security Features X-XSS-Protection —Protects from XSS attack X-Frame-Options —Manages contents in accordance with the configuration in Content-Type header X-Frame-Options —Restricts embedding into a frame such as iframe Content-Security-Policy —Restricts the sources of contents to be loaded Content-Disposition —Controls download dialog of a file Strict-Transport-Security —Enforces the use of secure HTTPS connections 13
Copyright©2014 JPCERT/CC All rights reserved. Key Findings 14
Copyright©2014 JPCERT/CC All rights reserved. Current status on CORS 15 Number of websites which responded was 949,217 sites. Number of CORS enabled websites(*) was 7,218 sites. Only 0.76% of the websites had CORS enabled. 0 1000 2000 3000 4000 5000 6000 7000 8000 CORS Headers (Access-Control-xxx) 941999 7218 CORS enabled websites 非対応 対応 (*) Websites which returned headers related to CORS Not enabled Enabled
Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin 5.4% of the websites were configured improperly. If improperly configured, the value will be invalid and “Access-Control-Allow-Origin” will not work properly. 16 6650 377 ‘Access-Control-Allow- Origin’ Configuration 正しい設定 誤った設定 4741 1909 Value Configured(with proper configuration) * オリジン Proper Configuration Improper Configuration Origin
Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin Proper Configuration — scheme://host[:port][ scheme://host[:port]]* (※1) — null — * Improper configuration sample(either of the settings will be invalid) — No scheme: example.com — Multiple configuration with comma breaking: http://example1.com,http://example2.com — Wildcard usage: http://*.example.com — ‘/’ inserted at the end of origin :http://example.com/ — Multiple header: http://example1.com http://example2.com Attention!! Without the knowledge of proper configuration on how to add headers, it may weaken the authorization and create vulnerabilities. ※1:Some browsers forbid origin configuration with space breaking 17
Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin Websites with proper ‘Access-Control-Allow-Origin’ were configured as follows: —Approximately 71% configured to ‘*’ ⇒allows CORS from any website —Approximately 29% configured ‘origin’ ⇒CORS is only allowed from the website specified by the origin header 18 6650 377 ‘Access-Control-Allow- Origin’ Configuration 正しい設定 誤った設定 4741 1909 Value Configured(with proper configuration) * オリジン Proper Configuration Improper Configuration Origin
Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Credentials Websites enabling Access-Control-Allow-Credentials were 22% out of all of the CORS websites. Value set to ‘true’ is only valid. Value other than that operates as it is not set to ‘true’. Furthermore, there were several websites which value is set to ‘false’. 19 5622 1525 71 Access-Control-Allow-Credentials 設定なし TRUE FALSE No Configuration
Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Credentials In case ‘true’ is specified on Access-Control-Allow- Credentials, the value ‘*’ cannot be used for Access-Control- Allow-Origin. However,163 sites were configured to ‘*’. Please check beforehand whether it operates as it is intended!! 20 4573 163 4 Access-Control-Allow- Credentials 設定なし TRUE FALSE 599 1250 2 Access-Control-Allow- Credentials 設定なし TRUE FALSE Websites with value ‘*’ configured to Access-Control-Allow-Origin Websites with proper origin to ‘Access-Control-Allow-Origin’ No Configuration No Configuration
Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Credentials Within the 68% of the websites for which the origin was set in Access-Control-Allow-Origin, ‘true’ was configured in Access-Control-Allow-Credentials. 21 4573 163 4 Access-Control-Allow- Credentials 設定なし TRUE FALSE 599 1250 2 Access-Control-Allow- Credentials 設定なし TRUE FALSE Websites with value ‘*’ configured to Access-Control-Allow-Origin Websites with proper origin to Access-Control-Allow-Origin No Configuration No Configuration
Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin If the response header returned is as shown above, JavaScript loaded from http://example.com will operate as same as the client browser. ⇒ When arbitrary JavaScript can be executed from a website specified in Access-Control-Allow-Origin, it may become very dangerous. Then, is it safe if this vulnerability does not exist? 22 Sample of sending response header:for ‘true’ Access-Control-Allow-Origin: http://example.com Access-Control-Allow-Credentials: true 599 1250 2 Access-Control-Allow- Credentials 設定なし TRUE FALSE Websites with value ‘*’ configured in Access-Control-Allow-Origin No Configuration
Copyright©2014 JPCERT/CC All rights reserved. Mashup Example 23 Mr. X’s image Mashup origin site Mashup site B Mashup site A Use favorite image as background. Provide favorite image related products. Origin: site A Origin: site B In order to allow Cookie added CORS to each site, generate value in Access- Control-Allow-Origin dynamically. A-C-Allow-Origin:siteB A-C-Allow-Credentials:true A-C-Allow-Origin: siteA A-C-Allow-Credentials:true Cookie
Copyright©2014 JPCERT/CC All rights reserved. How can attacker leverage this? 24 Mr. X’s photo Mashup origin site evil web site (evil.examle.com) Origin: http://evil.example.com send outside Information Leakage Mr. X A-C-Allow-Origin: http://evil.example.com A-C-Allow-Credentials:true Cookie
Copyright©2014 JPCERT/CC All rights reserved. Cross Origin Request utilizing XHR2 Sample Advisory 25 IPA Lectures on secure coding Web Application course https://www.ipa.go.jp/security/awareness/vendor/programmingv2/contents/704.html
Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin 194 sites inherited the value from the original origin header and configured in Access-Control-Allow-Origin header and sent it back!! Data may be intercepted if the user authenticated web page is configured as aforementioned. Furthermore, it may bypass CSRF token protection. 26 194 1056 Actual value of Allow-Origin http://example.com Other origin Actual request sent by the survey: GET / HTTP/1.1 HOST: <target> Origin: http://example.com
Copyright©2014 JPCERT/CC All rights reserved. Password Change by CSRF 27 token=2a8bc84e token=2a8bc84e GET /passwd HTTP/1.1 Origin: http://evil.com POST /passwd HTTP/1.1 newpwd=infected& Issue a token Cookie Cookie Verify the token Java Script Access-Control-Allow-Origin: http://evil.com Access-Control-Allow-Credentials: true Origin: http://evil.com Obtain token by JavaScript XHR Password Changed
Copyright©2014 JPCERT/CC All rights reserved. token=2a8bc84e GET /passwd HTTP/1.1 Origin: http://evil.com Verify & Restriction Cookie Java Script XHR Issue a token Access-Control-Allow-Origin: http://evil.com Access-Control-Allow-Credentials: true JavaScript cannot access to token Restriction on permitted page — Access-Control-Allow-Origin and Access-Control-Allow-Credentials should not be added to a web page which is not intended to be open to the public. (i.e. Configuration Change Page, Password Change Page) Verify origin header — In case of allowing particular web sites, verify the value of the Origin and then only add Access-Control-Allow-Origin and Access-Control-Allow- Credentials as necessary. Proper Configuration 28
Copyright©2014 JPCERT/CC All rights reserved.29 Restriction on permitted page — Access-Control-Allow-Origin and Access-Control-Allow-Credentials should not be added to a web page which is not intended to be open to the public. (i.e. Configuration Change Page, Password Change Page) Configuration examples Verify the origin header In case of allowing particular web sites, verify the value of the Origin and then only add Access-Control-Allow-Origin and Access-Control-Allow- Credentials as necessary. <FilesMatch “¥.(jpeg|gif|png|img)$”> SetEnvIf Origin “^https?://.*$” ORIGIN=$0 Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN </FilesMatch> Ex: Allow usage of the resource only by an image file SetEnvIf Origin “^https?://.*¥.example¥.com$” ORIGIN=$0 Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN Ex: Only allow requests from sub domains of example.com to use the resource ※ Based on the application specification, consideration on proper configuration and sufficient testing is required upon applying this configuration.
Copyright©2014 JPCERT/CC All rights reserved. Headers with Security Features 30
Copyright©2014 JPCERT/CC All rights reserved. X-XSS-Protection Most sites with X-XSS-Protection enabled were configured to ‘1’;mode=block (Enable protection filter, blank page was displayed upon detection) 514 websites configured to ‘0’ (disabled) Attention!! Disabling the XSS Protection should be restricted to specific web pages such as a page having false-positive issues. 31 100 44169 514 1 1; mode=block 0 44783 904434 設定あり 設定なし Configured Not configured
Copyright©2014 JPCERT/CC All rights reserved. Strict-Transport-Security 20,720 sites out of all sites were redirected to HTTPS. 1,754 sites configured HSTS. Over half of the sites configured max-age to 1 year. Attention!! If max-age is configured to ‘0’ , this website will be deleted from HSTS list of the browser. 32 1754 18966 HSTS configured HSTS not configured 969 187 119 93 49 337 max-age value 31536000 2592000 15768000 0 16070400 Other
Copyright©2014 JPCERT/CC All rights reserved.33 Conclusion
Copyright©2014 JPCERT/CC All rights reserved. Conclusion While HTML5 enhances browser capabilities, there are multiple architectural issues which we should be aware of upon use. Please refer to “Technical research report on security issue of web applications utilizing HTML5” for developing secure web applications. Any inquiries are welcome. Please contact to 34 JPCERT Coordination Center Email:ww-info@jpcert.or.jp Tel:+81-3-3518-4600 Web: https://www.jpcert.or.jp/
Copyright©2014 JPCERT/CC All rights reserved.35 Appendix
Copyright©2014 JPCERT/CC All rights reserved. Custom HTTP header X-Recruiting: We’re looking for talented people, join us: <URL>(We have cookies!) X-Recruiting: Like HTTP headers? Come write ours: <URL> x-poetry: Choose Life. Choose a job. Choose a career. X-<CompanyName>-jobs: you’re reading this … come work at xxx! Were-currently-looking-for-devs-like-you: Tweet @xxx for job details. 36
Copyright©2014 JPCERT/CC All rights reserved. X-Want-A-Job-With-Us response header 37
Copyright©2014 JPCERT/CC All rights reserved. discem file type 38 output to a file Compressed file…. :-c
Copyright©2014 JPCERT/CC All rights reserved. extraction by bzip2 39 extraction confirm file type ASCII! Readable!!
Copyright©2014 JPCERT/CC All rights reserved. finish? 40 rotate …
Copyright©2014 JPCERT/CC All rights reserved. perl 41
Copyright©2014 JPCERT/CC All rights reserved.42 Thank you for your attention

Recomendados

NTCIR-12 MobileClick-2 Overview
NTCIR-12 MobileClick-2 OverviewNTCIR-12 MobileClick-2 Overview
NTCIR-12 MobileClick-2 Overviewkt.mako
 
brochure acg enterprise short
brochure acg enterprise shortbrochure acg enterprise short
brochure acg enterprise shortPRAGMA PROGETTI
 
4. presupuesto fundacion__mirs_ideal
4. presupuesto fundacion__mirs_ideal4. presupuesto fundacion__mirs_ideal
4. presupuesto fundacion__mirs_idealempresariosintegrales
 
Openness at the University of Cape Town
Openness at the University of Cape TownOpenness at the University of Cape Town
Openness at the University of Cape TownLaura Czerniewicz
 
Bart Hendrickx measuring-sociallearning-spsbe02
Bart Hendrickx measuring-sociallearning-spsbe02Bart Hendrickx measuring-sociallearning-spsbe02
Bart Hendrickx measuring-sociallearning-spsbe02BIWUG
 
HTML5 Security & Headers - X-Crawling-Response-Header - by 重森 友行
HTML5 Security & Headers - X-Crawling-Response-Header - by 重森 友行HTML5 Security & Headers - X-Crawling-Response-Header - by 重森 友行
HTML5 Security & Headers - X-Crawling-Response-Header - by 重森 友行CODE BLUE
 
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 

Recomendados

NTCIR-12 MobileClick-2 Overview
NTCIR-12 MobileClick-2 OverviewNTCIR-12 MobileClick-2 Overview
NTCIR-12 MobileClick-2 Overviewkt.mako
 
brochure acg enterprise short
brochure acg enterprise shortbrochure acg enterprise short
brochure acg enterprise shortPRAGMA PROGETTI
 
4. presupuesto fundacion__mirs_ideal
4. presupuesto fundacion__mirs_ideal4. presupuesto fundacion__mirs_ideal
4. presupuesto fundacion__mirs_idealempresariosintegrales
 
Openness at the University of Cape Town
Openness at the University of Cape TownOpenness at the University of Cape Town
Openness at the University of Cape TownLaura Czerniewicz
 
Bart Hendrickx measuring-sociallearning-spsbe02
Bart Hendrickx measuring-sociallearning-spsbe02Bart Hendrickx measuring-sociallearning-spsbe02
Bart Hendrickx measuring-sociallearning-spsbe02BIWUG
 
HTML5 Security & Headers - X-Crawling-Response-Header - by 重森 友行
HTML5 Security & Headers - X-Crawling-Response-Header - by 重森 友行HTML5 Security & Headers - X-Crawling-Response-Header - by 重森 友行
HTML5 Security & Headers - X-Crawling-Response-Header - by 重森 友行CODE BLUE
 
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo PupilloCODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
 
[cb22] What I learned from the direct confrontation with the adversaries who ...
[cb22] What I learned from the direct confrontation with the adversaries who ...[cb22] What I learned from the direct confrontation with the adversaries who ...
[cb22] What I learned from the direct confrontation with the adversaries who ...CODE BLUE
 
[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛
[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛
[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛CODE BLUE
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Mais conteúdo relacionado

Mais de CODE BLUE

[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo PupilloCODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
 
[cb22] What I learned from the direct confrontation with the adversaries who ...
[cb22] What I learned from the direct confrontation with the adversaries who ...[cb22] What I learned from the direct confrontation with the adversaries who ...
[cb22] What I learned from the direct confrontation with the adversaries who ...CODE BLUE
 
[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛
[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛
[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛CODE BLUE
 

Mais de CODE BLUE (20)

[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 
[cb22] What I learned from the direct confrontation with the adversaries who ...
[cb22] What I learned from the direct confrontation with the adversaries who ...[cb22] What I learned from the direct confrontation with the adversaries who ...
[cb22] What I learned from the direct confrontation with the adversaries who ...
 
[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛
[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛
[cb22] ブロックチェーンにC&Cサーバー情報を隠ぺいした攻撃者との直接対峙により得られたもの by 谷口 剛
 

Último

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Último (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

HTML5 Security & Headers - X-Crawling-Response-Header -  by Tomoyuki Shigemori

  • 1. HTML5 Security & Headers - X-Crawling-Response-Header- JPCERT Coordination Center Watch and Warning Group, Information Security Analyst Tomoyuki Shigemori
  • 2. Copyright©2014 JPCERT/CC All rights reserved. Overview of JPCERT/CC Japan Computer Emergency Response Team Coordination Center • Founded in 1996 • An independent, non-profit organization • National CSIRT (Computer Security Incident Response Team) • Coordination center  JPCERT/CC, as a national CSIRT, monitors computer security incidents at a national level, identifies and handles incidents that could affect the economy and critical infrastructures, and warns critical stakeholders and the nation about computer security threats.  JPCERT/CC, as a coordination center, provides technical support in response to computer security incidents through coordination with other local and overseas CSIRTs. 1
  • 3. Copyright©2014 JPCERT/CC All rights reserved. Overview of JPCERT/CC - 3 pillars and 4 foundations -Prevent -Vulnerability Information Handling Monitor -Information gathering / analysis / sharing -Internet Traffic Monitoring Respond - Incident Handling Early Warning Information Information sharing with critical infrastructure enterprises, etc. CSIRT Establishment Support Capacity building for internal CSIRTs in enterprises / overseas national CSIRTs Artifact Analysis Analysis on attack methods / behavior of malware (unauthorized program) International Collaboration Collaboration with overseas organizations for smoother handling of incidents and vulnerabilities  Coordinate with developers on unknown vulnerability information  Secure Coding  Mitigating the damage through efficient incident handling  Information sharing to prevent similar incidents  Alerts / Advisories 2
  • 4. Copyright©2014 JPCERT/CC All rights reserved. What is HTML5? HTML5 is the next HTML standard. HTML5 enables us to build more flexible and highly convenient websites. It allows us to store data within the visitor’s browser, enables full-duplex communication between the visitor’s browser and web servers, obtain location information of the visitor, etc. It is becoming widely utilized in Asia-Pacific region including Japan. Major browsers are compatible with HTML5 (Some functions are not enabled). 3 Cross-domain Communication Full-duplex Communication Browser- Embedded MultimediaUI Enhancements Acceleration Online Application
  • 5. Copyright©2014 JPCERT/CC All rights reserved. What is HTML5? 4 While HTML5 enhances browser capabilities, it also brings new security concerns which were not an issue in previous versions of HTML. The possible impacts are not fully verified or widely known, which may affect users by attackers leveraging the security flaws of these new architectures. DoS Information Leakage XSSCSRF Open Redirect HTML5 is the next HTML standard. HTML5 enables us to build more flexible and highly convenient websites. It allows us to store data within the visitor’s browser, enables full-duplex communication between the visitor’s browser and web servers, obtain location information of the visitor, etc. It is becoming widely utilized in Asia-Pacific region including Japan. Major browsers are compatible with HTML5 (Some functions are not enabled).
  • 6. Copyright©2014 JPCERT/CC All rights reserved. Research Report on Security Issues of HTML5 Japanese version was published on October 2013 and English version will be coming up soon. https://www.jpcert.or.jp/research/html5.html (Japanese ver.) 5
  • 7. Copyright©2014 JPCERT/CC All rights reserved. Research Report Terms of Use The report is expected to be utilized as… Technical paper, basic information for guidelines Material for study meetings Reference for seminars For citing or reproducing the original document, please refer to the following: JPCERT/CC Terms of use https://www.jpcert.or.jp/guide.html (Japanese only) Sample) Source: JPCERT Coordination Center “Technical research report on security issue of web applications utilizing HTML5” https://www.jpcert.or.jp/research/HTML5-20131030.pdf 6
  • 8. Copyright©2014 JPCERT/CC All rights reserved.7 JavaScript API XMLHttpRequest
  • 9. Copyright©2014 JPCERT/CC All rights reserved. XMLHttpRequest(XHR) Summary 8 XMLHttpRequest (XHR) : —an API to communicate with HTTP using JavaScript —enables interactive web contents by asynchronous communication —widely used due to increased usage of AJAX —this function could only communicate with same origin in versions earlier than HTML5 Java Script ' Access-Control-Allow-Origin' : authorized origin or ‘*’ (wildcard) example.jp other.example.jp ' Origin' : loaded by the original source In order to allow Cookie, “Access-Control-Allow-Credentials” needs to be configured ※Origin : combination of host name, protocol and port number
  • 10. Copyright©2014 JPCERT/CC All rights reserved. Current Status of HTML5 9
  • 11. Copyright©2014 JPCERT/CC All rights reserved. Previous Survey Results Survey against 2,359 sites was conducted on November 2012 How about Cross-Origin Resource Sharing (CORS) headers with values other than ' Access-Control-Allow-Origin’? 10 Source:http://www.veracode.com/blog/2012/11/security-headers-report/ 0.25% of websites supports CORS
  • 12. Copyright©2014 JPCERT/CC All rights reserved. Fact-Finding on Websites utilizing HTML5 Following points were checked: —CORS headers (*1) —Headers with security features (*2) Approach to fact-finding —Crawl top page of websites on Alexa Top 1,000,000 (*3) —Check the HTTP header of the curl command response —If the website redirects to other points, final redirection point will be surveyed —Origin request header will be added to the sending request —Survey was conducted from 2013/12/26 to 2013/12/30 11 (*1) Response header which starts with ’Access-Control-’on headers used by CORS (*2) Specific headers with security features introduced in the research report (*3) http://www.alexa.com/topsites
  • 13. Copyright©2014 JPCERT/CC All rights reserved. CORS Headers Access-Control-Allow-Origin —Specifies the Origin that is allowed to access to resource Access-Control-Allow-Credentials —Configured ‘true’ for permission on accessing to response towards requests with authentication information such as Cookie Access-Control-Expose-Headers —Specifies the header which the browser can use Access-Control-Allow-Methods (preflight) —Specifies the method which allows transmission Access-Control-Allow-Headers (preflight) —Specifies the header which allows transmission Access-Control-Max-Age (preflight) —Specifies the time to cache a preflight response 12
  • 14. Copyright©2014 JPCERT/CC All rights reserved. Headers with Security Features X-XSS-Protection —Protects from XSS attack X-Frame-Options —Manages contents in accordance with the configuration in Content-Type header X-Frame-Options —Restricts embedding into a frame such as iframe Content-Security-Policy —Restricts the sources of contents to be loaded Content-Disposition —Controls download dialog of a file Strict-Transport-Security —Enforces the use of secure HTTPS connections 13
  • 15. Copyright©2014 JPCERT/CC All rights reserved. Key Findings 14
  • 16. Copyright©2014 JPCERT/CC All rights reserved. Current status on CORS 15 Number of websites which responded was 949,217 sites. Number of CORS enabled websites(*) was 7,218 sites. Only 0.76% of the websites had CORS enabled. 0 1000 2000 3000 4000 5000 6000 7000 8000 CORS Headers (Access-Control-xxx) 941999 7218 CORS enabled websites 非対応 対応 (*) Websites which returned headers related to CORS Not enabled Enabled
  • 17. Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin 5.4% of the websites were configured improperly. If improperly configured, the value will be invalid and “Access-Control-Allow-Origin” will not work properly. 16 6650 377 ‘Access-Control-Allow- Origin’ Configuration 正しい設定 誤った設定 4741 1909 Value Configured(with proper configuration) * オリジン Proper Configuration Improper Configuration Origin
  • 18. Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin Proper Configuration — scheme://host[:port][ scheme://host[:port]]* (※1) — null — * Improper configuration sample(either of the settings will be invalid) — No scheme: example.com — Multiple configuration with comma breaking: http://example1.com,http://example2.com — Wildcard usage: http://*.example.com — ‘/’ inserted at the end of origin :http://example.com/ — Multiple header: http://example1.com http://example2.com Attention!! Without the knowledge of proper configuration on how to add headers, it may weaken the authorization and create vulnerabilities. ※1:Some browsers forbid origin configuration with space breaking 17
  • 19. Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin Websites with proper ‘Access-Control-Allow-Origin’ were configured as follows: —Approximately 71% configured to ‘*’ ⇒allows CORS from any website —Approximately 29% configured ‘origin’ ⇒CORS is only allowed from the website specified by the origin header 18 6650 377 ‘Access-Control-Allow- Origin’ Configuration 正しい設定 誤った設定 4741 1909 Value Configured(with proper configuration) * オリジン Proper Configuration Improper Configuration Origin
  • 20. Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Credentials Websites enabling Access-Control-Allow-Credentials were 22% out of all of the CORS websites. Value set to ‘true’ is only valid. Value other than that operates as it is not set to ‘true’. Furthermore, there were several websites which value is set to ‘false’. 19 5622 1525 71 Access-Control-Allow-Credentials 設定なし TRUE FALSE No Configuration
  • 21. Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Credentials In case ‘true’ is specified on Access-Control-Allow- Credentials, the value ‘*’ cannot be used for Access-Control- Allow-Origin. However,163 sites were configured to ‘*’. Please check beforehand whether it operates as it is intended!! 20 4573 163 4 Access-Control-Allow- Credentials 設定なし TRUE FALSE 599 1250 2 Access-Control-Allow- Credentials 設定なし TRUE FALSE Websites with value ‘*’ configured to Access-Control-Allow-Origin Websites with proper origin to ‘Access-Control-Allow-Origin’ No Configuration No Configuration
  • 22. Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Credentials Within the 68% of the websites for which the origin was set in Access-Control-Allow-Origin, ‘true’ was configured in Access-Control-Allow-Credentials. 21 4573 163 4 Access-Control-Allow- Credentials 設定なし TRUE FALSE 599 1250 2 Access-Control-Allow- Credentials 設定なし TRUE FALSE Websites with value ‘*’ configured to Access-Control-Allow-Origin Websites with proper origin to Access-Control-Allow-Origin No Configuration No Configuration
  • 23. Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin If the response header returned is as shown above, JavaScript loaded from http://example.com will operate as same as the client browser. ⇒ When arbitrary JavaScript can be executed from a website specified in Access-Control-Allow-Origin, it may become very dangerous. Then, is it safe if this vulnerability does not exist? 22 Sample of sending response header:for ‘true’ Access-Control-Allow-Origin: http://example.com Access-Control-Allow-Credentials: true 599 1250 2 Access-Control-Allow- Credentials 設定なし TRUE FALSE Websites with value ‘*’ configured in Access-Control-Allow-Origin No Configuration
  • 24. Copyright©2014 JPCERT/CC All rights reserved. Mashup Example 23 Mr. X’s image Mashup origin site Mashup site B Mashup site A Use favorite image as background. Provide favorite image related products. Origin: site A Origin: site B In order to allow Cookie added CORS to each site, generate value in Access- Control-Allow-Origin dynamically. A-C-Allow-Origin:siteB A-C-Allow-Credentials:true A-C-Allow-Origin: siteA A-C-Allow-Credentials:true Cookie
  • 25. Copyright©2014 JPCERT/CC All rights reserved. How can attacker leverage this? 24 Mr. X’s photo Mashup origin site evil web site (evil.examle.com) Origin: http://evil.example.com send outside Information Leakage Mr. X A-C-Allow-Origin: http://evil.example.com A-C-Allow-Credentials:true Cookie
  • 26. Copyright©2014 JPCERT/CC All rights reserved. Cross Origin Request utilizing XHR2 Sample Advisory 25 IPA Lectures on secure coding Web Application course https://www.ipa.go.jp/security/awareness/vendor/programmingv2/contents/704.html
  • 27. Copyright©2014 JPCERT/CC All rights reserved. Access-Control-Allow-Origin 194 sites inherited the value from the original origin header and configured in Access-Control-Allow-Origin header and sent it back!! Data may be intercepted if the user authenticated web page is configured as aforementioned. Furthermore, it may bypass CSRF token protection. 26 194 1056 Actual value of Allow-Origin http://example.com Other origin Actual request sent by the survey: GET / HTTP/1.1 HOST: <target> Origin: http://example.com
  • 28. Copyright©2014 JPCERT/CC All rights reserved. Password Change by CSRF 27 token=2a8bc84e token=2a8bc84e GET /passwd HTTP/1.1 Origin: http://evil.com POST /passwd HTTP/1.1 newpwd=infected& Issue a token Cookie Cookie Verify the token Java Script Access-Control-Allow-Origin: http://evil.com Access-Control-Allow-Credentials: true Origin: http://evil.com Obtain token by JavaScript XHR Password Changed
  • 29. Copyright©2014 JPCERT/CC All rights reserved. token=2a8bc84e GET /passwd HTTP/1.1 Origin: http://evil.com Verify & Restriction Cookie Java Script XHR Issue a token Access-Control-Allow-Origin: http://evil.com Access-Control-Allow-Credentials: true JavaScript cannot access to token Restriction on permitted page — Access-Control-Allow-Origin and Access-Control-Allow-Credentials should not be added to a web page which is not intended to be open to the public. (i.e. Configuration Change Page, Password Change Page) Verify origin header — In case of allowing particular web sites, verify the value of the Origin and then only add Access-Control-Allow-Origin and Access-Control-Allow- Credentials as necessary. Proper Configuration 28
  • 30. Copyright©2014 JPCERT/CC All rights reserved.29 Restriction on permitted page — Access-Control-Allow-Origin and Access-Control-Allow-Credentials should not be added to a web page which is not intended to be open to the public. (i.e. Configuration Change Page, Password Change Page) Configuration examples Verify the origin header In case of allowing particular web sites, verify the value of the Origin and then only add Access-Control-Allow-Origin and Access-Control-Allow- Credentials as necessary. <FilesMatch “¥.(jpeg|gif|png|img)$”> SetEnvIf Origin “^https?://.*$” ORIGIN=$0 Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN </FilesMatch> Ex: Allow usage of the resource only by an image file SetEnvIf Origin “^https?://.*¥.example¥.com$” ORIGIN=$0 Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN Ex: Only allow requests from sub domains of example.com to use the resource ※ Based on the application specification, consideration on proper configuration and sufficient testing is required upon applying this configuration.
  • 31. Copyright©2014 JPCERT/CC All rights reserved. Headers with Security Features 30
  • 32. Copyright©2014 JPCERT/CC All rights reserved. X-XSS-Protection Most sites with X-XSS-Protection enabled were configured to ‘1’;mode=block (Enable protection filter, blank page was displayed upon detection) 514 websites configured to ‘0’ (disabled) Attention!! Disabling the XSS Protection should be restricted to specific web pages such as a page having false-positive issues. 31 100 44169 514 1 1; mode=block 0 44783 904434 設定あり 設定なし Configured Not configured
  • 33. Copyright©2014 JPCERT/CC All rights reserved. Strict-Transport-Security 20,720 sites out of all sites were redirected to HTTPS. 1,754 sites configured HSTS. Over half of the sites configured max-age to 1 year. Attention!! If max-age is configured to ‘0’ , this website will be deleted from HSTS list of the browser. 32 1754 18966 HSTS configured HSTS not configured 969 187 119 93 49 337 max-age value 31536000 2592000 15768000 0 16070400 Other
  • 34. Copyright©2014 JPCERT/CC All rights reserved.33 Conclusion
  • 35. Copyright©2014 JPCERT/CC All rights reserved. Conclusion While HTML5 enhances browser capabilities, there are multiple architectural issues which we should be aware of upon use. Please refer to “Technical research report on security issue of web applications utilizing HTML5” for developing secure web applications. Any inquiries are welcome. Please contact to 34 JPCERT Coordination Center Email:ww-info@jpcert.or.jp Tel:+81-3-3518-4600 Web: https://www.jpcert.or.jp/
  • 36. Copyright©2014 JPCERT/CC All rights reserved.35 Appendix
  • 37. Copyright©2014 JPCERT/CC All rights reserved. Custom HTTP header X-Recruiting: We’re looking for talented people, join us: <URL>(We have cookies!) X-Recruiting: Like HTTP headers? Come write ours: <URL> x-poetry: Choose Life. Choose a job. Choose a career. X-<CompanyName>-jobs: you’re reading this … come work at xxx! Were-currently-looking-for-devs-like-you: Tweet @xxx for job details. 36
  • 38. Copyright©2014 JPCERT/CC All rights reserved. X-Want-A-Job-With-Us response header 37
  • 39. Copyright©2014 JPCERT/CC All rights reserved. discem file type 38 output to a file Compressed file…. :-c
  • 40. Copyright©2014 JPCERT/CC All rights reserved. extraction by bzip2 39 extraction confirm file type ASCII! Readable!!
  • 41. Copyright©2014 JPCERT/CC All rights reserved. finish? 40 rotate …
  • 42. Copyright©2014 JPCERT/CC All rights reserved. perl 41
  • 43. Copyright©2014 JPCERT/CC All rights reserved.42 Thank you for your attention