{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文是關於如何查找代碼漏洞文章系列的第一篇。從宏觀來看,過程是這個樣子:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"找到潛藏危險的功能"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"找到從你控制的輸入到這個危險功能的路徑"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"修正會導致程序出問題的輸入"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們將從第一部分開始:如何找到潛藏危險的功能。以我的經驗,80%的錯誤都藏在大約20%的代碼中。具體來說,這個比例更接近90\/10。由於我們通常需要徹底理解代碼才能發現罕見的漏洞,因此找出需要重點關注的那20%就變得至關重要。我使用的一種方法是關注“壞詞(bad words)”的羣集。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我將通過一個簡短的故事告訴大家。最近在一次紅隊行動中,我瀏覽一個巨大的terraform倉庫時看到一行看起來很正常的代碼:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"plain"},"content":[{"type":"text","text":"driver.raw_exec.enable = 1"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個時候,我甚至都沒有在嘗試尋找漏洞,但是看到這行代碼後,我就停下來弄清楚它在做什麼。原來,它正在配置Hashicorp一個名爲Nomad的作業調度程序。作爲一名盡責的紅隊隊員,我立刻查詢了Nomad文檔。在那裏,我發現了一個不祥警告:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這讓你可以無隔離地運行作業;出於安全原因,默認情況下將其禁用。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我馬上精神了,迅速做出一個最簡單的Nomad作業。幾分鐘後,我就有了對該集羣的root訪問權限和一大堆憑證。這次行動馬上就可以完成了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
手把手教你怎樣找代碼漏洞
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文是關於如何查找代碼漏洞文章系列的第一篇。從宏觀來看,過程是這個樣子:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"找到潛藏危險的功能"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"找到從你控制的輸入到這個危險功能的路徑"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"修正會導致程序出問題的輸入"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們將從第一部分開始:如何找到潛藏危險的功能。以我的經驗,80%的錯誤都藏在大約20%的代碼中。具體來說,這個比例更接近90\/10。由於我們通常需要徹底理解代碼才能發現罕見的漏洞,因此找出需要重點關注的那20%就變得至關重要。我使用的一種方法是關注“壞詞(bad words)”的羣集。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我將通過一個簡短的故事告訴大家。最近在一次紅隊行動中,我瀏覽一個巨大的terraform倉庫時看到一行看起來很正常的代碼:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"plain"},"content":[{"type":"text","text":"driver.raw_exec.enable = 1"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個時候,我甚至都沒有在嘗試尋找漏洞,但是看到這行代碼後,我就停下來弄清楚它在做什麼。原來,它正在配置Hashicorp一個名爲Nomad的作業調度程序。作爲一名盡責的紅隊隊員,我立刻查詢了Nomad文檔。在那裏,我發現了一個不祥警告:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這讓你可以無隔離地運行作業;出於安全原因,默認情況下將其禁用。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我馬上精神了,迅速做出一個最簡單的Nomad作業。幾分鐘後,我就有了對該集羣的root訪問權限和一大堆憑證。這次行動馬上就可以完成了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章