ç¬èªã®Stuxnetãäœæããæ¹æ³ã¯ïŒ ãœãããŠã§ã¢ã®ã»ãã¥ãªãã£æ©èœèªäœã¯ãšãŠãå®å
šã§ããïŒ äººã
ã远跡ããã®ã¯ã©ãã»ã©ç°¡åã§ããïŒãŸãããªãç©ççãªã»ãã¥ãªãã£ããã¹ãŠã®ã»ãã¥ãªãã£ã®åºç€ãªã®ã§ããïŒ æ¬æ¥ã¯
ã Positive Hack Days IIIãã©ãŒã©ã ã®
äž»èŠãªæè¡ããã°ã©ã ã«é¢ãã30ãè¶
ããã¬ããŒãã®äžéšãã玹ä»ããŸãã
WebãµãŒããŒãäœæã§ããŸããïŒ ãã©ãã·ã¥ãã©ã€ããäœæã§ããŸã

Travis GoodspeedãããªãŒãã³ãœãŒã¹ã®Facedancerãã¬ãŒã ã¯ãŒã¯ã䜿çšããŠãPythonã®ãã¹ã¹ãã¬ãŒãžããã¥ãŒãã³ã€ã³ã¿ãŒãã§ã€ã¹ãFTDIãããã³ããã€ã¹ãã¡ãŒã ãŠã§ã¢ã¢ããããŒããããã³ã«çšã®ãŠãŒã¶ãŒç©ºéã«ãšãã¥ã¬ãŒã¿ãŒãäœæããæ¹æ³ã«ã€ããŠèª¬æããŸãã ãœã±ããã®æ©èœã¯å°ãç°ãªãããããã³ã«ã¯ASCIIã䜿çšããŸããããæäœãšã©ã€ãã©ãªã®äžè¬çãªåçã¯HTTPã»ã©è€éã§ã¯ãããŸããã
èè
ã®æ¹æ³ã®å®è£
äŸãšããŠãDFUãããã³ã«ãšãã©ã¬ã³ãžãã¯åæããã³ã¯ããŒã³äœæããŒã«ããç©æ¥µçã«ä¿è·ãããããã¿ã€ãã®ããŒããã©ã€ããåœè£
ããããšã«ããããã¡ãŒã ãŠã§ã¢ã®æŽæ°ãã€ã³ã¿ãŒã»ããããããŒã«ã瀺ãããŸãã
ç¶ç¶çãªå±éæ¹æ³-å®å
šãªãœãããŠã§ã¢ã®è¿
éãªéçº

ç¶ç¶çãããã€ã¡ã³ãã¯ãéçºè
ã補åã®ã»ãã¥ãªãã£ã«ååãªæ³šæãæããªãããšãå€ããããé·ãéçºãµã€ã¯ã«ãåé¿ããã®ã«åœ¹ç«ã¡ãŸãã ãã®æ¹æ³ãæ£ãã䜿çšãããšããœãããŠã§ã¢ã©ã€ããµã€ã¯ã«ãå€æŽããã»ãã¥ãªãã£ããŒã ãã€ã³ã·ãã³ã察å¿ããŒã ããéçºè
ãé£çµ¡ã§ããå
éšã»ãã¥ãªãã£ã¢ããã€ã¶ãªãŒãµãŒãã¹ã«å€ããããšãã§ããŸãã
IPONWEBã®æè¡æ
åœå¯ç€Ÿé·Nick Nick Galbrethããç¶ç¶çãªéçºã¢ãããŒãã®éå§æ¹æ³ãšãæ°ããã¬ãã«ã®ã»ãã¥ãªãã£ãžã®ç§»è¡ãæåãããããŒã«ãšããã»ã¹ã«ã€ããŠèª¬æããŸãã
æ»æã®åå¥æ²ïŒOSINTã®å®è·µãšèªåå

ã¿ãŒã²ããïŒãªãŒãã³ãœãŒã¹ã€ã³ããªãžã§ã³ã¹ããŸãã¯OSINTïŒã«ã€ããŠå
¬éãããŠããæ
å ±ã®åéãšåæã¯ãçŸä»£ã®äŸµå
¥ãã¹ãã®å¿
é ã¹ãããã§ãã ãã ãããã®éèŠæ§ã«ãããããããå€ãã®äººã¯ãã®æé ãã¹ãããããŠãããã«è匱æ§ã®ã¹ãã£ã³ãéå§ããŸãã 圌ãã¯ééããç¯ããŸãããã¹ãã®ç¯å²ã§ã·ã¹ãã ãšäººå¡ã«é¢ããæ
å ±ãåéããããšã¯ãã»ãã¥ãªãã£ç£æ»ã«ãããŠæ±ºå®çãªåœ¹å²ãæããããœãŒã·ã£ã«ãšã³ãžãã¢ãªã³ã°ææ³ã䜿çšããç£æ»ã®æåã®éèŠãªèŠå ã§ããããŸãã
Vladimir Styranã¯ãã»ãã¥ãªãã£ã·ã¹ãã ãã¹ãã»ã¯ã¿ãŒã®è²¬ä»»è
ã§ããBMS Consultingã®äž»èŠã³ã³ãµã«ã¿ã³ãã§ãã
楜ãããšå©çã®ããã®ãã©ãŠã¶ãŠãŒã¶ãŒã€ã³ã¿ãŒãã§ã€ã¹ã®æäœ

ä»æ¥ãçŸä»£ã®ãã©ãŠã¶ã¯ãæœåšçã«å±éºãªãŸãã¯æ³šæãå¿
èŠãªWebããŒãžã®ã¢ã¯ã·ã§ã³ïŒãã¡ã€ã«ã®ããŠã³ããŒãããœãããŠã§ã¢ã¢ãžã¥ãŒã«ã®ã€ã³ã¹ããŒã«ããµãŒãããŒãã£ãµã€ããžã®ç¹æš©ã®ä»äžïŒãèªèãããŠãŒã¶ãŒã«å¥ã®ãŠã£ã³ããŠãŸãã¯éç¥ããã«ã§æäœãæ瀺çã«ç¢ºèªããããã«èŠæ±ã§ããŸãã ããã«ããããŠãŒã¶ãŒä¿è·ã®åºŠåããé«ãŸããŸãããéç¥ã¡ã«ããºã ã¯çµ¶å¯Ÿçãªã»ãã¥ãªãã£ãä¿èšŒããŸããã
12幎ã®çµéšãæã€ã»ãã¥ãªãã£ã¹ãã·ã£ãªã¹ãããã¶ãªãªãŽã¡ããã¿ã¯ããã¬ãŒã³ããŒã·ã§ã³äžã«ãæå°éã®ãœãŒã·ã£ã«ãšã³ãžãã¢ãªã³ã°ãã¯ããã¯ã䜿çšããïŒãŸãã¯ãŸã£ãã䜿çšããªãïŒããšã§ããŠãŒã¶ãŒã®å®å
šæ§ãæãªãããäžè¬çãªãã©ãŠã¶ãŒã®éç¥ããã«ã䜿çšããŠè¢«å®³è
ã®ã³ã³ãã¥ãŒã¿ãŒã§ç°¡åãªã³ãŒããå®è¡ã§ããããšã瀺ããŸãïŒChrome 24 ãIE9ãIE10ïŒã
èµ€ã¡ãããèŠãŠããã®ã¯èª°ã§ããïŒ

æºåž¯é»è©±ãŸãã¯RFIDã«ãŒãã远跡ã§ããŸãã OpenBeaconãããžã§ã¯ãã®ã¡ã³ããŒã§ããJeff Katzãšaestetixã¯ãææ°ã®çºèŠãšããã¬ãŒã³ããŒã·ã§ã³äžã«ãªããžã§ã¯ãã®äœçœ®ããªã¢ã«ã¿ã€ã ã§è¿œè·¡ããã·ã¹ãã ã玹ä»ããŸãã ã¹ããŒã«ãŒã¯ãèŠèŠåã®äŸã瀺ããç¡å®³ãªããã€ã¹ãç°¡åã«åŒ·åãªããŒã«ã«å€ããæ¹æ³ã瀺ããŸãã
ãã©ããã¯åãããšãã§ããŸãïŒããã¯ãããã¬ãŒã·ã§ã³

ãã®ã¬ããŒãã§ã¯ãæ»æçãªãã©ããã®æŠå¿µïŒãé²åŸ¡ã¯å€±ç€Œã«ãªãå¯èœæ§ããããïŒããã³ãã®ãããªãã©ãããæäœããããã®ãªãã·ã§ã³ãæ€èšããŸãã 察象ãšãªããããã¯ã«ã¯ãæ»æè
ã«é¢ããæ
å ±ã®é瀺ãèªååãããæ»æã®ãã£ã«ã¿ãªã³ã°ãšæ€åºãæ»æè
ã®æè¡ãã¬ãŒãã³ã°ã®ã¬ãã«ã®æ±ºå®ãæ»æè
ã®å¶åŸ¡ã®ç²åŸãå«ãŸããŸãã
Nokiaã®äžçŽæ
å ±ã»ãã¥ãªãã£ãšã³ãžãã¢ã§ããAlexey Sintsovã¯ãå®éã®æ»æã®äŸãšããªãªãžãã«ã®ã»ãã¥ãªãã£ãã¯ãããžãŒã䜿çšããçµæã玹ä»ããŸãã ä»ã®èå³æ·±ããããã¯ãæ€èšãããŸããããšãã°ããµãŒãããŒãã£ã®ãµãŒãã¹ã®è匱æ§ã䜿çšããããšã¯ã§ããŸããããããšãã¯ã©ã€ã¢ã³ãåŽã®è匱æ§ã®ã¿ã䜿çšããããšã¯å¯èœã§ããïŒ
ãã¡ã€ããã¬ã³ã ã®æªå€¢

ããã¬ã³ã ã®5ã€ã®æªå€¢ãã¯ãéä¿¡äºæ¥è
ã®ãããã¯ãŒã¯ã«äŸµå
¥ãããã±ãããµãŒãã¹ãæ»æããã€ã³ãã©ã¹ãã©ã¯ãã£ãå¶åŸ¡ããVoIPãŸãã¯ã»ã«ããµãŒãã¹ããŒã¿ã«ã§åçãäžããæ¹æ³ã«é¢ãã5ã€ã®ã¹ããŒãªãŒã§ãã éå»ã«åäŸããã£ãæ»æãããã°ãçŸå®ã«ãªããªãããšãé¡ããã¡ã³ã¿ãžãŒããããŸãã
è¬æŒè
-Dmitry Kurbatovãããžãã£ããã¯ãããžãŒãºãæ
å ±ã»ãã¥ãªãã£ã¹ãã·ã£ãªã¹ãã
åã®çè«ïŒã¢ãã³WAFã®ãã€ãã¹

ONsecã®åµèšè
ã§ãããªãŒããŒã§ããæåãªå°é家ã§ãããŠã©ãžããŒã«ãŽã©ãã³ãã©ãã®ã¬ããŒãã¯ãWebã¢ããªã±ãŒã·ã§ã³ïŒWebã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ïŒã«å¯Ÿããæ»æãèªèã§ããææ°ã®ãœãªã¥ãŒã·ã§ã³ã®åäœåçã®åæã«åœãŠãããŠããŸãã èè
ã¯ãäž»ãªæ»ææ€åºã¢ã«ãŽãªãºã ãæ¯èŒãããããã®å©ç¹ãšæ¬ ç¹ã瀺ããŠããŸãã ä¿è·ã¡ã«ããºã ã®åé¿ã®å
·äœäŸã瀺ããŸãã ã¬ããŒãã®èè
ã¯ãããŸããŸãªã¢ã«ãŽãªãºã ã®WAFãä»ããŠæ»æãã¯ãã«ããã¹ã¯ããæ®éçãªæ¹æ³ãèå¥ããå¿
èŠæ§ãææããŠããŸãã
Javaãšããªãã€ã Javaã®ãŒããã€æ»æã®ã·ã¹ãã åæ

ã¬ããŒãã«ã¯ã2012幎ããã³2013幎ã«Javaã§èŠã€ãã£ããã¹ãŠã®ãŒããã€è匱æ§ã®ã·ã¹ãã åæã®çµæã衚瀺ãããŸãïŒCVE-2013-1493ãCVE-2013-0431ãCVE-2013-0422ãCVE-2012-5076ãCVE-2012 -4681ãCVE-2012-1723ãCVE-2012-1507ïŒã ãã®èª¿æ»ã®ç®çã¯ããããã®è匱æ§ãèŠã€ããããã®å
±éã®ãœãŒã¹ãŸãã¯äžè¬çãªææ³ãæããã¿ãŒã³ãèå¥ããããšã§ãã
ã¹ããŒã«ãŒ-ããªã¹ã»ãªã¥ã¿ã³ãå
±èè
-ã¢ãªãµã»ã·ã§ããã§ã³ã³ã
SCADA StrangeloveïŒç¬èªã®Stuxnetãäœæããæ¹æ³

ä»ã®äººã¯ãµã€ããŒå
µåšã®é²åã«ãããããã·ã³ã°ãªã³ã¯ãæ¢ããŠããŸãããPositive Technologiesã®å°é家ã¯ãSCADAã®æ¢è£œã®ã¯ãŒã ãäœæããã«ã¯ãMetasploitã®ææ°ããŒãžã§ã³ãšVBScriptã®ããã€ãã®ããã°ã©ãã³ã°ã¹ãã«ã ããå¿
èŠãªãè¿ãå°æ¥ãå£éèŠãããšãã§ããŸãã
ãã®ã¬ããŒãã¯ãSiemens SIMATICã·ãªãŒãºãœãããŠã§ã¢ïŒTIAããŒã¿ã«ãWinCCãS7 PLCïŒã®ã»ãã¥ãªãã£ç 究ã«åºã¥ããŠãããICSãã¯ã©ãã¯ããããã«æªçšãããå¯èœæ§ã®ããè匱æ§ã«çŠç¹ãåœãŠãŸãã ã¹ããŒã«ãŒã¯ãã¯ãŒã ãã©ã®ããã«åºããããããã¯ãŒã¯ã¬ãã«ïŒS7 / ProfinetïŒããWeb管çã€ã³ã¿ãŒãã§ã€ã¹ãšWinCCãããžã§ã¯ããã¡ã€ã«ãŸã§ãã·ã¹ãã ã«æ害ãªåœ±é¿ãäžãããã瀺ããŸãã ã·ãŒã¡ã³ã¹è£œåã®æ°ããè匱æ§ãããã³ã»ãã¥ãªãã£ã®åæãšICSã®æ°ããè匱æ§ã®æ€çŽ¢ã«äœ¿çšãããããŒã«ã玹ä»ãããŸãã
ããã¯ãšç©ççã»ãã¥ãªãã£

æè¡ã®äžçã§ã¯ãã·ã¹ãã å
šäœã®ã»ãã¥ãªãã£ã®ã³ã³ããŒãã³ããšããŠã®ç©ççã»ãã¥ãªãã£ã¯ãã°ãã°æ³šæãæãããŸããããã¢ããããŒããæ£ãããã¹ã¯ãŒãããªã·ãŒããŠãŒã¶ãŒæš©éã®ã¿ã€ã ãªãŒãªã€ã³ã¹ããŒã«ãšåããããéèŠã§ãã æãå®å
šãªãµãŒããŒãšæãã¢ã¯ã»ã¹ã§ããªããããã¯ãŒã¯ãæã£ãŠãããããããŸããããããã¯èª°ããããŒããŒãã«çŽæ¥ã¢ã¯ã»ã¹ããããããã«æªãããšã«æ©åšãçãã ãããŠãå©ãã«ã¯ãªããŸããã
çåŸã¯ã建ç©ãå°åãäžæ£ã¢ã¯ã»ã¹ããä¿è·ããæ¹æ³ã«ã€ããŠã®ã¹ããŒãªãŒãèŠã€ããŸãã é倧ãªã€ã³ã·ãã³ãã®äŸã調ã¹ãããŸããããã®å€ãã¯ç¹å¥ãªãã¬ãŒãã³ã°ãªãã§ç°¡åã«ç¹°ãè¿ãããšãã§ããŸãã Deviant OllamãBabak JavadiãKeith Howellããããã¯ãšé庫ãéžæããéã«äœãæ¢ãã¹ããããããŠå€§èŠæš¡ãããã¯ãŒã¯ã§æã管çããããã·ã¹ãã ã«æè³ããæ¹æ³ã説æããŸãã
DPIãã€ãã¹

Black Hat 2012ã§å°å
¥ãããEvaderã¯ãã»ãã¥ãªãã£ã·ã¹ãã ã®è匱æ§ãæ€åºãã䟵å
¥ãã¹ããšã»ãã¥ãªãã£ãã§ãã¯ãå®æœããããã«äœ¿çšã§ããŸãã æåãªæ
å ±ã»ãã¥ãªãã£ã®å°é家ã§ããOlli-Pekka NiemiïŒOpiïŒããEvaderã®äœæ¥ã®æè¡çåŽé¢ãšãææ°ã®ã»ãã¥ãªãã£ããŒã«ããã€ãã¹ããããã®ãã®ããã°ã©ã ã®äœ¿çšã«ã€ããŠèª¬æããŸãã
ã¿ããªãèŠã€ããã«ã¯ãããããŸãšããŠ...-ã€ã³ã¿ãŒãããäžã®ACS TP

å€ãã®ããã»ã¹å¶åŸ¡ã·ã¹ãã ããªã¢ãŒãã§å¶åŸ¡ãããŠãããããã€ã³ã¿ãŒãããäžã§èŠã€ããããšãã§ããããšããåç¥ã§ããïŒããšãã°ãSHODANæ€çŽ¢ãšã³ãžã³ã䜿çšããŠïŒã Johan ClickãšDaniel Marcinã¯ç¬èªã®æ€çŽ¢ãšã³ãžã³ã§ããSCADACS Search EngineïŒSSEïŒãäœæããæåã®çµæãšSHODANã®çµæã®æ¯èŒãæ瀺ããŸãã
ç£æ¥ãªã¹ã¯è©äŸ¡ãããïŒIRAMïŒã§SCADA / PLCã·ã¹ãã ã®äžççãªååžãå®èšŒããŸãã ãã®ã«ãŒãã¯ããšããããã·ã¹ãã ã«å«ãŸããè匱æ§ãšå©çšå¯èœãªå©çšæ¹æ³ã«é¢ããæ
å ±ãæäŸããŸãã è¬æŒè
ã¯ãIRAMãSSEãããã³ãšã¯ã¹ããã€ãã1ã€ã®ã¢ããªã±ãŒã·ã§ã³ã«çµã¿èŸŒãŸããå Žåã«äœãèµ·ãããã«ã€ããŠãè°è«ããŸãã
çµç¹ãAPTããä¿è·ããïŒRSAã®äŸã䜿çšïŒ

Mikhel OsterhofïŒCISSPãCISMãCISAãGCIHïŒã¯ãæ
å ±ã»ãã¥ãªãã£ã«é¢ããEMCã®RSAéšéã®äž»èŠãªã·ã¹ãã ãšã³ãžãã¢ã§ãã çŸä»£ã®äŒæ¥ã¯ãæ
å ±ãªãœãŒã¹ããã©ã³ããç¥ç財ç£ã®ä¿è·ã«å€é¡ã®æè³ãè¡ã£ãŠããŸãã ãã ããæ»æè
ã¯æ»æãå®è¡ããæ段ãšæ¹æ³ãéçºããããã«ãéãspareããŸãªããããã€ã³ã·ãã³ããçºçããŸãã å瀟ã¯åžžã«äŸµå
¥è
ã®ç£èŠäžã«ãããããRSAã¯ãã®ããšãçŽæ¥ç¥ã£ãŠããŸãã
è¬æŒè
ã¯ãäŒæ¥ããã³æ¿åºã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã«å¯ŸããAPTæ»æã®çµæãé²æ¢ãæ€åºãããã³æå°åããåéã§ã®çµéšãšãã¹ããã©ã¯ãã£ã¹ãå
±æããŸãã çŸå®ã®äŸïŒããããŒãããŒãã£ã³ããã³ãã®ä»ã®å€§äŒæ¥ã®äºä»¶ïŒã«åºã¥ããŠã圌ã¯ãµã€ããŒãã«ãã§ãŒã³ã®æŠå¿µã«ã€ããŠè©±ããç£æ¥ã¹ãã€ããã³ãµã€ããŒæ»æã«é¢é£ãããªã¹ã¯ã軜æžããããã®å
žåçãªæ»æã¹ããŒã ãšå¯èœãªæ¹æ³ã«è§ŠããŸãã ããã«ãã¬ããŒãã«ã¯ãEMC Corporationã®å
éšãããã¯ãŒã¯ã€ã³ãã©ã¹ãã©ã¯ãã£ãä¿è·ããRSA Critical Incident Response CenterïŒCIRCïŒã®äœæ¥ã«é¢ããã¹ããŒãªãŒãå«ãŸããŸãã
Positive Hack Daysã§è¡ãããã¹ããŒã
ã®å®å
šãªãªã¹ã㯠ãå
¬åŒãã©ãŒã©ã Webãµã€ãã§èŠã€ããããšãã§ããŸãã PHDays IIIããã°ã©ã ã®æšæºã¬ããŒãã«å ããŠã20ãè¶
ããçããéåžžã«èå³æ·±ã15åéã®ã¹ã¿ã³ãã¢ããã§æ§æãããè±å¯ãªFast Trackã«å ããŠãèè
ã¯ãè»ããæ¯ãããããDLPã·ã¹ãã ããã€ãã¹ããå€æ°ã®æ¹æ³ãŸã§ãå€ãã®é
åçãªãããã¯ãæããã«ããŸãã
ããã«ïŒ ä»å¹Žã®åºèª¿è¬æŒè
ã®äžäººã¯ãæåãªç 究è
ã§ãããHydraãAmapãSuSEFirewallã®èè
ã§ãããMarkâ van Hauserâ Hoyzeã§ãã
PSãšããã§ãPHDaysã¹ããŒã«ãŒã®twitterã¢ã«ãŠã³ããå¥ã®
ãªã¹ãã«ãŸãšããŸããã 賌èªããïŒ :)
ãã©ãŒã©ã ã®PPS
ç»é²ã¯ç¶ç¶ããŠããŸãïŒ