와우스토리 한정판 레어 아이템!! Real Geeks

남은 수량이 얼마없어서.. 한번더 그냥 포스팅 해봅니다.

누군가가 보고 도움이 누군가에게 도움이 되지 않을까 하는...

http://book.sessak.com

와우해커에서 만든 레어북!!

와우스토리 첫번째 이야기..

관심가져주시길. ㅋㅋ

Content
<BHO> .............................................................................................................................................................................................. 9
1. BHO(Browser Helper Object) ............................................................................................................................. 11
1.1. What’s BHO .............................................................................................................................................................................. 11
1.2. Why BHO .................................................................................................................................................................................. 11
1.3. CLSID(Class ID)? ..................................................................................................................................................................... 11
1.4. DLL(Dynamic Link Library) .............................................................................................................................................. 12
1.5. Malignancy BHO(Spyware) .............................................................................................................................................. 12
2. Example for a BHO ............................................................................................................................................. 12
2.1. Environment ............................................................................................................................................................................ 12
2.2. For a testBHO ......................................................................................................................................................................... 13
2.2.1. ATL(Active Template Library) .................................................................................................... 13
2.2.2. BHO 등록 ...................................................................................................................................... 16
3. How to Clear Malignancy BHO ......................................................................................................................... 19
3.1. A way of Softeware ............................................................................................................................................................. 19
3.2. Clear by hand ......................................................................................................................................................................... 21
4. Conclusion ............................................................................................................................................................. 22
5. Reference ............................................................................................................................................................... 23
<악성코드 인코딩 디코딩> ......................................................................................................................................... 24
1. 악성코드의 정의 .................................................................................................................................................... 26
2. 악성코드의 종류 .................................................................................................................................................... 26
3. 악성코드 인코딩과 디코딩의 방법 소개와 분석 ............................................................................................... 27
3.1. HTML Page escape/unescape ........................................................................................................................................ 27
3.2. ‘\’ Encoding ............................................................................................................................................................................ 28
3.3. Microsoft Script Encoder .................................................................................................................................................. 29
3.4. US-ASCII .................................................................................................................................................................................... 31
4. 결론 ......................................................................................................................................................................... 33
5. Reference ............................................................................................................................................................... 33
<WHS, VBS를 이용한 악성코드> .......................................................................................................................... 34
1. WSH(Windows Script Host)와 VBS(Visual Basic Script) ................................................................................... 36
1.1. WSH ............................................................................................................................................................................................. 36
1.2. VBS ............................................................................................................................................................................................... 36
2. VBS 사용방법 ............................................................................................................................................................. 36
2.1. Wscript.Shell ............................................................................................................................................................................ 36
2.2. 레지스트리편집 ........................................................................................................................................................................ 37
2.3. Scripting.FileSystemObject .............................................................................................................................................. 38
2.4. Wscript.Network ................................................................................................................................................................... 39
-4-
2.5. Microsoft.XMLHttp .............................................................................................................................................................. 39
2.6. ADODB.Stream ....................................................................................................................................................................... 40
2.7. 웹에서의 스크립트 사용 ...................................................................................................................................................... 40
3. VBS의 실제 사용 ....................................................................................................................................................... 42
3.1. 폴더에 자기 자신을 복사 ................................................................................................................................................... 42
3.2. 시작 레지스트리에 등록 ...................................................................................................................................................... 43
3.3. 웹사이트에서 악성코드 다운로드 ................................................................................................................................... 44
4. 방어 ......................................................................................................................................................................... 46
5. 결론 ......................................................................................................................................................................... 46
6. 참고문헌 ................................................................................................................................................................. 47
<관리자 백도어 계정과 탐지> ................................................................................................................................. 49
1. 관리자 백도어 계정 .............................................................................................................................................. 51
1.1. ‘$’백도어 계정 ......................................................................................................................................................................... 51
1.2. 레지스트리 변조 백도어 계정 .......................................................................................................................................... 52
1.3. SAM 레지스트리..................................................................................................................................................................... 53
2. 관리자 백도어 계정 탐지 방법 ............................................................................................................................ 56
2.1. ‘$’ 백도어 계정 탐지 ............................................................................................................................................................ 56
2.2. 레지스트리 변조 백도어 탐지 .......................................................................................................................................... 57
3. 결론 ......................................................................................................................................................................... 59
4. 참고문헌 ................................................................................................................................................................. 59
<The Way of Binary Copy Without Permission> ............................................................................... 60
1. 들어가며 ................................................................................................................................................................. 61
2. Linux, FreeBSD 란? .............................................................................................................................................. 61
3. 방법론 ..................................................................................................................................................................... 61
4. ptrace의 소개 ........................................................................................................................................................ 63
5. 핵심코드 ................................................................................................................................................................. 64
6. Let’s play hktrace ................................................................................................................................................. 70
7. 마치며 ..................................................................................................................................................................... 74
8. 참고자료 ................................................................................................................................................................. 74
9. 소스코드 첨부( hktrace.c ) .................................................................................................................................. 74
<Heap-Based Overflow for Baby> .................................................................................................................... 84
1. 서론[기본지식] ....................................................................................................................................................... 86
1.1. OverFlow의 개념 ................................................................................................................................................................... 86
1.2. Memory 구조 .......................................................................................................................................................................... 87
1.3. Heap Memory와 그 구조 .................................................................................................................................................. 89
2. Detail of malloc() ................................................................................................................................................. 91
2.1. Malloc의 기본 원리 .............................................................................................................................................................. 91
2.2. Heap Memory의 구조 ......................................................................................................................................................... 94
3. Heap Overflow Attack ........................................................................................................................................ 97
-5-
3.1. Heap Overflow공격의 가능성.......................................................................................................................................... 97
3.2. Simple Heap-Based Overflow Attack!! ...................................................................................................................... 99
4. 결론 ....................................................................................................................................................................... 103
5. 참조문헌 ............................................................................................................................................................... 103
<SELinux Operations & Sources Analysis> ............................................................................................ 104
1. SELinux 소개 및 기능 ........................................................................................................................................ 106
2. SELinux 설치 및 운용 ........................................................................................................................................ 107
2.1. 설치 및 운용 모드 ........................................................................................................................................................... 107
2-2. 지원되는 응용 프로그램 ............................................................................................................................................... 108
2-3. 정책 만들기 및 정보조회 ............................................................................................................................................. 112
2-4. semodule의 사용 ............................................................................................................................................................ 126
2-5. audit2allow의 사용 ........................................................................................................................................................ 127
3. 감사 로그 분석 .................................................................................................................................................... 128
4. SELinux 동작 구조 ............................................................................................................................................. 129
4-1. SELinux 전체 구조 .......................................................................................................................................................... 129
4-2. LSM Hook 과정 ............................................................................................................................................................... 130
4-3. LSM 커널 모듈 구조...................................................................................................................................................... 131
4-4. 사용자 공간의 객체 관리자 ........................................................................................................................................ 132
4-5. 사용자 공간의 정책 서버 ............................................................................................................................................. 133
4-6. 타입 전이 과정 ................................................................................................................................................................. 134
5. SELinux 소스분석 ............................................................................................................................................... 135
5-1. SELinux는 어디서부터 시작하는가 ........................................................................................................................... 135
5-2. 주요함수 호출 관계도 ................................................................................................................................................... 136
5-2. SID는 어디에 저장되는가 ............................................................................................................................................ 142
5-3. Security Context는 어떻게 사용되는가 ................................................................................................................. 143
5-4. S. O. A. 란? ........................................................................................................................................................................ 144
5-5. Process가 결정될 때 타입 결정 ............................................................................................................................... 145
6. 결 론 ..................................................................................................................................................................... 145
7. 참고자료(Reference) .......................................................................................................................................... 146
<Passive OS Fingerprint 소개> ........................................................................................................................... 147
1. 개요 ....................................................................................................................................................................... 149
2. OS Fingerprint 기법 .......................................................................................................................................... 149
2.1. Active OS Fingerprint ...................................................................................................................................................... 149
2.2. Passive OS Fingerprint .................................................................................................................................................... 150
3. Passive OS Fingerprint ..................................................................................................................................... 150
3.1. 원리 ............................................................................................................................................................................................ 150
3.1.1. TTL(Time To Live) ...................................................................................................................... 150
3.1.2. Window Size ............................................................................................................................... 152
3.1.3. DF : Don’t Flagment bit ........................................................................................................... 152
3.1.4. TOS(Type Of Service) ................................................................................................................ 152
-6-
3.1.5. Passive OS Fingerprinting ........................................................................................................ 152
3.2. TOOL ......................................................................................................................................................................................... 154
3.2.1. Download ................................................................................................................................... 154
3.2.2. 사용 .............................................................................................................................................. 154
4. 방어 ....................................................................................................................................................................... 155
5. 결론 ....................................................................................................................................................................... 156
6. 참고문헌 ............................................................................................................................................................... 157
<PE Unpacking>…………………………………………………………………………………………………………………………….. 147
1. 들어가면서 ........................................................................................................................................................... 160
2. Packing이란 무엇인가........................................................................................................................................ 160
3. Packing된 파일은 어떻게 실행이 되는 것인가 .............................................................................................. 161
4. Packing된 파일인지 아닌지를 어떻게 판단 할 것인가 ................................................................................. 165
4.1. Section의 Naming ............................................................................................................................................................. 167
4.2 Import Table이 눈에 띄게 작은 경우 ........................................................................................................................ 167
4.3 String Table에 알 수 없는 값들로 채워져 있거나 아예 없는 경우 ............................................................. 168
4.4 Standard Entry Point가 아닐 경우 ............................................................................................................................. 168
5 OEP를 찾아내자 .................................................................................................................................................. 169
5.1 Stack Based ........................................................................................................................................................................... 169
5.1.1 OEP Find – 1 ............................................................................................................................... 170
5.1.2 OEP Find – 2 ............................................................................................................................... 175
6 이미지를 덤프하자 .............................................................................................................................................. 180
6.1 Dump by OllyDump ......................................................................................................................................................... 180
6.2 Dump by PE-Tools ............................................................................................................................................................. 181
6.3 Dump by LordPE ................................................................................................................................................................ 181
7 IAT를 복구하자 .................................................................................................................................................... 182
7.1 자동화 툴을 이용한 IAT 복구 ....................................................................................................................................... 183
7.1.1 자동으로 복구 해주니까 편하네 ............................................................................................... 183
7.1.2 왜 IAT복구를 못하는 거지? ....................................................................................................... 184
7.2 직접 IAT를 복구하자 ......................................................................................................................................................... 190
7.2.1 프로그램 로드 전과 후의 IAT의 모습은 어떨까? .................................................................. 190
7.2.2 이제 직접 IAT를 복구해보자 .................................................................................................... 196
8 Anti-Reversing만 없으면 좋으련만 .................................................................................................................. 210
8.1 Debugger Detection ......................................................................................................................................................... 210
8.1.1 OutputDebugString.................................................................................................................. 210
8.1.2 PEB.BeingDebugged ................................................................................................................. 213
8.1.3 PEB.NtGlobalFlag ....................................................................................................................... 214
8.1.4 HEAP.ForceFlags ......................................................................................................................... 216
8.1.5 FindWindow ............................................................................................................................... 219
8.2 Anti-Analysis ........................................................................................................................................................................ 222
8.2.1 Stolen Byte ................................................................................................................................. 222
8.2.2 Gabage Code .............................................................................................................................. 223
-7-
8.2.3 Junk Code .................................................................................................................................. 224
8.3 Breakpoint Detection ....................................................................................................................................................... 226
8.3.1 소프트웨어 브레이크 포인트 탐지 ........................................................................................... 226
8.3.2 하드웨어 브레이크 포인트 탐지 ............................................................................................... 229
9 이제 MUP를 해보자 ........................................................................................................................................... 235
9.1 GHF Protector - Full Option ........................................................................................................................................ 235
9.1.1 Protect 옵션 벗겨내기 .............................................................................................................. 235
9.1.2 Pack 옵션 벗겨내기 ................................................................................................................... 245
9.1.3 IAT 복구와 덤프하기 .................................................................................................................. 248
10 마치면서 ............................................................................................................................................................... 256
11 Reference & Thanks .......................................................................................................................................... 256
<Hackers in China> ........................................................................................................................................................ 258
1. 중국 해커 전쟁 연대기 ...................................................................................................................................... 260
2. 중국 해커 그룹 사이트 ...................................................................................................................................... 262
3. 중국 해킹 잡지 사이트 ...................................................................................................................................... 266
4. 중국 해커 연구 그룹 사이트 .............................................................................................................................. 267
5. 마치며 ................................................................................................................................................................... 271
6. 컴퓨터 IT 보안관련 용어(한.영.중) .................................................................................................................... 272
-8-

'시스템/IT/탐나는정보들' 카테고리의 다른 글

윈도우 미디어 서버로의 전환 (0)	2008.09.23
맥용 원격코드 편집기 (like 에디트플러스) (1)	2008.07.20
MAC OSX 프로그램 삭제 [맥 프로그렘 삭제툴] (0)	2008.07.20
맥북 프로 메모리 업그레이드 (3)	2008.07.19
드디어 속도해결 802.11n (0)	2008.05.31

« 2024/05 »
일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

'시스템/IT/탐나는정보들' 카테고리의 다른 글

티스토리툴바