当前位置:首页 > 报告详情

卡西米尔·舒尔茨与汤姆·博纳_所有这些不安全的序列化格式让我们陷入困境.pdf

上传人: 张** 编号:175548 2024-09-13 43页 2.20MB

1、#BHUSA BlackHatEventsWe R in a right pickle with all these We R in a right pickle with all these insecure serialization formatsinsecure serialization formatsSpeaker(s):Kasimir Schulz&Tom Bonner#BHUSA BlackHatEventsIntroductionKasimir SchulzPrincipal Security Researcher at HiddenLayerlinkedin/in/kasi

2、mir-schulzSocials:abraxus7331Tom BonnerVP of Research at HiddenLayerlinkedin/in/thomas-j-bonnerSocials:thomas_bonner#BHUSA BlackHatEventsIntroduction Weve been investigating machine learning libraries and file formats Theres a huge problem with deserialization of“untrusted”data Were going to focus o

3、n Pickle and R,but its by no means limited to these formats#BHUSA BlackHatEventsWhy pickle?Its been done!-Marco Slaviero,Sour Pickles in 2011 13 years,many new python versions,a major lack of awareness and several pickle updates later#BHUSA BlackHatEventsWhy pickle?Still the big red warning Pickle u

4、sed for ML models,IPC,RPC,etc.More vulns than ever Mythic/CobaltStrike/Metasploit Anti-malware scanners are getting in on the act Cat and mouse game#BHUSA BlackHatEventsPickle recap Stack based virtual machine processing byte code Interleaves instructions and data Has a stack and memo(like registers

5、)Code exec via GLOBAL,STACK_GLOBAL,INST,and REDUCE opcodes#BHUSA BlackHatEventsPickle recapimport pickleclass Eval:def _reduce_(self):return eval,(fprint(pwnd!),)pickle.loads(pickle.dumps(Eval()_reduce_ returns callable+args tuple to reconstruct the object 0:x80 PROTO 4 2:x95 FRAME 42 11:x8c SHORT_B

6、INUNICODE builtins 21:x94 MEMOIZE (as 0)22:x8c SHORT_BINUNICODE eval 28:x94 MEMOIZE (as 1)29:x93 STACK_GLOBAL 30:x94 MEMOIZE (as 2)31:x8c SHORT_BINUNICODE print(pwnd!)47:x94 MEMOIZE (as 3)48:x85 TUPLE1 49:x94 MEMOIZE (as 4)50:R REDUCE 51:x94 MEMOIZE (as 5)52:.STOPhighest protocol among opcodes=4#BHU

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要介绍了Python的pickle和R语言的RDS格式在反序列化过程中存在的安全问题。 1. pickle是Python中用于序列化和反序列化对象的标准库,但由于其设计上的缺陷,容易受到反序列化漏洞的攻击。 2. R语言的RDS格式与Python的pickle类似,也存在类似的安全问题。RDS格式在R语言中广泛使用,如保存工作区、保存单个对象、共享数据和持久化存储等。 3. 文章详细介绍了如何利用pickle和RDS格式中的漏洞进行攻击,包括通过修改pickle输入流、添加自定义opcode处理程序等方法。 4. 文章还介绍了一些开源工具,如HiddenPickle和HiddenR,用于检测和防范pickle和RDS格式中的安全问题。 5. 文章强调,为了有效保护文件格式,需要深入了解其内部工作原理。仅仅检测基本模式而没有这种知识的扫描器将无法提供真正的保护。
为什么Python的pickle格式存在安全隐患? 如何利用RDS格式中的延迟评估机制进行攻击? 如何防范不安全的反序列化格式带来的安全风险?
客服
商务合作
小程序
服务号
折叠