SlideShare a Scribd company logo

Addios!

Chong-Kuan Chen
Chong-Kuan Chen

Usenix 2015 study

Engineering
1 of 45
Download to read offline
ADDioS! C.K.Chen
Papers • In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services • Bohatei: Flexible and Elastic DDoS Defense • Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge
Bohatei: Flexible and Elastic DDoS Defense Seyed K. Fayaz, Yoshiaki Tobioka, and Vyas Sekar, Carnegie Mellon University; Michael Bailey, University of Illinois at Urbana-Champaign
Outline • Background • DDOS • SDN/NFV • Problem • Contribution • Proposed Scheme • Threat Model • Bohatei
DDOS • DDOS is an emerge threat of network service • A large number of devices control by adversary • Large volume of flow make the victim service uavailable • DDOS attack is getting worse • Increasing in number/volume • New methods of attacks • Evaluation
Traditional DDoS Defense • Buy very expansive security devices against DDOS • Outsource DDOS defense to remote cloud service • Problem ? • Fixed volumes to handle • Fixed type to handle • Fixed location to handle
SDN: Software-Defined Network • Data plan & control plan separation • Centralize management • Open and shared APIs
Data plan & Control plan • Data Plan • Forwards traffic to the next hop along the path to the selected destination network according to control plane logic • Control Plane • Makes decisions about where traffic is sent • Control Data Plan
One Picture for SDN mechanism •
NFV: Network Function Virtualization
Problem • Can SDN/NFV improve the defense of DDOS?
Contribution • Propose the architecture to deploy SDN/NFV against DDOS • Propose several method to enhance the abilities of SDN/NFV to defense DDOS • Hierarchical Decomposition • Proactive tag‐based steering • Open Source • https://github.com/ddos-defense/bohatei
Threat Model • DDoS against the victim who is customer of the ISP • Adversary’s aim is to exhaust the network bandwidth of the victim • Adversary can choose different type of attack • Large number of bots is available for adversary • Adversary can choose from the set of ISP ingress locations ,which the attack traffic can enter the ISP
Dynamic adversaries • Attacker may change the volume and type of attack • How to avoid • wasting compute resources by overprovisioning for attack • not instantiating the required defenses
Bohatei System Overview • Bohatei is an ISP-scale system for ddos defense • Base on SDN/NFV technique
Strategy Layer • Predict the attack pattern • The time window exist between Attack occurring and Bohatei react to attack • Therefore, we need to estimate the volume of future attack • If we over-estimate, attacker can waste resource of ISP • If we under-estimate, attacker can successful deliver attack traffic • Online Adaption • PredicIon = F (Obs. History + Random )
Responsive resource management • Assigning the ISP’s available compute and network resources to DDoS defense • Decide the type and number of machines to deploy • Attack traffic is handled properly while minimizing the latency experienced by legitimate traffic
Resource Manager • Decide how many VMs, what types, where to deploy • Global Optimization • Input: Resources, Suspicious traffic predictions, Defense library • Output: Types, numbers, and locations of VMs? Routing decisions? • Use Global Optimization is too slow • Hierarchical Decomposition
Hierarchical Decomposition • Global controller is only responsible for datacenter level routing • DSP: Datacenter Selection Problem 1. Sort the suspicious traffic by it’s volumes 2. Assign each traffic to the datacenter with minimize cost • Local controller assigns the VMs to defense DDOS within the DC • SSP: Server Selection Problem • Instance the nodes locality closed to attack to handle the attack
Scalable network orchestration • Set up switch forwarding rules in a per-flow and reactive manner • Per-flow: one forwarding entry for one flow • Reactive: once the forwarding entry not exists, the switch queries the controller to update • per-flow and reactive manner is not suitable for DDOS defense • an adversary can easily saturate the control plane bandwidth • installing per-flow rules on the switches will quickly exhaust the limited rule space
Network Orchestration • Configure network to route traffic • Follow the decomposition in Resource Manager, Network Orchestration is also divided into global and local component • Wide-area orchestration • MPLS is more suitable than SDN to configure wide-area network routing • Intra-datacenter orchestration • Classic SDN mechanism, which is a reactive, per‐flow routing, is not scalable • Proactive tag‐based steering
Proactive tag‐based steering • It take times to query remote controller if the flow has no match in local policy cache • DDOS attack may consists large number of flow, which make the policy number increasing exponential • Assign tag to each flow and decide what to do based on tag
SYN Flood Defense
Evaluation • Demonstrate the Bohatei can respond to attacks rapidly • Bohatei restores performance of benign traffic ≈ 1
Evaluation • Is the size of forwarding table increasing exponential?
Conclusion • Demonstrate how SDN/NFV can help defensing DDOS • Propose Bohatei to improve the power against DDOS • Online Learning • Hierarchical Decomposition • Proactive tag‐based steering • Evaluate Bohatei to defense DDOS • Open source • https://github.com/ddos-defense/bohatei
In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services Giancarlo Pellegrino, Saarland University; Davide Balzarotti, Eurecom; Stefan Winter and Neeraj Suri, Technische Universität Darmstadt
Outline • Data Compression • Problem - DOS Due to Data Compression • Contribution • Problem of Data Compression in Network Service • Implementation • Specification • Configuration • Conclusion
Data Compression • Data Compression is the common technique in network service such as HTTP, XMPP (eXtensible Messaging and Presence Protocol), IMAP (Internet Message Access Protocol)… • Save the bandwidth to transfer large data • Deflate Algorithm • Defined in RFC 1951 • Implemented in libraries, e.g., zlib, or as a tool, e.g., gzip, and Zip archive tool • Available in most of the programming languages
DDOS v.s. Data Compression • Advantage • Save large amount of bandwidth • Disadvantage • Unbalanced Client-Server Scenario • Computation Intensive Task • Space in Disk/Memory • Can be precomputed
1996: Zip Bombs Attack • http://www.unforgettable.dk/42.zi p • 5 layers of nested zip files in blocks of 16, last layer with text files of 4.3 GB each • So, if you extract all files, you will most likely run out of space • 4.503.599.626.321.920 (4,5PB)
2003: Billion Laughs • Resource exhaustion in libxml2 when processing nested XML entity definitions • 810 bytes of XML document expanded to 3GB <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ELEMENT lolz (#PCDATA)> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENT ITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz> &lol9; </lolz>
Contribution • Study and Categorize the DOS method due to improper decompression design and implementation • 12 types of design/implement flaw lead to DOS • Based on their study, the popular network service is evaluated for it’s decompression design/implement • Discovered 10 previously unknown vulnerabilities
Pitfalls
Decompression before Authentication • Less access control can be enforced before authentication • Adversary can send compression bomb to exhaust server’s resource • Prosody accepted compressed messages before user authentication • Implementation may diverge from the specs
Improper Input Validation during Decompression • If the size of data is larger than threshold, stop handle the data • How to set the threshold? • How to evaluate the size after decompression ? 1. Compressed message size • Mistake way • mod-deflate: If ( compr.size > LimitRequestBody) → Reject 2. Decompression ratio 3. Decompressed message size during the decompression process • Best way, decompression each small chunk and check the size • mod-deflate + mod-dav: If (decompr.size > LimitXMLRequestBody) → Reject CVE-2014-0118
Improper Inter-Units Communication • Many network service implement data processing procedure in the pipeline manner • Upon exception, the pipeline should halts and rejects message in all processing unit • mod-php and mod-gsoap limit the size of incoming (decompressed) message, but had no means to halt mod-deflate • mod_deflate continue to decompress data CVE-2014-0118
Logging Decompressed Messages • Frequency and verbosity of log events can cause DoS • Upon invalid requests, Apache CXF logs first 100KB of incoming message • However, first it decompresses the entire message on a file, then logs the first 100KB • DoS due to memory/disk space exhaustion CVE-2014-0109/-0110
Specification Level • Misleading or No(most cases) Documentation • IDS04-J. Safely extract files from ZipInputStream • it suggests developers verify the decompressed size reported in the file headers before accepting a Zip archive. • this information can be easily forged by an attacker to contain any arbitrary value
Configuration Level • Insufficient Configuration Options • Insecure Default Values • Decentralized Configuration Parameters
Zip Bombs Everywhere
Conclusion • ~20 years after the zip bombs, developers still unaware of the risks of handling data compression • Discovered 10 previously-unknown vulns. in popular network services • Presented 12 pitfalls which can be used by developers to build more secure services
Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge Bradley Reaves, Adam Bates, Patrick Traynor, University of Florida; Ethan Shernan, Henry Carter, Georgia Institute of Technology;
Simbox Fraud • Simbox Fraud • Adversaries, ex. ISP, use VoIP to transfer the phone call • VoIP based on internet may have lower QOS • Use Simbox to convert back to phone call and deliver to user • Use VoIP-GSM gateways informally known as “simboxes”
Detecting Unconcealed Losses • We can compute the short-term energy of audio and look for sudden drops and rises again

Recommended

2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1Chong-Kuan Chen
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014Chong-Kuan Chen
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 

Recommended

2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1Chong-Kuan Chen
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014Chong-Kuan Chen
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat Security Conference
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentationisc2-hellenic
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...Priyanka Aash
 
Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017FRSecure
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsNCC Group
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat Security Conference
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detectionChong-Kuan Chen
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksPriyanka Aash
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
1000 to 0
1000 to 01000 to 0
1000 to 0Sunny Neo
 
Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysisChong-Kuan Chen
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 

More Related Content

What's hot

BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat Security Conference
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentationisc2-hellenic
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...Priyanka Aash
 
Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017FRSecure
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsNCC Group
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat Security Conference
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detectionChong-Kuan Chen
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksPriyanka Aash
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 

What's hot (20)

BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking Authentication
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentation
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECU...
 
Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 7 – FRSecure CISSP Mentor Program 2017
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networks
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
 
1000 to 0
1000 to 01000 to 0
1000 to 0
 

Viewers also liked

Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysisChong-Kuan Chen
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure ComputationChong-Kuan Chen
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
Become A Security Master
Become A Security MasterBecome A Security Master
Become A Security MasterChong-Kuan Chen
 
HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享Chong-Kuan Chen
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and ExecutionChong-Kuan Chen
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueChong-Kuan Chen
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-AreaOrange Tsai
 

Viewers also liked (12)

Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysis
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysis
 
Mem forensic
Mem forensicMem forensic
Mem forensic
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure Computation
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
Become A Security Master
Become A Security MasterBecome A Security Master
Become A Security Master
 
HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享
 
Android system security
Android system securityAndroid system security
Android system security
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and Execution
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area
 

Similar to Addios!

Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu NepalDDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu NepalGurzuInc
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1InfoSec Girls
 
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxUNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxLeahRachael
 
Data Lake and the rise of the microservices
Data Lake and the rise of the microservicesData Lake and the rise of the microservices
Data Lake and the rise of the microservicesBigstep
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Fwdays
 
Cloud Computing - Geektalk
Cloud Computing - GeektalkCloud Computing - Geektalk
Cloud Computing - GeektalkMalisa Ncube
 
HDFS_architecture.ppt
HDFS_architecture.pptHDFS_architecture.ppt
HDFS_architecture.pptvijayapraba1
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ
 
UNIT I DIS.pptx
UNIT I DIS.pptxUNIT I DIS.pptx
UNIT I DIS.pptxSamPrem3
 
Ransomware-Recovery-as-a-Service
Ransomware-Recovery-as-a-ServiceRansomware-Recovery-as-a-Service
Ransomware-Recovery-as-a-ServiceSagi Brody
 
internet network for o level
internet network for o level internet network for o level
internet network for o level Samit Singh
 
DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.Глеб Хохлов
 

Similar to Addios! (20)

Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
DDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu NepalDDOS Attack - Gurzu Nepal
DDOS Attack - Gurzu Nepal
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxUNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
 
Data Lake and the rise of the microservices
Data Lake and the rise of the microservicesData Lake and the rise of the microservices
Data Lake and the rise of the microservices
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing - Geektalk
Cloud Computing - GeektalkCloud Computing - Geektalk
Cloud Computing - Geektalk
 
HDFS_architecture.ppt
HDFS_architecture.pptHDFS_architecture.ppt
HDFS_architecture.ppt
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
UNIT I DIS.pptx
UNIT I DIS.pptxUNIT I DIS.pptx
UNIT I DIS.pptx
 
Ransomware-Recovery-as-a-Service
Ransomware-Recovery-as-a-ServiceRansomware-Recovery-as-a-Service
Ransomware-Recovery-as-a-Service
 
internet network for o level
internet network for o level internet network for o level
internet network for o level
 
Introduction
IntroductionIntroduction
Introduction
 
13778757.ppt
13778757.ppt13778757.ppt
13778757.ppt
 
DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.
 

Recently uploaded

College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 

Recently uploaded (20)

College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 

Addios!

  • 2. Papers • In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services • Bohatei: Flexible and Elastic DDoS Defense • Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge
  • 3. Bohatei: Flexible and Elastic DDoS Defense Seyed K. Fayaz, Yoshiaki Tobioka, and Vyas Sekar, Carnegie Mellon University; Michael Bailey, University of Illinois at Urbana-Champaign
  • 4. Outline • Background • DDOS • SDN/NFV • Problem • Contribution • Proposed Scheme • Threat Model • Bohatei
  • 5. DDOS • DDOS is an emerge threat of network service • A large number of devices control by adversary • Large volume of flow make the victim service uavailable • DDOS attack is getting worse • Increasing in number/volume • New methods of attacks • Evaluation
  • 6. Traditional DDoS Defense • Buy very expansive security devices against DDOS • Outsource DDOS defense to remote cloud service • Problem ? • Fixed volumes to handle • Fixed type to handle • Fixed location to handle
  • 7. SDN: Software-Defined Network • Data plan & control plan separation • Centralize management • Open and shared APIs
  • 8. Data plan & Control plan • Data Plan • Forwards traffic to the next hop along the path to the selected destination network according to control plane logic • Control Plane • Makes decisions about where traffic is sent • Control Data Plan
  • 9. One Picture for SDN mechanism •
  • 10. NFV: Network Function Virtualization
  • 11. Problem • Can SDN/NFV improve the defense of DDOS?
  • 12. Contribution • Propose the architecture to deploy SDN/NFV against DDOS • Propose several method to enhance the abilities of SDN/NFV to defense DDOS • Hierarchical Decomposition • Proactive tag‐based steering • Open Source • https://github.com/ddos-defense/bohatei
  • 13. Threat Model • DDoS against the victim who is customer of the ISP • Adversary’s aim is to exhaust the network bandwidth of the victim • Adversary can choose different type of attack • Large number of bots is available for adversary • Adversary can choose from the set of ISP ingress locations ,which the attack traffic can enter the ISP
  • 14. Dynamic adversaries • Attacker may change the volume and type of attack • How to avoid • wasting compute resources by overprovisioning for attack • not instantiating the required defenses
  • 15. Bohatei System Overview • Bohatei is an ISP-scale system for ddos defense • Base on SDN/NFV technique
  • 16. Strategy Layer • Predict the attack pattern • The time window exist between Attack occurring and Bohatei react to attack • Therefore, we need to estimate the volume of future attack • If we over-estimate, attacker can waste resource of ISP • If we under-estimate, attacker can successful deliver attack traffic • Online Adaption • PredicIon = F (Obs. History + Random )
  • 17. Responsive resource management • Assigning the ISP’s available compute and network resources to DDoS defense • Decide the type and number of machines to deploy • Attack traffic is handled properly while minimizing the latency experienced by legitimate traffic
  • 18. Resource Manager • Decide how many VMs, what types, where to deploy • Global Optimization • Input: Resources, Suspicious traffic predictions, Defense library • Output: Types, numbers, and locations of VMs? Routing decisions? • Use Global Optimization is too slow • Hierarchical Decomposition
  • 19. Hierarchical Decomposition • Global controller is only responsible for datacenter level routing • DSP: Datacenter Selection Problem 1. Sort the suspicious traffic by it’s volumes 2. Assign each traffic to the datacenter with minimize cost • Local controller assigns the VMs to defense DDOS within the DC • SSP: Server Selection Problem • Instance the nodes locality closed to attack to handle the attack
  • 20. Scalable network orchestration • Set up switch forwarding rules in a per-flow and reactive manner • Per-flow: one forwarding entry for one flow • Reactive: once the forwarding entry not exists, the switch queries the controller to update • per-flow and reactive manner is not suitable for DDOS defense • an adversary can easily saturate the control plane bandwidth • installing per-flow rules on the switches will quickly exhaust the limited rule space
  • 21. Network Orchestration • Configure network to route traffic • Follow the decomposition in Resource Manager, Network Orchestration is also divided into global and local component • Wide-area orchestration • MPLS is more suitable than SDN to configure wide-area network routing • Intra-datacenter orchestration • Classic SDN mechanism, which is a reactive, per‐flow routing, is not scalable • Proactive tag‐based steering
  • 22. Proactive tag‐based steering • It take times to query remote controller if the flow has no match in local policy cache • DDOS attack may consists large number of flow, which make the policy number increasing exponential • Assign tag to each flow and decide what to do based on tag
  • 24. Evaluation • Demonstrate the Bohatei can respond to attacks rapidly • Bohatei restores performance of benign traffic ≈ 1
  • 25. Evaluation • Is the size of forwarding table increasing exponential?
  • 26. Conclusion • Demonstrate how SDN/NFV can help defensing DDOS • Propose Bohatei to improve the power against DDOS • Online Learning • Hierarchical Decomposition • Proactive tag‐based steering • Evaluate Bohatei to defense DDOS • Open source • https://github.com/ddos-defense/bohatei
  • 27. In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services Giancarlo Pellegrino, Saarland University; Davide Balzarotti, Eurecom; Stefan Winter and Neeraj Suri, Technische Universität Darmstadt
  • 28. Outline • Data Compression • Problem - DOS Due to Data Compression • Contribution • Problem of Data Compression in Network Service • Implementation • Specification • Configuration • Conclusion
  • 29. Data Compression • Data Compression is the common technique in network service such as HTTP, XMPP (eXtensible Messaging and Presence Protocol), IMAP (Internet Message Access Protocol)… • Save the bandwidth to transfer large data • Deflate Algorithm • Defined in RFC 1951 • Implemented in libraries, e.g., zlib, or as a tool, e.g., gzip, and Zip archive tool • Available in most of the programming languages
  • 30. DDOS v.s. Data Compression • Advantage • Save large amount of bandwidth • Disadvantage • Unbalanced Client-Server Scenario • Computation Intensive Task • Space in Disk/Memory • Can be precomputed
  • 31. 1996: Zip Bombs Attack • http://www.unforgettable.dk/42.zi p • 5 layers of nested zip files in blocks of 16, last layer with text files of 4.3 GB each • So, if you extract all files, you will most likely run out of space • 4.503.599.626.321.920 (4,5PB)
  • 32. 2003: Billion Laughs • Resource exhaustion in libxml2 when processing nested XML entity definitions • 810 bytes of XML document expanded to 3GB <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ELEMENT lolz (#PCDATA)> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENT ITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz> &lol9; </lolz>
  • 33. Contribution • Study and Categorize the DOS method due to improper decompression design and implementation • 12 types of design/implement flaw lead to DOS • Based on their study, the popular network service is evaluated for it’s decompression design/implement • Discovered 10 previously unknown vulnerabilities
  • 35. Decompression before Authentication • Less access control can be enforced before authentication • Adversary can send compression bomb to exhaust server’s resource • Prosody accepted compressed messages before user authentication • Implementation may diverge from the specs
  • 36. Improper Input Validation during Decompression • If the size of data is larger than threshold, stop handle the data • How to set the threshold? • How to evaluate the size after decompression ? 1. Compressed message size • Mistake way • mod-deflate: If ( compr.size > LimitRequestBody) → Reject 2. Decompression ratio 3. Decompressed message size during the decompression process • Best way, decompression each small chunk and check the size • mod-deflate + mod-dav: If (decompr.size > LimitXMLRequestBody) → Reject CVE-2014-0118
  • 37. Improper Inter-Units Communication • Many network service implement data processing procedure in the pipeline manner • Upon exception, the pipeline should halts and rejects message in all processing unit • mod-php and mod-gsoap limit the size of incoming (decompressed) message, but had no means to halt mod-deflate • mod_deflate continue to decompress data CVE-2014-0118
  • 38. Logging Decompressed Messages • Frequency and verbosity of log events can cause DoS • Upon invalid requests, Apache CXF logs first 100KB of incoming message • However, first it decompresses the entire message on a file, then logs the first 100KB • DoS due to memory/disk space exhaustion CVE-2014-0109/-0110
  • 39. Specification Level • Misleading or No(most cases) Documentation • IDS04-J. Safely extract files from ZipInputStream • it suggests developers verify the decompressed size reported in the file headers before accepting a Zip archive. • this information can be easily forged by an attacker to contain any arbitrary value
  • 40. Configuration Level • Insufficient Configuration Options • Insecure Default Values • Decentralized Configuration Parameters
  • 42. Conclusion • ~20 years after the zip bombs, developers still unaware of the risks of handling data compression • Discovered 10 previously-unknown vulns. in popular network services • Presented 12 pitfalls which can be used by developers to build more secure services
  • 43. Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge Bradley Reaves, Adam Bates, Patrick Traynor, University of Florida; Ethan Shernan, Henry Carter, Georgia Institute of Technology;
  • 44. Simbox Fraud • Simbox Fraud • Adversaries, ex. ISP, use VoIP to transfer the phone call • VoIP based on internet may have lower QOS • Use Simbox to convert back to phone call and deliver to user • Use VoIP-GSM gateways informally known as “simboxes”
  • 45. Detecting Unconcealed Losses • We can compute the short-term energy of audio and look for sudden drops and rises again