Agreement in a distributed system is complicated but required. Scylla gained lightweight transactions through Paxos but the latter has a cost of 3X roundtrips. Raft can allow consistent transactions without the performance penalty. Beyond LWT, we plan to integrate Raft with most aspects of Scylla making a leap forward in manageability and consistency
Deep dive into highly available open stack architecture openstack summit va...Arthur Berezin
This document summarizes a presentation on highly available OpenStack architecture. It discusses using Pacemaker and HAProxy for high availability enabling services. Shared databases like MariaDB Galera and message queues like RabbitMQ are made highly available. Individual OpenStack services like Keystone, Glance, Cinder, Nova, Neutron, and Horizon are made highly available through active-active clustering, load balancing, and fencing. The presentation covers topologies for controller, compute, network, and storage nodes. It provides examples of making individual services highly available and discusses ongoing work and future plans to improve high availability in OpenStack.
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
The document discusses Windows authentication methods and their vulnerabilities. It provides details on how passwords are hashed and stored for different Windows versions. While NTLMv2 and Kerberos provide stronger authentication, LM hashes, NTLMv1, and NTLM authentication are vulnerable to dictionary attacks due to using static challenges. The document also describes how tools like rainbow tables and network sniffers can crack passwords hashes or capture authentication packets.
Agreement in a distributed system is complicated but required. Scylla gained lightweight transactions through Paxos but the latter has a cost of 3X roundtrips. Raft can allow consistent transactions without the performance penalty. Beyond LWT, we plan to integrate Raft with most aspects of Scylla making a leap forward in manageability and consistency
Deep dive into highly available open stack architecture openstack summit va...Arthur Berezin
This document summarizes a presentation on highly available OpenStack architecture. It discusses using Pacemaker and HAProxy for high availability enabling services. Shared databases like MariaDB Galera and message queues like RabbitMQ are made highly available. Individual OpenStack services like Keystone, Glance, Cinder, Nova, Neutron, and Horizon are made highly available through active-active clustering, load balancing, and fencing. The presentation covers topologies for controller, compute, network, and storage nodes. It provides examples of making individual services highly available and discusses ongoing work and future plans to improve high availability in OpenStack.
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
The document discusses Windows authentication methods and their vulnerabilities. It provides details on how passwords are hashed and stored for different Windows versions. While NTLMv2 and Kerberos provide stronger authentication, LM hashes, NTLMv1, and NTLM authentication are vulnerable to dictionary attacks due to using static challenges. The document also describes how tools like rainbow tables and network sniffers can crack passwords hashes or capture authentication packets.
Lightweight Transactions at Lightning SpeedScyllaDB
This talk will outline the Scylla implementation of Lightweight Transactions (LWT) that brings us to parity with Apache Cassandra. We will cover how to use it, what is working, and what is left to be done. We will also cover what other improvements are in store to improve Scylla's transactional capabilities and why it matters.
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbgSam Bowne
This document discusses using WinDbg for kernel debugging and analyzing rootkits. It explains that WinDbg can debug in both user-mode and kernel-mode, unlike OllyDbg which is only for user-mode. Device drivers run code in the Windows kernel and are difficult to analyze. The DriverEntry routine is called when a driver is loaded and it registers callback functions. Malware often imports functions from Ntoskrnl.exe and Hal.dll to manipulate the kernel. WinDbg commands like bp, lm, and dt are demonstrated for setting breakpoints, listing modules, and viewing structures. Symbol files from Microsoft provide function and structure names to make debugging easier.
This is an overview of interesting features from Apache Pulsar. Keep in mind that by the time I did this presentation I did not have used Pulsar yet. It's just my first impressions from the list of features.
1. The document provides an overview of practical scrum concepts including lean thinking, agile principles, scrum roles and ceremonies.
2. It discusses the roles of the product owner, scrum master and team in scrum and describes the four main scrum ceremonies: sprint planning, daily scrum, sprint review, and retrospective.
3. Key aspects of each ceremony are outlined such as their purpose, participants, and goals to continuously deliver working software and improve the process.
How Criteo is managing one of the largest Kafka Infrastructure in EuropeRicardo Paiva
This document discusses Criteo's large Kafka infrastructure in Europe. Some key details:
- Criteo uses Kafka to process up to 7 million messages per second (400 billion per day) across about 200 brokers in 13 Kafka clusters across multiple datacenters.
- They have developed an in-house C# Kafka client optimized for their high-throughput use case of no key partitioning and no order guarantees.
- Criteo monitors lag and message ordering using "watermark" messages containing timestamps that are tracked across partitions to measure stream processing lag.
- Data is replicated between clusters for redundancy using custom Kafka Connect connectors that write offsets to the destination.
Password cracking involves three main steps:
1. Collecting large datasets of passwords from breaches to use for guessing. The RockYou breach in 2009 provided over 32 million passwords that changed the game.
2. Hashing passwords like systems do, and checking if any hashes match the target. If the password is unique, it cannot be cracked.
3. Using techniques like rainbow tables to pre-compute hashes and speeds up the process of matching hashes to passwords without re-hashing each attempt. Systems now add "salt" to hashes to prevent pre-computed tables from working.
[cb22] Understanding the Chinese underground card shop ecosystem and becoming...CODE BLUE
Personal Identifiable Information (PII) leaks have become more frequent in recent years, and losses from credit card fraud in 2021 have set records respectively in Taiwan and Japan. Where did this information get leaked and sold in the first place?
The term "Dark web" refers to websites inaccessible without the use of Tor protocol, and given added privacy and anonymity while using Tor, and marketplaces in it are proven to be very attractive to criminals.
An anonymous researcher will share experiences of dealing with vendors from card shops on marketplaces among dark web, focused on insights of shops selling Taiwanese and Japanese PIIs, and therefore, TTPs of hackers from these card shops.
We hope to inspire audiences to rethink how to reduce credit card frauds.
This document discusses various ways that back-end components of web applications can be attacked by injecting malicious code or commands. It provides examples of how user input could be used to exploit vulnerabilities in OS commands, scripting languages, file paths, HTTP requests, and SMTP mail services. The key risks are command injection, path traversal, remote file inclusion, XML external entity injection, and HTTP/SMTP parameter injection. The document also offers suggestions for preventing these attacks, such as input validation, output encoding, and limiting file system and network access.
The document summarizes a presentation about Apache Ratis, a Raft consensus library. It introduces Raft consensus and describes Ratis' features like leader election, log replication, pluggable components, and use cases in Hadoop projects like Ozone. It also outlines Ratis' development status and future work areas like performance, metrics, security, and documentation.
The document discusses different types of internet traffic that network administrators must accommodate: bursty traffic which is transmitted unevenly in bursts; interactive traffic which consists of short request-response sessions like web browsing; latency sensitive traffic which requires timely delivery such as voice calls and video; and non-real time traffic like email which is not as sensitive to delivery speed. Identifying the type of traffic helps optimize how networks are facilitated.
This document discusses cross-site scripting (XSS) attacks and how they work. It covers different types of XSS like reflected XSS, stored XSS, and DOM-based XSS. Reflected XSS occurs when untrusted user input is reflected back without sanitization. Stored XSS happens when malicious scripts are stored in a database or server and executed when others view the content. DOM-based XSS abuses client-side scripts that access data from the URL and display it. Real-world examples like attacks on Apache, MySpace, and Twitter are also described.
This document discusses building microservices with gRPC and NATS. It begins with an introduction to microservices architecture and challenges in communication between microservices. It then covers using gRPC and Protocol Buffers to build high performance APIs, as well as using NATS for an event-driven architecture with publish-subscribe messaging. Code demos are provided for gRPC and NATS. The document concludes with a discussion of event sourcing and various messaging patterns when using NATS.
Injection on Steroids: Codeless code injection and 0-day techniquesenSilo
This document discusses techniques for injecting code into processes without directly writing code to the target process's memory. It introduces a technique called "Trap Frame Injection" which hijacks the CPU's user mode state that is stored in trap frames during system calls. It also presents a "Codeless Code Injection" technique which builds ROP chains on the user stack and manipulates the stack pointer to trigger execution without direct code writes. Challenges with this approach like getting return values and avoiding deadlocks are also outlined along with solutions like using a device handle callback or creating a dedicated thread.
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...gmaran23
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech Talk - Dec 22 - 2015
Screen Recording: https://vimeo.com/gmaran23/AutomatingWebApplicationSecurityWithOWASPZAPDOTNETAPI
MacOS memory allocator (libmalloc) ExploitationAngel Boy
The document discusses the memory allocator libmalloc used in MacOS. It details the data structures used to manage tiny chunks of memory less than 1008 bytes, including blocks, chunks, magazines, free lists, bitmaps and regions. The mechanism of allocating, freeing and caching tiny chunks is also described.
[若渴]Study on Side Channel Attacks and Countermeasures Aj MaChInE
[投影片錯誤更正] p.43 中間32數字改成64。右上藍色小框64改成63
原本要整理Meltdown與Spectre,但這兩個所利用的硬體行為之後都跟cache side channel有關係,所以閱讀Meltdown與Spectre之餘,就整理了相關cache side channel攻擊與防禦。
回饋問題:
一: 為什麼LLC要切割成LLC slice?
"Modern Intel processors, starting with the Sandy Bridge microarchitecture, use a more complex architecture for the LLC, to improve its performance. The LLC is divided into per-core slices, which are connected by a ring bus. Slices can be accessed concurrently and are effectively separate caches, although the bus ensures that each core can access the full LLC (with higher latency for remote slices)."
二: flush+reload with shared memory pages,為什麼要 flush+reload? 不是可以直接存取到資料?
討論的是共用shared library,洩漏victim使用shared library的情形。
三: RDTSCP ?
可量測執行指令的cycle數。
四: side channel攻擊需要環境運作的程式不能太複雜?
Kuon: 實際案例 embed運作環境並不複雜,e.g. trustzone上可能只運作openSSL。
AJ: 就算在複雜環境,可以找到觸發Victim的特定運算點,也是可以進行觀測。
The document describes an incident response case involving the compromise of a company's network. An attacker first gained access via a spear phishing email that exploited a vulnerable version of Adobe Acrobat. They then stole VPN credentials, allowing remote access from their home system. Over several weeks, the attacker performed reconnaissance and stole sensitive engineering data by modifying file permissions. The company's implementation of a SIEM tool helped identify the attacker's activities and multiple compromised accounts. An incident response team was brought in to fully eradicate the threat and secure the network.
Lightweight Transactions at Lightning SpeedScyllaDB
This talk will outline the Scylla implementation of Lightweight Transactions (LWT) that brings us to parity with Apache Cassandra. We will cover how to use it, what is working, and what is left to be done. We will also cover what other improvements are in store to improve Scylla's transactional capabilities and why it matters.
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbgSam Bowne
This document discusses using WinDbg for kernel debugging and analyzing rootkits. It explains that WinDbg can debug in both user-mode and kernel-mode, unlike OllyDbg which is only for user-mode. Device drivers run code in the Windows kernel and are difficult to analyze. The DriverEntry routine is called when a driver is loaded and it registers callback functions. Malware often imports functions from Ntoskrnl.exe and Hal.dll to manipulate the kernel. WinDbg commands like bp, lm, and dt are demonstrated for setting breakpoints, listing modules, and viewing structures. Symbol files from Microsoft provide function and structure names to make debugging easier.
This is an overview of interesting features from Apache Pulsar. Keep in mind that by the time I did this presentation I did not have used Pulsar yet. It's just my first impressions from the list of features.
1. The document provides an overview of practical scrum concepts including lean thinking, agile principles, scrum roles and ceremonies.
2. It discusses the roles of the product owner, scrum master and team in scrum and describes the four main scrum ceremonies: sprint planning, daily scrum, sprint review, and retrospective.
3. Key aspects of each ceremony are outlined such as their purpose, participants, and goals to continuously deliver working software and improve the process.
How Criteo is managing one of the largest Kafka Infrastructure in EuropeRicardo Paiva
This document discusses Criteo's large Kafka infrastructure in Europe. Some key details:
- Criteo uses Kafka to process up to 7 million messages per second (400 billion per day) across about 200 brokers in 13 Kafka clusters across multiple datacenters.
- They have developed an in-house C# Kafka client optimized for their high-throughput use case of no key partitioning and no order guarantees.
- Criteo monitors lag and message ordering using "watermark" messages containing timestamps that are tracked across partitions to measure stream processing lag.
- Data is replicated between clusters for redundancy using custom Kafka Connect connectors that write offsets to the destination.
Password cracking involves three main steps:
1. Collecting large datasets of passwords from breaches to use for guessing. The RockYou breach in 2009 provided over 32 million passwords that changed the game.
2. Hashing passwords like systems do, and checking if any hashes match the target. If the password is unique, it cannot be cracked.
3. Using techniques like rainbow tables to pre-compute hashes and speeds up the process of matching hashes to passwords without re-hashing each attempt. Systems now add "salt" to hashes to prevent pre-computed tables from working.
[cb22] Understanding the Chinese underground card shop ecosystem and becoming...CODE BLUE
Personal Identifiable Information (PII) leaks have become more frequent in recent years, and losses from credit card fraud in 2021 have set records respectively in Taiwan and Japan. Where did this information get leaked and sold in the first place?
The term "Dark web" refers to websites inaccessible without the use of Tor protocol, and given added privacy and anonymity while using Tor, and marketplaces in it are proven to be very attractive to criminals.
An anonymous researcher will share experiences of dealing with vendors from card shops on marketplaces among dark web, focused on insights of shops selling Taiwanese and Japanese PIIs, and therefore, TTPs of hackers from these card shops.
We hope to inspire audiences to rethink how to reduce credit card frauds.
This document discusses various ways that back-end components of web applications can be attacked by injecting malicious code or commands. It provides examples of how user input could be used to exploit vulnerabilities in OS commands, scripting languages, file paths, HTTP requests, and SMTP mail services. The key risks are command injection, path traversal, remote file inclusion, XML external entity injection, and HTTP/SMTP parameter injection. The document also offers suggestions for preventing these attacks, such as input validation, output encoding, and limiting file system and network access.
The document summarizes a presentation about Apache Ratis, a Raft consensus library. It introduces Raft consensus and describes Ratis' features like leader election, log replication, pluggable components, and use cases in Hadoop projects like Ozone. It also outlines Ratis' development status and future work areas like performance, metrics, security, and documentation.
The document discusses different types of internet traffic that network administrators must accommodate: bursty traffic which is transmitted unevenly in bursts; interactive traffic which consists of short request-response sessions like web browsing; latency sensitive traffic which requires timely delivery such as voice calls and video; and non-real time traffic like email which is not as sensitive to delivery speed. Identifying the type of traffic helps optimize how networks are facilitated.
This document discusses cross-site scripting (XSS) attacks and how they work. It covers different types of XSS like reflected XSS, stored XSS, and DOM-based XSS. Reflected XSS occurs when untrusted user input is reflected back without sanitization. Stored XSS happens when malicious scripts are stored in a database or server and executed when others view the content. DOM-based XSS abuses client-side scripts that access data from the URL and display it. Real-world examples like attacks on Apache, MySpace, and Twitter are also described.
This document discusses building microservices with gRPC and NATS. It begins with an introduction to microservices architecture and challenges in communication between microservices. It then covers using gRPC and Protocol Buffers to build high performance APIs, as well as using NATS for an event-driven architecture with publish-subscribe messaging. Code demos are provided for gRPC and NATS. The document concludes with a discussion of event sourcing and various messaging patterns when using NATS.
Injection on Steroids: Codeless code injection and 0-day techniquesenSilo
This document discusses techniques for injecting code into processes without directly writing code to the target process's memory. It introduces a technique called "Trap Frame Injection" which hijacks the CPU's user mode state that is stored in trap frames during system calls. It also presents a "Codeless Code Injection" technique which builds ROP chains on the user stack and manipulates the stack pointer to trigger execution without direct code writes. Challenges with this approach like getting return values and avoiding deadlocks are also outlined along with solutions like using a device handle callback or creating a dedicated thread.
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...gmaran23
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech Talk - Dec 22 - 2015
Screen Recording: https://vimeo.com/gmaran23/AutomatingWebApplicationSecurityWithOWASPZAPDOTNETAPI
MacOS memory allocator (libmalloc) ExploitationAngel Boy
The document discusses the memory allocator libmalloc used in MacOS. It details the data structures used to manage tiny chunks of memory less than 1008 bytes, including blocks, chunks, magazines, free lists, bitmaps and regions. The mechanism of allocating, freeing and caching tiny chunks is also described.
[若渴]Study on Side Channel Attacks and Countermeasures Aj MaChInE
[投影片錯誤更正] p.43 中間32數字改成64。右上藍色小框64改成63
原本要整理Meltdown與Spectre,但這兩個所利用的硬體行為之後都跟cache side channel有關係,所以閱讀Meltdown與Spectre之餘,就整理了相關cache side channel攻擊與防禦。
回饋問題:
一: 為什麼LLC要切割成LLC slice?
"Modern Intel processors, starting with the Sandy Bridge microarchitecture, use a more complex architecture for the LLC, to improve its performance. The LLC is divided into per-core slices, which are connected by a ring bus. Slices can be accessed concurrently and are effectively separate caches, although the bus ensures that each core can access the full LLC (with higher latency for remote slices)."
二: flush+reload with shared memory pages,為什麼要 flush+reload? 不是可以直接存取到資料?
討論的是共用shared library,洩漏victim使用shared library的情形。
三: RDTSCP ?
可量測執行指令的cycle數。
四: side channel攻擊需要環境運作的程式不能太複雜?
Kuon: 實際案例 embed運作環境並不複雜,e.g. trustzone上可能只運作openSSL。
AJ: 就算在複雜環境,可以找到觸發Victim的特定運算點,也是可以進行觀測。
The document describes an incident response case involving the compromise of a company's network. An attacker first gained access via a spear phishing email that exploited a vulnerable version of Adobe Acrobat. They then stole VPN credentials, allowing remote access from their home system. Over several weeks, the attacker performed reconnaissance and stole sensitive engineering data by modifying file permissions. The company's implementation of a SIEM tool helped identify the attacker's activities and multiple compromised accounts. An incident response team was brought in to fully eradicate the threat and secure the network.
Слайды к первой лекции курса операционные системы в МГТУ им. Н.Э.Баумана.
Видео можно посмотреть на канале http://www.youtube.com/playlist?list=PLjSDyY6BQPVe2Zhxew5rJy2S-2_9t1vvn
Доклад от Parallels:
Методики тестировния производительности database-centric приложений
Описание: При работе над сложными продуктами в database-centric приложениях изменения в коде и тем более в SQL запросах к базе данных могут приводить к неожиданным падениям производительности или же деградации производительности приложения с ростом размера базы данных. Поэтому важно уметь как можно быстрее отлавливать и исправлять причины таких деградаций.
Доклад о том, как устроен процесс мониторинга производительности продукта автоматизации хостинга и облачных сервисов Parallels Automation, для которого определяющим фактором является производительность базы данных.
Компания покажет, как анализирует планы исполнения SQL запросов внутри PostgreSQL, как проверяет насколько быстро и эффективно в целом работают SQL запросы, как определяет стратегию дальнейшей оптимизации.