Vulture next filtering engine

•

1 like•738 views

This document provides a preview of Vulture's upcoming web filtering engine called D.A.R.W.I.N. It discusses D.A.R.W.I.N.'s architecture, which uses multiple small filters chained together in a workflow to filter requests. The filters will include reputation, SQL injection detection, and a decision filter using artificial intelligence to predict requests. D.A.R.W.I.N. is designed for high performance, high availability, precision, intelligence, simplicity, and being "no bullshit". It will also be portable and replaceable beyond HTTP.

Technology

Preview of Vulture’s upcoming web
filtering engine
Pass the SALT 2018.
Security And Libre Talks.
2-4 juillet 2018 - Lille, France.

Vulture ?
• A brief history
• 2003: Linux software (httpd / mod_perl + PHP Web UI)
• 2016: FreeBSD Cluster (pf, haproxy, httpd + Django Web UI)
• Web SSO: mod_vulture + django portal
• Web application firewall
• Clustered mod_security, using hiredis [blacklisting]
• mod_defender, aka "Naxsi for Apache2" [whitelisting]
• mod_svm [machine learning]

Vulture’s current filtering engine
Client
FreeBSD pf
Apache
httpd
IP Reputation
GeoIP
mod_defender
mod_security
mod_vulture
mod_svm
Immediate block
Immediate block
Authentication &SSO
Request scoring ++
Request scoring ++
Request scoring ++

Current limits
• Works well
• No performance issue, but we can do much better
• 3 engines => quite complex
• Code overlapping
• Complex UI, httpd knowledge recommended
• Rule-based approach
• Human-based approach
• Time consuming
• Need tuning
• Not mistake proof configuration

The need for a better, unified engine
• Focused on performance
• High availability required
• Precision and intelligence
• No bullshit
• Simplicity -> For users AND for filter devs
Internal name: « D.A.R.W.I.N. »

Overview: XSS Filter
XSS
Core
Filter
Filter
Thread 1
Thread 2
Thread 3
Thread 4
...
Thread N
Monitoring
UNIX
Socket
HTTP POST BODY
XSS Score: 87%

Overview: Filter Workflow
Filter 1 (ex: reputation)
Filter 2 (ex: SQLi)
Filter N
D.A.R.W.I.N.

Overview: Filter Workflow
Filter 1 (ex: reputation)
Filter 2 (ex: SQLi) Manager
Management
Socket
Filter N
D.A.R.W.I.N.

Performance ?
• HAProxy asynchronousevents
• C/C++14
• UNIX socket
• Shared in-memory cache (REDIS)
• Context-sharing between filters among the Vulture cluster
• Used by Darwin’s Neural Networks to track events in time
• Supports GPU acceleration
• TensorFlow as AI library

$High Availability Filter N Decision Manager Management Socket {"type":"update_filters","filters":["Decision"]}$

$High Availability Filter N Decision Decision Manage r Management Socket {"type":"update_filters","filters":["Decision"]} Manager$

$High Availability Filter N Decision Manager Management Socket {"type":"update_filters","filters":["Decision"]} {"status":"OK"} Manager$

Precision and Intelligence
• Precision
• Multiple small filters
• Very efficient for one unit task
• Ability to chain filters (workflow)
• Intelligence
• Decision filter based on Artificial Intelligence
• Prediction based on filters’ results
• Active learning capabilities: Interact with human to correct itself
• Human focuses on high-level “decisions”
• The AI manages the technical security rules

No Bullshit
• Heuristic / basic correlation in a black box is not AI
• Those methods are promising but…
• We use some of them in v3 (SVM, regression…)
• Few false-positives
• Unfortunately, few false-negatives: rules still needed
• We work hard to take it to the next level!
• “AI first”: by design, not an add-on component
• Excellent results so far, beta-version coming this year

Simplicity
• Easy for users
• Minimalist configuration
• Autonomoussystem
• Simple feedback (Normal or Malicious request)
• Easy for developers
• Filters mostly independent
• Simple SDK
• On Github soon ;)

Portable
• Replace HAProxy with anything you want
• Simply develop a connector
• Not only HTTP !
• Real world example (aDvens): DARWIN + Rsyslog
• mmdarwin plugin
• Real time log analysis
• Real time log enrichment
• On Github soon… ;)

hugo.soszynski@advens.fr
jeremie.jourdin@advens.fr
https://www.vultureproject.org
https://github.com/VultureProject/mod_defender
https://github.com/VultureProject/darwin (coming soon)
Thank You !

Modern software applications are complex and connected systems that process, store, and transmit data. This complexity introduces many potential attack vectors if proper security practices are not followed. Common attacks include injection attacks by inserting malicious code into inputs, insecure direct object reference issues that allow unauthorized access to restricted resources, and exposing sensitive information if debugging artifacts or unobfuscated binaries are deployed. To mitigate these risks, developers must filter all inputs, carefully check authorization for resources, and ensure no secrets or development files are included in production deployments.

Trust assessment 2017 for cloud identity providers using analytical hierarchi...

Eqhball Ghazizadeh

This document proposes a trust management framework using Analytical Hierarchy Process (AHP) to assess and aggregate trust-related information from different sources to help users evaluate the trustworthiness of cloud identity providers. It identifies essential system characteristics (ESC) that affect decision making, including balancing, single sign-on, lifecycle, privacy, risk, and standards. The framework would develop a hierarchy of these characteristics and assign weights to prioritize them. AHP would then be used to evaluate cloud identity providers based on these weighted characteristics and attributes to provide an overall trust rating to guide users.

CNIT 125 6. Identity and Access Management

Sam Bowne

Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...

Dilum Bandara

Modeling and validating multi-layered and multi-model access control policies of a Hyperledger Fabric based agriculture supply chain Citation: H.M.N. Dilum Bandara, Shiping Chen, Mark Staples, and Yilin Sai, “Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Agriculture Supply Chain,” in Proc. 3rd IEEE Int. Conf. on Trust, Privacy, and Security in Intelligent Systems, and Applications (TPS 2021) Special Session on Agriculture Cybersecurity, Dec. 2021.

CNIT 50: 1. Network Security Monitoring Rationale

Sam Bowne

Rundeck Office Hours: Best Practices for Access Control Policies

TraciMyers6

This document summarizes a Rundeck community meeting on access control policies. It introduces Nathan Fluegel as the speaker and provides an agenda that includes an introduction to ACL policies, an overview of access control basics, questions from the community, and a demo. It then discusses Rundeck architecture, authorization, and how ACL policies can control access to resources and actions at both the system and project levels. Examples of ACL policies are provided. Recommendations are given around storing policies at the project level and limiting key access. The community Q&A addresses controlling key storage and admin access permissions. Relevant documentation links are also included.

QA Evening Игорь Колосов - Performance Testing: Metrics & Measurements

Artjoker

Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms

Sam Bowne

This document discusses core defense mechanisms for securing web applications, including limiting user access and input, and administrative monitoring. It covers authentication, session management, access control, input validation techniques like whitelisting and sanitization, boundary validation to divide trusted and untrusted zones, handling errors, maintaining audit logs, alerting administrators, and reacting to attacks. It also notes security risks of management interfaces and importance of securing the entire application, not just the user-facing parts.

From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs. The following topics will be covered: • What do i actually need? • Real-world framework to categorize endpoint capabilities • Map vendors into buckets within the framework • Housekeeping, what's needed before you even start? • Cheat sheet of probing questions to ask vendors • Best practices of deploying best of breed solutions

Filar seymour oreilly_bot_story_

EndgameInc

This document discusses the design of an intelligent assistant named Artemis to help security analysts with their workflow. It describes conducting user research to understand pain points of different security roles. The findings showed analysts lack context for alerts and have repetitive tasks. The document outlines requirements for Artemis, including understanding natural language, providing context-driven investigations, educating users, recommending next steps, and expediting collections using workflows. It provides examples of how Artemis could assist analysts and help optimize their time by automating common tasks. In the end, the goal is to design tools that better utilize analyst resources and are easier for a diverse range of users.

Monitorama 2015 Netflix Instance Analysis

Brendan Gregg

Monitorama 2015 talk by Brendan Gregg, Netflix. With our large and ever-changing cloud environment, it can be vital to debug instance-level performance quickly. There are many instance monitoring solutions, but few come close to meeting our requirements, so we've been building our own and open sourcing them. In this talk, I will discuss our real-world requirements for instance-level analysis and monitoring: not just the metrics and features we desire, but the methodologies we'd like to apply. I will also cover the new and novel solutions we have been developing ourselves to meet these needs and desires, which include use of advanced Linux performance technologies (eg, ftrace, perf_events), and on-demand self-service analysis (Vector).

BSIDES-PR Keynote Hunting for Bad Guys

Joff Thyer

This document discusses techniques for hunting bad guys on networks, including identifying client-side attacks, malware command and control channels, post-exploitation activities, and hunting artifacts. It provides examples of using DNS logs, firewall logs, HTTP logs, registry keys, installed software inventories, and the AMCache registry hive to look for anomalous behaviors that could indicate security compromises. The goal is to actively hunt for threats rather than just detecting known bad behaviors.

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Denim Group

The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors. This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.

Code Quality - Security

sedukull

Resolving problems & high availability

Zend by Rogue Wave Software

How to write secure code

Flaskdata.io

Building next gen malware behavioural analysis environment

isc2-hellenic

This document discusses building an automated malware behavioral analysis environment. It covers types of malware analysis, taxonomy of analysis platforms, analysis phases and checks, and evaluation strategies. Static and dynamic automated analysis are described as well as their pros, cons, and limitations. The analysis phases of submission, analysis, and reporting are outlined. Key challenges like modularity, fingerprinting, stalling, social engineering, and decoys are examined. Examples of analysis platforms and tools are provided.

Security research over Windows #defcon china

Peter Hlavaty

Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.

Functionality, security and performance monitoring of web assets (e.g. Joomla...

Sanjay Willie

This presentation was from Joomla day 2016 held right here in KLCC Malaysia. Astiostech presented several important factors to consider when monitoring a web service with of course special focus on Joomla. However, these guidelines can be used for just about any web service you may want to monitor. Monitoring is pivotal to a web infrastructure and it should not be considered today as a luxury. With tools like Nagios XI, we can simply start monitoring with mere clicks of a web browser and you're pretty much on the right track.

Building a data pipeline to ingest data into Hadoop in minutes using Streamse...

Guglielmo Iozzia

ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...

Robert Conti Jr.

This document summarizes the results of a security audit conducted by Martinez Technology Consulting for COVERT Security Systems. The audit included assessing physical security, wireless networks, servers, workstations, and policies. Wireless networks were found to use outdated and insecure encryption methods. Servers had weak password policies and lacked patching. The network used an unsegmented flat design without central management. Several recommendations were provided to address issues, including implementing Active Directory, wireless encryption upgrades, firewalls, logging, backup solutions, and physical access controls. The findings highlighted the need for COVERT to continually evolve their security practices.

Real time web

Medhat Dawoud

Nicolas destor pres_f5agility2018

Nicolas Destor

The document discusses how F5 technologies were used to implement a solution for managing external partners' remote access for a large local government agency. The solution included a unified web access portal, dynamic authentication using multiple factors, fine-grained authorization using attributes and network access control, and configurable network access modes and personalized accounting notifications. It concludes that the solution was a good fit, scalable and open while replacing a previous solution and receiving positive feedback.

MySQL Monitoring Shoot Out

Kris Buytaert

Metasploitation part-1 (murtuja)

ClubHack

This document provides an overview of metasploitation and using the Metasploit framework. It discusses basics like vulnerabilities, exploits, payloads and encoders. It then covers using the msfconsole interface, exploit modules, auxiliary modules like scanners, databases integration, automation, client-side exploits, payload generation, backdooring files, Linux backdoors, Meterpreter, pivoting, and post-exploitation techniques. The document includes several screenshots and links resources for further information.

Hyperledger Blockchain

Afraz Khan

The document describes a project to create an "Army of Hidden Bots" using blockchain and facial recognition for cybersecurity. A team of 4 students led by Dr. Awais Hassan proposes a distributed network of bots connected by blockchain as a more reliable solution than centralized servers. The project will demonstrate a proof of concept using Python, Node.js, and facial recognition on multiple computers connected through a Hyperledger Fabric blockchain network.

Real World Application Threat Modelling By Example

NCC Group

This document provides an overview of threat modeling a virtual appliance called the Djigzo Email Encryption Gateway. It describes a process for enumerating the technologies, interfaces, and functionality of the appliance without initial knowledge. This includes getting shell access, mapping listening ports, reviewing processes, and examining the database. Next, it creates high-level and low-level dataflow diagrams. Finally, it develops an initial threat model by brainstorming threats against different interfaces like the web interface, admin console, and mail transfer agent. The presentation concludes that thorough threat modeling requires deep security knowledge and significant effort to understand risks and verify mitigations.

Sensu and Sensibility - Puppetconf 2014

Tomas Doran

As the Yelp infrastructure and engineering team grew, so did the pain of managing Nagios. Problems like splitting alerting across multiple teams, providing high availability and managing nagios systems in multiple environments had become pressing. As we grew towards a service oriented architecture and pushed some services out into the cloud, we rapidly needed more automated monitoring configuration. An evolutionary solution wasn’t going to solve all of our problems, we needed to revolutionize our monitoring. Sensu is built from the ground up to solve many of our issues and be easy to extend. This talk covers our puppet ‘monitoring_check’ API (that sets up monitoring for our services within puppet), how and why we deploy Sensu and our custom handlers and escalations, along with how we provide automatic ‘self service’ monitoring for dynamic services and how we deal with the challenges posed by the more ephemeral nature of cloud architectures.

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

Similar to Vulture next filtering engine

NextGen Endpoint Security for Dummies

Atif Ghauri

Filar seymour oreilly_bot_story_

EndgameInc

Monitorama 2015 Netflix Instance Analysis

Brendan Gregg

BSIDES-PR Keynote Hunting for Bad Guys

Joff Thyer

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Denim Group

Code Quality - Security

sedukull

Resolving problems & high availability

Zend by Rogue Wave Software

How to write secure code

Flaskdata.io

Building next gen malware behavioural analysis environment

isc2-hellenic

Security research over Windows #defcon china

Peter Hlavaty

Functionality, security and performance monitoring of web assets (e.g. Joomla...

Sanjay Willie

Building a data pipeline to ingest data into Hadoop in minutes using Streamse...

Guglielmo Iozzia

ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...

Robert Conti Jr.

Real time web

Medhat Dawoud

Nicolas destor pres_f5agility2018

Nicolas Destor

MySQL Monitoring Shoot Out

Kris Buytaert

Metasploitation part-1 (murtuja)

ClubHack

Hyperledger Blockchain

Afraz Khan

Real World Application Threat Modelling By Example

NCC Group

Sensu and Sensibility - Puppetconf 2014

Tomas Doran

Similar to Vulture next filtering engine (20)

NextGen Endpoint Security for Dummies

Filar seymour oreilly_bot_story_

Monitorama 2015 Netflix Instance Analysis

BSIDES-PR Keynote Hunting for Bad Guys

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Code Quality - Security

Resolving problems & high availability

How to write secure code

Building next gen malware behavioural analysis environment

Security research over Windows #defcon china

Functionality, security and performance monitoring of web assets (e.g. Joomla...

Building a data pipeline to ingest data into Hadoop in minutes using Streamse...

ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...

Real time web

Nicolas destor pres_f5agility2018

MySQL Monitoring Shoot Out

Metasploitation part-1 (murtuja)

Hyperledger Blockchain

Real World Application Threat Modelling By Example

Sensu and Sensibility - Puppetconf 2014

Recently uploaded

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Mind map of terminologies used in context of Generative AI

Kumud Singh

Infrastructure Challenges in Scaling RAG with Custom AI models

Zilliz

Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Programming Foundation Models with DSPy - Meetup Slides

Zilliz

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

Serial Arm Control in Real Time Presentation

tolgahangng

TrustArc Webinar - 2024 Global Privacy Survey

TrustArc

How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024? In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores. See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe. This webinar will review: - The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey - The top challenges for privacy leaders, practitioners, and organizations in 2024 - Key themes to consider in developing and maintaining your privacy program

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Building Production Ready Search Pipelines with Spark and Milvus

Zilliz

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

shyamraj55

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

HCL Notes and Domino License Cost Reduction in the World of DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/ The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this! We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model. Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward. These topics will be covered - Reducing license cost by finding and fixing misconfigurations and superfluous accounts - How do CCB and CCX licenses really work? - Understanding the DLAU tool and how to best utilize it - Tips for common problem areas, like team mailboxes, functional/test users, etc - Practical examples and best practices to implement right away

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

Recently uploaded (20)

Communications Mining Series - Zero to Hero - Session 1

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

Introduction to CHERI technology - Cybersecurity

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Mind map of terminologies used in context of Generative AI

Infrastructure Challenges in Scaling RAG with Custom AI models

Microsoft - Power Platform_G.Aspiotis.pdf

Programming Foundation Models with DSPy - Meetup Slides

Pushing the limits of ePRTC: 100ns holdover for 100 days

Artificial Intelligence for XMLDevelopment

Serial Arm Control in Real Time Presentation

TrustArc Webinar - 2024 Global Privacy Survey

National Security Agency - NSA mobile device best practices

Building Production Ready Search Pipelines with Spark and Milvus

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

How to Get CNIC Information System with Paksim Ga.pptx

HCL Notes and Domino License Cost Reduction in the World of DLAU

Video Streaming: Then, Now, and in the Future

Vulture next filtering engine

1. Preview of Vulture’s upcoming web filtering engine Pass the SALT 2018. Security And Libre Talks. 2-4 juillet 2018 - Lille, France.

2. Vulture ? • A brief history • 2003: Linux software (httpd / mod_perl + PHP Web UI) • 2016: FreeBSD Cluster (pf, haproxy, httpd + Django Web UI) • Web SSO: mod_vulture + django portal • Web application firewall • Clustered mod_security, using hiredis [blacklisting] • mod_defender, aka "Naxsi for Apache2" [whitelisting] • mod_svm [machine learning]

3. Vulture’s current filtering engine Client FreeBSD pf Apache httpd IP Reputation GeoIP mod_defender mod_security mod_vulture mod_svm Immediate block Immediate block Authentication &SSO Request scoring ++ Request scoring ++ Request scoring ++

4. Current limits • Works well • No performance issue, but we can do much better • 3 engines => quite complex • Code overlapping • Complex UI, httpd knowledge recommended • Rule-based approach • Human-based approach • Time consuming • Need tuning • Not mistake proof configuration

5. The need for a better, unified engine • Focused on performance • High availability required • Precision and intelligence • No bullshit • Simplicity -> For users AND for filter devs Internal name: « D.A.R.W.I.N. »

6. Overview Architecture

7. Overview: XSS Filter XSS Core Filter Filter Thread 1 Thread 2 Thread 3 Thread 4 ... Thread N Monitoring UNIX Socket HTTP POST BODY XSS Score: 87%

8. Overview: Filter Workflow Filter 1 (ex: reputation) Filter 2 (ex: SQLi) Filter N D.A.R.W.I.N.

9. Overview: Filter Workflow Filter 1 (ex: reputation) Filter 2 (ex: SQLi) Manager Management Socket Filter N D.A.R.W.I.N.

10. Performance ? • HAProxy asynchronousevents • C/C++14 • UNIX socket • Shared in-memory cache (REDIS) • Context-sharing between filters among the Vulture cluster • Used by Darwin’s Neural Networks to track events in time • Supports GPU acceleration • TensorFlow as AI library

11. High Availability Filter N Decision Manager Management Socket {"type":"update_filters","filters":["Decision"]}

12. High Availability Filter N Decision Decision Manage r Management Socket {"type":"update_filters","filters":["Decision"]} Manager

13. High Availability Filter N Decision Decision Manage r Management Socket {"type":"update_filters","filters":["Decision"]} Manager

14. High Availability Filter N Decision Manager Management Socket {"type":"update_filters","filters":["Decision"]} {"status":"OK"} Manager

15. Precision and Intelligence • Precision • Multiple small filters • Very efficient for one unit task • Ability to chain filters (workflow) • Intelligence • Decision filter based on Artificial Intelligence • Prediction based on filters’ results • Active learning capabilities: Interact with human to correct itself • Human focuses on high-level “decisions” • The AI manages the technical security rules

16. No Bullshit • Heuristic / basic correlation in a black box is not AI • Those methods are promising but… • We use some of them in v3 (SVM, regression…) • Few false-positives • Unfortunately, few false-negatives: rules still needed • We work hard to take it to the next level! • “AI first”: by design, not an add-on component • Excellent results so far, beta-version coming this year

17. Simplicity • Easy for users • Minimalist configuration • Autonomoussystem • Simple feedback (Normal or Malicious request) • Easy for developers • Filters mostly independent • Simple SDK • On Github soon ;)

18. Portable • Replace HAProxy with anything you want • Simply develop a connector • Not only HTTP ! • Real world example (aDvens): DARWIN + Rsyslog • mmdarwin plugin • Real time log analysis • Real time log enrichment • On Github soon… ;)

19. Questions ?

20. hugo.soszynski@advens.fr jeremie.jourdin@advens.fr https://www.vultureproject.org https://github.com/VultureProject/mod_defender https://github.com/VultureProject/darwin (coming soon) Thank You !

Vulture next filtering engine

Recommended

Recommended

More Related Content

Similar to Vulture next filtering engine

Similar to Vulture next filtering engine (20)

Recently uploaded

Recently uploaded (20)

Vulture next filtering engine