Talk given on BalCCon 2013 by Vlatko Kosturjak: Wonderful world of (distributed) SCM or VCS. Ripping and extracting useful info from CVS, Subversion (SVN) and GIT repositories publicly exposed on the web.
Package manages and Puppet - PuppetConf 2015ice799
This talk will begin by explaining what a package manager is and how package managers work, at a high level. Next, we'll observe the common patterns seen on the internet of compiling software in a Puppet manifest and discuss why this not ideal. This talk will conclude by showing how you can add package repositories to your infrastructure using Puppet and what settings are important for ensuring secure access to remote package repositories.
Puppet Camp LA 2015 talk covering: packages, package managers, puppet, and tips, tricks, and puppet modules for setting up secure package repositories.
Talk given on BalCCon 2013 by Vlatko Kosturjak: Wonderful world of (distributed) SCM or VCS. Ripping and extracting useful info from CVS, Subversion (SVN) and GIT repositories publicly exposed on the web.
Package manages and Puppet - PuppetConf 2015ice799
This talk will begin by explaining what a package manager is and how package managers work, at a high level. Next, we'll observe the common patterns seen on the internet of compiling software in a Puppet manifest and discuss why this not ideal. This talk will conclude by showing how you can add package repositories to your infrastructure using Puppet and what settings are important for ensuring secure access to remote package repositories.
Puppet Camp LA 2015 talk covering: packages, package managers, puppet, and tips, tricks, and puppet modules for setting up secure package repositories.
CloudOpen North America 2013: Vagrant & CFEngineNick Anderson
During this hands-on tutorial you will learn how to quickly provision local test/development/demo environments using Vagrant and Virtualbox. We will cover provisioning and configuring machines quickly using Vagrant and CFEngine. You will learn how Vagrant and Virtualbox can be used to bring up local development/test/demo environments. You will also learn how CFEngine can be leveraged to automate configuration of the environment after it has been initialized. You will take away a multi-vm test environment managed by CFEngine.
This tutorial targets technical people who need repeatable test environments and are comfortable using the Linux command-line. These environments can speed developer on-boarding, play a role in continuous integration, or just provide quick sandboxes for experimentation. No previous knowledge of Vagrant or CFEngine is required.
In this presentation, you can learn many practical resources about WAF, how you can create your WAF, and how you can bypass protections in common WAFs.
An introduction to how Xposed framework functions and how to go about writing Xposed modules. session presented during Null / Garage4Hackers / OWASP combined meet on 12 Dec 2015 @Bangalore
The purpose of this presentation is to explain the basic resources to understand how a programmer can create malware, insides about the theme, and brainstorms following practical codes and many exotic ideas for security mitigations for defense.
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." ― Sun Tzu, The Art of War
Open Source Development
Building your own Custom Firefox (or LibreOffice/OpenOffice)
from the Nightly or Developer Source Code
GIT / Mercurial (code sharing / version control)
What's new in HTML5 and JavaScript 2015
ECMAScript 2015 (ES6)
const, class, let, for of, function*, import
This talk will try to cover the most important techniques and best practices used when creating Django web application.
Overview of the topics covered:
- development general principles and goals
- python/django project initial setup - project layout, git&venv&pip&shell, settings
- central project shell command - contains all commands to manage project
- "IDE" - editor & shell
- edit/run/test cycle
- deploy/test-remotely cycle
Disclaimer: techniques and practices presented are current AUTHOR'S optimal choice used for usual django project.
my talk from highload++ 2013 -- talking about scaling compiled applications but from the point of view of scaling up from supporting 1 platform to supporting MANY platforms.
in other words: given an application that supports ubuntu 10.04, what sort of systems, tips, and tricks are needed to help scale support to other ubuntus, redhats, centos, windows, etc.
CloudOpen North America 2013: Vagrant & CFEngineNick Anderson
During this hands-on tutorial you will learn how to quickly provision local test/development/demo environments using Vagrant and Virtualbox. We will cover provisioning and configuring machines quickly using Vagrant and CFEngine. You will learn how Vagrant and Virtualbox can be used to bring up local development/test/demo environments. You will also learn how CFEngine can be leveraged to automate configuration of the environment after it has been initialized. You will take away a multi-vm test environment managed by CFEngine.
This tutorial targets technical people who need repeatable test environments and are comfortable using the Linux command-line. These environments can speed developer on-boarding, play a role in continuous integration, or just provide quick sandboxes for experimentation. No previous knowledge of Vagrant or CFEngine is required.
In this presentation, you can learn many practical resources about WAF, how you can create your WAF, and how you can bypass protections in common WAFs.
An introduction to how Xposed framework functions and how to go about writing Xposed modules. session presented during Null / Garage4Hackers / OWASP combined meet on 12 Dec 2015 @Bangalore
The purpose of this presentation is to explain the basic resources to understand how a programmer can create malware, insides about the theme, and brainstorms following practical codes and many exotic ideas for security mitigations for defense.
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." ― Sun Tzu, The Art of War
Open Source Development
Building your own Custom Firefox (or LibreOffice/OpenOffice)
from the Nightly or Developer Source Code
GIT / Mercurial (code sharing / version control)
What's new in HTML5 and JavaScript 2015
ECMAScript 2015 (ES6)
const, class, let, for of, function*, import
This talk will try to cover the most important techniques and best practices used when creating Django web application.
Overview of the topics covered:
- development general principles and goals
- python/django project initial setup - project layout, git&venv&pip&shell, settings
- central project shell command - contains all commands to manage project
- "IDE" - editor & shell
- edit/run/test cycle
- deploy/test-remotely cycle
Disclaimer: techniques and practices presented are current AUTHOR'S optimal choice used for usual django project.
my talk from highload++ 2013 -- talking about scaling compiled applications but from the point of view of scaling up from supporting 1 platform to supporting MANY platforms.
in other words: given an application that supports ubuntu 10.04, what sort of systems, tips, and tricks are needed to help scale support to other ubuntus, redhats, centos, windows, etc.
Lab Handson: Power your Creations with Intel Edison!Codemotion
by Francesco Baldassarri - Come along and play with Intel Edison, for the Internet of Things? Learn about the Developer Kit for IoT, chose your preferred environment and test it – or test all the possibilities? We will be providing information and hands on training for developers interested in testing our solutions in C/C++, Javascript, Arduino, Wyliodrin and Python. Just bring you laptop and we will help you to get started. We will also provide information about our Cloud Analytics platform, and test hardware samples with the Grove Starter Kit – Intel IoT Edition. Visit us anytime and start making! What will you make?
Java Device I/O at Raspberry PI to Build a Candy Vending MachineJeff Prestes
Learn about DK 8 and Device I/O Library
Also, see the lab how to install from scratch Rasbian, JDK 8, Device I/O on a RaspberryPi.
See the code from github and build your own machine
Hardware hacking hit the news quite often in 2017, and a lot of pentesters tried to jump into the band wagon and discover the joy of hacking things rather than servers or applications. But most of them are only looking for rootz shellz and p0wning embedded Linux operating systems rather than doing what we really call "hardware hacking". In this talk, we are going to hack a Bluetooth Low Energy smartlock, from its printed circuit board to a fully working exploit, as well as its (wait for it) associated mobile application you need to install to operate this thing.
This talk is not only an introduction into the field of hardware hacking, but also a good way to dive into electronics and its specific protocols, and of course into microcontrollers and System-on-chip reverse engineering. We will cover some electronics basic knowledge as well as tools and classic methodologies when it comes at analyzing an IoT device and will provide tips and tricks based on our experience but our failures too.
.NET Conf 2019 Tel-Aviv Israel
There are cases where bugs are discovered only after the product is shipped and used by the end-users. The main reason for these bugs that appear only in the production environment is the use of real user scenarios with real user data. Production debugging is about solving customer-facing issues that aren't easily reproducible in the development or testing environments. When it comes to a cloud-hosted application, production debugging becomes even harder. The code is running on multiple hosts, a business flow can span many services. A remote debugging session with the cloud is dangerous and may introduce side effects to the currently running software, such as performance degradation, interruption of service, and data correctness issues.
In this lecture, we will see how we can remote debug our cloud staging environment, and how we can use Visual Studio Snapshot debugger to set Snapshots and Log points in our production environment.
To get even more insights, the audience will see a revolutionary tool and approach for a collaborative production debugging – OzCode Debugging as a Service (DaaS), where the DevOps and the Dev team can solve production problems together!
You will learn:
1. The difficulties of debugging a modern cloud-hosted application
2. Methods and tools for capturing the state and debugging cloud-hosted services
ISIS (Now OSIRIS) Lab at NYU Tandon school hosts weekly sessions for young hackers. They excelled at developing this talent. This week I gave a talk discussing where vulnerabilities occur, how people handle them as well as a deep dive into various technical aspects of the Application Binary Interface (ABI) for the XNU derived kernels. The deep dive also included covering the loading mechanisms for Mach-O though the kernel and DYLD.
For the second part, I did a walk through which is recorded on youtube (https://www.youtube.com/watch?v=yg9svg9xE8g). It is about how we can use GCC to help you write assembly for your shellcode. It is especially useful for complex logic and for getting you bootstrapped on architectures you might not be familiar with. We use GCC to build up concise code for executing a system call. Just be aware that using GCC for this purpose will usually be enough to buildup ~90% of the work, you'd be responsible to shape it into something that meets all the requirements of your exploit.
At the end, there is a challenge given. It is to build shellcode which downloads and loads a dylib into a process without touch disk. There is a template on github (https://github.com/nologic/shellcc) for downloading and loading from disk.
Comment améliorer le quotidien des Développeurs PHP ?AFUP_Limoges
Conférence présentée lors du summer meetup de l'AFUP à Limoges le 19 juin 2018. Son objectif est de présenter plusieurs outils permettant de gagner rapidement en efficacité au quotidien.
Pack is a one-stop solution for packaging, distributing and deploying applications. It is able to generate cross platform, Java-based installers that both encompass and embrace the target operating systems heterogeneity (Windows, Mac OS X, Linux, *BSD, Solaris). IzPack is by no mean rigid and lets you compose your installers the way you want through a wide range of existing features and extension points.
This talk will outline: the IzPack features, its use-cases and positioning against other deployment solutions, the history of the project, from a fun hack made in a student dorm-room to an industry-backed international project thoughts on building a project community, licensing matters, sustaining/scaling a project in the long term and business-model considerations.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
3. ABOUT ME
Security Consultant in Diverto
Linux and FLOSS enthusiast
Open source developer
Have code in OpenVAS, Nmap, Metasploit, ...
Android "developer" since 2010
started counting from first Market app
mostly focused on NDK and ADK
https://github.com/kost
6. INTRODUCE ELEPHANT
Talk will cover
producing standalone binaries
executing standalone binaries
Talk is mostly about Nmap experience
Most Nmap frontends on playstore are using this port
in source or binary form
Talk will NOT cover
producing libraries or JNI
integrating with Android Studio
https://github.com/kost/nmap-android
https://github.com/kost/NetworkMapper
7. NATIVE CODE
NOT your Java code :)
It's mostly about
C/C++
Assembler
Not portable across platforms
For each platform, you need different binary
x86
arm
mips
8. WHY BOTHER WITH NATIVE CODE?
performance
legacy code
code reuse
you just need that tool
13. OPEN SOURCE / FREE
Crystax
drop-in replacement for Google's NDK
WCHAR, locales, full C+11 standard library...
Buildroot
Standard embedded cross compilation toolchain
ARM, x86, MIPS
Scratchbox
ARM, x86, MIPS (experimental)
Anyone remembers Maemo? :)
...
14. ANDROID NDK
Android official toolchain
Available for free from developer.android.com
Bionic
No full ANSI C support
locale
different threads
Patch as you grow
standalone binary support/bugs
stdout symbol bug
WCHAR support
standard library support
15. WHAT'S THE FUZZ?
Download NDK
Download tool you want to port
./configure --host=arm-linux-androideabi
make
make install
It works - go home!
16. IN CASE IT IS HELLO WORLD...
/* Hello World program */
#include <stdio.h>
void main()
{
printf("Hello World");
}
It works pretty well indeed.
17. IN REAL WORLD
Code isn't perfect
Not portable
Endianess
Path Separators
Dependencies
Extensions
3rd party libraries
18. TWO WAYS TO INVOKE COMPILER
Calling with sysroot
export CC="$NDK/toolchains/arm-linux-androideabi-4.6/prebuilt/linux-x86/bin/a
export CFLAGS="--sysroot=$SYSROOT"
$CC $CFLAGS -o hello hello.c
Producing directory for target
$NDK/build/tools/make-standalone-toolchain.sh --platform=android-3 --install-
/opt/ndk3/bin/arm-linux-androideabi-gcc -o hello hello.c
20. PROCESS OF CROSS COMPILING
Compile and fix as you go :)
sorry, no single recipe
Standard problems
stdout bug
old autoconf/automake support files
arm-linux-androideabi missing
In short
nothing that google/stackoverflow can't help :)
21. STATIC VS DYNAMIC LINKING
Dynamic
small size
run-time dependency
Static
large size
no dependencies
22. LIFE IS PERFECT
Static binaries working like a charm
“until resolv.conf disappeared :) ”
23. DNS PROBLEMS
int main(int argc,char *argv[]) {
int i;
struct hostent *hp;
for ( i=1; i<argc; ++i ) {
hp = gethostbyname(argv[i]);
if ( !hp ) {
fprintf(stderr, "%s: host '%s'n", hstrerror(h_errno),
argv[i]);
continue;
}
printf("Host:t%sn" ,argv[i]);
printf("tResolves to:t%sn", hp->h_name);
}
}
Original at gist
24. DNS AND RESOLV.CONF
#ifdef ANDROID_CHANGES /* READ FROM SYSTEM PROPERTIES */
dns_last_change_counter = _get_dns_change_count();
[..]
#else /* !ANDROID_CHANGES - IGNORE resolv.conf in Android */
#define MATCH(line, name)
[..]
Original at https://code.google.com/p/android-source-
browsing
25. DYNAMIC VS STATIC
Type Size Dependency DNS OOTB
Dynamic smaller yes yes
Static bigger no no
Mixed medium yes (basic) yes
26. HERE COMES LOLIPOP
error: only position independent executables (PIE) are supported.
Position Independent Executable (PIE)
PIE support appeared in API level 16
Finally they implemented it :)
Too bad binaries does not work
27. WHAT'S PIE?
Position Independent Executable (PIE)
Security protection
better Address Space Layout Randomization (ASLR)
Exploitation mitigation technique
Harder return-to-libc exploitation
Requirements
PIE required for dynamic executables
PIE not required for static executables
28. PIE EXAMPLE
#include <stdio.h>
int global;
int checkadr (int *bla)
{
int local;
printf("bla adr = %pn", &bla);
printf("global adr = %pn", &global);
printf("local adr = %pn", &global);
}
int main (void) {
int c;
printf("c adr = %pn", &c);
printf("checkadr adr = %pn", &checkadr);
30. PIE WORKAROUND
Way to run PIE executables on non supported systems
if system suppports PIE
just run executable
if system does not suppport PIE
use run_pie.c
run_pie your_proggy args
CFLAGS +=-fvisibility=default -fPIE
LDFLAGS += -rdynamic -pie
https://gist.github.com/kost/5fd4628f45a4995bec28
31. CALLING NATIVE EXECUTABLES
p = Runtime.getRuntime().exec(command);
p.waitFor();
BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputSt
String line;
while ((line = reader.readLine()) != null) {
output.append(line).append("n");
}
32. BETTER WAY - USING
PROCESSBUILDER
ProcessBuilder processBuilder = new ProcessBuilder(shellToRun);
processBuilder.redirectErrorStream(true);
scanProcess = processBuilder.start();
outputStream = new DataOutputStream(scanProcess.getOutputStream());
inputStream = new BufferedReader(new InputStreamReader(scanProcess.getInputSt
while (((pstdout = inputStream.readLine()) != null)) {
output.append(pstdout).append("n");
}
33. RUNNING BINARIES AS ROOT
Not needed to set any new android permission
Historic references to SUPERUSER permissions
Not much different than executing as normal user
Have to Runtime.getRuntime().exec("su")
Write commands to stdin of process
Loop the output
34. ROOT IMPLICATIONS
Killing run away root processes
Hard as it can be due to blocking nature
UI does not have root access
Killing spawned root processes
parse ps output
spawn su shell
kill process
36. SECURITY IMPLICATIONS -
PERMISSIONS
Setting insecure permissions to executables/libraries
Very common when something does not work
Dangerous and heroic
Other apps can write to your bin or library
Exploitation
Find insecure .so library, inject your code
Find insecure binary, replace it with your version!
echo "#!/bin/sh" > /data/data/com.heroic.app/bin/mybinary
echo "echo '0wned!'" >> /data/data/com.heroic.app/bin/mybinary
37. SECURITY IMPLICATIONS -
UNTRUSTED INPUT
Passing untrusted/unvalidated input to shell
Running native executables can lead to command
injections
Extremely dangerous if running as user
Extremely heroic and dangerous if running as root
Pay special attention to exported activities
other apps can call that intent
which means they can execute commands as your
app!!
38. UNTRUSTED INPUT EXAMPLE
Bundle b = getIntent().getExtras();
configFilePath = b.getString("path");
[..]
ShellExecuter exe = new ShellExecuter();
return exe.Executer("cat " + configFilePath);
<activity
android:name=".MyHeroicActivity"
....
android:exported="true" />
42. SUMMARY
Porting is quite possible
Not as easy as marketing says
You can't configure; make; make install in most cases
Expect you'll have to patch if project is bigger
Not that hard
If you know requirements upfront
Have listened to this lecture carefully
Be aware of security implications!