The document discusses various tools and hardware that could be used for red team operations, penetration testing, and surveillance. It describes a WHID injector device that can emulate a USB and conduct wireless attacks. It also mentions the ESPloitV2 and USaBuse software frameworks that can bypass air-gapped restrictions and conduct command injection. Finally, it discusses POTAEbox, a custom penetration testing device that incorporates various wireless interfaces and ports to facilitate network and wireless attacks from a single device.
How to bring HID attacks to next level with WHID Injector & P4wnP1Luca Bongiorni
WHID was born from the need for cheap and dedicated hardware that could be remotely controlled in order to conduct HID attacks (i.e. over WiFi or BLE). WHID stands for WiFi HID injector. It is a cheap but reliable piece of hardware designed to fulfill Pentesters needs related to HID Attacks, during their engagements. The core of WHID is mainly an Atmega 32u4 (commonly used in many Arduino boards) and an ESP-12s (which provides the WiFi capabilities and is commonly used in IoT projects). During the talk we will see in depth how WHID Injector was designed and its functionalities.
Manufacturing Hardware Implants from Idea to Mass Production: A Hacker's JourneyLuca Bongiorni
This presentation wants to be a motivational talk for all those hackers out there that always wanted to share some cool hacking devices with the community but didn't know how to deal with R&D, Quality Assurance, and Mass Production. In this talk, I will be presenting the entire life-cycle of a couple of hacking toys I developed: WHID Injector & WHID Elite. From their inception to release in production, passing through some blockers and failures I encountered during the journey.
Why is this topic interesting you ask… Easy! Both R&D processes that I used were not backed by any crowdsourcing fund and the sale of these devices is not going in any form to me. I am just doing this as hobby, fun and (most importantly) I believe in giving back something to the InfoSec community without making any profit out of it.
What about listening to how I did it and then trying yourself? There will also be examples of other hackers, inspired by my adventure who followed my example and started similar not-for-profit projects.
This presentation introduces to the world of hardware everyone can use to get stated with Internet of Things (IoT) such as Arduino, Raspberry Pi and ESP8266.
Confusion of Things — The IoT Hardware KerfuffleOmer Kilic
Presented at OSHCamp 2015, as part of Wuthering Bytes at Hebden Bridge
While the definition of the term IoT (i.e: Internet of Things) is as cloudy as the “cloud”, everyone seems to be doing it. With excitement levels reaching stratospheric levels, the amount of buzzword-driven articles and colourful (and oh so unnecessary) abstract vector drawings that depict toasters communicating with cars have essentially made lives of many engineers who just want to build things a living hell.
This talk will strip back the layers of marketing and aim to answer the question: “Which hardware platform should you use for building connected devices?”. With the plethora of chips/single board computers and specifically IoT-branded offerings out there, the platform choice does get a little difficult at times. By breaking down the application at hand into certain key requirement categories, this process could be simplified. There will also be mention of some of the most popular hardware platforms and how they differ from each other.
This is the presentation of the "Particle Core" device for the course of Pervasive Systems of "La Sapienza" University, with the Professor Ioannis Chatzigiannakis
Slides from SCREENS 2011 in Toronto, Canada. Covers the Android Open Accessory support released for 3.1+ or 2.3.4+ devices, and the Android Development Kit (ADK)
How to bring HID attacks to next level with WHID Injector & P4wnP1Luca Bongiorni
WHID was born from the need for cheap and dedicated hardware that could be remotely controlled in order to conduct HID attacks (i.e. over WiFi or BLE). WHID stands for WiFi HID injector. It is a cheap but reliable piece of hardware designed to fulfill Pentesters needs related to HID Attacks, during their engagements. The core of WHID is mainly an Atmega 32u4 (commonly used in many Arduino boards) and an ESP-12s (which provides the WiFi capabilities and is commonly used in IoT projects). During the talk we will see in depth how WHID Injector was designed and its functionalities.
Manufacturing Hardware Implants from Idea to Mass Production: A Hacker's JourneyLuca Bongiorni
This presentation wants to be a motivational talk for all those hackers out there that always wanted to share some cool hacking devices with the community but didn't know how to deal with R&D, Quality Assurance, and Mass Production. In this talk, I will be presenting the entire life-cycle of a couple of hacking toys I developed: WHID Injector & WHID Elite. From their inception to release in production, passing through some blockers and failures I encountered during the journey.
Why is this topic interesting you ask… Easy! Both R&D processes that I used were not backed by any crowdsourcing fund and the sale of these devices is not going in any form to me. I am just doing this as hobby, fun and (most importantly) I believe in giving back something to the InfoSec community without making any profit out of it.
What about listening to how I did it and then trying yourself? There will also be examples of other hackers, inspired by my adventure who followed my example and started similar not-for-profit projects.
This presentation introduces to the world of hardware everyone can use to get stated with Internet of Things (IoT) such as Arduino, Raspberry Pi and ESP8266.
Confusion of Things — The IoT Hardware KerfuffleOmer Kilic
Presented at OSHCamp 2015, as part of Wuthering Bytes at Hebden Bridge
While the definition of the term IoT (i.e: Internet of Things) is as cloudy as the “cloud”, everyone seems to be doing it. With excitement levels reaching stratospheric levels, the amount of buzzword-driven articles and colourful (and oh so unnecessary) abstract vector drawings that depict toasters communicating with cars have essentially made lives of many engineers who just want to build things a living hell.
This talk will strip back the layers of marketing and aim to answer the question: “Which hardware platform should you use for building connected devices?”. With the plethora of chips/single board computers and specifically IoT-branded offerings out there, the platform choice does get a little difficult at times. By breaking down the application at hand into certain key requirement categories, this process could be simplified. There will also be mention of some of the most popular hardware platforms and how they differ from each other.
This is the presentation of the "Particle Core" device for the course of Pervasive Systems of "La Sapienza" University, with the Professor Ioannis Chatzigiannakis
Slides from SCREENS 2011 in Toronto, Canada. Covers the Android Open Accessory support released for 3.1+ or 2.3.4+ devices, and the Android Development Kit (ADK)
Arduino takes role on electronics system development. On this talk we will share about our work on making digital car dashboard using Arduino and Android.
Presentation at the ATA Melbourne Branch meeting on 2012-06-20 ... covering Internet Of Things, Arduino, OpenWRT routers and Smart Energy Groups electricity consumption measurement.
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListBishop Fox
This presentation will encompass the following:
• An overview of the OWASP IoT Top 10: Understanding IoT Vulnerabilities and Risks to Offices / Homes
• Smart home wireless communication standards and their weaknesses: Bluetooth, Z-Wave, ZigBee, Wi-Fi, NFC, RFID
• Exploiting vulnerable networked smart devices (e.g. smart TVs, refrigerators, etc.) as a means to get foot in the door and attack core infrastructure (laptops, workstations, servers)
• Attacks against smart products connected to your network or controlled directly via your mobile device
• Performing security evaluations of smart products using frameworks like the OWASP Application Security Verification Standard (ASVS)
• Tools and resources for securing smart devices and their implementations
• DEMOs – vulnerabilities and most common issues in smart devices – real examples of the OWASP IoT Top 10
• Exploiting smart devices, such as: TVs, media streaming devices, refrigerators, thermostats, smart plugs, security locks and cameras, health/fitness devices, wearables, office smart hubs, home automation products, and more…
Originally presented at IT Audits & Control Conference 2015.
Taking the BeagleBone Cookbook recipes beyond BeagleBone BlackDrew Fustini
NOTE: Slides by Jason Kridner and Mark Yoder
Source: http://event.lvl3.on24.com/event/11/07/48/2/rt/1/documents/resourceList1454015491443/cookbookbeyondblack_draft.pdf
Arduino takes role on electronics system development. On this talk we will share about our work on making digital car dashboard using Arduino and Android.
Presentation at the ATA Melbourne Branch meeting on 2012-06-20 ... covering Internet Of Things, Arduino, OpenWRT routers and Smart Energy Groups electricity consumption measurement.
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListBishop Fox
This presentation will encompass the following:
• An overview of the OWASP IoT Top 10: Understanding IoT Vulnerabilities and Risks to Offices / Homes
• Smart home wireless communication standards and their weaknesses: Bluetooth, Z-Wave, ZigBee, Wi-Fi, NFC, RFID
• Exploiting vulnerable networked smart devices (e.g. smart TVs, refrigerators, etc.) as a means to get foot in the door and attack core infrastructure (laptops, workstations, servers)
• Attacks against smart products connected to your network or controlled directly via your mobile device
• Performing security evaluations of smart products using frameworks like the OWASP Application Security Verification Standard (ASVS)
• Tools and resources for securing smart devices and their implementations
• DEMOs – vulnerabilities and most common issues in smart devices – real examples of the OWASP IoT Top 10
• Exploiting smart devices, such as: TVs, media streaming devices, refrigerators, thermostats, smart plugs, security locks and cameras, health/fitness devices, wearables, office smart hubs, home automation products, and more…
Originally presented at IT Audits & Control Conference 2015.
Taking the BeagleBone Cookbook recipes beyond BeagleBone BlackDrew Fustini
NOTE: Slides by Jason Kridner and Mark Yoder
Source: http://event.lvl3.on24.com/event/11/07/48/2/rt/1/documents/resourceList1454015491443/cookbookbeyondblack_draft.pdf
Republic of IoT 2018 - ESPectro32 and NB-IoT WorkshopAlwin Arrasyid
Getting started with ESPectro32 v2 boards and NB-IoT Backpack, brand new NB-IoT enabler product powered with U-blox's SARA R410M 02B LTE-M and NB-IoT powered module that supports TCP/IP and UDP/IP protocols. This workshop introduces the participant to ESPectro32 as "things" in IoT, and the concept of LPWA network and NB-IoT as one of the LPWA network technology.
A brief introduction to making your own (Internet of Things) ThingTinamousSteve
The Internet of Things is exploding and it's a great time to join in: more and more devices like the Arduino, Netduino and Gadgeteer are becoming available. The question is, how do I get started?
We will look at what is available in terms of popular hardware for building your Thing, and a demo of how to develop for the Arduino, followed by an introduction to the Gadgeteer and .Net Micro Framework, hopefully finishing up with a fairly simple but connected Gadgeteer based Thing (Wifi Allowing!).
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs BacsayShakacon
One of the largest ISPs in Europe distributed millions of vulnerable devices to their customers without any security checks. Now these devices are up and running all over Europe and can provide Internet access and jump hosts for hackers and criminals.
In this presentation the speaker will show you the whole process of a proper CPE device testing with its pitfalls and joyrides. During this test a handful of 0days were discovered and these will be presented. It will be shown how an attacker with zero-knowledge can log into a private network by getting the factory default WPA passphrases from MAC addresses or even worse, the changed passphrase! The other 0day brings a root shell with plenty of buffer overflows, factory backdoors in the firmware. All vulnerabilities’ root cause will be presented to the audience with good laughs.
0day hunting a.k.a. The story of a proper CPE testBalazs Bucsay
One of the largest ISPs in Europe distributed millions of vulnerable devices to their customers without any security checks. Now these devices are up and running all over Europe and can provide Internet access and jump hosts for hackers and criminals.
In this presentation the speaker will show you the whole process of a proper CPE device testing with its pitfalls and joyrides. During this test a handful of 0days were discovered and these will be presented. It will be shown how an attacker with zero-knowledge can log into a private network by getting the factory default WPA passphrases from MAC addresses or even worse, the changed passphrase! The other 0day brings a root shell with plenty of buffer overflows, factory backdoors in the firmware. All vulnerabilities’ root cause will be presented to the audience with good laughs.
Are you sure you do not have a CPE device in your home like this?
2014 09 12 Dia Programador Session MaterialsBruno Capuano
Materiales utilizados durante el evento virtual del día del programador en córdoba. Trata temas como USB Hacking, desarrollo de apps con Leap Motion, trabajo con Arduinos, Kinect V2, reconocimiento facial, y desarrollo de apps para Lego Mindstorms EV3
[German] Boards für das IoT-PrototypingLars Gregori
IoT Boards (e.g. Arduino, Raspberry Pi, ESP8266, ...) for prototyping with price tags, technical information and comparison between MCU, MPU and SoC (System on a Chip)
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...Hackito Ergo Sum
Unlike the previous jailbreakme.com exploits targeting MobileSafari that could be used against an unwitting victim, publicly available jailbreaks require USB tethering. Since iDevices refuse to communicate over USB if they are locked unless they have previously paired with the connecting device these jailbreaks have a lower security impact, and are usually only useful to the phone’s owner. Then it is legitimate to think we are safe. Nevertheless, malicious codes already running on hosting personal computers silently steal confidential information using iTunes services or leverage USB jailbreaks.
This talk will discuss about the most interesting Apple services (from the attacker point of view) and describe how they can be exploited in order to retrieve confidential information or to deploy the evasi0n jailbreak. Finally, the author will present the analysis of a Made For Apple (MFI) dock station and its weapownizing in order to allow an automated jailbreak.
Audio available here : http://2013.hackitoergosum.org/presentations/Day3-04.Hacking%20apple%20accessories%20to%20pown%20iDevices%20%e2%80%93%20Wake%20up%20Neo!%20Your%20phone%20got%20pwnd%20!%20by%20Mathieu%20GoToHack%20RENARD.mp3
More information about the conference : http://www.hackitoergosum.org
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
Video here, thanks to archive.org:
https://archive.org/details/ShmooCon2014_Controlling_USB_Flash_Drive_Controllers
With stories of "BadBIOS" infecting PCs simply by connecting a malicious USB flash drive to a PC, it's time we learned about flash drives and their controllers. Consumer USB flash drives are cheap, growing in capacity and shrinking in physical size. There are only around 15 prominent controller chip manufacturers whom you have never heard of, but OEM for all the popular and respected "name brands" on the market. These flash controllers have capabilities that aren't mentioned on product packaging, and can be enabled with programming you will learn during this presentation. These flash controllers can be *reprogrammed entirely* via software to do whatever you want.
Turn an old flash drive into an emulated CDROM or a CDROM + flash drive. Update the controller's firmware, disassemble it, etc. This talk will touch on the various controller manufacturers, features, and show you how to leverage them for yourself. Why spend $100 on an old SanDisk[tm] U3 Cruiser when you can spend $4 for the same features?
Richard Harman is an incident responder at SRA International's internal Security Operations Center, where he slings Perl code supporting incident response and performs analysis & reverse engineering of targeted attack malware samples. He writes and releases scripts in support of his work on github at http://github.com/warewolf. Outside of his day job, he can be found hacking on projects at the Reston, VA hackerspace Nova Labs http://www.nova-labs.org.
HandPwning Security pitfalls of biometric hand-geometry recognition access co...Luca Bongiorni
The
“Handpunch” PACS are based on the hand-geometry recognition. In this research we will first have a look how this technology work, subsequently, we will focus our attention on reviewing some of existing Handpunch devices on the market: from a physical security point-of-view until reversing their communication protocol. Moreover, it will be demonstrated how to remotely enroll a new super-admin into it (i.e. persistent backdoor), how to dump existing users information and will be also released an opensource tool-suite: HandScan & HandPwner. Eventually, thanks the cooperation with Shodan’s developer, it has been confirmed that more than 1800 of these vulnerable devices were found exposed on the Internet. Finally, we will conclude with practical and actionable countermeasures to prevent these attacks and how to harden these devices.
iParanoid: an IMSI Catcher - Stingray Intrusion Detection SystemLuca Bongiorni
The goal is the research and development of Intrusion Detection System related with Cell Networks.
Mainly this App will check the status of some Cell Network variables (e.g. Cellid, LAC, A5 Encryption, etc.) subsequently update a local DB and check if the information about the cell networks around the users are valid or if there could be a risk (e.g. possible interception, possible impersonation, etc.).
Mobile Network Security: Quanto sono sicure le reti cellulari? - Smau Milano ...Luca Bongiorni
Sicurezza delle reti cellulari
A tutt'oggi il GSM (Global System for Mobile Communications), sebbene progettualmente datato (1987), è lo standard di radio-comunicazione cellulare più diffuso al mondo contando, infatti, più di 4.4 miliardi di utenti in più di 200 stati. La sua popolarità e diffusione a livello globale, ha garantito, nel tempo, la possibilità di comunicare mantenendo un'efficiente mobilità, grazie la quale à massivamente utilizzato non solo dalla gente comune, ma anche da criminali ed organizzazioni terroristiche. Al fine di combattere queste ultime, è stato introdotto il cosiddetto sistema di Lawful Interception, il quale garantisce alle forze di Polizia, previo autorizzazione della Magistratura, la possibilità di localizzare ed intercettare determinate utenze attraverso l'utilizzo di diverse tecniche, tra le quali l'uso di IMSI-Catcher: particolari apparati portatili molto costosi in grado di tracciare e intercettare un telefono cellulare. Gli IMSI-Catcher sono utilizzati principalmente nel caso in cui non si conoscano (a priori e in dettaglio) i dati sugli utenti da tracciare e intercettare, o nel caso si sospetti la presenza d'insiders all'interno delle stesse compagnie telefoniche, i quali potrebbero compromettere le indagini.
Il seguente intervento tratterà diverse tematiche inerenti lo stato dell'arte della sicurezza delle reti cellulari. Quali vulnerabilità risiedono in esse. E quali tool vengono utilizzati per portare a termine con successo attacchi agli utenti e alla rete. Verranno inoltre presentati alcuni casi di studio reali e alcune ricerche condotte.
Mobile Network Security: a tale of tracking, spoofing and owning mobile phone...Luca Bongiorni
Quick overview of some case studies about: IMSI-Catcher (Stingray phone tracker), tracking phones, GPRS sniffing, GSM-R catching and DoS, POS, gambling machines, etc.
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil ProtectionLuca Bongiorni
Open BTS: Emergency GSM Messaging & Monitoring System for Civil Protection is proposed as a solution ready-to-deploy in the event of natural disaster, in that areas where GSM networks are temporarily down.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
2. 2 @LucaBongiorni
Advanced Network Technology Catalog
The ANT catalog is a 50-page classified document listing technology
available to the United States National Security Agency (NSA)
Tailored Access Operations (TAO) by the Advanced Network
Technology (ANT) Division to aid in cyber surveillance.
3. 3 @LucaBongiorni
Adversarial Ninja Playset Catalog
The ANP catalog is a 5-page (more to come) “kind-of-classified”
document listing technology (already) available to any InfoSec Ninja by
a bunch of Hardware Hackers* to aid in Red Team Operations.
* @Mame82 @exploit_agency @LucaBongiorni
4. 4 @LucaBongiorni
The ANP Catalog Club’s Requirements
•Being Open-Source
•Being Available to Anyone
•Being Sold at Sustainable Price
7. 7 @LucaBongiorni
WHID Injector – Schematics & Specs
• Atmega 32u4
– Arduino-friendly
• ESP-12
– WiFi (both AP and Client modes)
– TCP/IP Stack
– DNS Support
– 4MB Flash
• Pinout for weaponizing USB
gadgets
• HALL Sensor for easy unbrick
8. 8 @LucaBongiorni
Software Frameworks – ESPloitV2 GUI
• Evolution of WHID GUI
• Shipped w/ WHID Injector
• Hidden SSID (if needed)
• ESPortal Creds Harvester + Karma
• Multi OS & Multi KB Language
• AutoStart Function
• Change settings on-the-fly
• Live Payloads
• Duckyscript to WHID Converter
• OTA Update of ESP firmware
• Changeable VID/PID
• Reset ESP from Serial
• AirGap Bypass through Serial
9. 9 @LucaBongiorni
Software Frameworks – USaBuse
• Developed by @RoganDawes
• Bypass Air-Gapped restrictions
• Once connected to a PC:
– Creates a WiFi AP
– Stealthy Screensaver Killer
– Injects PoSH scripts that creates a HID
RAW as exfil channel to transfer data back.
– Returns a CMD shell to the attacker
– GAME OVER
• DEMO https://youtu.be/5gMvtUq30fA
12. 12 @LucaBongiorni
Weaponizing USB Gadgets
• Test for Social Engineering weaknesses
• Bypass physical access restrictions to a target’s device
• OR… You are Kim Jong-Un and wanna have fun pwning
international delegates.
30. 30 @LucaBongiorni
P4wnP1 – Operating Features
• Bypass Air-Gapped restrictions
– Uses a HID RAW as exfil channel to transfer data back (~50Kb/s)
– The HID backdoor can call back a remote C&C (in case of a weaponized
gadget & a known WiFi network available)
• Win10 Lockpicker
– Steals NetNTLMv2 hash from locked Windows machine, attempts to
crack the hash and enters the plain password to unlock the machine on
success. (Fixed with KB4041691 on October 10, 2017).
• WiFi Covert Channel (w/o admin privileges)
– Keystroke injection, to bring up USB HID tunnel.
– Delivery of client agent (NET Library) via HID tunnel into memory.
– Invocation of NET lib from PowerShell.
– C2 over Victim’s WiFi card (w/o disconnecting it)
– PoC & Sources http://bit.ly/2uY8SyU & https://youtu.be/fbUBQeD0JtA
36. 36 @LucaBongiorni
HID Attacks’ Mitigations 101
• Do Not Trust Unknown USB Devices!
• At Most, Use an USB Condom!
– Or Create your own DIY version
• Look For DLP Solutions that Really Block HID
37. 37 @LucaBongiorni
Mitigation Tools – Windows
• https://github.com/pmsosa/duckhunt
– Four Operational Modes:
• Paranoid: KB input is disallowed until a password is input. Attack will also be logged.
• Normal: KB input will temporarily be disallowed. Attack will also be logged.
• Sneaky: A few keys will be dropped. Attack will also be logged.
• LogOnly: Simply log the attack.
• https://github.com/JLospinoso/beamgun
– When a malicious HID is inserted it blocks keystrokes injection by continuously
stealing focus (and eventually locking the workstation)
38. 38 @LucaBongiorni
Mitigations in Linux 101
Use udev rules to temporarily disable the
addition of new HID devices by creating a file
/etc/udev/rules.d/10-usbblock.rules
with the content:
#ACTION=="add",
ATTR{bInterfaceClass}=="03" RUN+="/bin/sh
-c 'echo 0 >/sys$DEVPATH/../authorized'"
Run to Block:
sed -i 's/#//' /etc/udev/rules.d/10-usbblock.rules; udevadm
control --reload-rules
Run to Unlock Before Reboot:
sed -i ‘s/^/#/' /etc/udev/rules.d/10-usbblock.rules; udevadm
control --reload-rules
39. 39 @LucaBongiorni
Mitigation Tools – Linux
• https://github.com/trpt/usbdeath
– Anti-forensic tool that writes udev rules for known usb devices and do some
things at unknown usb insertion or specific usb device removal
• https://github.com/USBGuard/usbguard
– Software framework for implementing USB device authorization policies
46. 46 @LucaBongiorni
Long Range Readers
HID Proxcards
(125 KHz)
EM41xx
(125 KHz)
iClass & Mifare
(13.56 MHz)
Potato For Scale
(No. Is not
weaponized. It’s
just a Potato.)
50. 50 @LucaBongiorni
Mitigations
• Use the Anti-Tamper Switches!*
– PROS: Are already there!
• Encrypt Wiegand Data
– CONS: Need new Reader & Controller
• Upgrade to TCP/IP-based ACSes
– CONS: Need new Reader & Controller
– CONS: New Attack Vectors to check
• Detect HW implants by diffing amperage
changes
• Epoxy All The Things!!! (kidding)
*We all know they can be bypassed anyway. But still… they are there… better use them!
51. 51 @LucaBongiorni
Mitigations
• Use the Anti-Tamper Switches!
– PROS: Are already there!
• Encrypt Wiegand Data
– CONS: Need new Reader & Controller
• Upgrade to TCP/IP-based ACSes
– CONS: Need new Reader & Controller
– CONS: New Attack Vectors to check
• Detect HW implants by diffing
amperage changes
• Epoxy All The Things!!! (kidding)
62. 62 @LucaBongiorni
Covert Cases
• Power Socket
• Charging Station
• Bluetooth Speaker
• Smoke Alarm
– Battery powered & connected to RJ45 (offensive eth & wireless attacks)
– Male power socket (wireless only attacks)
66. 66 @LucaBongiorni
USB Devices Vs. DFIR – Windows Artifacts
• Registry Hives
• Tools For The Trade
– USBdeview
– USBLogView
– USBDeviceForensics
• Event Logs
• Command Run History
• Advanced DFIR
67. 67 @LucaBongiorni
USB Artifacts in Windows
• SYSTEM/CurrentControlSet/Enum/USBSTOR
• SYSTEM/CurrentControlSet/Enum/USB
• SYSTEM/CurrentControlSet/Enum/HID
• NTUSER.DAT/Software/Microsoft/Windows/CurrentVersion/Explorer
/MountPoints2
• Windows XP – ROOT/Windows/setupapi.log
• Windows Vista+ – ROOT/Windows/inf/setupapi.dev.log
74. 74 @LucaBongiorni
Command Run History
Instead of:
GUI + R
STRING <malicious command>
ENTER
Do:
GUI + R
STRING CMD (or Powershell)
ENTER
STRING <malicious command>
ENTER
75. 75 @LucaBongiorni
Command Run History
Instead of:
GUI + R
STRING <malicious command>
ENTER
Do:
GUI + R
STRING CMD (or Powershell)
ENTER
STRING <malicious command>
ENTER
Event Logs for the rescue!
76. 76 @LucaBongiorni
The Right Event Logs at The Right Time
Security Log Audit Plug and Play Activity
• 6416: A new external device was recognized by the System.
• 6419: A request was made to disable a device.
• 6420: A device was disabled.
• 6421: A request was made to enable a device.
• 6422: A device was enabled.
• 6423: The installation of this device is forbidden by system policy.
• 6424: The installation of this device was allowed, after having previously been
forbidden by policy.
• 1006: May contain Manufacturer, Model, Serial, and raw Partition Table, MFT,
and VBR data.