A gateway server is a server through which the computers in a LAN access the Internet. This is
usually done through NAT. It should also provide firewall protection for the LAN and it can also serve
as a DNS and DHCPD server for the LAN. Some years ago I have been involved in a project for building gateway servers like this, using
slackware on old PCs. In this article I will try to explain the things that I have done on this project and
how I did them.
DCEU 18: Tips and Tricks of the Docker CaptainsDocker, Inc.
Brandon Mitchell - Solutions Architect, BoxBoat
Docker Captain Brandon Mitchell will help you accelerate your adoption of Docker containers by delivering tips and tricks on getting the most out of Docker. Topics include managing disk usage, preventing subnet collisions, debugging container networking, understanding image layers, getting more value out of the default volume driver, and solving the UID/GID permission issues with volumes in a way that allows images to be portable from any developer laptop and to production.
Docker … Podman are two close but different tools. What are their differences, what are their commonalities? In this presentation, we propose to present the two tools in order to highlight their differences in design and their specificities, their similarities.
The objective is to allow you to know these tools, from their common roots (Cgroup, namespace,...) to their divergence (socket). From ease of use (Socket) to the hassle (proxy), we will address the strengths and weaknesses of each through our uses of them (build, test,...). We will of course mention our friends the CVEs to feed your thoughts on their security.
A gateway server is a server through which the computers in a LAN access the Internet. This is
usually done through NAT. It should also provide firewall protection for the LAN and it can also serve
as a DNS and DHCPD server for the LAN. Some years ago I have been involved in a project for building gateway servers like this, using
slackware on old PCs. In this article I will try to explain the things that I have done on this project and
how I did them.
DCEU 18: Tips and Tricks of the Docker CaptainsDocker, Inc.
Brandon Mitchell - Solutions Architect, BoxBoat
Docker Captain Brandon Mitchell will help you accelerate your adoption of Docker containers by delivering tips and tricks on getting the most out of Docker. Topics include managing disk usage, preventing subnet collisions, debugging container networking, understanding image layers, getting more value out of the default volume driver, and solving the UID/GID permission issues with volumes in a way that allows images to be portable from any developer laptop and to production.
Docker … Podman are two close but different tools. What are their differences, what are their commonalities? In this presentation, we propose to present the two tools in order to highlight their differences in design and their specificities, their similarities.
The objective is to allow you to know these tools, from their common roots (Cgroup, namespace,...) to their divergence (socket). From ease of use (Socket) to the hassle (proxy), we will address the strengths and weaknesses of each through our uses of them (build, test,...). We will of course mention our friends the CVEs to feed your thoughts on their security.
Fire & Ice: Making and Breaking macOS FirewallsPriyanka Aash
"In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.
However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.
This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy' macOS firewalls.
In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).
Of course any security tool, including firewalls, can be broken. After looking at various macOS malware specimens that proactively attempt to detect such firewalls, we'll don our 'gray' (black?) hats to discuss various attacks against these products. And while some attacks are well known, others are currently undisclosed and can generically bypass even today's most vigilant Mac firewalls.
But all is not lost. By proactively discussing such attacks, combined with our newly-found understandings of firewall internals, we can improve the existing status quo, advancing firewall development. With a little luck, such advancements may foil, or at least complicate the lives of tomorrow's sophisticated Mac malware!"
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
How to Burn Multi-GPUs using CUDA stress test memoNaoto MATSUMOTO
How to Burn Multi-GPUs using CUDA stress test memo (2017/05/20)
SAKURA Internet, Inc. / SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
My presentation in LinuxCon/CloudOpen Japan 2014.
It has passed few days since GlusterFS 3.5 released so feel free to correct me if you find my mistakes or misunderstandings. Thanks.
This document provides a complete report on a penetration test using Kali Linux with a vulnerable machine available on Vulnhub.com. The Game of Thrones CTF: 1 (Capture The Flag) contains 11 flags in total (7 kingdom flags, 3 secret flags and one battle flag). The first chapter introduces a short description about cyber-risks and general IT security nowadays. The second chapter contains the setting for the laboratory in Oracle Virtual Box software to virtualize the attacker machine and the target machine. Furthermore, the subchapters are about the attack narrative, each one according to a specific
step-by-step location. Please notice that this walkthrough might contain spoilers to the actual TV series.
Ultimately, a comment about the vulnerabilities found in this challenge, some recommendations and the major consulted resources and used tools.
Sling is an established web application framework, with a multitude of core features and extensions. It has a very productive inner loop, with OSGi bundle deployment, JCR content editing and live configuration updates. The less-told story is how an application should be assembled, configured, deployed, and monitored.
In this talk we will present the main approaches for bootstrapping, deploying, updating, and monitoring Sling-based applications, based on Open Source tools and libraries.
The participants will gain a better understanding of the options available for managing their own Sling-based application and will be able to minimise the effort needed to manage such an application.
Linux Security APIs and the Chromium SandboxPatricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
The Chromium Sandbox is used in the Vivaldi, Brave, Chrome and Opera browsers among others. It has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox and go through the steps and APIs used to construct it on Linux.
Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101Simone Onofri
After web 1.0 and web 2.0, web3 has arrived! After a brief introduction, where we will look at the evolution of the web and what has changed as far as security is concerned, we will dive into blockchain to understand how to attack Smart Contracts on Ethereum, how these intersect with more classic vulnerabilities, and what are the main vulnerabilities we can find in contracts written in Solidity.
Attacking Ethereum Smart Contracts a deep dive after ~9 years of deploymentSimone Onofri
This presentation dives deep into the security of Ethereum Smart Contracts written in Solidity, shedding light on common vulnerabilities. Inspired by the newly released OWASP Blockchain Top 10, the presentation will focus on famous vulnerabilities by examples.
After a brief introduction to Ethereum Blockchain and Solidity, the presentation will describe a systematic approach that includes source code analysis, dissecting real-world incidents, reverse-engineer the code of attacked contracts to reveal their inner workings, and use some vulnerable contracts to demonstrate these vulnerabilities interactively and engagingly, providing a practical understanding of issues such as Reentrancy, Arithmetic vulnerabilities, DoS attacks, and insecure randomness.
This talk aims to equip developers, security analysts, and blockchain enthusiasts with the knowledge to build more secure smart contracts. By understanding these security risks, participants will be better prepared to anticipate, identify, and mitigate potential threats, fostering a safer web3 environment.
More Related Content
Similar to Attacking IoT Devices from a Web Perspective - Linux Day
Fire & Ice: Making and Breaking macOS FirewallsPriyanka Aash
"In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.
However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.
This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy' macOS firewalls.
In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).
Of course any security tool, including firewalls, can be broken. After looking at various macOS malware specimens that proactively attempt to detect such firewalls, we'll don our 'gray' (black?) hats to discuss various attacks against these products. And while some attacks are well known, others are currently undisclosed and can generically bypass even today's most vigilant Mac firewalls.
But all is not lost. By proactively discussing such attacks, combined with our newly-found understandings of firewall internals, we can improve the existing status quo, advancing firewall development. With a little luck, such advancements may foil, or at least complicate the lives of tomorrow's sophisticated Mac malware!"
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
How to Burn Multi-GPUs using CUDA stress test memoNaoto MATSUMOTO
How to Burn Multi-GPUs using CUDA stress test memo (2017/05/20)
SAKURA Internet, Inc. / SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
My presentation in LinuxCon/CloudOpen Japan 2014.
It has passed few days since GlusterFS 3.5 released so feel free to correct me if you find my mistakes or misunderstandings. Thanks.
This document provides a complete report on a penetration test using Kali Linux with a vulnerable machine available on Vulnhub.com. The Game of Thrones CTF: 1 (Capture The Flag) contains 11 flags in total (7 kingdom flags, 3 secret flags and one battle flag). The first chapter introduces a short description about cyber-risks and general IT security nowadays. The second chapter contains the setting for the laboratory in Oracle Virtual Box software to virtualize the attacker machine and the target machine. Furthermore, the subchapters are about the attack narrative, each one according to a specific
step-by-step location. Please notice that this walkthrough might contain spoilers to the actual TV series.
Ultimately, a comment about the vulnerabilities found in this challenge, some recommendations and the major consulted resources and used tools.
Sling is an established web application framework, with a multitude of core features and extensions. It has a very productive inner loop, with OSGi bundle deployment, JCR content editing and live configuration updates. The less-told story is how an application should be assembled, configured, deployed, and monitored.
In this talk we will present the main approaches for bootstrapping, deploying, updating, and monitoring Sling-based applications, based on Open Source tools and libraries.
The participants will gain a better understanding of the options available for managing their own Sling-based application and will be able to minimise the effort needed to manage such an application.
Linux Security APIs and the Chromium SandboxPatricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
The Chromium Sandbox is used in the Vivaldi, Brave, Chrome and Opera browsers among others. It has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox and go through the steps and APIs used to construct it on Linux.
Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101Simone Onofri
After web 1.0 and web 2.0, web3 has arrived! After a brief introduction, where we will look at the evolution of the web and what has changed as far as security is concerned, we will dive into blockchain to understand how to attack Smart Contracts on Ethereum, how these intersect with more classic vulnerabilities, and what are the main vulnerabilities we can find in contracts written in Solidity.
Attacking Ethereum Smart Contracts a deep dive after ~9 years of deploymentSimone Onofri
This presentation dives deep into the security of Ethereum Smart Contracts written in Solidity, shedding light on common vulnerabilities. Inspired by the newly released OWASP Blockchain Top 10, the presentation will focus on famous vulnerabilities by examples.
After a brief introduction to Ethereum Blockchain and Solidity, the presentation will describe a systematic approach that includes source code analysis, dissecting real-world incidents, reverse-engineer the code of attacked contracts to reveal their inner workings, and use some vulnerable contracts to demonstrate these vulnerabilities interactively and engagingly, providing a practical understanding of issues such as Reentrancy, Arithmetic vulnerabilities, DoS attacks, and insecure randomness.
This talk aims to equip developers, security analysts, and blockchain enthusiasts with the knowledge to build more secure smart contracts. By understanding these security risks, participants will be better prepared to anticipate, identify, and mitigate potential threats, fostering a safer web3 environment.
Agile Business Consortium - LEGO SERIOUS PLAY e i Principi di Agile Project M...Simone Onofri
Agile è una filosofia e un modo di lavorare particolarmente adatto al mondo attuale dove i cambiamenti sono all'ordine del giorno. E' possibile capire a fondo i principi di Agile Project Management giocando, attraverso LEGO SERIOUS PLAY.
Workshop su Agile Project Framework e Agile PM per il PMI®-NIC Branch Lombardia. Cosa è Agile, l'Agile Project Framework e Agile Project Management e le tecniche MoScoW e il Timeboxing. Come si struttura un Team Agile.
Agile nei servizi di cyber security (Security Summit Edition)Simone Onofri
Nello scenario attuale Agile è una delle carte vincenti per offrire ai propri Clienti servizi di Cyber Security che generano il loro valore in poco tempo. Durante lo speech, dopo una breve introduzione, sarà descritta - tramite esempi e casi reali - la metodologia utilizzata in un contesto internazionale per i progetti di Security Testing ed Ethical Hacking.
Mamma, da grande voglio essere un Penetration Tester HackInBo 2016 WinterSimone Onofri
L'interesse per la Sicurezza delle Informazioni e della Sicurezza IT è in continua crescita. In un mondo dove l'informazione è una risorsa chiave della nostra vita lavorativa e non, la protezione delle informazioni e delle varie tecnologie che la gestiscono sono aspetti fondamentali. Dai tempi di "How to became a Hacker" e dell"Hacker's Manifesto", molti hacker diventano un consulenti che aiutano le organizzazione private e/o pubbliche Un mondo con diverse sfumature di grigio, questioni etiche e morali. Grazie anche all'influeza di film come Wargames o Matrix e telefilm come Mr. Robot, in molti sono interessati ad essere Security Consultant, Penetration Tester, Security Researcher (che non sono esattamente la stessa cosa). Il talk è una riflessione per destreggiarsi e ragionare su domande tipiche come: quali certificazioni? Quali corsi? Quali sono le competenze? L'approccio da usare? La strada da percorrere?
Penetration Testing con Python - Network SnifferSimone Onofri
Una nota massima dice che "se ascolto dimentico, se vedo ricordo, se faccio capisco", il "fare", come lo scrivere codice e non usare strumenti già pronti è la chiave per essere un buon Penetration Tester. Non è un caso che Chris Miller dice che "la differenza stra uno script kiddies e i professionisti è la mera differenza tra chi usa strumenti di altri o i propri" Ovviamente questo presuppone una profonda conoscenza di quello che si sta facendo - una tecnica di attacco particolare, i protocolli utilizzati, dei sistemi, delle aplicazioni e così via. Quindi scrivere i propri strumenti è un modo di imparare realmente quello che accade sotto al "motore" di altri strumenti e come funzionano gli attacchi. Durante il talk vedremo in particolare i raw socket su linux e come scrivere uno sniffer.
Nuove minacce nella Cyber Security, come proteggersiSimone Onofri
La Cyber Security è una problematica sempre più attuale. Il problema non è tanto capire SE ci sarà un attacco ma COME sarà eseguito e quindi COSA fare per difenderci. Che siamo singole persone, piccoli imprenditori, grandi aziende o Pubbliche Amministrazioni siamo sempre dei bersagli. Anche un attacco da un costo esiguo può portare ingenti perdite e impatti disastrosi. Come prevenire questi attacchi e, se accadono, come possiamo reagire per limitare il danno?
Dopo una breve descrizione delle ultime tendenze in fatto di Cyber Crime saranno analizzati diversi casi reali come quello di Sony - dove sono stati rubati 100 Terabyte di dati tra cui 5 film inediti e i dati dei dipendenti che hanno dovuto loro stessi reagire a questo attacco - e di Carbanak - dove è stato stimato un furto dai 500 milioni di euro a circa 1 miliardo - per comprendere come sarebbe stato possibile prevenire o limitare i danni. Una sezione sarà dedicata alla problematica del Phishing che diventa sempre più difficile da identificare e che spesso è il primo passo verso una compromissione persistente (Advanced Persistent Threat - APT).
Hackers vs Developers - Cross Site Scripting (XSS) Attacco e difesaSimone Onofri
E’ da poco stata pubblicata la nuova versione della OWASP Testing Guide che – nella versione 4 – aggiorna, amplia e completa la versione precedente. Comprende inoltre tre paragrafi specifici per i test dei Cross Site Scripting e altri che comprendono impatti simili. Non è un caso che nella TOP 10 2013 troviamo il Cross Site Scripting al terzo posto. Durante il talk ci focalizzeremo sul Cross Site Scripting e quali sono i vari metodi di attacco e difesa di questa vulneraiblità che – spesso sottovalutata – può portare anche al defacement di un sito web.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
3. Introduction
We will analyze and attack an IoT device the Travel Router,
the GLINET Shadow firmware version 3.25.
CVE-2023-31471 - Abuse of Functionality leads to RCE
CVE-2023-31473 - Arbitrary File Read
CVE-2023-31474 - Directory Listing
CVE-2023-31477 - Path Traversal
4. IOT Security
We think of IOT Devices as or things connected to the internet, making them smart
and impacting the physical world. So, we mention doors, kettles, power sockets, and
things that impact larger systems – say, “industrial” systems – to control production
cycles, turbines, dams, and other such things.
We can summarize in words attributed to Tim Kadlec:
“The S in IoT stands for security".
5. How to analyze IoT Devices
The IoT devices, despite their variety, can be broken down into common
elements for analysis: Physical components, firmware, network services, mobile
applications, cloud interaction, and communication interfaces. Each layer offers
unique insights for security and functionality assessment.
6. Multi-Layered Analysis
• Physical Components Analysis
• Examine outer device for model name, default settings, serial codes.
• Disassemble to study circuits, chips, and other hardware components.
• Firmware Analysis
• Reverse-engineer to find source code, process flow, and hardcoded passwords.
• Network/Web Services
• Examine TCP/IP services like Web Apps (our focus today), uPNP, telnet, SSH, etc.
• Mobile Applications
• Reverse engineering to find URLs, passwords, and operating logic.
• Cloud
• Understand how data is processed and stored in third-party servers.
• Communication Interfaces
• Analyze network traffic and protocols like Bluetooth, ZigBee, NFC, etc.
9. Useful info from the device
Apart from common information such
as the Model, IP, SSID, Key MAC
address, Serial number and DDNS, in
particular when analyzing strange
devices the FCC ID (the device ID
registered with the United States
Federal Communications
Commission), IC (Integrated Circuit)
and CMIIT ID ((the China Ministry of
Industry and Information Technology
identifier) are useful.
10. Firmware Analysis
Once we know the device’s name, we can determine the steps required to
download its firmware. This process can vary in complexity.
Extracting the firmware after disassembling the device.
Intercepting the traffic during the update.
Download it from the vendor’s website.
However, some vendors may require registration, proof of ownership, or
provide it encrypted.
13. Looking at extracted files
$ ls _openwrt-ar300m16-3.215-0921-1663732630.bin.extracted/squashfs-root
bin dev etc lib mnt overlay proc rom root sbin sys tmp
usr var www
As we explored the system, we came across a few intriguing directories. Since
we are focusing on web applications, we are particularly interested in the www
directory.
This directory will be helpful for us to browse when we connect via a web
browser, which will assist us in our attacks.
14. Emulation
Since our goal is to test the web application exposed by the router, we can try to
emulate just the binary that manages the web server – IoT devices have limited
resources, so a few binaries often manage the web server.
lighttpd (and others we will see later) is in the /usr/sbin/ directory.
One of the best tools to emulate a binary is QEMU
15. Prepare qemu
$ sudo apt install qemu-user-static
$ cd _openwrt-ar300m16-3.215-0921-1663732630.bin.extracted/squashfs-root/
$ cp /usr/bin/qemu-mips-static ./
$ ll
total 4468
drwxrwxr-x 16 user user 4096 mar 16 12:58 ./
drwxr-xr-x 3 user user 4096 mar 16 08:05 ../
drwxr-xr-x 2 user user 4096 sep 21 05:56 bin/
drwxr-xr-x 2 user user 4096 mar 16 11:13 dev/
drwxrwxr-x 31 root root 4096 may 13 2021 etc/
drwxrwxr-x 12 user user 4096 jul 29 2021 lib/
[...]
-rwxr-xr-x 1 user user 4491296 mar 16 08:06 qemu-mips-static*
[...]
drwxr-xr-x 2 user user 4096 mar 16 08:03 sbin/
lrwxrwxrwx 1 user user 3 sep 21 05:56 var -> tmp/
drwxr-xr-x 4 user user 4096 jul 29 2021 www/
16. First try
$ sudo chroot ./ ./qemu-mips-static /usr/sbin/lighttpd
2023-03-16 21:37:32: (server.c.1037) No configuration available.
Try using the -f option.
Then, we want to execute the qemu-mips emulator (the target architecture is
MIPS 32-bit, which is easy to check with the file command) and chroot to the
target filesystem (so that we have the correct path to load the firmware
libraries)
17. Second try
$ sudo chroot ./ ./qemu-mips-static /usr/sbin/lighttpd -f
/etc/lighttpd/lighttpd.conf
2023-03-16 21:39:30: (configfile.c.1160) opening
configfile /etc/lighthttpd/lighthttpd.conf failed: No such file or
directory
It looks like the executable is running, but it needs a configuration file. Searching
squashfs we found a possible configuration file under
/etc/lighttpd/lighttpd.conf. Let’s retry the execution
18. Third try
$ sudo chroot ./ touch /dev/null
$ sudo chroot ./ ./qemu-mips-static /usr/sbin/lighttpd -f /etc/
lighttpd/lighttpd.conf
failed to execute shell: /bin/bash -c cat /etc/lighttpd/ conf.d/*.conf: No such
file or directory
2023-03-16 21:44:00: (server.c.1157) opening pid-file failed:
/var/run/lighttpd.pid No such file or directory
2023-03-16 21:44:00: (server.c.416) unlink failed for: /var/run/lighttpd.pid 2 No
such file or directory
For the other errors, since /dev/null is not present on the extracted filesystem,
we need to create it (touch /dev/null) and execute it again:
19. Fourth try
$ sudo chroot ./ mkdir /var/run
$ sudo chroot ./ ./qemu-mips-static /usr/sbin/lighttpd -f
/etc/lighttpd/lighttpd.conf
failed to execute shell: /bin/bash -c cat /etc/lighttpd/
conf.d/*.conf: No such file or directory
daemonized server failed to start; check the error log for details
Let’s create the /var/run directory and try again:
20. Fifth try
$ sudo chroot ./ cat /etc/lighttpd/lighttpd.conf | grep cat
include_shell "cat /etc/lighttpd/conf.d/*.conf"
$ sudo chroot ./ ls /etc/lighttpd/conf.d/
30-access.conf 30-cgi.conf 30-expire.conf 30-fastcgi.
conf 30-openssl.conf 30-proxy.conf
On reading all the .conf files under /etc/lighttpd/conf.d/, we can see that only one
error is left now, and the problem seems related to the execution of cat.
By checking the lighttpd.conf file, we can see that the error seems to be related to a
specific line of the configuration, which triggered the cat command to read and
include all the .conf files in that directory and include them manually.
21. Sixth try
include "/etc/lighttpd/conf.d/30-access.conf"
include "/etc/lighttpd/conf.d/30-cgi.conf"
include "/etc/lighttpd/conf.d/30-expire.conf"
include "/etc/lighttpd/conf.d/30-fastcgi.conf"
include "/etc/lighttpd/conf.d/30-openssl.conf"
include "/etc/lighttpd/conf.d/30-proxy.conf"
Modify (religious choice: vi or nano) the chrooted /etc/lighttpd/lighttpd.conf file
while commenting the include_shell line and adding the files manually, looking
at the /etc/lighttpd/conf.d/ directory:
And run again
$ sudo chroot ./ ./qemu-mips-static /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
daemonized server failed to start; check the error log for details
22. Seventh try
$ sudo chroot ./ mkdir /var/log
$ sudo chroot ./ mkdir /var/log/lighttpd
$ sudo chroot ./ ./qemu-mips-static /usr/sbin/lighttpd -f
/etc/lighttpd/lighttpd.conf
In terms of the logs, their folder is missing, so create it and re-run the code
again:
There’s no error this time. Let’s use netstat to check for new services listening
on ports
$ sudo netstat -anp | grep qemu
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 7685/./qemu-mips-st
tcp 0 0 0.0.0.0:443 0.0.0.0:*
LISTEN 7685/./qemu-mips-st
23. Emulated web server
It works now, but something
still doesn’t add up: it doesn’t
load the router image. Trying
to create the user, we receive
an HTTP error, 500.
We know that
/www/cgi-bin/api is the
binary that manages the
APIs…
24.
25.
26. Let’s call the Dragon
• Open the /www/cgi-bin/api file with Ghidra
• Search among the strings (Search | For Strings) for initpwd
• Click on the location to see the code
• Click on its cross-reference (get_internal_api_dispatcher:0042cacc).
• We can see a reference of the function that’s responsible for the
password initialization, router_init_root_pwd, at the 0042cb28
address, and decompile it
27.
28.
29.
30.
31.
32. UCI
• As we can see, these requests are performed using the UCI (Unified
Configuration Interface) API, the framework that centralizes device
configuration on OpenWrt.
• We can observe that the configuration is stored in files under the
/etc/config/* directory by reading the UCI documentation.
• Specifically, in this case, the program checks for the glconfig
configuration (glconfig. general.password and
glconfig.general.model),
34. Edit parameters and restart
# look at the actual configuration settings from the booting vendor’s script
$ cat /lib/functions/gl_util.sh
config service 'general'
option port '83'
option model 'ar300m'
option factory_mac '00:11:22:33:44:55'
option language 'EN'
# to write down the configuration
$ vi /etc/config/glconfig
# kill the old process, then restart
$ sudo chroot ./ ./qemu-mips-static /usr/sbin/lighttpd -f
/etc/lighttpd/lighttpd.conf
39. Looking into previous research
When searching for vulnerabilities on a new target, we always look for previous
vulnerabilities. In addition to using our favorite search engine, we also check
the release notes for any available information.
Previous version was affected by Command Injection, and a fix filtering suitable
characters such as | $ ( ) ` %0a was implemented correctly.
40. Finding another way
to execute code
When 'pure' Command Injections are fixed, we can abuse the calls to OS
Commands, by exploiting the parameters and functionalities of the binaries being
called.
This can be achieved through Abuse of Functionality or Parameter Injection.
..such as “Install Plugins” functionality.
63. Recap
We found that the Web Application let us to force to install (by abusing the opkg
binary) a malicious ipk package from an arbitrary location, and then execute that
by specifying the execution command in the postinst script.
What we need:
1. create a ipk (we’ll develop a reverse shell Backdoor)
2. put the execution in the postinst script
3. setup a listener for the reverse shell
4. enjoy
Bonus:
● Directory Listing
● Arbitrary File reading
All this stuff executed with root permission!
64. Creating the backdoor for OpenWrt
to create our backdoor, we first need the C code of what we need - for
example, a reverse shell - and then to put it inside an ipk package - the
format of opkg. To do this, we created a docker with the toolchain -
available in the book's repository - to facilitate its creation.