Krzysztof Kotowicz gave a talk at Hack in Paris in June 2014 about lessons learned from trusting JavaScript cryptography. He discussed the history of skepticism around JS crypto due to language weaknesses like implicit type coercion and lack of exceptions. He then analyzed real-world vulnerabilities in JS crypto libraries like Cryptocat that exploited these issues, as well as web-specific issues like cross-site scripting. Finally, he argued that while the JS language has flaws, developers can still implement crypto securely through practices like strict mode, type checking, and defense-in-depth against web vulnerabilities.
With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security.
During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach.
Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data.
Learning Objectives:
Upon completion of this seminar, participants will be able to:
1. Understand the history and evolution of Zero Trust and its application to data security.
2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security.
3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security.
4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data.
5. Network with other industry professionals to share insights and best practices.
With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security.
During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach.
Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data.
Learning Objectives:
Upon completion of this seminar, participants will be able to:
1. Understand the history and evolution of Zero Trust and its application to data security.
2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security.
3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security.
4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data.
5. Network with other industry professionals to share insights and best practices.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfidsecconf
Menceritakan pengalaman bug hunting kerentanan clickjacking pada beberapa produk Google dan membahas beberapa teknik untuk melakukan bypass terhadap kerentanan tersebut. Serta menjelaskan clickjacking yang benar berdasarkan pengalaman pribadi
TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go.
Putting too much trust in security products alone can be the downfall of an organization. In the 2015 BSides Tampa talk “Pentest Apocalypse” Beau discussed 10 different pentesting techniques that allow attackers to easily compromise an organization. These techniques still work for many organizations but occasionally more advanced tactics and techniques are required. This talk will continue where “Pentest Apocalypse” left off and demonstrate a number of red team techniques that organizations need to be aware of in order to prevent a “Red Team Apocalypse” as described in the tabletop scenario above.
F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.
When you don't have 0days: client-side exploitation for the massesMichele Orru
Conference: InsomniHack (21 March 2014)
Talk speakers:
Michele Orru (@antisnatchor)
Krzysztof Kotowicz (@kkotowicz)
Talk abstract:
A bag of fresh and juicy 0days is certainly something you would love to get
as a Christmas present, but it would probably be just a dream you had one of those drunken nights.
Hold on! Not all is lost! There is still hope for pwning targets without 0days.
We will walk you through multiple real-life examples of client-side pwnage, from tricking the victim to take the bait, to achieving persistence on the compromised system.
The talk will be highly practical and will demonstrate how you can do proper client-side exploitation effectively, simply by abusing existing functionalities of browsers, extensions, legacy features, etc.
We'll delve into Chrome and Firefox extensions (automating various repetitive actions that you'll likely perform in your engagements), HTML applications, abusing User Interface expectations, (Open)Office macros and more. All the attacks are supposed to work on fully patched target software, with a bit of magic trickery as the secret ingredient.
You might already know some of these exploitation vectors, but you might need a way to automate your attacks and tailor them based on the victim language, browser, and whatnot. Either way, if you like offensive security, then this talk is for you.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfidsecconf
Menceritakan pengalaman bug hunting kerentanan clickjacking pada beberapa produk Google dan membahas beberapa teknik untuk melakukan bypass terhadap kerentanan tersebut. Serta menjelaskan clickjacking yang benar berdasarkan pengalaman pribadi
TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go.
Putting too much trust in security products alone can be the downfall of an organization. In the 2015 BSides Tampa talk “Pentest Apocalypse” Beau discussed 10 different pentesting techniques that allow attackers to easily compromise an organization. These techniques still work for many organizations but occasionally more advanced tactics and techniques are required. This talk will continue where “Pentest Apocalypse” left off and demonstrate a number of red team techniques that organizations need to be aware of in order to prevent a “Red Team Apocalypse” as described in the tabletop scenario above.
F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.
When you don't have 0days: client-side exploitation for the massesMichele Orru
Conference: InsomniHack (21 March 2014)
Talk speakers:
Michele Orru (@antisnatchor)
Krzysztof Kotowicz (@kkotowicz)
Talk abstract:
A bag of fresh and juicy 0days is certainly something you would love to get
as a Christmas present, but it would probably be just a dream you had one of those drunken nights.
Hold on! Not all is lost! There is still hope for pwning targets without 0days.
We will walk you through multiple real-life examples of client-side pwnage, from tricking the victim to take the bait, to achieving persistence on the compromised system.
The talk will be highly practical and will demonstrate how you can do proper client-side exploitation effectively, simply by abusing existing functionalities of browsers, extensions, legacy features, etc.
We'll delve into Chrome and Firefox extensions (automating various repetitive actions that you'll likely perform in your engagements), HTML applications, abusing User Interface expectations, (Open)Office macros and more. All the attacks are supposed to work on fully patched target software, with a bit of magic trickery as the secret ingredient.
You might already know some of these exploitation vectors, but you might need a way to automate your attacks and tailor them based on the victim language, browser, and whatnot. Either way, if you like offensive security, then this talk is for you.
At HolidayCheck we are working in a very fast and challenging environment on a daily base. Applying agile methods to improve our products and the solutions for our customers sounds logical. However it isn't a linear path and therefore we need to learn to deal with the various moves. The moves are similar like the once from a pendular. The softness of the tai-ch moves and forms is a great way to deal with these motions that you might not be able to control as an agile coach at all times.
Dark Fairytales from a Phisherman (Vol. II)Michele Orru
Phishing attacks are a prevalent threat against large or small organisations. As professionals in the security field we need to be able to give our clients the look and feel of what a real "bad guy" may do to attack an organisation.
Leverage Phishing Frenzy and BeEF on your next engagement to ensure your client is getting the most out of their assessment. With simple templates you can launch an effective phishing campaign in minutes, and thanks to the BeEF integration you’ll be hooking and exploiting browsers in no time.
Have you ever wondered what is the best pretext to use during your phishing campaign use-case? What about timeframes? We’ll discuss statistics based on real-world professional phishing engagements. We'll also entertain you with fun (and real) hacking stories involving phishing and client-side exploitation.
If you had to rank the best and worst moments of your JavaScript life, you’d probably rank reading “The Good Parts” up towards the top, and deep down at the bottom of the list would be the day that you found out that you couldn’t make cross-domain requests in the browser. This talk covers the hacks, tips, and tricks to leave the Same Origin Policy in the dust. So grab a cookie, pad your JSON, and learn how to communicate properly.
Phishing and client-side exploitation DevOps for all your needs. Combine BeEF, PhishingFrenzy and your fishy business to automate most of the usual phishing workflow while minimising human interaction.
Developer's Guide to JavaScript and Web CryptographyKevin Hakanson
The increasing capabilities and performance of the web platform allow for more feature-rich user experiences. How can JavaScript based applications utilize information security and cryptography principles? This session will explore the current state of JavaScript and Web Cryptography. We will review some basic concepts and definitions, discuss the role of TLS/SSL, show some working examples that apply cryptography to real-world use cases and take a peek at the upcoming W3C WebCryptoAPI. Code samples will use CryptoJS in the browser and the Node.js Crypto module on the server. An extended example will secure the popular TodoMVC project using PBKDF2 for key generation, HMAC for data integrity and AES for encryption.
Todas las semanas en Saucépolis publicamos un resumen con algunos de los acontecimientos de interés cultural, de ocio o turístico que más pueden interesar a los zaragozanos y a la gente que nos visita: es nuestra gaceta a la que llamamos "Saucépolis News". Este es un breve resumen de los acontecimientos turísticos y de ocio en Zaragoza esta semana:
Franz Ferdinand en el Principe Felipe.
La banda de Alex Kapranos llega a Zaragoza en la gira de presentación de su último trabajo Tonight. Los escoceses son uno de los grupos mas importantes del momento, con un sonido muy reconocible, un directo espectacular y un puñado de canciones que son ya clásicos de la última década. Broche de oro a una temporada de conciertos excelente en nuestra ciudad.
Pabellón Principe Felipe de Zaragoza
4 de Diciembre 20:00 Horas.
Doble oferta de música clásica.
La orquesta de cámara del Auditorio de Zaragoza, nuestros amigos del grupo Enigma, nos ofrecen este martes la Serenata en si bemol para trece instrumentos de Mozart. Dos días mas tarde, otros viejos conocidos de esta casa, el grupo Al Ayre Español interpretarán Las últimas siete palabras de Cristo en la cruz de Haydn. Una semana de música clásica en Saucepolis.
Sala Luis Galve del Auditorio de Zaragoza
1 de Diciembre 20:15 Horas
Sala Mozart del Auditorio de Zaragoza
3 de Diciembre 20:15 Horas.
La vida es juego.
El Centro de Historia de Zaragoza nos sorprende en esta ocasión con una exposición acerca de la historia del videojuego. Partiendo de los primeros videojuegos en la década de los 50’s, se realiza un estudio sobre el desarrollo, la promoción y lanzamiento y el impacto social del producto. Por último, el juegódromo permitirá al visitante experimentar con algunos de los juegos sobre los que versa la muestra. A partir del 3 de Diciembre en el Centro de Historia de Zaragoza.
Centro de Historia de Zaragoza.
Laborables de 10:00 a 20:00 Horas.
Festivos de 10:00 a 14:00 Horas.
Lunes cerrado
Xotelia - How to convert your visitors into bookersJeffrey Messud
Nowadays the web has become a powerful search engine tool for travelers. Innkeepers must make sure that their websites transmit quality, professionalism and credibility together with a good design and comfortable look-and-feel. But how well does your current online presence convert online visitors to bookers? One of the most important aspects for your online success has to do with the way your business is presented. Creating a high-conversion website is definitely not easy but there are many important details that must be taken into account.
Communication Infrastructure and Urban Commons: Localized Information and Communication Technologies (ICTs)
Yong-Chan Kim & Ji Min Park
Urban Communication Lab
Yonsei University, Seoul, Korea
The screencast of this presentation can be found at https://youtu.be/o3uy7dgG_n4
There is an assumption in the industry, amongst companies large and small alike, that if they store sensitive user data (and sometimes do some mild encryption) in their database, it's locked in and secured from potential attacks. People rely too heavily on their false assumptions of security, and it usually ends up costing them extensively when that is proven wrong.
In this session, Jonathan will build a foundation for identity and data security that everyone dealing with sensitive data should understand. We'll break down concepts of identity security, common attack vectors and how to protect yourself, and how to harden your web application.
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
Security Vulnerabilities: How to Defend Against ThemMartin Vigo
In recent years it became the norm to wake up to news about hackers, cyber attacks, ransom campaigns and NSA. Since 2003 the Open Web Application Security Project (OWASP) is the go-to reference to learn more about security vulnerabilities. OWASP published a list of the Top 10 most common security issues for Web.
In this talk, we will review the list to learn the details and discuss how to harden and defend our Web applications from those vulnerabilities. If you care about your product and customer's data, want to become a better developer or are simply interested in the kind of cyber attacks delinquents use to compromise websites, this talk is for you.
How common exploits are used to take over a website, how to identify those vulnerabilities in your own code and prevent your site from being compromised. The bad guys know all the techniques, but it doesn't mean we should make it any easier to take over sites. Preventing some vulnerabilities is done by keeping these issues in mind as you're developing your code.
Join Stormpath Developer Evangelist, Robert Damphousse, to dive deep into browser security. Robert will explain how Session IDs, Man in the Middle (MITM), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) attacks work, and how to use cookies to support security best practices.
Topics Covered:
- Security concerns for modern web apps
- Cookies, the right way
- MITM, XSS, and CSRF attacks
- Session ID problems
- Examples in an Angular app
LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker.
The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.
Intro slides for a tutorial on hacking common vulnerabilities and how to prevent those problems in your own code. This is a PHP based tutorial that's hands on, but the slides can help as reference material for a few common hacks
Devouring Security Insufficient data validation risks Cross Site Scriptinggmaran23
Devouring Security: Insufficient Data Validation Risks - Cross Site Scripting (XSS)
• Risk, Stories & the news
• XSS Anatomy
• Untrusted Data Sources – Well, Where did that come from?
• Shouldn’t it be called CSS instead?
• Types of XSS
- Type 0 [DOM based]
- Type 1 [Reflected or Non-persistent XSS]
- Type 2 [Persistent or Stored XSS]
• Live Demo: XSS 101 with alert('hello XSS world')
• Live Demo: Cookie Hijacking and Privilege Escalation
- Face/Off with John Travolta and Nicolas Cage
• Live Demo: Let’s deploy some Key loggers,huh?
• Mitigations
- Input Sanitization
- Popular Libraries for .Net, Java, php
Demo: Input sanitization
- Whitelists (vs. Blackists)
- Output Encoding
Contextual
Demo: Output Encoding
- Browser Protections & bypasses
- Framework Protections & bypasses
- Content Security Policy (CSP) in brief
• Secure Code reviews: Spot an XSS, How?
• Tools: Do we have an option?
• XSS Buzz and how to Fuzz
• Renowned Cheat sheets
• Further reading & References
Trusted Types - Securing the DOM from the bottom up (JSNation Amsterdam)Krzysztof Kotowicz
18 years have passed since Cross-Site Scripting (XSS) has been identified as a web vulnerability class. Since then, numerous efforts have been proposed to detect, fix or mitigate it. We've seen vulnerability scanners, fuzzers, static & dynamic code analyzers, taint tracking engines, linters, and finally XSS filters, WAFs and all various flavours of Content Security Policy.
Various libraries have been created to minimize or eliminate the risk of XSS: HTML sanitizers, templating libraries, sandboxing solutions - and yet XSS is still one of the most prevalent vulnerabilities plaguing web applications.
It seems like, while we have a pretty good grasp on how to address stored & reflected XSS, "solving" DOM XSS remains an open question. DOM XSS is caused by ever-growing complexity of client-side JavaScript code (see script gadgets), but most importantly - the lack of security in DOM API design.
But perhaps we have a chance this time? Trusted Types is a new browser API that
allows a web application to limit its interaction with the DOM, with the goal of obliterating
DOM XSS. Based on the battle-tested design that prevents XSS in most of the Google web applications, Trusted Types add the DOM XSS prevention API to the browsers. Trusted Types allow to isolate the application components that may potentially introduce DOM XSS into tiny, reviewable pieces, and guarantee that the rest of the code is DOM-XSS free. They can also leverage existing solutions like autoescaping templating libraries, or client-side sanitizers to use them as building blocks of a secure application.
Trusted Types have a working polyfill, an implementation in Chrome and integrate well with existing JS frameworks and libraries. Oddly similar to both XSS filters and CSP, they are also fundamentally different, and in our opinion have a reasonable chance of eliminating DOM XSS - once and for all.
Video recording of the talk: https://connect.ruhr-uni-bochum.de/p3g2butmrt4/
HTML5 is quickly gaining media attention and popularity among browser vendors and web developers. Having tremendous features, together with its sister specifications like Drag & Drop API, File API or Geolocation it allows developers to build rich web applications that easily blend with desktop & mobile environments.
The talk will be focused on finding the weakest link and combining several recent attack techniques to turn a security vulnerability into a successful exploit.
We'll show how to build a successful advanced UI-Redressing attack (also known as clickjacking), presenting the latest findings in this field, including malicious games and quizes. We'll work on file upload functionalities in current web applications and see how attackers might use HTML5 APIs for their advantage. Putting all these building blocks together will enable us to launch an attack and exploit even the otherwise unexploitable vulnerabilities.
Creating, obfuscating and analyzing malware JavaScriptKrzysztof Kotowicz
Malware attacks on unaware Internet users' browsers are becoming more and more common. New techniques for bypassing filters used by security vendors emerge. In turn, the filters are getting better, new analyzing tools are developed - the war continues. At the presentation you will learn how crackers are trying to hamper the work of security engineers, and how reversers are overcoming those problems. Emphasis will be placed on the weaknesses of automated tools - we'll try to avoid detection by jsunpack and Capture-HPC, we'll also trick Dean Edwards' Unpacker.
Tworzenie, zaciemnianie i analiza złośliwego kodu JavaScriptKrzysztof Kotowicz
Ataki malware'u na przeglądarki nieświadomych internautów stają się coraz powszechniejsze. Wciąż powstają nowe techniki pozwalające obejść filtry stosowane przez producentów oprogramowania zabezpieczającego. Z kolei filtry są coraz lepsze, powstają też nowe narzędzia - walka trwa. Na prezentacji dowiecie się, jak włamywacze usiłują utrudnić pracę analizatorom ich kodu i jak reverserzy sobie z tym radzą. Nacisk zostanie położony na słabości narzędzi automatycznych - będziemy usiłowali uniknąć wykrycia przez jsunpack i Capture-HPC, oszukamy też popularny unpacker Deana Edwardsa.
Co to jest SQL injection i jak wyglądają współczesne ataki na serwisy? Dlaczego SQL injection jest takie groźne? Jak w praktyce obronić się przed tą luką w bezpieczeństwie i ocalić swoje dane?
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
Learn what is SQL injection, how to use prepared statements, how to escape and write secure stored procedures. Many PHP projects are covered - PDO, Propel, Doctrine, Zend Framework and MDB2. Multiple gotchas included.
Kompletny przewodnik po SQL injection dla developerów PHP (i nie tylko)Krzysztof Kotowicz
W trakcie prezentacji zademonstrujemy szkody, na jesteście narażeni nie myśląc o SQL injection. Dowiecie się, jak się przed nim bronić - zarówno w teorii, jak i na konkretnych przykładach. Nauczymy się pisać bezpiecznie w PHP 5 - sprawdzimy Zend Framework i Symfony, przenalizujemy Propel, Doctrine, PDO i mdb2. Omówimy wszystkie kruczki i różnice między różnymi systemami baz danych (Oracle, MS SQL Server, MySQL) oraz nauczymy się pisać procedury składowane odporne na SQL injection.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...ssuser7dcef0
Power plants release a large amount of water vapor into the
atmosphere through the stack. The flue gas can be a potential
source for obtaining much needed cooling water for a power
plant. If a power plant could recover and reuse a portion of this
moisture, it could reduce its total cooling water intake
requirement. One of the most practical way to recover water
from flue gas is to use a condensing heat exchanger. The power
plant could also recover latent heat due to condensation as well
as sensible heat due to lowering the flue gas exit temperature.
Additionally, harmful acids released from the stack can be
reduced in a condensing heat exchanger by acid condensation. reduced in a condensing heat exchanger by acid condensation.
Condensation of vapors in flue gas is a complicated
phenomenon since heat and mass transfer of water vapor and
various acids simultaneously occur in the presence of noncondensable
gases such as nitrogen and oxygen. Design of a
condenser depends on the knowledge and understanding of the
heat and mass transfer processes. A computer program for
numerical simulations of water (H2O) and sulfuric acid (H2SO4)
condensation in a flue gas condensing heat exchanger was
developed using MATLAB. Governing equations based on
mass and energy balances for the system were derived to
predict variables such as flue gas exit temperature, cooling
water outlet temperature, mole fraction and condensation rates
of water and sulfuric acid vapors. The equations were solved
using an iterative solution technique with calculations of heat
and mass transfer coefficients and physical properties.
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
1. Biting into the
forbidden fruit
Lessons from trusting Javascript crypto
Krzysztof Kotowicz, Hack in Paris, June 2014
2. About me
• Web security researcher
• HTML5
• UI redressing
• browser extensions
• crypto
• I was a Penetration Tester @ Cure53
• Information Security Engineer @ Google
Disclaimer: “My opinions are mine. Not Google’s”.
Disclaimer: All the vulns are fixed or have been publicly disclosed in the past.
4. JS crypto history
• Javascript Cryptography Considered Harmful
http://matasano.com/articles/javascript-
cryptography/
• Final post on Javascript crypto
http://rdist.root.org/2010/11/29/final-post-on-
javascript-crypto/
5. JS crypto history
• It’s not needed!
• Implicit trust in the server
• SSL / TLS required
• It’s dangerous!
• Any XSS can circumvent the code
• It’s hard!
• Poor crypto support in the language
• Mediocre library quality
• JS crypto is doomed to fail!
6. Doomed to fail?
https://www.mailvelope.com/https://crypto.cat/ http://openpgpjs.org/
Multiple crypto primitives libraries, symmetric &
asymmetric encryption, TLS implementation, a few
OpenPGP implementations, and a lot of user applications
built upon them. Plus custom crypto protocols.
7. Action plan
• Look at the code
• Find the vulnerabilities
• Understand the root cause
• Compare to native crypto
8. JS crypto vulns in the wild
• Language issues
• Caused by a flaw of the language
!
• Web platform issues
• “The web is broken”
11. Javascript in a glance
• a dynamic language
• a weakly typed language
• with prototypical inheritance
• with a global object
• and a forgiving parser
12. It’s a flexible language
• Code in 6 characters only!
!
!
!
!
• alert(1), obviously
[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!!
[]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]
+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+
[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+
(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!
+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+
[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]
+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]
+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]
+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+
(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+
[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()
13. Bit quirks
• All numbers are floats
http://www.2ality.com/2012/04/number-encoding.html
• Bit shifts are tricky
!
!
!
• “The right operand should be less than 32, but if not only the low
five bits will be used.”
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/
Bitwise_Operators
1 << 31 // -2147483648!
1 << 32 // 1
1 << 33 // 2!
1 << 31 << 1 // 0!
1 << 31 >> 31 // -1
1 << 31 >>> 31 // 1. Sigh!
14. Weak typing
• A lot of gotchas & silent type conversions
!
!
!
• Devs don’t use types. This matters to crypto!
// From wtfjs.com!
!
true == 'true'!
false != 'false'!
!
Math.min() > Math.max()!
!
typeof null == 'object'!
!(null instanceof Object)
15. Weak typing
• Cryptocat adventures with entropy
http://tobtu.com/decryptocat.php
!
!
!
• != 64 random bytes.
• Entropy loss - 512 bits => 212 bits
// Generate private key (64 random bytes)!
var rand = Cryptocat.randomString(64, 0, 0, 1, 0);
"7065451732615196458..."
// Generates a random string of length `size` characters.!
// If `alpha = 1`, random string will contain alpha characters,
// and so on.!
// If 'hex = 1', all other settings are overridden.!
Cryptocat.randomString = function(!
size, alpha, uppercase, numeric, hex)
16. Magic properties
• Cryptocat - a multiparty chat application
• Check if we don’t yet have the user’s key (=new user).
Generate shared secrets (hmac key + encryption key)
!
!
• Decrypt incoming message (if you have a secret already)
if (!publicKeys[sender]) {!
publicKeys[sender] = receivedPublicKey;!
multiParty.genSharedSecret(sender);!
}
if (sharedSecrets[sender]) {!
if (message[myName]['hmac'] === HMAC(ciphertext, !
sharedSecrets[sender]['hmac'])) {!
message = decryptAES(ct, sharedSecrets[sender]['msg']);!
return message;!
}
17. Magic properties
• Meet __proto__. Always there
!
!
• publicKeys[‘__proto__’] == true, so shared secret is never
generated
• But sharedSecrets[‘__proto__’] == true, so decryption throws
exception
• [CVE 2013-4100] Joining chat as __proto__ breaks chat for
everyone.
http://www.2ality.com/2012/01/objects-as-maps.html
publicKeys = {one: "1", two: "2"}!
publicKeys['__proto__'] // {}!
Boolean(publicKeys[‘__proto__’]) // true
18. Magic properties
• Python has them too!
• Kill an application by submitting a hash algorithm
__delattr__
• http://blog.kotowicz.net/2013/12/breaking-google-
appengine-webapp2.html
19. Silent errors
!
!
• Out-of-bounds array access does not throw error
• At least it returns harmless undefined
(I‘m looking at you, C)
a = [1];!
a[0] // 1!
a[1000] // undefined. No error!
20. Unicode fun
• JS strings are unicode, not byte arrays
• String.charCodeAt(index) returns the numeric
Unicode value of the character
• Not a byte value!
• https://speakerdeck.com/mathiasbynens/hacking-
with-unicode
21. 16 snowmen attack!
• Reveals AES key by encrypting Unicode and
decrypting the result
http://vnhacker.blogspot.com/2014/06/why-
javascript-crypto-is-useful.html
☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃
26. Decrypting…
• Decrypt the ciphertext with the same key
• In last round:
!
!
!
• plaintext = key ⊕ [0x52, 0x52, …]
• key = plaintext ⊕ [0x52, 0x52, …]
function SubBytes(state, Sbox) // state = [0, 0, …]!
{!
var i;!
for( i=0; i<16; i++ )!
state[i] = Sbox[ state[i] ];!
return state; // [0x52, 0x52, …]!
}
27. Type coercion
CVE-2014-0092 GnuTLS certificate validation bypass
http://blog.existentialize.com/the-story-of-the-gnutls-bug.html!
!
!
!
• C has no exceptions. Errors were reported as negative
numbers. But callers treated return value as a boolean:
/* Checks if the issuer of a certificate is a!
* Certificate Authority
* Returns true or false, if the issuer is a CA,!
* or not.!
*/!
static int!
check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,!
unsigned int flags)
if (ret == 0) { /*cert invalid, abort */}
28. Language issues
• They are not unique to Javascript
• You can overcome them!
• ES 5 strict mode
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/
Functions_and_function_scope/Strict_mode
• Type enforcing - e.g. Closure Compiler
https://developers.google.com/closure/compiler/
• Development practices: tests, continuous integration,
code reviews
30. Web platform
• Javascript code runs in a JS engine…
*Monkey, v8, Nitro, Chakra, SunSpider
• In an execution environment…
browser renderer process, server process
• With different APIs available…
DOM, WebCrypto, browser extension API
• With different restriction/isolation policies…
Same Origin Policy, CSP, iframe sandbox, extension security
policies
• These conditions are much more important to crypto!
31. XSS
• Web is full of it
• Any XSS is RCE equivalent for web
• XSS can bypass any crypto code in the same origin
• replace a PRNG
• exfiltrate the key or plaintext
• replace the public key
• There are XSSes in crypto code
32. XSS
• Mailvelope - DOM XSS in Gmail by sending encrypted
<img onerror=alert(1)> to the victim
33. XSS
• [CVE 2013-2259] Cryptocat used client side filtering of
nickname / conversation name.
!
!
!
!
• Chrome extension: CSP, only UI Spoofing
• Firefox extension: XSS = RCE in the OS
34. RCE in non-JS crypto
• [CVE-2014-3466] A flaw was found in the way
GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious
server could use this flaw to send an excessively
long session ID value, which would trigger a
buffer overflow in a connecting TLS/SSL client
application using GnuTLS, causing the client
application to crash or, possibly, execute arbitrary
code.
35. Poor randomness
• Math.random() is not good enough
• You can recover the state cross-origin
http://ifsec.blogspot.com/2012/05/cross-domain-
mathrandom-prediction.html
• Instead, use crypto.getRandomValues() in
browsers* and crypto.randomBytes() in node.js.
* IE 11 and greater, poor mobile browser support
37. Poor randomness
• [CVE-2013-4102] Cryptocat uses BOSH for XMPP
transport.
“The session identifier (SID) and initial request
identifier (RID) are security-critical and therefore
MUST be both unpredictable and non-repeating.”
!
!
this.rid = Math.floor(Math.random() * 4294967295);
38. Non-JS randomness fail
Debian OpenSSL fiasco (2006-2008)!
• OpenSSL used uninitialized memory buffers as entropy
sources
• Debian maintainer analyzed OpenSSL with Valgrind, asked
openssl-dev about the warnings. Group said - go ahead,
just remove the calls.
• Only process ID remained in the entropy pool
• ssh-keygen - only 32K possible keys
http://research.swtch.com/openssl
39. Timing side-channels
• Timing differences are measurable
• Attacks are not remote
• same CPU,
• same thread (<iframe>)
• Demonstrated by Eduardo Vela Nava
http://sirdarckcat.blogspot.com/2014/05/matryoshka-web-application-
timing.html
“It is possible to bruteforce an 18 digit number in about 3
minutes on most machines.” (cross-domain!)
40. Timing side-channels
• OpenPGP.js RSA decryption unpadding
!
!
!
!
!
• This needs to be constant time to avoid Bleichenbacher’s attack
http://archiv.infsec.ethz.ch/education/fs08/secsem/
Bleichenbacher98.pdf
/**!
* Decodes a EME-PKCS1-v1_5 padding!
*/!
decode: function(message, len) {!
if (message.length < len)!
message = String.fromCharCode(0) + message; // branching!
if (message.length < 12 || message.charCodeAt(0) !== 0 ||!
message.charCodeAt(1) != 2) // branching!
return -1; // early exit!
var i = 2;!
return message.substring(i + 1, message.length);!
}
41. Timing side-channels
• Similar problem in Java - JSSE (RSA used in TLS)
http://www-brs.ub.ruhr-uni-bochum.de/netahtml/
HSS/Diss/MeyerChristopher/diss.pdf
• [CVE-2012-5081] Different error messages
• [CVE-2014-0411] Timing side-channel - random
numbers were generated only on invalid padding
42. Compiler optimisation
• JS engine is a blackbox. Even correct constant-time code can be
optimised.
http://stackoverflow.com/questions/18476402/how-to-disable-v8s-optimizing-compiler
• Problems are not unique to the web:
!
!
!
• Constant-time algorithm meets timing differences in Intel DIV
instruction
https://www.imperialviolet.org/2013/02/04/luckythirteen.html
// golang.org/src/pkg/crypto/subtle/constant_time.go!
func ConstantTimeByteEq(x, y uint8) int {!
z := ^(x ^ y)!
z &= z >> 4!
z &= z >> 2!
z &= z >> 1!
return int(z)!
}
43. Direct memory access
• Remember Heartbleed?
• Not a crypto vulnerability, but it allowed to bypass
the encryption by just reading memory
• client sends a large payload length + a tiny
payload
• no bounds check in the server
• server replies with leaked memory contents
44. Direct memory access
• Thankfully, JS is a memory-safe language. We have
no buffers to overflow…
45. Direct memory access
• Pwn2Own 2014, Firefox 28, Jüri Aedla
“TypedArrayObject does not handle the case where ArrayBuffer
objects are neutered, setting their length to zero while still in
use. This leads to out-of-bounds reads and writes into the
Javascript heap, allowing for arbitrary code execution.”
https://www.mozilla.org/security/announce/2014/mfsa2014-31.html
• Pwnium 4, Chrome 33, geohot (George Hotz)
https://code.google.com/p/chromium/issues/detail?id=351787
var ab = new ArrayBuffer(SMALL_BUCKET);!
ab.__defineGetter__("byteLength",function(){return 0xFFFFFFFC;});!
var aaa = new Uint32Array(ab);!
// all your base are belong to us
46. Direct memory access
• Browsers are an attack surface as well
• network stack
• HTML parser
• JS engine
• Any URL in any tab can trigger an exploit
47. Browser architecture
• Firefox - single process
http://lwn.net/Articles/576564/
• IE - multiprocess, sandboxed from OS
http://blogs.msdn.com/b/ie/archive/2012/03/14/enhanced-protected-mode.aspx
• Chrome - multiprocess, sandboxed from other tabs
http://www.chromium.org/developers/design-documents/sandbox
48. Malware problem
• Any malware can circumvent native crypto software
as well. Kernels have vulnerabilities too.
• GnuPG was bypassed by the authorities by simply
installing a keylogger.
https://www.gnupg.org/faq/gnupg-faq.html#successful_attacks
• For JS crypto - your browser is the OS. Browser
security = host security
• There is one difference though…
49. Application delivery
• You don’t install websites
• Code delivery and execution is transparent (drive-
by download)
• Huge code execution playground, running code
separated by Same Origin Policy only
• Roughly half of the users use the browser with any
kind of sandbox
50. Is JS crypto doomed?
• Create perfect, XSS-free, constant time JS code
• Ensure server will never be compromised
• Put it in a website, serve over HTTPS
• You’re safe until someone uses:
• a browser exploit
• a Same Origin Policy bypass
• How can we fix this?
52. Browser extension
• Not a plugin (Java, Flash, PDF reader)
• A Javascript application running in privileged execution
environment
• You need to install it
53. Browser extension
• Secure, signed code delivery
• Better separation from websites than just Same
Origin Policy
• Much smaller attack surface
• Process isolation in Chrome
http://www.chromium.org/developers/design-
documents/site-isolation
54. Browser extension
• Not a perfect solution!
• Your API needs to be secure too
• XSS in extension is possible. XSS = native code
execution in Firefox
http://www.slideshare.net/kkotowicz/im-in-ur-browser-pwning-your-stuff-
attacking-with-google-chrome-extensions
• Chrome Extensions can share processes when
limits are hit (use Chrome App to be sure)
55. Recommendations
• Use isolated environment (server side, browser extension)
• Use compilers to force strict typing
• Use CSP to mitigate XSS
• Use constant time operations (as much as you can)
• Protect the exposed functions
• Use request throttling to mitigate side-channel exploitation
56. Open problems
• Timing sidechannels are exploitable and hard to fix
http://sirdarckcat.blogspot.com/2014/05/matryoshka-web-
application-timing.html
• No mlock() equivalent - secrets can be swapped to
disk
• No secure store yet (wait for WebCrypto)
• Extensions silently auto-update
• Lack of full process isolation yet
57. Summary
• JS crypto is way better than it used to be
• A lot of perceived “JS crypto flaws” are present in
other languages as well
• The platform issues are much more difficult to
mitigate
• in-website crypto has too large attack surface
• use extensions only
58. The end
Me:
http://blog.kotowicz.net, @kkotowicz, krzysztof@kotowicz.net
More vulns:
https://cure53.de/pentest-report_mailvelope.pdf
https://cure53.de/pentest-report_openpgpjs.pdf
https://blog.crypto.cat/wp-content/uploads/2012/11/Cryptocat-2-Pentest-Report.pdf
Thanks to people who helped and inspired
(in Math.random() order):
Mario Heiderich, Franz Antesberger, Juraj Somorovsky, Ian
Beer, Ivan Fratric, Eduardo Vela Nava, Thai Duong, Frederic
Braun, Ben Hawkes, Stephan Somogyi, Daniel Bleichenbacher,
Adam Langley, Mathias Biennia