BREAKING SMART [BANK] STATEMENTS
Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
This document discusses strategies for reducing DNS data leakage and protecting online privacy. It begins with an introduction and overview of topics to be covered, including why DNS data is important from a privacy perspective, common DNS privacy exploits, insecure DNS resolution processes, and solutions for anonymizing DNS data like DNS over HTTPS and DNS over TLS. The document provides details on how DNS data can be tracked and leaked, as well as tools and techniques for analyzing DNS traffic and protecting privacy, including public secure resolvers, browser-based protections, VPNs, and running one's own recursive resolver. It concludes with taking privacy to varying degrees and balancing privacy with usability.
ANALYZE'15 - Bulk Malware Analysis at ScaleJohn Bambenek
This document discusses extracting malware configurations at scale. It describes the large number of new malware samples seen daily and challenges with keeping up through traditional analysis methods. The author proposes automating extraction of configurations from remote access trojans (RATs) to more efficiently gather intelligence. Tools are introduced that can statically extract configurations from over 30 RAT types. A system is designed to intake large volumes of samples, use these tools to extract configurations, and output the data to a database for further analysis. The goal is to gain more insight into actors through common configuration elements like command and control domains even as they change tools.
Andrew Morris introduced GreyNoise, a system that collects and analyzes internet-wide scan and attack traffic to identify background noise. GreyNoise provides a free web interface and API to query its database using the GreyNoise Query Language (GNQL) to determine if activity is widespread or targeted. This helps identify actual threats by filtering out common background traffic. Future plans include an "Analyze" tool and alerts to notify users about their own networks' activity.
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
Validating potential incidents or indicators of compromise (IOCs) in today’s fast paced environment can be somewhat overwhelming and difficult. Sometimes a team does not believe they have all of the tools and resources to quickly and accurately identify, verify, and rectify a potential indicator in their environment in time. Sometimes these investigations are performed yet may leave out valuable key pieces of data that would benefit the prevention or hardening against future similar attacks. Everyone wants the expensive and shiny tool that vendors offer, but sometimes budgets do not always allow teams access to the latest and greatest, and honestly, not all tools are equal. Relying on one piece of data for IOC validation is a bad idea, even if that resource is the best in the industry. The approach is to use not only the tools you have, but to augment them with existing open source tools that will enrich your investigation, provide accuracy, and supplement your ability to quickly and accurately respond to valid threats in order to increase your security team’s effectiveness. The purpose of this presentation will be to walk users through the value of Open Source Intel and how to use the tools available effectively to help research and identify potential issues during an incident response engagement.
Introduction to Web Application Security - Blackhoodie US 2018Niranjanaa Ragupathy
This document provides an introduction to web application security. It outlines common web attacks like cross-site request forgery (CSRF), cross-site scripting (XSS), SQL injection, and others. The document discusses how attackers view web applications and objectives for understanding how to exploit vulnerabilities. It also covers important web concepts like HTTP methods and headers, cookies, DOM, CORS, and the same-origin policy. The document is presented by three security engineers and provides an agenda for two days of training on web application security testing.
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
This document discusses strategies for reducing DNS data leakage and protecting online privacy. It begins with an introduction and overview of topics to be covered, including why DNS data is important from a privacy perspective, common DNS privacy exploits, insecure DNS resolution processes, and solutions for anonymizing DNS data like DNS over HTTPS and DNS over TLS. The document provides details on how DNS data can be tracked and leaked, as well as tools and techniques for analyzing DNS traffic and protecting privacy, including public secure resolvers, browser-based protections, VPNs, and running one's own recursive resolver. It concludes with taking privacy to varying degrees and balancing privacy with usability.
ANALYZE'15 - Bulk Malware Analysis at ScaleJohn Bambenek
This document discusses extracting malware configurations at scale. It describes the large number of new malware samples seen daily and challenges with keeping up through traditional analysis methods. The author proposes automating extraction of configurations from remote access trojans (RATs) to more efficiently gather intelligence. Tools are introduced that can statically extract configurations from over 30 RAT types. A system is designed to intake large volumes of samples, use these tools to extract configurations, and output the data to a database for further analysis. The goal is to gain more insight into actors through common configuration elements like command and control domains even as they change tools.
Andrew Morris introduced GreyNoise, a system that collects and analyzes internet-wide scan and attack traffic to identify background noise. GreyNoise provides a free web interface and API to query its database using the GreyNoise Query Language (GNQL) to determine if activity is widespread or targeted. This helps identify actual threats by filtering out common background traffic. Future plans include an "Analyze" tool and alerts to notify users about their own networks' activity.
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
Utilizing OSINT in Threat Analytics and Incident ResponseChristopher Beiring
Validating potential incidents or indicators of compromise (IOCs) in today’s fast paced environment can be somewhat overwhelming and difficult. Sometimes a team does not believe they have all of the tools and resources to quickly and accurately identify, verify, and rectify a potential indicator in their environment in time. Sometimes these investigations are performed yet may leave out valuable key pieces of data that would benefit the prevention or hardening against future similar attacks. Everyone wants the expensive and shiny tool that vendors offer, but sometimes budgets do not always allow teams access to the latest and greatest, and honestly, not all tools are equal. Relying on one piece of data for IOC validation is a bad idea, even if that resource is the best in the industry. The approach is to use not only the tools you have, but to augment them with existing open source tools that will enrich your investigation, provide accuracy, and supplement your ability to quickly and accurately respond to valid threats in order to increase your security team’s effectiveness. The purpose of this presentation will be to walk users through the value of Open Source Intel and how to use the tools available effectively to help research and identify potential issues during an incident response engagement.
Introduction to Web Application Security - Blackhoodie US 2018Niranjanaa Ragupathy
This document provides an introduction to web application security. It outlines common web attacks like cross-site request forgery (CSRF), cross-site scripting (XSS), SQL injection, and others. The document discusses how attackers view web applications and objectives for understanding how to exploit vulnerabilities. It also covers important web concepts like HTTP methods and headers, cookies, DOM, CORS, and the same-origin policy. The document is presented by three security engineers and provides an agenda for two days of training on web application security testing.
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
This document summarizes how to track threat actors on a budget by setting up honeypots to monitor attacks. It describes tracking a group in China that spreads malware via SSH passwords. Samples of the group's malware were analyzed, revealing DNS servers and routers as targets for DDoS attacks. The communication protocol was reversed to identify targets in real-time. This provided insights into the group's operations and infrastructure to block.
When your job is to act as a malicious attacker on a daily basis for the good of helping organizations, you can’t help but wonder “What if I decided to embrace the evil within?” What if one day I woke up evil? Every day as a pentester, I compromise organizations through a variety of ways. If I were to wake up one day and decide to completely throw my ethics out the window, how profitable could I be, and could I avoid getting caught?
In this talk I will walk through a detailed methodology about how I personally would go about exploiting organizations for fun and profit, this time not under the “white hat.” Non-attribution, target acquisition, exploitation, and profitization will be the focal points. Blue teamers will get a peek into the mindset of a dedicated attacker. Red teamers will learn a few new techniques for their attack methodologies.
Assessing a pen tester: Making the right choice when choosing a third party P...Jason Broz, CIPP/US
Penetration Testing has become a part of every security program to some degree over the last several years. Additionally, many standards and regulations require them for compliance as do contractual obligations and pen testing is a well-known best practice for the IT security industry. One of the main issues with Penetration Testing is that very few entities have the knowledge, resources or time to address this in-house. As a result, this task is often outsourced to a third party, who employ “white-hat” hackers with the supposed expertise to complete the task in order to meet business and regulatory needs.
The question is “How do you tell the difference between a seasoned group of pen-testing professionals and a low-rent firm whose simply handing over the reports from a canned tool?” In this presentation, Jason Broz and Tom Eston from SecureState will address the following issues:
• Pitfalls of pen-testing clients
• Games that some firms may play
• What to look for in a quality pen test firm
• Provide the audience with a checklist of questions to ask when choosing a pen-test firm.
Monkey-Spider is a low-interaction honeyclient crawler that analyzes websites for malicious content. It uses existing open source software like Heritrix for crawling and ClamAV for malware scanning. The tool was created to build a database of internet threats through broad, automated analysis of millions of websites. Preliminary results from Monkey-Spider crawls found that 1% of sites contained malware, with most infections found on pirate and wallpaper sites. Future work may include detecting advanced evasion techniques used by malware and exploiting client programs beyond web browsers.
John Bambenek discusses tracking exploit kits by monitoring their infrastructure and operations. He explains that by disrupting entire exploit kit ecosystems, more can be done than taking down individual malware operators. Bambenek describes how exploit kits work and outlines strategies for gathering intelligence on exploit kits, such as decoding landing pages, using PCREs to find new sites, and leveraging resources like Bing's malicious URL feed to collect potential targets for dynamic analysis. The goal is to develop intelligence that can be used to disrupt the operations of exploit kit operators and affiliates.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
The document discusses cybersecurity risks and how developers can help address them. It notes that cybercriminals target developers because they have privileged access and knowledge of systems. Developers are often too trusting and ignore security, installing software without checking for malware or disabling certificate validation. The talk urges developers to take security more seriously by keeping systems updated, using strong authentication, and being wary of suspicious network connections and downloads from untrusted sources. Developers must help address the growing problem of cybercrime by promoting secure development best practices.
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
ARE YOUR CLOUD SERVERS UNDER ATTACK
For this presentation, I built out a test lab in AWS and allowed someone to hack the servers. I will talk about what we saw when we opened RDP to the internet, what the hackers did once they got in, and someone trying to kick me off my own servers.
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.
Capture the flag (CTF) exercises and events continue to increase in popularity providing essential training and skills development for defenders on blue teams and attackers on red teams. Jeopardy style or attack-defense CTF cyber exercises enable experienced participants and novices to work side by side on teams developing communication, time management and problem solving skills in a safe environment with ground rules and prizes for winners. Defending blue teams often dread the embarrassment of being attacked and compromised until modern deception defenses arrived. Deception defenses mimic a real environment with decoys and breadcrumbs creating an unknown mine field for attackers to detect their activity and movements giving defending blue teams a new advantage.
This document provides an overview of how open-source intelligence (OSINT) techniques can be used both offensively and defensively. It discusses tools like Shodan, Maltego, Google searches, and malware sandboxes that can be leveraged to gather technical information about targets, infrastructure, and indicators of compromise. The document also emphasizes the importance of automation and privacy when conducting OSINT research to enhance attacks or strengthen defenses.
TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go.
Putting too much trust in security products alone can be the downfall of an organization. In the 2015 BSides Tampa talk “Pentest Apocalypse” Beau discussed 10 different pentesting techniques that allow attackers to easily compromise an organization. These techniques still work for many organizations but occasionally more advanced tactics and techniques are required. This talk will continue where “Pentest Apocalypse” left off and demonstrate a number of red team techniques that organizations need to be aware of in order to prevent a “Red Team Apocalypse” as described in the tabletop scenario above.
This document discusses navigating the security landscape for websites. It provides an overview of common content management systems (CMS) like Drupal and WordPress, noting that most websites use a CMS but many are outdated and vulnerable. It also discusses the challenges of patching vulnerabilities and outlines the typical phases of an attack (reconnaissance, identification, exploitation, sustainment, compromise, cleanup). Throughout it emphasizes the importance of vulnerability management and security controls to reduce the attack surface and detect/prevent compromises.
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
This document discusses network security and cryptography. It begins by defining network security principles like confidentiality, integrity and availability. It then describes common network security attacks such as man-in-the-middle attacks, denial-of-service attacks, password attacks and social engineering. The document introduces cryptography as a way to provide secure communications and explains cryptographic techniques like encryption, hashing, and digital signatures. It discusses symmetric and asymmetric encryption standards and their applications to secure communications and protecting stored data. The document emphasizes the importance of security updates, firewalls, intrusion detection systems and having expertise in cyber security.
This document discusses using Twitter and Python for open-source intelligence (OSINT) gathering. It provides an overview of Twitter concepts and the Twitter API. It also demonstrates how to use the Python library Tweepy to access Twitter data and analyze tweets. Specific analyses demonstrated include visualizing hashtags, retweets, replies and interactions over time. The goal is to gather intelligence on individuals, groups, topics and markets from public Twitter data.
This document discusses security concepts and risks. It begins by defining what security is not, such as something that can be bolted on or outsourced. It then covers security principles like defense in depth, and risks to confidentiality, integrity and availability. Specific attacks like SQL injection and XSS are mentioned. Throughout, it emphasizes that all companies face risks and stresses the importance of prioritizing security as even small businesses can be targets.
This document discusses cryptography in blockchain. It begins by introducing blockchain and cryptography separately. It then defines important cryptography terminology like encryption, decryption, cipher, and key. It describes the main types of cryptography as symmetric-key, asymmetric-key, and hash functions. It explains how blockchain uses asymmetric-key algorithms and hash functions. Hash functions are used to link blocks and maintain integrity. Cryptography provides benefits like the avalanche effect and uniqueness to blockchain. Finally, it discusses an application of cryptography in cryptocurrency, where public-private key pairs maintain user addresses and digital signatures approve transactions.
The document discusses cryptographic systems and symmetric cryptography. It defines cryptographic systems as methods for hiding data so only certain people can view it. Symmetric cryptography, also called secret key cryptography, uses a single key for both encryption and decryption. Common symmetric algorithms discussed include AES, DES, Triple DES, RC4, Blowfish and Twofish.
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
This document summarizes how to track threat actors on a budget by setting up honeypots to monitor attacks. It describes tracking a group in China that spreads malware via SSH passwords. Samples of the group's malware were analyzed, revealing DNS servers and routers as targets for DDoS attacks. The communication protocol was reversed to identify targets in real-time. This provided insights into the group's operations and infrastructure to block.
When your job is to act as a malicious attacker on a daily basis for the good of helping organizations, you can’t help but wonder “What if I decided to embrace the evil within?” What if one day I woke up evil? Every day as a pentester, I compromise organizations through a variety of ways. If I were to wake up one day and decide to completely throw my ethics out the window, how profitable could I be, and could I avoid getting caught?
In this talk I will walk through a detailed methodology about how I personally would go about exploiting organizations for fun and profit, this time not under the “white hat.” Non-attribution, target acquisition, exploitation, and profitization will be the focal points. Blue teamers will get a peek into the mindset of a dedicated attacker. Red teamers will learn a few new techniques for their attack methodologies.
Assessing a pen tester: Making the right choice when choosing a third party P...Jason Broz, CIPP/US
Penetration Testing has become a part of every security program to some degree over the last several years. Additionally, many standards and regulations require them for compliance as do contractual obligations and pen testing is a well-known best practice for the IT security industry. One of the main issues with Penetration Testing is that very few entities have the knowledge, resources or time to address this in-house. As a result, this task is often outsourced to a third party, who employ “white-hat” hackers with the supposed expertise to complete the task in order to meet business and regulatory needs.
The question is “How do you tell the difference between a seasoned group of pen-testing professionals and a low-rent firm whose simply handing over the reports from a canned tool?” In this presentation, Jason Broz and Tom Eston from SecureState will address the following issues:
• Pitfalls of pen-testing clients
• Games that some firms may play
• What to look for in a quality pen test firm
• Provide the audience with a checklist of questions to ask when choosing a pen-test firm.
Monkey-Spider is a low-interaction honeyclient crawler that analyzes websites for malicious content. It uses existing open source software like Heritrix for crawling and ClamAV for malware scanning. The tool was created to build a database of internet threats through broad, automated analysis of millions of websites. Preliminary results from Monkey-Spider crawls found that 1% of sites contained malware, with most infections found on pirate and wallpaper sites. Future work may include detecting advanced evasion techniques used by malware and exploiting client programs beyond web browsers.
John Bambenek discusses tracking exploit kits by monitoring their infrastructure and operations. He explains that by disrupting entire exploit kit ecosystems, more can be done than taking down individual malware operators. Bambenek describes how exploit kits work and outlines strategies for gathering intelligence on exploit kits, such as decoding landing pages, using PCREs to find new sites, and leveraging resources like Bing's malicious URL feed to collect potential targets for dynamic analysis. The goal is to develop intelligence that can be used to disrupt the operations of exploit kit operators and affiliates.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
The document discusses cybersecurity risks and how developers can help address them. It notes that cybercriminals target developers because they have privileged access and knowledge of systems. Developers are often too trusting and ignore security, installing software without checking for malware or disabling certificate validation. The talk urges developers to take security more seriously by keeping systems updated, using strong authentication, and being wary of suspicious network connections and downloads from untrusted sources. Developers must help address the growing problem of cybercrime by promoting secure development best practices.
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
ARE YOUR CLOUD SERVERS UNDER ATTACK
For this presentation, I built out a test lab in AWS and allowed someone to hack the servers. I will talk about what we saw when we opened RDP to the internet, what the hackers did once they got in, and someone trying to kick me off my own servers.
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.
Capture the flag (CTF) exercises and events continue to increase in popularity providing essential training and skills development for defenders on blue teams and attackers on red teams. Jeopardy style or attack-defense CTF cyber exercises enable experienced participants and novices to work side by side on teams developing communication, time management and problem solving skills in a safe environment with ground rules and prizes for winners. Defending blue teams often dread the embarrassment of being attacked and compromised until modern deception defenses arrived. Deception defenses mimic a real environment with decoys and breadcrumbs creating an unknown mine field for attackers to detect their activity and movements giving defending blue teams a new advantage.
This document provides an overview of how open-source intelligence (OSINT) techniques can be used both offensively and defensively. It discusses tools like Shodan, Maltego, Google searches, and malware sandboxes that can be leveraged to gather technical information about targets, infrastructure, and indicators of compromise. The document also emphasizes the importance of automation and privacy when conducting OSINT research to enhance attacks or strengthen defenses.
TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go.
Putting too much trust in security products alone can be the downfall of an organization. In the 2015 BSides Tampa talk “Pentest Apocalypse” Beau discussed 10 different pentesting techniques that allow attackers to easily compromise an organization. These techniques still work for many organizations but occasionally more advanced tactics and techniques are required. This talk will continue where “Pentest Apocalypse” left off and demonstrate a number of red team techniques that organizations need to be aware of in order to prevent a “Red Team Apocalypse” as described in the tabletop scenario above.
This document discusses navigating the security landscape for websites. It provides an overview of common content management systems (CMS) like Drupal and WordPress, noting that most websites use a CMS but many are outdated and vulnerable. It also discusses the challenges of patching vulnerabilities and outlines the typical phases of an attack (reconnaissance, identification, exploitation, sustainment, compromise, cleanup). Throughout it emphasizes the importance of vulnerability management and security controls to reduce the attack surface and detect/prevent compromises.
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
This document discusses network security and cryptography. It begins by defining network security principles like confidentiality, integrity and availability. It then describes common network security attacks such as man-in-the-middle attacks, denial-of-service attacks, password attacks and social engineering. The document introduces cryptography as a way to provide secure communications and explains cryptographic techniques like encryption, hashing, and digital signatures. It discusses symmetric and asymmetric encryption standards and their applications to secure communications and protecting stored data. The document emphasizes the importance of security updates, firewalls, intrusion detection systems and having expertise in cyber security.
This document discusses using Twitter and Python for open-source intelligence (OSINT) gathering. It provides an overview of Twitter concepts and the Twitter API. It also demonstrates how to use the Python library Tweepy to access Twitter data and analyze tweets. Specific analyses demonstrated include visualizing hashtags, retweets, replies and interactions over time. The goal is to gather intelligence on individuals, groups, topics and markets from public Twitter data.
This document discusses security concepts and risks. It begins by defining what security is not, such as something that can be bolted on or outsourced. It then covers security principles like defense in depth, and risks to confidentiality, integrity and availability. Specific attacks like SQL injection and XSS are mentioned. Throughout, it emphasizes that all companies face risks and stresses the importance of prioritizing security as even small businesses can be targets.
This document discusses cryptography in blockchain. It begins by introducing blockchain and cryptography separately. It then defines important cryptography terminology like encryption, decryption, cipher, and key. It describes the main types of cryptography as symmetric-key, asymmetric-key, and hash functions. It explains how blockchain uses asymmetric-key algorithms and hash functions. Hash functions are used to link blocks and maintain integrity. Cryptography provides benefits like the avalanche effect and uniqueness to blockchain. Finally, it discusses an application of cryptography in cryptocurrency, where public-private key pairs maintain user addresses and digital signatures approve transactions.
The document discusses cryptographic systems and symmetric cryptography. It defines cryptographic systems as methods for hiding data so only certain people can view it. Symmetric cryptography, also called secret key cryptography, uses a single key for both encryption and decryption. Common symmetric algorithms discussed include AES, DES, Triple DES, RC4, Blowfish and Twofish.
The document discusses various methods for encrypting and authenticating data in PHP, including:
1. Encrypting data with md5() hash functions, the MCrypt package, and file-based authentication.
2. MCrypt supports two-way encryption algorithms like DES and allows encrypting and decrypting data.
3. File-based authentication parses a text file into an array to authenticate users by comparing hashed passwords.
This document outlines Mark Mager's presentation on cryptanalysis of ransomware. The presentation covers the typical execution flow of ransomware, including key generation, file encryption, and leaving ransom notes. It then discusses the cryptanalysis workflow of performing dynamic and reverse engineering analysis. Specific ransomware examples are walked through, including Powerware, Nemucod, TorrentLocker, and Apocalypse. Common issues seen in ransomware crypto implementations are highlighted. The document concludes that cryptanalysis is an iterative process of testing theories and developing proofs of concept to decrypt files.
Symmetric Cipher Model,BruteForce attack, Cryptanalysis,Advantages of Symmetric cryptosystem,Model of conventional Encryption, model of conventional cryptosystem,Cryptography,Ciphertext,Plaintext,Decryption algorithm,Diadvantages of Symmetric Cryptosystem,Types of attacks on encrypted messages,Average time required for exhaustive key search
Iaetsd enhanced cryptography algorithm for providingIaetsd Iaetsd
This paper proposes a new symmetric key cryptography algorithm based on block cipher concepts. The algorithm uses logical operations like XOR and shift operations to encrypt plaintext blocks. A random key is generated and divided into four blocks to encrypt the plaintext. The encrypted ciphertext blocks are then decrypted using the same key. An example is provided to demonstrate encrypting and decrypting a 128-bit plaintext using the proposed algorithm. The algorithm aims to provide secure encryption of data through increasing the complexity of breaking the encryption without knowing the exact random key.
Rspamd is a spam filtering system that is:
- Written in C for performance and uses an event-driven model to process messages asynchronously for scalability.
- Capable of detecting spam through a variety of filtering methods like policies, DNS lists, headers, text patterns, and machine learning.
- Integrates with mail transfer agents using plugins to modify or reject messages based on spam detection.
This presentation covers common cryptographic attacks, secure cryptographic implementation requirements, an overview of FIPS 140-2 and secure crypto implementation guidelines
Message authentication and hash functionomarShiekh1
The document discusses message authentication and hash functions. It covers security requirements including integrity, authentication and non-repudiation. It describes different authentication functions such as message encryption, message authentication codes (MACs), and hash functions. It provides examples of how hash functions work and evaluates the security of hash functions and MACs against brute force and cryptanalytic attacks.
Cryptography for Penetration Testers (PDF version)ceng
This document provides an overview of cryptography techniques that can be used by penetration testers to identify and analyze cryptographic data in web applications. It begins with an introduction to common block cipher modes like ECB and CBC and stream ciphers. It then discusses analysis techniques penetration testers can use to determine if data is encrypted, like checking for randomness, observing characteristics like block sizes, and performing stimulus-response testing. The document concludes with two case studies, the first illustrating an application using an insecure ECB block cipher mode.
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Updated 11-22-17 12:15 PM
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
Malware utilize many cryptographic algorithms.
To fight against malware, analysts have to reveal details on malware activities.
Accordingly, it is important to identify cryptographic algorithms used in malware.
In this track, I propose a faster and extensible method to automatically detect known cryptographic algorithms in malware using dynamic binary instrumentation and fuzzy hashing.
This document provides an introduction and overview of information system security. It covers topics such as security attacks, services, and mechanisms. The document is divided into multiple units that cover encryption techniques like the Data Encryption Standard (DES) and advanced topics such as public key cryptosystems, hash functions, and IP security. DES encryption is explained in detail, covering aspects like its history, design, encryption process, key generation, decryption, and strengths/limitations. Feistel ciphers and their design principles are also summarized.
The document discusses authenticated encryption and the ASC-1 authenticated encryption stream cipher. It describes how authenticated encryption provides both confidentiality and authenticity. Generic composition methods for combining encryption and authentication are analyzed, but are not very efficient. ASC-1 performs encryption and authentication in a single pass using leak extraction from intermediate cipher rounds. Bits are leaked and XORed with the plaintext to generate the ciphertext. ASC-1 specification and decryption/encryption processes are also outlined.
This presentation contains the basics of cryptography. I have developed this presentation as a course material of Cryptography during my honors final year examination
This document provides an overview of cryptographic algorithms and their uses. It begins with symmetric encryption, which uses a single secret key to encrypt and decrypt data, providing confidentiality. The most common symmetric algorithms are the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES), which are block ciphers that encrypt data in fixed-size blocks. It also discusses stream ciphers, which encrypt data one element at a time. The document then covers secure hash functions, public-key encryption, digital signatures, and key management before concluding with an example application of encrypting stored data.
Similar to Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader (20)
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
Learn how to find peace and happiness within you and around you amidst chaos and understanding how the mind-body-energy connection plays a crucial role in the world of Cyber. Mental health and wellness can be the difference between a Cyber professional and a criminal.
Cloud Security Architecture - a different approachEC-Council
Whether people admit or not, everyone is moving to the cloud and all future business will run somewhere on the internet. Moving to the cloud requires different set of architecture and mindset. Data is stored, accessed and processed on different platforms and devices. Employees are working anywhere from the world, corporate data is no more under company IT custody. CISOs and CIOs need to think differently and set new Cloud Security Architecture. This session will try to draw the main areas of concern from Security perspective while moving to the cloud.
This webinar is primarily intended for those that are in need of an informational overview on how to respond to information security incidents or have a responsibility for doing so. It will also assist with your preparation for a Computer Security Incident Handling certification.
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
The document discusses weaponizing open-source intelligence (OSINT) and outlines potential passive attack paths an attacker could take using only publicly available information. It describes how attackers could profile targets using personal details from social media, pastebins, medical records, business cards, news articles, and other open sources. The document also provides recommendations for prevention, including assessing one's digital footprint and value to attackers, using privacy tools, updating social media settings, and spreading disinformation to obscure true personal details and locations that could be leveraged in attacks.
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
HACKING YOUR CAREER
Learn how to take charge of your future and ring success out of every opportunity. I had some hard lessons on my way to becoming the CISO of a billion dollar company and now you can benefit from those experiences. In this candid conversation, you will learn the secrets to kicking your career’s ass.
HACKING DIVERSITY
We talk a lot about why diversity is important and we are all familiar with the woeful inclusion stats. In this talk we will discuss why diversity is important from both the perspective of an organization’s bottom line and the individual contributor.
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
The document provides an overview of cloud proxy technology and cyber security. It discusses how proxies work by terminating connections between users and servers and inspecting transmitted objects. The document then shares several "real world" examples of how proxies can detect and prevent phishing attempts, malware infections, and other cyber threats by analyzing URLs, file downloads, and network traffic patterns. It emphasizes the importance of threat intelligence and how proxies use global intelligence networks to identify and block malicious activity in real-time.
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
THE $750 BILLION VEHICLE DATA GOLD RUSH – PIRATES AHOY!
Vehicle data may be worth $750b by 2030. Problem: vehicle security, privacy, and user awareness of risks are inadequate. Andrea Amico will share some exploits including his “CarsBlues” which exposes people’s personal data, affects 22 makes, and is still a 0-Day for tens of millions of vehicles.
War Game: Ransomware – Global CISO Forum 2019EC-Council
This document describes a tabletop exercise to simulate responding to a ransomware attack. It provides examples of recent ransomware attacks against various organizations, including municipalities and healthcare and private companies. These resulted in ransoms demanded from $51,000 to $600,000 and costs of recovery and lost operations from $17 million to companies having to cease operations. The exercise involves forming an incident response team and working through simulated ransomware attacks, assessing damage, determining payment and recovery options, developing alternative communications, and deciding whether to pay a ransom demand.
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
Behold the powers of behavioral alchemy! Are you ready to unleash 4 "Trojan Horses for the Mind" that will change the way you communicate forever? How about a magic wand that will help manifest secure behaviors and shape culture? Attend this session and harness the power.
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
Present your risk assessments to your board of directors in the language they understand - financial loss. "FAIR" or "Factor Analysis of Information Risk" is the quantitative risk analysis methodology that works with common frameworks while adding context for truly effective risk management.
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
ALEXA IS A SNITCH!
You’re not paranoid, your voice assistant is listening. And what’s worse, Alexa is stitching on you! What is she hearing? Where is she sending it? And is there anything we can do to stop her?!
Join me as we discuss the current state of security around voice assistants. And how to silence them.
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementEC-Council
A man was discovered murdered on a street late at night. Police were called to the scene and began their investigation. They found limited clues but saw footage of a potential suspect. Detectives then used big data analytics to identify individuals near the crime scene around the time of the murder. This led them to three male suspects. Further investigation of these suspects focused on building profiles of their patterns of life in hopes of identifying the killer.
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...EC-Council
This document provides guidance on effective communication when delivering bad news or security incidents to various stakeholders. It discusses targeting communications to different audience levels, including end users, middle management, and C-level executives. For each group, it suggests focusing on the relevant impact and providing information in a concise, judicious, and empathetic manner. The document also emphasizes the importance of non-verbal communication and body language awareness to ensure the intended message is properly conveyed.
Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats"EC-Council
The document discusses the National Cybersecurity Communications Integration Center (NCCIC) and its efforts to address cyber threats through partnerships. The NCCIC coordinates incident response, shares indicators and malware samples, and works with federal agencies, private industry, and state/local governments. It aims to reduce cybersecurity risks and build capacity through information sharing and analysis.
Global CCISO Forum 2018 | Sharon Smith "Don't Panic"EC-Council
Sharon Smith is a security consultant and coach specializing in leadership development. The document outlines her presentation on improving security through leadership and culture. The presentation covers communicating with business stakeholders to gain support for security, identifying leadership actions that drive a secure culture, and discussing security as a competitive advantage. The goal is to determine the values, attitudes, and beliefs that create secure behaviors and influence a culture of security.
Global CCISO Forum 2018 | AI vs Malware 2018EC-Council
This document provides a high-level overview of an AI-based malware detection system. The system uses a multilayer perceptron neural network with over 5 billion nodes that analyzes files and extracts features to determine if files are malicious or clean. It continuously trains and improves itself by processing large volumes of known malware and benign files. The system also has a separate process for introducing new unknown malware samples in a controlled way to generate new features without disrupting the existing network.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
3. Agenda
Context
Analysis of the file
Analysis of JavaScript
RC4
Demo
Analysis after fix
Conclusions
Q & A
01
02
03
04
05
06
07
08
4. Whoami
• Work
• Security Researcher at Trustwave SpiderLabs.
• Previously worked in the offensive side of security (Ethical Hacking).
• Before that he worked on the defensive side of security.
• Extra
• Web attacks, DDoS
• Dogs, tacos
• Twitter: @AgoraSecurity
6. Disclosure Timeline
• Disclosure to SLR Intelligence: March 21, 2018
• SLR Intelligence contacted the vendor: March 22, 2018
• Vendor responded: April 30, 2018
• Vendor (responsible.disclosure@citi.com) confirms fix: July 19,
2018
7. Context – Who?
• CitiBanamex
• One of the largest Banks in Mexico (3rd biggest bank1 in Mexico).
• Part of Citigroup (one of the biggest groups in the world).
1. https://www.forbes.com.mx/los-10-bancos-mas-grandes-de-mexico/
8. • In Mexico, it’s possible to receive
your monthly bank statement via
email.
• Mexico's banking and securities
regulator (CNBV) says that security
mechanisms must be applied to
the bank statement to avoid an
unauthorized third party.2
2. Titulo Quinto --> Capítulo X --> Sección Segunda --> Artículo 313
http://www.cnbv.gob.mx/Normatividad/Disposiciones%20de%20carácter%20general%20aplicables%20a%20las%20instituciones%20de%20crédito.pdf
Context – Bank Statement via email
9. • CitiBanamex send two types of Bank Statements:
1. Encrypted PDF. Used for most accounts.
2. Smart Statements. Send only3 to Credit Cards of the type “Tarjetas Oro,
Prestige y Beyond Citibanamex”.
• Fun Fact: They have a FAQ page4 for the Smart Statement.
• Question 3 (translated):
• 3. Is my Smart Statement safe?
• The Smart Statement has the highest security protocols worldwide, which is
why it is just as safe as your PDF Account Statement.
3. Information from 2018
4. https://www.banamex.com/citialert/smartstatement/resources/faqs.pdf?lid=MX%7Ces%7Cpersonas%7Cbanca-digital%7Cestado-de-cuenta-TextoBottom-04102017-
Information-irFAQsSmartStatement-ES-ES
Context – CitiBanamex Bank Statement via email
14. What does the HTML contain?
• The HTML is around 2.3 – 3 MB.
– Contains lots of JavaScript (around 93%).
– Some CSS (around 6%).
– Some HTML (around 1%).
15. What is happening?
• First impression: Security via obscurity and some type of
encryption:
• Analysis of the HTML
17. JS Analysis #1
• It has 31 JavaScript functions and a lot of variables.
– Some are very similar: hexCrypt0, hexCrypt1, hexCrypt2, etc.
– One is particularly interesting: validatePswd
• After some beautify of the JS and following the logic, here’s a simple
diagram of what’s happening:
User submits
password
SHA1 of the
password is
obtained
(hashTypedPswd)
Second SHA1
hash is obtained
and compared
against
‘validatePswd’
If they are equal,
decrypt the
message.
Note: Use the first hash as the
key:
`desenc(hashTypedPswd)`
18. • The ‘desenc’ function is quite
simple:
− Calls one functions 30 times (push the
result to an array).
− Replace the window with the content of the
array.
• What does the function decrypt
do?
JS Analysis #2
19. • The ‘decrypt’ function is:• Looks like RC4.
• RC4 is a stream cipher.
− It has more than 20 years.
− It’s not considered a strong encryption
algorithm.
• Line 18 is different (they are not
adding +1).
• They are using the same key
(remember previous slide)!
JS Analysis #3
21. RC4 – What is it?
• RC4. Rivest Cipher 4 also known
as ARC4.
• Was initially a trade secret.
• Is a stream cipher.
• Extra: Listen CRYPTO WARS
(DARKNET DIARIES) Source: Wikipedia.
https://en.wikipedia.org/wiki/RC4
22. RC4 – Overview #1
• A stream cipher is a symmetric key cipher where plaintext digits
are combined with a pseudorandom cipher digit stream
(keystream), RC4 is a stream cipher.
• For RC4, the keystream is independent of the plaintext
(Synchronous stream cipher).
23. • The algorithm does 2
main things:
• Key Scheduling
algorithm (KSA)
• PRGA: XOR the plaintext
(get the encrypted text)
and keep generating
the keystream
www.hackerhalted.com 23
RC4 – Overview #2
PRGA
algorithm
(keystream)
Plaintext
Encrypted
text
Key
RC4 KSA
Algorithm
Input for
PGRA
24. • The KSA does:
1. Initialize an array (s) with all
values from 0 to 255.
2. Scramble array using key.
• Output is an array that will be
used to generate the keystream.
www.hackerhalted.com 24
RC4 – Overview #3
1
2
25. • For every element of
the plaintext, the PRGA:
• Gets the next element
of the keystream
• XOR the plaintext with
the keystream
www.hackerhalted.com 25
RC4 – Overview #4
26. • To sum up RC4:
• The keystream is generated
using the key.
• You will always have the same
keystream if you use the same
key.
• The plaintext XOR the
keystream = the encrypted
message.
www.hackerhalted.com 26
RC4 – Overview #5
27. RC4 – Security
• There are some attacks on the algorithm, but they are not very simple.
• You should never use the same key to encrypt more than one message
in a stream cipher.
• The same key is used to encrypt 30 different messages.
• The desired output is always an HTML and we can do a Known-plaintext
attack.
28. Breaking RC4 – Known-plaintext attack # 1
• For each bit:
𝐶 = 𝑍 ⊕ 𝑀
• Which is equal to:
𝑍 = 𝐶 ⊕ 𝑀
C = Encrypted Text
Z = Keystream
M = Plain Text Message
29. • We have the Encrypted Message and it is split in ~30 variables [for
our convenience].
• Could we obtain the Keystream?
• Could we obtain the complete plain text?
Breaking RC4 – Known-plaintext attack # 2
30. • Decrypted HTML:
− Looks like it’s going to be the same for every
Bank Statement.
− HTML normal headers & comments.
− jQuery
Breaking RC4 – Known-plaintext attack # 3
31. • Could we obtain the Keystream?
Keystream = Cipher Text1 ⊕ Plain Text1
• Could we obtain the complete plain text?
Plain Textn = Cipher Textn ⊕ Keystream
Breaking RC4 – Known-plaintext attack # 2
32. • Idea behind the exploit:
1
2
3
Breaking RC4 – Exploit
1. Use plain text we know (first ~3% of the HTML).
2. Obtain the keystream.
3. Decrypt the message using the keystream.
35. Possible Fixes
• There are many possible solutions, some ideas are:
• Don’t send the bank statement to the user via email (ask to login for download).
• Don’t reuse the same key in a stream cipher.
• This is, join the variables or use an IV.
• Use an algorithm that is considered safe.
• Could you think of other?
41. Conclusion
• It’s a good idea to have a security review before rolling out a new product.
• Hire specialists if needed.
• Always use cryptography algorithms that are considered safe.
• Never roll your own cryptography algorithms (nor implement them differently).
• Never use the same key more than once in a stream cipher.
• If possible, have a simple, safe & clear way of communicating security issues to your organization.
• Blog: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/breaking-smart-bank-
statements/