This document outlines the syllabus for a 45 hour network penetration testing course costing INR 35,000. The syllabus covers topics such as Kali Linux basics, the Bash environment, using Netcat and Wireshark, ARP spoofing, buffer overflow exploitation, working with exploits, transferring files, exploit frameworks, client side attacks, port redirection techniques, and password attacks. Tools covered include Kali Linux tools, Metasploit, John the Ripper, Hydra and browser-based tools.
Containerd: Building a Container Supervisor by Michael CrosbyDocker, Inc.
Containerd is a container supervisor that allows users to manage the lifecycle of a container as well as interact with the container while it is executing. Containerd was built to fulfill many of the requirements that we expect from a modern supervisor all while staying small and fast. In this talk, we will discuss some of the design decisions that shaped containerd’s architecture that allows it to reattach to running containers if it was killed and how it is designed to start 100s containers in seconds.
Alex Dias: how to build a docker monitoring solution Outlyer
Alex will be talking about how docker container monitoring was built at Outlyer. He'll be diving into the details behind how you actually monitor everything in such an environment and the challenges that come with it. Namely, how the Docker API, Cgroups, and the Netlink Linux kernel interface can be leveraged to get specific metrics for each container.
Leveraging the Power of containerd Events - Evan HazlettDocker, Inc.
containerd provides the low-level functionality that enables the Docker Engine to run containers. containerd events provide a simple, yet powerful mechanism to integrate with virtually any other system with minimal effort. This talk will cover what containerd events are and how to use them for integration with systems ranging from monitoring and logging to container networking using CNI (Container Network Interface) plugins.
Cloud Native Night June 2019, Munich: Talk by Moritz Kammerer (Software Architect at QAware)
Join our Meetup: www.meetup.com/cloud-native-muc
Abstract: Startup-Zeiten von Containern werden bei elastischer Skalierung in der Cloud immer wichtiger – wer möchte schon 2 Minuten warten, bis eine neue Instanz des Services erscheint? Hier kann der Shooting Star von Java-basierten Microservices, Spring Boot, nicht glänzen. Systembedingt steigt die Startzeit des Containers mit der Menge der Klassen auf dem Classpath. Auch der Speicherverbrauch einer Spring Boot Anwendung ist nicht gerade gering.
Micronaut, erschaffen von den Machern des Grails-Frameworks, behauptet, diese Probleme in den Griff zu bekommen. In dem Talk sehen wir uns an, wie sich Microservices mit Micronaut entwickeln lassen und prüfen, ob es die Versprechen hält.
Bonus: Da Micronaut kaum Reflection verwendet, sollte es sich mit dem GraalVM AOT Compiler in ein natives Image kompilieren lassen. In dem Vortrag werden wir dies ausprobieren und die Performance dieses Native Images messen.
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...Codemotion
We are going to talk about Prometheus and how to use to monitor micro-services "Cloud-Native" application s. We are going to dive deep into the Prometheus monitoring model, we will see what are the components be hind this system and how they integrate with each others to provide an efficient and modern monitoring sy stem. We will also have a glance on Prometheus native integrations for cloud-native environments such as Kubernetes.
Containerd: Building a Container Supervisor by Michael CrosbyDocker, Inc.
Containerd is a container supervisor that allows users to manage the lifecycle of a container as well as interact with the container while it is executing. Containerd was built to fulfill many of the requirements that we expect from a modern supervisor all while staying small and fast. In this talk, we will discuss some of the design decisions that shaped containerd’s architecture that allows it to reattach to running containers if it was killed and how it is designed to start 100s containers in seconds.
Alex Dias: how to build a docker monitoring solution Outlyer
Alex will be talking about how docker container monitoring was built at Outlyer. He'll be diving into the details behind how you actually monitor everything in such an environment and the challenges that come with it. Namely, how the Docker API, Cgroups, and the Netlink Linux kernel interface can be leveraged to get specific metrics for each container.
Leveraging the Power of containerd Events - Evan HazlettDocker, Inc.
containerd provides the low-level functionality that enables the Docker Engine to run containers. containerd events provide a simple, yet powerful mechanism to integrate with virtually any other system with minimal effort. This talk will cover what containerd events are and how to use them for integration with systems ranging from monitoring and logging to container networking using CNI (Container Network Interface) plugins.
Cloud Native Night June 2019, Munich: Talk by Moritz Kammerer (Software Architect at QAware)
Join our Meetup: www.meetup.com/cloud-native-muc
Abstract: Startup-Zeiten von Containern werden bei elastischer Skalierung in der Cloud immer wichtiger – wer möchte schon 2 Minuten warten, bis eine neue Instanz des Services erscheint? Hier kann der Shooting Star von Java-basierten Microservices, Spring Boot, nicht glänzen. Systembedingt steigt die Startzeit des Containers mit der Menge der Klassen auf dem Classpath. Auch der Speicherverbrauch einer Spring Boot Anwendung ist nicht gerade gering.
Micronaut, erschaffen von den Machern des Grails-Frameworks, behauptet, diese Probleme in den Griff zu bekommen. In dem Talk sehen wir uns an, wie sich Microservices mit Micronaut entwickeln lassen und prüfen, ob es die Versprechen hält.
Bonus: Da Micronaut kaum Reflection verwendet, sollte es sich mit dem GraalVM AOT Compiler in ein natives Image kompilieren lassen. In dem Vortrag werden wir dies ausprobieren und die Performance dieses Native Images messen.
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...Codemotion
We are going to talk about Prometheus and how to use to monitor micro-services "Cloud-Native" application s. We are going to dive deep into the Prometheus monitoring model, we will see what are the components be hind this system and how they integrate with each others to provide an efficient and modern monitoring sy stem. We will also have a glance on Prometheus native integrations for cloud-native environments such as Kubernetes.
Docker is definitely one of the hottest technologies at the moment and one that is already dramatically changing the way we build, package and deploy applications. In this session we’ll have a look at how a project got into a quest for containerizing most of their components and services while increasing the value delivered.
This presentation was delivered at Wildcard Conference 2015, on 16th of May 2015 in Riga
Your container secret's safe with me - a review of secret management from some popular orchestrators (and a glimpse into Aqua Security's capabilities for secrets)
Docker Networking in OpenStack: What you need to know nowPLUMgrid
Learn how you bring secure, scalable, available and open software defined networking to Docker containers managed by OpenStack. This session will cover how Docker virtual networks function, how to plumb them into the virtual network fabric and reliably assign information such as IP addresses, virtual interfaces and more. In addition, this session will also cover how to securely wrap Docker containers using security policies and encryption.
Guy Dumais discussed how the Jenkins Configuration as Code plugin can be used in Red Hat OpenShift to create reliable build systems. This was presented at the very first Montreal Jenkins Meetup.
Open Source Summit 2018, Vancouver (Canada): Workshop by Josef Adersberger (@adersberger, CTO at QAware) and Michael Frank (Software Architect at QAware)
Abstract:
Istio service mesh is a thrilling new tech that helps getting a lot of technical stuff out of your microservices (circuit breaking, observability, mutual-TLS, ...) into the infrastructure - for those who are lazy (aka productive) and want to keep their microservices small. Come one, come all to the Istio playground:
(1) We provide an overview of all current Istio features on a YAML and CLI level.
(2) We guide you through the installation of Istio on a local Kubernetes cluster.
(3) We bring a small sample application.
(4) We provide assistance in the case you get stuck ... and it's up to you to explore and tinker with Istio on your own paths and with your own pace.
*** Please find prerequisites and content here: https://github.com/adersberger/istio-playground ***
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Ontico
Testing applications is important, as shows the rise of continuous integration and automated testing. In this talk, I will focus on one area of testing that is difficult to automate: poor network connectivity. Developers usually work within reliable networking conditions so they might not notice issues that arise in other networking conditions. I will give examples of software that would benefit from test scenarios with varying connectivity. I will explain how traffic control on Linux can help to simulate various network connectivity. Finally, I will run a demo showing how an application running in Kubernetes behaves when changing network parameters.
Securing Network Access with Open Source solutionsNick Owen
My presentation from Atlanta Linux Fest on how to allow users secure access to your network using open source technologies. Examples include how to add two-factor authentication to Apache, OpenVPN, Astaro, NX etc.
Kube-proxy is a Kubernetes component responsible to re-conciliate the state of the Service resources. This component can be configured in four different modes: userspace, iptables, IPVS or Kernel space (Windows). In big scales, the IPVS mode offers better performance resulting in an attractive offer. In this session, I'll try to explain the IPVS internals, and how Kubernetes automates the management of services through basic examples.
ZooKeeper - wait free protocol for coordinating processesJulia Proskurnia
ZooKeeper is a service for coordinating processes within distributed systems. Stress test of the tool was applied. Reliable Multicast and Dynamic LogBack system Configuration management were implemented with ZooKeeper.
More details: http://proskurnia.in.ua/wiki/zookeeper_research
LDAP Services are a key component
in companies. The information stored in them
is used for corporate applications. If one of these
applications accepts input from a client and
execute it without first validating it, attackers h
ave the potential to execute their own
queries and thereby extract sensitive information f
rom the LDAP directory. In this paper a
deep analysis of the LDAP injection techniques is p
resented including Blind attacks
The objective of this course material is to demonstrate reverse engineering and malware analysis, malware analysis is very helpful in penetration testing and vulnerability assessment.
Docker is definitely one of the hottest technologies at the moment and one that is already dramatically changing the way we build, package and deploy applications. In this session we’ll have a look at how a project got into a quest for containerizing most of their components and services while increasing the value delivered.
This presentation was delivered at Wildcard Conference 2015, on 16th of May 2015 in Riga
Your container secret's safe with me - a review of secret management from some popular orchestrators (and a glimpse into Aqua Security's capabilities for secrets)
Docker Networking in OpenStack: What you need to know nowPLUMgrid
Learn how you bring secure, scalable, available and open software defined networking to Docker containers managed by OpenStack. This session will cover how Docker virtual networks function, how to plumb them into the virtual network fabric and reliably assign information such as IP addresses, virtual interfaces and more. In addition, this session will also cover how to securely wrap Docker containers using security policies and encryption.
Guy Dumais discussed how the Jenkins Configuration as Code plugin can be used in Red Hat OpenShift to create reliable build systems. This was presented at the very first Montreal Jenkins Meetup.
Open Source Summit 2018, Vancouver (Canada): Workshop by Josef Adersberger (@adersberger, CTO at QAware) and Michael Frank (Software Architect at QAware)
Abstract:
Istio service mesh is a thrilling new tech that helps getting a lot of technical stuff out of your microservices (circuit breaking, observability, mutual-TLS, ...) into the infrastructure - for those who are lazy (aka productive) and want to keep their microservices small. Come one, come all to the Istio playground:
(1) We provide an overview of all current Istio features on a YAML and CLI level.
(2) We guide you through the installation of Istio on a local Kubernetes cluster.
(3) We bring a small sample application.
(4) We provide assistance in the case you get stuck ... and it's up to you to explore and tinker with Istio on your own paths and with your own pace.
*** Please find prerequisites and content here: https://github.com/adersberger/istio-playground ***
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Ontico
Testing applications is important, as shows the rise of continuous integration and automated testing. In this talk, I will focus on one area of testing that is difficult to automate: poor network connectivity. Developers usually work within reliable networking conditions so they might not notice issues that arise in other networking conditions. I will give examples of software that would benefit from test scenarios with varying connectivity. I will explain how traffic control on Linux can help to simulate various network connectivity. Finally, I will run a demo showing how an application running in Kubernetes behaves when changing network parameters.
Securing Network Access with Open Source solutionsNick Owen
My presentation from Atlanta Linux Fest on how to allow users secure access to your network using open source technologies. Examples include how to add two-factor authentication to Apache, OpenVPN, Astaro, NX etc.
Kube-proxy is a Kubernetes component responsible to re-conciliate the state of the Service resources. This component can be configured in four different modes: userspace, iptables, IPVS or Kernel space (Windows). In big scales, the IPVS mode offers better performance resulting in an attractive offer. In this session, I'll try to explain the IPVS internals, and how Kubernetes automates the management of services through basic examples.
ZooKeeper - wait free protocol for coordinating processesJulia Proskurnia
ZooKeeper is a service for coordinating processes within distributed systems. Stress test of the tool was applied. Reliable Multicast and Dynamic LogBack system Configuration management were implemented with ZooKeeper.
More details: http://proskurnia.in.ua/wiki/zookeeper_research
LDAP Services are a key component
in companies. The information stored in them
is used for corporate applications. If one of these
applications accepts input from a client and
execute it without first validating it, attackers h
ave the potential to execute their own
queries and thereby extract sensitive information f
rom the LDAP directory. In this paper a
deep analysis of the LDAP injection techniques is p
resented including Blind attacks
The objective of this course material is to demonstrate reverse engineering and malware analysis, malware analysis is very helpful in penetration testing and vulnerability assessment.
The purpose of this document
is not to show how to use Metasploit tool there are enormous amount of sources available to do that but to show you how to look deeper into the code and try to decipher how the various classes and modules hang
together to produce the various functions we love to use.
In doing so we will learn how the exploit framework could be structured, how the interaction between the
attacker and the exploited vulnerability could be
achieved and how the user can extend the functionality of Metasploit.
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
This topic will cover key concepts in android application security testing by employing a variety of tools and techniques to fasten the testing process.
This was presented at Null Bangalore Chapter (Saturday April 26 2014, 11:00 AM)
Fuzzapi is an API Fuzzer that will help Developers/Pen Testers to fuzz APIs and find few commonly found vulnerabilities. The tool can be integrated into the build pipeline to allow developers to identify vulnerabilities prior to Pen Testing. Also, Pen testers can also use this tool against various APIs during their testing which will allow them to automate few tasks.
Mastering Kubernetes - Basics and Advanced Concepts using Example Projectwajrcs
Kubernetes is one of the most important pillars of modern IT environments. However, working with Kubernetes continues to present companies with challenges - not least due to a rapidly growing ecosystem and complex application scenarios. With the full-day online conference Mastering Kubernetes, you will learn about the latest trends in container orchestration and how to use Kubernetes in practice. You will master the most important tools and techniques of the cloud-native world around Kubernetes!
1. Basic Understanding
2. Installation
3. Basic components
4. Advanced components
5. Example project
#Kubernetes #CloudComputing #Training #CICD #Docker #Networking
Lessons learned and challenges faced while running Kubernetes at ScaleSidhartha Mani
Kubernetes lessons learned from running it at scale in production.
From my talk at Scale 15x in Pasadena CA https://www.socallinuxexpo.org/scale/15x/presentations/orchestrating-orchestrators-challenges-faced-and-lessons-learned-managing
"Wix Serverless from inside", Mykola BorozdinFwdays
There were three Scala developers and a task - drastically improve Wix Node.JS development velocity. They created Wix Serverless, which, indeed, gives you blazingly fast development but does have servers. This talk is about inside cornerstones and the history of the framework, which gives developers the power of all Wix infrastructure in one function and deploys to production in seconds.
I would like to present our CI Provisioning with Openstack solution and how it improved our development. The CI provisioning is meant to replace your static CI env servers to a auto provisioned during your build stage for every commit.
Abstract:
1. CI Flow Quick view
2. Openstack CI integration maven plugin
3. Orchestration using facters
4. Openstack instance queue for faster provisioning
Application construction is great with Ansible, using it for docker helps fight complexity, improves maintainability. And playbooks are portable from docker to cloud.
Why Kubernetes as a container orchestrator is a right choice for running spar...DataWorks Summit
Building and deploying an analytic service on Cloud is a challenge. A bigger challenge is to maintain the service. In a world where users are gravitating towards a model where cluster instances are to be provisioned on the fly, in order for these to be used for analytics or other purposes, and then to have these cluster instances shut down when the jobs get done, the relevance of containers and container orchestration is more important than ever.
Container orchestrators like Kubernetes can be used to deploy and distribute modules quickly, easily, and reliably. The intent of this talk is to share the experience of building such a service and deploying it on a Kubernetes cluster. In this talk, we will discuss all the requirements which an enterprise grade Hadoop/Spark cluster running on containers bring in for a container orchestrator.
This talk will cover in details how Kubernetes orchestrator can be used to meet all our needs of resource management, scheduling, networking, and network isolation, volume management, etc. We will discuss how we have replaced our home grown container orchestrator with Kubernetes which used to manage the container lifecycle and manage resources in accordance to our requirements. We will also discuss the feature list as container orchestrator which is helping us deploy and patch 1000s of containers and also a list which we believe need improvement or can be enhanced in a container orchestrator.
Speaker
Rachit Arora, SSE, IBM
Presentation delivered at LinuxCon China 2017
Real-Time is used for deadline-oriented applications and time-sensitive workloads. Real-Time KVM is the extension of KVM(Linux Kernel-based Virtual Machine) to allow the virtual machines(VM) to be a truly Real-Time operating system.Users sometimes need to run low-latency applications(such as audio/video streaming, highly interactive systems, etc) to meet their requirements in clouds. NFV is a new network concept which uses virtualization and software instead of dedicated network appliances. For some use cases of telecommunications, network latency must be within a certain range of values. Real-Time KVM can help NFV meet this requirements.
In this presentation, Pei Zhang will talk about:
(1)Real-Time KVM introduction
(2)Real-Time cloud building
(3)Real-Time KVM in NFV: VM with openvswitch, dpdk and qemu’s vhostuser
(4)Performance testing results show
1. 1
1BRISK NETWORK PENETRATION TESTER
BRISK NETWORK PENETRATION TESTER
Duration - 45 Hours
Cost - INR 35000/- Only
SYLLABUS:
1. Kali Linux Basics
2. The Bash Environment
3. Netcat the Almighty
4. Using Wireshark
5. ARP Spoofing
6. Buffer Overflow Exploitation
7. Working With Exploits
8. Transferring Files
9. Exploit frameworks
10.Client Side Attacks
11.Port Fun
12.Password Attacks
13. Review
BRISK NETWORK PENETRATION TESTER-SYLLABUS
1. Module 1 - Kali Linux Basics
1.1 Finding your way around Kali Linux
1.1.1 Exercise
1.2 Kali Linux Services
1.2.1 DHCP
1.2.2 Static IP assignment
1.2.3 SSHD
1.2.4 Apache
1.2.5 FTP
1.2.6 TFTPD
1.2.7 VNC Server
1.2.8 Additional Resources
1.2.9 Exercise
2. 2
2BRISK NETWORK PENETRATION TESTER-Syllabus
2. The Bash Environment
2.1 Simple Bash Scripting
2.2 Sample Exercise
2.3 Sample Solution
2.4 Additional Resources
2.5 Exercise
3. Netcat the Almighty
3.1 Connecting to a TCP/UDP port with Netcat
3.2 Listening on a TCP/UDP port with Netcat
3.3 Transferring files with Netcat
34 Remote Administration with Netcat
35 Exercise
4. Using Wireshark
4.1 Peeking at a Sniffer
4.2 Capture and Display filters
4.3 Following TCP Streamsvice Enumeration
4.4 Nmap Scripting Engine
4.5 PBNJ
4.6 Unicornscan
4.7 Exercise
5. Module 5- ARP Spoofing
5.1 The Theory
5.2 Doing it the hard way
5.3 Ettercap
6. Module 6- Buffer Overflow Exploitation
6.1 Looking for Bugs
6.2 Fuzzing
6.3 Exploiting Windows Buffer Overflows
6.3.1 Replicating the Crash
6.3.2 Controlling EIP
6.3.3 Locating Space for our Shellcode
6.3.4 Redirecting the execution flow
6.3.5 Finding a return address
3. 3
3BRISK NETWORK PENETRATION TESTER-Syllabus
6.3.6 Basic shellcode creation
6.3.7 Getting our shell
6.3.8 Exercise
6.4 Exploiting Linux Buffer Overflows
6.4.1 Setting things up
6.4.2 Controlling EIP
6.4.3 Landing the Shell
6.4.4 Avoiding ASLR
7. Module 7- Working With Exploits
7.1 Looking for an exploit on BackTrack
7.2 Looking for exploits on the web
8. Module 8- Transferring Files
8.1 The non interactive shell
8.2 Uploading Files
8.2.1 Using TFTP
8.2.2 Using FTP
8.2.3 Inline Transfers
8.3 Exercise
9. Module 9 – Exploit frameworks
9.1 Metasploit
9.2 Interesting Payloads
9.2.1 Meterpreter Payload
9.2.2 Binary Payloads
9.2.3 Other Framework v3.x features
9.2 Core Impact
10. Module 10- Client Side Attacks
10.1 Client side attacks
10.2 CVE-2009-0927
10.3 MS07-017 – From PoC to Shell
10.4 MS06-001
10.5 Client side exploits in action
10.6 Exercise
11. Module 11- Port Fun
11.1 Port Redirection
11.2 SSL Encapsulation - Stunnel
4. 4
4TOOLS
11.3 HTTP CONNECT Tunneling
11.4 ProxyTunnel
11.5 SSH Tunneling
11.6 What about content inspection?
12. Module 12- Password Attacks
12.1 Online Password Attacks
12.2 Hydra
12.2.1 FTP Bruteforce
12.2.2 POP3 Bruteforce
12.2.3 SNMP Bruteforce
12.2.4 Microsoft VPN Bruteforce
12.2.5 Hydra GTK
12.3 Password profiling
12.3.1 CeWL
12.4 Offline Password Attacks
12.4.1 Windows SAM
12.4.2 Windows Hash Dumping – PWDump / FGDump
12.4.3 John the Ripper
12.4.4 Rainbow Tables
12.4.5 “Windows does WHAT????”
12.4.6 Exercise
12.5 Physical Access Attacks
12.5.1. Resetting Microsoft Windows
12.5.2 Resetting a password on a Domain Controller
12.5.3 Resetting Linux Systems
12.5.4 Resetting a Cisco Device
TOOLS
Kali Linux tools
Browser based tools