Cracking Into Embedded Devices - Hack in The Box Dubai 2008
•
0 likes•768 views
This document discusses GNUCITIZEN, a UK-based think tank and ethical hacker outfit led by Adrian Pastor. The organization conducts research on compromising embedded devices and other systems through remote exploits. Their goal is to draw attention to security issues in these commonly overlooked areas and encourage more public research to improve defenses.
Report
Share
Report
Share
Download to read offline
Recommended
Attacking Embedded Devices (No Axe Required)
This document discusses attacking embedded systems and analyzing firmware. It begins by explaining why embedded system vulnerabilities are important, as these devices often have weak security and are on critical network paths. It then covers techniques for detecting devices, including active scanning with Nmap and Nessus. Firmware analysis methods like strings, hexdump and grep are presented for initial examination. The document introduces tools for extracting filesystems from firmware and analyzing file contents. It emphasizes that emulation with Qemu allows debugging binaries from extracted firmware.
Practical Security Assessments of
IoT Devices and Systems
This talk briefly discusses strategies and methodologies than can be employed when assessing IoT devices. We look at how to develop credible threat scenarios for different IoT device and systems, perform static and dynamic attack surface mapping, perform static firmware analysis, perform static hardware analysis, undertake a dynamic device security analysis, sources of supporting information, supporting capability requirements and establishment, Execution of dynamic device analysis and approaches around network protocol analysis.
Ransomware - what is it, how to protect against it
This document provides biographical information about the author and discusses various topics related to ransomware, including notable ransomware families, encryption methods, prevention and recovery strategies. The author describes themselves as the creator of several hacking tools and concepts later adopted by cybercriminals. The document offers advice on ransomware prevention both for home and enterprise users, including tips on backups, application control, and making systems appear like a malware analyst's to avoid targeting.
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. This talk will look at the history of embedded device insecurity. We’ll explore some real-world example of how devices are exploited (and attackers profited). You will also learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
IoT security is a nightmare. But what is the real risk?
1) IoT security is a major issue as many devices have poor security and will never receive patches. This leaves them vulnerable to attacks over the internet or through home networks.
2) There are many risks even for devices that are behind routers or firewalls due to issues like UPnP, IPv6, cloud connections, and protocol tunneling that can bypass network protections.
3) Home users should take steps like disconnecting devices when not in use, changing passwords, filtering incoming connections, and monitoring their network to improve their security, but there are no complete solutions given flaws in IoT design and updates.
How to hide your browser 0-days
This document describes a new technique called "IRONSQUIRREL" for encrypting browser exploits during delivery to prevent their analysis and leakage. It uses elliptic curve Diffie-Hellman key exchange to encrypt the exploit code between the server and client browser. This makes the exploit non-replayable and difficult for reverse engineers to analyze from network traffic alone. The document provides details on how IRONSQUIRREL works and recommendations to further obstruct analysis through techniques like one-time URLs, anti-debugging, and obfuscation.
The Internet of Insecure Things: 10 Most Wanted List
The document discusses security issues with internet-connected embedded devices, known as the "Internet of Things". It outlines several vulnerabilities that have already been exploited, including devices being used to mine cryptocurrency or launch DDoS attacks without owner permission. Specific examples are given of vulnerabilities in D-Link routers, including backdoors, default credentials, buffer overflows and cross-site request forgery issues that can allow full device compromise. The document argues that many other device types like medical equipment and industrial controls face similar insecurity risks if not properly secured.
Making and breaking security in embedded devices
This document discusses security issues in embedded devices and techniques for analyzing and attacking them. It covers identifying debug ports, sniffing communication protocols like SPI and I2C, analyzing radio signals with software-defined radios, extracting firmware from flash memory, analyzing code for vulnerabilities, and defending against such attacks. A variety of open-source tools are recommended for reverse engineering tasks like bus pirate, hackRF, binwalk, and JTAGulator.
Recommended
Attacking Embedded Devices (No Axe Required)
This document discusses attacking embedded systems and analyzing firmware. It begins by explaining why embedded system vulnerabilities are important, as these devices often have weak security and are on critical network paths. It then covers techniques for detecting devices, including active scanning with Nmap and Nessus. Firmware analysis methods like strings, hexdump and grep are presented for initial examination. The document introduces tools for extracting filesystems from firmware and analyzing file contents. It emphasizes that emulation with Qemu allows debugging binaries from extracted firmware.
Practical Security Assessments of
IoT Devices and Systems
This talk briefly discusses strategies and methodologies than can be employed when assessing IoT devices. We look at how to develop credible threat scenarios for different IoT device and systems, perform static and dynamic attack surface mapping, perform static firmware analysis, perform static hardware analysis, undertake a dynamic device security analysis, sources of supporting information, supporting capability requirements and establishment, Execution of dynamic device analysis and approaches around network protocol analysis.
Ransomware - what is it, how to protect against it
This document provides biographical information about the author and discusses various topics related to ransomware, including notable ransomware families, encryption methods, prevention and recovery strategies. The author describes themselves as the creator of several hacking tools and concepts later adopted by cybercriminals. The document offers advice on ransomware prevention both for home and enterprise users, including tips on backups, application control, and making systems appear like a malware analyst's to avoid targeting.
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. This talk will look at the history of embedded device insecurity. We’ll explore some real-world example of how devices are exploited (and attackers profited). You will also learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
IoT security is a nightmare. But what is the real risk?
1) IoT security is a major issue as many devices have poor security and will never receive patches. This leaves them vulnerable to attacks over the internet or through home networks.
2) There are many risks even for devices that are behind routers or firewalls due to issues like UPnP, IPv6, cloud connections, and protocol tunneling that can bypass network protections.
3) Home users should take steps like disconnecting devices when not in use, changing passwords, filtering incoming connections, and monitoring their network to improve their security, but there are no complete solutions given flaws in IoT design and updates.
How to hide your browser 0-days
This document describes a new technique called "IRONSQUIRREL" for encrypting browser exploits during delivery to prevent their analysis and leakage. It uses elliptic curve Diffie-Hellman key exchange to encrypt the exploit code between the server and client browser. This makes the exploit non-replayable and difficult for reverse engineers to analyze from network traffic alone. The document provides details on how IRONSQUIRREL works and recommendations to further obstruct analysis through techniques like one-time URLs, anti-debugging, and obfuscation.
The Internet of Insecure Things: 10 Most Wanted List
The document discusses security issues with internet-connected embedded devices, known as the "Internet of Things". It outlines several vulnerabilities that have already been exploited, including devices being used to mine cryptocurrency or launch DDoS attacks without owner permission. Specific examples are given of vulnerabilities in D-Link routers, including backdoors, default credentials, buffer overflows and cross-site request forgery issues that can allow full device compromise. The document argues that many other device types like medical equipment and industrial controls face similar insecurity risks if not properly secured.
Making and breaking security in embedded devices
This document discusses security issues in embedded devices and techniques for analyzing and attacking them. It covers identifying debug ports, sniffing communication protocols like SPI and I2C, analyzing radio signals with software-defined radios, extracting firmware from flash memory, analyzing code for vulnerabilities, and defending against such attacks. A variety of open-source tools are recommended for reverse engineering tasks like bus pirate, hackRF, binwalk, and JTAGulator.
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
This document discusses supply chain security considerations. It provides an overview of issues that can affect technology integration and approaches to mitigate risks. Examples are given of past supply chain attacks on autonomous vehicles, IoT devices, and software. The supply chain is defined as the network of vendors and components used to deliver a product or service. Threats include compromised hardware, software, tools and facilities. Detecting issues can be difficult due to the distributed nature of supply chains. Defenses include things like signing, monitoring, and designing with the assumption that some components may be compromised. The document emphasizes that supply chain attacks are increasingly common and that organizations should have response plans in place.
Enterprise Forensics 101
This document provides an overview of enterprise forensics from Mona Arkhipova of QIWI. It discusses common use cases for enterprise forensics including internal incidents, external incidents, and fraud investigations. It then outlines the steps of a typical live response including collecting system details, network information, processes, logs and disk/memory images. Specific collection for Linux and Windows systems is also covered. Forensic toolkits for both operating systems are listed and carving techniques are discussed for deep diving non-volatile evidence through timelines, file filtering and malware analysis. The document concludes with an overview of QIWI's forensic lab and tools used as well as considerations for reporting.
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.
In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.
Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).
Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.
Fingerprinting and Attacking a Healthcare Infrastructure
The document discusses fingerprinting and attacking healthcare institutions. It notes that healthcare is an easy target due to less security maturity compared to other industries. It provides information on how to fingerprint electronic medical record (EMR) systems, medical devices, and other systems commonly found in hospitals. Specific techniques are presented for searching online databases to find healthcare systems and EMRs. The document also discusses attacks on the HL7 protocol commonly used in medical devices.
Offence oriented Defence
This document discusses common defensive strategies and how attackers bypass them. It notes that while best practices like passwords, patching, and anti-virus are important, they also introduce commonalities that attackers learn to exploit. The document recommends that defenders study attack techniques to prioritize risks and design defenses that differentiate from standard approaches in order to limit widespread exploitation.
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
Ведущий: Маттео Беккаро (Matteo Beccaro)
Доклад посвящен общим вопросам транспортной безопасности, мошенничества и технологических сбоев и будет интересен как профессиональным пентестерам, так и любителям. Докладчик рассмотрит несколько серьезных уязвимостей в реальных транспортных системах, в которых используется технология NFC, и продемонстрирует открытое приложение для тестирования таких систем со смартфона.
Heartbleed Overview
This document summarizes the Heartbleed vulnerability that was announced in April 2014. It allowed attackers to read portions of a server's memory and extract private keys and user cookies. The vulnerability was in OpenSSL and affected many major companies. It was possible due to a buffer over-read in the OpenSSL implementation of the TLS Heartbeat Extension. While initially many were vulnerable, within a month most major sites and services had patched the vulnerability. The event highlighted issues with OpenSSL's code quality and maintenance and increased funding to address these issues. It also demonstrated the need for rapid patching of 0-day vulnerabilities and the importance of defense in depth strategies.
Defcon 22-tim-mcguffin-one-man-shop
The document outlines how to build an effective security program with limited resources as a one-person shop. It discusses establishing people and processes, designing a secure network architecture by dividing the network into zones and applying security controls at boundaries, securing system design through least privilege and centralized logging, performing continuous monitoring through vulnerability scanning and log analysis, obtaining external validation through auditing and penetration testing, and ensuring compliance through following security best practices and frameworks. The overall goal is to prioritize security based on risks through people-focused automation and standardization of processes.
Gone in a flash pdf
Flash memory operates differently than traditional magnetic storage due to its internal structure and organization. Overwriting files is not sufficient to erase data from flash drives as the flash controller redistributes data across blocks to balance wear. Hardware encryption provides little additional security if the accessing computer is compromised, while software encryption exposes keys. Thorough physical destruction of the flash die is required to prevent determined attackers from recovering data, as the internal structure of flash chips allows access even if the package is damaged.
Hacker tool talk: kismet
This document summarizes a presentation given by Chris Hammond-Thrasher on the wireless security tool Kismet. The presentation covers setting up a wireless security lab, an overview of Kismet including its features and history. It also demonstrates how to install and use Kismet, including passively monitoring wireless networks and cracking WEP keys. The document encourages attendees to use Kismet to audit their own and nearby wireless networks to check for security issues and ways to improve configuration.
IOT Exploitation
This document provides an overview of exploiting insecure IoT firmware. It begins with an introduction to IoT protocols like CoAP, MQTT, XMPP, and AMQP. It then discusses the OWASP top 10 security risks for IoT, focusing on insecure software/firmware. Common debugging interfaces for firmware like UART, JTAG, SPI, and I2C are explained. Operating systems and compilers used for IoT development are listed. Finally, the document outlines a methodology for exploiting insecure firmware, including getting the firmware, performing reconnaissance, unpacking, localizing points of interest, and then decompiling, compiling, tweaking, fuzzing, or pentesting the firmware. Tools mentioned include binwalk, firmwalk
2014: Mid-Year Threat Review
Our researcher Aryeh Goretsky took a look at some of the more interesting pieces of malware and threats that have occurred over the first six months of the year 2014. And what a year it has been, with some serious new developments as well as persistence of numerous older threats.
Kochetova+osipv atm how_to_make_the_fraud__final
This document summarizes various attack techniques that can be used to compromise ATMs, including physical access, hardware attacks, software exploits, and network attacks. It describes how ATM components like card readers, cash dispensers, and communication protocols can be targeted. The document also warns that people and processes, like lazy ATM administrators and lack of security updates, contribute to vulnerabilities. It advocates that security requires an ongoing process rather than a single solution.
Rat a-tat-tat
A presentation by Jeremy du Bruyn of SensePost at ZaCon V in 2013 in Johannesburg on his research into applying pentester techniques to bonnet C2s.
Lets talk about bug hunting
- The speaker is known as 'isox', a web penetration tester and CISO who will discuss strategies for finding and reporting security vulnerabilities as part of a bug bounty program.
- They describe disparate hacking groups as "hungry nomads" using common techniques to attack targets, like a "castle with gold" that offers payments for successful attacks.
- The speaker analyzes vulnerabilities like weak authentication, lack of input validation, and failure to properly secure APIs. They emphasize automating testing and sharing knowledge rather than relying on public exploits.
- Overall, the discussion encourages an ethical approach to vulnerability research for commercial bug bounty programs. The speaker advocates thoroughly investigating targets, creatively developing custom test cases,
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
A robot, a ninja and a pirate get into a fight. The question is: who wins? While we can debate this question until the end of time, likely have fun in the process; it’s a waste of time. Who are the robots, ninjas and pirates in your environment? What roles do they play in the vulnerability management process? We debate how to build a vulnerability management program all the time, however we are still spinning our wheels. Unlike the robot, ninja, pirate battle, there are concrete facts that will help you build a successful program, and avoid smoke bombs, swords, and robot death rays. Who wins? Find out in this presentation and learn how to protect your booty.
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat Security Conference
Gunter Ollmann, Microsoft
As reverse engineering tools and hacking techniques have improved over the years, software engineers have been forced to bury their secrets deeper down the stack – securing keys and intellectual property first in software, then drivers, on to custom firmware and microcode, and eventually as etchings on the very silicon itself.
For the hackers involved, the skills and tooling needed to extract and monetize these secrets come with ever increasing hurdles and cost. Yet, seemingly as a corollary to Moore’s Law, each year the cost of the tooling drops by half, while access (and desire) doubles. Today, with access to multi-million dollar semiconductor labs that can be rented for as little as $200 per hour, skilled adversaries can physically extract the most prized secrets from the integrated circuits (IC) directly.
Understanding your adversary lies at the crux of every defensive strategy. This session reviews the current generation of tools and techniques used by professional hacking entities to extract the magic numbers, proprietary algorithms, and WORN (Write Once, Read Never) secrets from the chips themselves.
As a generation of bug hunters begin to use such tools to extract the microcode and etched algorithms from the IC’s, we’re about to face new classes of bug and vulnerabilities – lying in (possibly) ancient code – that probably can’t be “patched”. How will we secure secrets going forward? Owning windows 8 with human interface devices
This document discusses using human interface devices like the Teensy microcontroller in penetration tests against Windows 8 systems. It introduces the Kautilya toolkit for programming Teensy payloads and demonstrates attacks against Windows 8 by connecting the Teensy and executing payloads with the privileges of the logged-in user. Limitations of this technique include storage limits on Teensy and an inability to read responses or clear itself after running. Defenses include disabling removable devices or locking USB ports.
CheckPoint: Anatomy of an evolving bot
The document discusses various techniques used by malware and botnets to evade detection. It describes how malware authors bypass traditional detection methods through obfuscation, packing, encryption, and avoiding static or dynamic analysis. It also outlines potential solutions to these challenges such as using rootkits to subvert analysis machines, tapping into browsers to detect obfuscated code, and monitoring unusual process enumeration. The challenges of polymorphic malware generating numerous variants is also covered.
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
This document discusses journeys to cloud native architectures and provides principles for success. It begins with an overview of the cloud native dream from a business perspective, aiming for faster time to market and scalability. However, common issues that can arise include tackling too much too quickly, relying on a surface-level understanding, using ineffective tools and processes, and not anticipating failure. The document concludes with principles for a successful cloud native journey: don't take on too much too quickly, acquire sufficient expertise, choose tools wisely, engage security, and plan for failure through active testing of sad paths.
More Related Content
What's hot
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
This document discusses supply chain security considerations. It provides an overview of issues that can affect technology integration and approaches to mitigate risks. Examples are given of past supply chain attacks on autonomous vehicles, IoT devices, and software. The supply chain is defined as the network of vendors and components used to deliver a product or service. Threats include compromised hardware, software, tools and facilities. Detecting issues can be difficult due to the distributed nature of supply chains. Defenses include things like signing, monitoring, and designing with the assumption that some components may be compromised. The document emphasizes that supply chain attacks are increasingly common and that organizations should have response plans in place.
Enterprise Forensics 101
This document provides an overview of enterprise forensics from Mona Arkhipova of QIWI. It discusses common use cases for enterprise forensics including internal incidents, external incidents, and fraud investigations. It then outlines the steps of a typical live response including collecting system details, network information, processes, logs and disk/memory images. Specific collection for Linux and Windows systems is also covered. Forensic toolkits for both operating systems are listed and carving techniques are discussed for deep diving non-volatile evidence through timelines, file filtering and malware analysis. The document concludes with an overview of QIWI's forensic lab and tools used as well as considerations for reporting.
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.
In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.
Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).
Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.
Fingerprinting and Attacking a Healthcare Infrastructure
The document discusses fingerprinting and attacking healthcare institutions. It notes that healthcare is an easy target due to less security maturity compared to other industries. It provides information on how to fingerprint electronic medical record (EMR) systems, medical devices, and other systems commonly found in hospitals. Specific techniques are presented for searching online databases to find healthcare systems and EMRs. The document also discusses attacks on the HL7 protocol commonly used in medical devices.
Offence oriented Defence
This document discusses common defensive strategies and how attackers bypass them. It notes that while best practices like passwords, patching, and anti-virus are important, they also introduce commonalities that attackers learn to exploit. The document recommends that defenders study attack techniques to prioritize risks and design defenses that differentiate from standard approaches in order to limit widespread exploitation.
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
Ведущий: Маттео Беккаро (Matteo Beccaro)
Доклад посвящен общим вопросам транспортной безопасности, мошенничества и технологических сбоев и будет интересен как профессиональным пентестерам, так и любителям. Докладчик рассмотрит несколько серьезных уязвимостей в реальных транспортных системах, в которых используется технология NFC, и продемонстрирует открытое приложение для тестирования таких систем со смартфона.
Heartbleed Overview
This document summarizes the Heartbleed vulnerability that was announced in April 2014. It allowed attackers to read portions of a server's memory and extract private keys and user cookies. The vulnerability was in OpenSSL and affected many major companies. It was possible due to a buffer over-read in the OpenSSL implementation of the TLS Heartbeat Extension. While initially many were vulnerable, within a month most major sites and services had patched the vulnerability. The event highlighted issues with OpenSSL's code quality and maintenance and increased funding to address these issues. It also demonstrated the need for rapid patching of 0-day vulnerabilities and the importance of defense in depth strategies.
Defcon 22-tim-mcguffin-one-man-shop
The document outlines how to build an effective security program with limited resources as a one-person shop. It discusses establishing people and processes, designing a secure network architecture by dividing the network into zones and applying security controls at boundaries, securing system design through least privilege and centralized logging, performing continuous monitoring through vulnerability scanning and log analysis, obtaining external validation through auditing and penetration testing, and ensuring compliance through following security best practices and frameworks. The overall goal is to prioritize security based on risks through people-focused automation and standardization of processes.
Gone in a flash pdf
Flash memory operates differently than traditional magnetic storage due to its internal structure and organization. Overwriting files is not sufficient to erase data from flash drives as the flash controller redistributes data across blocks to balance wear. Hardware encryption provides little additional security if the accessing computer is compromised, while software encryption exposes keys. Thorough physical destruction of the flash die is required to prevent determined attackers from recovering data, as the internal structure of flash chips allows access even if the package is damaged.
Hacker tool talk: kismet
This document summarizes a presentation given by Chris Hammond-Thrasher on the wireless security tool Kismet. The presentation covers setting up a wireless security lab, an overview of Kismet including its features and history. It also demonstrates how to install and use Kismet, including passively monitoring wireless networks and cracking WEP keys. The document encourages attendees to use Kismet to audit their own and nearby wireless networks to check for security issues and ways to improve configuration.
IOT Exploitation
This document provides an overview of exploiting insecure IoT firmware. It begins with an introduction to IoT protocols like CoAP, MQTT, XMPP, and AMQP. It then discusses the OWASP top 10 security risks for IoT, focusing on insecure software/firmware. Common debugging interfaces for firmware like UART, JTAG, SPI, and I2C are explained. Operating systems and compilers used for IoT development are listed. Finally, the document outlines a methodology for exploiting insecure firmware, including getting the firmware, performing reconnaissance, unpacking, localizing points of interest, and then decompiling, compiling, tweaking, fuzzing, or pentesting the firmware. Tools mentioned include binwalk, firmwalk
2014: Mid-Year Threat Review
Our researcher Aryeh Goretsky took a look at some of the more interesting pieces of malware and threats that have occurred over the first six months of the year 2014. And what a year it has been, with some serious new developments as well as persistence of numerous older threats.
Kochetova+osipv atm how_to_make_the_fraud__final
This document summarizes various attack techniques that can be used to compromise ATMs, including physical access, hardware attacks, software exploits, and network attacks. It describes how ATM components like card readers, cash dispensers, and communication protocols can be targeted. The document also warns that people and processes, like lazy ATM administrators and lack of security updates, contribute to vulnerabilities. It advocates that security requires an ongoing process rather than a single solution.
Rat a-tat-tat
A presentation by Jeremy du Bruyn of SensePost at ZaCon V in 2013 in Johannesburg on his research into applying pentester techniques to bonnet C2s.
Lets talk about bug hunting
- The speaker is known as 'isox', a web penetration tester and CISO who will discuss strategies for finding and reporting security vulnerabilities as part of a bug bounty program.
- They describe disparate hacking groups as "hungry nomads" using common techniques to attack targets, like a "castle with gold" that offers payments for successful attacks.
- The speaker analyzes vulnerabilities like weak authentication, lack of input validation, and failure to properly secure APIs. They emphasize automating testing and sharing knowledge rather than relying on public exploits.
- Overall, the discussion encourages an ethical approach to vulnerability research for commercial bug bounty programs. The speaker advocates thoroughly investigating targets, creatively developing custom test cases,
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
A robot, a ninja and a pirate get into a fight. The question is: who wins? While we can debate this question until the end of time, likely have fun in the process; it’s a waste of time. Who are the robots, ninjas and pirates in your environment? What roles do they play in the vulnerability management process? We debate how to build a vulnerability management program all the time, however we are still spinning our wheels. Unlike the robot, ninja, pirate battle, there are concrete facts that will help you build a successful program, and avoid smoke bombs, swords, and robot death rays. Who wins? Find out in this presentation and learn how to protect your booty.
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat Security Conference
Gunter Ollmann, Microsoft
As reverse engineering tools and hacking techniques have improved over the years, software engineers have been forced to bury their secrets deeper down the stack – securing keys and intellectual property first in software, then drivers, on to custom firmware and microcode, and eventually as etchings on the very silicon itself.
For the hackers involved, the skills and tooling needed to extract and monetize these secrets come with ever increasing hurdles and cost. Yet, seemingly as a corollary to Moore’s Law, each year the cost of the tooling drops by half, while access (and desire) doubles. Today, with access to multi-million dollar semiconductor labs that can be rented for as little as $200 per hour, skilled adversaries can physically extract the most prized secrets from the integrated circuits (IC) directly.
Understanding your adversary lies at the crux of every defensive strategy. This session reviews the current generation of tools and techniques used by professional hacking entities to extract the magic numbers, proprietary algorithms, and WORN (Write Once, Read Never) secrets from the chips themselves.
As a generation of bug hunters begin to use such tools to extract the microcode and etched algorithms from the IC’s, we’re about to face new classes of bug and vulnerabilities – lying in (possibly) ancient code – that probably can’t be “patched”. How will we secure secrets going forward? What's hot (19)
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
Fingerprinting and Attacking a Healthcare Infrastructure
Fingerprinting and Attacking a Healthcare Infrastructure
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
Similar to Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Owning windows 8 with human interface devices
This document discusses using human interface devices like the Teensy microcontroller in penetration tests against Windows 8 systems. It introduces the Kautilya toolkit for programming Teensy payloads and demonstrates attacks against Windows 8 by connecting the Teensy and executing payloads with the privileges of the logged-in user. Limitations of this technique include storage limits on Teensy and an inability to read responses or clear itself after running. Defenses include disabling removable devices or locking USB ports.
CheckPoint: Anatomy of an evolving bot
The document discusses various techniques used by malware and botnets to evade detection. It describes how malware authors bypass traditional detection methods through obfuscation, packing, encryption, and avoiding static or dynamic analysis. It also outlines potential solutions to these challenges such as using rootkits to subvert analysis machines, tapping into browsers to detect obfuscated code, and monitoring unusual process enumeration. The challenges of polymorphic malware generating numerous variants is also covered.
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
This document discusses journeys to cloud native architectures and provides principles for success. It begins with an overview of the cloud native dream from a business perspective, aiming for faster time to market and scalability. However, common issues that can arise include tackling too much too quickly, relying on a surface-level understanding, using ineffective tools and processes, and not anticipating failure. The document concludes with principles for a successful cloud native journey: don't take on too much too quickly, acquire sufficient expertise, choose tools wisely, engage security, and plan for failure through active testing of sad paths.
Give Me Three Things: Anti-Virus Bypass Made Easy
The document discusses three common issues that allow attackers to be successful even with simple techniques: 1) a focus on novel attacks instead of basics, 2) reliance on blacklist-based antivirus, and 3) an oversimplified view of users as "dumb" rather than recognizing sophisticated social engineering. It argues organizations should instead focus on detecting attacker impact, moving away from blacklist security, and implementing controls and user training to limit damage from mistakes or successful attacks.
Journeys To Cloud Native Architecture: Sun, Sea And Emergencies - Nicki Watt
For many businesses looking to embrace modern business practices, deliver and scale faster, adopting a Cloud Native mindset and architecture makes sense. In this talk Nicki Watt, from OpenCredo, will explore the realities of making that journey for a number of clients. Far from being a smooth journey to the promised land, during this talk you will also learn about the numerous detours, bumps and challenges encountered along the way. Microservices, Kubernetes, Success, but also Bandages and Crutches; This talk is for you if you want to gain some pragmatic insight into what is entailed with such endeavours.
Sandbox detection:
leak, abuse, test - Hacktivity 2015
This document discusses techniques for detecting and evading malware analysis sandboxes. It begins by outlining common sandbox detection methods like checking screen resolution, installed software, CPU/system information, and network settings. It then discusses challenges like simulating sleep functions and network connections. The document emphasizes that while evading analysis is possible, manual review remains difficult to defeat. It concludes by advising blue teams to thoroughly test sandboxes and customize them to their environment before purchasing.
Keynote at the Cyber Security Summit Prague 2015
- The document discusses a major hack that showed existing security tools and next-generation tools have limitations and can be bypassed. It notes how easily malware can detect sandboxes and analyzes new attack surfaces like the Internet of Things. It advocates for building defenses in key "hot zones" like endpoints, networks, data in transit, and cloud infrastructure. It provides best practices around gaining situational awareness, operational excellence, and deploying appropriate countermeasures. The overall message is that security must be a strategic priority requiring budget, skills, vigilance and alliance between security and IT teams.
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
When you work with a lot of companies scrutinizing their security, you get to see some amazing things. One of the joys of being a commercial security consultant working for big name firms, is that you get to see a lot of innovation and interesting approaches to common problems.
However, as great as this is, the discrete projects you work on are usually a small representation of the overall company. When you look at the company in its entirety, a familiar pattern of weakness begins to reveal itself. While some companies are obviously better than others, the majority of companies are actually weak in remarkably similar ways.
My work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won’t just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won’t directly attack your PCI relevant systems to get to customer credit card data. They won’t limit their attacks to those purely against your IT infrastructure. Instead – they’ll look at your entire company, and they will play dirty.
In this session, I’ll focus on the things that plague us all (well most of us), and I’ll offer some simple advice for how to try and tackle each of these areas:
– Weaknesses in Physical Security
– Susceptibility to Phishing
– Vulnerability Management Immaturity
– Weaknesses in Authentication
– Poor Network Segmentation
– Loose Data Access Control
– Terrible Host / Network Visibility
– Unwise Procurement & Security Spending DecisionsCeh v8 labs module 03 scanning networks
Vulnerability scanning evaluates an organization's systems and network to identify vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. The document discusses using the Advanced IP Scanner tool to perform a network scan on a target Windows Server 2008 system from a Windows 8 attacker system to check for live systems, open ports, and gather information about computers on the local network. It provides instructions on launching Advanced IP Scanner, entering an IP address range to scan, and viewing the scan results.
[Workshop] Analyzing Your Deliverables: Developing the Optimal Documentation ...
Presented by Nicki Bleiel at Documentation and Training LIfe Sciences, June 23-26, 2008 in Indianapolis.
Documentation deliverables have evolved beyond manuals and online help in recent years, and with the emergence of Web 2.0, things are changing faster than ever. Technical communicators have many more options to enhance the user experience, and developing many of them provide the opportunity to work with other departments to find a more holistic approach to content development and delivery. But there is no one-size-fits-all set of solutions. This workshop will review the types of analysis you need to do to determine which deliverables are right for your project, your customer, and your company.
Other factors that can’t be ignored, such as translation needs, staff/time constraints, file size limitations, corporate image and control, and proprietary concerns will also be discussed, including:
Analyzing the Product
* Intended audience; delivery method (desktop, web application, etc.); competitor offerings; software development methodology. The UI as part of the Help system. Product Management expectations.
Identifying User Wants and Needs
* Preferences and expectations for information; work environment; knowledge and experience levels.
Ascertaining Internal Needs and Opportunities
* Working with Training, Support, and Marketing to reduce duplication and provide the user with consistent, useful information.
* Finding ways to incorporate information from other departments to improve documentation.
Accessing Deliverable Options
* What is the optimum mix for the product?
* The traditional: online help, manuals, embedded help, job aids, forums, web sites, technical support knowledgebases.
* Emerging trends: wikis, blogs, RSS feeds, software demonstrations, podcasts, and other collaborative tools. They can supplement and/or enhance the traditional. Or, they may be a better fit for internal knowledge management or marketing use.
Optimizing the Library
* Single-sourcing; best practices for structuring information; continuous publishing
Analyzing Your Deliverables: Developing the Optimal Documentation Library
Presented Nicki Bleiel at Documentation and Training Life Sciences, June 23-26, 2008 in Indianapolis.
Documentation deliverables have evolved beyond manuals and online help in recent years, and with the emergence of Web 2.0, things are changing faster than ever. Technical communicators have many more options to enhance the user experience, and developing many of them provide the opportunity to work with other departments to find a more holistic approach to content development and delivery. But there is no one-size-fits-all set of solutions. This workshop will review the types of analysis you need to do to determine which deliverables are right for your project, your customer, and your company. Product analysis, user expectations and needs, internal needs, deliverable options, and optimizing your library will all be discussed; as well as translation needs, staff/time constraints, file size limitations, corporate image and control, and proprietary concerns.
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
The document summarizes Multnomah County's adoption and use of Drupal over 3.5 years to build out their digital presence. It highlights that they launched 5 key sites including their public website and intranet, as well as an apps platform. It then discusses some of the requirements for supporting 15 Drupal sites, including executive buy-in, innovating through pilot projects, hiring and training internal talent, implementing source control and deployment processes, and change management practices.
Dev secops opsec, devsec, devops ?
This document discusses the concepts of DevOps, SecOps, and DevSecOps. It describes how the traditional divisions between development, operations, and security can lead to problems, and how adopting a DevOps culture and practices like continuous integration, infrastructure as code, and automation can help break down silos. It emphasizes that DevSecOps is about collaboration, culture change, and bringing security practices into the development lifecycle from the beginning.
Creating Havoc using Human Interface Device
This document provides an overview of a presentation about using human interface devices like keyboards for penetration testing. The presentation covers using the Teensy microcontroller to create payloads that are executed when the device is plugged into a target system. It demonstrates writing payloads using the Kautilya toolkit to perform attacks like installing backdoors, changing system settings, gathering information, and executing code on Windows and Linux machines. The document also discusses limitations and ways to prevent attacks using malicious human interface devices.
Practical Exploitation - Webappy Style
The document discusses practical exploitation techniques used by penetration testers and red teams. It outlines the speaker's background as a senior red teamer who breaks into various systems like mainframes, bank accounts, SCADA systems, and web applications. The speaker defines practical exploitation as applying techniques, tactics, and procedures to accomplish objectives within a targeted engagement. The speaker then demonstrates three exploits: 1) Using a Linux pivot to exploit MS08_067 on Windows, 2) Exploiting a Rails vulnerability to steal credentials using Mimikatz on Windows, and 3) Using a Windows pivot to exploit DistCC on Linux via WinRM on IIS. The speaker emphasizes patching vulnerabilities and not enabling services like WinRM on DMZ
Purple Teaming - The Collaborative Future of Penetration Testing
Organizations get penetration tests year after year, yet companies still get breached because they’re STILL missing the basics.Traditional penetration tests are failing to prepare organizations for the threats they actually face. They’ve become a commodity of compliance and box-checking. Remediation steps rarely include management objectives. General lack of excitement for Blue Team functions. Red team is sexy, but just a tool. Do you even have a JBOSS server? (Then why are you seeing alerts for it?)
Hackability: Free/Open Source Assistive Tech
Connecting open source software and web accessibility projects with some ideas behind physical disability hacks.
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting is a valuable skill for service providers to have in order to reduce downtime and save costs. It involves both technical skills like understanding systems and soft skills like communication. In today's complex, distributed environments, troubleshooting has become more of an art. The process involves fast resolution by understanding the problem fully, observing its behavior, localizing the issue, testing resolutions, monitoring for success, and establishing historical monitoring data and people skills. Automating parts of troubleshooting and integrating various tools can also help scale this process.
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
The progress of AI in the last decade has seemed almost magical. But we will discuss the unique challenges posed by Security and what makes this domain the biggest challenge for AI. Reporting from the frontlines, we will describe the deployment of large-scale production-grade AI systems to combat security breaches, using lessons learned at Avast from defending over 400 million consumers every single day. Topics will cover the recent AI advancements in file-based anti-malware solutions, behavior-based on-device solutions, and network-based IoT security solutions.
The Dangers of Shadow IT
Unauthorised ‘Shadow IT’ presents a serious threat to the integrity and security your IT system. Find out how to protect your organisation now.
Similar to Cracking Into Embedded Devices - Hack in The Box Dubai 2008 (20)
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
Journeys To Cloud Native Architecture: Sun, Sea And Emergencies - Nicki Watt
Journeys To Cloud Native Architecture: Sun, Sea And Emergencies - Nicki Watt
Sandbox detection:
leak, abuse, test - Hacktivity 2015
Sandbox detection:
leak, abuse, test - Hacktivity 2015
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
[Workshop] Analyzing Your Deliverables: Developing the Optimal Documentation ...
[Workshop] Analyzing Your Deliverables: Developing the Optimal Documentation ...
Analyzing Your Deliverables: Developing the Optimal Documentation Library
Analyzing Your Deliverables: Developing the Optimal Documentation Library
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Recently uploaded
GNSS spoofing via SDR (Criptored Talks 2024)
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
From Natural Language to Structured Solr Queries using LLMs
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
AppSec PNW: Android and iOS Application Security with MobSF
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
ScyllaDB Tablets: Rethinking Replication
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Mutation Testing for Task-Oriented Chatbots
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Pitangent Analytics & Technology Solutions Pvt. Ltd
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.JavaLand 2024: Application Development Green Masterplan
My presentation slides I used at JavaLand 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Demystifying Knowledge Management through Storytelling
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
Dandelion Hashtable: beyond billion requests per second on a commodity server
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
"What does it really mean for your system to be available, or how to define w...
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Recently uploaded (20)
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
- 1. Hack in the Box Dubai 2008
- 2. Cutting-edge Think Tank Adrian „pagvac‟ Pastor Researcher and Pentester at GNUCITIZEN
- 3. About GNUCITIZEN Think tank Involved in research Public/independent Private/commercial Ethical hacker outfit Responsibledisclosure We have nothing to hide The only active tiger team in the UK Proud to have some of the best pros in our team
- 4. Cracking into embedded devices and beyond! Practical overview of offensive techniques against embedded devices