This document discusses defeating Windows 8.1's Kernel Patch Protection. It begins with introductions and definitions. It then explains how Patchguard and driver signing enforcement work in Windows 8.1, providing more protection than previous versions. The implementation of Kernel Patch Protection is described, including how it initializes, verifies the kernel, and crashes the system if modifications are detected. Previous methods of attacking Patchguard are reviewed, noting they have all been defeated in the latest version. The document aims to provide information to understand and potentially find new ways of attacking Patchguard.
HITBSecConf 2017-Shadow-Box-the Practical and Omnipotent SandboxSeunghun han
The document presents Shadow-Box, a lightweight hypervisor-based kernel protector designed for real world deployment. Shadow-Box uses virtualization technology to separate the machine into a secure host (Ring -1) and normal guest (Ring 0-3). It shares kernel memory between the two worlds to reduce overhead. The host can monitor the guest to detect rootkits and other attacks modifying kernel objects or function pointers. The author discusses lessons learned from deploying Shadow-Box, such as handling mutable kernel code and properly configuring cache types in the extended page table.
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used by modern malware to sauté. We analyze the techniques of penetration of the address space of kernel mode rootkits used by modern in-the-wild: - Win64/Olmarik (TDL4) - Win64/TrojanDownloader.Necurs (rootkit dropper) - NSIS / TrojanClicker.Agent.BJ (rootkit dropper) special attention is given to bootkit Win64/Olmarik (TDL4) for being the most prominent example of a kernel mode rootkit aimed at 64-bit Windows systems. Detail the remarkable features of TDL4 over its predecessor (TDL3/TDL3 +): the development of user mode components and kernel mode rootkit techniques used to bypass the HIPS, hidden and system files as bootkit functionality. Finally, we describe possible approaches to the removal of an infected computer and presents a free forensics tool for the dump file system hidden TDL.
Advanced Evasion Techniques by Win32/GapzAlex Matrosov
The document discusses advanced evasion techniques used by the Win32/Gapz malware. It describes how Gapz uses droppers, bootkits, and rootkit functionality for stealthy infection. The dropper uses PowerLoader and code injection into explorer.exe to bypass detection. The bootkit modifies the MBR and VBR to load at early boot stages. The rootkit implements hidden storage, process injection, and covert network communication channels.
This document discusses the history and evolution of bootkits from legacy BIOS to UEFI environments. It describes various bootkit techniques used in BIOS and UEFI, including MBR/VBR modification, hidden file systems, and replacing bootloaders. It also covers attacks against secure boot and forensic tools for analyzing firmware like HiddenFsReader and CHIPSEC.
This document summarizes the Gapz malware, including its dropper, bootkit, rootkit, and payload capabilities. The dropper uses an explorer.exe code injection trick to bypass HIPS. The bootkit implements a new VBR technique and hooks various boot components. The rootkit implements a hidden FAT32 file system and self-defense mechanisms. It also injects a user-mode payload and establishes covert network communication using an HTTP protocol. Forensic approaches discussed include a hidden file system reader tool and challenges in reconstructing C++ code.
The document discusses using a Trusted Platform Module (TPM) to securely store encryption keys for disk encryption on Linux. It describes configuring TPM to measure and seal an encryption key file using PCR registers. Modifications are made to initramfs and cryptroot scripts to support unsealing the key during boot without user input by using the TPM. While TPM provides secure storage, integrating it with Linux disk encryption requires additional configuration to get the key unsealed and passed to cryptsetup during early boot stages.
VxWorks - Holistic Security (Art of Testing)Aditya K Sood
The document discusses security issues related to the VxWorks operating system and firmware. It provides an overview of the VxWorks architecture and fault management system. It then analyzes vulnerabilities in the VxWorks OS security model, network stack, debugging interface, and firmware configuration. Finally, it discusses threats facing embedded devices like weak security practices.
HITBSecConf 2017-Shadow-Box-the Practical and Omnipotent SandboxSeunghun han
The document presents Shadow-Box, a lightweight hypervisor-based kernel protector designed for real world deployment. Shadow-Box uses virtualization technology to separate the machine into a secure host (Ring -1) and normal guest (Ring 0-3). It shares kernel memory between the two worlds to reduce overhead. The host can monitor the guest to detect rootkits and other attacks modifying kernel objects or function pointers. The author discusses lessons learned from deploying Shadow-Box, such as handling mutable kernel code and properly configuring cache types in the extended page table.
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used by modern malware to sauté. We analyze the techniques of penetration of the address space of kernel mode rootkits used by modern in-the-wild: - Win64/Olmarik (TDL4) - Win64/TrojanDownloader.Necurs (rootkit dropper) - NSIS / TrojanClicker.Agent.BJ (rootkit dropper) special attention is given to bootkit Win64/Olmarik (TDL4) for being the most prominent example of a kernel mode rootkit aimed at 64-bit Windows systems. Detail the remarkable features of TDL4 over its predecessor (TDL3/TDL3 +): the development of user mode components and kernel mode rootkit techniques used to bypass the HIPS, hidden and system files as bootkit functionality. Finally, we describe possible approaches to the removal of an infected computer and presents a free forensics tool for the dump file system hidden TDL.
Advanced Evasion Techniques by Win32/GapzAlex Matrosov
The document discusses advanced evasion techniques used by the Win32/Gapz malware. It describes how Gapz uses droppers, bootkits, and rootkit functionality for stealthy infection. The dropper uses PowerLoader and code injection into explorer.exe to bypass detection. The bootkit modifies the MBR and VBR to load at early boot stages. The rootkit implements hidden storage, process injection, and covert network communication channels.
This document discusses the history and evolution of bootkits from legacy BIOS to UEFI environments. It describes various bootkit techniques used in BIOS and UEFI, including MBR/VBR modification, hidden file systems, and replacing bootloaders. It also covers attacks against secure boot and forensic tools for analyzing firmware like HiddenFsReader and CHIPSEC.
This document summarizes the Gapz malware, including its dropper, bootkit, rootkit, and payload capabilities. The dropper uses an explorer.exe code injection trick to bypass HIPS. The bootkit implements a new VBR technique and hooks various boot components. The rootkit implements a hidden FAT32 file system and self-defense mechanisms. It also injects a user-mode payload and establishes covert network communication using an HTTP protocol. Forensic approaches discussed include a hidden file system reader tool and challenges in reconstructing C++ code.
The document discusses using a Trusted Platform Module (TPM) to securely store encryption keys for disk encryption on Linux. It describes configuring TPM to measure and seal an encryption key file using PCR registers. Modifications are made to initramfs and cryptroot scripts to support unsealing the key during boot without user input by using the TPM. While TPM provides secure storage, integrating it with Linux disk encryption requires additional configuration to get the key unsealed and passed to cryptsetup during early boot stages.
VxWorks - Holistic Security (Art of Testing)Aditya K Sood
The document discusses security issues related to the VxWorks operating system and firmware. It provides an overview of the VxWorks architecture and fault management system. It then analyzes vulnerabilities in the VxWorks OS security model, network stack, debugging interface, and firmware configuration. Finally, it discusses threats facing embedded devices like weak security practices.
Kernel Recipes 2015: Anatomy of an atomic KMS driverAnne Nicolas
The DRM and KMS APIs have won in the Linux graphics ecosystem. Long gone are the days when KMS meant only a handful of desktop graphics drivers. As a side effect, new problems have been uncovered, and API extensions are being designed to address advanced use cases. Atomic updates is the latest significant of such extensions.
While the userspace API extension is simple, a lot of work went under the hood and the in-kernel KMS helpers went through major changes that are not trivial to implement in drivers. This talk will present KMS atomic updates and explain how to update KMS drivers to take advantage of the new API, using the Renesas rcar-du-drm driver as an example.
Laurent Pinchart, Ideas on Board
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...CanSecWest
This document discusses using Intel Processor Trace (Intel PT) for hardware-based tracing on Windows. It provides an overview of Intel PT capabilities and how it can be used for fuzzing and vulnerability discovery. Specifically, it describes the development of WinAFL IntelPT, which integrates Intel PT tracing with the WinAFL evolutionary fuzzer to enable high-performance, hardware-driven fuzzing on Windows.
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
n this presentation we will be discussing the evolution of the notorious rootkit TDL (classified by ESET as Win32/Olmarik and Win64/Olmarik) which in its latest incarnation is the first widespread rootkit to target 64-bit versions of Microsoft Windows operating systems. The most striking features of the rootkit are its ability to bypass Microsoft Windows Driver Signature Checking in order to load its malicious driver, and its implementation of its own hidden encrypted file system, in which to store its malicious components. Between its first appearance on the malware scene and the present its architecture has been drastically changed several times to adapt to new systems and respond to countermeasures introduced by antivirus and HIPS software. In the presentation we will cover the the following topics: the evolution of the user-mode and kernel-mode components of the rootkit; techniques it has used to bypass HIPS; modifications to the hidden file system; bootkit functionality; tne recently introduced ability to infect x64 operating systems; and, finally, approaches to removing the rootkit from an infected system. In addition, we will present our free forensic tool for dumping the hidden rootkit file system.
So you're logging in to your favorite crypto currency exchange over https using a username and password, executing some transactions, and you're not at all surprised that, security wise, everything's hunky dory...
In order to appreciate and understand what goes on under the hood, as a developer, it's really important to dive into the key concepts of cryptography .
In this presentation, we'll go back to JCA (Java Cryptography API) en JCE (Java Cryptography Extensions) basics, like message digests, symmetric and asymmetric encryption, and digital signatures, and see how they're used in a variety of examples like https and certificates, salted password checking, and block chain technology.
After this presentation, you'll have a better understanding of Java Cryptography APIs and their applications.
Android 5.0 Lollipop brings huge change, compare to before.
This report includes statistics from source code with data and hidden features from source code & git log investigation.
OffensiveCon2022: Case Studies of Fuzzing with XenTamas K Lengyel
KF/x is an open-source fuzzing framework that leverages virtual machine introspection to fuzz code running inside virtual machines. It was used to discover vulnerabilities in the Virtio driver in Linux and a heap overflow in the 7z parser of Symantec Endpoint Protection. KF/x allows taking full memory snapshots of a VM, forking it to generate new test cases, and monitoring for crashes or desired program states. This approach found issues that may have otherwise remained undetected due to the lack of proper fuzzing tools for systems running complex, isolated software like antivirus programs.
This document discusses trusted and encrypted keys in the Linux kernel key retention service. It describes how trusted keys use the TPM to generate and seal keys, while encrypted keys encrypt keys using an AES master key. It also outlines plans to introduce an EFI kernel master key and further lock down the kernel to protect sensitive key material from compromise.
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
IWSEC2014(The 9th International Workshop on Security 弘前) で"Kernel Memory Protection by an Insertable Hypervisor which has VM Introspection and Stealth Breakpoints"
- The document discusses exploiting unconventional use-after-free (UAF) bugs in the Android kernel perf system to gain root privileges on Android devices.
- It describes two UAF bugs, CVE-2016-6787 and CVE-2017-0403, that are difficult to exploit due to lack of control over freed objects and inability to achieve code execution.
- Novel exploitation techniques are proposed, such as freezing threads to gain time to refill freed objects for CVE-2016-6787 and compromising the pipe subsystem to achieve arbitrary kernel writes for CVE-2017-0403.
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CanSecWest
This document discusses how abusing CPU hot-add weaknesses could allow escalating privileges in server datacenters. It describes how CPU hot-add works, allowing addition of new CPUs to a running system without shutting down. Two memory regions important for hot-add are identified as assets to protect: 0x38000 holding SMI code, and 0x0e2000 holding SIPI vectors. An attack corrupting 0x38000 to inject malicious SMI code and escalate to SMM privileges is demonstrated. Mitigation using hardware protection of memory regions from DMA is discussed.
SnakeGX is a framework that implants a persistent backdoor in SGX enclaves without being detected by the host OS. It works by exploiting SGX isolation to avoid memory inspection, leaving minimal traces. The key aspects are: (1) analyzing enclave memory to find a trusted thread for payload installation, (2) installing ROP chains and a fake ocall context trigger, (3) designing the backdoor with split payload chains that interact inside and outside the enclave via context switching. An evaluation on StealthDB shows the trigger is much smaller than the payload, making it harder to detect through memory forensics.
The lecture by Norman Feske for Summer Systems School'12.
Genode Compositions
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
Genode[2] - The Genode operating-system framework provides a uniform API for applications on top of 8 existing microkernels/hypervisors: Linux, L4ka::Pistachio, L4/Fiasco, OKL4, NOVA, Fiasco.OC, Codezero, and a custom kernel for the MicroBlaze architecture.
1. http://ksyslabs.org/
2. http://genode.org
CSW2017 Weston miller csw17_mitigating_native_remote_code_executionCanSecWest
This document summarizes security features in Microsoft Azure to prevent control-flow hijacking and arbitrary code generation. It describes Control Flow Guard, Arbitrary Code Guard, and Code Integrity Guard which enforce control flow integrity, prevent dynamic code generation and modification, and only allow signed code pages. It also discusses some known limitations and bypasses that Microsoft is working to address through additional security features like Control-flow Enforcement Technology (CET).
- SnakeGX is a framework that implants a persistent backdoor in SGX enclaves using code-reuse techniques, allowing an attacker to interact with the enclave without detection by the host OS. It exploits SGX isolation to avoid memory inspection and leaves minimal traces.
- The backdoor remains inside the enclave after installation and can invoke syscalls. It is more stealthy than prior attacks as it does not require crashing the enclave repeatedly or introducing unexpected enclaves.
- An evaluation shows the backdoor payload is over 4KB in size but the trigger is only 56B, making it much harder to detect through memory forensic analysis than state-of-the-art attacks.
The lecture by Norman Feske for Summer Systems School'12.
Genode Components
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
Genode[2] - The Genode operating-system framework provides a uniform API for applications on top of 8 existing microkernels/hypervisors: Linux, L4ka::Pistachio, L4/Fiasco, OKL4, NOVA, Fiasco.OC, Codezero, and a custom kernel for the MicroBlaze architecture.
1. http://ksyslabs.org/
2. http://genode.org
The lecture by Norman Feske for Summer Systems School'12.
Genode Architecture
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
Genode[2] - The Genode operating-system framework provides a uniform API for applications on top of 8 existing microkernels/hypervisors: Linux, L4ka::Pistachio, L4/Fiasco, OKL4, NOVA, Fiasco.OC, Codezero, and a custom kernel for the MicroBlaze architecture.
1. http://ksyslabs.org/
2. http://genode.org
This document discusses techniques that malware authors use to frustrate malware analysts, including inserting breakpoints, manipulating timing functions, exploiting Windows internals like debug flags and objects, anti-dumping methods, VM detection, and debugger-specific tricks. The author also announces a public malware repository and API called VXCage for sharing samples.
The document discusses EFI secure keys, a new type of kernel key that does not rely on user space or a TPM. It can be loaded early in the boot process from firmware. The key is generated from a random number stored as an EFI boot variable, providing more security than UEFI variables alone. However, mainline Linux has not accepted EFI secure keys due to concerns about low entropy in firmware and the possibility of UEFI variable corruption.
CanSecWest 2017 - Port(al) to the iOS CoreStefan Esser
This document discusses a new iOS kernel exploitation technique that involves manipulating mach ports. It fills the kernel heap with pointers to mach ports, then overwrites those pointers to fake ports that point to attacker-controlled data structures. This allows calling kernel APIs and the Mach API using the fake ports to potentially execute arbitrary code or escalate privileges. The technique was previously private but was leaked in late 2016 and used in the Yalu jailbreak.
This document discusses new process protection mechanisms introduced in Windows 8.1 that extend the protected process model to key non-DRM system processes. It protects processes like LSA even from Administrators, and mitigates pass-the-hash attacks. Digital signatures and code signing add another boundary of protection beyond just load/don't load. Processes can now be designated as protected or protected light, assigned a protected signer like Windows or Antimalware, and have increased restrictions on access.
This document discusses practical attacks against HomePlugAV powerline communication devices. It begins with an introduction to PLC technology and the OSI layers used. Previous work analyzing PLC security is summarized, including publications and tools. The document then analyzes the PLC network, describing how the ethernet interface can be used to retrieve device and network information. Basic attacks are discussed, such as intercepting the network passphrase or bruteforcing the network membership key. The document proposes studying default administrator passwords by analyzing devices sold on online marketplaces, to enable a "smart" bruteforce attack against the direct access key.
Kernel Recipes 2015: Anatomy of an atomic KMS driverAnne Nicolas
The DRM and KMS APIs have won in the Linux graphics ecosystem. Long gone are the days when KMS meant only a handful of desktop graphics drivers. As a side effect, new problems have been uncovered, and API extensions are being designed to address advanced use cases. Atomic updates is the latest significant of such extensions.
While the userspace API extension is simple, a lot of work went under the hood and the in-kernel KMS helpers went through major changes that are not trivial to implement in drivers. This talk will present KMS atomic updates and explain how to update KMS drivers to take advantage of the new API, using the Renesas rcar-du-drm driver as an example.
Laurent Pinchart, Ideas on Board
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...CanSecWest
This document discusses using Intel Processor Trace (Intel PT) for hardware-based tracing on Windows. It provides an overview of Intel PT capabilities and how it can be used for fuzzing and vulnerability discovery. Specifically, it describes the development of WinAFL IntelPT, which integrates Intel PT tracing with the WinAFL evolutionary fuzzer to enable high-performance, hardware-driven fuzzing on Windows.
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
n this presentation we will be discussing the evolution of the notorious rootkit TDL (classified by ESET as Win32/Olmarik and Win64/Olmarik) which in its latest incarnation is the first widespread rootkit to target 64-bit versions of Microsoft Windows operating systems. The most striking features of the rootkit are its ability to bypass Microsoft Windows Driver Signature Checking in order to load its malicious driver, and its implementation of its own hidden encrypted file system, in which to store its malicious components. Between its first appearance on the malware scene and the present its architecture has been drastically changed several times to adapt to new systems and respond to countermeasures introduced by antivirus and HIPS software. In the presentation we will cover the the following topics: the evolution of the user-mode and kernel-mode components of the rootkit; techniques it has used to bypass HIPS; modifications to the hidden file system; bootkit functionality; tne recently introduced ability to infect x64 operating systems; and, finally, approaches to removing the rootkit from an infected system. In addition, we will present our free forensic tool for dumping the hidden rootkit file system.
So you're logging in to your favorite crypto currency exchange over https using a username and password, executing some transactions, and you're not at all surprised that, security wise, everything's hunky dory...
In order to appreciate and understand what goes on under the hood, as a developer, it's really important to dive into the key concepts of cryptography .
In this presentation, we'll go back to JCA (Java Cryptography API) en JCE (Java Cryptography Extensions) basics, like message digests, symmetric and asymmetric encryption, and digital signatures, and see how they're used in a variety of examples like https and certificates, salted password checking, and block chain technology.
After this presentation, you'll have a better understanding of Java Cryptography APIs and their applications.
Android 5.0 Lollipop brings huge change, compare to before.
This report includes statistics from source code with data and hidden features from source code & git log investigation.
OffensiveCon2022: Case Studies of Fuzzing with XenTamas K Lengyel
KF/x is an open-source fuzzing framework that leverages virtual machine introspection to fuzz code running inside virtual machines. It was used to discover vulnerabilities in the Virtio driver in Linux and a heap overflow in the 7z parser of Symantec Endpoint Protection. KF/x allows taking full memory snapshots of a VM, forking it to generate new test cases, and monitoring for crashes or desired program states. This approach found issues that may have otherwise remained undetected due to the lack of proper fuzzing tools for systems running complex, isolated software like antivirus programs.
This document discusses trusted and encrypted keys in the Linux kernel key retention service. It describes how trusted keys use the TPM to generate and seal keys, while encrypted keys encrypt keys using an AES master key. It also outlines plans to introduce an EFI kernel master key and further lock down the kernel to protect sensitive key material from compromise.
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
IWSEC2014(The 9th International Workshop on Security 弘前) で"Kernel Memory Protection by an Insertable Hypervisor which has VM Introspection and Stealth Breakpoints"
- The document discusses exploiting unconventional use-after-free (UAF) bugs in the Android kernel perf system to gain root privileges on Android devices.
- It describes two UAF bugs, CVE-2016-6787 and CVE-2017-0403, that are difficult to exploit due to lack of control over freed objects and inability to achieve code execution.
- Novel exploitation techniques are proposed, such as freezing threads to gain time to refill freed objects for CVE-2016-6787 and compromising the pipe subsystem to achieve arbitrary kernel writes for CVE-2017-0403.
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CanSecWest
This document discusses how abusing CPU hot-add weaknesses could allow escalating privileges in server datacenters. It describes how CPU hot-add works, allowing addition of new CPUs to a running system without shutting down. Two memory regions important for hot-add are identified as assets to protect: 0x38000 holding SMI code, and 0x0e2000 holding SIPI vectors. An attack corrupting 0x38000 to inject malicious SMI code and escalate to SMM privileges is demonstrated. Mitigation using hardware protection of memory regions from DMA is discussed.
SnakeGX is a framework that implants a persistent backdoor in SGX enclaves without being detected by the host OS. It works by exploiting SGX isolation to avoid memory inspection, leaving minimal traces. The key aspects are: (1) analyzing enclave memory to find a trusted thread for payload installation, (2) installing ROP chains and a fake ocall context trigger, (3) designing the backdoor with split payload chains that interact inside and outside the enclave via context switching. An evaluation on StealthDB shows the trigger is much smaller than the payload, making it harder to detect through memory forensics.
The lecture by Norman Feske for Summer Systems School'12.
Genode Compositions
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
Genode[2] - The Genode operating-system framework provides a uniform API for applications on top of 8 existing microkernels/hypervisors: Linux, L4ka::Pistachio, L4/Fiasco, OKL4, NOVA, Fiasco.OC, Codezero, and a custom kernel for the MicroBlaze architecture.
1. http://ksyslabs.org/
2. http://genode.org
CSW2017 Weston miller csw17_mitigating_native_remote_code_executionCanSecWest
This document summarizes security features in Microsoft Azure to prevent control-flow hijacking and arbitrary code generation. It describes Control Flow Guard, Arbitrary Code Guard, and Code Integrity Guard which enforce control flow integrity, prevent dynamic code generation and modification, and only allow signed code pages. It also discusses some known limitations and bypasses that Microsoft is working to address through additional security features like Control-flow Enforcement Technology (CET).
- SnakeGX is a framework that implants a persistent backdoor in SGX enclaves using code-reuse techniques, allowing an attacker to interact with the enclave without detection by the host OS. It exploits SGX isolation to avoid memory inspection and leaves minimal traces.
- The backdoor remains inside the enclave after installation and can invoke syscalls. It is more stealthy than prior attacks as it does not require crashing the enclave repeatedly or introducing unexpected enclaves.
- An evaluation shows the backdoor payload is over 4KB in size but the trigger is only 56B, making it much harder to detect through memory forensic analysis than state-of-the-art attacks.
The lecture by Norman Feske for Summer Systems School'12.
Genode Components
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
Genode[2] - The Genode operating-system framework provides a uniform API for applications on top of 8 existing microkernels/hypervisors: Linux, L4ka::Pistachio, L4/Fiasco, OKL4, NOVA, Fiasco.OC, Codezero, and a custom kernel for the MicroBlaze architecture.
1. http://ksyslabs.org/
2. http://genode.org
The lecture by Norman Feske for Summer Systems School'12.
Genode Architecture
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
Genode[2] - The Genode operating-system framework provides a uniform API for applications on top of 8 existing microkernels/hypervisors: Linux, L4ka::Pistachio, L4/Fiasco, OKL4, NOVA, Fiasco.OC, Codezero, and a custom kernel for the MicroBlaze architecture.
1. http://ksyslabs.org/
2. http://genode.org
This document discusses techniques that malware authors use to frustrate malware analysts, including inserting breakpoints, manipulating timing functions, exploiting Windows internals like debug flags and objects, anti-dumping methods, VM detection, and debugger-specific tricks. The author also announces a public malware repository and API called VXCage for sharing samples.
The document discusses EFI secure keys, a new type of kernel key that does not rely on user space or a TPM. It can be loaded early in the boot process from firmware. The key is generated from a random number stored as an EFI boot variable, providing more security than UEFI variables alone. However, mainline Linux has not accepted EFI secure keys due to concerns about low entropy in firmware and the possibility of UEFI variable corruption.
CanSecWest 2017 - Port(al) to the iOS CoreStefan Esser
This document discusses a new iOS kernel exploitation technique that involves manipulating mach ports. It fills the kernel heap with pointers to mach ports, then overwrites those pointers to fake ports that point to attacker-controlled data structures. This allows calling kernel APIs and the Mach API using the fake ports to potentially execute arbitrary code or escalate privileges. The technique was previously private but was leaked in late 2016 and used in the Yalu jailbreak.
This document discusses new process protection mechanisms introduced in Windows 8.1 that extend the protected process model to key non-DRM system processes. It protects processes like LSA even from Administrators, and mitigates pass-the-hash attacks. Digital signatures and code signing add another boundary of protection beyond just load/don't load. Processes can now be designated as protected or protected light, assigned a protected signer like Windows or Antimalware, and have increased restrictions on access.
This document discusses practical attacks against HomePlugAV powerline communication devices. It begins with an introduction to PLC technology and the OSI layers used. Previous work analyzing PLC security is summarized, including publications and tools. The document then analyzes the PLC network, describing how the ethernet interface can be used to retrieve device and network information. Basic attacks are discussed, such as intercepting the network passphrase or bruteforcing the network membership key. The document proposes studying default administrator passwords by analyzing devices sold on online marketplaces, to enable a "smart" bruteforce attack against the direct access key.
NSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineeringNoSuchCon
The document discusses program synthesis in reverse engineering. It describes using program synthesis techniques to automatically generate CPU emulators by synthesizing descriptions of instruction behaviors from input-output examples of executing the instructions. The key steps involve generating hypotheses about instruction behaviors from templates, sampling instruction behaviors, filtering hypotheses that do not match the samples, and checking equivalence of remaining hypotheses. The goal is to produce a single accurate description of each instruction's behavior.
The document provides statistics from a Capture the Flag (CTF) cybersecurity competition that tested skills in reversing, exploit writing, and cryptography. Over 850 participants completed the first level, while 159 reversed engineering challenges, 22 evaded detection in level 2, and 5 completed the hardest level 3. The event also saw security scans and many blocked reverse connects and failed payload attempts, showing it provided a realistic testing environment.
This document summarizes a three-part challenge involving cracking a MIPS binary, exploiting a Python/XXE vulnerability in a web application, and decrypting messages from a SecureDrop-like system. The MIPS binary is cracked by inverting its password checking algorithm. The web app is exploited via XXE to retrieve files containing an admin URL and view state details. Python code is modified at runtime to decrypt an AES key and access a "secret.key" file. This key reveals a tarball containing a SecureDrop implementation. A buffer overflow in SecDrop's service is used to run shellcode. Timing attacks via the CPU cache are then used to retrieve the private RSA key and decrypt messages stored by the SecureDrop-
NSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based deviceNoSuchCon
The document discusses reverse engineering the firmware of a real estate lockbox device. Key points include:
- The lockbox uses an MSP430 microcontroller protected by a JTAG fuse and BSL interface
- Traditional BSL attacks like timing and voltage glitching failed due to inconsistencies
- A "Paparazzi" attack was successful, bypassing the JTAG fuse using a camera flash to induce a photoelectric effect
- Firmware analysis revealed conventions like register usage and a "sparse index" switch statement technique
NSC #2 - D2 05 - Andrea Barisani - Forging the USB ArmoryNoSuchCon
The document describes the USB armory, an open source flash drive-sized computer designed for personal security applications. It has an ARM Cortex-A8 CPU, 512MB RAM, runs Linux, and can emulate devices over USB. Its goals are to be compact, powered by USB, have secure boot and storage, and be customizable. The timeline shows development from a concept in 2014 to shipping units in late 2014. It aims to provide an open platform for applications like encryption, VPNs, password management, and penetration testing.
NSC #2 - D2 02 - Benjamin Delpy - MimikatzNoSuchCon
Benjamin Delpy is a security researcher known for creating the tool mimikatz. Mimikatz can extract plaintext credentials and keys from memory. Kerberos authentication relies on encrypting tickets with various keys, including NTLM hashes and AES keys derived from the password. Mimikatz can perform pass-the-hash and over-pass-the-hash attacks by extracting these keys from memory and using them to authenticate.
NSC #2 - D1 02 - Georgi Geshev - Your Q is my QNoSuchCon
This document discusses message queue security and contains the following information:
- It describes common message queue concepts like asynchronous message exchange, publish/subscribe, and message queue protocols.
- It outlines the typical attack surface for message queues including common misconfigurations, vulnerabilities in XML processing and LDAP authentication.
- It provides examples of attack scenarios from the perspective of an anonymous attacker, authenticated client, or compromised broker.
- Methods for hardening message queue security are proposed such as restricting protocols, removing default accounts, and disabling unnecessary management interfaces.
The document summarizes information about detecting BGP hijacks in 2014. It provides background on BGP, how prefixes are announced and removed, and examples of prefix hijacks. It describes how a hijacker redirected cryptocurrency miners to earn an estimated $83,000 from February to May 2014. It also outlines active and passive countermeasures networks can take to detect and mitigate against BGP hijacks.
NSC #2 - D3 02 - Peter Hlavaty - Attack on the CoreNoSuchCon
This document discusses kernel exploitation techniques. It begins by explaining the KernelIo technique for reading and writing kernel memory on Windows and Linux despite protections like SMAP and SMEP. It then discusses several vulnerability cases that can enable KernelIo like out of bounds writes, kmalloc overflows, and abusing KASLR. Next, it analyzes design flaws in kernels like linked lists, hidden pointers, and callback mechanisms. It evaluates the state of exploitation on modern systems and envisions future hardened operating system designs. It advocates moving to C++ for exploitation development rather than shellcoding and introduces a C++ exploitation framework. The document was presented by Peter Hlavaty of the Keen Team and encourages recruitment for vulnerability research.
NSC #2 - D2 06 - Richard Johnson - SAGEly AdviceNoSuchCon
The document discusses automated testing techniques for software, including fuzzing and concolic testing. Fuzzing involves generating random inputs to exercise a program, while concolic testing uses symbolic execution to track data flows and observe how program logic is influenced by inputs. Concolic testing can generate inputs that cover more program states but requires instrumenting the code to analyze execution.
This document discusses cryptographic backdoors. It begins by explaining why research on backdoors is important, both to detect them and to understand how to implement them properly if required. It then provides an overview of different types of backdoors, such as weakened algorithms, covert channels, and key escrow. Specific sabotage tactics are described, like manipulating constants or elliptic curve parameters. Implementation issues are also covered, like introducing bugs or omitting validation checks. The document concludes by outlining characteristics of a "perfect backdoor" that would be undetectable.
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine SecurityNoSuchCon
The document discusses attacking Google App Engine (GAE) applications and infrastructure. It describes how vulnerabilities in app implementations, APIs, and developer mistakes can be exploited. It also analyzes how the GAE Python sandbox can be evaded to enable arbitrary code execution on Google servers despite protections. The conclusion is that while Google security is robust with layered defenses, focused attacks have potential to compromise apps and other services due to developer errors.
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database AttacksNoSuchCon
The document discusses blended web and database attacks on in-memory platforms like SAP HANA, outlining potential threat vectors such as SQL injection, cross-site scripting, integration with R server, and post-exploitation using C/C++. It notes that SAP HANA uses a blended web and database architecture, with code and data stored directly in the database, and that vulnerabilities could allow an attacker to access sensitive business and customer data, disrupt operations, or enable fraud. The presentation covers the architecture of SAP HANA, programming languages used, and how attacks may have a greater impact or different execution compared to traditional web application scenarios.
This document provides an overview and outline of a talk on quantum computing in practice and applications to cryptography. The talk will introduce quantum physics basics, discuss the state of quantum computing and cryptography, explain how to build quantum circuits, and provide tools and access for practicing quantum computing. It will cover fundamental quantum algorithms, attacks against cryptography, simulations and tools for quantum computing, and the future of post-quantum cryptography.
Joanna Rutkowska Subverting Vista Kernelguestf1a032
The document discusses techniques for subverting the Windows Vista kernel protection mechanisms and loading unsigned code. It describes:
1) Forcing kernel drivers to page out to the pagefile by allocating large amounts of memory, then modifying the paged out code in the pagefile to inject shellcode without requiring a signature.
2) The concept of an undetectable "Blue Pill" malware that could install itself on-the-fly by exploiting AMD64 SVM virtualization extensions to move the operating system into a virtual machine controlled by a thin hypervisor.
3) Challenges of handling nested virtual machines to prevent detection when the system is already compromised by "Blue Pill" malware.
Android boot time optimization involves measuring boot times, analyzing the results, and reducing times. Key areas of focus include the bootloader, kernel initialization, zygote class preloading, and system service startup. Hibernation technologies like QuickBoot and Fast-On can improve resume speeds by saving a system image to flash. The "R-Loader" concept aims to minimize hardware re-initialization on resume by directly loading a suspended kernel image.
The document describes the process of implementing SMP support for OpenBSD on a SGI Octane 2 machine. Key steps included restructuring per-processor data, implementing locking primitives, handling hardware aspects like spinning up secondary processors, and debugging challenges like detecting deadlocks. Debugging was made difficult by timing issues but was aided by tools like JTAG, DDB, printfs, and modifying locks to record stuck locations. Interrupts could block inter-processor communication so the clock handler was modified to re-enable interrupts during locking.
Pluggable Infrastructure with CI/CD and DockerBob Killen
The docker cluster ecosystem is still young, and highly modular. This presentation covers some of the challenges we faced deciding on what infrastructure to deploy, and a few tips and tricks in making both applications and infrastructure easily adaptable.
Rsockets provides a socket-like API for RDMA networking. It aims to allow applications to use familiar socket programming concepts while achieving high performance comparable to native RDMA. Rsockets allows existing socket applications to run over RDMA with minimal changes by intercepting socket calls and mapping them to rsocket functions. Initial benchmarks show rsockets achieving lower latency and higher bandwidth than IPoIB and competing with native InfiniBand performance. It also allows several MPI and HPC applications to run with only linking to an interception library.
DPDK Summit 2015 in San Francisco.
Intel's presentation by Keith Wiles.
For additional details and the video recording please visit www.dpdksummit.com.
The document discusses security considerations for installing and configuring an Oracle Exadata Database Machine. It recommends preparing for installation by collecting security requirements, subscribing to security alerts, and reviewing installation guidelines. During installation, it advises implementing available security features like the "Resecure Machine" step to tighten permissions and passwords. Post-deployment, it suggests addressing any site-specific security needs like changing default passwords and validating policies.
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersAlexandre Moneger
The document discusses generating return-oriented programming (ROP) payloads using numbers found in memory. It proposes a technique called "number stitching" which involves representing shellcode as increasing numeric deltas, finding numbers in memory to build those values, and using them to reconstruct the shellcode on a controlled stack. This solves the problem of finding long byte sequences or gadgets, by instead stitching together smaller numbers available in memory. The document outlines solving the "coin change problem" to efficiently find combinations of numbers that sum to each shellcode chunk value.
The document summarizes an attack on the TrustZone architecture of the Huawei Ascend Mate 7 smartphone. It details vulnerabilities that allow gaining root access on the normal world and executing arbitrary code in the trusted execution environment (TEE). This includes overwriting memory to bypass restrictions and read encrypted fingerprint images from the sensor by patching the TEE kernel. The attack demonstrates full compromise of the device's security features.
Rodrigo Almeida - Microkernel development from project to implementationFelipe Prado
This document discusses developing a microkernel from project to implementation. It covers topics like kernel components, designing a kernel project, concepts for developing a microkernel like function pointers and structs, building a device driver controller, and using callbacks. Code examples are provided for initializing hardware and communicating with an LCD. The goal is for participants to have a better understanding of kernels, their advantages, and restrictions.
Secure enclaves are becoming a popular way to separate and protect sensitive code and data from other processes running on a system. A FIPS 140-2 validated cryptographic software module is currently required to run power-on self tests when loaded, but security of the module can be taken one step further by validating the module inside a secure enclave, such as Intel SGX.
wolfSSL has been working on FIPS 140-2 validating the wolfCrypt library running inside an Intel SGX enclave. This session will discuss the advantages, challenges, and process of FIPS 140-2 validating a cryptographic software module inside Intel SGX and how the same process could be applied to other secure enclave environments.
See the improved version: https://www.slideshare.net/ApostolosGiannakidis/mitigating-java-deserialization-attacks-from-within-the-jvm-improved-version
A talk about the existing ways to mitigate Java deserialization attacks from the JVM. The talk was presented at the BSides Luxembourg conference on October 2017.
It describes the use of Instrumentation Agents and Serialization Filtering and their limitations.
It also talks about Runtime Virtualization and Runtime privilege de-escalation.
At the talk there was also a PoC demo that demonstrated how an Instrumentation Agent could be tampered from a file upload vulnerability at the application level.
We are one of the best embedded systems training institute for advance courses. We are the pioneer of the embedded system training in Pune & Pcmc with the expertise of over 16 years. we are working in the field training & development of embedded systems & currently we are also working on live projects as per the requirements of clients. though we provide many different courses & training in embedded all aim at giving good practical knowledge to students as well help them in their career.
We are one of the best embedded systems training institute for advance courses. We are the pioneer of the embedded system training in Pune & Pcmc with the expertise of over 16 years. we are working in the field training & development of embedded systems & currently we are also working on live projects as per the requirements of clients. though we provide many different courses & training in embedded all aim at giving good practical knowledge to students as well help them in their career.
Timings of Init : Android Ramdisks for the Practical HackerStacy Devino
Android Ramdisks basics presented at the Big Android BBQ 2014.
Covers some of SElinux for Android, Kernels, Startup Sequences, Services, Classes, and Properties.
Even, some practical examples on how they can be used to help your Android embedded or debugging work.
Mitigating Java Deserialization attacks from within the JVM (improved version)Apostolos Giannakidis
This deck contains a few improvements based on received feedback, such as the addition of links and reworded some points for clarity.
A talk about the existing ways to mitigate Java deserialization attacks from the JVM. The talk was presented at the BSides Luxembourg conference on October 2017.
It describes the use of Instrumentation Agents and Serialization Filtering and their limitations.
It also talks about Runtime Virtualization and Runtime privilege de-escalation.
At the talk there was also a PoC demo that demonstrated how an Instrumentation Agent could be tampered from a file upload vulnerability at the application level.
44CON London 2015 - How to drive a malware analyst crazy44CON
This document discusses techniques that malware authors use to frustrate malware analysts, including inserting breakpoints, manipulating timing functions, exploiting Windows internals, anti-dumping measures, and virtual machine detection. The author then provides recommendations for malware analysts to identify and circumvent these anti-analysis techniques.
Project Vault is a secure computing environment developed by Google's ATAP group. It uses a microSD card to provide an encrypted environment that works with any operating system. The project is open source and uses an FPGA-based hardware security module for encryption and decryption. It also uses a custom real-time operating system called microSEL and an OpenRISC 1200 processor. Project Vault aims to provide a portable secure computing solution.
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...The Linux Foundation
Software Guard Extensions (SGX) is Intel's unique security feature which has been present in Intel's processors since Skylake generation. Existing HW/SW solutions hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel SGX solves this by using enclave, which is a protected portion of userspace application where the code/data cannot be accessed directly from outside by any software, including privileged ones, such as BIOS and VMM. This discussion is intended for the deep dive introduction to SGX, and the design discussion of adding SGX virtualization to Xen. We will start with SGX deep dive, and then go into SGX virtualization design, from high level design to details, such as EPC management/virtualization, CPUID handling, interaction with VMX, live migration support, etc.
Similar to NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections (20)
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfflufftailshop
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
1. It’s all about gong fu! (part 2)
Understanding and Defeating Windows 8.1 Kernel
Patch Protection:
Andrea Allievi
Talos Security Research and Intelligence Group - Cisco Systems Inc.
aallievi@cisco.com
November 20th, 2014 - NoSuchCon