Day 2 Dns Cert 4 Scenarios
•
0 likes•382 views
This document outlines several DNS attack scenarios that will be demonstrated for educational purposes. The scenarios include cache poisoning targeting a nameserver, nameserver redelegation exploiting a vulnerability in a registry system, and malicious use targeting individual systems. Rules of engagement are provided to assure participants that while the demonstrations show potential attacks, no actual malicious activity will occur. Attendees are invited to observe the effects through DNS queries, simulated phishing emails, and traffic analysis on provided virtual machines.
Report
Share
Report
Share
Download to read offline
Recommended
Day 1 From CERT To NCSC
- CERT-Hungary started as a project under the Ministry of IT and Communications and is now under the Prime Minister's Office. It has partnership agreements with several government agencies and is responsible for the security of the e-government backbone network.
- The Theodore Puskás Government Foundation, founded in 1993, is governed by civil code and oversees CERT-Hungary. It engages in technology transfer, information security, and other activities.
- The e-Commerce Act and Ministerial Decree on National Alert Service for Communications establish CERT-Hungary's role in critical infrastructure protection and incident reporting for communications providers.
Day 1 Large Scale Attacks
This document discusses lessons learned from large scale cyber attacks in Hungary and Estonia and proposes policy recommendations. It summarizes a large phishing attack against Hungarian banks coordinated from abroad and distributed denial of service attacks against Estonia from compromised international machines. It describes the national and international responses to these incidents, highlighting coordination between CERT teams. Key lessons identified include the need for improved preparedness, early warning systems, resources for incident response, and international cooperation. The document proposes establishing national cybersecurity strategies, coordination bodies, and regular exercises in countries. It also discusses the value of information sharing organizations in critical infrastructure sectors.
Day 2 Dns Cert 4c Malicious Use
- The document describes how DNS can be used maliciously for botnet command and control or amplification attacks, using a demonstration of a DNS bot.
- It provides the case study of the Conficker worm which used randomly generated domain names for instructions. A working group registered domains to prevent its activity until it switched to P2P.
- The demonstration shows a rogue DNS server instructing the bot to execute commands and post results via DNS queries, which can be seen in Wireshark.
- Mitigation strategies include domain blackholes, strengthening registration validation, detection mechanisms, and takedown policies developed with other organizations.
Day 1 Coop Banks
This document discusses cooperation between CERT-Hungary and banks from a cybersecurity perspective. It describes CERT-Hungary's role in information sharing, exercises, and recommendations to improve cybersecurity in the banking sector. It outlines various agreements and information sharing centers established between CERT-Hungary, banks, and financial regulators. It also discusses cybersecurity exercises conducted between 2007-2009 to test communication and response procedures for banks in the event of cyberattacks.
Dealing With Security Threats
Dealing with security threats, the director discusses:
1) The current threat landscape including threats to governments, consumers, and examples of security breaches.
2) The anatomy of a security breach including disruption of operations and different types of insiders like well-meaning or malicious.
3) The need for operationalizing security through establishing in-depth defense at the network periphery and endpoints to effectively defend interconnected systems and information sharing.
Cyber Security Strategies and Approaches
This document discusses cyber security strategies and approaches used by various governments and organizations. It outlines national strategies from the UK, US, Estonia, and Singapore, as well as approaches at the European Union level. Common themes across strategies include recognizing the interconnected nature of IT systems, moving from attack detection to prevention, and the need for joint public-private collaboration to develop regulations, share intelligence, and protect critical infrastructure and society.
Day 1 Enisa Setting Up A Csirt
The document provides an introduction to setting up a Computer Security Incident Response Team (CSIRT). It discusses the history of CERTs and internet security incidents. The document outlines the key components of establishing a CSIRT, including developing an overall strategy, business plan, operational procedures, training, and project plan. It also covers defining the CSIRT's services, organizational structure, and information security policies. The goal is to provide guidance on effectively planning and implementing a CSIRT to respond to cybersecurity incidents.
Anatomy of a CERT - Gordon Love, Symantec
This document discusses the need for Computer Emergency Response Teams (CERTs) in Africa given increasing internet connectivity and cyber threats on the continent. It outlines the changing digital landscape in Africa, including growing broadband infrastructure and more users. This expands the attack surface for malicious actors. The document then describes the objectives of a CERT in enhancing security awareness, building national expertise, assisting with cyber law, and establishing a central point of contact for incident reporting.
Recommended
Day 1 From CERT To NCSC
- CERT-Hungary started as a project under the Ministry of IT and Communications and is now under the Prime Minister's Office. It has partnership agreements with several government agencies and is responsible for the security of the e-government backbone network.
- The Theodore Puskás Government Foundation, founded in 1993, is governed by civil code and oversees CERT-Hungary. It engages in technology transfer, information security, and other activities.
- The e-Commerce Act and Ministerial Decree on National Alert Service for Communications establish CERT-Hungary's role in critical infrastructure protection and incident reporting for communications providers.
Day 1 Large Scale Attacks
This document discusses lessons learned from large scale cyber attacks in Hungary and Estonia and proposes policy recommendations. It summarizes a large phishing attack against Hungarian banks coordinated from abroad and distributed denial of service attacks against Estonia from compromised international machines. It describes the national and international responses to these incidents, highlighting coordination between CERT teams. Key lessons identified include the need for improved preparedness, early warning systems, resources for incident response, and international cooperation. The document proposes establishing national cybersecurity strategies, coordination bodies, and regular exercises in countries. It also discusses the value of information sharing organizations in critical infrastructure sectors.
Day 2 Dns Cert 4c Malicious Use
- The document describes how DNS can be used maliciously for botnet command and control or amplification attacks, using a demonstration of a DNS bot.
- It provides the case study of the Conficker worm which used randomly generated domain names for instructions. A working group registered domains to prevent its activity until it switched to P2P.
- The demonstration shows a rogue DNS server instructing the bot to execute commands and post results via DNS queries, which can be seen in Wireshark.
- Mitigation strategies include domain blackholes, strengthening registration validation, detection mechanisms, and takedown policies developed with other organizations.
Day 1 Coop Banks
This document discusses cooperation between CERT-Hungary and banks from a cybersecurity perspective. It describes CERT-Hungary's role in information sharing, exercises, and recommendations to improve cybersecurity in the banking sector. It outlines various agreements and information sharing centers established between CERT-Hungary, banks, and financial regulators. It also discusses cybersecurity exercises conducted between 2007-2009 to test communication and response procedures for banks in the event of cyberattacks.
Dealing With Security Threats
Dealing with security threats, the director discusses:
1) The current threat landscape including threats to governments, consumers, and examples of security breaches.
2) The anatomy of a security breach including disruption of operations and different types of insiders like well-meaning or malicious.
3) The need for operationalizing security through establishing in-depth defense at the network periphery and endpoints to effectively defend interconnected systems and information sharing.
Cyber Security Strategies and Approaches
This document discusses cyber security strategies and approaches used by various governments and organizations. It outlines national strategies from the UK, US, Estonia, and Singapore, as well as approaches at the European Union level. Common themes across strategies include recognizing the interconnected nature of IT systems, moving from attack detection to prevention, and the need for joint public-private collaboration to develop regulations, share intelligence, and protect critical infrastructure and society.
Day 1 Enisa Setting Up A Csirt
The document provides an introduction to setting up a Computer Security Incident Response Team (CSIRT). It discusses the history of CERTs and internet security incidents. The document outlines the key components of establishing a CSIRT, including developing an overall strategy, business plan, operational procedures, training, and project plan. It also covers defining the CSIRT's services, organizational structure, and information security policies. The goal is to provide guidance on effectively planning and implementing a CSIRT to respond to cybersecurity incidents.
Anatomy of a CERT - Gordon Love, Symantec
This document discusses the need for Computer Emergency Response Teams (CERTs) in Africa given increasing internet connectivity and cyber threats on the continent. It outlines the changing digital landscape in Africa, including growing broadband infrastructure and more users. This expands the attack surface for malicious actors. The document then describes the objectives of a CERT in enhancing security awareness, building national expertise, assisting with cyber law, and establishing a central point of contact for incident reporting.
abusing dns to spread malware:from router to end user(滥用dns传播恶意软件:从路由器到最终用户)-...
DNS can be abused in several ways to spread malware. Attackers can hijack or poison DNS on multiple levels, including end users, routers, and DNS servers. DNS was not originally designed with security in mind, so it has vulnerabilities that can be exploited. Real-world examples demonstrate how malware has abused DNS to redirect users to malicious sites and infect other devices on local networks. Improving DNS security and default device configurations can help mitigate these risks.
Dmk bo2 k8_ccc
Weaknesses in authentication and encryption across many systems allowed significant security flaws to emerge in 2008, including issues with DNS, SSL, and SNMPv3. These flaws occurred because critical systems like DNS, which underlie authentication in many other areas, cannot reliably authenticate responses. Fixing these problems was challenging due to dependencies between systems and the complexity of coordinating updates. The speaker argues that securing DNS could help address authentication issues in linked systems by providing a secure, scalable place to publish cryptographic keys and other authentication data.
DoS Attack - Incident Handling
This document discusses information security and denial of service (DoS) attacks. It begins with an agenda on information security incident handling. It then defines DoS attacks and explains they are aimed at availability, not confidentiality or integrity. It describes different types of DoS attacks including distributed denial of service (DDoS) attacks. The document outlines detection and analysis of DoS attacks as well as containment, eradication, recovery, and post-incident activities. It concludes with ways employees can help maintain network security.
Day 2 Dns Cert 4a Cache Poisoning
- The document describes a demonstration of a DNS cache poisoning attack. It provides instructions for setting up the attack using tools on a Ubuntu VM. The attack spoofs DNS responses to redirect traffic from a domain to a malicious IP address controlled by the attacker. This could enable realistic phishing attacks. Mitigation strategies include DNSSEC, SSL, and monitoring recursive DNS servers, but user awareness remains important.
DNS Security WebTitan Web Filter - Stop Malware
This document discusses the network threat challenges organizations face from malware, attacks, and exploits that target their DNS infrastructure. It outlines how DNS protection solutions like WebTitan can help by filtering high-risk websites in real-time to block malware, ransomware, viruses and other threats while enforcing acceptable web access policies. WebTitan provides complete DNS layer protection, custom filtering and reporting without any hardware or software to install.
Dns firewalls null-may2020
This document discusses using DNS as a layer of defense in networks. It describes how flat networks without segmentation are vulnerable and how a DNS firewall can help by filtering malicious DNS queries. It provides examples of DNS response policy zones (RPZ) that define rules for blocking domains known to host malware or phishing sites. Implementing a local recursive DNS resolver with RPZ rules is presented as a low-cost way to add defense for home, SOHO, and small business networks. Challenges from the rise of DNS over HTTPS are also covered.
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
This presentation was originally given as a lightning talk for a Charleston ISSA meeting. I talk briefly about malware analysis, and how to get started with malware analysis on a budget using virtualization.
Invited Talk - Cyber Security and Open Source
This document summarizes a presentation on cyber security and open source tools. It introduces the speaker and their background in cyber security research. The presentation covers an overview of cyber security risks, why security is important, common attack methods and vulnerabilities. It also discusses strategies for securing networks, software, mobile devices and privacy. The latter part demonstrates security issues and provides references for open source security tools.
Offence oriented Defence
This document discusses common defensive strategies and how attackers bypass them. It notes that while best practices like passwords, patching, and anti-virus are important, they also introduce commonalities that attackers learn to exploit. The document recommends that defenders study attack techniques to prioritize risks and design defenses that differentiate from standard approaches in order to limit widespread exploitation.
DNS Security, is it enough?
DNS security is important. But, in today’s world of dynamic cloud environments (AWS and Azure), content delivery networks (CDNs) and crowdsourced content and advertisements, looking only at the domain name is not a complete indicator of security. “Grey” domains are no longer the exception, they have become the norm. Join this webcast to explore the risks of relying on DNS-only based solutions and ways to add security to your DNS traffic without sacrificing performance or additional security insights.
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet: Analysis of Outbound Malware Communication, Stephan Chenette, Principal Security Researcher, (@StephanChenette) & Armin Buescher, Security Researcher
With advanced malware, targeted attacks, and advanced persistent threats, it’s not IF but WHEN a persistant attacker will penetrate your network and install malware on your company’s network and desktop computers. To get the full picture of the threat landscape created by malware, our malware sandbox lab runs over 30,000 malware samples a day. Network traffic is subsequently analyzed using heuristics and machine learning techniques to statistically score any outbound communication and identify command & control, back-channel, worm-like and other types of traffic used by malware.
Our talk will focus on the setup of the lab, major malware families as well as outlier malware, and the statistics we have generated to give our audience an exposure like never before into the details of malicious outbound communication. We will provide several tips, based on our analysis to help you create a safer and more secure network.
Stephan Chenette is a principal security researcher at Websense Security Labs, specializing in research tools and next generation emerging threats. In this role, he identifies and implements exploit and malcode detection techniques.
Armin Buescher is a Security Researcher and Software Engineer experienced in strategic development of detection/prevention technologies and analysis tools. Graduated as Dipl.-Inf. (MSc) with thesis on Client Honeypot systems. Interested in academic research work and published author of security research papers.
cyber sec.ppt
The document discusses various topics related to cyber security including best practices for business email, principles of warfare, footprinting, vulnerability scanning, virus detection, and the importance of individual cyber security and privacy efforts. It provides tips on configuring email settings, registering similar domain names to prevent spoofing, understanding what information footprinting gathers about systems and networks, how vulnerability scanners identify exposed vulnerabilities, how antivirus software detects viruses through signatures and heuristics, and committing to information security practices.
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat Security Conference
Nate Warfield, Microsoft
Ben Ridgway, Microsoft
MongoDB, Redis, Elastic, Hadoop, SMBv1, IIS6.0, Samba. What do they all have in common? Thousands of them were pwned. In Azure. In 2017. Attackers have shifted tactics, leveraged nation-state leaked tools and are leveraging ransomware to monetize their attacks. Cloud networks are prime targets; the DMZ is gone, the firewall doesn't exist and customers may not realize they've exposed insecure services to the internet until it's too late. In this talk we'll discuss hunting, finding and remediating compromised customer systems in Azure - a non-trivial task with 1.59million exposed hosts and counting. Remediating system compromise is only the first stage so we'll also cover how we applied the lessons learned to proactively secure Azure Marketplace. 11 Commandments of Cyber Security for the Home
The document provides 11 commandments of cyber security for home users. The commandments are: 1) pay attention, 2) use anti-malware software, 3) use firewalls, 4) update all software and systems regularly, 5) use strong passwords and multi-factor authentication, 6) backup data regularly, 7) trust but verify suspicious messages and links, 8) secure your home network, 9) use a VPN for public WiFi, 10) be wary of things that seem too good to be true, and 11) the attacker will likely move on to easier targets if you follow cyber security best practices. Examples and explanations are provided for each commandment.
No more ARP : Another MiTm Attacks
No Arp Poisoning
SMB, WPAD
LLMNR and NetBIOS-NS
Responder tools & attack
SMB Relay
MS08-068 SMB Relay reflect
NTLM authentication & Hash
SMB Signing
The Non-Advanced Persistent Threat
Advanced Persistent Threat (APT) is a term given to attacks that specifically and persistently target an entity. The security community views this type of attack as a complex, sophisticated cyber-attack that can last months or even years. However, new research indicates that these attacks are actually being achieved by much simpler methods.
Imperva's Application Defense Center (ADC) has discovered that data breaches commonly associated with APT require only basic technical skills. As a result, security teams need to fundamentally shift their focus from absolute prevention of intrusion to protecting critical data assets once intruders have gained access to their infrastructure.
This presentation will:
- Expose some powerful, yet extremely simple techniques that allow attackers to efficiently expand their reach within an infected organization
- Show how attackers achieve their goals without resorting to zero-day vulnerabilities and sophisticated exploits
- Discuss how organizations can protect themselves against the advance of such attacks
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
This document introduces BetWorm, a defensive worm created by the author to perform penetration testing and security assessments from an attacker's perspective within an organization's internal network. BetWorm spreads through authenticated SSH connections and maps vulnerable systems by collecting information, detecting weaknesses, analyzing attack surfaces, and emulating malicious connections. The author explains how BetWorm currently functions and future plans to improve its abilities to more quickly scan networks, save collected data to a command and control server, include a local web server, support both Linux and Windows, and provide a graphical user interface. A link is provided to access BetWorm's source code on GitHub.
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
This document discusses DNS security risks and how to better secure DNS infrastructure. It outlines five common DNS attack types, including TCP SYN floods, UDP floods, spoofed source address attacks, cache poisoning attacks, and man-in-the-middle attacks. It argues that general-purpose computers running operating systems like UNIX are not well-suited for DNS servers due to the complexity of securing the OS, difficulty of regularly updating both the OS and DNS software, and risk of compromise via user logins. Instead, it advocates for purpose-built appliances that are easier to secure and update to better prevent DNS attacks.
Workshop on Network Security
@skeptic_fx (Ahamed Nafeez) and I conducted a National Level Workshop on Network and Web Security on August 11th, 2010 during our third year BE CSE.
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network?
Session 1 - Intro to Robotic Process Automation.pdf
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
More Related Content
Similar to Day 2 Dns Cert 4 Scenarios
abusing dns to spread malware:from router to end user(滥用dns传播恶意软件:从路由器到最终用户)-...
DNS can be abused in several ways to spread malware. Attackers can hijack or poison DNS on multiple levels, including end users, routers, and DNS servers. DNS was not originally designed with security in mind, so it has vulnerabilities that can be exploited. Real-world examples demonstrate how malware has abused DNS to redirect users to malicious sites and infect other devices on local networks. Improving DNS security and default device configurations can help mitigate these risks.
Dmk bo2 k8_ccc
Weaknesses in authentication and encryption across many systems allowed significant security flaws to emerge in 2008, including issues with DNS, SSL, and SNMPv3. These flaws occurred because critical systems like DNS, which underlie authentication in many other areas, cannot reliably authenticate responses. Fixing these problems was challenging due to dependencies between systems and the complexity of coordinating updates. The speaker argues that securing DNS could help address authentication issues in linked systems by providing a secure, scalable place to publish cryptographic keys and other authentication data.
DoS Attack - Incident Handling
This document discusses information security and denial of service (DoS) attacks. It begins with an agenda on information security incident handling. It then defines DoS attacks and explains they are aimed at availability, not confidentiality or integrity. It describes different types of DoS attacks including distributed denial of service (DDoS) attacks. The document outlines detection and analysis of DoS attacks as well as containment, eradication, recovery, and post-incident activities. It concludes with ways employees can help maintain network security.
Day 2 Dns Cert 4a Cache Poisoning
- The document describes a demonstration of a DNS cache poisoning attack. It provides instructions for setting up the attack using tools on a Ubuntu VM. The attack spoofs DNS responses to redirect traffic from a domain to a malicious IP address controlled by the attacker. This could enable realistic phishing attacks. Mitigation strategies include DNSSEC, SSL, and monitoring recursive DNS servers, but user awareness remains important.
DNS Security WebTitan Web Filter - Stop Malware
This document discusses the network threat challenges organizations face from malware, attacks, and exploits that target their DNS infrastructure. It outlines how DNS protection solutions like WebTitan can help by filtering high-risk websites in real-time to block malware, ransomware, viruses and other threats while enforcing acceptable web access policies. WebTitan provides complete DNS layer protection, custom filtering and reporting without any hardware or software to install.
Dns firewalls null-may2020
This document discusses using DNS as a layer of defense in networks. It describes how flat networks without segmentation are vulnerable and how a DNS firewall can help by filtering malicious DNS queries. It provides examples of DNS response policy zones (RPZ) that define rules for blocking domains known to host malware or phishing sites. Implementing a local recursive DNS resolver with RPZ rules is presented as a low-cost way to add defense for home, SOHO, and small business networks. Challenges from the rise of DNS over HTTPS are also covered.
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
This presentation was originally given as a lightning talk for a Charleston ISSA meeting. I talk briefly about malware analysis, and how to get started with malware analysis on a budget using virtualization.
Invited Talk - Cyber Security and Open Source
This document summarizes a presentation on cyber security and open source tools. It introduces the speaker and their background in cyber security research. The presentation covers an overview of cyber security risks, why security is important, common attack methods and vulnerabilities. It also discusses strategies for securing networks, software, mobile devices and privacy. The latter part demonstrates security issues and provides references for open source security tools.
Offence oriented Defence
This document discusses common defensive strategies and how attackers bypass them. It notes that while best practices like passwords, patching, and anti-virus are important, they also introduce commonalities that attackers learn to exploit. The document recommends that defenders study attack techniques to prioritize risks and design defenses that differentiate from standard approaches in order to limit widespread exploitation.
DNS Security, is it enough?
DNS security is important. But, in today’s world of dynamic cloud environments (AWS and Azure), content delivery networks (CDNs) and crowdsourced content and advertisements, looking only at the domain name is not a complete indicator of security. “Grey” domains are no longer the exception, they have become the norm. Join this webcast to explore the risks of relying on DNS-only based solutions and ways to add security to your DNS traffic without sacrificing performance or additional security insights.
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet: Analysis of Outbound Malware Communication, Stephan Chenette, Principal Security Researcher, (@StephanChenette) & Armin Buescher, Security Researcher
With advanced malware, targeted attacks, and advanced persistent threats, it’s not IF but WHEN a persistant attacker will penetrate your network and install malware on your company’s network and desktop computers. To get the full picture of the threat landscape created by malware, our malware sandbox lab runs over 30,000 malware samples a day. Network traffic is subsequently analyzed using heuristics and machine learning techniques to statistically score any outbound communication and identify command & control, back-channel, worm-like and other types of traffic used by malware.
Our talk will focus on the setup of the lab, major malware families as well as outlier malware, and the statistics we have generated to give our audience an exposure like never before into the details of malicious outbound communication. We will provide several tips, based on our analysis to help you create a safer and more secure network.
Stephan Chenette is a principal security researcher at Websense Security Labs, specializing in research tools and next generation emerging threats. In this role, he identifies and implements exploit and malcode detection techniques.
Armin Buescher is a Security Researcher and Software Engineer experienced in strategic development of detection/prevention technologies and analysis tools. Graduated as Dipl.-Inf. (MSc) with thesis on Client Honeypot systems. Interested in academic research work and published author of security research papers.
cyber sec.ppt
The document discusses various topics related to cyber security including best practices for business email, principles of warfare, footprinting, vulnerability scanning, virus detection, and the importance of individual cyber security and privacy efforts. It provides tips on configuring email settings, registering similar domain names to prevent spoofing, understanding what information footprinting gathers about systems and networks, how vulnerability scanners identify exposed vulnerabilities, how antivirus software detects viruses through signatures and heuristics, and committing to information security practices.
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat Security Conference
Nate Warfield, Microsoft
Ben Ridgway, Microsoft
MongoDB, Redis, Elastic, Hadoop, SMBv1, IIS6.0, Samba. What do they all have in common? Thousands of them were pwned. In Azure. In 2017. Attackers have shifted tactics, leveraged nation-state leaked tools and are leveraging ransomware to monetize their attacks. Cloud networks are prime targets; the DMZ is gone, the firewall doesn't exist and customers may not realize they've exposed insecure services to the internet until it's too late. In this talk we'll discuss hunting, finding and remediating compromised customer systems in Azure - a non-trivial task with 1.59million exposed hosts and counting. Remediating system compromise is only the first stage so we'll also cover how we applied the lessons learned to proactively secure Azure Marketplace. 11 Commandments of Cyber Security for the Home
The document provides 11 commandments of cyber security for home users. The commandments are: 1) pay attention, 2) use anti-malware software, 3) use firewalls, 4) update all software and systems regularly, 5) use strong passwords and multi-factor authentication, 6) backup data regularly, 7) trust but verify suspicious messages and links, 8) secure your home network, 9) use a VPN for public WiFi, 10) be wary of things that seem too good to be true, and 11) the attacker will likely move on to easier targets if you follow cyber security best practices. Examples and explanations are provided for each commandment.
No more ARP : Another MiTm Attacks
No Arp Poisoning
SMB, WPAD
LLMNR and NetBIOS-NS
Responder tools & attack
SMB Relay
MS08-068 SMB Relay reflect
NTLM authentication & Hash
SMB Signing
The Non-Advanced Persistent Threat
Advanced Persistent Threat (APT) is a term given to attacks that specifically and persistently target an entity. The security community views this type of attack as a complex, sophisticated cyber-attack that can last months or even years. However, new research indicates that these attacks are actually being achieved by much simpler methods.
Imperva's Application Defense Center (ADC) has discovered that data breaches commonly associated with APT require only basic technical skills. As a result, security teams need to fundamentally shift their focus from absolute prevention of intrusion to protecting critical data assets once intruders have gained access to their infrastructure.
This presentation will:
- Expose some powerful, yet extremely simple techniques that allow attackers to efficiently expand their reach within an infected organization
- Show how attackers achieve their goals without resorting to zero-day vulnerabilities and sophisticated exploits
- Discuss how organizations can protect themselves against the advance of such attacks
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
This document introduces BetWorm, a defensive worm created by the author to perform penetration testing and security assessments from an attacker's perspective within an organization's internal network. BetWorm spreads through authenticated SSH connections and maps vulnerable systems by collecting information, detecting weaknesses, analyzing attack surfaces, and emulating malicious connections. The author explains how BetWorm currently functions and future plans to improve its abilities to more quickly scan networks, save collected data to a command and control server, include a local web server, support both Linux and Windows, and provide a graphical user interface. A link is provided to access BetWorm's source code on GitHub.
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
This document discusses DNS security risks and how to better secure DNS infrastructure. It outlines five common DNS attack types, including TCP SYN floods, UDP floods, spoofed source address attacks, cache poisoning attacks, and man-in-the-middle attacks. It argues that general-purpose computers running operating systems like UNIX are not well-suited for DNS servers due to the complexity of securing the OS, difficulty of regularly updating both the OS and DNS software, and risk of compromise via user logins. Instead, it advocates for purpose-built appliances that are easier to secure and update to better prevent DNS attacks.
Workshop on Network Security
@skeptic_fx (Ahamed Nafeez) and I conducted a National Level Workshop on Network and Web Security on August 11th, 2010 during our third year BE CSE.
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network?
Similar to Day 2 Dns Cert 4 Scenarios (20)
abusing dns to spread malware:from router to end user(滥用dns传播恶意软件:从路由器到最终用户)-...
abusing dns to spread malware:from router to end user(滥用dns传播恶意软件:从路由器到最终用户)-...
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Recently uploaded
Session 1 - Intro to Robotic Process Automation.pdf
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
Principle of conventional tomography-Bibash Shahi ppt..pptx
before the computed tomography, it had been widely used.
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
A Deep Dive into ScyllaDB's Architecture
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
Mutation Testing for Task-Oriented Chatbots
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Astute Business Solutions | Oracle Cloud Partner |
Your goto partner for Oracle Cloud, PeopleSoft, E-Business Suite, and Ellucian Banner. We are a firm specialized in managed services and consulting.
AppSec PNW: Android and iOS Application Security with MobSF
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Apps Break Data
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
From Natural Language to Structured Solr Queries using LLMs
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Gursev Pirge, PhD
Senior Data Scientist - JohnSnowLabs
Introducing BoxLang : A new JVM language for productivity and modularity!
Just like life, our code must adapt to the ever changing world we live in. From one day coding for the web, to the next for our tablets or APIs or for running serverless applications. Multi-runtime development is the future of coding, the future is to be dynamic. Let us introduce you to BoxLang.
Dynamic. Modular. Productive.
BoxLang redefines development with its dynamic nature, empowering developers to craft expressive and functional code effortlessly. Its modular architecture prioritizes flexibility, allowing for seamless integration into existing ecosystems.
Interoperability at its Core
With 100% interoperability with Java, BoxLang seamlessly bridges the gap between traditional and modern development paradigms, unlocking new possibilities for innovation and collaboration.
Multi-Runtime
From the tiny 2m operating system binary to running on our pure Java web server, CommandBox, Jakarta EE, AWS Lambda, Microsoft Functions, Web Assembly, Android and more. BoxLang has been designed to enhance and adapt according to it's runnable runtime.
The Fusion of Modernity and Tradition
Experience the fusion of modern features inspired by CFML, Node, Ruby, Kotlin, Java, and Clojure, combined with the familiarity of Java bytecode compilation, making BoxLang a language of choice for forward-thinking developers.
Empowering Transition with Transpiler Support
Transitioning from CFML to BoxLang is seamless with our JIT transpiler, facilitating smooth migration and preserving existing code investments.
Unlocking Creativity with IDE Tools
Unleash your creativity with powerful IDE tools tailored for BoxLang, providing an intuitive development experience and streamlining your workflow. Join us as we embark on a journey to redefine JVM development. Welcome to the era of BoxLang.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
Essentials of Automations: Exploring Attributes & Automation Parameters
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Day 2 - Intro to UiPath Studio Fundamentals
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
Recently uploaded (20)
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Day 2 Dns Cert 4 Scenarios
- 1. DNS Security for CERTs - Attack Scenarios & Demonstrations - Chris Evans Delta Risk, LLC 7 March 2010 1
- 2. Attack Overview • These attacks are demonstrations only Fear, • They are not intended to incite FUD Uncertainty, Doubt • Rather, they are intended to – Show you what’s possible! – Open a discussion for mitigation & response actions! 2
- 3. Architecture • Your Ubuntu VM, Windows TS, Your Host • Attack Server (192.168.85.5) • Target NameServer (182.168.101.10) • Registry System (192.168.101.50) • Mail Server (192.168.101.50) 3
- 4. Architecture • The Target Nameserver – Bind 9.4 • The Registry System – A simple PHP application built just for this demonstration – it has security holes in it! • The Mail Server – A webmail system for you to view “phishing” emails – Login: studentX, password: studentx 4
- 5. Scenarios • Cache Poisoning – Targets the NameServer – Effects Visible Through DNS Queries, Phishing Email • NameServer Redelegation – Targets the NameServer via the Registry Web System – Effects Visible Through DNS Queries • Malicious Use – Targets Individual VMs or Hosts – Effects Visible Through Traffic Analysis 5
- 6. Rules of Engagement • You can use your own systems for these scenarios • Nothing here is truly malicious – even the bot demonstration – it can all be removed easily • The phishing email will NOT do anything malicious – it will show you a link… – The website it directs you to will NOT do anything malicious… • If you prefer to use the VMs: – Use your Ubuntu VM for DNS queries & traffic analysis – Use your Windows TS as the “infected” bot 6
- 7. Let’s Party… • Any questions on connectivity? • If you are having trouble getting connected, please pair up with a neighbor for the exercises! ? 7