A thread is a single sequence stream within in a process. Because threads have some of the properties of processes, they are sometimes called lightweight processes. In a process, threads allow multiple executions of streams. ... An operating system that has thread facility, the basic unit of CPU utilization is a thread.
Steelcon 2014 - Process Injection with Pythoninfodox
This is the slides to accompany the talk given by Darren Martyn at the Steelcon security conference in July 2014 about process injection using python.
Covers using Python to manipulate processes by injecting code on x86, x86_64, and ARMv7l platforms, and writing a stager that automatically detects what platform it is running on and intelligently decides which shellcode to inject, and via which method.
The Proof of Concept code is available at https://github.com/infodox/steelcon-python-injection
Security research over Windows #defcon chinaPeter Hlavaty
Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.
A thread is a single sequence stream within in a process. Because threads have some of the properties of processes, they are sometimes called lightweight processes. In a process, threads allow multiple executions of streams. ... An operating system that has thread facility, the basic unit of CPU utilization is a thread.
Steelcon 2014 - Process Injection with Pythoninfodox
This is the slides to accompany the talk given by Darren Martyn at the Steelcon security conference in July 2014 about process injection using python.
Covers using Python to manipulate processes by injecting code on x86, x86_64, and ARMv7l platforms, and writing a stager that automatically detects what platform it is running on and intelligently decides which shellcode to inject, and via which method.
The Proof of Concept code is available at https://github.com/infodox/steelcon-python-injection
Security research over Windows #defcon chinaPeter Hlavaty
Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
As time goes on operating systems keep evolving, like Microsoft Windows do, it ships new designs, features and codes from time to time. However sometimes it also ships more than bit of codes for complex subsystems residing in its kernel ... and at some future point it starts implementing new designs to prevent unnecessary access to it. However is it safe enough?
As we can see from security bulletins, win32k subsystem attracts lots of attention. It looks that with efforts of many security researchers who has dug into this area, finding bugs here shall becomes pretty tough and almost fruitless. But unfortunately this is not true, as win32k is backed up by very complex logic and large amount of code by nature..
We will present our point of view to Windows graphic subsystem, as well as schema of our fuzzing strategies. We will introduce some unusual areas of win32k, its extensions and how it can breaks even locked environments.
Part of our talk will be dedicated to CVE-2016-0176, the bug we used for this year's Pwn2Own Edge sandbox bypass, from its discovery to its exploitation techniques, which could serves as an example for universal DirectX escape which is independent of graphics vendors.
Course 102: Lecture 20: Networking In Linux (Basic Concepts) Ahmed El-Arabawy
This lecture addresses the basic concepts of Networking and the associated commands in Linux. It describes MAC Addressed, IP Addresses, Subnets, Routing, Private Addressing and NATing, ARP protocol, and DNS
Video for this lecture on youtube:
http://www.youtube.com/watch?v=IZ5Pz2t-pTI
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
Intel Processor Trace (or Intel PT) is an processor extension for IA64 and IA32. The extension captures how a program got executed in machine-instruction level. All dynamic events, such as, branches, calls and interrupts, are recorded. This allows perfect reconstruction of previous execution by a trace analyzer.
This slide summarizes which data is generated out from this extension.
Threads in Operating System | Multithreading | Interprocess CommunicationShivam Mitra
1.Interprocess communication ( IPC )
2. Introduction to threads
3. Difference between threads and process
4. Multiprocessing vs multithreading
5. Multithreading challenges
Distrowatch.com currently list over 300 publicly available Linux distributions. Volunteers make most of them. How it’s possible that they don’t explode into our faces on a regular basis? I had pleasure to share some of my thoughts on the topic during Testwarez 2018.
There are slides (probably with little fixes) from this conference. Please note that some of them won't make sense without context (presentation itself).
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...peknap
In dealing with a real world problem of scheduling three classes of tasks – network packet forwarding, voice over IP and application level services for a home gateway device, the author found that mechanisms coming with vanilla Linux kernel are not enough. This talk will cover the unique real-time requirements for each task class, why moving softirq to process context with RT_PREEMPT patch is an important step in solving the problem and how a deadline based process scheduler would be a better solution than regular real-time scheduling classes.
Kernel Recipes 2015 - So you want to write a Linux driver frameworkAnne Nicolas
Writing a new driver framework in Linux is hard. There are many pitfalls along the way; this talk hopes to point out some of those pitfalls and hard lessons learned through examples, advice and humorous anecdotes in the hope that it will aid those adventurous enough to take on the task of writing a new driver framework. The scope of the talk includes internal framework design as well as external API design exposed to drivers and consumers of the framework. This presentation pulls directly from the Michael Turquette’s experience authoring the Common Clock
Framework and maintaining that code for the last four years.
Additionally Mike has solicited tips and advice from other subsystem maintainers, for a well-rounded overview. Be prepared to learn some winning design patterns and hear some embarrassing stories of framework design gone wrong.
Mike Turquette, BayLibre
Linux IO internals for database administrators (SCaLE 2017 and PGDay Nordic 2...PostgreSQL-Consulting
Input-output performance problems are on every day agenda for DBAs since the databases exist. Volume of data grows rapidly and you need to get your data fast from the disk and moreover - fast to the disk. For most databases there is a more or less easy to find checklist of recommended Linux settings to maximize IO throughput. In most cases that checklist is good enough. But it is always better to understand how it works, especially if you run into some corner-cases. This talk is about how IO in Linux works, how database pages travel from disk level to database own shared memory and back and what kind of mechanisms exist to control this. We will discuss memory structures, swap and page-out daemons, filesystems, schedulers and IO methods. Some fundamental differences in IO approaches between PostgreSQL, Oracle and MySQL will be covered
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
A hacker likes computers for the same reason that a child likes legos: both allow the creation of something new. However the growing trend has been to 'close up' general purpose computing into devices that serve a narrow purpose. It's been happening with games consoles, routers, smartphones, smart TV's and more recently, smartwatches. A hacker will face this trend as an additional challenge and will be even more motivated to gain control over the device.
This talk is a journey to the world of 'reverse engineering' of a device of the "Internet of Things", in this case a Tomtom Runner sports watch. The author has little previous experience in reverse engineering of embedded systems, so the talk aims to serve as an introduction to this topic, what motivations and what kind of approaches may be tried.
Presented in September 2015 at "Confraria de Segurança da Informação" in Lisbon
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
As time goes on operating systems keep evolving, like Microsoft Windows do, it ships new designs, features and codes from time to time. However sometimes it also ships more than bit of codes for complex subsystems residing in its kernel ... and at some future point it starts implementing new designs to prevent unnecessary access to it. However is it safe enough?
As we can see from security bulletins, win32k subsystem attracts lots of attention. It looks that with efforts of many security researchers who has dug into this area, finding bugs here shall becomes pretty tough and almost fruitless. But unfortunately this is not true, as win32k is backed up by very complex logic and large amount of code by nature..
We will present our point of view to Windows graphic subsystem, as well as schema of our fuzzing strategies. We will introduce some unusual areas of win32k, its extensions and how it can breaks even locked environments.
Part of our talk will be dedicated to CVE-2016-0176, the bug we used for this year's Pwn2Own Edge sandbox bypass, from its discovery to its exploitation techniques, which could serves as an example for universal DirectX escape which is independent of graphics vendors.
Course 102: Lecture 20: Networking In Linux (Basic Concepts) Ahmed El-Arabawy
This lecture addresses the basic concepts of Networking and the associated commands in Linux. It describes MAC Addressed, IP Addresses, Subnets, Routing, Private Addressing and NATing, ARP protocol, and DNS
Video for this lecture on youtube:
http://www.youtube.com/watch?v=IZ5Pz2t-pTI
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
Intel Processor Trace (or Intel PT) is an processor extension for IA64 and IA32. The extension captures how a program got executed in machine-instruction level. All dynamic events, such as, branches, calls and interrupts, are recorded. This allows perfect reconstruction of previous execution by a trace analyzer.
This slide summarizes which data is generated out from this extension.
Threads in Operating System | Multithreading | Interprocess CommunicationShivam Mitra
1.Interprocess communication ( IPC )
2. Introduction to threads
3. Difference between threads and process
4. Multiprocessing vs multithreading
5. Multithreading challenges
Distrowatch.com currently list over 300 publicly available Linux distributions. Volunteers make most of them. How it’s possible that they don’t explode into our faces on a regular basis? I had pleasure to share some of my thoughts on the topic during Testwarez 2018.
There are slides (probably with little fixes) from this conference. Please note that some of them won't make sense without context (presentation itself).
Solving Real-Time Scheduling Problems With RT_PREEMPT and Deadline-Based Sche...peknap
In dealing with a real world problem of scheduling three classes of tasks – network packet forwarding, voice over IP and application level services for a home gateway device, the author found that mechanisms coming with vanilla Linux kernel are not enough. This talk will cover the unique real-time requirements for each task class, why moving softirq to process context with RT_PREEMPT patch is an important step in solving the problem and how a deadline based process scheduler would be a better solution than regular real-time scheduling classes.
Kernel Recipes 2015 - So you want to write a Linux driver frameworkAnne Nicolas
Writing a new driver framework in Linux is hard. There are many pitfalls along the way; this talk hopes to point out some of those pitfalls and hard lessons learned through examples, advice and humorous anecdotes in the hope that it will aid those adventurous enough to take on the task of writing a new driver framework. The scope of the talk includes internal framework design as well as external API design exposed to drivers and consumers of the framework. This presentation pulls directly from the Michael Turquette’s experience authoring the Common Clock
Framework and maintaining that code for the last four years.
Additionally Mike has solicited tips and advice from other subsystem maintainers, for a well-rounded overview. Be prepared to learn some winning design patterns and hear some embarrassing stories of framework design gone wrong.
Mike Turquette, BayLibre
Linux IO internals for database administrators (SCaLE 2017 and PGDay Nordic 2...PostgreSQL-Consulting
Input-output performance problems are on every day agenda for DBAs since the databases exist. Volume of data grows rapidly and you need to get your data fast from the disk and moreover - fast to the disk. For most databases there is a more or less easy to find checklist of recommended Linux settings to maximize IO throughput. In most cases that checklist is good enough. But it is always better to understand how it works, especially if you run into some corner-cases. This talk is about how IO in Linux works, how database pages travel from disk level to database own shared memory and back and what kind of mechanisms exist to control this. We will discuss memory structures, swap and page-out daemons, filesystems, schedulers and IO methods. Some fundamental differences in IO approaches between PostgreSQL, Oracle and MySQL will be covered
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
A hacker likes computers for the same reason that a child likes legos: both allow the creation of something new. However the growing trend has been to 'close up' general purpose computing into devices that serve a narrow purpose. It's been happening with games consoles, routers, smartphones, smart TV's and more recently, smartwatches. A hacker will face this trend as an additional challenge and will be even more motivated to gain control over the device.
This talk is a journey to the world of 'reverse engineering' of a device of the "Internet of Things", in this case a Tomtom Runner sports watch. The author has little previous experience in reverse engineering of embedded systems, so the talk aims to serve as an introduction to this topic, what motivations and what kind of approaches may be tried.
Presented in September 2015 at "Confraria de Segurança da Informação" in Lisbon
When Node.js Goes Wrong: Debugging Node in Production
The event-oriented approach underlying Node.js enables significant concurrency using a deceptively simple programming model, which has been an important factor in Node's growing popularity for building large scale web services. But what happens when these programs go sideways? Even in the best cases, when such issues are fatal, developers have historically been left with just a stack trace. Subtler issues, including latency spikes (which are just as bad as correctness bugs in the real-time domain where Node is especially popular) and other buggy behavior often leave even fewer clues to aid understanding. In this talk, we will discuss the issues we encountered in debugging Node.js in production, focusing upon the seemingly intractable challenge of extracting runtime state from the black hole that is a modern JIT'd VM.
We will describe the tools we've developed for examining this state, which operate on running programs (via DTrace), as well as VM core dumps (via a postmortem debugger). Finally, we will describe several nasty bugs we encountered in our own production environment: we were unable to understand these using existing tools, but we successfully root-caused them using these new found abilities to introspect the JavaScript VM.
Debugging Complex Systems - Erlang Factory SF 2015lpgauth
Debugging complex systems can be difficult. Luckily, the Erlang ecosystem is full of tools to help you out. With the right mindset and the right tools, debugging complex Erlang systems can be easy. In this talk, I'll share the debugging methodology I've developed over the years.
.NET Core Summer event 2019 in Brno, CZ - War stories from .NET team -- Karel...Karel Zikmund
.NET Core Summer event, 2019 in Brno, CZ - 2019/7/9
Talk: War stories from .NET team by Karel Zikmund
https://www.wug.cz/brno/akce/1152--NET-Core-Summer-Event
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing.
Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached.
The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.
NDC Oslo 2019 - War stories from .NET team -- Karel ZikmundKarel Zikmund
NDC Oslo 2019 conference in Oslo, NO - 2019/6/21
Talk: War stories from .NET team by Karel Zikmund
https://sessionize.com/s/karel-zikmund/war-stories-from-.net-team/24172
https://www.youtube.com/watch?v=ntGBRi_I3MM
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
"In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function is becoming more powerful, its security has been questioned by many people. People are worried that smart speakers will be hacked to leak their privacy, and our research proves that this concern is very necessary.
In this talk, we will present how to use multiple vulnerabilities to achieve remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we're also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice."
.NET Core Summer event 2019 in Vienna, AT - War stories from .NET team -- Kar...Karel Zikmund
.NET Core Summer event, 2019 in Vienna, AT - 2019/7/4
Talk: War stories from .NET team by Karel Zikmund
https://www.meetup.com/dotnet-austria/events/262250140/
Experiences from debugging ZFS in production in Illumos and Linux from Delphix. Introduction of the SDB debugger and how it can be used to debug ZFS on Linux.
.NET Core Summer event 2019 in NL - War stories from .NET team -- Karel ZikmundKarel Zikmund
.NET Core Summer event, 2019 in Veenendaal, NL - 2019/6/22
Talk: War stories from .NET team by Karel Zikmund
https://www.dncse.nl/sessions/session2-3-2/
BSides MCR 2016: From CSV to CMD to qwertyJerome Smith
This presentation, based on a real penetration test, examines vulnerabilities in Excel export that often feature in web applications. It shows how the flaw can result in operating system commands being run on the victim user’s machine, and in this case how Windows domain credentials could be targeted. The underlying technique is not new but due to the unusual conditions of the test, several practical points are covered on the extra work that was required to grab the hash and crack it, which ultimately led to a bug discovered in the popular password cracking tool “hashcat”. This part of the talk was largely based on a blog post earlier this year.
The presentation then goes on to discuss opportunities for refining the original Excel export attack in terms of reducing the number of warnings issued by Excel when it runs spreadsheets with suspicious content.
.NET Core Summer event 2019 in Linz, AT - War stories from .NET team -- Karel...Karel Zikmund
.NET Core Summer event, 2019 in Linz, AT - 2019/7/23
Talk: War stories from .NET team by Karel Zikmund
https://www.meetup.com/NET-Stammtisch-Linz/events/261637908/
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzerGangSeok Lee
2012 CodeEngn Conference 06
퍼징 기술의 입문자, 중급자에 초점을 맞추었고 퍼징 기술에 대한 백그라운드 설명부터 시작하여 최근의 퍼징 기술에는 어떠한 것들이 있는지 살펴보고 퍼징 기술이 버그 찾기에 어떻게 쓰일 수 있는지 부터 시작하여 효율적인 퍼징 테크닉은 어떤것들이 있는지 설명한다. 또한, 각 퍼징 기법들의 한계점과 단점에 대해서 지적하며 왜 자신만의 퍼징 노하우와 방법이 필요한지 설명하면서 퍼징 기술의 복잡성과 다양성, 해커들은 어떤 기법을 선호하는지 소개한다. 발표자가 사용하고 있는 기법이나 노하우에 대해서도 공유 할 예정이다.
http://codeengn.com/conference/06
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Debugging multiplayer games
1.
2. Outline
• Collection of guidelines, war stories and techniques learned during the
development of Warframe
• Focus on multiplayer games (many techniques applicable to any game type),
frequent updates, active community
• Mostly PC centric (more diagnostics available to developers, but variety of
hardware)
• What this talk is not about
3. Warframe
• A cooperative third person online action game
• 3 platforms (PC, PS4 (launch title), XB1) + China (PC+PS4)
• 23+ millions accounts
• Typical CCU ~45-50k+ (PC)
• Weekly updates, frequent major updates (usually every 6-8 weeks)
• Own technology stack (everything from low-level socket code to
matchmaking, all 3 platforms)
4. Debugging multiplayer code
• Debugging games is hard
• Debugging a MP game - like multi core, but no idea what other cores are
doing
• Debugging a constantly evolving MP game...
• ...running across N operating systems and hardware configurations =
5. Knowledge is power
• Collecting bugs/crash information to a database of your choice
• In most cases - extension of an internal system (unhandled exception
handler, uploaded to a global server)
• No longer shielded by publisher, can be overwhelming at first. Higher CCU =
more crashes (1/32k chance -- seemingly crashing all the time)
• Include important details in the bug itself (OS, 32/64-bit, CPU, account…)
for easy filtering
6. Analyzing data
“...there is no religious demagogue worse than an engineer arguing from intuition instead
of data.”
Robert P. Colwell, The Pentium Chronicles
• Do not guess -- build a system to analyze incoming cases
• Can start small (e.g. “Top 10 crashes in the latest build”), keep adding
details
7. Our system
• Top X most frequent crashes, can be filtered by category (networking,
system, game, ...)
• Cross referencing (past builds)
• Crashes/hour graph for every build
• Global stats – bug breakdown (intuition vs cold facts)
• Guess how many one-off crashes we get?
8. Our system
• Top X most frequent crashes, can be filtered by category (networking,
system, game, ...)
• Cross referencing (past builds)
• Crashes/hour graph for every build
• Global stats – bug breakdown (intuition vs cold facts)
• Guess how many one-off crashes we get? ~80%! (good... and bad)
9. Our system
• Top X most frequent crashes, can be filtered by category (networking,
system, game, ...)
• Cross referencing (past builds)
• Crashes/hour graph for every build
• Global stats – bug breakdown (intuition vs cold facts)
• Guess how many one-off crashes we get? ~80%! (good... and bad)
• Usually almost 30% of all crashes in the top 5 issues (4/5 of these tend to be
in drivers/external DLLs these days)
10. Crash report – log file
• Given 2 theoretical extremes, it’s better to log too much than not enough
○ Can always filter out noise, can’t materialize information that isn’t there
• Avoid messages carrying only binary info. Rule of thumb: the more unusual
situation – the more details
• ID all the things (objects, messages, players)
• If something goes wrong, does it provide enough information to figure out
the reason?
11. Look for cracks between layers
• State machines (matchmaking, mission flow, UI)
• N systems interacting with each other
• UI vs underlying code (triggering an activity just as something else
starts/ends)
• Clients connecting/disconnecting
• Focus on patterns repeating in multiple log files (the more the better)
• Modify the code locally to trigger the suspected problem
12. Parsing logs
• Eyeballing is hard, especially for long sessions (megabytes of text, multiple
missions)
• Simple Perl scripts FTW (congestion control, leaking objects). Even easier if
interesting entries are marked clearly
• A graph is worth a thousand words (or numbers…)
15. Crash report - dumps
• Know your assembly (x64 tends to be easier to investigate, more registers).
See [Ruskin11]
• Immediate Window to the rescue (> + command, e.g. >~kb for callstacks for
all threads)
• Spider sense (e.g. reallocating std::vector while iterating)
16. Instrumenting crash dumps
• In a perfect world, we’d just use full memory dumps. Sadly, they’re way too
big for practical purposes (hundreds of megs),
• “Mini” dumps include registers and the stack memory, helpful, but not
always good enough
• Can try to “exploit”, by storing important data on the stack (see blog post)
• Better way: mini dump callbacks and request regions pointed by registers (if
they look like valid addresses, can even chase pointers recursively)
• Detecting type -- cast register to pointer, VS resolves vftables, e.g.
(void**)eax - {Warframe.exe!const Projectile::`vftable'}
17. LogBug
• Problem: crash we can work around, but the root cause remains a mystery.
Examples: indexing out of bounds, state desynchronization
• We can add more logging, but ideally we prevent users from crashing
• Enter LogBug aka silent assertion. Logs an error message + a callstack,
game keeps running, the error report dialog pops up when the app exits.
• Result: game doesn’t crash, we get extra info (no dump, just log). 15
minutes of work to add on top of existing error handler.
• Use sparingly, fix quickly (~15 active LogBugs in Warframe as of today)
• Equivalent to fatal error for internal builds
18. Deploying to public
• Low hanging fruit long gone, this is where the “fun” starts
• Forget about trying to repro the bug just by playing a game (can still alter a
build sometimes)
• Left with good old fashioned police work. Given leads and clues, try to
determine who’s the killer (or the reason for our bug)
• Ability to quickly test various scenarios (unit tests) - invaluable!
19. Chasing a suspect
• Less stepping through code in a debugger, more
pen & paper
• War story: Warframe goes public, rare reports
where a client crashes because host assumes he
had received some information before (he didn’t)
• It’s tempting to overcomplicate things, start with
simple theories
• Add “dimensions” rather than move along the
same “axis”
21. Adding dimensions
Adding a new dimension uncovers new possibilities
In our case - data dropped once, chunks it used to share a packet with
retransmitted, but no space in the new packet for all original entries.
23. The aftermath
• Very difficult to verify we got the right guy (no
repro, remember?)
• Publish a fix, hope for the best
• Sometimes, an evil twin/copycat remains. Usually
much easier now that we’ve a system/theory in
place
• Ideally, do not introduce major changes until the fix is verified (hard to
attribute the cause otherwise)
24. LogBug strikes again
• Eternal problem with networking – what was the other side doing at that time?
We only get reports from the player who crash/encountered a problem
• Some experiments with recording network messages (space limitations, still
incomplete)
• Solution: try to handle gracefully/convert to a LogBug and send a special
message to the other player – “trigger LogBug”
• Result: we get 2 (or more) reports from 2 machines (full log file with all the info
we could think about). Have to find a matching pair (not everyone submits), but
often any data from both sides is very helpful
26. Compiler bugs
• “Never happens”... or does it?
• Seemingly innocent code:
m_v = Min(v, MAX_V);
// Overloaded operator= contained _rotr16 intrinsic inside.
• Getting reports of ‘v’ set to values greater than MAX_V
• Generated (pseudo)assembly:
mov r8d,MAX_V
cmp edx,r8d ; edx=v, x86 -> flags as in sub edx,r8d
ror ax,X ; X=1 for consistent repro, was other value
cmovl r8w,dx ; r8 will be later stored in m_v
• cmovl depends on OF & SF (move if OF!=SF)
27. Compiler bugs… and CPU differences
ROR instruction + the overflow flag:
• Different behavior on different CPUs. i5-3320m laptop and i7-850 are “fine”,
i7 2600k would modify the OF flag.
• VS 2010, seems to be fixed in VS2012
The OF flag is defined only for the 1-bit rotates; it is undefined in all other cases [...] For right rotates, the
OF flag is set to the exclusive OR of the two most-significant bits of the result. (Intel 64 and IA-32
Architectures Software Developer’s Manual, vol 2B)
28. Freezes/hitches
• Need a way to grab the state of our process (a user friendly way!),
• First approach: Process Hacker (just a callstack, no dump)
• Better: procdump + batch file to make it a one-click operation:
procdump process_name
• Requires community help
• Terrible granularity, but we’ve already diagnosed a few problems this way
29. Community
• Best community ever (no, really)
• Community Testers (second layer)
• Freezes/hitches
• Network issues
• Forums, IRC, voice chat
30. Third party libraries/external DLLs
• Mostly beyond our control, but users blame you anyway (not your fault, but
your problem)
• Third party libs: report a problem, wait for a new version
• External app: report a problem, detect and inform (video card software,
various overlays)
• Also: early console SDKs (especially paths less traveled). Staring at assembly
code again
• If you’re feeling brave, other options exhausted and you’re really bored:
patching binaries by hand ([Sinilo13])
36. Spider sense – dynamic arrays
Great container (std::vector & friends), but a few problems
○ push_back while iterating (often few levels down the call chain), can reallocate
memory and invalidate iterators. Typical symptoms: crashing when trying to
access memory pointed by an iterator
○ indexing out of range (in some cases easy to tell from the dump). In many cases
fine to access it, but data doesn’t make sense, so fails later when trying to use it.
37. Spider sense - multithreading
• Crash when reading/writing, data races
• See what other threads are doing
• Investigate all accesses, missing locks
• Sometimes adding Sleeps makes it easier to repro (more likely for jobs to
overlap on your fast computer)
• Fake/failing locks - widen the race window, make it more obvious to detect
concurrent access
“Lock” = assert eq 0, set to 1
“Unlock” = assert eq 1, set to 0
38. Bugs – a social problem
• No man’s land, “the bystander effect” (probability of help inversely related to
the number of bystenders)
• Situation a little bit better in a typical game team, not a problem with serious
bugs
• Cracks between layers again – problems when multiple modules overlap
• Gamification: top issues lists, bounties
• Systemic tweaks: clear responsibilities, encourage team members to move
outside their comfort zones (especially new employees, one of the best
ways to get familiar with the codebase)
Editor's Notes
Not about pre-release, in-house testing (extra diag tools, traffic recording etc)
Brian Kernighan – “Everyone knows that debugging is twice as hard as writing a program in the first place.”
Getting hit by a lightning – 1/80k
Where 2 layers meet
“See Test X for details”
Both failing and succeeding tests valuable
Flow analysis
Process Hacker has an option to grab a dump, but it’s a full memory dump (considered modifying the source).