In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker.
The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker.
The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
A supporting slide deck for SensePost's Defcon 22 talk. It contains more useful written information, that the picture heavy version we presented at the conference. You can see the conference video at https://www.youtube.com/watch?v=i2-jReLBSVk and can get the code at https://github.com/sensepost/mana
How to hack a telecom and stay alive
Speaker: Sergey Gordeychik
Penetration testing of telecommunication companies' networks is one of the most complicated and interesting tasks of this kind. Millions of IPs, thousands of nodes, hundreds of Web servers and only one spare month. What challenges are waiting for an auditor during the telecom network testing? What to pay attention on? How to use the working time more effectively? Why is the subscriber more dangerous than hacker? Why is contractor more dangerous than subscriber? How to connect vulnerability with financial losses? Sergey Gordeychik will tell about it and the most significant and funny cases of penetration testing of telecommunication networks in his report.
[ENG] IPv6 shipworm + My little Windows domain pwnieZoltan Balazs
Hacktivity 2011 presentation about IPv6 Teredo protocol, Windows pass-the-hash attack
Original video in Hungarian: http://vimeo.com/31359639
Translated version: http://vimeo.com/31360814
The last five to ten years has seen massive advancements in open source Internet-wide mass-scan tooling, on-demand cloud computing, and high speed Internet connectivity. This has lead to a massive influx of different groups mass-scanning all four billion IP address in the IPv4 space on a constant basis. Information security researchers, cyber security companies, search engines, and criminals scan the Internet for various different benign and nefarious reasons (such as the WannaCry ransomware and multiple MongoDB, ElasticSearch, and Memcached ransomware variants). It is increasingly difficult to differentiate between scan/attack traffic targeting your organization specifically and opportunistic mass-scan background radiation packets.
Grey Noise is a system that records and analyzes all the collective omnidirectional background noise of the Internet, performs enrichments and analytics, and makes the data available to researchers for free. Traffic is collected by a large network of geographically and logically diverse “listener” servers distributed around different data centers belonging to different cloud providers and ISPs around the world.
In this talk I will candidly discuss motivations for developing the system, a technical deep dive on the architecture, data pipeline, and analytics, observations and analysis of the traffic collected by the system, business impacts for network operators, pitfalls and lessons learned, and the vision for the system moving forward.
In this talk, we will dive into the data captured during last years Wall of Sheep applications and protocols that are giving your away credentials. This is something that anyone, with the right level of knowledge and inclination, could certainly do with a few basic ingredients. We will enumerate them. The dataset we will focus on was gathered as part of the Wall of Sheep contest during DEF CON 22. While this data was gathered using an off the shelf technology, that platform will not be the topic we discuss. Rather, we will focus on the types and scope of data sent totally in the clear for all to see. Additionally, we will discuss the ramifications this might have in a less "friendly" environment --where loss of one's anonymity, might really, really suck. Finally, we will discuss and recommend ways you can hamper this type of collection.
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
DerbyCon 2016
Nick Landers @monoxgas
External mail via Exchange is one of the most common services offered by organizations today. The Microsoft Office suite is even more prevalent making Outlook the most common mail client around. This talk focuses on the abuse of these two products for the purpose of gaining code execution inside remote networks. Subjects include E-Mail and password scraping, OWA/EWS brute forcing techniques, and new research into abusing Outlook mail rules for remote code execution. Learn about the capabilities of client side rules, the underlying Windows APIs, and how to modify these rule objects to make phishing attacks obsolete. Security Consultant at Silent Break Security. Professional Hacker for 2 years. Current work involves writing custom malware and researching unique attack vectors that abuse functionality in windows environments.
Red Team Tactics for Cracking the GSuite PerimeterMike Felch
As more corporations adopt Google for providing cloud services they are also inheriting the security risks associated with centralized computing, email and data storage outside the perimeter. In order for pentesters and red teamers to remain effective in analyzing security risks, they must adapt techniques in a way that brings value to the customer.
In this presentation we will begin by demonstrating adaptive techniques to crack the perimeter of Google Suite customers. Next, we will show how evasion can be accomplished by hiding in plain-sight due to failures in incident response plans. Finally, we will also show how a simple compromise could mean collateral damage for customers who are not carefully monitoring these cloud environments.
Ross Bevington, Microsoft
In ‘The Matrix’ sentient machines subdue the population by developing a highly sophisticated simulation. High interaction honeypots are a lot like The Matrix, designed to convince an attacker to execute an attack so we can monitor them. But these honeypots are flawed!
Attackers are continually adapting in order to evade our defenses - meaning that it’s often not enough to just set up a honeypot and watch the results roll in. Is a new approach better?
Did you know that 40% of IaaS VMs in Azure are Linux? For Microsoft to protect itself and its customers Linux is a priority.
At MSTIC we’ve developed a new type of Linux honeypot that allows us to deceive and control the behavior of an attacker. We are using this to understand the person behind the attack, examining them as they examine us. Using these techniques, we are able to better track the person behind the threat, build better protections and ultimately protect more Linux users - whether they are using Azure or not.
In this presentation I’ll show some of the successes of running a Matrix like environment, failures where a glitch was spotted as well as deception approaches that could be applied to other domains. Finally I’ll show how easy it is to leverage Azure’s big data capabilities to build and ultimately query all this data at scale as well as how you can immediately reap the benefits of this work by connecting your Linux box to Azure Security Center.
Talk Venue: BSides Tampa 2020
Speakers: Mike Felch & Joff Thyer
This talk will focus on the many different ways that a penetration tester, or Red Teamer can leverage the Python programming language during offensive operations. Python is a rich and powerful programming language which above all else allows a competent developer to very quickly write new tools that might start as a Proof of Concept, but soon become an invaluable addition to the Red Teamer's tool-belt. Having the skills to both generate new tools, and modify existing tools on the fly is critically important to agility during testing engagement. Everything from utility processing of data, network protocol, API interaction, and exploit development can be rapidly developed due to the high functionality level and intuitive nature of Python.
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
A supporting slide deck for SensePost's Defcon 22 talk. It contains more useful written information, that the picture heavy version we presented at the conference. You can see the conference video at https://www.youtube.com/watch?v=i2-jReLBSVk and can get the code at https://github.com/sensepost/mana
How to hack a telecom and stay alive
Speaker: Sergey Gordeychik
Penetration testing of telecommunication companies' networks is one of the most complicated and interesting tasks of this kind. Millions of IPs, thousands of nodes, hundreds of Web servers and only one spare month. What challenges are waiting for an auditor during the telecom network testing? What to pay attention on? How to use the working time more effectively? Why is the subscriber more dangerous than hacker? Why is contractor more dangerous than subscriber? How to connect vulnerability with financial losses? Sergey Gordeychik will tell about it and the most significant and funny cases of penetration testing of telecommunication networks in his report.
[ENG] IPv6 shipworm + My little Windows domain pwnieZoltan Balazs
Hacktivity 2011 presentation about IPv6 Teredo protocol, Windows pass-the-hash attack
Original video in Hungarian: http://vimeo.com/31359639
Translated version: http://vimeo.com/31360814
The last five to ten years has seen massive advancements in open source Internet-wide mass-scan tooling, on-demand cloud computing, and high speed Internet connectivity. This has lead to a massive influx of different groups mass-scanning all four billion IP address in the IPv4 space on a constant basis. Information security researchers, cyber security companies, search engines, and criminals scan the Internet for various different benign and nefarious reasons (such as the WannaCry ransomware and multiple MongoDB, ElasticSearch, and Memcached ransomware variants). It is increasingly difficult to differentiate between scan/attack traffic targeting your organization specifically and opportunistic mass-scan background radiation packets.
Grey Noise is a system that records and analyzes all the collective omnidirectional background noise of the Internet, performs enrichments and analytics, and makes the data available to researchers for free. Traffic is collected by a large network of geographically and logically diverse “listener” servers distributed around different data centers belonging to different cloud providers and ISPs around the world.
In this talk I will candidly discuss motivations for developing the system, a technical deep dive on the architecture, data pipeline, and analytics, observations and analysis of the traffic collected by the system, business impacts for network operators, pitfalls and lessons learned, and the vision for the system moving forward.
In this talk, we will dive into the data captured during last years Wall of Sheep applications and protocols that are giving your away credentials. This is something that anyone, with the right level of knowledge and inclination, could certainly do with a few basic ingredients. We will enumerate them. The dataset we will focus on was gathered as part of the Wall of Sheep contest during DEF CON 22. While this data was gathered using an off the shelf technology, that platform will not be the topic we discuss. Rather, we will focus on the types and scope of data sent totally in the clear for all to see. Additionally, we will discuss the ramifications this might have in a less "friendly" environment --where loss of one's anonymity, might really, really suck. Finally, we will discuss and recommend ways you can hamper this type of collection.
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
DerbyCon 2016
Nick Landers @monoxgas
External mail via Exchange is one of the most common services offered by organizations today. The Microsoft Office suite is even more prevalent making Outlook the most common mail client around. This talk focuses on the abuse of these two products for the purpose of gaining code execution inside remote networks. Subjects include E-Mail and password scraping, OWA/EWS brute forcing techniques, and new research into abusing Outlook mail rules for remote code execution. Learn about the capabilities of client side rules, the underlying Windows APIs, and how to modify these rule objects to make phishing attacks obsolete. Security Consultant at Silent Break Security. Professional Hacker for 2 years. Current work involves writing custom malware and researching unique attack vectors that abuse functionality in windows environments.
Red Team Tactics for Cracking the GSuite PerimeterMike Felch
As more corporations adopt Google for providing cloud services they are also inheriting the security risks associated with centralized computing, email and data storage outside the perimeter. In order for pentesters and red teamers to remain effective in analyzing security risks, they must adapt techniques in a way that brings value to the customer.
In this presentation we will begin by demonstrating adaptive techniques to crack the perimeter of Google Suite customers. Next, we will show how evasion can be accomplished by hiding in plain-sight due to failures in incident response plans. Finally, we will also show how a simple compromise could mean collateral damage for customers who are not carefully monitoring these cloud environments.
Ross Bevington, Microsoft
In ‘The Matrix’ sentient machines subdue the population by developing a highly sophisticated simulation. High interaction honeypots are a lot like The Matrix, designed to convince an attacker to execute an attack so we can monitor them. But these honeypots are flawed!
Attackers are continually adapting in order to evade our defenses - meaning that it’s often not enough to just set up a honeypot and watch the results roll in. Is a new approach better?
Did you know that 40% of IaaS VMs in Azure are Linux? For Microsoft to protect itself and its customers Linux is a priority.
At MSTIC we’ve developed a new type of Linux honeypot that allows us to deceive and control the behavior of an attacker. We are using this to understand the person behind the attack, examining them as they examine us. Using these techniques, we are able to better track the person behind the threat, build better protections and ultimately protect more Linux users - whether they are using Azure or not.
In this presentation I’ll show some of the successes of running a Matrix like environment, failures where a glitch was spotted as well as deception approaches that could be applied to other domains. Finally I’ll show how easy it is to leverage Azure’s big data capabilities to build and ultimately query all this data at scale as well as how you can immediately reap the benefits of this work by connecting your Linux box to Azure Security Center.
Talk Venue: BSides Tampa 2020
Speakers: Mike Felch & Joff Thyer
This talk will focus on the many different ways that a penetration tester, or Red Teamer can leverage the Python programming language during offensive operations. Python is a rich and powerful programming language which above all else allows a competent developer to very quickly write new tools that might start as a Proof of Concept, but soon become an invaluable addition to the Red Teamer's tool-belt. Having the skills to both generate new tools, and modify existing tools on the fly is critically important to agility during testing engagement. Everything from utility processing of data, network protocol, API interaction, and exploit development can be rapidly developed due to the high functionality level and intuitive nature of Python.
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
Wireless technology is inherently insecure in general, however this presentation details some unconventional attacks that have been around for years but are still incredibly effective. Discussing the basics of AP cloning, abusing captive portals, and more.
38th TWNIC OPM: Observations and mitigation of Mozi botnet APNIC
APNIC Senior Internet Security Specialist, Adli Wahid, presented on the Mozi botnet, what was observed and how it was mitigated at the 38th TWNIC OPM, held on 1 December 2022 in Taipei.
Dark Web insights regarding how to use the dark web and how to benefit from it. The reason i did this is to do the awareness of Dark Web as a concept. Try to learn it and to use it in a good way because it's very important.
Observations from the APNIC Community Honeynet Project, presentation by Adli ...APNIC
Observations from the APNIC Community Honeynet Project, presentation by Adli Wahid for the CNCERT International Partnership Conference 2022, delivered on 14 December 2022.
Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is transmitted through a series of network nodes called onion routers, each of which "peels" away a single layer, uncovering the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.
Onion routing was developed in the mid-1990s at the U.S. Naval Research to protect U.S. intelligence communications online. It was further developed by the Defence Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998. Onion Routing is implemented The Onion Routing project or TOR project.
Topics covered are:
-What is Onion Routing?
-What is Tor onion routing?
-How is Tor different from other proxies?
-How Tor works?
-Advantages of Tor
-Disadvantages of Tor
-Tor .onion domains
-Deep web v/s Dark web
-Dark web
-The Hidden Wiki
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
Presentation Contents:
Introduction to Deep Web, Contents of the Deep Web, Accessing the Deep Web, Advisement, Deep Web vs. Surface Web, Importance of Anonymity and Privacy, and Conclusions.
Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.more on http://www.trendyupdates.com/
Similar to Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop (20)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
2. http://Irongeek.com
I run Irongeek.com
I have an interest in InfoSec
education
I don’t know everything - I’m just a
geek with time on my hands
Sr. Information Security Consultant
at TrustedSec
Co-Founder of Derbycon
http://www.derbycon.com
Twitter: @Irongeek_ADC
3. http://Irongeek.com
I will be taking two perspectives
People trying to stay anonymous
People trying to de-anonymize users
I’m not really a privacy guy
IANAL
Be careful where you surf, contraband awaits
5. http://Irongeek.com
Darknets
There are many definitions, but mine is
“anonymizing private network ”
Use of encryption and proxies (some times other
peers) to obfuscate who is communicating to whom
Sometimes referred to as Cipherspace
(love that term)
7. http://Irongeek.com
Who?
First the US Naval Research Laboratory, then the EFF and now the Tor Project
(501c3 non-profit).
http://www.torproject.org/
Why?
“Tor is free software and an open network that helps you defend against a form
of network surveillance that threatens personal freedom and privacy,
confidential business activities and relationships, and state security known as
traffic analysis.” ~ As defined by their site
What?
Access normal Internet sites anonymously, and Tor hidden services.
How?
Locally run SOCKS proxy that connects to the Tor network.
16. http://Irongeek.com
Client
Just a user
Relays
These relay traffic, and can act as exit points
Bridges
Relays not advertised in the directory servers, so harder to block
Guard Nodes
Used to mitigate some traffic analysis attacks
Introduction Points
Helpers in making connections to hidden services
Rendezvous Point
Used for relaying/establishing connections to hidden services
18. http://Irongeek.com
Tails: The Amnesic Incognito Live System
https://tails.boum.org/
Tor2Web Proxy
http://tor2web.org
Tor Hidden Wiki:
http://kpvz7ki2v5agwt35.onion
Scallion (make host names)
https://github.com/lachesis/scallion
Onion Cat
http://www.cypherpunk.at/onioncat/
Reddit Onions
http://www.reddit.com/r/onions
19. http://Irongeek.com
Pros
If you can tunnel it through a SOCKS proxy, you can make
just about any protocol work.
Three levels of proxying, each node not knowing the one
before last, makes things very anonymous.
Cons
Slow
Do you trust your exit node?
Semi-fixed Infrastructure:
Sept 25th 2009, Great Firewall of China blocks 80% of Tor
relays listed in the Directory, but all hail bridges!!!
https://blog.torproject.org/blog/tor-partially-blocked-china
http://yro.slashdot.org/story/09/10/15/1910229/China-Strangles-Tor-Ahead-of-National-Day
Fairly easy to tell someone is using it from the server side
http://www.irongeek.com/i.php?page=security/detect-tor-exit-node-in-php
20. http://Irongeek.com
(Keep in mind, this is just the defaults)
Local
9050/tcp Tor SOCKS proxy
9051/tcp Tor control port
(9150 and 9151 on Tor Browser Bundle)
Remote
443/tcp and 80/tcp mostly
Servers may also listen on port 9001/tcp, and directory
information on 9030.
More details
http://www.irongeek.com/i.php?page=security/detect-tor-
exit-node-in-php
http://www.room362.com/tor-the-yin-or-the-yang
22. http://Irongeek.com
Crypto Currency
Proof of work
Bitcoin Addresses & Private Keys
Block Chain (ledger)
Tumblers (laundering)
Way more info by Bob Weiss
http://www.irongeek.com/i.php?page=videos/bsidesde2013/2-6-
hacking-benjamins-bob-weiss-pwcrack-into-to-bitcoin
23. http://Irongeek.com
On Dec. 16th 2013 a bomb threat was made to Harvard’s student news
paper and some officials.
The person used https://www.guerrillamail.com to send
email after connecting over Tor
Guerrilla Mail puts an X-Originating-IP header on that
marked who sent the message, in this case a Tor exit point
To: "irongeek@irongeek.com" <irongeek@irongeek.com>
From: <e9jnqrz+oo4j3w@guerrillamail.com>
Subject: Hey baby!
X-Originating-IP: [74.128.28.74]
Content-Type: text/plain; charset="utf-8"
shrapnel bombs placed in:
science center
sever hall
emerson hall
thayer hall
2/4.
guess correctly.
be quick for they will go off soon
24. http://Irongeek.com
All Tor nodes are publicly known (except bridges):
http://torstatus.blutmagie.de
Easy to correlate who was attached to Harvard network
and using Tor at the same time the email was sent (unless
you use a bridge).
Eldo Kim was connected to the Tor network around that
time.
Suspect Eldo Kim wanted to get out of a final and admitted
he made the bomb threat when interviewed.
More Details:
http://arstechnica.com/security/2013/12/use-of-tor-helped-fbi-finger-
bomb-hoax-suspect/
http://www.scribd.com/doc/192371742/Kim-El-Do-Harvard
28. http://Irongeek.com
DNS
Query
Monitored DNS Server
If I don’t use the
proxy for DNS, I
may send the
query to a DNS
server. It won’t
see my traffic
to/from the
destination, but
may now know
I’m visiting
someplace.com/
.onion/.i2p
29. http://Irongeek.com
Hector Xavier Monsegur (Sabu) normally
used Tor for connecting to IRC but was
caught not using it once and FBI found
his home IP. After being caught, he
started to collaborate.
Hector spoke with Jeremy Hammond
(sup_g) on IRC, and Jeremy casually let
slip where he had been arrested before
and groups he was involved with.
This narrowed the suspect pool, so the
FBI got a court order to monitor his
Internet access.
30. http://Irongeek.com
Hammond used Tor, and while the crypto
was never busted, FBI correlated times
sup_g was talking to Subu on IRC with
when Hammond was at home using his
computer.
More Details:
http://arstechnica.com/tech-
policy/2012/03/stakeout-how-the-fbi-
tracked-and-busted-a-chicago-anon/
32. http://Irongeek.com
Freedom Hosting hosted, amongst other things,
many child porn related hidden service websites.
Freedom Hosting had previously come under attack
by Anonymous during Op Darknet because of it
hosting CP.
In July of 2013, the FBI compromised Freedom
Hosting, and inserted malicious Java Script that
used Firefox bug CVE-2013-1690 in version 17 ESR.
The Tor Browser Bundle is based on Firefox, and the
newest version was already patched, but not
everyone updates in a timely fashion.
33. http://Irongeek.com
The payload was “Magneto”, which phoned home
to servers in Virginia using the host’s public IP.
http://ghowen.me/fbi-tor-malware-analysis
It also reported back the computer’s:
MAC address
Windows host name
unique serial number to tie a user to a site
May be same as EgotisticalGiraffe.
See also:
Magic Lantern
FOXACID
Computer and Internet Protocol Address Verifier (CIPAV)
Thanks to Joe Cicero for "Privacy In a Surveillance
State, Evading Detection" (P.I.S.S.E.D.) talk.
I am the best Giraffe
EVAR!!! Bow to my
Giraffey goodness!
34. http://Irongeek.com
An Irish man, Eric Eoin Marques, is alleged to be
the operator of Freedom Hosting. The servers
hosting Freedom Hosting were tied to him because
of payment records.
Marques was said to have dived for his laptop to
shut it down when police raided him.
More Details:
http://www.wired.com/threatlevel/2013/09/freedo
m-hosting-fbi/
36. http://Irongeek.com
Let’s see if the
hidden server
app is
vulnerable to an
exploit (buffer
overflow/web
app shell
exec/etc).
Send a payload
that contacts an
IP I monitor.
Exploit &
Payload
37. http://Irongeek.com
Someone going by the handle “Dread Pirate
Roberts” was the operator of the SilkRoad, which
allows sellers and buyers to exchange less than
legal goods and services.
http://silkroadvb5piz3r.onion
With about $1.2 Billion in exchanges on SilkRoad,
FBI wanted to know who was behind it.
They started to look for the earliest references to
the SilkRoad on the public Internet.
From court documents:
“As of September 23, 2013, there were nearly 13,000 listings for
controlled substances on the website, listed under the categories
"Cannabis," "Dissociatives," "Ecstasy," "Intoxicants," "Opioids,"
"Precursors," "Prescription," "Psychedelics," and "Stimulants," among
others. “
“There were 159 listings on the site under the category "Services." Most
concerned computer-hacking services: for example, one listing was by a
vendor offering to hack into Facebook, Twitter, and other social
networking accounts of the customer's choosing, so that "You can Read,
Write, Upload, Delete, View All Personal Info"; another listing offered
tutorials on "22 different methods" for hacking ATM machines. Other
listings offered services that were likewise criminal in nature. For
example, one listing was for a "HUGE Blackmarket Contact List,"
described as a list of "connects" for "services" such as "Anonymous Bank
Accounts," "Counterfeit Bills (CAD/GBP/EUR/USD) ," "Firearms
+Ammunition," "Stolen Info (CC [credit card], Paypal) ," and "Hitmen
(10+ countries)." “
“Sellers may not list forgeries of any privately issued documents such as
diplomas/certifications, tickets or receipts. Also, listings for counterfeit
currency are still not allowed in the money section.”
38. http://Irongeek.com
The earliest they could find was from “altoid” on the Shroomery.org forums on 01/27/11.
http://www.shroomery.org/forums/showflat.php/Number/13860995
39. http://Irongeek.com
BitCoinTalk.org Post
“Quote from: altoid on January 29, 2011, 07:44:51 PM
What an awesome thread! You guys have a ton of great ideas. Has anyone
seen Silk Road yet? It's kind of like an anonymous amazon.com. I don't think
they have heroin on there, but they are selling other stuff. They basically use
bitcoin and tor to broker anonymous transactions. It's at
http://tydgccykixpbu6uz.onion. Those not familiar with Tor can go to
silkroad420.wordpress.com for instructions on how to access the .onion site.
Let me know what you guys
think”https://bitcointalk.org/index.php?topic=175.msg42479#msg42479
40. http://Irongeek.com
An account named “altoid” also made a post on Bitcointalk.org about looking
for an “IT pro in the bitcoin community” and asked interested parties to contact
“rossulbricht at gmail dot com” (10/11/11).
https://bitcointalk.org/index.php?topic=47811.0
41. http://Irongeek.com
Ulbricht’s Google+ profile show an interest in the “Mises Institute” a “world
center of the Austrian School of economics.”
Dread Pirate Roberts’ signature on the Silk Road forums had a link to the Mises
Institute. Austrian Economic theory was also stated by Dread Pirate Roberts to
be influential to the the Silk Road’s philosophy.
42. http://Irongeek.com
"Ross Ulbricht.” account also posted on StackOverflow asking for help with PHP code to
connect to a Tor hidden service. The username was quickly changed to “frosty”
(03/16/12).
http://stackoverflow.com/questions/15445285/how-can-i-connect-to-a-tor-hidden-
service-using-curl-in-php
Guess who is now a suspect for being “Dread Pirate Roberts”? Ross William Ulbricht.
43. http://Irongeek.com
Someone was connecting to a server that hosts the Silk Road from an Internet
café near where Ross lived in San Francisco. Private messages on Silk Road
make it seem Dread Pirate Roberts lived in the Pacific time zone.
IP of a Silk Road server was attached to via a VPN server that was connected to
by an IP belonging to an Internet cafe on Laguna Street in San Francisco from
which Ulbricht had also connected to his Gmail account with (both on June 3,
2013).
PM to Dread Pirate Roberts from a user said the site was leaking "some sort of
external IP address" belonging to the VPN.
FBI starts taking down SilkRoad servers, though I’m are not sure how they were
found. Could have been money trail to aliases, or as Nicholas Weaver
conjectured, they hacked SilkRoad and made it contact an outsides server
without using Tor so it revealed it’s real IP. Once located, FBI was able to get a
copy of one of the servers.
44. http://Irongeek.com
On 07/10/13 US Customs intercepted 9 IDs with different names, but all having a picture of
Ulbricht. Homeland Security interviewed Ulbricht, but he denied having ordered them.
Smart: “ULBRICHT generally refused to answer any questions pertaining to the purchase of
this or other counterfeit identity documents.”
Stupid: “However, ULBRICHT volunteered that "hypothetically" anyone could go onto a
website named "Silk Road" on "Tor" and purchase any drugs or fake identity documents the
person wanted. “
Roommates knew him as “Josh”. PMs show DPR was interested in getting fake IDs.
45. http://Irongeek.com
Server used SSH and a public key that ended in frosty@frosty. Server also had some of
the same code posted on StackOverflow.
Eventually, on 10/01/2013 the FBI Landed on him in a Library right after he entered the
password for his laptop. More evidence was found on his laptop.
More info (Big thanks to Nate Anderson for the original article and Agent Christopher
Tarbell for court docs):
http://arstechnica.com/tech-policy/2013/10/how-the-feds-took-down-the-dread-
pirate-roberts/
https://www.cs.columbia.edu/~smb/UlbrichtCriminalComplaint.pdf
46. http://Irongeek.com
Lessons Learned:
Keep online identities separate
Keep different usernames
From different locations
Have a consistent story
Don’t talk about interests
Don’t volunteer information!
48. http://Irongeek.com
Talk on Darknets in general
http://www.irongeek.com/i.php?page=videos/aide-winter-
2011#Cipherspace/Darknets:_anonymizing_private_networks
I2P FAQ
http://www.i2p2.de/faq.html
Tor FAQ
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ
Tor Manual
https://www.torproject.org/docs/tor-manual.html.en
I2P Index to Technical Documentation
http://www.i2p2.de/how
49. http://Irongeek.com
Intro to Darknets: Tor and I2P Workshop
http://www.irongeek.com/i.php?page=videos/intro-to-tor-i2p-darknets
My Tor/I2P Notes
http://www.irongeek.com/i.php?page=security/i2p-tor-workshop-notes
Cipherspaces/Darknets An Overview Of Attack Strategies
http://www.irongeek.com/i.php?page=videos/cipherspaces-darknets-an-overview-of-attack-strategies
Anonymous proxy to the normal web
http://www.irongeek.com/i.php?page=videos/tor-1
Hidden services
Normally websites, but can be just about any TCP
connection
http://www.irongeek.com/i.php?page=videos/tor-hidden-services