Dünden Bugüne Exploit Dünyası
•
0 likes•488 views
This document discusses the history and evolution of computer exploits from early vulnerabilities like stack overflows to modern techniques like return oriented programming and kernel exploits. It provides examples of major exploits from the Morris Worm in 1988 to recent zero-days. It also outlines numerous bypass techniques for defenses such as ASLR, sandboxes, and KASLR. The document examines the sophisticated Pegasus spyware and its developer, the Israeli cybersecurity firm NSO Group.
Report
Share
Report
Share
Download to read offline
Recommended
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...
The document discusses the security risks of open source software and dependencies. It notes that while open source software is great, it can introduce vulnerabilities if dependencies are not properly reviewed since they are written by many strangers and may contain vulnerabilities. It advocates using a tool like Snyk to continuously find and fix vulnerabilities in dependencies before attackers can exploit them.
Unit testing in swift 2 - The before & after story
Into unit testing? If so you've probably found yourself in the dark alleys of Swift unit testing. If you haven't yet dabbled in unit testing, this talk will be an awesome opportunity to get started and charge up your unit testing superpowers. I explain three scenarios of unit testing with Swift, and provide us with practical advice for each of them and the implications of the recently introduced version 2 of Swift.
Reverse engineering android apps
This document discusses smartphone app security and how to hack phones by exploiting apps. It provides information on the motivation, tools, and exploits used to hack apps as well as how to protect against app hacking. The document outlines two main exploits: level hacking/feature hacking using open source exploits to gain continued access and inject backdoors; and injecting a meterpreter backdoor into an app to enable remote control via features like recording audio/video and stealing passwords. It concludes with recommendations on how to be aware of app security risks such as only downloading from app stores and reviewing app permissions.
The Postmodern Binary Analysis
This document discusses dynamic binary instrumentation and taint analysis techniques. It describes how frameworks like Intel PIN, Valgrind, and DynamoRIO can be used to inject instrumentation code into running binaries. It also explains how taint tracking can identify which parts of code are affected by tainted user input. Symbolic execution and constraint solving with Z3 are presented as methods to perform taint analysis and concolic execution on binaries. Open source tools like Triton, Angr, and BitBlaze TEMU are referenced for dynamic binary analysis.
Introduction to Reverse Engineering
Reverse engineering involves duplicating an existing product without drawings or documentation by analyzing the product. It is commonly used when the original manufacturer no longer produces the product, documentation has been lost, or to improve and redesign products. The reverse engineering process involves analyzing a product to understand its components, operation, and manufacturing methods without reliance on original documentation.
APT Saldırıları
APT (Advanced Persisitent Threat) saldırıların temel özelliklerini ele aldığımız webinarın sunumdur.
Recommended
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...
The document discusses the security risks of open source software and dependencies. It notes that while open source software is great, it can introduce vulnerabilities if dependencies are not properly reviewed since they are written by many strangers and may contain vulnerabilities. It advocates using a tool like Snyk to continuously find and fix vulnerabilities in dependencies before attackers can exploit them.
Unit testing in swift 2 - The before & after story
Into unit testing? If so you've probably found yourself in the dark alleys of Swift unit testing. If you haven't yet dabbled in unit testing, this talk will be an awesome opportunity to get started and charge up your unit testing superpowers. I explain three scenarios of unit testing with Swift, and provide us with practical advice for each of them and the implications of the recently introduced version 2 of Swift.
Reverse engineering android apps
This document discusses smartphone app security and how to hack phones by exploiting apps. It provides information on the motivation, tools, and exploits used to hack apps as well as how to protect against app hacking. The document outlines two main exploits: level hacking/feature hacking using open source exploits to gain continued access and inject backdoors; and injecting a meterpreter backdoor into an app to enable remote control via features like recording audio/video and stealing passwords. It concludes with recommendations on how to be aware of app security risks such as only downloading from app stores and reviewing app permissions.
The Postmodern Binary Analysis
This document discusses dynamic binary instrumentation and taint analysis techniques. It describes how frameworks like Intel PIN, Valgrind, and DynamoRIO can be used to inject instrumentation code into running binaries. It also explains how taint tracking can identify which parts of code are affected by tainted user input. Symbolic execution and constraint solving with Z3 are presented as methods to perform taint analysis and concolic execution on binaries. Open source tools like Triton, Angr, and BitBlaze TEMU are referenced for dynamic binary analysis.
Introduction to Reverse Engineering
Reverse engineering involves duplicating an existing product without drawings or documentation by analyzing the product. It is commonly used when the original manufacturer no longer produces the product, documentation has been lost, or to improve and redesign products. The reverse engineering process involves analyzing a product to understand its components, operation, and manufacturing methods without reliance on original documentation.
APT Saldırıları
APT (Advanced Persisitent Threat) saldırıların temel özelliklerini ele aldığımız webinarın sunumdur.
Buffer overflow Attacks
This document provides an introduction to buffer overflow attacks. It discusses buffer overflows, stack smashing, and controlling the execution flow by manipulating the EIP. It demonstrates how user input can make its way onto the stack and be used to control the call and return instructions. The document shows an example of writing exit shellcode and using it in a proof of concept attack. It notes that real attacks are illegal and this presentation is for demonstration purposes only.
Buffer Overflow Attacks
Presented by Abhinav chourasia in SecurityXploded cyber security meet. visit: http://www.securitytrainings.net for more information
Hacking the Gateways
This document outlines a plan to hack routers by exploiting vulnerabilities. The plan involves deciding targets, finding vulnerabilities in routers like the AirTies RT series, writing exploits in MIPS assembly to achieve remote code execution, writing scripts for mass exploitation, running attacks on targets in Turkey, and analyzing results. Routers are attractive targets because they are directly internet accessible, can control all traffic once compromised, have limited logging capabilities, and rarely receive security updates.
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
If you count the alternatives, there are 50 tools for software testing focused on open source projects - test planning and management, test execution, test reporting, front-end and backend testing, automated mobile testing, security scanners, issue tracking and others
Entomology 101
This document provides an introduction to studying, collecting, and finding bugs. It discusses how to collect bugs by following security mailing lists, bug bounty programs, security researchers on Twitter. It also discusses how to study bugs by analyzing code diffs between vulnerable and patched versions, building test environments, and documenting findings. The document then covers hunting for bugs by finding targets on sites like GitHub and HackerNews, setting up test environments, and optimizing hunting strategies based on collected bugs. Finally, it discusses responsible disclosure of bugs and some of the author's favorite bugs.
Canberk Bolat - Alice Android Diyarında
This document discusses Android security and provides steps for analyzing Android applications and exploiting vulnerabilities. It includes the following:
1) An introduction to Android architecture including sandboxes, application frameworks, and permissions.
2) Reasons for focusing on Android security such as the number of downloads, weak app review processes, and platform update issues.
3) Common Android application vulnerabilities like logging of sensitive data, insecure communication, and vulnerabilities in the WebView like addJavaScriptInterface.
4) Steps for cross-compiling code to run on Android, pushing binaries to an Android device, and exploiting vulnerabilities to pop a remote shell.
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
The document provides an overview of how to start exploring IoT security as a beginner. It defines IoT and OT, discusses common attack vectors like networks, wireless communication, and applications. It then provides guidance on how to perform security testing for these vectors, including tools to use for tasks like network pentesting, radio communication testing, and mobile application testing. The goal is to help beginners learn about IoT security challenges and how to start assessing vulnerabilities.
Defcon 23 - hariri spelman gorenc - abusing adobe readers java sc
The document discusses research into discovering and exploiting vulnerabilities in Adobe Reader's JavaScript APIs. It begins with introducing the researchers and providing statistics on the vulnerabilities found. It then covers understanding the attack surface by exploring the JavaScript API documentation and decompiling internal scripts. Methods of discovering vulnerabilities are described, such as overloading properties and achieving privileged execution. Finally, constructing an exploit is outlined, including chaining vulnerabilities to execute a file dumping API and gaining remote code execution.
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
IOS ecosystem
Presentation given at the 7th iOS Bootcamp in Catania.
http://pragmamark.org/events/ios-bootcamp-7th-edition/
The Future of Automated Malware Generation
The document discusses the current and future states of automated malware generation and malware defense techniques. It describes how malware distribution networks currently work and trends showing rising malware samples. The future of malware defense is proposed to apply more machine learning and statistical techniques to model malware behaviors and attributes in order to handle growing sample volumes. This would involve training machine learning classifiers on features identified by human experts to classify and cluster malware more effectively.
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Enginesc0c0n - International Cyber Security and Policing Conference
Web-App Remote Code Execution Via Scripting Engines by Rahul Sasi at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.htmlAgile Testing Days 2018 USA - API Testing Fundamentals
The document provides instructions for an API testing workshop, including opening a Trello board and downloading Postman. It discusses exploring APIs through testing variables, statuses, content types, and functionality by joining requests. Performance and security testing are also covered, such as checking authentication, authorization, and injection points. The workshop emphasizes making API testing fun and integrating it into development pipelines using tools like Newman and Runscope.
SCADA Software or Swiss Cheese Software? by Celil UNUVER
The talk is about SCADA vulnerabilities and exploiting. We will answer some specific questions about SCADA software vulnerabilities with technical details.
The questions are;
- Why are SCADA applications buggy?
- What is the status and impact of the threat?
- How do researchers or hackers discover these vulnerabilities?
In this talk we will also look at some SCADA vulnerabilities that affects well-known SCADA/HMI vendors, and will show how it's easy to hunt these vulnerabilities via reverse engineering , fuzzing etc.
Celil UNUVER
Celil Unuver is co-founder & security researcher of SignalSEC Ltd. He is also founder of NOPcon Security Conference. His areas of expertise include Vulnerability Research & Discovery, Exploit Development, Penetration Testing and Reverse Engineering. He has been a speaker at CONFidence, Swiss Cyber Storm, c0c0n, IstSec, Kuwait Info Security Forum. He enjoys hunting bugs and has discovered critical vulnerabilities affect well-known vendors such as Adobe, IBM, Microsoft, Novell etc.
Speck & Tech: Attacking iOS (A brief overview)
This document summarizes techniques for attacking iOS security. It outlines getting initial code execution through vulnerabilities like JavaScriptCore use-after-frees. It then discusses escalating privileges by escaping the sandbox, leveraging stack buffer overflows, and defeating protections like ASLR, DEP, and KPP. The goal is to achieve kernel code execution and install a persistent implant by bypassing iOS security measures at each level of the software stack.
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
A presentation about security of mobile apps by our senior quality assurance engineer Kristaps Felzenbergs. It was presented at TAPOST 2017 software testing conference.
How to get along with HATEOAS without letting the bad guys steal your lunch -...
It’s a cool idea - decouple the client from the server and let the application tell the client what it can do dynamically. This approach should allow much more flexibility and resilience as the client and server can evolve separately. Unfortunately, the HATEOAS approach can be a free lunch for cybercriminals unless you understand the simple steps needed to secure your design.
This is a talk delivered for the Security track at DevNexus 2020.
NASA Space Apps
This document discusses deploying apps with Heroku, a platform as a service. It summarizes that with Heroku, you write code, push it to Heroku, and it will run in a container managed by Heroku. The document provides information on installing Git and the Heroku CLI, creating a Heroku account, and getting started guides for various programming languages like Node.js, Ruby, Python, Java, and PHP.
Quality assurance engineer #JobShadowDay #XWiki
The document provides an overview of the responsibilities and skills of a quality assurance engineer. It describes the day-to-day activities which include writing test plans and scripts, performing test campaigns, reporting bugs, and analyzing results. Key skills include a broad understanding of the product from an end-user perspective, effective communication skills, creativity to test diverse scenarios, and development knowledge to automate tests. The document also gives examples of manual and automated testing conducted by a QA engineer at a company called XWiki.
Cross-platform Native App ontwikkeling met Appcelerator
Lezing voor de SIG Apps en de Regio Den Haag van Ngi-NGN op De Haagse Hogeschool over cross-platform native app ontwikkeling met Appcelerator Titanium en Alloy.
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...OECD Directorate for Financial and Enterprise Affairs
This presentation by OECD, OECD Secretariat, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
Carrer goals.pptx and their importance in real life
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
More Related Content
Similar to Dünden Bugüne Exploit Dünyası
Buffer overflow Attacks
This document provides an introduction to buffer overflow attacks. It discusses buffer overflows, stack smashing, and controlling the execution flow by manipulating the EIP. It demonstrates how user input can make its way onto the stack and be used to control the call and return instructions. The document shows an example of writing exit shellcode and using it in a proof of concept attack. It notes that real attacks are illegal and this presentation is for demonstration purposes only.
Buffer Overflow Attacks
Presented by Abhinav chourasia in SecurityXploded cyber security meet. visit: http://www.securitytrainings.net for more information
Hacking the Gateways
This document outlines a plan to hack routers by exploiting vulnerabilities. The plan involves deciding targets, finding vulnerabilities in routers like the AirTies RT series, writing exploits in MIPS assembly to achieve remote code execution, writing scripts for mass exploitation, running attacks on targets in Turkey, and analyzing results. Routers are attractive targets because they are directly internet accessible, can control all traffic once compromised, have limited logging capabilities, and rarely receive security updates.
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
If you count the alternatives, there are 50 tools for software testing focused on open source projects - test planning and management, test execution, test reporting, front-end and backend testing, automated mobile testing, security scanners, issue tracking and others
Entomology 101
This document provides an introduction to studying, collecting, and finding bugs. It discusses how to collect bugs by following security mailing lists, bug bounty programs, security researchers on Twitter. It also discusses how to study bugs by analyzing code diffs between vulnerable and patched versions, building test environments, and documenting findings. The document then covers hunting for bugs by finding targets on sites like GitHub and HackerNews, setting up test environments, and optimizing hunting strategies based on collected bugs. Finally, it discusses responsible disclosure of bugs and some of the author's favorite bugs.
Canberk Bolat - Alice Android Diyarında
This document discusses Android security and provides steps for analyzing Android applications and exploiting vulnerabilities. It includes the following:
1) An introduction to Android architecture including sandboxes, application frameworks, and permissions.
2) Reasons for focusing on Android security such as the number of downloads, weak app review processes, and platform update issues.
3) Common Android application vulnerabilities like logging of sensitive data, insecure communication, and vulnerabilities in the WebView like addJavaScriptInterface.
4) Steps for cross-compiling code to run on Android, pushing binaries to an Android device, and exploiting vulnerabilities to pop a remote shell.
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
The document provides an overview of how to start exploring IoT security as a beginner. It defines IoT and OT, discusses common attack vectors like networks, wireless communication, and applications. It then provides guidance on how to perform security testing for these vectors, including tools to use for tasks like network pentesting, radio communication testing, and mobile application testing. The goal is to help beginners learn about IoT security challenges and how to start assessing vulnerabilities.
Defcon 23 - hariri spelman gorenc - abusing adobe readers java sc
The document discusses research into discovering and exploiting vulnerabilities in Adobe Reader's JavaScript APIs. It begins with introducing the researchers and providing statistics on the vulnerabilities found. It then covers understanding the attack surface by exploring the JavaScript API documentation and decompiling internal scripts. Methods of discovering vulnerabilities are described, such as overloading properties and achieving privileged execution. Finally, constructing an exploit is outlined, including chaining vulnerabilities to execute a file dumping API and gaining remote code execution.
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.
IOS ecosystem
Presentation given at the 7th iOS Bootcamp in Catania.
http://pragmamark.org/events/ios-bootcamp-7th-edition/
The Future of Automated Malware Generation
The document discusses the current and future states of automated malware generation and malware defense techniques. It describes how malware distribution networks currently work and trends showing rising malware samples. The future of malware defense is proposed to apply more machine learning and statistical techniques to model malware behaviors and attributes in order to handle growing sample volumes. This would involve training machine learning classifiers on features identified by human experts to classify and cluster malware more effectively.
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Enginesc0c0n - International Cyber Security and Policing Conference
Web-App Remote Code Execution Via Scripting Engines by Rahul Sasi at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.htmlAgile Testing Days 2018 USA - API Testing Fundamentals
The document provides instructions for an API testing workshop, including opening a Trello board and downloading Postman. It discusses exploring APIs through testing variables, statuses, content types, and functionality by joining requests. Performance and security testing are also covered, such as checking authentication, authorization, and injection points. The workshop emphasizes making API testing fun and integrating it into development pipelines using tools like Newman and Runscope.
SCADA Software or Swiss Cheese Software? by Celil UNUVER
The talk is about SCADA vulnerabilities and exploiting. We will answer some specific questions about SCADA software vulnerabilities with technical details.
The questions are;
- Why are SCADA applications buggy?
- What is the status and impact of the threat?
- How do researchers or hackers discover these vulnerabilities?
In this talk we will also look at some SCADA vulnerabilities that affects well-known SCADA/HMI vendors, and will show how it's easy to hunt these vulnerabilities via reverse engineering , fuzzing etc.
Celil UNUVER
Celil Unuver is co-founder & security researcher of SignalSEC Ltd. He is also founder of NOPcon Security Conference. His areas of expertise include Vulnerability Research & Discovery, Exploit Development, Penetration Testing and Reverse Engineering. He has been a speaker at CONFidence, Swiss Cyber Storm, c0c0n, IstSec, Kuwait Info Security Forum. He enjoys hunting bugs and has discovered critical vulnerabilities affect well-known vendors such as Adobe, IBM, Microsoft, Novell etc.
Speck & Tech: Attacking iOS (A brief overview)
This document summarizes techniques for attacking iOS security. It outlines getting initial code execution through vulnerabilities like JavaScriptCore use-after-frees. It then discusses escalating privileges by escaping the sandbox, leveraging stack buffer overflows, and defeating protections like ASLR, DEP, and KPP. The goal is to achieve kernel code execution and install a persistent implant by bypassing iOS security measures at each level of the software stack.
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
A presentation about security of mobile apps by our senior quality assurance engineer Kristaps Felzenbergs. It was presented at TAPOST 2017 software testing conference.
How to get along with HATEOAS without letting the bad guys steal your lunch -...
It’s a cool idea - decouple the client from the server and let the application tell the client what it can do dynamically. This approach should allow much more flexibility and resilience as the client and server can evolve separately. Unfortunately, the HATEOAS approach can be a free lunch for cybercriminals unless you understand the simple steps needed to secure your design.
This is a talk delivered for the Security track at DevNexus 2020.
NASA Space Apps
This document discusses deploying apps with Heroku, a platform as a service. It summarizes that with Heroku, you write code, push it to Heroku, and it will run in a container managed by Heroku. The document provides information on installing Git and the Heroku CLI, creating a Heroku account, and getting started guides for various programming languages like Node.js, Ruby, Python, Java, and PHP.
Quality assurance engineer #JobShadowDay #XWiki
The document provides an overview of the responsibilities and skills of a quality assurance engineer. It describes the day-to-day activities which include writing test plans and scripts, performing test campaigns, reporting bugs, and analyzing results. Key skills include a broad understanding of the product from an end-user perspective, effective communication skills, creativity to test diverse scenarios, and development knowledge to automate tests. The document also gives examples of manual and automated testing conducted by a QA engineer at a company called XWiki.
Cross-platform Native App ontwikkeling met Appcelerator
Lezing voor de SIG Apps en de Regio Den Haag van Ngi-NGN op De Haagse Hogeschool over cross-platform native app ontwikkeling met Appcelerator Titanium en Alloy.
Similar to Dünden Bugüne Exploit Dünyası (20)
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Defcon 23 - hariri spelman gorenc - abusing adobe readers java sc
Defcon 23 - hariri spelman gorenc - abusing adobe readers java sc
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Engines
Agile Testing Days 2018 USA - API Testing Fundamentals
Agile Testing Days 2018 USA - API Testing Fundamentals
SCADA Software or Swiss Cheese Software? by Celil UNUVER
SCADA Software or Swiss Cheese Software? by Celil UNUVER
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
How to get along with HATEOAS without letting the bad guys steal your lunch -...
How to get along with HATEOAS without letting the bad guys steal your lunch -...
Cross-platform Native App ontwikkeling met Appcelerator
Cross-platform Native App ontwikkeling met Appcelerator
Recently uploaded
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...OECD Directorate for Financial and Enterprise Affairs
This presentation by OECD, OECD Secretariat, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
Carrer goals.pptx and their importance in real life
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Psychological safety in teams is important; team members must feel safe and able to communicate and collaborate effectively to deliver value. It’s also necessary to build long-lasting teams since things will happen and relationships will be strained.
But, how safe is a team? How can we determine if there are any factors that make the team unsafe or have an impact on the team’s culture?
In this mini-workshop, we’ll play games for psychological safety and team culture utilizing a deck of coaching cards, The Psychological Safety Cards. We will learn how to use gamification to gain a better understanding of what’s going on in teams. Individuals share what they have learned from working in teams, what has impacted the team’s safety and culture, and what has led to positive change.
Different game formats will be played in groups in parallel. Examples are an ice-breaker to get people talking about psychological safety, a constellation where people take positions about aspects of psychological safety in their team or organization, and collaborative card games where people work together to create an environment that fosters psychological safety.
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
This is a workshop about communication and collaboration. We will experience how we can analyze the reasons for resistance to change (exercise 1) and practice how to improve our conversation style and be more in control and effective in the way we communicate (exercise 2).
This session will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
Abstract:
Let’s talk about powerful conversations! We all know how to lead a constructive conversation, right? Then why is it so difficult to have those conversations with people at work, especially those in powerful positions that show resistance to change?
Learning to control and direct conversations takes understanding and practice.
We can combine our innate empathy with our analytical skills to gain a deeper understanding of complex situations at work. Join this session to learn how to prepare for difficult conversations and how to improve our agile conversations in order to be more influential without power. We will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
In the session you will experience how preparing and reflecting on your conversation can help you be more influential at work. You will learn how to communicate more effectively with the people needed to achieve positive change. You will leave with a self-revised version of a difficult conversation and a practical model to use when you get back to work.
Come learn more on how to become a real influencer!
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionOECD Directorate for Financial and Enterprise Affairs
This presentation by Nathaniel Lane, Associate Professor in Economics at Oxford University, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionOECD Directorate for Financial and Enterprise Affairs
This presentation by OECD, OECD Secretariat, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...OECD Directorate for Financial and Enterprise Affairs
This presentation by Juraj Čorba, Chair of OECD Working Party on Artificial Intelligence Governance (AIGO), was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
IEEE CIS Webinar Sustainable futures.pdf
The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems.
Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa
Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版一模一样【微信:741003700 】【贝德福特大学毕业证(bedfordhire毕业证)硕士文凭】【微信:741003700 】学位证,留信认证(真实可查,永久存档)offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...OECD Directorate for Financial and Enterprise Affairs
This presentation by OECD, OECD Secretariat, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...OECD Directorate for Financial and Enterprise Affairs
This presentation by Tim Capel, Director of the UK Information Commissioner’s Office Legal Service, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
XP 2024 presentation: A New Look to Leadership
Presentation slides from XP2024 conference, Bolzano IT. The slides describe a new view to leadership and combines it with anthro-complexity (aka cynefin).
Disaster Management project for holidays homework and other uses
It talks about disaster management in a helful way.
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
原版定制【微信:bwp0011】《(lincoln学位证书)英国林肯大学毕业证文凭学位证书》【微信:bwp0011】成绩单 、雅思、外壳、留信学历认证永久存档查询,采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信bwp0011】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信bwp0011】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
【关于价格问题(保证一手价格)】
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...OECD Directorate for Financial and Enterprise Affairs
This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussionOECD Directorate for Financial and Enterprise Affairs
This presentation by Yong Lim, Professor of Economic Law at Seoul National University School of Law, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussionOECD Directorate for Financial and Enterprise Affairs
This presentation by OECD, OECD Secretariat, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...OECD Directorate for Financial and Enterprise Affairs
This presentation by Katharine Kemp, Associate Professor at the Faculty of Law & Justice at UNSW Sydney, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
ASONAM2023_presection_slide_track-recommendation.pdf
Presented at the 2023 IEEE/ACM International Conference on
Advances in Social Networks Analysis and Mining.
Recently uploaded (20)
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
Carrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real life
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
Disaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other uses
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
ASONAM2023_presection_slide_track-recommendation.pdf
ASONAM2023_presection_slide_track-recommendation.pdf
Dünden Bugüne Exploit Dünyası
- 1. DÜNDEN BUGÜNE EXPLOIT DÜNYASI Onur ALANBEL
- 2. $id -un • Bilgisayar Mühendisi (İYTE) • Kurucu @cricomtr (cri.com.tr) • Geliştirici @TaintAll (taintall.com) • Uygulama Güvenliği Araştırmacısı • Github: github.com/onura • Twitter: @onuralanbel • https://packetstormsecurity.com/search/?q=onur+alanbel
- 3. VULNERABILITYVS POCVS EXPLOIT • Vulnerability: istismar edilebilir hata (bug).
- 4. VULNERABILITYVS POCVS EXPLOIT • Vulnerability: istismar edilebilir hata (bug). • PoC: Zafiyeti tetikleyen kod.
- 5. VULNERABILITYVS POCVS EXPLOIT • Vulnerability: istismar edilebilir hata (bug). • PoC: Zafiyeti tetikleyen kod. • Exploit: Program akışını manipüle eden kod ve girdi birleşimi.
- 7. NEDEN KULLANILIRLAR? • Yetkisiz Erişim • YetkiYükseltme
- 10. MS08-067 • RPC RCE • Conficker
- 12. DÜNVS BUGÜN • SDLC (no stack overflow?)
- 13. DÜNVS BUGÜN
- 14. DÜNVS BUGÜN ➤ Buffer Overrun ➤ Buffer Overflow ➤ Stack overflow ➤ Heap overflow ➤ UAF ➤ Double Free ➤ Memory Corruption ➤ Unbound Memory Read / Write ➤ Arbitrary Memory Read / Write ➤ Type Confusion ➤ Race Condition ➤ Logic Bugs ➤ ….
- 17. CODE Program Instructions RX STACK User Input RW Address Space Layout Randomization Stack Heap DLL Base Code Base
- 18. ASLR BYPASS • Info Leak • Partial PC Overwrite • Non-ASLR Components/Libraries • Heap Spray (Nop Sled) • PLT Overwrite • GOT Dereference
- 19. SANDBOX Target Process OS Components Limited Access Other Processes
- 23. ROP Kernel Fake Stack User Process SMEP Supervisor Mode Execution Prevention
- 24. ROP Fake Stack Kernel User Process SMEP/ SMAP Supervisor Mode Access Prevention
- 25. KASLR BYPASS • Info Leak • Partial PC Overwrite • Side Channel Attacks (UsuallyTime Based)
- 26. DIĞER KORUMALAR • Stack Canaries/Cookies • Memory Protector, Isolated heap • Different Data/Code Caches • …
- 27. PEGASUS OLAYI • Milyon Dolarlık Exploit Nasıl Gözükür?
- 28. Kurban bir linke tıklar UAF (CVE-2016-4657) Arbitrary Read to Break ASLR Arbitrary Write to Gain Code Execution Fake NULL Pointer Dereference Info Leak (CVE-2016-4655) Break KASLR Kernel UAF (CVE-2016-4656) to Jailbreak
- 29. ARKASINDA KİMVAR? • NSO GroupTechnologies 2010 da kurulan İsrail çıkışlı bir güvenlik firması. • 200 çalışan, $40 milyon 2013, $150 milyon in 2015 yıllık gelir. • İş tanımları: NSO Group provides "authorized governments with technology that helps them combat terror and crime”.
- 30. GÜNDEM • Siber Silah • Siber Caydırıcılık • Aktif Siber Savaş