Enhance Virtualization Stack with Intel CET and MPX
•
0 likes•332 views
In the cloud, virtualization stack provides the basic capability to isolate multiple VMs. In past years, VM escape became the real threat. Malicious VM can utilize 0-day in virtualization stack to break the isolation. Intel CET is a new CPU feature to prevent ROP exploit, and MPX is a CPU feature to prevent buffer overflow. This session will show how to enhance virtualization stack utilizing CET/MPX. Learning Objectives: 1: Understand VM escape details and threats in virtualization stack. 2: Learn about CET and MPX details. 3: Learn novel approach to protect virtualization stack with CET/MPX features. (Source: RSA Conference USA 2018)
Report
Share
Report
Share
Download to read offline
Recommended
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
Part 1: Reworking the ARM GIC Emulation
The ARM Generic Interrupt Controller (GIC) provides some level of virtualization support in hardware. This still requires emulation of the distributor part, which has to integrate with the virtualization feature. Doing this in a performing and readable way is not trivial, especially the locking strategy tends to be complicated.
While extending the existing virtual GIC support in Xen to cover support for MSIs, some issues have been discovered which ask for some significant changes in the existing code.
The presentation will briefly describe the existing VGIC design and the issues we faced when trying to extend it. Based on this the changes will be presented and how they improve and ideally simplify the code.
Part 2: Xen Challenges in the ARM ITS Emulation
For being able to use MSIs on ARM systems in Xen domains we need to emulate the ARM GICv3 ITS controller. Its design is centered around a command queue located in normal system memory.
Emulating this in the Xen hypervisor brings some interesting challenges, ranging from safely accessing the guest memory and dealing with possible propagation of commands, to possible DOS attacks by domains keeping the emulation code busy.
The presentation outlines the main problems and how we hit Xen limits in emulating this correctly and efficiently. Also it presents our temporary workarounds and their drawbacks.
Alessio Lama - Development and testing of a safety network protocol
This document discusses the development and testing of safety network protocols for applications in automotive, industrial automation, and other fields. It outlines several issues with network communication such as access denial, repetition, loss, corruption, and timeouts. It then describes techniques for addressing these issues, including the use of VLANs for access control, CRC and hash functions for error detection, supervision packets for connection monitoring, and timestamps for timeout detection. Finally, it discusses tools for testing protocols, such as Wireshark, Scapy, TTCN-3, PTP, and PRP, which provides redundancy against network failures.
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
In era of cloud computing, security is becoming more and more critical for customers. In existing HW/SW architecture hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel Software Guard Extension (SGX) provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. Intel SGX makes such protection possible through the use of enclave, which is a protected area in userspace application where the code/data cannot be accessed directly by any software from outside. This presentation intends to give you an introduction of Intel SGX technology, including what it is, how it works, and the existing SW stack to enable SGX for customers, followed by introduction of our work to support SGX virtualization in Xen hypervisor, including the high-level design, current status and future plan.
Project ACRN GPIO mediator introduction
This document introduces GPIO and GPIO virtualization in ACRN. It discusses:
1. GPIO hardware consists of pin configuration logic, GPIO logic blocks, and multiplexers that allow pins to take on different functions like GPIO, SPI, I2C.
2. GPIO virtualization in ACRN follows the virtio specification and allows each VM to access a virtual GPIO chip with a configured number of pins mapped to physical pins.
3. GPIO IRQ virtualization allows VMs to request, apply, and be notified of IRQ events on their virtual GPIO pins, which are forwarded by the hypervisor to the corresponding physical pins.
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...The Linux Foundation
Software Guard Extensions (SGX) is Intel's unique security feature which has been present in Intel's processors since Skylake generation. Existing HW/SW solutions hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel SGX solves this by using enclave, which is a protected portion of userspace application where the code/data cannot be accessed directly from outside by any software, including privileged ones, such as BIOS and VMM. This discussion is intended for the deep dive introduction to SGX, and the design discussion of adding SGX virtualization to Xen. We will start with SGX deep dive, and then go into SGX virtualization design, from high level design to details, such as EPC management/virtualization, CPUID handling, interaction with VMX, live migration support, etc.FOSDEM 2020: How can we make WebRTC Easier?
What have I learned from helping developers build with WebRTC this past year. What can we do to make things better?
VM Forking and Hypervisor-based Fuzzing with Xen
The document discusses using VM forking and hypervisor-based introspection on Xen to perform fuzz testing of kernels. It describes how VM forking allows quickly restoring VMs after each fuzz cycle by copying memory pages on demand. Coverage tracing is done by inserting breakpoints using virtual machine introspection. Crashes can be detected by breakpointing crash handlers. Examples are given of fuzzing with PCI devices passed through and detecting double fetches. The techniques were released as the open source Kernel Fuzzer for Xen Project.
Secure IoT Firmware for RISC-V
MultiZone is an IoT firmware that provides a trusted execution environment (TEE) for securing IoT applications on RISC-V processors. It includes pre-integrated libraries for TCP/IP, TLS, ECC and FreeRTOS to handle basic and advanced IoT requirements. MultiZone provides four separated execution environments called zones that are enforced by hardware to isolate trusted applications from untrusted third party code and libraries. It allows for building secure IoT devices, remote firmware updates, and real-time device monitoring and management without needing proprietary hardware extensions.
Recommended
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
Part 1: Reworking the ARM GIC Emulation
The ARM Generic Interrupt Controller (GIC) provides some level of virtualization support in hardware. This still requires emulation of the distributor part, which has to integrate with the virtualization feature. Doing this in a performing and readable way is not trivial, especially the locking strategy tends to be complicated.
While extending the existing virtual GIC support in Xen to cover support for MSIs, some issues have been discovered which ask for some significant changes in the existing code.
The presentation will briefly describe the existing VGIC design and the issues we faced when trying to extend it. Based on this the changes will be presented and how they improve and ideally simplify the code.
Part 2: Xen Challenges in the ARM ITS Emulation
For being able to use MSIs on ARM systems in Xen domains we need to emulate the ARM GICv3 ITS controller. Its design is centered around a command queue located in normal system memory.
Emulating this in the Xen hypervisor brings some interesting challenges, ranging from safely accessing the guest memory and dealing with possible propagation of commands, to possible DOS attacks by domains keeping the emulation code busy.
The presentation outlines the main problems and how we hit Xen limits in emulating this correctly and efficiently. Also it presents our temporary workarounds and their drawbacks.
Alessio Lama - Development and testing of a safety network protocol
This document discusses the development and testing of safety network protocols for applications in automotive, industrial automation, and other fields. It outlines several issues with network communication such as access denial, repetition, loss, corruption, and timeouts. It then describes techniques for addressing these issues, including the use of VLANs for access control, CRC and hash functions for error detection, supervision packets for connection monitoring, and timestamps for timeout detection. Finally, it discusses tools for testing protocols, such as Wireshark, Scapy, TTCN-3, PTP, and PRP, which provides redundancy against network failures.
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
In era of cloud computing, security is becoming more and more critical for customers. In existing HW/SW architecture hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel Software Guard Extension (SGX) provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. Intel SGX makes such protection possible through the use of enclave, which is a protected area in userspace application where the code/data cannot be accessed directly by any software from outside. This presentation intends to give you an introduction of Intel SGX technology, including what it is, how it works, and the existing SW stack to enable SGX for customers, followed by introduction of our work to support SGX virtualization in Xen hypervisor, including the high-level design, current status and future plan.
Project ACRN GPIO mediator introduction
This document introduces GPIO and GPIO virtualization in ACRN. It discusses:
1. GPIO hardware consists of pin configuration logic, GPIO logic blocks, and multiplexers that allow pins to take on different functions like GPIO, SPI, I2C.
2. GPIO virtualization in ACRN follows the virtio specification and allows each VM to access a virtual GPIO chip with a configured number of pins mapped to physical pins.
3. GPIO IRQ virtualization allows VMs to request, apply, and be notified of IRQ events on their virtual GPIO pins, which are forwarded by the hypervisor to the corresponding physical pins.
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...The Linux Foundation
Software Guard Extensions (SGX) is Intel's unique security feature which has been present in Intel's processors since Skylake generation. Existing HW/SW solutions hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel SGX solves this by using enclave, which is a protected portion of userspace application where the code/data cannot be accessed directly from outside by any software, including privileged ones, such as BIOS and VMM. This discussion is intended for the deep dive introduction to SGX, and the design discussion of adding SGX virtualization to Xen. We will start with SGX deep dive, and then go into SGX virtualization design, from high level design to details, such as EPC management/virtualization, CPUID handling, interaction with VMX, live migration support, etc.FOSDEM 2020: How can we make WebRTC Easier?
What have I learned from helping developers build with WebRTC this past year. What can we do to make things better?
VM Forking and Hypervisor-based Fuzzing with Xen
The document discusses using VM forking and hypervisor-based introspection on Xen to perform fuzz testing of kernels. It describes how VM forking allows quickly restoring VMs after each fuzz cycle by copying memory pages on demand. Coverage tracing is done by inserting breakpoints using virtual machine introspection. Crashes can be detected by breakpointing crash handlers. Examples are given of fuzzing with PCI devices passed through and detecting double fetches. The techniques were released as the open source Kernel Fuzzer for Xen Project.
Secure IoT Firmware for RISC-V
MultiZone is an IoT firmware that provides a trusted execution environment (TEE) for securing IoT applications on RISC-V processors. It includes pre-integrated libraries for TCP/IP, TLS, ECC and FreeRTOS to handle basic and advanced IoT requirements. MultiZone provides four separated execution environments called zones that are enforced by hardware to isolate trusted applications from untrusted third party code and libraries. It allows for building secure IoT devices, remote firmware updates, and real-time device monitoring and management without needing proprietary hardware extensions.
ARM uVisor Debug Refinement Project(debugging facility improvements)
台灣SITCON投影片,by張家榮(Jared)。
mbed OS是ARM為了物聯網所推出的作業系統,號稱IOT界的Android,IOT無所不在,記錄大量的個人資料,於是安全性便顯得十分關鍵。
uVisor位於mbed最底層,為一專門負責安全的hypervisor,管理整個系統的記憶體安全;掌握了記憶體,就掌握了所有的輸入、輸出,就能確保程式碼、記憶體不會被任意執行、修改、竊取。
目前uVisor的完成度也相當低,開發進度緩慢,主要的原因是uVisor基於安全的考量,不允許I/O的直接存取,也就無法顯示任何訊息。
此計畫期望藉由整合多項開放原始碼專案:CrashDebug、CrashCatcher、MRI到uVisor,改善將來在mbed OS上開發App的開發者,可以在不影響到作業系統或其他box的情況下,順利除錯。
VM Forking and Hypervisor-based fuzzing
This document outlines a presentation on using virtual machine forking and memory replay techniques for malware fuzzing and behavior modeling. Key points include:
- VM forking allows quickly resetting VMs for fuzzing by sharing and duplicating memory pages between forks. This enables high throughput fuzzing.
- Memory replay replays recorded memory values accessed by an application to induce faults, as an alternative to random fuzzing which may not be effective.
- These techniques were implemented in proof-of-concept tools to demonstrate fuzzing unknown binaries and building behavior models without assumptions about malware tricks or payloads.
- The goal is to dynamically analyze malware without limitations of traditional analysis systems and gain insights into prevalent attack
Claudio Scordino - Handling mixed criticality on embedded multi-core systems
This talk illustrates how to use the Jailhouse hypervisor for running Linux alongside an RTOS on modern ARM multi-core SoCs, aiming at building smarter devices for the automotive market.
Recently, the industry has shown a growing interest for executing activities with different levels of criticality on the same multi-core SoC. These could consist, for example, of non-critical activities (e.g., monitoring, logging, human-machine intefaces) together with safety-critical tasks. The rationale behind this interest is the continuous need for reducing the time-to-market as well as the design and hardware costs. This is particularly suitable for the automotive market, where new infotainment functionalities might be coupled with traditional safety-critical tasks (e.g. engine/brake control). In this talk, we will present our experience (grown through the HERCULES EU project) in using the Jailhouse hypervisor for executing the Linux general-purpose OS alongside an automotive RTOS on modern ARM multi-core platforms. Besides providing useful instructions for using Jailhouse, we will illustrate a library designed for easing the communication between the two OSs as well as some mechanism for limiting the interference on shared hardware resources. Finally, a short video of a simple demo will show the effectiveness of the proposed approach.
Ins and Outs of GPIO Programming
This webinar will introduce you to GPIO (General-Purpose Input/Output) programming on embedded systems.
BKK16-200 Designing Security into low cost IO T Systems
This document discusses security considerations for Internet of Things (IoT) systems. It outlines various security risks for IoT devices like weak cryptography, default passwords, and lack of device renewability. It then describes how security can be built into IoT systems at different levels, including device hardware with features like ARM TrustZone, software like mbed OS and mbedTLS, and cloud management platforms. The document advocates for an end-to-end secure IoT framework provided through collaboration between ARM and Linaro.
Esp8266 - Intro for dummies
A presentation about ESP8266. What is it? How can I hook it up to my Arduino board? How does it work? Can I make cool projects with it?
ESP8266 and IOT
My slide at the Milan Codemotion 2015, a session called "An Adventure with ESP8266 and IOT" about using the esp8266 with NodeMCU, mosquitto, nodejs and an accelerometer. All the sourcecode will be available at http://pestohacks.blogspot.com soon
Project ACRN USB mediator introduction
This document introduces the ACRN USB Mediator, which provides USB virtualization for the Intel Apollo Lake platform. It discusses:
1. The native USB architecture of Apollo Lake, which includes an integrated xHCI and xDCI controller sharing USB PHY ports.
2. The device model architecture in ACRN, which virtualizes the xHCI and DRD controllers through emulators to assign isolated USB resources to each VM.
3. The xHCI virtualization implementation, which exposes multiple virtual xHCI instances to VMs and maps their virtual USB ports to physical ports.
4. The DRD virtualization, which emulates the dual role device functionality of Apollo Lake to
SnakeGX (short version)
- SnakeGX is a framework that implants a persistent backdoor in SGX enclaves using code-reuse techniques, allowing an attacker to interact with the enclave without detection by the host OS. It exploits SGX isolation to avoid memory inspection and leaves minimal traces.
- The backdoor remains inside the enclave after installation and can invoke syscalls. It is more stealthy than prior attacks as it does not require crashing the enclave repeatedly or introducing unexpected enclaves.
- An evaluation shows the backdoor payload is over 4KB in size but the trigger is only 56B, making it much harder to detect through memory forensic analysis than state-of-the-art attacks.
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...The Linux Foundation
Tweet Share
Virtualization capabilities were added to the latest revision of the Armv7-A architectures (with processors like Cortex A7 and A15), and this was extended further with Armv8-A (64bit). Since then, Arm has been improving virtualization support with incremental versions of the Armv8 architecture.
This talk will give an overview of the features added.Deep submicron-backdoors-ortega-syscan-2014-slides
Malicious hardware is a mature topic but previous research has focused almost exclusively on theoretical applications. In this article, practical implementations of gate-level backdoors will be presented using the Verilog hardware description language, then simulated and finally synthesized using freely available deep sub-micron (45-180 nm) standard cells, resulting in a backdoored latest-generation ARM CPU, suitable for fabrication and massive deployment.
Embedded Systems Conference 2014 Presentation
This document discusses the challenges in designing a type 1 hypervisor for ARM v7 virtualization extensions. It covers topics like hypervisor layering in software stack, monolithic vs microkernel design approaches, ARM v7 virtualization features, bare minimal hypervisor design, hypervisor exception handling, guest interrupt handling using GIC, timer virtualization, managing virtual devices using virtio MMIO, guest debugging support, VM management functions like context save/restore and scheduling, and remote device management use cases.
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Přednáška zaměřená na rychlý přehled nových technologií v operačním systému Windows 10 a nových mikroarchitekturách procesorů Intel (Haswell, Sky Lake a Kaby Lake). Detailněji se pak bude věnovat některým klíčovým novinkám jako je virtual based security ve Windows 10, nebo některým bezpečnostním rozšířením procesorů. Závěrem poskytne přehled zdrojů k detailním informacím a příkladům využití. Přednáška bude koncipována jako "svodka technologických novinek". Autor bude přítomný po celou dobu konání konference a rád odpoví na Vaše otázky.
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
In this slide, we introduce the TrustZone of information that has published at this time in relation to ARMv8-M.
It is possible to separate/isolate the security level by adding the security state.
ARMv8-M architecture has a different mechanism than TrustZone to provide traditional ARMv8-A architecture, which is optimized for embedded systems.
Esp8266 Workshop
Workshop given at my employer regarding the ESP8266, a nifty IoT chip. Covers some topics and some basic getting started information.
Adafruit Huzzah Esp8266 WiFi Board
Presentation of the ESP8266 WiFi module created for the course Pervasive Systems 2016 of the Master Degree in Engineering in Computer Science (DIAG, University of Rome "La Sapienza")
Pervasive Systems 2016 Web Site: http://ichatz.me/index.php/Site/PervasiveSystems2016
LinkedIn Profile: https://www.linkedin.com/in/biagio-botticelli-444b87105?trk=hp-identity-name
GitHub Repository: https://github.com/biagiobotticelli/ESP8266
lwM2M OTA for ESP8266
Over the Air (OTA) Arduino firmware update for ESP8266 with cloud platform based on Eclipse IoT technologies
SnakeGX (full version)
SnakeGX is a framework that implants a persistent backdoor in SGX enclaves without being detected by the host OS. It works by exploiting SGX isolation to avoid memory inspection, leaving minimal traces. The key aspects are: (1) analyzing enclave memory to find a trusted thread for payload installation, (2) installing ROP chains and a fake ocall context trigger, (3) designing the backdoor with split payload chains that interact inside and outside the enclave via context switching. An evaluation on StealthDB shows the trigger is much smaller than the payload, making it harder to detect through memory forensics.
RISC-V 30906 hex five multi_zone iot firmware
MultiZone IoT Firmware provides a trusted execution environment (TEE) that shields trusted applications from untrusted third party libraries. It works with any RISC-V processor and provides up to 4 separated hardware and software execution worlds. MultiZone includes pre-integrated security libraries, an RTOS, and connectivity standards to provide a complete and secure IoT stack.
Embedded Recipes 2019 - Herd your socs become a matchmaker
About 60% of the Linux kernel source tree is devoted to drivers for a large variety of supported hardware components. Especially in the embedded world, the number of different SoC families, versions, and revisions, integrating a myriad of “IP cores”, keeps on growing.
In this presentation, Geert will explain how to match drivers against hardware, and how to support a wide variety of (dis)similar devices, without turning platform and driver code into an entangled bowl of spaghetti.tra
Starting with a brief history of driver matching in Linux, he will fast-forward to device-tree based matching. He will discuss ways to handle slight variations of the same hardware devices, and different SoC revisions, each with their own quirks and bugs. Finally, Geert will show best practices for evolving device drivers in a maintainable way, based on his experiences as an embedded Linux kernel developer and maintainer.
Geert Uytterhoeven
Graphical System On Chip with LabVIEW
This document discusses chip design in LabVIEW using an FPGA. It describes using a Xilinx Spartan 3E FPGA with LabVIEW FPGA. It discusses implementing softcore processors like Picoblaze and Microblaze on the FPGA to create a system on chip. It also discusses using a Network-on-Chip (NoC) for multicore implementations and integrating IP cores. It envisions future work integrating Microblaze using CLIP and physical mapping tools in LabVIEW.
OffensiveCon2022: Case Studies of Fuzzing with Xen
KF/x is an open-source fuzzing framework that leverages virtual machine introspection to fuzz code running inside virtual machines. It was used to discover vulnerabilities in the Virtio driver in Linux and a heap overflow in the 7z parser of Symantec Endpoint Protection. KF/x allows taking full memory snapshots of a VM, forking it to generate new test cases, and monitoring for crashes or desired program states. This approach found issues that may have otherwise remained undetected due to the lack of proper fuzzing tools for systems running complex, isolated software like antivirus programs.
More Related Content
What's hot
ARM uVisor Debug Refinement Project(debugging facility improvements)
台灣SITCON投影片,by張家榮(Jared)。
mbed OS是ARM為了物聯網所推出的作業系統,號稱IOT界的Android,IOT無所不在,記錄大量的個人資料,於是安全性便顯得十分關鍵。
uVisor位於mbed最底層,為一專門負責安全的hypervisor,管理整個系統的記憶體安全;掌握了記憶體,就掌握了所有的輸入、輸出,就能確保程式碼、記憶體不會被任意執行、修改、竊取。
目前uVisor的完成度也相當低,開發進度緩慢,主要的原因是uVisor基於安全的考量,不允許I/O的直接存取,也就無法顯示任何訊息。
此計畫期望藉由整合多項開放原始碼專案:CrashDebug、CrashCatcher、MRI到uVisor,改善將來在mbed OS上開發App的開發者,可以在不影響到作業系統或其他box的情況下,順利除錯。
VM Forking and Hypervisor-based fuzzing
This document outlines a presentation on using virtual machine forking and memory replay techniques for malware fuzzing and behavior modeling. Key points include:
- VM forking allows quickly resetting VMs for fuzzing by sharing and duplicating memory pages between forks. This enables high throughput fuzzing.
- Memory replay replays recorded memory values accessed by an application to induce faults, as an alternative to random fuzzing which may not be effective.
- These techniques were implemented in proof-of-concept tools to demonstrate fuzzing unknown binaries and building behavior models without assumptions about malware tricks or payloads.
- The goal is to dynamically analyze malware without limitations of traditional analysis systems and gain insights into prevalent attack
Claudio Scordino - Handling mixed criticality on embedded multi-core systems
This talk illustrates how to use the Jailhouse hypervisor for running Linux alongside an RTOS on modern ARM multi-core SoCs, aiming at building smarter devices for the automotive market.
Recently, the industry has shown a growing interest for executing activities with different levels of criticality on the same multi-core SoC. These could consist, for example, of non-critical activities (e.g., monitoring, logging, human-machine intefaces) together with safety-critical tasks. The rationale behind this interest is the continuous need for reducing the time-to-market as well as the design and hardware costs. This is particularly suitable for the automotive market, where new infotainment functionalities might be coupled with traditional safety-critical tasks (e.g. engine/brake control). In this talk, we will present our experience (grown through the HERCULES EU project) in using the Jailhouse hypervisor for executing the Linux general-purpose OS alongside an automotive RTOS on modern ARM multi-core platforms. Besides providing useful instructions for using Jailhouse, we will illustrate a library designed for easing the communication between the two OSs as well as some mechanism for limiting the interference on shared hardware resources. Finally, a short video of a simple demo will show the effectiveness of the proposed approach.
Ins and Outs of GPIO Programming
This webinar will introduce you to GPIO (General-Purpose Input/Output) programming on embedded systems.
BKK16-200 Designing Security into low cost IO T Systems
This document discusses security considerations for Internet of Things (IoT) systems. It outlines various security risks for IoT devices like weak cryptography, default passwords, and lack of device renewability. It then describes how security can be built into IoT systems at different levels, including device hardware with features like ARM TrustZone, software like mbed OS and mbedTLS, and cloud management platforms. The document advocates for an end-to-end secure IoT framework provided through collaboration between ARM and Linaro.
Esp8266 - Intro for dummies
A presentation about ESP8266. What is it? How can I hook it up to my Arduino board? How does it work? Can I make cool projects with it?
ESP8266 and IOT
My slide at the Milan Codemotion 2015, a session called "An Adventure with ESP8266 and IOT" about using the esp8266 with NodeMCU, mosquitto, nodejs and an accelerometer. All the sourcecode will be available at http://pestohacks.blogspot.com soon
Project ACRN USB mediator introduction
This document introduces the ACRN USB Mediator, which provides USB virtualization for the Intel Apollo Lake platform. It discusses:
1. The native USB architecture of Apollo Lake, which includes an integrated xHCI and xDCI controller sharing USB PHY ports.
2. The device model architecture in ACRN, which virtualizes the xHCI and DRD controllers through emulators to assign isolated USB resources to each VM.
3. The xHCI virtualization implementation, which exposes multiple virtual xHCI instances to VMs and maps their virtual USB ports to physical ports.
4. The DRD virtualization, which emulates the dual role device functionality of Apollo Lake to
SnakeGX (short version)
- SnakeGX is a framework that implants a persistent backdoor in SGX enclaves using code-reuse techniques, allowing an attacker to interact with the enclave without detection by the host OS. It exploits SGX isolation to avoid memory inspection and leaves minimal traces.
- The backdoor remains inside the enclave after installation and can invoke syscalls. It is more stealthy than prior attacks as it does not require crashing the enclave repeatedly or introducing unexpected enclaves.
- An evaluation shows the backdoor payload is over 4KB in size but the trigger is only 56B, making it much harder to detect through memory forensic analysis than state-of-the-art attacks.
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...The Linux Foundation
Tweet Share
Virtualization capabilities were added to the latest revision of the Armv7-A architectures (with processors like Cortex A7 and A15), and this was extended further with Armv8-A (64bit). Since then, Arm has been improving virtualization support with incremental versions of the Armv8 architecture.
This talk will give an overview of the features added.Deep submicron-backdoors-ortega-syscan-2014-slides
Malicious hardware is a mature topic but previous research has focused almost exclusively on theoretical applications. In this article, practical implementations of gate-level backdoors will be presented using the Verilog hardware description language, then simulated and finally synthesized using freely available deep sub-micron (45-180 nm) standard cells, resulting in a backdoored latest-generation ARM CPU, suitable for fabrication and massive deployment.
Embedded Systems Conference 2014 Presentation
This document discusses the challenges in designing a type 1 hypervisor for ARM v7 virtualization extensions. It covers topics like hypervisor layering in software stack, monolithic vs microkernel design approaches, ARM v7 virtualization features, bare minimal hypervisor design, hypervisor exception handling, guest interrupt handling using GIC, timer virtualization, managing virtual devices using virtio MMIO, guest debugging support, VM management functions like context save/restore and scheduling, and remote device management use cases.
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Přednáška zaměřená na rychlý přehled nových technologií v operačním systému Windows 10 a nových mikroarchitekturách procesorů Intel (Haswell, Sky Lake a Kaby Lake). Detailněji se pak bude věnovat některým klíčovým novinkám jako je virtual based security ve Windows 10, nebo některým bezpečnostním rozšířením procesorů. Závěrem poskytne přehled zdrojů k detailním informacím a příkladům využití. Přednáška bude koncipována jako "svodka technologických novinek". Autor bude přítomný po celou dobu konání konference a rád odpoví na Vaše otázky.
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
In this slide, we introduce the TrustZone of information that has published at this time in relation to ARMv8-M.
It is possible to separate/isolate the security level by adding the security state.
ARMv8-M architecture has a different mechanism than TrustZone to provide traditional ARMv8-A architecture, which is optimized for embedded systems.
Esp8266 Workshop
Workshop given at my employer regarding the ESP8266, a nifty IoT chip. Covers some topics and some basic getting started information.
Adafruit Huzzah Esp8266 WiFi Board
Presentation of the ESP8266 WiFi module created for the course Pervasive Systems 2016 of the Master Degree in Engineering in Computer Science (DIAG, University of Rome "La Sapienza")
Pervasive Systems 2016 Web Site: http://ichatz.me/index.php/Site/PervasiveSystems2016
LinkedIn Profile: https://www.linkedin.com/in/biagio-botticelli-444b87105?trk=hp-identity-name
GitHub Repository: https://github.com/biagiobotticelli/ESP8266
lwM2M OTA for ESP8266
Over the Air (OTA) Arduino firmware update for ESP8266 with cloud platform based on Eclipse IoT technologies
SnakeGX (full version)
SnakeGX is a framework that implants a persistent backdoor in SGX enclaves without being detected by the host OS. It works by exploiting SGX isolation to avoid memory inspection, leaving minimal traces. The key aspects are: (1) analyzing enclave memory to find a trusted thread for payload installation, (2) installing ROP chains and a fake ocall context trigger, (3) designing the backdoor with split payload chains that interact inside and outside the enclave via context switching. An evaluation on StealthDB shows the trigger is much smaller than the payload, making it harder to detect through memory forensics.
RISC-V 30906 hex five multi_zone iot firmware
MultiZone IoT Firmware provides a trusted execution environment (TEE) that shields trusted applications from untrusted third party libraries. It works with any RISC-V processor and provides up to 4 separated hardware and software execution worlds. MultiZone includes pre-integrated security libraries, an RTOS, and connectivity standards to provide a complete and secure IoT stack.
Embedded Recipes 2019 - Herd your socs become a matchmaker
About 60% of the Linux kernel source tree is devoted to drivers for a large variety of supported hardware components. Especially in the embedded world, the number of different SoC families, versions, and revisions, integrating a myriad of “IP cores”, keeps on growing.
In this presentation, Geert will explain how to match drivers against hardware, and how to support a wide variety of (dis)similar devices, without turning platform and driver code into an entangled bowl of spaghetti.tra
Starting with a brief history of driver matching in Linux, he will fast-forward to device-tree based matching. He will discuss ways to handle slight variations of the same hardware devices, and different SoC revisions, each with their own quirks and bugs. Finally, Geert will show best practices for evolving device drivers in a maintainable way, based on his experiences as an embedded Linux kernel developer and maintainer.
Geert Uytterhoeven
What's hot (20)
ARM uVisor Debug Refinement Project(debugging facility improvements)
ARM uVisor Debug Refinement Project(debugging facility improvements)
Claudio Scordino - Handling mixed criticality on embedded multi-core systems
Claudio Scordino - Handling mixed criticality on embedded multi-core systems
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
Deep submicron-backdoors-ortega-syscan-2014-slides
Deep submicron-backdoors-ortega-syscan-2014-slides
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
Embedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmaker
Similar to Enhance Virtualization Stack with Intel CET and MPX
Graphical System On Chip with LabVIEW
This document discusses chip design in LabVIEW using an FPGA. It describes using a Xilinx Spartan 3E FPGA with LabVIEW FPGA. It discusses implementing softcore processors like Picoblaze and Microblaze on the FPGA to create a system on chip. It also discusses using a Network-on-Chip (NoC) for multicore implementations and integrating IP cores. It envisions future work integrating Microblaze using CLIP and physical mapping tools in LabVIEW.
OffensiveCon2022: Case Studies of Fuzzing with Xen
KF/x is an open-source fuzzing framework that leverages virtual machine introspection to fuzz code running inside virtual machines. It was used to discover vulnerabilities in the Virtio driver in Linux and a heap overflow in the 7z parser of Symantec Endpoint Protection. KF/x allows taking full memory snapshots of a VM, forking it to generate new test cases, and monitoring for crashes or desired program states. This approach found issues that may have otherwise remained undetected due to the lack of proper fuzzing tools for systems running complex, isolated software like antivirus programs.
Fuzzing_with_Xen.pdf
KF/x is an open-source fuzzing framework that leverages virtual machine introspection to fuzz code running inside virtual machines. It was used to discover vulnerabilities in the Virtio and 7zip parsers of Symantec Endpoint Protection. By transplanting VM snapshots between KVM and Xen, it was able to fuzz the Virtio driver, finding no issues. Fuzzing the 7zip parser with KF/x uncovered a controlled heap overflow that was likely silently fixed. The talk demonstrates how KF/x provides a stable, reusable, and extensible foundation for full-system fuzzing of complex software like antivirus products.
OSMC 2014: Server Hardware Monitoring done right | Werner Fischer
Server Hardware ist vielfältig - und damit können auch mögliche Probleme auftreten. Für das Monitoring der Serverkomponenten gibt es unterschiedliche Schnittstellen. Die Palette reicht hier von Netzwerkprotokollen wie IPMI und SNMP bis hin zu Checks, die lokal am jeweiligen Server ausgeführt werden müssen (z.B. für RAID-Controller, SMART-Attribute oder GPU-Karten).
Im Vortrag erfahren Sie welche Checks Sie am besten für bestimmte Hardware Komponenten einsetzen und damit zuverlässig zeitnah informiert werden, sobald sich Probleme abzeichnen.
Code Red Security
The document discusses various techniques for deception and bypassing security checks, including:
1) Using iptables and the TARPIT and DELUDE targets to deceive port scanners by simulating open ports or terminating connections.
2) Writing x64 shellcode and understanding differences from x86 in CPU registers and the kernel ABI.
3) Performing DL-injection attacks by injecting a dynamic library to override functions like getuid() and bypass authentication.
4) Demonstrating process hijacking using ptrace() to inject shellcode and escalate privileges.
5) Mounting a local privilege escalation attack after gaining initial user access.
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Virtual machine introspection (VMI) allows security tools to be run externally to virtual machines for improved isolation, visibility, and control. VMI provides full interpretation of the virtual hardware and memory to detect malware. It can actively monitor VM events and memory through techniques like EPT trap interposition. The speaker demonstrated these capabilities using open source tools like LibVMI and DRAKVUF for dynamic malware analysis. VMI is presented as an important approach for cloud and mobile security going forward.
Sierraware ARM hypervisor
Sierravisor is the first integrated Secure Hypervisor for ARM that supports TrustZone and Virtualization in a seamless easy to use package.
Hardware backdooring is practical : slides
This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a generic proof of concept malware for the intel architecture, Rakshasa, capable of infecting more than a hundred of different motherboards. The first net effect of Rakshasa is to disable NX permanently and remove SMM related fixes from the BIOS, resulting in permanent lowering of the security of the backdoored computer, even after complete earasing of hard disks and reinstallation of a new operating system. We shall also demonstrate that preexisting work on MBR subvertions such as bootkiting and preboot authentication software bruteforce can be embedded in Rakshasa with little effort. More over, Rakshasa is built on top of free software, including the Coreboot project, meaning that most of its source code is already public. This presentation will take a deep dive into Coreboot and hardware components such as the BIOS, CMOS and PIC embedded on the motherboard, before detailing the inner workings of Rakshasa and demo its capabilities. It is hoped to raise awareness of the security community regarding the dangers associated with non open source firmwares shipped with any computer and question their integrity. This shall also result in upgrading the best practices for forensics and post intrusion analysis by including the afore mentioned firmwares as part of their scope of work.
CrySys guest-lecture: Virtual machine introspection on modern hardware
This document summarizes virtual machine introspection techniques on modern hardware. It discusses Intel's split translation lookaside buffer (TLB) and how TLB poisoning is no longer possible due to virtualization. It then covers Intel's extended page tables (EPT) and how they can be used to trap guest execution for virtual machine introspection. Limitations of EPT are described along with techniques like EPT violation interrupts (#VE) and EPT pointer switching to address them. Intel's system management mode (SMM) and dual monitor mode (DMM) are presented as alternatives for virtual machine introspection. ARM virtualization using two-stage paging is also briefly discussed.
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 in San Francisco.
Presentation by RIFT.io's CTO Tim Mortsolf.
For additional details and the video recording please visit www.dpdksummit.com.
Using VPP and SRIO-V with Clear Containers
Clear Containers is an Open Containers Initiative (OCI) “runtime” that launches an Intel VT-x secured hypervisor rather than a standard Linux container. An introduction of Clear Containers will be provided, followed by an overview of CNM networking plugins which have been created to enhance network connectivity using Clear Containers. More specifically, we will show demonstrations of using VPP with DPDK and SRIO-v based networks to connect Clear Containers. Pending time we will provide and walk through a hands on example of using VPP with Clear Containers.
About the speaker: Manohar Castelino is a Principal Engineer for Intel’s Open Source Technology Center. Manohar has worked on networking, network management, network processors and virtualization for over 15 years. Manohar is currently an architect and developer with the ciao (clearlinux.org/ciao) and the clear containers (https://github.com/01org/cc-oci-runtime) projects focused on networking. Manohar has spoken at many Container Meetups and internal conferences.
Linux+sensor+device-tree+shell=IoT !
You have one of those fruity *Pi arm boards and cheep sensor from China? Some buttons and LEDs? Do I really need to learn whole new scripting language and few web technologies to read my temperature, blink a led or toggle a relay? No, because your Linux kernel already has drivers for them and all you need is device tree and cat.
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Embedded. What Why How
What does embedded mean?
Project examples and specifics.
Special tools.
What do you need to know?
Why is it so cool?
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
This document discusses moving QEMU's Tiny Code Generator (TCG) to a multi-threaded model to take advantage of multi-core systems. It describes the current single-threaded TCG process model and global state. Approaches considered for multi-threading include using threads/locks, processes/IPC, or rewriting TCG from scratch. Key challenges addressed are protecting code generation globals and implementing atomic memory operations and memory barriers in a multi-threaded context. Patches have been contributed to address these issues and enable multi-threaded TCG. Further work remains to fully enable it across all QEMU backends and architectures.
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V International has more than 1,000 members across over 50 countries who are working in hardware, software, services, and various industries for a strong and healthy RISC-V ecosystem. It is projected that by 2025 there will be over 62 billion RISC-V CPU cores and the total market for RISC-V IP and software is expected to grow to over $1b by 2025.
In 2020 alone, we saw successes with newly defined RISC-V accelerator architectures, affordable RISC-V open source small-board computers, development boards for personal computers, and an incredibly fast 64-bit RISC-V Core as the community also ratified key specifications and made advances in security.
As we see the growth of RISC-V into industries such as AI, machine learning, blockchain, 5G, medical, and industrial, we will see the ratifications of new extensions that enable this growth.
Join Kim McMahon, Director of Marketing and Stephano Cetola, Technical Program Manager as we take a look at where RISC-V is going in 2021.
DPDK Support for New HW Offloads
This document discusses DPDK support for new hardware offloads. It describes the Netronome Agilio SmartNIC, which has hardware accelerators and can offload tasks like cryptography and flow processing. It discusses using the SmartNIC with DPDK and OVS for improved performance over kernel-based solutions. Full flow classification and action offloading to the SmartNIC is proposed to reduce CPU usage, along with exploring eBPF/XDP offloading possibilities and virtio offloading to enable VM migration.
Project ACRN hypervisor introduction
The document discusses ACRN, an open-source lightweight hypervisor intended for consolidating heterogeneous workloads and streamlining IoT edge development. It provides an overview of ACRN's architecture and key modules, including boot process, CPU virtualization, memory management, interrupt handling, pass-through devices, and device model for handling I/O requests. The document also outlines enhancements in ACRN 2.0, such as supporting new operating systems and safety/real-time virtual machines.
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
"Attestation is hard" is something you might hear from security researchers tracking nation states and APTs, but it's actually pretty true for most network-connected systems!
Modern deployment methodologies mean that disparate teams create workloads for shared worker-hosts (ranging from Jenkins to Kubernetes and all the other orchestrators and CI tools in-between), meaning that at any given moment your hosts could be running any one of a number of services, connecting to who-knows-what on the internet.
So when your network-based intrusion detection system (IDS) opaquely declares that one of these machines has made an "anomalous" network connection, how do you even determine if it's business as usual? Sure you can log on to the host to try and figure it out, but (in case you hadn't noticed) computers are pretty fast these days, and once the connection is closed it might as well not have happened... Assuming it wasn't actually a reverse shell...
At Yelp we turned to the Linux kernel to tell us whodunit! Utilizing the Linux kernel's eBPF subsystem - an in-kernel VM with syscall hooking capabilities - we're able to aggregate metadata about the calling process tree for any internet-bound TCP connection by filtering IPs and ports in-kernel and enriching with process tree information in userland. The result is "pidtree-bcc": a supplementary IDS. Now whenever there's an alert for a suspicious connection, we just search for it in our SIEM (spoiler alert: it's nearly always an engineer doing something "innovative")! And the cherry on top? It's stupid fast with negligible overhead, creating a much higher signal-to-noise ratio than the kernels firehose-like audit subsystems.
This talk will look at how you can tune the signal-to-noise ratio of your IDS by making it reflect your business logic and common usage patterns, get more work done by reducing MTTR for false positives, use eBPF and the kernel to do all the hard work for you, accidentally load test your new IDS by not filtering all RFC-1918 addresses, and abuse Docker to get to production ASAP!
As well as looking at some of the technologies that the kernel puts at your disposal, this talk will also tell pidtree-bcc's road from hackathon project to production system and how focus on demonstrating business value early on allowed the organization to give us buy-in to build and deploy a brand new project from scratch.
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
Matt Carroll
Infrastructure Security Engineer at Yelp
"Attestation is hard" is something you might hear from security researchers tracking nation states and APTs, but it's actually pretty true for most network-connected systems!
Modern deployment methodologies mean that disparate teams create workloads for shared worker-hosts (ranging from Jenkins to Kubernetes and all the other orchestrators and CI tools in-between), meaning that at any given moment your hosts could be running any one of a number of services, connecting to who-knows-what on the internet.
So when your network-based intrusion detection system (IDS) opaquely declares that one of these machines has made an "anomalous" network connection, how do you even determine if it's business as usual? Sure you can log on to the host to try and figure it out, but (in case you hadn't noticed) computers are pretty fast these days, and once the connection is closed it might as well not have happened... Assuming it wasn't actually a reverse shell...
At Yelp we turned to the Linux kernel to tell us whodunit! Utilizing the Linux kernel's eBPF subsystem - an in-kernel VM with syscall hooking capabilities - we're able to aggregate metadata about the calling process tree for any internet-bound TCP connection by filtering IPs and ports in-kernel and enriching with process tree information in userland. The result is "pidtree-bcc": a supplementary IDS. Now whenever there's an alert for a suspicious connection, we just search for it in our SIEM (spoiler alert: it's nearly always an engineer doing something "innovative")! And the cherry on top? It's stupid fast with negligible overhead, creating a much higher signal-to-noise ratio than the kernels firehose-like audit subsystems.
This talk will look at how you can tune the signal-to-noise ratio of your IDS by making it reflect your business logic and common usage patterns, get more work done by reducing MTTR for false positives, use eBPF and the kernel to do all the hard work for you, accidentally load test your new IDS by not filtering all RFC-1918 addresses, and abuse Docker to get to production ASAP!
As well as looking at some of the technologies that the kernel puts at your disposal, this talk will also tell pidtree-bcc's road from hackathon project to production system and how focus on demonstrating business value early on allowed the organization to give us buy-in to build and deploy a brand new project from scratch.
Similar to Enhance Virtualization Stack with Intel CET and MPX (20)
OffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with Xen
OSMC 2014: Server Hardware Monitoring done right | Werner Fischer
OSMC 2014: Server Hardware Monitoring done right | Werner Fischer
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
CrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardware
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
More from Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
Verizon Breach Investigation Report (VBIR).pdf
The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.
Top 10 Security Risks .pptx.pdf
The document summarizes the top 10 cybersecurity risks presented to the board of directors of a manufacturing company. It discusses each risk such as insider threats, cloud security, ransomware attacks, third party risks, and data security. For each risk, it provides the current posture in terms of controls, compliance level, and planned improvements. The CISO and other leaders such as the managing director, finance director, and chief risk officer attended the presentation.
Simplifying data privacy and protection.pdf
1) Data is growing exponentially which increases the risk and impact of data breaches, while compliance requirements are also becoming more stringent.
2) IBM Security Guardium helps customers address this by discovering, classifying, and protecting sensitive data across platforms and simplifying compliance.
3) It detects threats in real-time, increases data security accuracy, and reduces the time spent on audits and issue remediation, helping customers minimize the impact of potential data breaches and address local compliance requirements.
Generative AI and Security (1).pptx.pdf
Generative AI and Security Testing discusses generative AI, including its definition as a subset of AI focused on generating content similar to human creations. The document outlines the evolution of generative AI from artificial neural networks to modern models like GPT, GANs, and VAEs. It provides examples of different types of generative AI like text, image, audio, and video generation. The document proposes potential uses of generative AI like GPT for security testing tasks such as malware generation, adversarial attack simulation, and penetration testing assistance.
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
The document discusses shifting the focus in cybersecurity from vulnerability management to weakness management and attack surface management. It argues that attacks persist because approaches focus only on software vulnerabilities, while ignoring other weaknesses like technological, people and process weaknesses that expand the potential attack surface. A new approach is needed that takes a holistic view of all weaknesses and continuously monitors the entire attack surface to better prevent attacks.
DPDP Act 2023.pdf
The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
This document discusses cybersecurity threats and SentinelOne's solutions. It begins with questions about an organization's cyber preparedness and budget. It then discusses the cat-and-mouse game between attackers and defenders. The document highlights growing ransomware threats and payments. It argues SentinelOne provides a unified security solution that lowers costs, risks, and complexity while improving detection and response. It shares industry recognition for SentinelOne and concludes by thanking the audience.
Cyber Crisis Management.pdf
An IT systems outage and distributed denial of service (DDoS) attack impacted an organization called XYZ Ltd. This was followed by a ransom demand email from an anonymous sender threatening to release sensitive project data. When the ransom deadline passed, anonymous hackers released a video on social media and the data breach began receiving media coverage. A customer then contacted XYZ to inquire about the data leak and if their content was impacted. The document outlines discussions between teams at XYZ on responding to the cyber incident and lessons learned.
CISOPlatform journey.pptx.pdf
The CISO Platform is a 10+ year old dedicated social platform for CISOs and senior IT security leaders that has grown to over 40,000 members across 20+ countries. Through sharing and collaboration, the community has created over 500 checklists, frameworks, and playbooks that are available for free to members. The platform also hosts an annual security conference with over 100 speakers and 20 workshops attended by 20,000 people. The goal of the CISO Platform is to build tangible community goods and resources through open sharing and collaboration among security professionals.
Chennai Chapter.pptx.pdf
This document provides updates from the Chennai Chapter of the CISO Platform for 2021. It discusses the following:
1. The Breach and Attack Summit held in December which included panel discussions, presentations, task forces, and workshops despite natural disasters, with over 200 attendees.
2. Chapter meetings focused on ransomware trends and lessons learned from attacks.
3. A kids initiative to promote cybersecurity awareness through sessions for students, parents and teachers at local schools.
4. The task forces focused on topics like cyber risk quantification, quantum computing, cyber insurance and privacy.
Cloud attack vectors_Moshe.pdf
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Stories From The Web 3 Battlefield
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Lessons Learned From Ransomware Attacks
The document summarizes a ransomware attack experienced by the author's organization and the lessons learned. It describes how the ransomware encrypted files and powered off virtual machines. It then details the recovery process over several days, including bringing in an incident response firm, rebuilding infrastructure, and restoring service for customers. Key lessons included having stronger access controls, backups stored separately, and implementing security tools like EDR, centralized logging, and identity management best practices.
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Chennai
Date - 6 September, 2022
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Mumbai
Date - 14 September, 2022
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Cyber Security Governance
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Ethical Hacking
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
More from Priyanka Aash (20)
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Recently uploaded
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Skybuffer SAM4U tool for SAP license adoption
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Best 20 SEO Techniques To Improve Website Visibility In SERP
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Digital Marketing Trends in 2024 | Guide for Staying Ahead
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Generating privacy-protected synthetic data using Secludy and Milvus
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Recently uploaded (20)
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Enhance Virtualization Stack with Intel CET and MPX
- 1. SESSION ID: #RSAC Xiaoning Li ENHANCE VIRTUALIZATION STACK WITH INTEL CET AND MPX HTA-F01 Chief Security Architect Alibaba Cloud Ravi Sahita Principal Engineer Intel CorporaLon
- 2. #RSAC Agenda 2 Full VirtualizaLon Stack QEMU VulnerabiliLes Intel CET Intel MPX and PKU VM Escape Case Study MiLgaLon with CET/MPX Other MiLgaLons
- 3. #RSAC Full VirtualizaLon Stack 3 CPU (VT-x) Hypervisor Dom0/Host OS Guest OS Device EmulaLon Frontend Driver/VirtIODevice Driver CPU (VT-x) Hypervisor Dom0/Host OS Guest OS Device Driver Pass-through Device Driver HVM Guest OS with Device Pass-through HVM Guest OS Without Device Pass-through
- 4. #RSAC Why Device EmulaLon? 4 Supports more guest devices with virtual devices If physical devices number are not enough - limited GPU resource If physical devices don’t support device virtualizaLon – Not every device support SRIOV If physical devices don’t exist – some outdated devices Popular usage in cloud environment to support many VMs QEMU can provide device emulaLon for KVM/XEN, but it brings new a]ack surface on virtualizaLon stack
- 6. #RSAC QEMU VulnerabiliLes by 2018 Jan 6
- 7. #RSAC CVE-2015-5165 – InformaLon Leak 7
- 8. #RSAC CVE-2015-7504 – Heap Overflow 8
- 10. #RSAC Intel® Control-flow Enforcement Technology 10 Intel CET Indirect Branch Tracking Shadow Stack
- 11. #RSAC Shadow Stack 11 Return Address 1 Return Address 2 Parameter Return Address 4 Parameter Parameter Return Address 3 Return Address 1 Return Address 3 Return Address 2 Return Address 4 RET Return Address 4 Return Address 4
- 12. #RSAC Shadow Stack Control ProtecLon ExcepLon 12 Return Address 1 Return Address 2 Parameter Return Address 4 Parameter Parameter Return Address 3 Return Address 1 Return Address 3 Return Address 2.1 Return Address 4 RET #CP
- 13. #RSAC Indirect Branch Tracking 13 RET Indirect Branch InstrucLon2 ENDBR32/ENDBR64 InstrucLon… InstrucLon… InstrucLon1 IND JMP IND CALL
- 14. #RSAC Indirect Branch Tracking 14 RET Indirect Branch InstrucLon2 ENDBR32/ENDBR64 InstrucLon… InstrucLon… InstrucLon1 RET ENDBR32/ENDBR64 InstrucLon… IND JMP IND CALL
- 15. #RSAC Indirect Branch Tracking #CP 15 RET Indirect Branch InstrucLon2 ENDBR32/ENDBR64 InstrucLon… InstrucLon… InstrucLon1 RET Push Eax InstrucLon… IND JMP IND CALL #CP
- 16. #RSAC Cross Mode Indirect Branch Tracking 16 InstrucLon2 32 ENDBR32 InstrucLon1 32 IND JMP IND CALL InstrucLon2 64 ENDBR32 InstrucLon1 64 32bit Mode 64bit Mode Same binary built by compiler
- 17. #RSAC INTEL MPX
- 18. #RSAC Intel® Memory ProtecLon Extensions 18 MPX Bound Check ISA Bound Table
- 21. #RSAC QEMU VM ESCAPE CASE STUDY
- 22. #RSAC CVE-2015-5165 and CVE-2015-7504 Exploit 22 #HITB2016AMS D1T1 - Escape From The Docker KVM QEMU Machine - Shengping Wang and Xu Liu
- 23. #RSAC CVE-2015-5165 Memory Disclosure 23 Malformed Package Malformed Package Host Guest OS QEMU Vulnerable Code Host Memory Data Host Memory Data QEMU Memory Address Guest OS Memory Address
- 24. #RSAC CVE-2015-7504 Code ExecuLon 24 Malformed Package Host Guest OS QEMU Vulnerable Code CriLcal Pointer
- 27. #RSAC CVE-2015-7504 Exploit in HITB 27 xchg rax,rsp; ret
- 28. #RSAC CVE-2015-7504 Exploit in Phrack 28 qemu_set_irq Mprotect shellcode
- 30. #RSAC CVE-2015-5165 – Out of Bound Access Defense with MPX 30 Enable MPX on packet memory access
- 31. #RSAC CVE-2015-7504 – Out of Bound Read Defense with MPX 31 Enable MPX on buffer[4096] memory access
- 32. #RSAC CVE-2015-7504 Exploit Defense with CET 32 xchg rax,rsp; ret Shadow Stack can stop “xchg rax,rsp;ret”
- 33. #RSAC CVE-2015-7504 Exploit Defense with CET 33 qemu_set_irq Mprotect shellcode Indirect Branch Tracking can stop irq->handler calling qemu_set_irq without valid tag
- 35. #RSAC Other MiLgaLon - PKU 35
- 36. #RSAC Other MiLgaLon - PMI 36 ENDBR32/ENDBR64 IND JMP IND CALL PMI Handler with Target Tag Check LBR_FROM LBR_TO
- 37. #RSAC Summary 37 VM escape is pracLcal and impacts cloud foundaLon security Intel CET/MPX can enhance miLgaLon on ROP/JOP/COP and buffer overflow, specifically on cloud virtualizaLon stack
- 38. #RSAC Call For AcLons 38 Apply new CPU mechanisms such as CET/MPX/PMU/PKU on exploit defense