Externally federated domain endpoints are an exciting target for Red Team assessments. While often overlooked, externally federated domain services can provide multiple access points to an internal network, from the internet. This talk will cover enumeration of federated domains (ADFS and AzureAD), the enumeration of federated services (Office365, Skype for Business, etc.), and attacks that you can leverage against these endpoints to gain access to an internal network. Additional PowerShell tools will be included in the talk to help you automate these attacks.
Automating Attacks Against Office365 - BsidesPDX 2016Karl Fosaaen
The move to Office365 has become increasingly popular in the last few years. As a penetration tester, I'm seeing more organizations shuttle their domain credentials up to the cloud for easier management of their Office365 environment. By federating with Microsoft, many organizations are exposing a larger attack surface area to the internet. During this talk, I will show you how to identify domains that are Microsoft managed, help you guess passwords for users on those domains, and show you how to pivot from the cloud environment into a company's internal network. Since manually completing attacks against these endpoints can be tedious, I've created some PowerShell tools to help automate these attacks. We'll go over how to use these tools from an external penetration test perspective and show how Office365 in the cloud can be a great target for attackers.
Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...Jason Himmelstein
Are you looking to take advantage of the scalability & power of Azure IaaS for SharePoint but don't know how to get started? Join us for this session where we will learn the proper way to get off the ground and navigate around the rough patches when standing up SharePoint on Azure IaaS. You will leave this session with a clear understanding of what it takes to get started, how best to configure your Azure environment, and some very helpful tips and scripts to make your experience smoother. Come learn from our experiences in the field so that you can find success faster!
“What was wrong with my handy STSADM scripts?” “You mean there are things that I cannot do from the GUI now?” “WHAT THE HECK IS THIS VERB-NOUN STUFF?” If you have been thinking these or similar things about the new world order under a PowerShell driven regime, you are not alone. Come learn the basics and how to truly optimize your SharePoint implementation using this powerful ITPro toolset. You will walk away with a new a mind full of new ideas and a pocket full of scripts to get you started.
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...Beau Bullock
Your vulnerability scanner reports that there are no issues on your network. A pentester has spent the last week trying to exploit every system your organization owns with no luck. The check box for this year's compliance audit has been checked. While it is good that these things occurred, they do not complete the picture in regards to true risk.
Real attackers do not solely rely on software exploits to compromise an environment. In almost every breach you hear about the root of the compromise came from a phishing attack. This is why additional tests, post-infection, should be performed to assess just how far an attacker can go after gaining a foothold into your environment.
What command and control channels are available for an attacker to utilize to communicate with your internal systems? How easy is it for an attacker to move laterally within your environment and gain access to other systems? What are your detection capabilities when it comes to sensitive data being exfiltrated out of your environment? How do you test these attacker techniques using open-source tools?
This lecture will address these questions and more, including a showcase of attacker methodologies.
Navigating the turbulence on take-off: Setting up SharePoint on Azure IaaS th...Jason Himmelstein
Are you looking to take advantage of the scalability & power of Azure IaaS for SharePoint but don't know how to get started? Join us for this session where we will learn the proper way to get off the ground and navigate around the rough patches when standing up SharePoint on Azure IaaS. You will leave this session with a clear understanding of what it takes to get started, how best to configure your Azure environment, and some very helpful tips and scripts to make your experience smoother. Come learn from our experiences in the field so that you can find success faster!
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Beau Bullock
Does the blue team got you feeling down because they are on you like Windows Defender on a Mimikatz binary? Have you lost sleep at night because their logging and alerting levels are so well tuned that if they were vocals, auto-tune couldn’t make them any better? Do you like surprises? Well you are in luck!
Over the last few months we’ve been doing a bit of research around various Microsoft “features”, and have mined a few interesting nuggets that you might find useful if you’re trying to be covert on your red team engagements. This talk will be “mystery surprise box” style as we’ll be weaponizing some things for the first time. There will be demos and new tools presented during the talk. So, if you want to win at hide-n-seek with the blue team, come get your covert attack mystery box!
It's just Skype for Business - THOTCONKarl Fosaaen
Many organizations are turning to Microsoft to help with their internal communication needs, and some are exposing themselves to external attacks by federating their Skype for Business (formerly Lync) deployments. Federation allows organizations to talk to other external Skype users, but do they really need to? In this talk, we'll go over how you can use the Lync SDK (and a federated account) to automate attacks against federated Skype for Business deployments. We will start with user enumeration and social engineering recon, move on to some password brute force attacks, and wrap things up by automating Skype phishing attacks.
Automating Attacks Against Office365 - BsidesPDX 2016Karl Fosaaen
The move to Office365 has become increasingly popular in the last few years. As a penetration tester, I'm seeing more organizations shuttle their domain credentials up to the cloud for easier management of their Office365 environment. By federating with Microsoft, many organizations are exposing a larger attack surface area to the internet. During this talk, I will show you how to identify domains that are Microsoft managed, help you guess passwords for users on those domains, and show you how to pivot from the cloud environment into a company's internal network. Since manually completing attacks against these endpoints can be tedious, I've created some PowerShell tools to help automate these attacks. We'll go over how to use these tools from an external penetration test perspective and show how Office365 in the cloud can be a great target for attackers.
Navigating the turbulence on takeoff: Setting up SharePoint on Azure IaaS the...Jason Himmelstein
Are you looking to take advantage of the scalability & power of Azure IaaS for SharePoint but don't know how to get started? Join us for this session where we will learn the proper way to get off the ground and navigate around the rough patches when standing up SharePoint on Azure IaaS. You will leave this session with a clear understanding of what it takes to get started, how best to configure your Azure environment, and some very helpful tips and scripts to make your experience smoother. Come learn from our experiences in the field so that you can find success faster!
“What was wrong with my handy STSADM scripts?” “You mean there are things that I cannot do from the GUI now?” “WHAT THE HECK IS THIS VERB-NOUN STUFF?” If you have been thinking these or similar things about the new world order under a PowerShell driven regime, you are not alone. Come learn the basics and how to truly optimize your SharePoint implementation using this powerful ITPro toolset. You will walk away with a new a mind full of new ideas and a pocket full of scripts to get you started.
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...Beau Bullock
Your vulnerability scanner reports that there are no issues on your network. A pentester has spent the last week trying to exploit every system your organization owns with no luck. The check box for this year's compliance audit has been checked. While it is good that these things occurred, they do not complete the picture in regards to true risk.
Real attackers do not solely rely on software exploits to compromise an environment. In almost every breach you hear about the root of the compromise came from a phishing attack. This is why additional tests, post-infection, should be performed to assess just how far an attacker can go after gaining a foothold into your environment.
What command and control channels are available for an attacker to utilize to communicate with your internal systems? How easy is it for an attacker to move laterally within your environment and gain access to other systems? What are your detection capabilities when it comes to sensitive data being exfiltrated out of your environment? How do you test these attacker techniques using open-source tools?
This lecture will address these questions and more, including a showcase of attacker methodologies.
Navigating the turbulence on take-off: Setting up SharePoint on Azure IaaS th...Jason Himmelstein
Are you looking to take advantage of the scalability & power of Azure IaaS for SharePoint but don't know how to get started? Join us for this session where we will learn the proper way to get off the ground and navigate around the rough patches when standing up SharePoint on Azure IaaS. You will leave this session with a clear understanding of what it takes to get started, how best to configure your Azure environment, and some very helpful tips and scripts to make your experience smoother. Come learn from our experiences in the field so that you can find success faster!
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Beau Bullock
Does the blue team got you feeling down because they are on you like Windows Defender on a Mimikatz binary? Have you lost sleep at night because their logging and alerting levels are so well tuned that if they were vocals, auto-tune couldn’t make them any better? Do you like surprises? Well you are in luck!
Over the last few months we’ve been doing a bit of research around various Microsoft “features”, and have mined a few interesting nuggets that you might find useful if you’re trying to be covert on your red team engagements. This talk will be “mystery surprise box” style as we’ll be weaponizing some things for the first time. There will be demos and new tools presented during the talk. So, if you want to win at hide-n-seek with the blue team, come get your covert attack mystery box!
It's just Skype for Business - THOTCONKarl Fosaaen
Many organizations are turning to Microsoft to help with their internal communication needs, and some are exposing themselves to external attacks by federating their Skype for Business (formerly Lync) deployments. Federation allows organizations to talk to other external Skype users, but do they really need to? In this talk, we'll go over how you can use the Lync SDK (and a federated account) to automate attacks against federated Skype for Business deployments. We will start with user enumeration and social engineering recon, move on to some password brute force attacks, and wrap things up by automating Skype phishing attacks.
1. Learn about service accounts for SharePoint 2013
2. Learn how to install SharePoint 2013 using best practices for lowest privilege installations
3. Learn about the installation of workflow server & Office web apps and how they interact with SharePoint 2013
Pentest Apocalypse-That's when you hire a pentester, and they walk all over your network. To avoid this, organizations need to be prepared before the first packet is sent in order to get the most value from the tester. There is no excuse for pentesters to find critical vulnerabilities that are six years old on an assessment. And who needs a zero-day when employees leave credentials on wide-open shares? Just like how Doomsday Preppers helps you prepare for the apocalypse, this presentation will help you prepare for, and avoid, a pentest apocalypse by describing common vulnerabilities found on many assessments. Being prepared for common pentester activities will not only help add value to a pentest but will also help prevent attackers from using the same tactics to compromise your organization.
For More Information Please Visit:- http://bsidestampa.net
http://www.irongeek.com/i.php?page=videos/bsidestampa2015/104-pentest-apocalypse-beau-bullock
How to Do a Performance Audit of Your .NET WebsiteDNN
The hardest part about website performance optimization is identifying the root cause.
In this presentation, Bruce Chapman, Director of Cloud and Web Operations at DNN, shows you how to perform a comprehensive performance audit of your .NET website.
You’ll learn how to uncover the causes of performance issues, and understand that improving performance is often straightforward once the root cause is identified.
Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances for fault tolerance and load distribution. In this session, we go into detail about Elastic Load Balancing's configuration and day-to-day management, as well as its use in conjunction with Auto Scaling. We explain how to make decisions about the service and share best practices and useful tips for success.
Coding 100 session that took place a week before the Coding Camp, Berlin event (13-14 Feb 2016), to teach people to code!
See http://hackathon.cisco.com/event/codingcamp-Berlin-2016 for the Coding Camp event
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014Amazon Web Services
Log data contains some of the most valuable raw information you can gather and analyze about your infrastructure and applications. Amid the mess of confusing lines of seemingly random text can be hints about performance, security, flaws in code, user access patterns, and other operational data. Without the proper tools, finding insights in these logs can be like searching for a hay-colored needle in a haystack. In this session you learn what practices and patterns you can easily implement that can help you better understand your log files. You see how you can customize web logs to add more information to them, how to digest logs from around your infrastructure, and how to analyze your log files in near real time.
In this workshop, we’ll interactively demonstrate lightweight threat modeling techniques to elicit and qualify risks against a typical CDN-fronted web application. We’ll then perform attacks against an example web application and demonstrate how the Fastly edge cloud can mitigate security risks.
2019 DevCon - The future of Authentication by Codrin ChiricaCodrin Chirica
The future of authentication - Codrin Chirica
This lighting talk will show how Alfresco is addressing the issues that are at the moment regarding authentication on our platform and what are the plans for the future.
Please be aware that this is subject to change even thought we try to follow the roadmap, sometimes priorities change.
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
In The Trenches With Tomster, Upgrading Ember.js & Ember DataStacy London
A few months after I started working with Ember.js & Ember Data at my new job we began a project to upgrade both. There were parts that were a breeze and others that were quite tricky. This talk walks you through some of the challenges we faced and how we solved them as well as how we began to prepare for the Ember 2.x architectural shift. Hopefully this talk will help save you some time when you decide to upgrade your Ember web application.
Adopting Java for the Serverless world at Serverless Meetup SingaporeVadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless Community. Java is known for its high cold start times and high memory footprint. For both you have to pay to the cloud providers of your choice. That's why most developers tried to avoid using Java for such use cases. But the times change: Community and cloud providers improve things steadily for Java developers. In this talk we look at the features and possibilities AWS cloud provider offers for the Java developers and look the most popular Java frameworks, like Micronaut, Quarkus and Spring (Boot) and look how (AOT compiler and GraalVM native images play a huge role) they address Serverless challenges and enable Java for broad usage in the Serverless world.
Attacking ADFS Endpoints with PowerShell Karl Fosaaen - @kfosaaen Active Directory Federation Services (ADFS) has become increasingly popular in the last few years. As a penetration tester, I'm seeing organizations opening themselves up to attacks on ADFS endpoints across the Internet. Manually completing attacks against these endpoints can be tedious. The current native Microsoft management tools are handy, but what if we weaponized them. During this talk, I will show you how to identify domains that support ADFS, confirm email addresses for users of the domain, and help you guess passwords for those users. We'll cover how you can set up your own hosted ADFS domain (on the cheap), and use it to attack other federated domains. On top of that, we'll show you how you can wrap all of the native functionality with PowerShell to automate your attacks. This talk should give penetration testers an overview on how they can start leveraging ADFS endpoints during a penetration test.
https://www.derbycon.com/events/attacking-adfs-endpoints-with-powershell/
1. Learn about service accounts for SharePoint 2013
2. Learn how to install SharePoint 2013 using best practices for lowest privilege installations
3. Learn about the installation of workflow server & Office web apps and how they interact with SharePoint 2013
Pentest Apocalypse-That's when you hire a pentester, and they walk all over your network. To avoid this, organizations need to be prepared before the first packet is sent in order to get the most value from the tester. There is no excuse for pentesters to find critical vulnerabilities that are six years old on an assessment. And who needs a zero-day when employees leave credentials on wide-open shares? Just like how Doomsday Preppers helps you prepare for the apocalypse, this presentation will help you prepare for, and avoid, a pentest apocalypse by describing common vulnerabilities found on many assessments. Being prepared for common pentester activities will not only help add value to a pentest but will also help prevent attackers from using the same tactics to compromise your organization.
For More Information Please Visit:- http://bsidestampa.net
http://www.irongeek.com/i.php?page=videos/bsidestampa2015/104-pentest-apocalypse-beau-bullock
How to Do a Performance Audit of Your .NET WebsiteDNN
The hardest part about website performance optimization is identifying the root cause.
In this presentation, Bruce Chapman, Director of Cloud and Web Operations at DNN, shows you how to perform a comprehensive performance audit of your .NET website.
You’ll learn how to uncover the causes of performance issues, and understand that improving performance is often straightforward once the root cause is identified.
Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances for fault tolerance and load distribution. In this session, we go into detail about Elastic Load Balancing's configuration and day-to-day management, as well as its use in conjunction with Auto Scaling. We explain how to make decisions about the service and share best practices and useful tips for success.
Coding 100 session that took place a week before the Coding Camp, Berlin event (13-14 Feb 2016), to teach people to code!
See http://hackathon.cisco.com/event/codingcamp-Berlin-2016 for the Coding Camp event
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014Amazon Web Services
Log data contains some of the most valuable raw information you can gather and analyze about your infrastructure and applications. Amid the mess of confusing lines of seemingly random text can be hints about performance, security, flaws in code, user access patterns, and other operational data. Without the proper tools, finding insights in these logs can be like searching for a hay-colored needle in a haystack. In this session you learn what practices and patterns you can easily implement that can help you better understand your log files. You see how you can customize web logs to add more information to them, how to digest logs from around your infrastructure, and how to analyze your log files in near real time.
In this workshop, we’ll interactively demonstrate lightweight threat modeling techniques to elicit and qualify risks against a typical CDN-fronted web application. We’ll then perform attacks against an example web application and demonstrate how the Fastly edge cloud can mitigate security risks.
2019 DevCon - The future of Authentication by Codrin ChiricaCodrin Chirica
The future of authentication - Codrin Chirica
This lighting talk will show how Alfresco is addressing the issues that are at the moment regarding authentication on our platform and what are the plans for the future.
Please be aware that this is subject to change even thought we try to follow the roadmap, sometimes priorities change.
FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...Vadym Kazulkin
When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.
In The Trenches With Tomster, Upgrading Ember.js & Ember DataStacy London
A few months after I started working with Ember.js & Ember Data at my new job we began a project to upgrade both. There were parts that were a breeze and others that were quite tricky. This talk walks you through some of the challenges we faced and how we solved them as well as how we began to prepare for the Ember 2.x architectural shift. Hopefully this talk will help save you some time when you decide to upgrade your Ember web application.
Adopting Java for the Serverless world at Serverless Meetup SingaporeVadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless Community. Java is known for its high cold start times and high memory footprint. For both you have to pay to the cloud providers of your choice. That's why most developers tried to avoid using Java for such use cases. But the times change: Community and cloud providers improve things steadily for Java developers. In this talk we look at the features and possibilities AWS cloud provider offers for the Java developers and look the most popular Java frameworks, like Micronaut, Quarkus and Spring (Boot) and look how (AOT compiler and GraalVM native images play a huge role) they address Serverless challenges and enable Java for broad usage in the Serverless world.
Attacking ADFS Endpoints with PowerShell Karl Fosaaen - @kfosaaen Active Directory Federation Services (ADFS) has become increasingly popular in the last few years. As a penetration tester, I'm seeing organizations opening themselves up to attacks on ADFS endpoints across the Internet. Manually completing attacks against these endpoints can be tedious. The current native Microsoft management tools are handy, but what if we weaponized them. During this talk, I will show you how to identify domains that support ADFS, confirm email addresses for users of the domain, and help you guess passwords for those users. We'll cover how you can set up your own hosted ADFS domain (on the cheap), and use it to attack other federated domains. On top of that, we'll show you how you can wrap all of the native functionality with PowerShell to automate your attacks. This talk should give penetration testers an overview on how they can start leveraging ADFS endpoints during a penetration test.
https://www.derbycon.com/events/attacking-adfs-endpoints-with-powershell/
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
Što danas zamjenjuje Small Business Server?Tomislav Lulic
Jos uvijek je dosta nezadovoljnih zbog nestanka Small Business Servera. No, da li stvarno moraju biti nezadovoljni? Prebacivanjem vecine servisa u Cloud uz pomoc Office 365 korisnik dobiva puno više nego je prije imao. Kroz demo pokazati koji su servisi poboljšani, koje promjene u poslovanju mogu korisnici (u SMB segementu) očekivati. Kroz demo pokazati kako Windows Server 2012 R2 Essential i Office 365 mogu pružiti Enterprise mogućnosti manjim tvrtkama koje nemaju zaposlene IT stručnjake.
The Skype for Business (Lync) apps are one of the ubiquitous aspect of the product. Mobility is cross platform (Android, IOS and Windows are supported), has specific requirements and (in Skype for Business) adds some specific limits for clients on authentication, security and features. As part of the default server features, mobility is now both easier and more critical to understand. In this session, we will see what has been made available for the mobile users and what will be released. Configurations, requirements and deployment suggestions will be explained for on-premises, Cloud and hybrid deployments
Security is more critical than ever with new computing environments in the cloud and expanding access to the internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. Dave Erickson will walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments. Rob Moore will then go into depth on the specific topic of setting up and running MongoDB with TLS/SSL and x.509 authentication covering how it works and common errors he's encountered in the field.
SharePoint 2016 Platform Adoption Lessons Learned and Advanced TroubleshootingJohn Calvert
Lessons learned from designing and building a modern SharePoint Server 2016 platform architecture for a Government of Canada agency and some advanced troubleshooting scenarios that arose. We will look in particular at web and service applications, host-named site collections, search, and security.
Microsoft Azure Hybrid Cloud - Getting Started For TechiesAidan Finn
This is my "getting started for techies" presentation on using the Microsoft Azure public cloud to build hybrid cloud solutions in conjunction with Windows Server 2012 R2 Hyper-V and System Center.
[Robert Vončina] With SharePoint 2016 there are a few new things that makes configuring SharePoint 2016 for BI a bit more challenging. This session will display how to configure your SharePoint 2016 environment for authentication delegation with Kerberos for different BI tools.
BP101 - Can Domino Be Hacked? Lessons We Can Learn From the Security Community from MWLUG-2017 with Howard Greenberg and Andrew Pollack
The Open Web Application Security Project (OWASP) is an open source community dedicated to improving software security. OWASP publishes a Top 10 list of common security issues in web applications with suggestions on how to alleviate them. This session will examine the OWASP Top Ten list of security suggestions and relate them to the Domino world and how you can better secure your Notes and Domino applications. Both administrators and developers will gain valuable insights into how to best protect sensitive information we maintain in our Domino environments!
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...Amazon Web Services
Come learn about architecting high-performance applications and production workloads using Amazon RDS for SQL Server. Understand how to migrate your data to an Amazon RDS instance, apply security best practices, and optimize your database instance and applications for high availability.
SharePoint Saturday New York: PowerShell for Office 365Vlad Catrinescu
Take your Office 365 Administrator skills further by learning to automate repetitive tasks using the magic of PowerShell.
In this session, you will learn how to use PowerShell for Office 365, and we will focus on SharePoint online. A basic understanding of PowerShell is recommended to get the most out of this session!
Similar to Externally Testing Modern AD Domains - Arcticcon (20)
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Introductions
• Who am I?
‒Karl Fosaaen
• What do I do?
‒Wear lots of hats
‒Pen Testing
‒Password Cracking
‒Social Engineering
‒Blog
‒DEF CON Swag Goon
‒Pinball Repair
3. Slides Overview
• Intro
• Domain Enumeration
• Authentication Endpoint Enumeration
‒ Graph API
‒ ADFS
‒ Office 365
• Microsoft Online login
• Exchange
• Skype for Business
• Pivoting to the internal network
• Attack Mitigations
• Conclusions
4. Intro
• Standard ExPen Process
‒ Enumeration of domain info
• Services
• Username/Email recon
‒ Exploitation of issues
• Phishing
• Web Vulnerabilities
• Weak/Default logins
‒ Pivot to internal network
‒ Escalate internally
9. Domain Enumeration
Side Note:
• Office365 had an Authentication Bypass issue
‒ Insecure SAML assertions
‒ Affected all federated Office365 domains
‒ They called out this method in their blog post
Source:
http://www.economyofmechanism.com/office365-
authbypass.html
15. Domain Enumeration
• Multiple domains at once
https://blog.netspi.com/using-powershell-identify-federated-domains/
https://github.com/NetSPI/PowerShell/blob/master/Get-FederationEndpoint.ps1
16. Domain Enumeration
• What’s the current exposure?
‒ 47,455 (4.7%) of the top 1 Million have
“ms=ms*” DNS records
• Personal Experience
‒ Managed/Federated/Neither
50% 40% 10%
24. ADFS Overview
Active Directory Federation Services (AD FS)
“is a standards-based service that allows the
secure sharing of identity information
between trusted business partners (known
as a federation) across an extranet.”
Source:
https://msdn.microsoft.com/en-us/library/bb897402.aspx
25. ADFS – Credential Brute Forcing
• Get-FederationEndpoint gives us the
appropriate command to run for the domain
‒ Federated Domain
30. Setting Up Your Test Environment
• Install the Azure AD PowerShell Module
• https://msdn.microsoft.com/en-
us/library/azure/jj151815(v=azure.98).aspx
31. Office365 - Credential Brute Forcing
• Get-FederationEndpoint gives us the
appropriate command to run for the domain
‒ Microsoft Managed Domain
33. Office365 – User Enumeration
1. $msolcred = get-credential
2. connect-msolservice -credential $msolcred
3. Get-MsolUser -All | ft –AutoSize
• This also works for apps (Web/Thick) using
AzureAD for account management
34. Office365 - Exchange
• If the domain uses Office365, you can most
likely connect to Office365 Exchange with
PowerShell
38. Skype For Business – Overview
• Formerly Lync, now Skype for Business
• Commonly Federated with other domains
‒ Great for credential guessing, user
enumeration, and social engineering
39. Skype For Business – Tools
• Grab the PowerShell modules from NetSPI
• https://github.com/NetSPI/PowerShell/blob/master/Power
Skype.ps1
40. Skype For Business – Credential Brute Forcing
‒ Get-SkypeLoginURL
• In progress
‒ Invoke-SkypeLogin
‒ Credit to @Nyxgeek for the auth endpoints
41. Skype For Business – Blind User Enumeration
• Using a federated Skype account, we can
enumerate other federated Skype users
• Just open a chat with them
42. Skype For Business – Blind User Enumeration
• Or we can just chat with these CEOs
43. Skype For Business – Blind User Enumeration
• Blind User enumeration (email confirmation)
requires the SDK
‒ Also requires a signed in federated user
• You can use guessed credentials (autodiscover)
• or pay Microsoft for a cheap federated account
• ~$6/month
44. Skype For Business – Tools
• Install Skype for Business and the Lync SDK
‒ Requires Visual Studio 2010 for the easiest
install
https://www.microsoft.com/en-us/download/details.aspx?id=36824
45. Skype For Business – Blind User Enumeration
• Let’s just wrap it with PowerShell
Get-SkypeStatus -inputFile test_emails.txt | ft -AutoSize
47. Skype For Business – Blind User Enumeration
Demo
• Get-SkypeStatus -inputFile
"C:TempLiveAdmins.txt" | ft -AutoSize
• It helps if we run it a couple of times…
51. Pivoting to the Internal Network – Exchange
• Attacking Email Accounts
‒ If Autodiscover is enabled, adding an account
can be done from anywhere
‒ Email is interesting, but I’d like a shell
‒ This can not be done programmatically with
PowerShell (*Easily)
‒ “Malicious Outlook Rules”
• Nick Landers – Silent Break Security
‒ “MAPI over HTTP and Mailrule Pwnage”
• Etienne - sensepost
52. Pivoting to the Internal Network – Skype
• Send messages from OWA or Skype for
Business
‒ Autodiscover is also handy here
‒ People will trust their co-workers
• “Can you look over this word doc for me?”
53. Pivoting to the Internal Network – Skype
Demo
• Get-SkypeStatus -email karl.fosaaen@netspi.com
• Invoke-SendSkypeMessage
-email karl.fosaaen@netspi.com
-message "Hello from Derbycon"
• for ($i = 0; $i -lt 10; $i++){Invoke-
SendSkypeMessage -email
karl.fosaaen@netspi.com -message "Hello $i"}
56. Pivoting to the Internal Network – VPN
• Single Factor VPN Example
‒ Enumerated user emails on LinkedIn
‒ Guessed passwords against MSOnline with
PowerShell
‒ Enumerated VPN interfaces
‒ Logged in with guessed credentials
‒ GPP -> Local admin on DA system
‒ DCSync
• “Store passwords using reversible encryption”
57. Pivoting to the Internal Network – Other
• Other Routes
‒ Single Factor Services
• Management Protocols
• RDP
• SSH
• Terminal Services – Web Based
• Citrix
• VDI
• Etc.
58. Pivoting to the Internal Network – OneDrive
• Malicious OneDrive Documents
‒ Can’t use macros in the online version of excel
59. Pivoting to the Internal Network - SharePoint
• Malicious SharePoint Documents
‒ Same concept as OneDrive, just a different
platform
‒ Backdoor a document
‒ Edit pages
64. Conclusions
• Lots of authentication endpoints on the
Internet
• There’s always a $SEASON$YEAR password
out there
• There are several ways to pivot internally
with credentials
• MFA will help reduce your risk
65. Next Steps
• Yet another framework for pen testing…
‒ Enumerate all of the potential AD
authentication endpoints for a domain
• And again, AutoDiscover is handy here
‒ Include credential brute force methods for
each interface type
‒ Easy mode, autopwn, etc.
• Give it a domain, user list, and go for it
‒ Try to keep it dependency free
• Easier to use
• More portable