Cloud Malware Distribution (CMD) is an alternative method for malware distribution using legitimate DNS caches. It works by encoding malware payloads into DNS resource records and forcing the injection of these records into public DNS caches without compromising servers. The records are then resolved through intranet DNS servers, reassembling the malware payload on infected machines. The presentation describes the DNS protocol, caching, and how the technique was implemented and tested on various public DNS servers around the world.
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...RootedCON
Radare was originally created as a forensics tool but now also supports bindiffing binaries. It can perform multiple search methods on files including regular expressions, strings, and hexpairs. Signatures and magic templates allow parsing unknown file formats. Scripting is supported through Vala bindings. Filesystems can be mounted and partitions analyzed. Bindiffing helps analyze differences between binaries through function and basic block matching and fingerprints. A work-in-progress graphical interface called ragui is also being built.
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...RootedCON
The document discusses techniques for obfuscating malicious PDF files to avoid detection. It begins with an introduction to the PDF format and its object types. It then covers many obfuscation techniques like avoiding characteristic strings, splitting up JavaScript code, encoding strings and names, using uncommon filters, and introducing malformed formatting. The document also analyzes how these techniques can help files evade antivirus detection and complicate analysis by tools. It highlights the peepdf tool for its Python-based interactive PDF analysis capabilities. In conclusions, it finds that nested PDFs, compressed objects, new filters, encryption, and avoiding characteristic strings are very effective at evading detection.
Ведущий: Александр Попов
В настоящем докладе будет рассмотрен успешный опыт использования отладочного механизма KASan (Kernel address sanitizer) для автономного гипервизора. Докладчик расскажет, как удалось усилить KASan по сравнению с его реализацией в ядре Linux.
Palestra realizada por Toronto Garcez aka torontux durante a 3a. edição da Nullbyte Security Conference em 26 de novembro de 2016.
Resumo:
O objetivo da apresentação é demonstrar de forma prática, o passo-a-passo para criar uma botnet com roteadores wi-fi e/ou embarcados em geral. Será demonstrado o desenvolvimento de um comando e controle e a utilização de firmwares "backdorados" para tornar dispositivos em bots.
Apresentação realizada pelo Bernardo Rodrigues aka bernardomr durante a 2a.edição da Nullbyte Securite Conference em 21/11/2015.
Resumo:
A tecnologia de de Internet à Cabo evoluiu consideravelmente nos últimos anos, trazendo novos desafios de segurança. A transição para o DOCSIS 3.0 introduziu equipamentos mais modernos, com maior capacidade e novas funcionalidades. Os clientes acessam a Internet com "caixas pretas" e confiam que os fabricantes e provedores vão mantê-los seguros. A ideia da palestra é discutir a segurança dos modems a cabo, assim como a tecnologia de gerência dos dispositivos, transporte das informações e atualizações de firmware.
The document discusses various attacks that are possible against the AoE (ATA over Ethernet) storage protocol due to its lack of authentication and security features. Some key attacks mentioned include replay attacks, unauthenticated disk access by reading and writing directly to disks, creating an AoE proxy to reroute traffic, and denial of service attacks. The document warns that AoE deployments could be vulnerable if not properly segmented from untrusted networks.
This document provides an overview of OpenStack Networking (Neutron) and the different networking plugins and configurations available in Neutron. It discusses the Nova network manager, the Neutron OpenvSwitch plugin configured for VLAN and GRE tunneling modes, Neutron security groups, and Neutron's software defined networking capabilities. Diagrams and examples of packet flows are provided to illustrate how networks are logically and physically implemented using the different Neutron plugins.
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...RootedCON
Radare was originally created as a forensics tool but now also supports bindiffing binaries. It can perform multiple search methods on files including regular expressions, strings, and hexpairs. Signatures and magic templates allow parsing unknown file formats. Scripting is supported through Vala bindings. Filesystems can be mounted and partitions analyzed. Bindiffing helps analyze differences between binaries through function and basic block matching and fingerprints. A work-in-progress graphical interface called ragui is also being built.
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...RootedCON
The document discusses techniques for obfuscating malicious PDF files to avoid detection. It begins with an introduction to the PDF format and its object types. It then covers many obfuscation techniques like avoiding characteristic strings, splitting up JavaScript code, encoding strings and names, using uncommon filters, and introducing malformed formatting. The document also analyzes how these techniques can help files evade antivirus detection and complicate analysis by tools. It highlights the peepdf tool for its Python-based interactive PDF analysis capabilities. In conclusions, it finds that nested PDFs, compressed objects, new filters, encryption, and avoiding characteristic strings are very effective at evading detection.
Ведущий: Александр Попов
В настоящем докладе будет рассмотрен успешный опыт использования отладочного механизма KASan (Kernel address sanitizer) для автономного гипервизора. Докладчик расскажет, как удалось усилить KASan по сравнению с его реализацией в ядре Linux.
Palestra realizada por Toronto Garcez aka torontux durante a 3a. edição da Nullbyte Security Conference em 26 de novembro de 2016.
Resumo:
O objetivo da apresentação é demonstrar de forma prática, o passo-a-passo para criar uma botnet com roteadores wi-fi e/ou embarcados em geral. Será demonstrado o desenvolvimento de um comando e controle e a utilização de firmwares "backdorados" para tornar dispositivos em bots.
Apresentação realizada pelo Bernardo Rodrigues aka bernardomr durante a 2a.edição da Nullbyte Securite Conference em 21/11/2015.
Resumo:
A tecnologia de de Internet à Cabo evoluiu consideravelmente nos últimos anos, trazendo novos desafios de segurança. A transição para o DOCSIS 3.0 introduziu equipamentos mais modernos, com maior capacidade e novas funcionalidades. Os clientes acessam a Internet com "caixas pretas" e confiam que os fabricantes e provedores vão mantê-los seguros. A ideia da palestra é discutir a segurança dos modems a cabo, assim como a tecnologia de gerência dos dispositivos, transporte das informações e atualizações de firmware.
The document discusses various attacks that are possible against the AoE (ATA over Ethernet) storage protocol due to its lack of authentication and security features. Some key attacks mentioned include replay attacks, unauthenticated disk access by reading and writing directly to disks, creating an AoE proxy to reroute traffic, and denial of service attacks. The document warns that AoE deployments could be vulnerable if not properly segmented from untrusted networks.
This document provides an overview of OpenStack Networking (Neutron) and the different networking plugins and configurations available in Neutron. It discusses the Nova network manager, the Neutron OpenvSwitch plugin configured for VLAN and GRE tunneling modes, Neutron security groups, and Neutron's software defined networking capabilities. Diagrams and examples of packet flows are provided to illustrate how networks are logically and physically implemented using the different Neutron plugins.
Ведущий: Терренс Гаро
В докладе рассказывается о том, как создать ханипот (ловушку) и организовать сервис с обновляемыми данными о попавшихся DDoS-ботах с помощью Kibana, Elasticsearch, Logstash и AMQP. Докладчик откроет исходный код системы мониторинга и сбора внешней статистики DDoS-атак, над которой он работал со своей командой последние два года.
This document provides instructions for setting up an intrusion prevention system (IPS) using VMware ESXi, Snort IPS, and Debian Linux. It describes configuring the ESXi host with multiple virtual switches and network adapters. It then guides installing and configuring Debian, dependencies like libpcap and Snort on a virtual machine. It also covers configuring PulledPork to automatically download and install Snort rule updates. The goal is to inspect all external network traffic for protection.
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
Second presentation of my research into reverse engineering a TomTom Runner GPS watch. In this I explain how I got running code inside an unfamiliar device and proceeded to bypass its security measures and extract firmware keys and code from the device.
More details on my personal blog, at http://grangeia.io
Presented in October 2015 at "Confraria de Segurança da Informação" in Lisbon
This document provides an overview and comparison of Suricata and Snort intrusion detection systems. It discusses features like performance, rule writing, and capabilities. PF_ring and netsniff-ng are introduced as tools for improving packet capture speed. The document also demonstrates how to write Snort rules specifying actions, protocols, IP addresses, ports, directions and other options.
The document describes a proof-of-concept malware called "evil mass storage" that can infect systems without an internet connection. It uses a custom hardware device with a micro SD card and radio frequency module to exfiltrate information from infected targets. The malware has multiple stages and can hide in encrypted sectors on the SD card or transmit data via radio. Details are provided on the prototype hardware, firmware, and future improvements planned for the project.
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
This document introduces new Docker network drivers called Macvlan and Ipvlan. It provides information on setting up and using these drivers. Some key points:
- Macvlan and Ipvlan allow containers to have interfaces directly on the host network instead of going through NAT or VPN. This provides better performance and no NAT issues.
- The drivers can be used in bridge mode to connect containers to an existing network, or in L2/L3 modes for more flexibility in assigning IPs and routing.
- Examples are given for creating networks with each driver mode and verifying connectivity between containers on the same network.
- Additional features covered include IP address management, VLAN trunking, and dual-stack IPv4/
The document discusses securing syslog logging on FreeBSD systems. It introduces syslog, its insecurities, and describes implementing digital signatures using an extension called syslog-sign. Syslog-sign calculates hashes of messages and stores signatures to assure integrity and detect any modifications. The implementation modifies the syslog daemon to generate signatures without other configuration. Verification can then validate log file contents offline.
This document provides an introduction to Snort rule syntax and content matching. It describes the basic components of a Snort rule including the rule header, action, protocols, addresses, ports, and rule options. It then covers various content matching techniques like content, pcre, and content modifiers like nocase, offset, depth, distance, and within. It also discusses negated content matching, content buffers, and fast_pattern. Finally, it provides examples of how content matching can be used for detection strategies like traffic triage and isolating vulnerable application traffic.
Using Nmap and Metasploit, the presenter demonstrates how to scan a target system using Nmap to identify open ports and operating system. Potential exploits are then searched for in CVE and executed using Metasploit, gaining shell access on the target. Alternatively, Nmap data can be imported into a Metasploit database to automatically attempt exploitation based on opened ports.
This presentation gives overview or our Ganeti deployment
There is related YouTube playlist (in Croatian) with presentations https://www.youtube.com/playlist?list=PLDMnMa3XBHD_K6Rl2FBe2CC-MS6mdTOrJ
IKE (Internet Key Exchange) is used to establish secure authentication and encryption keys between VPN peers to enable IPsec VPN tunnels. It uses a two-phase process, with phase 1 establishing an IKE security association to protect phase 2 negotiations, which are used to establish actual IPsec security associations. Main mode and aggressive mode differ in the number of message exchanges used, with main mode being more secure. IPsec provides confidentiality, integrity, and authentication for IP packets, while GRE is used to encapsulate non-IP traffic into IP tunnels without these security services. SSL/TLS is an application-layer protocol that operates above TCP, while IPsec is a network-layer protocol that can operate in transport mode above TCP or tunnel mode
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionJakub Słociński
The document discusses the growing issue of DDoS (Distributed Denial of Service) attacks affecting online esports. It notes that DDoS attacks aim to overload servers and make online services unavailable, which can disrupt important esports tournaments. While some basic prevention steps can help individual players, large esports events often require working with security specialists and dedicated anti-DDoS protection services to mitigate attacks. Proper anti-DDoS solutions need to filter malicious traffic while minimizing latency and reliably supporting the high-bandwidth and low-latency needs of competitive online gaming. Without adequate protection, DDoS attacks can negatively impact player experiences and hurt the esports industry.
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...RootedCON
This document provides an outline and overview of a presentation on DNSSEC (Domain Name System Security Extensions). The summary includes:
1) The presentation covers DNSSEC zone signing, statistics on DNSSEC adoption rates, recent DNS hijacking attacks aided by lack of DNSSEC, and practical examples of signing DNS zones with different registrars.
2) It discusses how DNSSEC helps protect against spoofing and cache poisoning attacks by providing authentication and integrity for DNS responses. However, DNSSEC is not enough on its own and secure administration of DNS infrastructure is also important.
3) Examples are given showing different levels of customization and control available when signing zones with different registrars, from a simple one-click activation to
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)PROIDEA
More and more poorly designed devices are connected to Internet, often without basic security options such as changing password, or firmware updates [sic!]. Many of them are based on well-known SoC, such as Atheros AR9331, Ralink RT5350, or other popular chipsets. Have you ever wondered how to regain control over hardware *you* own? Prepare soldering iron and serial console and learn how to physically hack into embedded device. Tamper with bootloader to modify system. Extract and analyze firmware on various architectures. Eventually, flash device with customized OpenWrt build and modify hardware (eg. add sensors, buttons, LCD screen or USB port).
This talk will take us back to 2006 to understand the world of software development back then, and to realize how much it has changed, for the best or, in some cases unfortunately, for the worst.
Enable DPDK and SR-IOV for containerized virtual network functions with zunheut2008
Zun is an OpenStack service that manages containers as first-class resources without relying on virtual machines. The document discusses enabling DPDK and SR-IOV support in Zun to accelerate containerized network functions (NFV). It outlines challenges in using containers for NFV and how Zun addresses gaps. Benchmark tests show containers leveraging DPDK and SR-IOV through Zun can achieve near-physical server performance for networking workloads.
This document discusses the development of an IPv6 plugin for the Snort intrusion detection system. It provides context on IPv6 security issues and attacks. It then describes how the plugin was implemented to add IPv6-specific rule options and decode/process IPv6 traffic. A neighbor discovery preprocessor was also created to monitor network changes using ICMPv6 messages. The plugin allows Snort to better detect IPv6 attacks and anomalies.
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
The document provides instructions on how to configure an SSH server on Linux, perform footprinting and reconnaissance, scanning tools and techniques, enumeration tools and techniques, password cracking techniques and tools, privilege escalation methods, and keylogging and hidden file techniques. It discusses active and passive footprinting, Nmap port scanning, NetBIOS and SNMP enumeration, Windows password hashes, the sticky keys method for privilege escalation, ActualSpy keylogging software, and hiding files using NTFS alternate data streams. Countermeasures for many of these techniques are also outlined.
This document provides a summary of a DNS tutorial presented at IETF-63 by Ólafur Guðmundsson and Peter Koch. The tutorial covered the basics of DNS, including its data model, terminology, operations, record types, protocol, and some historical problems and solutions. It aimed to give attendees a high-level understanding of DNS to facilitate new uses, rather than providing software help or detailed protocol information.
This document provides an overview of the Domain Name System (DNS) including key concepts like root name servers, top level domains, name server records, DNS records like A, MX, CNAME, TXT, SRV and PTR records. It discusses DNS configuration files, caching servers, DNS lookups, zone transfers between name servers and round robin DNS. Examples are given for various DNS record types. Useful DNS tools and links are also listed.
Ведущий: Терренс Гаро
В докладе рассказывается о том, как создать ханипот (ловушку) и организовать сервис с обновляемыми данными о попавшихся DDoS-ботах с помощью Kibana, Elasticsearch, Logstash и AMQP. Докладчик откроет исходный код системы мониторинга и сбора внешней статистики DDoS-атак, над которой он работал со своей командой последние два года.
This document provides instructions for setting up an intrusion prevention system (IPS) using VMware ESXi, Snort IPS, and Debian Linux. It describes configuring the ESXi host with multiple virtual switches and network adapters. It then guides installing and configuring Debian, dependencies like libpcap and Snort on a virtual machine. It also covers configuring PulledPork to automatically download and install Snort rule updates. The goal is to inspect all external network traffic for protection.
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
Second presentation of my research into reverse engineering a TomTom Runner GPS watch. In this I explain how I got running code inside an unfamiliar device and proceeded to bypass its security measures and extract firmware keys and code from the device.
More details on my personal blog, at http://grangeia.io
Presented in October 2015 at "Confraria de Segurança da Informação" in Lisbon
This document provides an overview and comparison of Suricata and Snort intrusion detection systems. It discusses features like performance, rule writing, and capabilities. PF_ring and netsniff-ng are introduced as tools for improving packet capture speed. The document also demonstrates how to write Snort rules specifying actions, protocols, IP addresses, ports, directions and other options.
The document describes a proof-of-concept malware called "evil mass storage" that can infect systems without an internet connection. It uses a custom hardware device with a micro SD card and radio frequency module to exfiltrate information from infected targets. The malware has multiple stages and can hide in encrypted sectors on the SD card or transmit data via radio. Details are provided on the prototype hardware, firmware, and future improvements planned for the project.
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
This document introduces new Docker network drivers called Macvlan and Ipvlan. It provides information on setting up and using these drivers. Some key points:
- Macvlan and Ipvlan allow containers to have interfaces directly on the host network instead of going through NAT or VPN. This provides better performance and no NAT issues.
- The drivers can be used in bridge mode to connect containers to an existing network, or in L2/L3 modes for more flexibility in assigning IPs and routing.
- Examples are given for creating networks with each driver mode and verifying connectivity between containers on the same network.
- Additional features covered include IP address management, VLAN trunking, and dual-stack IPv4/
The document discusses securing syslog logging on FreeBSD systems. It introduces syslog, its insecurities, and describes implementing digital signatures using an extension called syslog-sign. Syslog-sign calculates hashes of messages and stores signatures to assure integrity and detect any modifications. The implementation modifies the syslog daemon to generate signatures without other configuration. Verification can then validate log file contents offline.
This document provides an introduction to Snort rule syntax and content matching. It describes the basic components of a Snort rule including the rule header, action, protocols, addresses, ports, and rule options. It then covers various content matching techniques like content, pcre, and content modifiers like nocase, offset, depth, distance, and within. It also discusses negated content matching, content buffers, and fast_pattern. Finally, it provides examples of how content matching can be used for detection strategies like traffic triage and isolating vulnerable application traffic.
Using Nmap and Metasploit, the presenter demonstrates how to scan a target system using Nmap to identify open ports and operating system. Potential exploits are then searched for in CVE and executed using Metasploit, gaining shell access on the target. Alternatively, Nmap data can be imported into a Metasploit database to automatically attempt exploitation based on opened ports.
This presentation gives overview or our Ganeti deployment
There is related YouTube playlist (in Croatian) with presentations https://www.youtube.com/playlist?list=PLDMnMa3XBHD_K6Rl2FBe2CC-MS6mdTOrJ
IKE (Internet Key Exchange) is used to establish secure authentication and encryption keys between VPN peers to enable IPsec VPN tunnels. It uses a two-phase process, with phase 1 establishing an IKE security association to protect phase 2 negotiations, which are used to establish actual IPsec security associations. Main mode and aggressive mode differ in the number of message exchanges used, with main mode being more secure. IPsec provides confidentiality, integrity, and authentication for IP packets, while GRE is used to encapsulate non-IP traffic into IP tunnels without these security services. SSL/TLS is an application-layer protocol that operates above TCP, while IPsec is a network-layer protocol that can operate in transport mode above TCP or tunnel mode
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionJakub Słociński
The document discusses the growing issue of DDoS (Distributed Denial of Service) attacks affecting online esports. It notes that DDoS attacks aim to overload servers and make online services unavailable, which can disrupt important esports tournaments. While some basic prevention steps can help individual players, large esports events often require working with security specialists and dedicated anti-DDoS protection services to mitigate attacks. Proper anti-DDoS solutions need to filter malicious traffic while minimizing latency and reliably supporting the high-bandwidth and low-latency needs of competitive online gaming. Without adequate protection, DDoS attacks can negatively impact player experiences and hurt the esports industry.
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...RootedCON
This document provides an outline and overview of a presentation on DNSSEC (Domain Name System Security Extensions). The summary includes:
1) The presentation covers DNSSEC zone signing, statistics on DNSSEC adoption rates, recent DNS hijacking attacks aided by lack of DNSSEC, and practical examples of signing DNS zones with different registrars.
2) It discusses how DNSSEC helps protect against spoofing and cache poisoning attacks by providing authentication and integrity for DNS responses. However, DNSSEC is not enough on its own and secure administration of DNS infrastructure is also important.
3) Examples are given showing different levels of customization and control available when signing zones with different registrars, from a simple one-click activation to
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)PROIDEA
More and more poorly designed devices are connected to Internet, often without basic security options such as changing password, or firmware updates [sic!]. Many of them are based on well-known SoC, such as Atheros AR9331, Ralink RT5350, or other popular chipsets. Have you ever wondered how to regain control over hardware *you* own? Prepare soldering iron and serial console and learn how to physically hack into embedded device. Tamper with bootloader to modify system. Extract and analyze firmware on various architectures. Eventually, flash device with customized OpenWrt build and modify hardware (eg. add sensors, buttons, LCD screen or USB port).
This talk will take us back to 2006 to understand the world of software development back then, and to realize how much it has changed, for the best or, in some cases unfortunately, for the worst.
Enable DPDK and SR-IOV for containerized virtual network functions with zunheut2008
Zun is an OpenStack service that manages containers as first-class resources without relying on virtual machines. The document discusses enabling DPDK and SR-IOV support in Zun to accelerate containerized network functions (NFV). It outlines challenges in using containers for NFV and how Zun addresses gaps. Benchmark tests show containers leveraging DPDK and SR-IOV through Zun can achieve near-physical server performance for networking workloads.
This document discusses the development of an IPv6 plugin for the Snort intrusion detection system. It provides context on IPv6 security issues and attacks. It then describes how the plugin was implemented to add IPv6-specific rule options and decode/process IPv6 traffic. A neighbor discovery preprocessor was also created to monitor network changes using ICMPv6 messages. The plugin allows Snort to better detect IPv6 attacks and anomalies.
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
The document provides instructions on how to configure an SSH server on Linux, perform footprinting and reconnaissance, scanning tools and techniques, enumeration tools and techniques, password cracking techniques and tools, privilege escalation methods, and keylogging and hidden file techniques. It discusses active and passive footprinting, Nmap port scanning, NetBIOS and SNMP enumeration, Windows password hashes, the sticky keys method for privilege escalation, ActualSpy keylogging software, and hiding files using NTFS alternate data streams. Countermeasures for many of these techniques are also outlined.
This document provides a summary of a DNS tutorial presented at IETF-63 by Ólafur Guðmundsson and Peter Koch. The tutorial covered the basics of DNS, including its data model, terminology, operations, record types, protocol, and some historical problems and solutions. It aimed to give attendees a high-level understanding of DNS to facilitate new uses, rather than providing software help or detailed protocol information.
This document provides an overview of the Domain Name System (DNS) including key concepts like root name servers, top level domains, name server records, DNS records like A, MX, CNAME, TXT, SRV and PTR records. It discusses DNS configuration files, caching servers, DNS lookups, zone transfers between name servers and round robin DNS. Examples are given for various DNS record types. Useful DNS tools and links are also listed.
The document provides an overview of disk forensics concepts and tools used for analyzing disk images. It discusses locating the NTFS partition, inspecting the master boot record and partition table. It also covers the NTFS file system structures like the master file table, file attributes, alternate data streams, and methods for recovering deleted files. Timestamp analysis and registry forensics are also briefly introduced. Various forensic tools like The Sleuth Kit, Autopsy, and samdump2 are demonstrated.
This document summarizes research conducted by OpenDNS on catching malware using DNS and IP data. It describes how OpenDNS analyzed DNS records to track fast flux botnets, crimeware command and control infrastructure, and phishing domains. Visualization techniques were used to create graphs of the relationships between domains and IP addresses over time. This research enabled OpenDNS to detect and block new strains of malware.
My Presentation from the ILUG 2010 Belfast conference.
Here the Abstract: "Come to this session to learn on real examples how to read and understand those NSD files that can give you so mush information for troubleshooting and debugging your Domino Servers, Notes Clients and even your Applications. You will learn how to find what files and documents has been open, what agents has been running and how much memory was available, as the last crash occurred. You will also see all kinds of tips and tricks around the system diagnostics, that will allow you to troubleshoot problems faster and more effective. "
In this training session, two leading security experts review how adversaries use DNS to achieve their mission, how to use DNS data as a starting point for launching an investigation, the data science behind automated detection of DNS-based malicious techniques and how DNS tunneling and DGA machine learning algorithms work.
Watch the presentation with audio here: http://info.sqrrl.com/leveraging-dns-for-proactive-investigations
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
The document provides an overview of DNS history and requirements for maintaining a DNS infrastructure. It discusses how DNS has evolved since 1983 to support features like load balancing, geobalancing, failover, and security protocols. When choosing a DNS software product or service provider, key considerations include scalability, supported features, dynamic configuration, failover capabilities, and protection against DDoS attacks. Maintaining DNS with multiple service providers can improve performance and reliability compared to a single provider.
A contemporary network service heavily depends on domain name system operating normally. Yet, often issues and caveats of typical DNS setup are being overlooked. DNS (like BGP before) is expected to "just work" everywhere, however, just as BGP, this is a complex protocol and a complex solution where a lot of things could go wrong in multiple ways under different circumstances. This talk is supposed to provide some assistance both in maintaining your own DNS infrastructure and in relying on service providers doing this.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
The document discusses 5 key things to know about administering MongoDB: 1) Understanding MongoDB's architecture and memory usage, 2) Protecting data through replication and deployment strategies, 3) Scaling writes and reads using sharding, 4) Monitoring MongoDB performance using tools like MMS, and 5) Backing up and restoring data with tools like mongodump/mongorestore. It provides examples and explanations of useful commands for tasks like replication, sharding, and monitoring MongoDB deployments.
Dns protocol design attacks and securityMichael Earls
The document discusses DNS security and attacks such as cache poisoning, denial of service attacks through query flooding, and man-in-the-middle attacks through DNS hijacking. It provides examples using tools like dnsFlood.pl and dnshijacker to demonstrate these attacks, and recommends mitigations like restricting queries, preventing unauthorized zone transfers, using DNSSEC, and configuring TSIG to secure DNS messages.
(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53Amazon Web Services
In this session, we show you how to use Amazon Route 53 to consolidate your DNS data and manage it centrally. Learn how to use Amazon Route 53 for public DNS and for private DNS in VPC, and also learn how to combine Amazon Route 53 private DNS with your own DNS infrastructure.
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)PROIDEA
Passive DNS (pDNS) have been utilized by threat researchers for several years and allow us to gather information on domain usage worldwide. Since data fidelity varies depending upon the scope, timeline, and vantage point of sensor networks, pDNS visibility provides a multitude of different and exciting results for analysts to review. In this presentation we will quickly recap DNS and pDNS, review different approaches to detecting phishing using pDNS and focus on demonstrating different heuristics and operational procedures that can help increase actual detection while minimizing false positives.
The document discusses Oracle RAC and Docker, including why Oracle would be used in containers, considerations for using Oracle RAC in containers, how containers and virtual networks work, preparing storage, images, and networking for Oracle RAC containers, and how to configure Oracle Grid Infrastructure in Docker containers. Key points include reducing resources and time through containers, challenges of shared-nothing architecture and privileged access in containers, and steps to configure storage, virtual networking, and Oracle software in images before deploying Oracle RAC containers.
Deploying secure backup on to the CloudLahav Savir
This document discusses deploying secure backups to the cloud using a simple solution that syncs data from on-premises or cloud storage to other cloud storage locations. The proposed solution uses a Linux appliance with rsync, s3cmd, and traffic control tools to back up file servers, databases, and large S3 buckets. It allows controlling bandwidth, monitoring backups, and restoring data without impacting existing infrastructure or requiring additional hardware.
Working with Delimited Data in Apache Drill 1.6.0Vince Gonzalez
This presentation is a tutorial on using Apache Drill 1.6.0 to query delimited data, such as in the CSV or TSV formats. This was presented in a workshop format, and I'm available to present this to your team as well.
The tutorial covers typical steps taken on the way to using Drill to make delimited data visible to BI tools, such as Qlik Sense, which I use for the visualizations in the slides.
MapR provides professional support for Apache Drill, please contact me if you're interested in learning more!
This document is a presentation on hacking techniques given by Martin G. Nystrom from Cisco Systems. It outlines methods for footprinting targets on the internet, hacking Windows systems, hacking Unix/Linux systems, and hacking networks. For Windows, it discusses scanning, enumeration, penetration, privilege escalation, pillaging systems, gaining interactive access, and expanding influence. For Unix/Linux, it outlines discovering the landscape, enumerating systems, attacking remotely and locally, and gaining privileges beyond root. It also discusses vulnerabilities in networks and dealing with firewalls.
Urlcrazy is a tool that generates and tests URLs to discover hidden or missing pages on a target website. It takes a seed URL or domain as input and recursively expands it to find additional subdomains and paths. Some key features include discovering directories, files, subdomains, and URLs with modified parameters through techniques like directory bruteforcing, file extension guessing, and parameter tampering.
The document discusses best practices for deploying MongoDB including sizing hardware with sufficient memory, CPU and I/O; using an appropriate operating system and filesystem; installing and upgrading MongoDB; ensuring durability with replication and backups; implementing security, monitoring performance with tools, and considerations for deploying on Amazon EC2.
Similar to Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS will be your friend [RootedCON 2011] (20)
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRootedCON
Este documento presenta la plataforma SecAP, la cual automatiza las tareas de pentesting de una manera inteligente y autónoma. SecAP funciona como una suite de herramientas que incluye conectores, lanzadores, analizadores y una API REST. Coordina el proceso de pentesting al almacenar los activos descubiertos, lanzar las herramientas apropiadas, analizar los resultados y continuar la auditoría de forma autónoma. El documento describe la arquitectura, componentes, flujo de trabajo y ventajas de SecAP,
Este documento describe una investigación sobre la identificación y evasión de entornos de análisis sandbox. Los investigadores desarrollaron artefactos para recopilar información de varias sandbox y analizar su seguridad. Encontraron que algunas sandbox no ocultan bien su naturaleza y que es posible acceder a archivos de configuración. También pudieron identificar a los propietarios de algunas sandbox mediante vulnerabilidades de XSS. Concluyen que es posible obtener inteligencia sobre cómo funcionan las sandbox y evadir su detección.
Este documento describe una herramienta de correlación de procesos Sysmon que monitorea el comportamiento de procesos en un sistema para detectar actividad maliciosa. La herramienta incluye un motor de línea base que establece el comportamiento normal de procesos clave y un motor de jerarquía que detecta anomalías en la relación entre procesos padre e hijo. La herramienta puede usarse para cazar malware avanzado que opera en memoria sin dejar rastros en el disco.
El documento describe una propuesta para realizar auditorías de infraestructura de forma rápida y eficiente mediante la automatización y estandarización del proceso. Se propone crear un catálogo de estándares, componentes y controles de seguridad que puedan ejecutarse de forma automatizada para auditar sistemas, generar informes y validar el cumplimiento normativo.
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
This document discusses how software developers can be deceived through malicious software libraries uploaded to package managers. It describes how the researchers generated homograph variants of popular library names and uploaded them to PyPI and npm. Within a few hours hundreds of developers had installed the malicious libraries, demonstrating vulnerabilities in how developers and package managers prevent homograph attacks. The researchers then analyzed the results and issues recommendations to package managers on additional controls like rate limiting and mandatory user identification that could help prevent such attacks.
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...RootedCON
Este documento resume la legislación española e internacional sobre el whistleblowing o denuncia de irregularidades. Explica que las empresas están obligadas a disponer de canales internos de denuncia confidenciales y protegidos, y que los denunciantes no pueden sufrir represalias. La normativa incluye infracciones relacionadas con la ciberseguridad, como incidentes de seguridad y filtraciones de datos. Las empresas deben transponer estas directivas antes de 2021, aunque se concede más tiempo para pymes.
El documento presenta los resultados de un análisis de seguridad de plugins de WordPress. Se analizaron 84,508 plugins encontrando 1,775 vulnerables con 5,419 vulnerabilidades en total, predominando la inyección SQL. Se desarrolló una infraestructura llamada WordPressTerror para automatizar el análisis. Los resultados se informaron al equipo de seguridad de WordPress para notificar a los desarrolladores. El objetivo final es mejorar la seguridad de WordPress y sus plugins.
El documento presenta una charla sobre atacando comunicaciones de voz cifradas. Se discuten varios protocolos de cifrado como SIP, SRTP, ZRTP y Signal. Se explican sus características de seguridad y posibles ataques como interceptación de tráfico, suplantación de identidad y escucha de conversaciones. El objetivo es crear conciencia sobre la importancia de cifrar las comunicaciones para proteger la privacidad.
El documento describe un análisis forense de un rootkit llamado Necurs. Explica cómo el rootkit infecta sistemas ejecutando un dropper que instala un driver malicioso. El driver oculta procesos y archivos, y se comunica con procesos en modo usuario para inyectar código malicioso. Almacena información en el registro de Windows de forma cifrada.
Stefano Maccaglia is a Senior Principal Consultant at RSA who investigates cyber incidents. The document describes an investigation conducted at a government agency that discovered stolen data on an internal system. RSA found the system, called ASFOUR, had been compromised since August 2018. By analyzing logs and network traffic with RSA tools, they traced the activity to an adversary accessing ASFOUR and another system called HAKIMI. They also found evidence of two threat groups - Oilrig and Epic Turla. RSA helped the agency remediate by rebuilding compromised systems, resetting passwords, and removing unused accounts.
El documento describe un taller sobre análisis de binarios creados en GoLang. Explica quiénes son los presentadores, por qué es importante aprender sobre este nuevo lenguaje, las características de GoLang, ejemplos de malware creados en GoLang, y el proceso de generación y análisis de binarios de GoLang, incluyendo cómo recuperar los nombres de funciones y cadenas de caracteres en binarios strippeados. El taller concluye con un reto práctico de obtener un flag de un binario de muestra.
Este documento describe un ataque que utiliza una VPN para establecer un canal seguro con las víctimas, instalar persistencia a través de un archivo .reg, ejecutar scripts de forma remota y exfiltrar archivos. El ataque no requiere privilegios de administrador ni malware. Se utiliza una VPN para evadir detección e interceptar TLS a través de "man in the middle".
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...RootedCON
Este documento proporciona 10 recomendaciones para mejorar la seguridad de una red, como actualizar sistemas, implementar SPF y DKIM para el correo electrónico, prohibir macros, usar LAPS para contraseñas de administrador local, segmentar la red con VLAN, y realizar copias de seguridad fuera de la red. También recomienda eliminar protocolos obsoletos, auditar los permisos de Active Directory, y elevar los costos para los atacantes al interior de la red. El objetivo general es dificultar el acceso no autorizado
El documento discute brevemente varios incidentes cibernéticos atribuidos a China, incluidos ataques a OPM, Equifax y Anthem. También menciona unidades de amenazas avanzadas persistentes chinas como APT1 y Comment Crew. Explica conceptos como IOC, TTP y marcos como ATT&CK y CAPEC para analizar amenazas. Finalmente, proporciona numerosos enlaces a fuentes adicionales sobre ciberespionaje chino y otros temas relacionados.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Este documento discute el tema de la prueba tecnológica indiciaria en los procesos penales. En particular, analiza cuestiones como la distinción entre indicios y sospechas, la necesidad de una motivación detallada por parte del tribunal al valorar las pruebas, y los límites a la obtención ilícita de pruebas por parte de particulares.
Este documento presenta una introducción a Bluetooth Low Energy (BLE), incluyendo su historia, funcionamiento y vulnerabilidades. Explica conceptos clave como el emparejamiento, los canales y los tipos de paquetes. Luego describe varios ataques realizados contra dispositivos BLE, como trackers, cámaras y monopatines eléctricos. Finalmente, ofrece recomendaciones para fortalecer la seguridad de BLE a través del cifrado y mecanismos robustos de intercambio de claves.
Este documento describe un método para generar ejemplos adversarios (AE) que evadan detectores de malware basados en aprendizaje profundo. El método propuesto utiliza perturbaciones en las cabeceras de los archivos binarios y optimización mediante algoritmos genéticos para introducir cambios que eviten la detección sin afectar al comportamiento. Los resultados experimentales muestran que el enfoque alcanza tasas de evasión de hasta el 98.23% frente a MalConv, un detector de estado del arte.
El documento describe diferentes técnicas avanzadas de fuzzing como mutation scheduling, structure-aware fuzzing y domain-specific feedback. Explica cómo estas técnicas pueden ayudar a encontrar vulnerabilidades de forma más eficiente explorando el espacio de búsqueda de manera inteligente. También incluye ejemplos de vulnerabilidades encontradas mediante fuzzing como CVE-2020-9273 y CVE-2020-9365.
The document discusses the malware Emotet, which began in 2012 and has become one of the most prolific malware. It has evolved from a banking trojan to a spam botnet and loader for other malware like Trickbot and ransomware. The author details Emotet's infrastructure, modules, encryption methods, and kill chain. Emotet is successful due to its high-quality spam campaigns and ability to distribute other malware. It will likely continue growing its botnet and distributing more ransomware.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfTechgropse Pvt.Ltd.
In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
2. Francisco J. Gómez Rodríguez (ffranz@iniqua.com):
• Computer engineering (EUI-UPM)
• Security research (Telefonica R&D)
• dig ffranz.cmdns.h4ck.me TXT
Carlos Díaz Hidalgo (charlie@tid.es):
• Telecommunications Engineer (ETSITM-UPM)
• GPEN, GCIH, OPST, ITILF and CCNA.
• Technology Specialist in Ethical Hacking (Telefonica R&D)
• dig charlie.cmdns.h4ck.me TXT
3. • 01 Introduction
• 02 DNS in a nutshell
• 03 Our history
• Implementation
• Improvement
• 04 Real world
• 05 Results
4. • 01 Introduction
• 02 DNS in a nutshell
• 03 Our history
• Implementation
• Improvement
• 04 Real world
• 05 Results
5. 01 Malware on legitimate DNS
• Nowadays, many legitimate Web sites are
serving malware.
– But … Attacker must compromise the server first.
• Why couldn’t we do it differently?
– Using legitimate DNS caches.
– We can inject malware into caches without
needing to compromise them.
6. 01 Introduction
• Cloud Malware Distribution (CMD)
– An alternative method for malware distribution
using Cache DNS services.
• Why cloud?
– DNS service is one of the first cloud services.
• How?
– By using the protocol and the architecture.
7. 01 Break point (I)
1. GET resource
2. Process resource
3. GET payload
Torpig
4. Process payload
5. Update Bot
8. 01 Break point (II)
megasticks.ru/au.exe
HTTP GET file
9. • 01 Introduction
• 02 DNS in a nutshell
• 03 Our history
• Implementation
• Improvement
• 04 Real world
• 05 Results
10. 02 Architecture
• Hierarchical naming system.
• Globally deployed, universally employed.
• DNS traffic is usually allowed, even in the most
restrictive environments.
• Not inspected, …, as it should be.
• DNS is a key enabling technology for botnets.
13. 02 DNS caching
• DNS responses are cached:
– The authoritative server uses the TTL value to set
the "expiration date" for every record.
– Other queries may reuse some parts of the lookup
(quick response).
– Negative caching is useful.
• Although the source is gone, information
remains stored.
18. 02 DNS Protocol (II)
Resource Record Format • Labels 63 octets or less
Name www.fram.fr.am 255 octets • Names 255 octets or less
Type A 2 octets • TTL 32 bit number.
Class IN 2 octets
• UDP msg 512 octets or less
TTL 100 4 octets
RDLength 4 2 octets
Label
RDATA 192.168.1.10 255 octets
www.fram.fr.am
Name
24. 03 Encoding process
Segmented payload
• Compress (gz)
• Base32 Encode
• Split (RFC)
• Become a RR
en/decoder payload
(*)
Resource Record example
[SegmentedID] CNAME [base32EncodeLabel].[subdomain].[domain].[main]
m1-0.cmdns.fr.am. CNAME WQ4TOXMQP…N5VSHVOKUEGQ.cmdns.fr.am
25. 03 Loading process
Name server
Cache DNS ns1.afraid.org
2
Segment1
Segment2 cmdns.fr.am?
Segment3
… NS nscmd.fr.am
Segmentn
Uploader 1 cmdns.fr.am NS nscmd.fr.am
Force Malware Upload nscmd.fr.am A XX.XX.XX.XX
3
Segment1 -> qrjiqerkjqet.cmdns.fr.am ->
Segment2 -> ktqtr53xase.cmdns.fr.am ->
Segment3 -> gtsdmfzfzre.cmdns.fr.am ->
...
Segmentn -> 1.1.1.1 -> 1. Force upload
Malware DNS Auth. 2. Public NS resolution
nscmd.fr.am 3. Cache DNS store segments
26. 03 Downloading process
Intranet DNS
Corporate environment
Bot Bot Bot Bot
27. 03 DNS analysis, from where?
sign.io
Amsterdam, Holland
shellmix.com
Szczecin, Pólland
devio.us ADSL & 3G
Orlando, USA Madrid, Spain
Guayaquil, Ecuador
Thorough characterization
Basic tests
28. 03 DNS cache survey
• Different locations.
– IP anycast (DNS proxy):
• Different locations Different results.
• Different authoritative DNS.
– cmdns.mooo.com; cmdns.h4ck.me; cmdns.pocho.cl;
cmdns.fr.am; cmdns.m3th.org; cmdns.t28.net; Etc.
• Being patient (thorough characterization)
– It takes time to run two hundred thousand queries per
DNS cache and per location.
• In this study we undertook the task to obtain the
list of emitters behind each IP anycast.
36. 03 Theory Vs. Reality
• DNS pools:
– Load on each DNS in pool.
– Load on more than one DNS pool.
– Complex retry logic.
• Limited in corporative environments.
• Malware source must disappear before the
first download.
• Must use client default DNS settings.
37. 03 Improvement
• Need another way.
DNS
• Maybe can use three party
resources …
• … Use Cache DNS as authoritative server.
– Malware source can disappear.
– Completely asynchronous communication.
– Origin trace is little more difficult.
– Needed only one load process.
38. IMPORTANTE COMPAÑÍA ESPECIALIZADA EN DISTRIBUCIÓN DE
MALWARE SELECCIONA
SERVIDORES DNS (OPEN EMITTERS)
Se requiere:
• Accesibilidad a nivel mundial
• Admitir y resolver correctamente preguntas recursivas (funcionalidad open
resolver)
• Sin limitaciones a la hora de almacenar nuevos registros de cualquier tipo
(funcionalidad de caché)
• Experiencia en trabajar con TTL altos (mínimo 86.400 segundos)
• Capacidad para aceptar responsabilidades:
• Respondiendo a consultas no recursivas (+norecurse)
• Respondiendo con autoridad: Marcando las respuestas como autoritativas (bit
AA) independientemente del dominio por el que pregunten (tenga autoridad
sobre el o no)
• Se valorarán estabilidad y altas prestaciones
Interesados enviar dirección IP a cmd@iniqua.com
39. 03 Finding Nemo (I)
380.700
Open emitters
15.553.600
Speak the DNS protocol
11.920.500
Open resolvers
IPv4 addresses: 256⁴ = 4.294.967.296
IPv4 addresses routed on the Internet: 2.126.357.495
http://dns.measurement-factory.com/surveys/201010/
40. 03 Finding Nemo (II)
10,9 % name servers .com, .net & .org
Open emitters
13,4 million domains
90 million domains
8,6 million domains
41. 03 Free public DNS servers list
• DNS Benchmark
• namebench
• chaz6.com
42. 03 Searching for good emitters
February 2011 From Spain From USA
Queried hosts 10.406 10.406
Replying hosts 9.077 9.094
Open resolvers 6.941 7.028
Open emitters 5.243 5.175 5.214
Accept +norecurse
queries
5.075 5.005 5.047
TTL ≈ 604800 3.908 3.905 3.905
43. 03 Here they are, in all their glory
0 3600 43200 86400 604800 higher
0,24% 0,00% 0,34% 0,46%
20,98%
77,98%
Maximum TTL Value
44. 03 New process overview
Loading
Cache DNS
Anónimo
cmdns.pocho.cl FreeDNS
Coding Downloading
45. • 01 Introduction
• 02 DNS in a nutshell
• 03 Our history
• Implementation
• Improvement
• 04 Real world
• 05 Results
46. 04 Here and right now (I)
ns.deloitte.es (80.91.76.141)
- recursion is enabled
- open emitter
- DNS caché (TTL 86400 s)
- +norecurse (allowed)
ns2.deloitte.es (62.14.236.141)
- recursion is enabled
- open emitter
- no DNS caché (TTL 1 s)!!!!
ns1.informatica64.com (80.81.106.148)
- recursion is enabled
- open emitter
- DNS caché (TTL 86400 s)
- +norecurse (allowed)
ns2.informatica64.com (80.81.106.146)
- recursion is enabled
- open emitter
- DNS caché (TTL 86400 s)
- +norecurse (allowed)
47. 04 Here and right now (II)
• Analyzing 76 domains related to universities
with presence in Spain (188 different name
servers):
– 31 Authority Servers accept recursive queries
(open resolvers).
– 29 of then are DNS cache & open emitters.
• +norecurse allowed.
– TTL value for 23 is 604.800 seconds (86.400
seconds for the others six).
48. 04 Here and right now (III)
• Analyzing 131 domains related to banks with
presence in Spain (145 different name
servers):
– 32 Authority Servers accept recursive queries
(open resolvers).
– 21 of then are DNS cache & open emitters.
• +norecurse allowed.
– TTL value for 14 is 604.800 seconds (86.400 s for
6 and 172.800 s for the other one).
49. 04 PoC (I)
• Sample files (¬malware):
– nc (20.156 bytes)
– diff (100.324 bytes)
• Domain to be used: “cmdns.pocho.cl”
• Selected servers (TTL: 604.800 s):
– 2@7.#2%.9&.1~2
– 1@3.#3%.2&6.1~
• From 20th Feb to 26th Feb, 2011
50. 04 PoC (II)
File nc diff
Size 20.156 bytes 100.324 bytes
Queries needed 44 (2.24 queries/KB) 222 (2.27 queries/KB)
Upload time Spain
2@7.#2%.9&.1~2 33 s 2 min 27 s
1@3.#3%.2&6.~1 18 s 1 min 20 s
Download time (First time) Spain USA Spain USA
Google (8.8.8.8) 10 s 11 s 38 s 2 min 35s
Norton (198.153.192.1) 12 s 28 s 52 s 2 min 17s
OpenDNS (208.67.222.222) 25 s * 25 s * 1 min 29 s * 1 min 51s *
Intranet (X.X.X.X) 22 s * - 1 min 28 s * -
53. 04 Live demo (II)
Domains Selected servers TTL
to be used (Open Emitters) Seconds
cmdns.mooo.com 762f62ae2c76a38dd72b99a6ae37f30a 1@0.#1%.1&7.~ 604.800
0078171a2416bcee4df828cc78ae528f 2@2.#6.%4.&6
cmdns.m3th.org 44e6d578b35bed74f55137ff09893585
604.800
2@2.#6.%4.&7
02ac6ee35a976289cf97a42c19e36601 8@.8#.1%6.&46
cmdns.h4ck.me f630b5ddf62603ce51f3d41e827e7786
86.400
8@.8#.1%6.&48
cmdns.fr.am ca865b43a95b8a966cb6b892efc66a3e 2@7.#5.%2.& 604.800
cmdns.t28.net c8e4a7ccd5a5a517a1c96be336276e5c 1@5.#4%.2&8.~3 604.800
1e98caffee2952ad1fb15b195ad2b065 2@7.#2%.9. &6~
cmdns.pocho.cl 7b95b106ced43b91bd551b33ee1f00c8
604.800
1@3.#3%.2&6.~1
54. 04 Live demo (III)
• All domains were loaded 27th Feb on air
until 6th March.
– “cmdns.h4ck.me” was reloaded yesterday at 06:30
pm.
• TTL of:
– “8@.8#.1%6.&46”: 86.400 seconds.
– “8@.8#.1%6.&48”: 86.400 seconds.
• On air until this afternoon.
• Try it: dig m1-0.cmdns.pocho.cl A
55. 04 On air
File pbot.txt bot.exe
Uhmmm rate-limiting
Size
queries!!!!!! 23.140 bytes 152.064 bytes
Queries needed first 100 queries:21 (0.93 queries/KB)
The 32 s 636 (4.28 queries/KB)
Upload time 200 queries: 2 min 57 s Spain
300 queries: 7 min 29 s
8@.8#.1%6. &46 min 18 s
400 queries: 12 9s 2 min 34 s
8@.8#.1%6. &48 min 13 s
500 queries: 17 6s 2 min 41 s
600 queries: 22 min 14 s
Download time (First time) Spain Ecuador Spain Ecuador
Google (8.8.8.8) 9s 25 s 23 min 56 s * 25 min 14 s *
Norton (198.153.192.1) 12 s 22 s 6 min 51s 17 min 48 s
OpenDNS (208.67.222.222) 9 s ** 32 s ** 4 min 42 s ** 11 min 9 s **
Rooted CON (?.?.?.?) - -
57. • 01 Introduction
• 02 DNS in a nutshell
• 03 Our history
• Implementation
• Improvement
• 04 Real world
• 05 Results
58. 05 Results
• Public cache DNS:
– can be used as a platform to store and distribute
malware.
• DNS architecture:
– is available.
• Implementation:
– just do it.
• Survey Results:
– can be used to define countermeasures.