https://www.facebook.com/knysh.nikita - в фейсбук Никита Кныш
https://www.youtube.com/channel/UCqPLSzBDFquB27OjU_bJXog - на YouTube : hackyourmom
https://www.tiktok.com/@hackyourmom - TikTok HackYourMom
https://t.me/hackyourmom - Telegram HackYourMom
https://hackyourmom.com - сайт HackYourMom
Если канал забанят, то можете написать боту: @hackyourmom_reg_bot фразу:putin huilo прямо в чате и он даст ссылку на новый канал https://t.me/hackyourmom_reg_bot!
Taintgrind is a Valgrind tool that performs dynamic taint analysis by tracking tainted data through a program as it is executed. It can be used to perform reverse taint analysis to identify the origin of a crash by tainting the crashing instruction and tracking the taint backwards. Rtaint is a script that analyzes Taintgrind logs to produce graphs and slices showing the propagation of tainted values. Reverse taint analysis with these tools was able to determine the root cause for many crashes by tracing tainted inputs backwards from the crash site.
ハッカー入門 公開鍵で学ぶ、ものごとの裏側を考える技術 (Qiita Conference 2022登壇資料).pdfYuichiro Smith
QiitaConference 2022 の登壇資料です。
ハッカー入門:公開鍵で学ぶ、ものごとの裏側を考える技術
プログラムを書く人にとって誰もが憧れる「ハッカー」という響き。かの有名な How to become a hacker? のページにも、「ハッカー」とは自ら名乗るものではなく、他の人によって認められるものだ、というような記述がありますが、その本質を突き詰めていくと、「ハッカー」とは、普段使いでは意識しない、ものごとの裏側に気を配れる能力を持つ人のことだ、という持論を自分は持っています。このセッションでは、普段何気なく使っている(もしかしたら使っている認識すらないかもしれない)公開鍵の中身を徹底解剖することで「ハッカー」とは何かの一端をみんなで体験できる時間を創り上げたいと思います!
Going Serverless on AWS with Golang and SAMGeorge Tourkas
Intro to AWS Fully Managed (aka "Serverless") Services for Developers focusing on Lambda. Development Lifecycle (Code, Locally Run/Debug, Deploy) of Golang Lambda Handlers/Functions with SAM. Basic Performance and Cost analysis.
Taintgrind is a Valgrind tool that performs dynamic taint analysis by tracking tainted data through a program as it is executed. It can be used to perform reverse taint analysis to identify the origin of a crash by tainting the crashing instruction and tracking the taint backwards. Rtaint is a script that analyzes Taintgrind logs to produce graphs and slices showing the propagation of tainted values. Reverse taint analysis with these tools was able to determine the root cause for many crashes by tracing tainted inputs backwards from the crash site.
ハッカー入門 公開鍵で学ぶ、ものごとの裏側を考える技術 (Qiita Conference 2022登壇資料).pdfYuichiro Smith
QiitaConference 2022 の登壇資料です。
ハッカー入門:公開鍵で学ぶ、ものごとの裏側を考える技術
プログラムを書く人にとって誰もが憧れる「ハッカー」という響き。かの有名な How to become a hacker? のページにも、「ハッカー」とは自ら名乗るものではなく、他の人によって認められるものだ、というような記述がありますが、その本質を突き詰めていくと、「ハッカー」とは、普段使いでは意識しない、ものごとの裏側に気を配れる能力を持つ人のことだ、という持論を自分は持っています。このセッションでは、普段何気なく使っている(もしかしたら使っている認識すらないかもしれない)公開鍵の中身を徹底解剖することで「ハッカー」とは何かの一端をみんなで体験できる時間を創り上げたいと思います!
Going Serverless on AWS with Golang and SAMGeorge Tourkas
Intro to AWS Fully Managed (aka "Serverless") Services for Developers focusing on Lambda. Development Lifecycle (Code, Locally Run/Debug, Deploy) of Golang Lambda Handlers/Functions with SAM. Basic Performance and Cost analysis.
Wreaking Havok: an overview of Havok Physics in Unity – Unite Copenhagen 2019Unity Technologies
This session will provide an overview of the Havok Physics integration and workflows in Unity. Gain insight into how we've integrated the industry-leading Havok Physics system into Unity using our Data-Oriented Technology Stack (DOTS). These slides will cover the shared data layout of our physics engines, the performance and fidelity benefits of Havok Physics, and future development plans, as well as showcasing several examples from the Unity community that leverage these systems.
Speaker:
Steve Ewart - Havok
This document provides an overview of implementing the OSSEC HIDS (Host-based Intrusion Detection System). It discusses OSSEC's architecture, features like log analysis, integrity monitoring, rootkit detection, policy auditing and alerts. It also covers installing and configuring OSSEC servers and agents, as well as customizing configuration and rule files. Challenges of deploying OSSEC at large scale are also mentioned.
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
This document discusses insecure direct object references (IDOR), which occur when a developer exposes references like file or database keys without access control. This allows attackers to access unauthorized data by manipulating the references. The document provides examples of IDOR vulnerabilities found in Twitter, Oculus, Square, Zapier, and WordPress. It emphasizes having a generic access control model, using user IDs instead of numeric IDs, and thoroughly reviewing code to prevent IDOR issues.
The document discusses various techniques for monitoring and reporting in Asterisk, including logs, CDRs, queue logs, CEL, and AMI. It provides an overview and examples of each technique. The presentation was given by Nicolas Gudino at the 4K Conference in Buenos Aires in 2011.
Spark Autotuning Talk - Strata New YorkHolden Karau
This document discusses how to tune Apache Spark jobs for optimal performance. It begins with introductions of the presenters and an overview of what will be covered, including the most important Spark settings, using the auto tuner, examples of common errors that can be addressed by tuning, and collecting historical data. Examples are provided of how to address errors like out of memory issues by increasing resources or adjusting partitioning. While tuning can help with many issues, some problems like unnecessary shuffles or unbalanced data cannot be addressed without code changes.
The Functional Programming Triad of Map, Filter and FoldPhilip Schwarz
This slide deck is my homage to SICP, the book which first introduced me to the Functional Programming triad of map, filter and fold.
It was during my Computer Science degree that a fellow student gave me a copy of the first edition, not long after the book came out.
I have not yet come across a better introduction to these three functions.
The upcoming slides are closely based on the second edition of the book, a free online copy of which can be found here:
https://mitpress.mit.edu/sites/default/files/sicp/full-text/book/book.html.
Download for original image quality.
Errata:
slide 20: the Clojure map function is in fact the Scheme one repeated - see code below for correction.
Scheme code: https://github.com/philipschwarz/the-fp-triad-of-map-filter-and-fold-scheme
Clojure code: https://github.com/philipschwarz/the-fp-triad-of-map-filter-and-fold-clojure
Albion Online - A Cross-Platform MMO (Unite Europe 2016, Amsterdam)David Salz
Albion Online is a cross-platform sandbox MMO RPG game. This talk takes you behind the (technical) scenes. We will take a look at the structure of the server farm and its inner workings, the databases, the threading and message processing model and many other interesting implementation aspects. On the client side, Albion uses the well-known Unity game engine. The second part of the talk will describe how we use Unity (and which features we do not use, which is just as important!)
This document provides instructions for exploiting various web application vulnerabilities, including remote file inclusion (RFI), local file inclusion (LFI), SQL injection, and more. It begins by explaining RFI and how to exploit it, including using a null byte bypass. It then covers LFI and how to escalate it to remote code execution (RCE). Other sections discuss uploading shells via LFI and Firefox, exploiting vulnerabilities to download local files, full path disclosure, SQL injection techniques, and automatically uploading a shell via a phpThumb() command injection vulnerability. The document aims to serve as a tutorial for hackers to learn various web hacking methods.
"ElasticSearch in action" by Thijs Feryn.
ElasticSearch is a really powerful search engine, NoSQL database & analytics engine. It is fast, it scales and it's a child of the Cloud/BigData generation. This talk will show you how to get things done using ElasticSearch. The focus is on doing actual work, creating actual queries and achieving actual results. Topics that will be covered: - Filters and queries - Cluster, shard and index management - Data mapping - Analyzers and tokenizers - Aggregations - ElasticSearch as part of the ELK stack - Integration in your code.
Wreaking Havok: an overview of Havok Physics in Unity – Unite Copenhagen 2019Unity Technologies
This session will provide an overview of the Havok Physics integration and workflows in Unity. Gain insight into how we've integrated the industry-leading Havok Physics system into Unity using our Data-Oriented Technology Stack (DOTS). These slides will cover the shared data layout of our physics engines, the performance and fidelity benefits of Havok Physics, and future development plans, as well as showcasing several examples from the Unity community that leverage these systems.
Speaker:
Steve Ewart - Havok
This document provides an overview of implementing the OSSEC HIDS (Host-based Intrusion Detection System). It discusses OSSEC's architecture, features like log analysis, integrity monitoring, rootkit detection, policy auditing and alerts. It also covers installing and configuring OSSEC servers and agents, as well as customizing configuration and rule files. Challenges of deploying OSSEC at large scale are also mentioned.
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
This document discusses insecure direct object references (IDOR), which occur when a developer exposes references like file or database keys without access control. This allows attackers to access unauthorized data by manipulating the references. The document provides examples of IDOR vulnerabilities found in Twitter, Oculus, Square, Zapier, and WordPress. It emphasizes having a generic access control model, using user IDs instead of numeric IDs, and thoroughly reviewing code to prevent IDOR issues.
The document discusses various techniques for monitoring and reporting in Asterisk, including logs, CDRs, queue logs, CEL, and AMI. It provides an overview and examples of each technique. The presentation was given by Nicolas Gudino at the 4K Conference in Buenos Aires in 2011.
Spark Autotuning Talk - Strata New YorkHolden Karau
This document discusses how to tune Apache Spark jobs for optimal performance. It begins with introductions of the presenters and an overview of what will be covered, including the most important Spark settings, using the auto tuner, examples of common errors that can be addressed by tuning, and collecting historical data. Examples are provided of how to address errors like out of memory issues by increasing resources or adjusting partitioning. While tuning can help with many issues, some problems like unnecessary shuffles or unbalanced data cannot be addressed without code changes.
The Functional Programming Triad of Map, Filter and FoldPhilip Schwarz
This slide deck is my homage to SICP, the book which first introduced me to the Functional Programming triad of map, filter and fold.
It was during my Computer Science degree that a fellow student gave me a copy of the first edition, not long after the book came out.
I have not yet come across a better introduction to these three functions.
The upcoming slides are closely based on the second edition of the book, a free online copy of which can be found here:
https://mitpress.mit.edu/sites/default/files/sicp/full-text/book/book.html.
Download for original image quality.
Errata:
slide 20: the Clojure map function is in fact the Scheme one repeated - see code below for correction.
Scheme code: https://github.com/philipschwarz/the-fp-triad-of-map-filter-and-fold-scheme
Clojure code: https://github.com/philipschwarz/the-fp-triad-of-map-filter-and-fold-clojure
Albion Online - A Cross-Platform MMO (Unite Europe 2016, Amsterdam)David Salz
Albion Online is a cross-platform sandbox MMO RPG game. This talk takes you behind the (technical) scenes. We will take a look at the structure of the server farm and its inner workings, the databases, the threading and message processing model and many other interesting implementation aspects. On the client side, Albion uses the well-known Unity game engine. The second part of the talk will describe how we use Unity (and which features we do not use, which is just as important!)
This document provides instructions for exploiting various web application vulnerabilities, including remote file inclusion (RFI), local file inclusion (LFI), SQL injection, and more. It begins by explaining RFI and how to exploit it, including using a null byte bypass. It then covers LFI and how to escalate it to remote code execution (RCE). Other sections discuss uploading shells via LFI and Firefox, exploiting vulnerabilities to download local files, full path disclosure, SQL injection techniques, and automatically uploading a shell via a phpThumb() command injection vulnerability. The document aims to serve as a tutorial for hackers to learn various web hacking methods.
"ElasticSearch in action" by Thijs Feryn.
ElasticSearch is a really powerful search engine, NoSQL database & analytics engine. It is fast, it scales and it's a child of the Cloud/BigData generation. This talk will show you how to get things done using ElasticSearch. The focus is on doing actual work, creating actual queries and achieving actual results. Topics that will be covered: - Filters and queries - Cluster, shard and index management - Data mapping - Analyzers and tokenizers - Aggregations - ElasticSearch as part of the ELK stack - Integration in your code.
Ведущий: Владимир Иванов и Сергей Гордейчик
Эксперт ИТ и исследователь кибербезопасности поделятся своим взглядом на проблему современных целевых атак, спонсируемых государствами и криминальными группировками. Докладчики расскажут об эффективности существующих подходов к защите, о способах обхода песочницы, и о том, пора ли IDS и AV отправляться на свалку.
5 встреча Smolensk Computer Science Club
Презентация Анатолий Свириденкова про информационную безопасность
ВКонтакте: http://vk.com/scsc5
Видео (фрагмент): http://www.youtube.com/watch?v=YmORMZGFvgo
Автоматизация мониторинга социальных медиа - необходимая область знаний для маркетолога нового поколения. Инструментарий, особенности ручного и автоматического мониторинга - в презентации для фестиваля #404 2014 года.
Автоматизируйся или умри - доклад на #404festBrandSpotter
Автоматизируйся или умри - презентация о том, что новое поколение маркетологов должно владеть инструментарием по автоматизации мониторинга социальных медиа.
Как мониторинг соцмедиа помогает компаниям остаться на плаву, совершать меньше ошибок и лучше понимать потребителя.
Автоматизированные инструменты мониторинга соцмедиа могут круто повысить эффективность маркетинга и PR. Однако без маркетолога и аналитика, которые умеют правильно использовать инструмент и интерпретировать данные — эти данные становятся бесполезным балластом в работе маркетолога старой школы.
Множество компаний накапливают данные, не имея времени и ресурсов их интерпретировать. Вкладываешься в инструмент — вкладывайся и в сотрудника с нужными спецификациями.
Что должны уметь и понимать в мониторинге соцмедиа современный маркетолог, пиарщик и стратег, чтобы не быть сброшенными с корабля современности.
Кейс-исследование «Чего хотят женщины».
http://2014.404fest.ru/reports/automate-or-die/
1. Важно:
Для лучшего усвоения материала будут применены:
1) Агрессивный стиль повествования, основанный на
социальном дарвинизме (когда слабых и глупых не
любят) Провокации и рассуждения “на грани”.
1) Аллего́ рия — художественное представление идей
посредством конкретного художественного образа или
диалога.
1) Гиперболизация — гипербола; преувеличение,
утрирование.
1) С целью противодействия разглашению информации с
ограниченным доступом хочу пояснить, что дальнейшая
презентацию основана только на личном опыте и
публично доступной информации, не связанной с
работой в СБУ. Все, изложенное в публикации, прошу
считать моим личным мнением.
2. Никита Кныш
hackcontrol.org
Как вычисляют по мобильному?
Идентификация телефона
1) https://ru.wikipedia.org/wiki/IMEI
1) https://ru.wikipedia.org/wiki/IMSI
1) https://en.wikipedia.org/wiki/SIM_card
5. Никита Кныш
hackcontrol.org Примеры логгеров и что они получат
Статистику переходов можно посмотреть тут: https://iplogger.org/logger/6tdrt42Hnhr7/
1) Если перейти по ссылке https://iplogger.org/2Hnhr7 то Вас переадресует на hackcontrol.org но все
Ваши данные сохраняться, чтоб Вы могли посмотреть как это работает, ссылку открывать лучше
с левого IP
6. Никита Кныш
hackcontrol.org Примеры логгеров через пиксель трекер
Детали: https://habr.com/ru/post/326070/
Веб маяк (в английском варианте «web beacon», или «1x1 pixel image») — это крошечная или прозрачная
картинка, которая встраивается в страницу или в E-mail и используется для отслеживания действий
пользователей. Открыл письмо = спалил адрес.
7. Никита Кныш
hackcontrol.org Защита от Трекинга ТОR + Отключение автозагрузки картинок в почте
Детали: https://habr.com/ru/post/326070/
https://www.torproject.org Выключите авто загрузку картинок на почте
8. Никита Кныш
hackcontrol.org Цифровые отпечатки через звуковую карту или видео карту
Детали: https://habr.com/ru/post/230679/ еще https://www.bizkit.ru/2018/03/14/5025/
https://github.com/Valve/fingerprintjs2.
https://clientjs.org/ В ней также используется
Canvas Fingerprint, но, похоже, нет WebGL
fingerpring.
WebGL fingerprint :
https://codepen.io/jon/pen/LLPKbz
10. Никита Кныш
hackcontrol.org
rutracker.org - там есть пиратские версии виртуалок, если лень покупать
Надеюсь теперь понятно почему для работы лучше использовать
вообще отдельный комп? Нет отдельного компа - не беда, используй
виртальный.
https://rutracker.org/forum/viewtopic.php?t=5902442 - для Mac
https://rutracker.org/forum/viewtopic.php?t=5942323 - для Windows
https://rutracker.org/forum/viewtopic.php?t=5948277 - для Linux
11. Никита Кныш
hackcontrol.org Плагины для браузера которые просто должны быть
Adblock :
https://chrome.google.com/webstore/detail/adblock-plus-free-ad-
bloc/cfhdojbkjhnklbpkdaibdccddilifddb?hl=ru
Ghostery
https://chrome.google.com/webstore/detail/ghostery-%E2%80%93-privacy-ad-
blo/mlomiejdfkolichcflejclcbmpeaniij?hl=ru
WebRTC
https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia
DuckDuckGo
https://chrome.google.com/webstore/detail/duckduckgo-privacy-
essent/bkdgflcldnnnapblkhphbgpggdiikppg
12. Никита Кныш
hackcontrol.org Плагины для браузера которые просто должны быть
HTTPS Everywhere
https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=ru
Click&Clean
https://chrome.google.com/webstore/detail/clickclean/ghgabhipcejejjmhhchfonmamedcbeod?hl=ru
WOT
https://chrome.google.com/webstore/detail/wot-website-security-
brow/bhmmomiinigofkjcapegjjndpbikblnp?hl=ru
13. Никита Кныш
hackcontrol.org
Браузер для мобильного
Google (Android)
https://play.google.com/store/apps/details?id=com.duckduckgo.mobile.an
droid&hl=ru&gl=US
TOR на (Android) https://www.torproject.org/download/#android
Apple (IOS)
https://apps.apple.com/us/app/duckduckgo-privacy-browser/id663592361
14. „Единственный путь стать умнее — играть с более сильным противником — 1899 г.“
„Об уме правителя первым делом судят по тому, каких людей он к себе приближает; если
это люди преданные и способные, то можно всегда быть уверенным в его мудрости, ибо он
умел распознать их способности и удержать их преданность. Если же они не таковы, то и о
государе заключат соответственно, ибо первую оплошность он уже совершил, выбрав
плохих помощников.“
1469—1527 Никколо Макиавелли
15. https://www.facebook.com/knysh.nikita - в фейсбук Никита Кныш
https://www.youtube.com/channel/UCqPLSzBDFquB27OjU_bJXog - на YouTube : hackyourmom
https://www.tiktok.com/@hackyourmom - TikTok HackYourMom
https://t.me/hackyourmom - Telegram HackYourMom
https://hackyourmom.com - сайт HackYourMom
Если канал забанят, то можете написать боту: @hackyourmom_reg_bot фразу:putin huilo
прямо в чате и он даст ссылку на новый канал https://t.me/hackyourmom_reg_bot!
ПОДПИШИСЬ!