Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise.
We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.
In this talk, we discuss white box cryptography, a technique used to protect cryptographic keys from a local attacker. In keeping with the theme of building and breaking security, we will discuss the challenges involved in building a white-box crypto system.
This talk is about the creation of a new security tool, Red October. Red October can be used to enforce the two-person rule for access to critical data, helping keep company data protected from insider threats.
The security industry tends to be less open about the details of how their software works than other parts of the software industry. This project was created to tackle the practical challenges of traditional security compliance, but inspired by an open source mentality. By taking a vague set of regulatory requirements we devised a user-friendly tool that solves a broader problem that is an issue for many small organizations.
This talk will teach people about cryptography and division of responsibility in key management, a very important consideration when moving a business to the cloud. It will also help show where to draw the line between using existing cryptographic and security mechanisms, and building your own.
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
In today’s world, you may not know if the hardware you are running software on is secure or not. How can you ensure that, regardless of the hardware security, the software stays protected? CloudFlare’s systems engineer, Nick Sullivan shares advanced techniques on how to protect your server software. These techniques include anti-reverse engineering methods, secure key management and designing a system for renewal.
Two of the major concerns for serving information over the
internet are latency and security. Reducing latency improves
response times, making content delivery seem more
instantaneous and improving user experience. The most
common approach to improving security is TLS, where data is sent over an authenticated encryption tunnel between a server and a client. The Internet’s architecture and the physical realities of how networks are spread geographically can cause these two goals to be competitive. This talk introduces a model to deal with private key security in this situation.
Modern Reconnaissance Phase on APT - protection layerShakacon
This presentation will show how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. This talk will mainly focus on the usage of Office documents and watering hole attacks designed to establish if the target is the intended one (we will mention campaigns against political or military organizations). The techniques and the obfuscation put in place by these actors will be described in detail (techniques based on Macro, JavaScript, PowerShell, Flash or Python). At the end of the presentation, we will show different mitigations to help attendees protect their users.
Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise.
We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.
In this talk, we discuss white box cryptography, a technique used to protect cryptographic keys from a local attacker. In keeping with the theme of building and breaking security, we will discuss the challenges involved in building a white-box crypto system.
This talk is about the creation of a new security tool, Red October. Red October can be used to enforce the two-person rule for access to critical data, helping keep company data protected from insider threats.
The security industry tends to be less open about the details of how their software works than other parts of the software industry. This project was created to tackle the practical challenges of traditional security compliance, but inspired by an open source mentality. By taking a vague set of regulatory requirements we devised a user-friendly tool that solves a broader problem that is an issue for many small organizations.
This talk will teach people about cryptography and division of responsibility in key management, a very important consideration when moving a business to the cloud. It will also help show where to draw the line between using existing cryptographic and security mechanisms, and building your own.
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
In today’s world, you may not know if the hardware you are running software on is secure or not. How can you ensure that, regardless of the hardware security, the software stays protected? CloudFlare’s systems engineer, Nick Sullivan shares advanced techniques on how to protect your server software. These techniques include anti-reverse engineering methods, secure key management and designing a system for renewal.
Two of the major concerns for serving information over the
internet are latency and security. Reducing latency improves
response times, making content delivery seem more
instantaneous and improving user experience. The most
common approach to improving security is TLS, where data is sent over an authenticated encryption tunnel between a server and a client. The Internet’s architecture and the physical realities of how networks are spread geographically can cause these two goals to be competitive. This talk introduces a model to deal with private key security in this situation.
Modern Reconnaissance Phase on APT - protection layerShakacon
This presentation will show how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. This talk will mainly focus on the usage of Office documents and watering hole attacks designed to establish if the target is the intended one (we will mention campaigns against political or military organizations). The techniques and the obfuscation put in place by these actors will be described in detail (techniques based on Macro, JavaScript, PowerShell, Flash or Python). At the end of the presentation, we will show different mitigations to help attendees protect their users.
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Dock ir incident response in a containerized, immutable, continually deploy...Shakacon
Incident response is generally predicated on the ability to examine a system post-breach, pull memory dumps, file system artifacts, system logs, etc. But what happens when that system was part of a fleet of containers? How do you pull a memory dump from an ephemeral container? How do you do forensics when the container and the host that ran the container have been gone for days? Even assuming you catch an intrusion while it's ongoing, how do you respond effectively if you can't access the systems in question because they are read-only, no SSH access? Coinbase has spent the last year attacking these challenges in a AWS-based, immutable and fully containerized infrastructure that stores over a billion dollars of digital currency. Come see how we do it.
Scaling Push Messaging for Millions of Devices @NetflixC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2oA2uI5.
Susheel Aroskar talks about Zuul Push, a scalable push notification service that handles millions of "always-on" persistent connections from all the Netflix apps running. He covers the design of the Zuul Push server and reviews the design details of the back-end message routing infrastructure that lets any Netflix microservice push notifications to any connected client. Filmed at qconnewyork.com.
Susheel Aroskar works as a software engineer on the Cloud Gateway team at Netflix, which develops and operates Zuul, an API gateway that fronts all of the Netflix cloud traffic and handles more than 100 billion requests/day. Prior to Zuul, he worked on Netflix CDN's control plane in the cloud, which is responsible for steering more than a third of all North American peak evening internet traffic.
DOD 2016 - Kamil Szczygieł - Patching 100 OpenStack Compute Nodes with Zero-d...PROIDEA
YouTube: https://www.youtube.com/watch?v=OsgNn-D9KFc&index=15&list=PLnKL6-WWWE_VtIMfNLW3N3RGuCUcQkDMl
Undisclosed vulnerabilities are very serious threat to the cloud security. Once the flaw leaks to the public information, the risk of attacks increases dramatically. In our talk we will go through case study of patching 100 OpenStack compute nodes consisting of 4000 virtual machines with zero-day patch within 16 hours. We will talk about the challenges we have encountered, how we faced them and we will answer the most important question – did we make it within 16 hours.
Chuck McAuley, Ixia Communications
The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to become familiar with the structure, design, and weaknesses of Mirai and its variants. At this talk you'll learn how to detect members of the botnet, mess with them through various means and setup a safe live fire lab environment for your own amusement. I will demonstrate how to join a C2 server, how to collect new samples for study, and some changes that have occurred since release of the source code. By the end you'll be armed and ready to take the fight to these jerks. Unless you're a botnet operator. Then you'll learn about some of the mistakes you made.
Based on experience with hundreds of customers, here's a set of best practices for monitoring Kubernetes and monitoring your applications running inside docker containers.
Alex Dias: how to build a docker monitoring solution Outlyer
Alex will be talking about how docker container monitoring was built at Outlyer. He'll be diving into the details behind how you actually monitor everything in such an environment and the challenges that come with it. Namely, how the Docker API, Cgroups, and the Netlink Linux kernel interface can be leveraged to get specific metrics for each container.
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityEdgeUno
The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, by providing a much larger address space than that of its IPv4 counterpart, and is expected to be the successor of the original IPv4 protocol suite. It has already been deployed by most major content providers (including Google and Facebook) and many Internet Service Providers (ISPs). While the ultimate goal of IPv6 is virtually the same as that of IPv4 (moving packets across the Internet), the underlying mechanisms and technical details are significantly different, typically resulting in unexpected security and privacy implications. In this presentation, Fernando will cover the state of the art in everything ranging from IPv6 pentesting, to security controls and operational mitigations for IPv6 attacks, thus providing valuable information to red, blue, and purple teams.
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Dock ir incident response in a containerized, immutable, continually deploy...Shakacon
Incident response is generally predicated on the ability to examine a system post-breach, pull memory dumps, file system artifacts, system logs, etc. But what happens when that system was part of a fleet of containers? How do you pull a memory dump from an ephemeral container? How do you do forensics when the container and the host that ran the container have been gone for days? Even assuming you catch an intrusion while it's ongoing, how do you respond effectively if you can't access the systems in question because they are read-only, no SSH access? Coinbase has spent the last year attacking these challenges in a AWS-based, immutable and fully containerized infrastructure that stores over a billion dollars of digital currency. Come see how we do it.
Scaling Push Messaging for Millions of Devices @NetflixC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2oA2uI5.
Susheel Aroskar talks about Zuul Push, a scalable push notification service that handles millions of "always-on" persistent connections from all the Netflix apps running. He covers the design of the Zuul Push server and reviews the design details of the back-end message routing infrastructure that lets any Netflix microservice push notifications to any connected client. Filmed at qconnewyork.com.
Susheel Aroskar works as a software engineer on the Cloud Gateway team at Netflix, which develops and operates Zuul, an API gateway that fronts all of the Netflix cloud traffic and handles more than 100 billion requests/day. Prior to Zuul, he worked on Netflix CDN's control plane in the cloud, which is responsible for steering more than a third of all North American peak evening internet traffic.
DOD 2016 - Kamil Szczygieł - Patching 100 OpenStack Compute Nodes with Zero-d...PROIDEA
YouTube: https://www.youtube.com/watch?v=OsgNn-D9KFc&index=15&list=PLnKL6-WWWE_VtIMfNLW3N3RGuCUcQkDMl
Undisclosed vulnerabilities are very serious threat to the cloud security. Once the flaw leaks to the public information, the risk of attacks increases dramatically. In our talk we will go through case study of patching 100 OpenStack compute nodes consisting of 4000 virtual machines with zero-day patch within 16 hours. We will talk about the challenges we have encountered, how we faced them and we will answer the most important question – did we make it within 16 hours.
Chuck McAuley, Ixia Communications
The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to become familiar with the structure, design, and weaknesses of Mirai and its variants. At this talk you'll learn how to detect members of the botnet, mess with them through various means and setup a safe live fire lab environment for your own amusement. I will demonstrate how to join a C2 server, how to collect new samples for study, and some changes that have occurred since release of the source code. By the end you'll be armed and ready to take the fight to these jerks. Unless you're a botnet operator. Then you'll learn about some of the mistakes you made.
Based on experience with hundreds of customers, here's a set of best practices for monitoring Kubernetes and monitoring your applications running inside docker containers.
Alex Dias: how to build a docker monitoring solution Outlyer
Alex will be talking about how docker container monitoring was built at Outlyer. He'll be diving into the details behind how you actually monitor everything in such an environment and the challenges that come with it. Namely, how the Docker API, Cgroups, and the Netlink Linux kernel interface can be leveraged to get specific metrics for each container.
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityEdgeUno
The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, by providing a much larger address space than that of its IPv4 counterpart, and is expected to be the successor of the original IPv4 protocol suite. It has already been deployed by most major content providers (including Google and Facebook) and many Internet Service Providers (ISPs). While the ultimate goal of IPv6 is virtually the same as that of IPv4 (moving packets across the Internet), the underlying mechanisms and technical details are significantly different, typically resulting in unexpected security and privacy implications. In this presentation, Fernando will cover the state of the art in everything ranging from IPv6 pentesting, to security controls and operational mitigations for IPv6 attacks, thus providing valuable information to red, blue, and purple teams.
We are manufacturers and exporters of electronic and telecommunication equipment like GSM GPRS modem, industrial RF modules etc. These find wide application in telecommunications and mobile industries.
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding.
Panel of CASC members:
• Robin Alden- Comodo
• Jeremy Rowley- DigiCert
• Bruce Morton- Entrust
• Rick Andrews- Symantec
• Wayne Thayer- Go Daddy
Watch the recording: http://bit.ly/1jAQCtk
Do you understand how the Heartbleed bug works? This set of slides provides a simple explanation of the year's most critical Internet security flaw and explains how you can protect yourself.
Heartbleed, how it works, is it virus, how it check, smartphone hacked, how to protect, password hacked, man in the middle attack, server or client side attack, exploit code available,
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
Second presentation of my research into reverse engineering a TomTom Runner GPS watch. In this I explain how I got running code inside an unfamiliar device and proceeded to bypass its security measures and extract firmware keys and code from the device.
More details on my personal blog, at http://grangeia.io
Presented in October 2015 at "Confraria de Segurança da Informação" in Lisbon
This attack was made possible due to a programming vulnerability in OpenSSL libraries. The attack was discovered in 2014. It can help attackers steal very sensitive data like session Ids, cookies, etc.
New attack vectors for heartbleed: Enterprise wireless (and wired) networks.
This talk exposes a relatively obscure use of the heartbleed flaw: exploiting EAP-PEAP | EAP-TLS | EAP-TTLS network authentication protocols.
Update (02-06-2014): This blog post gives out more details and contains links to the cupid patch.
http://www.sysvalue.com/heartbleed-cupid-wireless/
The Heartbleed vulnerability was an information disclosure bug in OpenSSL unveiled to the world in April 2014. This talk will describe the impact of this bug on the Internet and CloudFlare's part in contributing to the research and education of the public about this issue.
Trick or XFLTReaT a.k.a. Tunnel All The ThingsBalazs Bucsay
XFLTReaT presentation from RuxCon 2017
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP type 0 or HTTPS TLS v1.2 with a special header, then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 33000ft on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. While we needed to use different tunnels and VPNs for different protocols in the past like OpenVPN for TCP and UDP, ptunnel for ICMP or iodined for DNS tunnelling, it changes now. After taking a look at these tools it was easy to see some commonality, all of them are doing the same things only the means of communication are different. We simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
Two years ago enabling your site with SSL was a simple affair, buy a certificate or create your own, install it, then just remember to renew it every couple of years. Then, suddenly security holes are being found in SSL virtually every month , popular browsers stop connecting to your site to protect themselves, and you’re continually being told your users data is at risk. In this session we will discuss how it all went wrong and can go wrong again, then go through each step of requesting, generating and deploying a 4096 SHA-2 certificate to use in a keyfile by Domino, IBM Connections, IBM Sametime and other WebSphere products. If you work with these IBM products and need to secure them with confidence this session will show you how!
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)Balazs Bucsay
XFLTReaT presentation from BruCON 0x09 2017
https://www.youtube.com/watch?v=0hnxgu8lkfc
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP type 0 or HTTPS TLS v1.2 with a special header, then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 33000ft on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. While we needed to use different tunnels and VPNs for different protocols in the past like OpenVPN for TCP and UDP, ptunnel for ICMP or iodined for DNS tunnelling, it changes now. After taking a look at these tools it was easy to see some commonality, all of them are doing the same things only the means of communication are different. We simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and offers the capability to the users to take care of only those things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP, RDP or SSH then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 12km on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. It will be show how to tunnel data over a Windows jumpbox utilising RDP (including the dirty low level "secrets") or how to exfiltrate data over ICMP from barely secured networks. We have simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)Balazs Bucsay
XFLTReaT presentation from Hack In The Box GSEC 2017
https://www.youtube.com/watch?v=6EU_RLb2YxI
XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP type 0 or HTTPS TLS v1.2 with a special header, then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 33000ft on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. While we needed to use different tunnels and VPNs for different protocols in the past like OpenVPN for TCP and UDP, ptunnel for ICMP or iodined for DNS tunnelling, it changes now. After taking a look at these tools it was easy to see some commonality, all of them are doing the same things only the means of communication are different. We simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
Bullet is an open sourced, lightweight, pluggable querying system for streaming data without a persistence layer implemented on top of Storm. It allows you to filter, project, and aggregate on data in transit. It includes a UI and WS. Instead of running queries on a finite set of data that arrived and was persisted or running a static query defined at the startup of the stream, our queries can be executed against an arbitrary set of data arriving after the query is submitted. In other words, it is a look-forward system.
Bullet is a multi-tenant system that scales independently of the data consumed and the number of simultaneous queries. Bullet is pluggable into any streaming data source. It can be configured to read from systems such as Storm, Kafka, Spark, Flume, etc. Bullet leverages Sketches to perform its aggregate operations such as distinct, count distinct, sum, count, min, max, and average.
An instance of Bullet is currently running at Yahoo against its user engagement data pipeline. We’ll highlight how it is powering internal use-cases such as web page and native app instrumentation validation. Finally, we’ll show a demo of Bullet and go over query performance numbers.
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...Aaron Zauner
Presented at hack.lu 2015.
Abstract—TLS is the most widely used cryptographic protocol on the Internet. While many recent studies focused on its use in HTTPS, none so far analyzed TLS usage in e-mail related protocols, which often carry highly sensitive information. Since end-to-end encryption mechanisms like PGP are seldomly used, today confidentiality in the e-mail ecosystem is mainly based on the encryption of the transport layer. A well-positioned attacker may be able to intercept plaintext passively and at global scale.
We collected and scanned a massive data-set of 20 million IP/port combinations of all related protocols (SMTP, POP3, IMAP) and legacy ports. Over a time span of approx. three months we conducted more than 10 billion TLS handshakes. Additionally, we show that securing server-to-server communication using e.g. SMTP is inherently more difficult than securing client-to- server communication. Lastly, we analyze the volatility of TLS certificates and trust anchors in the e-mail ecosystem and argue that while the overall trend points in the right direction, there are still many steps needed towards secure e-mail.
This presentation covers common cryptographic attacks, secure cryptographic implementation requirements, an overview of FIPS 140-2 and secure crypto implementation guidelines
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
Signing DNSSEC answers on the fly at the edge: challenges and solutions, by Jono Bergquist.
A presentation given at the APNIC 40 APOPS 2 session on Tue, 8 Sep 2015.
44CON 2014 - I Hunt TR-069 Admins: Pwning ISPs Like a Boss, Shahar Tal44CON
44CON 2014 - I Hunt TR-069 Admins: Pwning ISPs Like a Boss, Shahar Tal
Residential gateway (/SOHO router) exploitation is a rising trend in the security landscape - ever so often do we hear of yet another vulnerable device, with the occasional campaign targeted against specific versions of devices through independent scanning or Shodan dorking. We shine a bright light on TR-069/CWMP, the previously under-researched, de-facto CPE device management protocol, and specifically target ACS (Auto Configuration Server) software, whose pwnage can have devastating effects on critical amounts of users. These servers are, by design, in complete control of entire fleets of consumer premises devices, intended for use by ISPs and Telco providers. or nation-state adversaries, of course (sorry NSA, we know it was a cool attack vector with the best research-hours-to-mass-pwnage ratio). We investigate several TR-069 ACS platforms, and demonstrate multiple instances of poorly secured deployments, where we could have gained control over hundreds of thousands of devices. During the talk (pending patch availability), we will release exploits to vulnerabilities we discovered in ACS software, including RCEs on several platforms.
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)Balazs Bucsay
XFLTReaT presentation from DeepSec 2017
This presentation will sum up how to do tunnelling with different protocols and will feature different perspectives in detail. For example, companies are fighting hard to block exfiltration from their network: They use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. During this presentation we'll show you some mitigation and bypass techniques, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic, and it is also worth mentioning that the framework was designed to be easy to configure, use and develop.
In case there is a need to send packets over ICMP type 0 or HTTPS TLS v1.2 with a special header, then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 33000ft on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. While we needed to use different tunnels and VPNs for different protocols in the past, like OpenVPN for TCP and UDP, ptunnel for ICMP or iodined for DNS tunnelling, this changes now:
After taking a look at these tools it was easy to see some commonality. All of them are doing the same things only the means of communication are different. We simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, so there is no need for any low-level packet fu and hassle.
I guarantee that you won’t be disappointed with the tool and the talk, actually you will be an open-source tool richer.
In this talk, we discuss white box cryptography, a technique used to protect cryptographic keys from a local attacker. In keeping with the theme of building and breaking security, we will discuss the challenges involved in building a white-box crypto system.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
8. More like
• Do you use TLS heartbeats?
• What is a TLS heartbeat again?
• They’re stupid, you probably don’t need them. Consider turning them off.
• Ok, I’ll compile OpenSSL with -DOPENSSL_NO_HEARTBEATS
8
9. Then it happened
• April 7, 10:27 PDT — OpenSSL publishes advisory
• OpenSSL notification hit #1 on Hacker News
• CloudFlare releases standard “Customer sites are patched” blog post
9
12. Mass-media
• Codenomicon launches heartbleed.com with logo
• Heartbleed hits the mainstream press
• #heartbleedvirus trending on Twitter
• My mom calls me
12
23. Why is Heartbleed so dangerous?
23
• One request gets attacker server data
• Typically not logged — doesn’t leave a trace
• 1.5 million CloudFlare sites share memory
• Login session cookies
• SSL/TLS private keys(???)
25. What does the code say?
25
• Key allocated when process starts
• Copies of keys made at computation time
• OpenSSL bignum library clears allocated memory
• So on a single-threaded server, keys should be safe, right?
26. The CloudFlare Heartbleed challenge
• Let’s crowdsource an answer!
• Standard nginx on digital ocean with vulnerable OpenSSL
• Proof of private key by signing individualized message
26
35. How it was solved - RSA basics
• Two prime numbers P & Q
• Public key, including P x Q
• Finding P or Q can get you the private key
35
36. How it was solved
• Take every 128byte block
• Attempt to divide into public RSA key
• Coppersmith’s attack (only requires partial prime factor)
36
46. CRLSets are broken
• Single vendor control
• Only EV certs
• Updates when browser is updated
• None of 100,000+ certs were in CRLSets
• cloudflarechallenge.com was added manually
46