This document describes Windows Credentials Editor (WCE), a tool that can dump and manipulate Windows logon session credentials from memory without requiring code injection. It discusses two implementation methods - using the authentication package API or directly reading LSASS process memory. The memory reading method is safer as it does not require running code in LSASS. It works by reversing the LSASS data structures to find logon sessions and credentials, then decrypting credentials using encryption keys and initialization vectors read from LSASS memory.
Windows 7 Jump Lists provide a history of items opened by applications to allow quick access through a taskbar menu. Jump Lists are stored in automaticDestinations-ms and customDestinations-ms files, recording hundreds of recent items in a structured storage format. These files can be investigated to determine a user's application activity, find deleted files, or show intent.
This document provides an overview of IntelliJ IDEA. It discusses what IntelliJ IDEA is, why it is useful, and how to optimize performance. Key features covered include code completion, navigation aids, refactoring tools, version control integration, support for frameworks like Maven and Hibernate, and plugins like JRebel for live editing. Performance tips include using solid state drives, allocating more memory, disabling unused plugins and antivirus scanning of workspaces.
Getting Started in Pentesting the Cloud: AzureBeau Bullock
Webcast Recording: https://www.youtube.com/watch?v=fCbVMWvncuw
Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are many similarities between traditional on-premises pentesting and cloud-based pentesting, the latter is an animal of its own. This webcast will attempt to clear up some of the fogginess around cloud-based pentesting, specific to Microsoft Azure environments, including Microsoft 365.
In order to adequately determine the attack surface, the appropriate coverage areas will be highlighted. Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges. Conditional access policies are great for defining different scenarios for how users can authenticate securely but can also be misconfigured. There are security protections for stopping certain password attacks but some of these can be bypassed. Ultimately, a methodology for testing Azure environments along with tools and techniques will be presented in this talk.
This document provides an overview of software testing, including definitions, types of testing, and the software testing lifecycle. It defines software testing as a method to assess software functionality. The key points covered are:
- Software testing ensures software does what it's intended to do and remains functional after changes.
- Types of testing include unit, integration, system, and regression testing.
- The software testing lifecycle includes planning, developing test cases, executing tests, and closing test cycles.
- Cloud testing can reduce regression testing time by using virtualized hardware and software services.
Youtube Link: https://youtu.be/d-KWz7euLlc
** Edureka Python Certification Training: https://www.edureka.co/data-science-python-certification-course **
This Edureka PPT on 'Robot Framework With Python' explains the various aspects of robot framework in python with a use case showing web testing using selenium library.
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
Unit Testing with NUnit introduces unit testing and the NUnit testing framework. It demonstrates writing basic tests for a method that finds the closest number in an array to a given input. The document emphasizes that unit testing leads to code that is easier to change and improve, as tests allow refactoring without breaking existing functionality. It also notes that code should be designed and structured to facilitate testing, and legacy code without tests is difficult to refactor safely.
The document provides an introduction to an Android development course focused on Kotlin. It discusses why Kotlin is the preferred language for Android development, highlighting that it is more concise, safer, and interoperable with Java compared to other languages. The course will cover Kotlin fundamentals like variables, data types, conditions, loops, functions, and classes. It will explore Kotlin features such as null safety, smart casts, and being more productive than Java. The learning plan for September to October 2021 includes an introduction to the Kotlin programming language and object-oriented programming concepts.
The document discusses the benefits of automation testing over manual testing. It notes that automation testing allows test cases to be run unattended and repeatedly, which saves time and effort compared to manual testing. Some key benefits mentioned include reducing costs through more efficient testing and freeing up testers to focus on other tasks rather than repetitive tests. The document also outlines topics that will be covered in more depth, such as details on the QuickTest Professional automation tool and how test suites can be set up and run for automated testing.
Windows 7 Jump Lists provide a history of items opened by applications to allow quick access through a taskbar menu. Jump Lists are stored in automaticDestinations-ms and customDestinations-ms files, recording hundreds of recent items in a structured storage format. These files can be investigated to determine a user's application activity, find deleted files, or show intent.
This document provides an overview of IntelliJ IDEA. It discusses what IntelliJ IDEA is, why it is useful, and how to optimize performance. Key features covered include code completion, navigation aids, refactoring tools, version control integration, support for frameworks like Maven and Hibernate, and plugins like JRebel for live editing. Performance tips include using solid state drives, allocating more memory, disabling unused plugins and antivirus scanning of workspaces.
Getting Started in Pentesting the Cloud: AzureBeau Bullock
Webcast Recording: https://www.youtube.com/watch?v=fCbVMWvncuw
Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are many similarities between traditional on-premises pentesting and cloud-based pentesting, the latter is an animal of its own. This webcast will attempt to clear up some of the fogginess around cloud-based pentesting, specific to Microsoft Azure environments, including Microsoft 365.
In order to adequately determine the attack surface, the appropriate coverage areas will be highlighted. Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges. Conditional access policies are great for defining different scenarios for how users can authenticate securely but can also be misconfigured. There are security protections for stopping certain password attacks but some of these can be bypassed. Ultimately, a methodology for testing Azure environments along with tools and techniques will be presented in this talk.
This document provides an overview of software testing, including definitions, types of testing, and the software testing lifecycle. It defines software testing as a method to assess software functionality. The key points covered are:
- Software testing ensures software does what it's intended to do and remains functional after changes.
- Types of testing include unit, integration, system, and regression testing.
- The software testing lifecycle includes planning, developing test cases, executing tests, and closing test cycles.
- Cloud testing can reduce regression testing time by using virtualized hardware and software services.
Youtube Link: https://youtu.be/d-KWz7euLlc
** Edureka Python Certification Training: https://www.edureka.co/data-science-python-certification-course **
This Edureka PPT on 'Robot Framework With Python' explains the various aspects of robot framework in python with a use case showing web testing using selenium library.
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
Unit Testing with NUnit introduces unit testing and the NUnit testing framework. It demonstrates writing basic tests for a method that finds the closest number in an array to a given input. The document emphasizes that unit testing leads to code that is easier to change and improve, as tests allow refactoring without breaking existing functionality. It also notes that code should be designed and structured to facilitate testing, and legacy code without tests is difficult to refactor safely.
The document provides an introduction to an Android development course focused on Kotlin. It discusses why Kotlin is the preferred language for Android development, highlighting that it is more concise, safer, and interoperable with Java compared to other languages. The course will cover Kotlin fundamentals like variables, data types, conditions, loops, functions, and classes. It will explore Kotlin features such as null safety, smart casts, and being more productive than Java. The learning plan for September to October 2021 includes an introduction to the Kotlin programming language and object-oriented programming concepts.
The document discusses the benefits of automation testing over manual testing. It notes that automation testing allows test cases to be run unattended and repeatedly, which saves time and effort compared to manual testing. Some key benefits mentioned include reducing costs through more efficient testing and freeing up testers to focus on other tasks rather than repetitive tests. The document also outlines topics that will be covered in more depth, such as details on the QuickTest Professional automation tool and how test suites can be set up and run for automated testing.
La programación es el acto de crear programas o aplicaciones mediante el desarrollo de un código fuente en un lenguaje de programación. Este código contiene instrucciones que el ordenador sigue para ejecutar tareas. Los lenguajes de programación permiten la comunicación entre el programador y el ordenador, y han evolucionado desde lenguajes máquina hasta lenguajes de alto nivel más complejos. La historia de la programación se inició con los primeros ordenadores y lenguajes como Fortran sentaron las bases para lenguajes posteriores.
This document discusses Clean Architecture principles and provides an overview of how to structure an application according to Clean Architecture. It describes how to organize the application into layers including the Domain layer containing business logic, the Application layer containing use cases, the Infrastructure layer containing external interfaces, and the Presentation layer containing user interfaces. Code samples and demos are provided to illustrate how to implement these layers and principles in an ASP.NET Core application. Key points emphasize making each layer independent and loosely coupled to external influences.
BDD Approach with Karate Framework in Service Testskloia
This document discusses using the Karate framework for behavior driven development (BDD) in service tests. It provides an overview of test approaches in software like test driven development, data driven development, acceptance test driven development and BDD. It also discusses what web services and web service testing are. The document then introduces the Karate framework, describing that it is open-source, supports mocks, performance and UI tests, and uses BDD. It provides an example of using Karate to test an LDAP authentication scenario and outlines Karate's capabilities like hooks, transforms, loops, authentication handling and more. The document concludes with a demo and Q&A contact details.
What is TestNG in Selenium? TestNG is a data driven framework that allows to group, prioritise and order your test case in the most convenient manner YOU descire. Let's see more about it.
How to do Cryptography right in Android Part TwoArash Ramez
Cryptography is an indispensable tool used to protect information in computing systems. It is used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at rest and data in motion. While extremely useful, cryptography is also highly brittle. The most secure cryptographic system can be rendered completely insecure by a single specification or programming error.to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs to show that a particular system satisfies the security properties attributed to it.
We often need to introduce certain plausible assumptions to push our security arguments through.
This presentation is about exactly that: constructing practical cryptosystems in android platform for which we can argue security under plausible assumptions.part one just covers fundamentals topics in cryptography world.
see videos :
https://www.youtube.com/playlist?list=PLT2xIm2X7W7j-arpnN90cuwBcNN_5L3AU
https://www.aparat.com/v/gtlHP
Automation testing material by Durgasoft,hyderabadDurga Prasad
The document discusses automation testing tools QuickTest Professional (QTP) and Unified Functional Testing (UFT). It provides an overview of QTP, describing its features such as scripting language, supported applications and browsers. The document also covers QTP concepts like object repository, object spy, standard classes and object methods.
Flutter is an open-source framework created by Google that allows developers to build mobile, web, and desktop applications from a single codebase. It uses its own widget library to construct user interfaces and offers features like hot reload that speeds up the development process. While Flutter apps are generally smaller in size than native apps, it faces some limitations on iOS and does not support certain platforms like Android TV. Overall, Flutter aims to make app development faster and more streamlined across multiple platforms.
1. In the era of mobile, OAuth 2.0 is the protocol of the choice. 2. However, RFC6749 is a framework and needs to be profiled appropriately for use cases.
3. FAPI WG @ OIDF is taking such task for Financial APIs and securing it using RFC7636, JWT Client Authentication/TLS Client Authentication, OpenID Connect, etc.
4. FAPI WG is collaborating with many stakeholders including financial institutions and fintech companies, etc.
5. Read only security profile going to OIDF votes.
6. Overview of the requirements for Read Only and Write Access security profiles are discussed.
This document provides an overview of pointers in C programming. It discusses seven rules for pointers, including that pointers are integer variables that store memory addresses, how to dereference and reference pointers, NULL pointers, and arithmetic operations on pointers. It also covers dynamic memory allocation using malloc, calloc, realloc, and free and different approaches to 2D arrays. Finally, it discusses function pointers and their uses, including as callback functions.
YouTube Link - https://youtu.be/CwLrdjgsJjU
** Selenium Certification Training
https://www.edureka.co/testing-with-selenium-webdriver **
This Edureka PPT on "Test Automation using Python" will provide you with detailed and comprehensive knowledge on selenium fundamentals. It will also guide you through Python concepts, how to locate elements in selenium using Python. This PPT will cover the following topics:
Introduction to Selenium
Why Python for Automation Testing?
Selenium and Python Binding
PyCharm for Python
Locators in Selenium
Demo - Automating Hotstar website
Selenium playlist: https://goo.gl/NmuzXE
Selenium Blog playlist: http://bit.ly/2B7C3QR
Software Testing Blog playlist: http://bit.ly/2UXwdJm
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Static testing involves examining a program's code and documentation without executing the code. It aims to improve quality by finding errors early. Techniques include informal reviews with minimal documentation; formal reviews following steps like planning, preparation, and follow-up; technical reviews of specifications; walkthroughs where authors explain work; and inspections led by moderators. Static testing allows early feedback but cannot find runtime issues and is time-consuming.
Selenium is a powerful tool that manages web browsers by programs and automates browsers. It runs on all popular Operating System browsers, and its scripts are written in different languages, such as Python, Java, C#, Java etc.
** Software Testing Certification Courses: https://www.edureka.co/software-testi... **
This Edureka PPT on Types of Software Testing covers the various types of functional and non-functional testing. Below topics are covered in this PPT:
What is Software Testing
Why need Testing?
Software Testing Life Cycle
Types of Software Testing
Unit Testing
Integration Testing
System Testing
Interface Testing
Regression Testing
Acceptance Testing
Documentation Testing
Installation Testing
Performance Testing
Reliability Testing
Security Testing
Selenium playlist: https://goo.gl/NmuzXE
Selenium Blog playlist: http://bit.ly/2B7C3QR
Software Testing Blog playlist: http://bit.ly/2UXwdJm
This talk shares the various techniques I found whilst building the XSS cheat sheet. It contains auto executing vectors, AngularJS CSP bypasses and dangling markup attacks.
The document discusses Google Test, an open source unit testing framework for C++ that can also be used for testing C code, providing an overview of its features and how to implement unit tests using common patterns like test fixtures, assertions, and death tests to validate expected failures. It also covers best practices for writing effective unit tests, including keeping tests independent, focused, and fast-running.
While no more flights these days, I'd take you to a virtual and quick flight with Flutter to know what is Flutter, what is the language Flutter uses to write apps, what is best features in Flutter, how it increases your productivity and how it can take your app development process to the next level.
This document provides an introduction to using the Google Test framework for unit testing C++ code. It begins with an example of a simple test for a function called calc_isect. It then demonstrates how to add assertions to tests, use test fixtures to reduce duplicated setup code, and generate parameterized tests. The document also covers best practices for test organization, installing and using Google Test, and some key features like XML output and selecting subsets of tests. Overall, the document serves as a tutorial for getting started with the Google Test framework for writing and running unit tests in C++ projects.
Índice del libro "Hacking Web Technologies"Telefónica
Índice del libro "Hacking Web Technologies" de 0xWord, centrado en la explotación de vulnerabilidades en plataformas web. El libro está disponible a la venta en la siguiente URL: http://0xword.com/es/libros/81-hacking-web-technologies.html
The document discusses LDAP injection attacks and techniques for exploiting vulnerabilities in LDAP directory services. It describes how LDAP injections work similarly to SQL injections by manipulating LDAP query parameters. This allows attackers to alter queries and access unauthorized data. The document outlines different types of LDAP injections, such as AND, OR, and blind injections. It also discusses techniques for discovering directory information through data booleanization and charset reduction when only true/false responses are available. Finally, it recommends input filtering and limiting query syntax to help prevent LDAP injections.
La programación es el acto de crear programas o aplicaciones mediante el desarrollo de un código fuente en un lenguaje de programación. Este código contiene instrucciones que el ordenador sigue para ejecutar tareas. Los lenguajes de programación permiten la comunicación entre el programador y el ordenador, y han evolucionado desde lenguajes máquina hasta lenguajes de alto nivel más complejos. La historia de la programación se inició con los primeros ordenadores y lenguajes como Fortran sentaron las bases para lenguajes posteriores.
This document discusses Clean Architecture principles and provides an overview of how to structure an application according to Clean Architecture. It describes how to organize the application into layers including the Domain layer containing business logic, the Application layer containing use cases, the Infrastructure layer containing external interfaces, and the Presentation layer containing user interfaces. Code samples and demos are provided to illustrate how to implement these layers and principles in an ASP.NET Core application. Key points emphasize making each layer independent and loosely coupled to external influences.
BDD Approach with Karate Framework in Service Testskloia
This document discusses using the Karate framework for behavior driven development (BDD) in service tests. It provides an overview of test approaches in software like test driven development, data driven development, acceptance test driven development and BDD. It also discusses what web services and web service testing are. The document then introduces the Karate framework, describing that it is open-source, supports mocks, performance and UI tests, and uses BDD. It provides an example of using Karate to test an LDAP authentication scenario and outlines Karate's capabilities like hooks, transforms, loops, authentication handling and more. The document concludes with a demo and Q&A contact details.
What is TestNG in Selenium? TestNG is a data driven framework that allows to group, prioritise and order your test case in the most convenient manner YOU descire. Let's see more about it.
How to do Cryptography right in Android Part TwoArash Ramez
Cryptography is an indispensable tool used to protect information in computing systems. It is used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at rest and data in motion. While extremely useful, cryptography is also highly brittle. The most secure cryptographic system can be rendered completely insecure by a single specification or programming error.to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs to show that a particular system satisfies the security properties attributed to it.
We often need to introduce certain plausible assumptions to push our security arguments through.
This presentation is about exactly that: constructing practical cryptosystems in android platform for which we can argue security under plausible assumptions.part one just covers fundamentals topics in cryptography world.
see videos :
https://www.youtube.com/playlist?list=PLT2xIm2X7W7j-arpnN90cuwBcNN_5L3AU
https://www.aparat.com/v/gtlHP
Automation testing material by Durgasoft,hyderabadDurga Prasad
The document discusses automation testing tools QuickTest Professional (QTP) and Unified Functional Testing (UFT). It provides an overview of QTP, describing its features such as scripting language, supported applications and browsers. The document also covers QTP concepts like object repository, object spy, standard classes and object methods.
Flutter is an open-source framework created by Google that allows developers to build mobile, web, and desktop applications from a single codebase. It uses its own widget library to construct user interfaces and offers features like hot reload that speeds up the development process. While Flutter apps are generally smaller in size than native apps, it faces some limitations on iOS and does not support certain platforms like Android TV. Overall, Flutter aims to make app development faster and more streamlined across multiple platforms.
1. In the era of mobile, OAuth 2.0 is the protocol of the choice. 2. However, RFC6749 is a framework and needs to be profiled appropriately for use cases.
3. FAPI WG @ OIDF is taking such task for Financial APIs and securing it using RFC7636, JWT Client Authentication/TLS Client Authentication, OpenID Connect, etc.
4. FAPI WG is collaborating with many stakeholders including financial institutions and fintech companies, etc.
5. Read only security profile going to OIDF votes.
6. Overview of the requirements for Read Only and Write Access security profiles are discussed.
This document provides an overview of pointers in C programming. It discusses seven rules for pointers, including that pointers are integer variables that store memory addresses, how to dereference and reference pointers, NULL pointers, and arithmetic operations on pointers. It also covers dynamic memory allocation using malloc, calloc, realloc, and free and different approaches to 2D arrays. Finally, it discusses function pointers and their uses, including as callback functions.
YouTube Link - https://youtu.be/CwLrdjgsJjU
** Selenium Certification Training
https://www.edureka.co/testing-with-selenium-webdriver **
This Edureka PPT on "Test Automation using Python" will provide you with detailed and comprehensive knowledge on selenium fundamentals. It will also guide you through Python concepts, how to locate elements in selenium using Python. This PPT will cover the following topics:
Introduction to Selenium
Why Python for Automation Testing?
Selenium and Python Binding
PyCharm for Python
Locators in Selenium
Demo - Automating Hotstar website
Selenium playlist: https://goo.gl/NmuzXE
Selenium Blog playlist: http://bit.ly/2B7C3QR
Software Testing Blog playlist: http://bit.ly/2UXwdJm
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Static testing involves examining a program's code and documentation without executing the code. It aims to improve quality by finding errors early. Techniques include informal reviews with minimal documentation; formal reviews following steps like planning, preparation, and follow-up; technical reviews of specifications; walkthroughs where authors explain work; and inspections led by moderators. Static testing allows early feedback but cannot find runtime issues and is time-consuming.
Selenium is a powerful tool that manages web browsers by programs and automates browsers. It runs on all popular Operating System browsers, and its scripts are written in different languages, such as Python, Java, C#, Java etc.
** Software Testing Certification Courses: https://www.edureka.co/software-testi... **
This Edureka PPT on Types of Software Testing covers the various types of functional and non-functional testing. Below topics are covered in this PPT:
What is Software Testing
Why need Testing?
Software Testing Life Cycle
Types of Software Testing
Unit Testing
Integration Testing
System Testing
Interface Testing
Regression Testing
Acceptance Testing
Documentation Testing
Installation Testing
Performance Testing
Reliability Testing
Security Testing
Selenium playlist: https://goo.gl/NmuzXE
Selenium Blog playlist: http://bit.ly/2B7C3QR
Software Testing Blog playlist: http://bit.ly/2UXwdJm
This talk shares the various techniques I found whilst building the XSS cheat sheet. It contains auto executing vectors, AngularJS CSP bypasses and dangling markup attacks.
The document discusses Google Test, an open source unit testing framework for C++ that can also be used for testing C code, providing an overview of its features and how to implement unit tests using common patterns like test fixtures, assertions, and death tests to validate expected failures. It also covers best practices for writing effective unit tests, including keeping tests independent, focused, and fast-running.
While no more flights these days, I'd take you to a virtual and quick flight with Flutter to know what is Flutter, what is the language Flutter uses to write apps, what is best features in Flutter, how it increases your productivity and how it can take your app development process to the next level.
This document provides an introduction to using the Google Test framework for unit testing C++ code. It begins with an example of a simple test for a function called calc_isect. It then demonstrates how to add assertions to tests, use test fixtures to reduce duplicated setup code, and generate parameterized tests. The document also covers best practices for test organization, installing and using Google Test, and some key features like XML output and selecting subsets of tests. Overall, the document serves as a tutorial for getting started with the Google Test framework for writing and running unit tests in C++ projects.
Índice del libro "Hacking Web Technologies"Telefónica
Índice del libro "Hacking Web Technologies" de 0xWord, centrado en la explotación de vulnerabilidades en plataformas web. El libro está disponible a la venta en la siguiente URL: http://0xword.com/es/libros/81-hacking-web-technologies.html
The document discusses LDAP injection attacks and techniques for exploiting vulnerabilities in LDAP directory services. It describes how LDAP injections work similarly to SQL injections by manipulating LDAP query parameters. This allows attackers to alter queries and access unauthorized data. The document outlines different types of LDAP injections, such as AND, OR, and blind injections. It also discusses techniques for discovering directory information through data booleanization and charset reduction when only true/false responses are available. Finally, it recommends input filtering and limiting query syntax to help prevent LDAP injections.
DirtyTooth: It´s only Rock'n Roll but I like itTelefónica
The Bluetooth connection of iPhones with peripherals such as speakers, headphones or sound equipment imply risk for the user's privacy as these elements could extract private information from the iPhone, without the user being aware of it.
The hack or trick puts users privacy at risk. The iOS configuration does not notify the profile change and allows the execution of the functions and actions associated with the new profile, so that the users' data are at risk of being stolen by a potential attacker.
I this paper, there are information about how a DrityTooth Hack can be done. More info at http://www.dirtytooth.com
DirtyTooth: It´s only Rock'n Roll but I like it [Slides]Telefónica
Slides used by Chema Alonso at RootedCON 2017 to present DirtyTooth Hack. More info at:
- http://www.dirtytooth.com
- http://www.elladodelmal.com/2017/03/dirtytooth-hack-its-only-rockn-roll-but.html
Golden ticket, pass the ticket mi tm kerberos attacks explainedPeter Swedin
This document discusses Kerberos attacks and defenses against them. It describes how Kerberos single sign-on authentication works and some common attacks such as man-in-the-middle attacks, downgrade attacks, pass-the-ticket attacks, and creating a "golden ticket". It recommends ways to harden Kerberos security, such as using newer domain controllers, AES encryption, strict KDC validation, separate client networks, and changing the KRBTGT password regularly. Detecting pass-the-ticket attacks is difficult but a SIEM solution may help determine if tickets are being used inappropriately.
Índice del libro "Máxima Seguridad en WordPress" de la editorial 0xWord escrito por Daniel Martín Maldonado. La temática es la fortificación de plataformas WordPress. Más información del libro en: http://0xword.com/es/libros/84-maxima-seguridad-en-wordpress.html
Índice del libro "Infraestructuras Críticas y Sistemas Industriales: Auditor...Telefónica
Índice de libro de 0xWord "Infraestructuras críticas y sistemas industriales: Auditorias de seguridad y fortificación" en el que se muestra cómo realizar auditorías de seguridad a sistemas industriales, y cómo fortificarlos. Más información del libro en http://0xword.com/es/libros/85-infraestructuras-criticas-y-sistemas-industriales-auditorias-de-seguridad-y-fortificacion.html
Connection String Parameter Pollution AttacksChema Alonso
Paper about Connection String Attacks that focus in Connection String Parameter Pollution in Web Applications. Presented in Ekoparty 2009, Black Hat DC 2010 and Troopers 2010
Este documento proporciona instrucciones sobre cómo usar Google para encontrar páginas web vulnerables. Explica cómo usar operadores como "site:", "filetype:" e "inurl:" para filtrar los resultados de búsqueda. También describe técnicas como buscar mensajes de error comunes y carpetas sensibles que podrían contener información útil para la auditoría de seguridad o intrusión.
RamsonCloud O365: Paga por tus mensajes de correo en Office 365Telefónica
Este paper describe cómo podría ser la nueva generación de Ransomware en servicios en Cloud. Este artículo explica cómo robando un token OAuth se puede secuestrar todo el correo electrónico de la víctima.
Some dirty, quick and well-known tricks to hack your bad .NET WebAppsTelefónica
This document discusses various techniques that can be used to hack .NET web applications, including exploiting errors and messages, bypassing request filtering and web application firewalls, debugging features, view state disclosure, hidden controls, injection attacks like SQL and XPath injection, universal data link files, web services, connection string parameter pollution, and poor security hardening practices. It provides examples of using these techniques and encourages attendees to use their imagination to find other vulnerabilities.
Índice del libro Hacking iOS: iPhone & iPad (2ª Edición) de la editorial 0xWord centrado en mostrar las técnicas de hacking de estos dispositivos hasta la versión de iOS 10 o dispositivos iPhone 7. Tienes el libro disponible en: http://0xword.com/es/libros/39-libro-hacking-dispositivos-ios-iphone-ipad.html
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
Charla dada por Chema Alonso en Five Talks sobre cómo funciona la seguridad de iPhone. Más información y detalles en el libro Hacking iOS {iPhone & iPad} http://0xword.com/es/libros/39-libro-hacking-dispositivos-ios-iphone-ipad.html
Índice del libro de Windows Server 2016: Administración, Seguridad y OperacionesTelefónica
Contenidos del libro de 0xWord dedicado a Windows Server 2016 que está centrado en Administración, Seguridad y Operaciones. Más información en la web: http://0xword.com/es/libros/86-windows-server-2016-administracion-seguridad-y-operaciones.html
Codemotion ES 2014: Love Always Takes Care & HumilityChema Alonso
Talk delivered by Chema Alonso in Codemotion 2014 ES {Madrid}. It is about passwords, second factor authentication and Second Factor Authorization using Latch... with a Breaking Bad touch.
Este documento narra la visita de Yolanda al apartamento del narrador. Tras la interrupción de una llamada de Marcos pidiendo un favor urgente, el narrador se dispone a hackear una cuenta de correo a petición de su amigo mientras explica el proceso a Yolanda.
Libro Bitcoin: La tecnología Blockchain y su investigaciónTelefónica
Este capítulo introduce las criptomonedas como nuevos medios de pago digitales y explora su historia, nivel de adopción e implementaciones como Bitcoin y otros proyectos. Explica brevemente cómo está estructurado el libro para cubrir conceptos teóricos sobre Bitcoin, cómo obtener y almacenar bitcoins, investigaciones forenses sobre criptomonedas y el uso de herramientas como Elasticsearch para analizar datos de criptomonedas.
Servicio VPN con OpenVPN y Latch sobre Raspberry PiTelefónica
Trabajo de Fin de Máster de los alumnos de la Universidad Europea de Madrid Álvaro Núñez-Romero Casado, Javier José Pecete García, Alejandro Amorín Niño y Juan Antonio Baeza Miralles que describe cómo montar un servicio de VPNs personal sobre una Raspberry Pi usando OpenVPN y Latch.
El documento describe la evolución de la tecnología desde la Prehistoria hasta la Edad Contemporánea. En particular, se detalla el período del Paleolítico o Edad de Piedra, donde los primeros seres humanos desarrollaron primitivas técnicas de talla de piedra para fabricar utensilios que les permitieran cazar, cortar carne y protegerse, marcando así el inicio del desarrollo técnico humano.
Manual de integración de Latch en Mosquito MQTT BrokerTelefónica
Manual que describe cómo se integra y cómo funciona el sistema de seguridad Latch integrado con el proyecto Open Source Mosquito MQTT Broker para la gestión de dispositivos IoT para el hogar, los sistemas industriales y SCADA.
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menaceFelipe Prado
The document discusses various ways that authentication tokens can be abused to bypass security protections. It describes how some implementations of token parsing and signature verification are vulnerable to arbitrary code execution or information disclosure attacks due to inconsistencies in how signing keys and security tokens are resolved from token metadata. Specific attacks are demonstrated against Windows Communication Foundation, Windows Identity Foundation, and SharePoint Server due to differences in how key and token resolution are handled for signature verification versus token authentication.
This document provides an overview of lateral movement techniques in Windows systems using credentials. It discusses authentication methods like NTLM and Kerberos, how logon sessions and access tokens are created, and how an attacker can leverage pass-the-hash, pass-the-ticket, and other techniques to authenticate as other users without needing their passwords. It demonstrates how runas and other tools can be used to create new processes under a different user identity. The goal is to understand how credentials are handled in Windows and how an attacker can manipulate logon sessions and access tokens to perform lateral movement.
This document discusses SSL certificates, including their purpose for server/client authentication and secure data transfer. It covers the process of requesting, signing, installing and verifying certificates from both Certificate Authorities (CAs) and self-signing. The different types of SSL certificates - DV, OV and EV - are explained along with OpenSSL tools, certificate structure, chain of trust, trust stores, certificate pinning and free certificate options like Let's Encrypt.
- The document discusses securing Windows NT systems by reviewing the NT security architecture, known vulnerabilities, and methods for exploiting them. It provides guidance on hardening NT security through measures like reducing unnecessary services, restricting file and registry permissions, and enforcing stronger passwords. System administrators can assess their security posture using various scanning and auditing tools to detect vulnerabilities, non-compliant configurations, and potential security breaches.
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
- The document discusses remote operations and credential exposure during remote management. It highlights the use of various living off the land techniques like RPC, WMI, PSRemoting and RDP.
- It provides tips for preventing lateral movement without dedicated security products by leveraging configurations like LogonWorkstations to restrict where accounts can logon.
- The key takeaways are to embrace a living off the land mindset, be aware of credential exposure risks during remote operations, and that single configurations can be effective for preventing issues like lateral movement when properly configured and monitored.
Securing Microservices using Play and Akka HTTPRafal Gancarz
Going down the microservices route makes a lot of things around creating and maintaining large systems easier but it comes at a cost too, particularly associated with challenges around security. While securing monolithic applications was a relatively well understood area, the same can't be said about microservice based architectures.
This presentation covers how implementing microservices affects the security of distributed systems, outlines pros and cons of several standards and common practices and offers practical suggestions for securing microservice based systems using Play and Akka HTTP.
The document discusses best practices for securely implementing cryptography and discusses common cryptography algorithms and implementations such as hashing, symmetric encryption, asymmetric encryption, and password hashing. It emphasizes using proven implementations like those in Django and OpenSSL and enabling HTTPS to securely transmit data. The document also cautions that securely managing cryptographic keys is critical for encryption to provide security.
Keystone is the identity service for OpenStack. It handles authentication, authorization, and managing service catalogs and endpoints. Keystone provides a user directory and authentication mechanism for other OpenStack services to use. It supports user management, project/tenant isolation, role-based access control and token validation. Keystone uses pluggable backends like SQL, LDAP or Memcached to store user and credential data.
This document discusses certificate issuance and validation using PyOpenSSL. It provides code samples for issuing certificates by loading a certificate request, setting fields on the certificate object, and signing it with a CA private key. It also discusses setting extensions when issuing subordinate CA certificates and validation of certificates through certification path validation and signature validation of each certificate in the chain. Signature validation requires verifying the signature with the CA public key rather than using a single OpenSSL function.
Talk Venue: BSides Tampa 2020
Speakers: Mike Felch & Joff Thyer
This talk will focus on the many different ways that a penetration tester, or Red Teamer can leverage the Python programming language during offensive operations. Python is a rich and powerful programming language which above all else allows a competent developer to very quickly write new tools that might start as a Proof of Concept, but soon become an invaluable addition to the Red Teamer's tool-belt. Having the skills to both generate new tools, and modify existing tools on the fly is critically important to agility during testing engagement. Everything from utility processing of data, network protocol, API interaction, and exploit development can be rapidly developed due to the high functionality level and intuitive nature of Python.
Passbolt Introduction and Usage for secret managmentThierry Gayet
The document provides instructions on how to use the Passbolt command line interface tool to extract secrets from a Passbolt server. It explains how to install the go-passbolt-cli tool, lists available commands like get and create, and provides an example of using the tool to get help and specify required flags like --serverAddress, --userPassword, and --userPrivateKeyFile to authenticate and retrieve secrets.
Apache Shiro, a simple easy-to-use framework to enforce user security by Shiro PMC Chair and Stormpath CTO, Les Hazlewood.
http://shiro.apache.org
http://stormpath.com
Attackers can quietly move laterally within networks by first gaining initial access, such as through phishing, then using tools and techniques to discover and access other systems on the network. This includes using powershell to run code without touching disks, download payloads from remote systems, and inject shellcode. It also involves using tools like mimikatz to dump credentials and move access from one system to another to gain higher privileges. The goal is often to compromise domain controllers to access domain admin credentials and gain full control.
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
Codetainer is a browser-based sandbox for running Docker containers. It allows users to "try 'X' in your browser" for any X by running Docker containers in an isolated and programmable manner directly in the browser. Codetainer uses Docker APIs to launch and manage lightweight containers via a Go-based API server. Users can create and register Docker images, launch "codetainers" from those images, and interact with the codetainers through the browser via websockets, viewing terminals and sending keystrokes. Codetainer aims to provide a secure and flexible environment for use cases like tutorials, training, and remote management while addressing challenges around container introspection and security.
Rails security best practices involve defending at multiple layers including the network, operating system, web server, web application, and database. The document outlines numerous vulnerabilities at the web application layer such as information leaks, session hijacking, SQL injection, mass assignment, unscoped finds, cross-site scripting (XSS), cross-site request forgery (CSRF), and denial-of-service attacks. It provides recommendations to address each vulnerability through secure coding practices and configuration in Rails.
Attackers can laterally move within a network after gaining initial access to one system. Lateral movement involves using techniques like credential dumping, privilege escalation, and PowerShell to access additional systems on the network. Attackers aim to compromise high-value systems like domain controllers to gain domain administrator privileges and full network access. They leverage tools like Mimikatz to dump passwords, PowerShell Empire for remote access, and PowerSploit to automate common post-exploitation tasks during lateral movement. Monitoring PowerShell activity and patching vulnerabilities can help detect and prevent lateral movement.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
Similar to Hernan Ochoa - WCE Internals [RootedCON 2011] (20)
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRootedCON
Este documento presenta la plataforma SecAP, la cual automatiza las tareas de pentesting de una manera inteligente y autónoma. SecAP funciona como una suite de herramientas que incluye conectores, lanzadores, analizadores y una API REST. Coordina el proceso de pentesting al almacenar los activos descubiertos, lanzar las herramientas apropiadas, analizar los resultados y continuar la auditoría de forma autónoma. El documento describe la arquitectura, componentes, flujo de trabajo y ventajas de SecAP,
Este documento describe una investigación sobre la identificación y evasión de entornos de análisis sandbox. Los investigadores desarrollaron artefactos para recopilar información de varias sandbox y analizar su seguridad. Encontraron que algunas sandbox no ocultan bien su naturaleza y que es posible acceder a archivos de configuración. También pudieron identificar a los propietarios de algunas sandbox mediante vulnerabilidades de XSS. Concluyen que es posible obtener inteligencia sobre cómo funcionan las sandbox y evadir su detección.
Este documento describe una herramienta de correlación de procesos Sysmon que monitorea el comportamiento de procesos en un sistema para detectar actividad maliciosa. La herramienta incluye un motor de línea base que establece el comportamiento normal de procesos clave y un motor de jerarquía que detecta anomalías en la relación entre procesos padre e hijo. La herramienta puede usarse para cazar malware avanzado que opera en memoria sin dejar rastros en el disco.
El documento describe una propuesta para realizar auditorías de infraestructura de forma rápida y eficiente mediante la automatización y estandarización del proceso. Se propone crear un catálogo de estándares, componentes y controles de seguridad que puedan ejecutarse de forma automatizada para auditar sistemas, generar informes y validar el cumplimiento normativo.
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
This document discusses how software developers can be deceived through malicious software libraries uploaded to package managers. It describes how the researchers generated homograph variants of popular library names and uploaded them to PyPI and npm. Within a few hours hundreds of developers had installed the malicious libraries, demonstrating vulnerabilities in how developers and package managers prevent homograph attacks. The researchers then analyzed the results and issues recommendations to package managers on additional controls like rate limiting and mandatory user identification that could help prevent such attacks.
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...RootedCON
Este documento resume la legislación española e internacional sobre el whistleblowing o denuncia de irregularidades. Explica que las empresas están obligadas a disponer de canales internos de denuncia confidenciales y protegidos, y que los denunciantes no pueden sufrir represalias. La normativa incluye infracciones relacionadas con la ciberseguridad, como incidentes de seguridad y filtraciones de datos. Las empresas deben transponer estas directivas antes de 2021, aunque se concede más tiempo para pymes.
El documento presenta los resultados de un análisis de seguridad de plugins de WordPress. Se analizaron 84,508 plugins encontrando 1,775 vulnerables con 5,419 vulnerabilidades en total, predominando la inyección SQL. Se desarrolló una infraestructura llamada WordPressTerror para automatizar el análisis. Los resultados se informaron al equipo de seguridad de WordPress para notificar a los desarrolladores. El objetivo final es mejorar la seguridad de WordPress y sus plugins.
El documento presenta una charla sobre atacando comunicaciones de voz cifradas. Se discuten varios protocolos de cifrado como SIP, SRTP, ZRTP y Signal. Se explican sus características de seguridad y posibles ataques como interceptación de tráfico, suplantación de identidad y escucha de conversaciones. El objetivo es crear conciencia sobre la importancia de cifrar las comunicaciones para proteger la privacidad.
El documento describe un análisis forense de un rootkit llamado Necurs. Explica cómo el rootkit infecta sistemas ejecutando un dropper que instala un driver malicioso. El driver oculta procesos y archivos, y se comunica con procesos en modo usuario para inyectar código malicioso. Almacena información en el registro de Windows de forma cifrada.
Stefano Maccaglia is a Senior Principal Consultant at RSA who investigates cyber incidents. The document describes an investigation conducted at a government agency that discovered stolen data on an internal system. RSA found the system, called ASFOUR, had been compromised since August 2018. By analyzing logs and network traffic with RSA tools, they traced the activity to an adversary accessing ASFOUR and another system called HAKIMI. They also found evidence of two threat groups - Oilrig and Epic Turla. RSA helped the agency remediate by rebuilding compromised systems, resetting passwords, and removing unused accounts.
El documento describe un taller sobre análisis de binarios creados en GoLang. Explica quiénes son los presentadores, por qué es importante aprender sobre este nuevo lenguaje, las características de GoLang, ejemplos de malware creados en GoLang, y el proceso de generación y análisis de binarios de GoLang, incluyendo cómo recuperar los nombres de funciones y cadenas de caracteres en binarios strippeados. El taller concluye con un reto práctico de obtener un flag de un binario de muestra.
Este documento describe un ataque que utiliza una VPN para establecer un canal seguro con las víctimas, instalar persistencia a través de un archivo .reg, ejecutar scripts de forma remota y exfiltrar archivos. El ataque no requiere privilegios de administrador ni malware. Se utiliza una VPN para evadir detección e interceptar TLS a través de "man in the middle".
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...RootedCON
Este documento proporciona 10 recomendaciones para mejorar la seguridad de una red, como actualizar sistemas, implementar SPF y DKIM para el correo electrónico, prohibir macros, usar LAPS para contraseñas de administrador local, segmentar la red con VLAN, y realizar copias de seguridad fuera de la red. También recomienda eliminar protocolos obsoletos, auditar los permisos de Active Directory, y elevar los costos para los atacantes al interior de la red. El objetivo general es dificultar el acceso no autorizado
El documento discute brevemente varios incidentes cibernéticos atribuidos a China, incluidos ataques a OPM, Equifax y Anthem. También menciona unidades de amenazas avanzadas persistentes chinas como APT1 y Comment Crew. Explica conceptos como IOC, TTP y marcos como ATT&CK y CAPEC para analizar amenazas. Finalmente, proporciona numerosos enlaces a fuentes adicionales sobre ciberespionaje chino y otros temas relacionados.
The document describes a proof-of-concept malware called "evil mass storage" that can infect systems without an internet connection. It uses a custom hardware device with a micro SD card and radio frequency module to exfiltrate information from infected targets. The malware has multiple stages and can hide in encrypted sectors on the SD card or transmit data via radio. Details are provided on the prototype hardware, firmware, and future improvements planned for the project.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Este documento discute el tema de la prueba tecnológica indiciaria en los procesos penales. En particular, analiza cuestiones como la distinción entre indicios y sospechas, la necesidad de una motivación detallada por parte del tribunal al valorar las pruebas, y los límites a la obtención ilícita de pruebas por parte de particulares.
Este documento presenta una introducción a Bluetooth Low Energy (BLE), incluyendo su historia, funcionamiento y vulnerabilidades. Explica conceptos clave como el emparejamiento, los canales y los tipos de paquetes. Luego describe varios ataques realizados contra dispositivos BLE, como trackers, cámaras y monopatines eléctricos. Finalmente, ofrece recomendaciones para fortalecer la seguridad de BLE a través del cifrado y mecanismos robustos de intercambio de claves.
Este documento describe un método para generar ejemplos adversarios (AE) que evadan detectores de malware basados en aprendizaje profundo. El método propuesto utiliza perturbaciones en las cabeceras de los archivos binarios y optimización mediante algoritmos genéticos para introducir cambios que eviten la detección sin afectar al comportamiento. Los resultados experimentales muestran que el enfoque alcanza tasas de evasión de hasta el 98.23% frente a MalConv, un detector de estado del arte.
El documento describe diferentes técnicas avanzadas de fuzzing como mutation scheduling, structure-aware fuzzing y domain-specific feedback. Explica cómo estas técnicas pueden ayudar a encontrar vulnerabilidades de forma más eficiente explorando el espacio de búsqueda de manera inteligente. También incluye ejemplos de vulnerabilidades encontradas mediante fuzzing como CVE-2020-9273 y CVE-2020-9365.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
2. What is WCE?
• Windows Credentials Editor v1.0
• Manipulates Windows Logon Sessions
• Evolution of the Pass-the-Hash Toolkit (also
written by me)
• WCE v1.1 to be published after this is over
3. WCE features
• Dump in-memory credentials of logon
sessions
– Lists in-memory logon sessions
• Dumps in-memory username, domain, LM & NT
hashes
• current, future and terminated (…)
– Great to ‘steal’ credentials not stored locally
4. WCE features
• Pass-The-Hash
– Change/delete NTLM credentials of logon sessions
– Create new logon sessions and associate arbitrary
NTLM credentials
5. WCE features
• Does not require code injection to dump in-
memory credentials (v1.1)
– No need to run code inside LSASS.EXE
– Can locate, list and decrypt Logon Sessions and
NTLM credentials just by reading memory
6. WCE features
• Single executable (wce.exe)
– Easier to use, upload, etc.
• Supports
– Windows XP
– Windows 2003
– Windows Vista
– Windows 7
– Windows 2008
7. How does it work?
• Windows NT Logon and authentication model
Logon
LSA
Processes
Authentication
Packages
8. Windows NT Logon and
Authentication Model
WINLOGON.EXE
LSA AUTH API
(LSASRV.DLL)
MSV1_0.DLL
(NTLM AUTH PKG)
…
LSASS.EXE
9. Windows NT Logon and Authentication Model:
NTLM
WINLOGON.EXE
NTLM
CREDS
msv1_0.dll!LsaApLogonUser/Ex/Ex2()
Logon
• Authenticates user
Session
• Create logon session
(LUID)
• Add Credentials to Session
LSASS.EXE
17. Windows NT Logon and Authentication Model:
NTLM in detail
WINLOGON.EXE
LUID luid = LsaLogonUser( …,MSV1_0_PACKAGE_ID,… )
msv1_0.dll!LsaApLogonUser/Ex/Ex2()
• Create logon session
• Authenticates against local sam or AD
• msv1_0.dll!NlpAddPrimaryAddCredential(LUID, [username, domain,
LM/NT hashes],…)
• Lsasrv.dll!AddCredential(LUID,…)
18. 'Use Auth
Implementation:
Package API’
Method
Summary
• Find by ‘signatures’ and heuristics
• MSV1_0.DLL!NlpAddPrimaryCredential
• MSV1_0.DLL!NlpDeletePrimaryCredential
• MSV1_0.DLL!NlpGetPrimaryCredential
• Run code inside LSASS.EXE
• Call *PrimaryCredential functions
• LSASRV.DLL functions are not called directly, eg:
• MSV1_0.DLL!NlpAddPrimaryCredential()
• LSASRV.DLL!AddCredential()
• No need to encrypt/decrypt credentials
22. 'Use Auth
Package Implementation:
API’
Method
working with Session Isolation
23. 'Use Auth
Package Implementation:
API’
Method
working with Session Isolation
Inject code LSASS.EXE
WCE.EXE
INJECTED CODE
Call
msv1_0.dll!NlpAdd
PrimaryCredential
Etc.
Session 1 Session 0
24. 'Use Auth
Package
Implementation:
API’ working with Session Isolation
Method
25. 'Use Auth
Package
Implementation:
API’ working with Session Isolation
Method
26. 'Use Auth
Package
Implementation:
API’ working with Session Isolation
Method
27. 'Use Auth
Package Implementation:
API’
Method
working with Session Isolation
(Note: CreateRemoteThread() is not the the only way to inject & run code...)
28. 'Use Auth
Package Implementation:
API’
Method
working with Session Isolation
• Windows Vista/7/2008
• NTDLL.DLL!NtCreateThreadEx
• Windows XP/2003
• RDP / Terminal Services
• Create a Windows Service and do everything there
• WCE.EXE also acts as a Windows Service
• Installs, starts, stops and removes itself
• IPC via Named Pipe
29. ‘Read LSASS
Memory’ Implementation
Method
• No need to run code inside LSASS.EXE (SUPER SAFE!)
• ReadProcessMemory() only!
• Reverse engineer inner workings of LSASS.EXE (LSASRV.DLL)
• Structures used internally to hold logon sessions
• Structures used internally to hold credentials
• Structures used internally to hold NTLM Hashes
• Decrypt credentials
• Find keys
• Algorithm
• Anything else needed to decrypt (e.g.: IV)
32. Implementation:
LsaEncryptMemory()
Windows XP/2003 Windows Vista/7/2008
Lsasrv.dll!LsaEncryptMemory()
NTLM_CREDS_BLOCK
• Encrypted with desX-CBC or RC4 • Encrypted with 3DES-CBC or AES-128-CFB
• If mod(size/8) == 0 => desX-cbc • If mod(size/8) == 0 => 3DES-CBC
• Otherwise use RC4 • Otherwise use 3DES-CBC
• Encrypted with desX-CBC • Encrypted with 3DES-CBC
35. Implementation:
crypto functions used
Windows XP/2003 Windows Vista/7/2008
• Uses custom desX-CBC • Uses Cryptography API: Next
implementation Generation (CNG)
– Located in LSASRV.DLL • Exported by BCRYPT.DLL
– Is not an API • BCryptOpenAlgorithmProvider
– Not exported by any Win32
• BCryptSetProperty /
DLL
BCryptGetProperty
• BCryptGenRandom
• BCryptGenerateSymmetricKey
• BCryptEncrypt / BCryptDecrypt
36. Implementation
• desX-cbc ‘trick’ – ‘Reuse’ LsaEncryptMemory
CODE!LSASRV.DLL
LsaEncrptMemory()
DATA DATA
IV, DESXTABLE IV, DESXTABLE
LSASRV.DLL
LSASRV.DLL
LSASS.EXE PROCESS.EXE
39. Implementation
Finding the encryption key (Vista/7/2008)
• BCRYPT_KEY_HANDLE hKey
– hKey = Pointer to Memory Block (BLOB)
– hKey + 0x3C => encryption key
• To extract key, read from LSASS.EXE(LSASRV.DLL)
– ((unsigned char*)h3DesKey)+0x3C
– ((unsigned char*))hAesKey)+0x3C
40. Implementation
Finding the encryption key (Vista/7/2008)
• Actually, offset changes between OSes
– hKey + 0x3C => encryption key (Win7)
– hKey + 0x2C => encryption key (Win2008)
• To be safe, I ‘discover’ the offset at runtime
– I wrote a custom function for that
‘KeyDiscoverOffset()’
41. Implementation
Finding the encryption key (Vista/7/2008)
• KeyDiscoverOffset()
– Uses CNG API to create key object with hard-coded key
– Look for hard-coded key inside BLOB pointed to by
BCRYPT_KEY_HANDLE
BCRYPT_KEY_HANDLE hKey +0h
hKey = +3Ch KKKKKKKK…
BCryptGenerateSymmetricKey(...,”K
KKKKKKK…”)
+...h
42. Implementation
Finding the IV (Vista/7/2008)
• IV is also needed
• To extract IV
– Read IV from LSASS.EXE (LSASRV.DLL) memory
– Symbol ‘InitializationVector’
• With IV and Key, just use CNG
– BCryptDecrypt and friends
– No need to run code inside LSASS.EXE
44. Implementation:
Addresses Needed
• Database of addresses
• ID by SHA1 hash of LSASRV.DLL
• Yes, addresses still an issue..
• But ..
• Getlsasrvaddr.exe to the rescue..
45. GetLSASRVADDR.exe
• Finds needed addresses automatically
• User-friendly
• No IDC script, IDA or anything weird like that
is needed
• Uses Microsoft symbol server
• Requires http outbound connection (!)
• Associates addresses and DLLs using SHA1
47. GetLSASRVADDR.exe
• Could be integrated with WCE but..
• The outbound connection might be an
issue
• huge not-there-by-default DLLs needed
• Symsrv.dll and dbghelp.dll (new version,
not the default one)
• Could implement own version of ‘symbol
server’ protocol
• Or perhaps it is best to use heuristics..
48. Implementation:
ASLR and Windows Vista/7/2008
• LSASRV.DLL addresses and ASLR
– Not an issue..
– To locate symbols don’t use hard-coded addresses
– Use Offsets instead
– ASLR is just at boot time
– Get current LSASRV.DLL Base Address at run-time
and add offset
49. WCE execution flow (simplified)
List READ
START END
Creds? MEM
XP/2003
Install/Run/Use ? Vista/7 INJECT
WCE Service /2008 CODE
CurSessionID ==
LSASessionID?
50. WCE vs PTH
Feature WCE PTH
Supports Windows Vista/7/2008 YES NO
Single executable YES NO
(many executables,
need to upload dll, etc)
Delete NTLM Credentials YES NO
Works with session isolation YES NO
(e.g.: via RDP)
Programmatic discovery of new YES NO
LSASRV addresses (via
getlsasrvaddr)
Seamlessly chooses code injection or YES NO
reading from memory
51. Conclusions
• WCE v1.1
– More features and OSes supported
– Works via RDP/Terminal Services
– No code injection needed
– Better solution for ‘addresses issue’
– ‘zombie’ logon sessions and credentials still
around in Windows 7 and family..
– Download WCE v1.1!
• http://www.ampliasecurity.com/research/wce_v1_1.tgz
52. ‘zombie’ logon sessions and credentials
NTLM
CREDS
Logon
Session RDP/Terminal Services
connection
Domain Admin
Some Server
(e.g.: backup
server nobody
cares about)
Attacker