Developers and researchers are confronted with a huge number of tools and technologies in their daily work, each of which has its own pros and cons. This realization is important for network devices intended to stop attacks — they should be “omnivores” with regard to network protocols. The speaker’s passion is to study and recreate various hacker attacks, exploits and tactics at the network level in order to develop reliable detection techniques for intrusion detection systems. While working on lots of attacks he noticed some tiny network conditions when a packet sequence slip away from IDS system but get to the target. Will your IDS system detect data network connection was broken? Using nc and a Linux machine, the speaker will demonstrate 4 CVEs he found for bypassing IDS systems, based on the example of the popular Suricata IDS.
Upping the APT hunting game: learn the best YARA practices from KasperskyKaspersky
Have you ever wondered how Kaspersky discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. Costin Raiu, director of Kaspersky’s Global Research and Analysis Team (GReAT), will be sharing best practices on the use of YARA, an essential tool for APT hunters that can assist with the discovery of new malware samples, exploits and zero-days, speed up incident response, and increase your defenses by deploying custom rules inside your organization.
If you ever wanted to master YARA and achieve a new level of knowledge in APT detection, mitigation and response, now is your chance.
This brief webinar is based on Kaspersky’s exclusive training on YARA rules, which has already helped improve the APT detection strategies of many cybersecurity teams from leading businesses across the world. During the webinar, you will learn how to write test and improve effective YARA rules. You will also get a glimpse of some of our internal tools and learn how to maximize your knowledge for building effective APT detection strategies with YARA.
This practical webinar is useful for security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT researchers and IT security staff. The content is suitable for both beginners and seasoned YARA users. The full webinar can be seen: https://kas.pr/92tr
Learn the network and server performance monitoring using the network monitoring software, OpManager. Watch the video, read the questions and answers from here: https://www.manageengine.com/network-monitoring/training.html
Explains the basics of IPsec: why IPsec, main IPsec protocols (Authentication Header or AH/Encapsulating Security Payload or ESP), modes (tunnel/transport) and ciphers (MD5/AES).
Explains how IPv4 packets are being transformed with IPsec protocols, what are the issues with NAT and what is NAT traversal.
At the very end of the presentation there is a real life example for secure communication between two Linux hosts (using ip xfrm).
This talk shares the various techniques I found whilst building the XSS cheat sheet. It contains auto executing vectors, AngularJS CSP bypasses and dangling markup attacks.
Upping the APT hunting game: learn the best YARA practices from KasperskyKaspersky
Have you ever wondered how Kaspersky discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. Costin Raiu, director of Kaspersky’s Global Research and Analysis Team (GReAT), will be sharing best practices on the use of YARA, an essential tool for APT hunters that can assist with the discovery of new malware samples, exploits and zero-days, speed up incident response, and increase your defenses by deploying custom rules inside your organization.
If you ever wanted to master YARA and achieve a new level of knowledge in APT detection, mitigation and response, now is your chance.
This brief webinar is based on Kaspersky’s exclusive training on YARA rules, which has already helped improve the APT detection strategies of many cybersecurity teams from leading businesses across the world. During the webinar, you will learn how to write test and improve effective YARA rules. You will also get a glimpse of some of our internal tools and learn how to maximize your knowledge for building effective APT detection strategies with YARA.
This practical webinar is useful for security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT researchers and IT security staff. The content is suitable for both beginners and seasoned YARA users. The full webinar can be seen: https://kas.pr/92tr
Learn the network and server performance monitoring using the network monitoring software, OpManager. Watch the video, read the questions and answers from here: https://www.manageengine.com/network-monitoring/training.html
Explains the basics of IPsec: why IPsec, main IPsec protocols (Authentication Header or AH/Encapsulating Security Payload or ESP), modes (tunnel/transport) and ciphers (MD5/AES).
Explains how IPv4 packets are being transformed with IPsec protocols, what are the issues with NAT and what is NAT traversal.
At the very end of the presentation there is a real life example for secure communication between two Linux hosts (using ip xfrm).
This talk shares the various techniques I found whilst building the XSS cheat sheet. It contains auto executing vectors, AngularJS CSP bypasses and dangling markup attacks.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
Handy Networking Tools and How to Use ThemSneha Inguva
When I joined the networking team at DigitalOcean a few years ago, I dove into an entirely different world of software-defined networking in the data center. Virtual switches, networking protocols — these were concepts that I had encountered at the surface level before — but now I frequently found myself debugging them. With time, I came to rely on a variety of Linux networking tools for introspecting, troubleshooting, and examining network state. In this talk, I’ll share some of my favorite Linux networking tools and discuss scenarios in which they are quite helpful.
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
By Andy Wingo.
Refreshing your Twitter feed is such a drag over 3G, taking forever to connect and fetch those precious kilobytes. The reasons for this go deep into the architecture of the internet: making an HTTPS connection simply has terrible latency.
So let’s fix the internet! MinimaLT is an exciting new network protocol that connects faster than TCP, is more secure than TLS (crypto by DJ Bernstein), and allows mobile devices to keep connections open as they change IP addresses. This talk presents the MinimaLT protocol and a Node library that allows JS hackers to experimentally build a new Internet.
This presentation introduces Data Plane Development Kit overview and basics. It is a part of a Network Programming Series.
First, the presentation focuses on the network performance challenges on the modern systems by comparing modern CPUs with modern 10 Gbps ethernet links. Then it touches memory hierarchy and kernel bottlenecks.
The following part explains the main DPDK techniques, like polling, bursts, hugepages and multicore processing.
DPDK overview explains how is the DPDK application is being initialized and run, touches lockless queues (rte_ring), memory pools (rte_mempool), memory buffers (rte_mbuf), hashes (rte_hash), cuckoo hashing, longest prefix match library (rte_lpm), poll mode drivers (PMDs) and kernel NIC interface (KNI).
At the end, there are few DPDK performance tips.
Tags: access time, burst, cache, dpdk, driver, ethernet, hub, hugepage, ip, kernel, lcore, linux, memory, pmd, polling, rss, softswitch, switch, userspace, xeon
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterAnne Nicolas
NDIV is a young, very simple, yet efficient network traffic diverter. Its purpose is to help build network applications that intercept packets at line rate with a very low processing overhead. A first example application is a stateless HTTP server reaching line rate on all packet sizes.
Willy Tarreau, HaproxyTech
Presented at PyCon UK 2018 (18 September 2018, Cardiff).
The slides are incomplete.
Recording available at:
https://www.youtube.com/watch?v=-weU0Zy4Yd8
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
6. Client Server
3 way handshake
HTTP 200 OK
GET / HTTP/1.1
Bypass #1
A normal HTTP
traffic flow
What if use NetCat for HTTP 200 OK?
nc -lp 80 < payload.txt
7. Client NC
What NC does?
SYN
SYN/ACK
HTTP 200 OK
ACK
GET / HTTP/1.1
nc -lp 80 < payload.txt
HTTP?
I haven’t
heard
8. What IDS sees? nc -lp 80 < payload.txt
Client Server
3 way handshake
HTTP 200 OK
GET / HTTP/1.1
9. IDS Bypassed:
Bypassed
IDS miss:
- Exploit KIT
- CnC
- Miner
5000 signatures
affected
Client Server
3 way handshake
HTTP 200 OK
GET / HTTP/1.1
CVE-2018-6794
10. Client Server
⅓ SYN
⅔ SYN-ACK
HTTP 200 OK
FIN
ACK
You need be fast:
seconds
Some switches don’t allow
data until TCP 3whs
Both Windows/Linux accept
Problems of Exploiting
13. PORT 80
1 2
Bypass #2
● One day I played with
Bypass #1
● And forgot disable
RST packets
● Kernel sent RST back
RSTSYN
14. 3
Bypass #2
● One day I played with
Bypass #1
● And forgot disable
RST packets
● Kernel sent RST back
● Then my script worked
PORT 80
RSTSYN
SYN-ACK
DATA
15. ● One day I played with
Bypass #1
● And forgot disable
RST packets
● Kernel sent RST back
● Then my script worked
● And Windows got it
Bypass #2
3
PORT 80
RSTSYN
SYN-ACK
DATA
16. Bypass #2
0.5 sec
○ Windows only
○ 0.5 seconds MAX
● Kernel sent RST back
● Then my script worked
● And Windows got it
3
PORT 80
RSTSYN
SYN-ACK
DATA
28. Example: DNS Tunneling
● Is a covert channel encapsulated into
DNS requests/responses
● DNS uses UDP usually
Malware C2
Malware C2
DNS query
Broken ICMP DNS response
31. “one two SECOND three four FIRST five six
SECOND seven eight nine”
content: “FIRST”; content: “SECOND”; distance: 0;
Signature:
Content:
How signature works?
Static Content
Regular Expression
Byte operations
Base64
Protocol Specific
32. “one FIRST three FIRST five six FIRST eight FIRST ten”
The issue
Checks for SECOND didn’t stop
if no content found:
“one FIRST three FIRST five six FIRST eight FIRST ten”
“one FIRST three FIRST five six FIRST eight FIRST ten”
“one FIRST three FIRST five six FIRST eight FIRST ten”
Checks
33. “one FIRST three FIRST five six FIRST eight FIRST ten”
The issue
“one FIRST three FIRST five six FIRST eight FIRST ten”
“one FIRST three FIRST five six FIRST eight FIRST ten”
“one FIRST three FIRST five six FIRST eight FIRST ten”
Checks
3000 checks for 1 TCP packet
Let’s hire PRCE!
34. The Result
3 Billion Ticks!
Num Rule Avg Ticks
-------- ------------ -----------
1 2016204 3302218139
35. The Result
3 Billion Ticks!
Num Rule Avg Ticks
-------- ------------ -----------
1 2016204 3302218139
NOW
1 TCP
1 Code
1 Second
Usually
80,000 TCP
1 Code
1 Second
CVE-2017-15377
36. POST / HTTP/1.1
<a type='yaml"<a
type='yaml"!ruby
1) Generate payload
while [ true ];
do nc 192.168.235.136 80 < payload.txt;
2) Send it
Exploiting with NetCat
82 times
38. ● Logic bugs are evil
● The approach may be applied
to other detection systems
● There are many more!
What did just happen?
CVE-2017-15377
CVE-2016-10728
CVE-2018-14568
CVE-2018-6794