With the increasing number of ARM-based devices being used in the modern world today, mobile devices including tablets and smartphones are becoming a very worth-while target for attackers. This lecture will cover the fundamentals of both the ARM and ARM64 architectures, introduce return-oriented exploitation techniques for those who are unfamiliar and walk through the process of developing and executing an exploit on an ARM64-based system, making use of ROP and stack pivoting techniques along the way.
Recently our team researched various ntos subsystem attack vectors, and one of the outputs we will present in our talk. DeathNote as our internal code name to this component, which resides in Microsoft Windows kernel, hiding behind different interfaces and exposed to user differently.
What can goes bad with it?
Basically two kinds of problems, one is syscall handling via direct user interaction. We will describe how to obtain basic understanding of what's going on, how it interacts with other components and what is its purpose. With those knowledge we will dig deeper how to make more complex fuzzing logic to cause enough chaos that will end up in unexpected behaviors in Windows kernel, and demonstrate some of them.
And as for second, as it hints from title, this module does bit of data parsing, so we will dive deep into internals, pointing out some available materials, and move on to reverse engineered structures and internal mechanism. We will show how some tricks can outcome with various results, and how structured approach can expose more problems than is expected.
The document discusses C++ exploitation techniques including name mangling, virtual function tables, vtable hijacking, vectors, strings, and memory allocation/deallocation functions like new and delete. It provides details on how virtual function tables are used to implement polymorphism in C++ and how vtable hijacking can be used to exploit vulnerabilities by forcing a vtable and hijacking the virtual function pointer to call shellcode. It also explains how vectors and strings are implemented dynamically in memory and their memory layout.
Windows 10 Nt Heap Exploitation (English version)Angel Boy
The document discusses the Windows memory allocator and heap exploitation. It describes the core components and data structures of the NT heap, including the _HEAP structure, _HEAP_ENTRY chunks, BlocksIndex structure, and FreeLists. It also explains the differences between the backend and frontend allocators as well as how chunks of different sizes are managed.
MacOS memory allocator (libmalloc) ExploitationAngel Boy
The document discusses the memory allocator libmalloc used in MacOS. It details the data structures used to manage tiny chunks of memory less than 1008 bytes, including blocks, chunks, magazines, free lists, bitmaps and regions. The mechanism of allocating, freeing and caching tiny chunks is also described.
Play with FILE Structure - Yet Another Binary Exploit TechniqueAngel Boy
The document discusses exploiting the FILE structure in C programs. It provides an overview of how file streams and the FILE structure work. Key points include that the FILE structure contains flags, buffers, a file descriptor, and a virtual function table. It describes how functions like fopen, fread, and fwrite interact with the FILE structure. It then discusses potential exploitation techniques like overwriting the virtual function table or FILE's linked list to gain control of program flow. It notes defenses like vtable verification implemented in modern libc libraries.
Build a full-functioned virtual machine from scratch, when Brainfuck is used. Basic concepts about interpreter, optimizations techniques, language specialization, and platform specific tweaks.
Recently our team researched various ntos subsystem attack vectors, and one of the outputs we will present in our talk. DeathNote as our internal code name to this component, which resides in Microsoft Windows kernel, hiding behind different interfaces and exposed to user differently.
What can goes bad with it?
Basically two kinds of problems, one is syscall handling via direct user interaction. We will describe how to obtain basic understanding of what's going on, how it interacts with other components and what is its purpose. With those knowledge we will dig deeper how to make more complex fuzzing logic to cause enough chaos that will end up in unexpected behaviors in Windows kernel, and demonstrate some of them.
And as for second, as it hints from title, this module does bit of data parsing, so we will dive deep into internals, pointing out some available materials, and move on to reverse engineered structures and internal mechanism. We will show how some tricks can outcome with various results, and how structured approach can expose more problems than is expected.
The document discusses C++ exploitation techniques including name mangling, virtual function tables, vtable hijacking, vectors, strings, and memory allocation/deallocation functions like new and delete. It provides details on how virtual function tables are used to implement polymorphism in C++ and how vtable hijacking can be used to exploit vulnerabilities by forcing a vtable and hijacking the virtual function pointer to call shellcode. It also explains how vectors and strings are implemented dynamically in memory and their memory layout.
Windows 10 Nt Heap Exploitation (English version)Angel Boy
The document discusses the Windows memory allocator and heap exploitation. It describes the core components and data structures of the NT heap, including the _HEAP structure, _HEAP_ENTRY chunks, BlocksIndex structure, and FreeLists. It also explains the differences between the backend and frontend allocators as well as how chunks of different sizes are managed.
MacOS memory allocator (libmalloc) ExploitationAngel Boy
The document discusses the memory allocator libmalloc used in MacOS. It details the data structures used to manage tiny chunks of memory less than 1008 bytes, including blocks, chunks, magazines, free lists, bitmaps and regions. The mechanism of allocating, freeing and caching tiny chunks is also described.
Play with FILE Structure - Yet Another Binary Exploit TechniqueAngel Boy
The document discusses exploiting the FILE structure in C programs. It provides an overview of how file streams and the FILE structure work. Key points include that the FILE structure contains flags, buffers, a file descriptor, and a virtual function table. It describes how functions like fopen, fread, and fwrite interact with the FILE structure. It then discusses potential exploitation techniques like overwriting the virtual function table or FILE's linked list to gain control of program flow. It notes defenses like vtable verification implemented in modern libc libraries.
Build a full-functioned virtual machine from scratch, when Brainfuck is used. Basic concepts about interpreter, optimizations techniques, language specialization, and platform specific tweaks.
Linux Binary Exploitation - Return-oritend ProgramingAngel Boy
The document discusses using return-oriented programming (ROP) to bypass address space layout randomization (ASLR) and data execution prevention (DEP). It describes using the procedure linkage table (PLT) to leak the address of functions like puts to bypass ASLR. A ROP chain is then constructed to call read to read "/bin/sh" into memory and execute it, achieving arbitrary code execution.
binder-for-linux is an experimental project to evaluate the feasibility of porting Android Binder IPC subsystem to Ubuntu Linux.
GitHub: https://github.com/hungys/binder-for-linux
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
This document discusses block ciphers and their implementation. It begins with an overview of block cipher history and components like block size and round keys. It then examines the AES block cipher standard and how to efficiently implement it using table lookups and processor instructions. Finally, it covers modes of operation like CBC, CTR, and their security, as well as potential attacks like padding oracles and meet-in-the-middle.
Injection on Steroids: Codeless code injection and 0-day techniquesenSilo
This document discusses techniques for injecting code into processes without directly writing code to the target process's memory. It introduces a technique called "Trap Frame Injection" which hijacks the CPU's user mode state that is stored in trap frames during system calls. It also presents a "Codeless Code Injection" technique which builds ROP chains on the user stack and manipulates the stack pointer to trigger execution without direct code writes. Challenges with this approach like getting return values and avoiding deadlocks are also outlined along with solutions like using a device handle callback or creating a dedicated thread.
Modern Kernel Pool Exploitation: Attacks and TechniquesMichael Scovetta
The document discusses modern techniques for exploiting vulnerabilities in the Windows kernel memory pool. It provides an overview of the kernel pool structures and internals in Windows 7 and earlier versions. Specific topics covered include the pool descriptor, pool headers, free lists, lookaside lists, large allocations, and the use of bitmaps. The goal is to identify weaknesses that can be leveraged for privilege escalation attacks.
Video: https://www.youtube.com/watch?v=JRFNIKUROPE . Talk for linux.conf.au 2017 (LCA2017) by Brendan Gregg, about Linux enhanced BPF (eBPF). Abstract:
A world of new capabilities is emerging for the Linux 4.x series, thanks to enhancements that have been included in Linux for to Berkeley Packet Filter (BPF): an in-kernel virtual machine that can execute user space-defined programs. It is finding uses for security auditing and enforcement, enhancing networking (including eXpress Data Path), and performance observability and troubleshooting. Many new open source tools that have been written in the past 12 months for performance analysis that use BPF. Tracing superpowers have finally arrived for Linux!
For its use with tracing, BPF provides the programmable capabilities to the existing tracing frameworks: kprobes, uprobes, and tracepoints. In particular, BPF allows timestamps to be recorded and compared from custom events, allowing latency to be studied in many new places: kernel and application internals. It also allows data to be efficiently summarized in-kernel, including as histograms. This has allowed dozens of new observability tools to be developed so far, including measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more.
This talk will summarize BPF capabilities and use cases so far, and then focus on its use to enhance Linux tracing, especially with the open source bcc collection. bcc includes BPF versions of old classics, and many new tools, including execsnoop, opensnoop, funcccount, ext4slower, and more (many of which I developed). Perhaps you'd like to develop new tools, or use the existing tools to find performance wins large and small, especially when instrumenting areas that previously had zero visibility. I'll also summarize how we intend to use these new capabilities to enhance systems analysis at Netflix.
An introduction to Rust: the modern programming language to develop safe and ...Claudio Capobianco
Rust is a young programming language developed by Mozilla with the open source community support. According to a survey of StackOverflow, in 2016 was the most loved among developers language! The goal of Rust is to combine control and performances, that is, operate at low level with high-level constructs. The actual applications vary from operating system to web development. Rust natively includes tools for Agile development, such as dependency management, testing and much more. The gap with other popular languages is filling up quickly thanks to the community, very active and fantastic :)
In this introductory presentation we will discuss the characteristics that make Rust unique, including the concepts of Ownership, Borrowing, and Lifetimes.
These slide has be presented for a talk in BIC Lazio Casilina, that has been also the first meetup of Rust Rome!
BPF of Berkeley Packet Filter mechanism was first introduced in linux in 1997 in version 2.1.75. It has seen a number of extensions of the years. Recently in versions 3.15 - 3.19 it received a major overhaul which drastically expanded it's applicability. This talk will cover how the instruction set looks today and why. It's architecture, capabilities, interface, just-in-time compilers. We will also talk about how it's being used in different areas of the kernel like tracing and networking and future plans.
Windows 10 Nt Heap Exploitation (Chinese version)Angel Boy
The document discusses Windows memory allocation and the NT heap. It describes the core data structures used, including the _HEAP, _HEAP_ENTRY chunks, and _HEAP_LIST_LOOKUP BlocksIndex. It explains how allocated, freed, and VirtualAlloc chunks are structured and managed in the Back-End, including using freelist chains and BlocksIndex to efficiently service allocation requests.
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
Video: https://www.facebook.com/atscaleevents/videos/1693888610884236/ . Talk by Brendan Gregg from Facebook's Performance @Scale: "Linux performance analysis has been the domain of ancient tools and metrics, but that's now changing in the Linux 4.x series. A new tracer is available in the mainline kernel, built from dynamic tracing (kprobes, uprobes) and enhanced BPF (Berkeley Packet Filter), aka, eBPF. It allows us to measure latency distributions for file system I/O and run queue latency, print details of storage device I/O and TCP retransmits, investigate blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. This talk will summarize this new technology and some long-standing issues that it can solve, and how we intend to use it at Netflix."
Ceph Benchmarking Tool (CBT) is a Python framework for benchmarking Ceph clusters. It has client and monitor personalities for generating load and setting up the cluster. CBT includes benchmarks for RADOS operations, librbd, KRBD on EXT4, KVM with RBD volumes, and COSBench tests against RGW. Test plans are defined in YAML files and results are archived for later analysis using tools like awk, grep, and gnuplot.
Git is an open source distributed version control system (VCS) developed by Linus Torvalds in 2005. Version control allows tracking changes to files over time through commits, enabling recall of specific versions. GitHub is a code hosting platform that allows collaboration on projects remotely using Git. Common Git commands include git init to create a repository, git add to stage files, git commit to save changes, and git push to sync a local repository with a remote one. Pull requests allow proposing and reviewing changes before merging into a main branch like master.
This document discusses the Machine Learning Security Evasion Competition 2020 organized by Hyrum Anderson and Zoltan Balazs. It provided an overview of the competition which challenged participants to modify malware samples to evade detection by machine learning models in an offensive track, or to develop their own machine learning models for submission in a defensive track. The document outlines various approaches used by winners to evade models, such as appending extra data to executables. It concludes by providing the names of the competition winners and statistics on participant numbers and model checks during the competition.
Linux Binary Exploitation - Return-oritend ProgramingAngel Boy
The document discusses using return-oriented programming (ROP) to bypass address space layout randomization (ASLR) and data execution prevention (DEP). It describes using the procedure linkage table (PLT) to leak the address of functions like puts to bypass ASLR. A ROP chain is then constructed to call read to read "/bin/sh" into memory and execute it, achieving arbitrary code execution.
binder-for-linux is an experimental project to evaluate the feasibility of porting Android Binder IPC subsystem to Ubuntu Linux.
GitHub: https://github.com/hungys/binder-for-linux
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
This document discusses block ciphers and their implementation. It begins with an overview of block cipher history and components like block size and round keys. It then examines the AES block cipher standard and how to efficiently implement it using table lookups and processor instructions. Finally, it covers modes of operation like CBC, CTR, and their security, as well as potential attacks like padding oracles and meet-in-the-middle.
Injection on Steroids: Codeless code injection and 0-day techniquesenSilo
This document discusses techniques for injecting code into processes without directly writing code to the target process's memory. It introduces a technique called "Trap Frame Injection" which hijacks the CPU's user mode state that is stored in trap frames during system calls. It also presents a "Codeless Code Injection" technique which builds ROP chains on the user stack and manipulates the stack pointer to trigger execution without direct code writes. Challenges with this approach like getting return values and avoiding deadlocks are also outlined along with solutions like using a device handle callback or creating a dedicated thread.
Modern Kernel Pool Exploitation: Attacks and TechniquesMichael Scovetta
The document discusses modern techniques for exploiting vulnerabilities in the Windows kernel memory pool. It provides an overview of the kernel pool structures and internals in Windows 7 and earlier versions. Specific topics covered include the pool descriptor, pool headers, free lists, lookaside lists, large allocations, and the use of bitmaps. The goal is to identify weaknesses that can be leveraged for privilege escalation attacks.
Video: https://www.youtube.com/watch?v=JRFNIKUROPE . Talk for linux.conf.au 2017 (LCA2017) by Brendan Gregg, about Linux enhanced BPF (eBPF). Abstract:
A world of new capabilities is emerging for the Linux 4.x series, thanks to enhancements that have been included in Linux for to Berkeley Packet Filter (BPF): an in-kernel virtual machine that can execute user space-defined programs. It is finding uses for security auditing and enforcement, enhancing networking (including eXpress Data Path), and performance observability and troubleshooting. Many new open source tools that have been written in the past 12 months for performance analysis that use BPF. Tracing superpowers have finally arrived for Linux!
For its use with tracing, BPF provides the programmable capabilities to the existing tracing frameworks: kprobes, uprobes, and tracepoints. In particular, BPF allows timestamps to be recorded and compared from custom events, allowing latency to be studied in many new places: kernel and application internals. It also allows data to be efficiently summarized in-kernel, including as histograms. This has allowed dozens of new observability tools to be developed so far, including measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more.
This talk will summarize BPF capabilities and use cases so far, and then focus on its use to enhance Linux tracing, especially with the open source bcc collection. bcc includes BPF versions of old classics, and many new tools, including execsnoop, opensnoop, funcccount, ext4slower, and more (many of which I developed). Perhaps you'd like to develop new tools, or use the existing tools to find performance wins large and small, especially when instrumenting areas that previously had zero visibility. I'll also summarize how we intend to use these new capabilities to enhance systems analysis at Netflix.
An introduction to Rust: the modern programming language to develop safe and ...Claudio Capobianco
Rust is a young programming language developed by Mozilla with the open source community support. According to a survey of StackOverflow, in 2016 was the most loved among developers language! The goal of Rust is to combine control and performances, that is, operate at low level with high-level constructs. The actual applications vary from operating system to web development. Rust natively includes tools for Agile development, such as dependency management, testing and much more. The gap with other popular languages is filling up quickly thanks to the community, very active and fantastic :)
In this introductory presentation we will discuss the characteristics that make Rust unique, including the concepts of Ownership, Borrowing, and Lifetimes.
These slide has be presented for a talk in BIC Lazio Casilina, that has been also the first meetup of Rust Rome!
BPF of Berkeley Packet Filter mechanism was first introduced in linux in 1997 in version 2.1.75. It has seen a number of extensions of the years. Recently in versions 3.15 - 3.19 it received a major overhaul which drastically expanded it's applicability. This talk will cover how the instruction set looks today and why. It's architecture, capabilities, interface, just-in-time compilers. We will also talk about how it's being used in different areas of the kernel like tracing and networking and future plans.
Windows 10 Nt Heap Exploitation (Chinese version)Angel Boy
The document discusses Windows memory allocation and the NT heap. It describes the core data structures used, including the _HEAP, _HEAP_ENTRY chunks, and _HEAP_LIST_LOOKUP BlocksIndex. It explains how allocated, freed, and VirtualAlloc chunks are structured and managed in the Back-End, including using freelist chains and BlocksIndex to efficiently service allocation requests.
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
Video: https://www.facebook.com/atscaleevents/videos/1693888610884236/ . Talk by Brendan Gregg from Facebook's Performance @Scale: "Linux performance analysis has been the domain of ancient tools and metrics, but that's now changing in the Linux 4.x series. A new tracer is available in the mainline kernel, built from dynamic tracing (kprobes, uprobes) and enhanced BPF (Berkeley Packet Filter), aka, eBPF. It allows us to measure latency distributions for file system I/O and run queue latency, print details of storage device I/O and TCP retransmits, investigate blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. This talk will summarize this new technology and some long-standing issues that it can solve, and how we intend to use it at Netflix."
Ceph Benchmarking Tool (CBT) is a Python framework for benchmarking Ceph clusters. It has client and monitor personalities for generating load and setting up the cluster. CBT includes benchmarks for RADOS operations, librbd, KRBD on EXT4, KVM with RBD volumes, and COSBench tests against RGW. Test plans are defined in YAML files and results are archived for later analysis using tools like awk, grep, and gnuplot.
Git is an open source distributed version control system (VCS) developed by Linus Torvalds in 2005. Version control allows tracking changes to files over time through commits, enabling recall of specific versions. GitHub is a code hosting platform that allows collaboration on projects remotely using Git. Common Git commands include git init to create a repository, git add to stage files, git commit to save changes, and git push to sync a local repository with a remote one. Pull requests allow proposing and reviewing changes before merging into a main branch like master.
This document discusses the Machine Learning Security Evasion Competition 2020 organized by Hyrum Anderson and Zoltan Balazs. It provided an overview of the competition which challenged participants to modify malware samples to evade detection by machine learning models in an offensive track, or to develop their own machine learning models for submission in a defensive track. The document outlines various approaches used by winners to evade models, such as appending extra data to executables. It concludes by providing the names of the competition winners and statistics on participant numbers and model checks during the competition.
Andrey Karpov presented on common patterns of 64-bit errors seen in games and other applications. Some key points:
1) 64-bit errors are issues that only appear when building 64-bit applications, often due to implicit type conversions or assumptions made for 32-bit.
2) Examples included incorrect type sizes leading to overflows, missing includes causing errors in libraries, and pointer arithmetic issues.
3) To write high quality 64-bit code, developers should specify coding standards, use correct integer types like size_t, avoid magic numbers, and employ static analysis and unit testing.
SAST, CWE, SEI CERT and other smart words from the information security worldAndrey Karpov
This document discusses static application security testing (SAST) and how it can help detect vulnerabilities in code. It provides background on how code bases and error densities are growing over time. It then discusses various standards and classifications for weaknesses and vulnerabilities, such as CWE, CVE, MISRA, and SEI CERT. It emphasizes that SAST tools can help detect vulnerabilities early and provide coverage of entire code bases, but may produce false positives. Finally, it suggests introducing SAST tools correctly through configuration, continuous integration, and addressing warnings as technical debt.
My talk on creating ARM/Thumb Polyglot shellcode for obfuscation, signature evasion and downright novelty of approach! Presented at Hack in the Box Amsterdam 2019
Title: Sista: Improving Cog’s JIT performance
Speaker: Clément Béra
Thu, August 21, 9:45am – 10:30am
Video Part1
https://www.youtube.com/watch?v=X4E_FoLysJg
Video Part2
https://www.youtube.com/watch?v=gZOk3qojoVE
Description
Abstract: Although recent improvements of the Cog VM performance made it one of the fastest available Smalltalk virtual machine, the overhead compared to optimized C code remains important. Efficient industrial object oriented virtual machine, such as Javascript V8's engine for Google Chrome and Oracle Java Hotspot can reach on many benchs the performance of optimized C code thanks to adaptive optimizations performed their JIT compilers. The VM becomes then cleverer, and after executing numerous times the same portion of codes, it stops the code execution, looks at what it is doing and recompiles critical portion of codes in code faster to run based on the current environment and previous executions.
Bio: Clément Béra and Eliot Miranda has been working together on Cog's JIT performance for the last year. Clément Béra is a young engineer and has been working in the Pharo team for the past two years. Eliot Miranda is a Smalltalk VM expert who, among others, has implemented Cog's JIT and the Spur Memory Manager for Cog.
Java on arm theory, applications, and workloads [dev5048]Aleksei Voitylov
This document discusses optimizing Java performance on Arm processors. It describes adding intrinsics and stubs to the HotSpot JVM compiler to generate optimized Arm assembly for key methods like String processing and math functions. Benchmark results show up to 78x speedups for microbenchmarks and improved performance on SPECjbb2015 from these changes. The goal is to improve the performance of typical enterprise Java workloads on Arm servers.
Larry Lawler from Unicom Global presented on their experience using CICS TS v5.1. Their system includes a z114 mainframe with 1 IFL processor and 1 zIIP processor, running z/OS 1.13 as a z/VM guest with 1.5GB memory. They run 15+ CICS regions at once supporting releases from TS 3.1 to 5.1. Key points from the presentation include: CICS TS 5.1 provides 64-bit addressing support for assembler programs; control blocks like the CPE, APE, and CSECT lists are now stored in 64-bit addressable storage; and areas like the TCA and AICB saw changes in v
What has to be paid attention when reviewing code of the library you developAndrey Karpov
Developers of libraries have to be more diligent than «classic» application programmers. Why? You never know where and when the library will be used: Platforms; Compilers; Optimizations; Usage scenarios.
Whats new in Cloudstack 4.11 - behind the headlinesShapeBlue
ShapeBlue is a company that specializes in deploying the Apache CloudStack cloud infrastructure software. The document discusses ShapeBlue and its VP of Technology, Paul Angus. It provides details on Paul's experience and areas of expertise, which include being a global authority on CloudStack and cloud infrastructure design. It also lists some of ShapeBlue's customers, which include large companies like Autodesk, SAP, and British Telecom.
Devoxx France 2018 : Mes Applications en Production sur KubernetesMichaël Morello
Retour d'expérience sur la mise en production d'applications ( Java mais pas seulement ) sur Kubernetes à Devoxx France 2018
La vidéo avec la démo est disponible en ligne ici : https://www.youtube.com/watch?v=cqqLeS9mUyU
The document outlines Oracle's announcement of enhancements to the SPARC Enterprise M-Series servers, including a new SPARC64 VII+ processor upgrade that will provide a 10-30% performance improvement over prior generations. The SPARC64 VII+ will be available starting in December 2011 for the M4000-M9000 servers and allows customers to preserve their investment in existing M-Series frames through another system upgrade.
Denker - Pharo: Present and Future - 2009-07-14CHOOSE
Pharo is an open-source Smalltalk platform for professional use based on Squeak Smalltalk. It provides a flexible environment to support research into new language concepts. Over the past year, 377 updates were made to address 699 bug reports. Future plans include improvements to the compiler, slots system, and just-in-time (JIT) compilation and adaptive optimization (AOStA) techniques. The community is working on these and other enhancements to further enable evolution and experimentation.
Pharo is an open-source Smalltalk platform for professional use based on Squeak Smalltalk. It provides a flexible environment for language research and development. The document discusses Pharo's history, upcoming releases, examples of new compiler and slot implementations, and plans for just-in-time compilation and adaptive optimization using runtime information. It encourages readers to join the Pharo community to help improve tools, implement modules, reflection, and more.
So, you have developed your application, and have built containers for each of its components, now you need to deploy them in a container orchestration platform. You have heard about Kubernetes, but have yet to take the plunge and learn how to use it effectively. Say no more fam.
In this talk I will start by describing the Kubernetes resources, how they map to usual application components, and best practices on Kubernetes deployments.
Building clouds with apache cloudstack apache roadshow 2018ShapeBlue
Talk given at Apache Roadshow, FOSS Backstage, Berlin, June 2018
Apache CloudStack is open source software designed to deploy and manage large networks of virtual machines, as a highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform. This talk will give an introduction to the technology, its history and its architecture. It will look common use-cases (and some real production deployments) that are seen across both public and private cloud infrastructures and where CloudStack can be completed by other open source technologies.
The talk will also compare and contrast Apache Cloudstack with other IaaS platforms and why he thinks that the technology, combined with the Apache governance model will see CloudStack become the de-facto open source cloud platform. He will run a live demo of the software and talk about ways that people can get involved in the Apache CloudStack project.
Infrastructure as Code on Azure - Show your Bicep! v0.2 - .NetConf 2020 by Do...Marco Obinu
Slides of the presentation about Infrastructure as Code on Azure, ARM Templates, and Project Bicep I presented @ .Net Conf 2020 by DotNetToscana.
Video: https://youtu.be/IcDP2GQvs7w
Demo: https://github.com/OmegaMadLab/StartingWithProjectBicep
DEF CON 27 - XILING GONG PETER PI - exploiting qualcom wlan and modem over th...Felipe Prado
This document discusses exploiting Qualcomm WLAN and modem chips over-the-air. It begins with introductions to the researchers and Tencent Blade Team. It then outlines the agenda and provides background on Qualcomm chips, including the WLAN firmware, modem firmware loading process, and attack surfaces. It details a vulnerability in the WLAN firmware that allows overwriting memory and escalating privileges to the modem and kernel. It demonstrates exploiting this vulnerability over-the-air to achieve remote code execution on Android devices. The document concludes with discussions on stability of exploitation and delivering payloads across different devices.
Similar to Introduction to Return-Oriented Exploitation on ARM64 - Billy Ellis (20)
This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
• For a full set of 530+ questions. Go to
https://skillcertpro.com/product/servicenow-cis-itsm-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
This presentation by Katharine Kemp, Associate Professor at the Faculty of Law & Justice at UNSW Sydney, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
1.) Introduction
Our Movement is not new; it is the same as it was for Freedom, Justice, and Equality since we were labeled as slaves. However, this movement at its core must entail economics.
2.) Historical Context
This is the same movement because none of the previous movements, such as boycotts, were ever completed. For some, maybe, but for the most part, it’s just a place to keep your stable until you’re ready to assimilate them into your system. The rest of the crabs are left in the world’s worst parts, begging for scraps.
3.) Economic Empowerment
Our Movement aims to show that it is indeed possible for the less fortunate to establish their economic system. Everyone else – Caucasian, Asian, Mexican, Israeli, Jews, etc. – has their systems, and they all set up and usurp money from the less fortunate. So, the less fortunate buy from every one of them, yet none of them buy from the less fortunate. Moreover, the less fortunate really don’t have anything to sell.
4.) Collaboration with Organizations
Our Movement will demonstrate how organizations such as the National Association for the Advancement of Colored People, National Urban League, Black Lives Matter, and others can assist in creating a much more indestructible Black Wall Street.
5.) Vision for the Future
Our Movement will not settle for less than those who came before us and stopped before the rights were equal. The economy, jobs, healthcare, education, housing, incarceration – everything is unfair, and what isn’t is rigged for the less fortunate to fail, as evidenced in society.
6.) Call to Action
Our movement has started and implemented everything needed for the advancement of the economic system. There are positions for only those who understand the importance of this movement, as failure to address it will continue the degradation of the people deemed less fortunate.
No, this isn’t Noah’s Ark, nor am I a Prophet. I’m just a man who wrote a couple of books, created a magnificent website: http://www.thearkproject.llc, and who truly hopes to try and initiate a truly sustainable economic system for deprived people. We may not all have the same beliefs, but if our methods are tried, tested, and proven, we can come together and help others. My website: http://www.thearkproject.llc is very informative and considerably controversial. Please check it out, and if you are afraid, leave immediately; it’s no place for cowards. The last Prophet said: “Whoever among you sees an evil action, then let him change it with his hand [by taking action]; if he cannot, then with his tongue [by speaking out]; and if he cannot, then, with his heart – and that is the weakest of faith.” [Sahih Muslim] If we all, or even some of us, did this, there would be significant change. We are able to witness it on small and grand scales, for example, from climate control to business partnerships. I encourage, invite, and challenge you all to support me by visiting my website.
This presentation by OECD, OECD Secretariat, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems.
Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa
Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfBen Linders
Psychological safety in teams is important; team members must feel safe and able to communicate and collaborate effectively to deliver value. It’s also necessary to build long-lasting teams since things will happen and relationships will be strained.
But, how safe is a team? How can we determine if there are any factors that make the team unsafe or have an impact on the team’s culture?
In this mini-workshop, we’ll play games for psychological safety and team culture utilizing a deck of coaching cards, The Psychological Safety Cards. We will learn how to use gamification to gain a better understanding of what’s going on in teams. Individuals share what they have learned from working in teams, what has impacted the team’s safety and culture, and what has led to positive change.
Different game formats will be played in groups in parallel. Examples are an ice-breaker to get people talking about psychological safety, a constellation where people take positions about aspects of psychological safety in their team or organization, and collaborative card games where people work together to create an environment that fosters psychological safety.
Gamify it until you make it Improving Agile Development and Operations with ...Ben Linders
So many challenges, so little time. While we’re busy developing software and keeping it operational, we also need to sharpen the saw, but how? Gamification can be a way to look at how you’re doing and find out where to improve. It’s a great way to have everyone involved and get the best out of people.
In this presentation, Ben Linders will show how playing games with the DevOps coaching cards can help to explore your current development and deployment (DevOps) practices and decide as a team what to improve or experiment with.
The games that we play are based on an engagement model. Instead of imposing change, the games enable people to pull in ideas for change and apply those in a way that best suits their collective needs.
By playing games, you can learn from each other. Teams can use games, exercises, and coaching cards to discuss values, principles, and practices, and share their experiences and learnings.
Different game formats can be used to share experiences on DevOps principles and practices and explore how they can be applied effectively. This presentation provides an overview of playing formats and will inspire you to come up with your own formats.
This presentation by Tim Capel, Director of the UK Information Commissioner’s Office Legal Service, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
2. whoami
•Billy Ellis
•17 year old from UK
•App development & programming for 5 years
•Interested in security & exploitation for 2 years
@bellis1000 BSidesMCR 2018
3. • Created various ‘exploit exercise’
binaries for ARM/ARM64
• Author of ‘Beginner’s Guide to
Exploitation on ARM’
• Run a YouTube channel teaching
various exploit development &
iOS jailbreaking videos
My work
@bellis1000 BSidesMCR 2018
4. • Introduce ‘return-oriented’ exploitation techniques (for
those who are unfamiliar)
• Cover fundamentals of ARM/ARM64
• Demo a ROP exploit on ARM64
Focus of my talk
@bellis1000 BSidesMCR 2018
6. • Almost all smartphones & tablets run on ARM-based chips
• Some laptops now also use ARM
• Embedded systems / co-processors (TouchBar) too
Why target ARM?
@bellis1000 BSidesMCR 2018
7. • Mobile devices have become much more popular in the
last decade
• Makes ARM a worth while target for attackers
Why target ARM?
@bellis1000 BSidesMCR 2018
27. • Return Oriented Programming
• Modern exploit technique
• Code re-use attack
• Originally used as alternative to shellcode
What is ROP?
@bellis1000 BSidesMCR 2018
28. • Old fashioned method of writing a payload
• Involves writing byte-representation of instructions to
memory
• Jump to that memory to execute the payload
What is shellcode?
@bellis1000 BSidesMCR 2018
32. • Uses legitimate instructions out of context
• Chains together several ‘gadgets’ to achieve desired
outcome
• NX / DEP no longer matters
How does it work?
@bellis1000 BSidesMCR 2018
33. • Short sequences of instructions ending with a ‘RET’
• The ‘RET’ is required in order to chain gadgets
• Gadgets are found within __TEXT segment
• Usually found at the end of a function
Gadgets
@bellis1000 BSidesMCR 2018
40. Gadget chaining
@bellis1000
• Gadgets can be chained using their ‘RET’ instructions
• Place gadget addresses in order on stack
• Each ‘RET’ will jump to the next address on the stack
BSidesMCR 2018
47. Finding gadgets
@bellis1000
• Search binary for ‘RET’ instructions
• Search backwards from the ‘RET’ to find useful
instructions
• Many great tools do this automatically for multiple
architectures
BSidesMCR 2018
51. What’s the problem?
@bellis1000
• All vulnerabilities are different
• Some may limit the amount of gadgets that can be executed
• Some may only allow a single gadget worth of arbitrary
code execution
• e.g. non-stack-based function pointer overwrite
BSidesMCR 2018
53. What is Stack Pivoting?
@bellis1000
• Creating a fake stack
• Control SP value to point to new location
• Populate this memory with ROP chain
• Redirect code execution to first gadget in the chain
BSidesMCR 2018
57. In reality…
@bellis1000
• It’s just an abstraction
• The stack does not exist as we imagine it
• It is just an area of memory like any other
BSidesMCR 2018
100. @bellis1000
Too easy!
• The point is to show a ROP example
• This is not a real-life exploit
• We’ll assume we must call secret() from its entry point
BSidesMCR 2018
102. What do we know?
@bellis1000
• We can control R15/PC by overwriting pointer
• We can execute a single gadget
• We need a stack pivot!
BSidesMCR 2018