Slides from an Ignite Talk given at O'Reilly Security NYC, 2016-10-31. Talk details will be posted at https://www.netmeister.org/blog/crazy-like-a-fox.html
Primum non nocere - Ethical Obligations in Internet OperationsJan Schaumann
The document discusses ethical obligations in internet operations and data stewardship. It notes that companies are stewards of users' data and are obligated to act in the public interest. Various codes of ethics from different organizations emphasize prioritizing public safety, health and welfare.
Semper Ubi Sub Ubi - Things They Don't Teach You In SchoolJan Schaumann
'Always wear underwear' and other practical advice for Computer Science students.
A transcript of the talk is available at www.netmeister.org/blog/semper-ubi-sub-ubi.html
A Choose Your Own Adventure for Devs, Ops, and other Humans
Given at ConFoo Vancouver 2016.
Write-up will be posted at https://www.netmeister.org/blog/opsec101.html
The document discusses Content Security Policy (CSP), which defines a whitelist of approved resources that a web page can load such as scripts, stylesheets, fonts, and frames. It provides an example CSP policy from Facebook and discusses how CSP adds an additional layer of security but is not a complete security solution on its own. It also addresses common questions around when and how to implement CSP on a website.
Are Today's Good Practices… Tomorrow's Performance Anti-PatternsAndy Davies
The document discusses how current web performance optimization practices may become obsolete or anti-patterns with new web technologies like HTTP/2 and SPDY. It summarizes results of tests comparing HTTP/1.1 to SPDY, finding that SPDY is faster with minimal optimizations. The document also examines how practices like sharding assets and inline JavaScript may not work as expected or introduce new issues with these protocols. It recommends starting to experiment now with tools like mod_pagespeed and mod_spdy to understand the effects of new technologies on performance best practices.
Primum non nocere - Ethical Obligations in Internet OperationsJan Schaumann
The document discusses ethical obligations in internet operations and data stewardship. It notes that companies are stewards of users' data and are obligated to act in the public interest. Various codes of ethics from different organizations emphasize prioritizing public safety, health and welfare.
Semper Ubi Sub Ubi - Things They Don't Teach You In SchoolJan Schaumann
'Always wear underwear' and other practical advice for Computer Science students.
A transcript of the talk is available at www.netmeister.org/blog/semper-ubi-sub-ubi.html
A Choose Your Own Adventure for Devs, Ops, and other Humans
Given at ConFoo Vancouver 2016.
Write-up will be posted at https://www.netmeister.org/blog/opsec101.html
The document discusses Content Security Policy (CSP), which defines a whitelist of approved resources that a web page can load such as scripts, stylesheets, fonts, and frames. It provides an example CSP policy from Facebook and discusses how CSP adds an additional layer of security but is not a complete security solution on its own. It also addresses common questions around when and how to implement CSP on a website.
Are Today's Good Practices… Tomorrow's Performance Anti-PatternsAndy Davies
The document discusses how current web performance optimization practices may become obsolete or anti-patterns with new web technologies like HTTP/2 and SPDY. It summarizes results of tests comparing HTTP/1.1 to SPDY, finding that SPDY is faster with minimal optimizations. The document also examines how practices like sharding assets and inline JavaScript may not work as expected or introduce new issues with these protocols. It recommends starting to experiment now with tools like mod_pagespeed and mod_spdy to understand the effects of new technologies on performance best practices.
This document discusses techniques for internal penetration testing. It begins by explaining why internal pen tests are more interesting than external or web app tests due to the ability to gain shells on internal systems. It then provides tips for easy exploits such as exploiting weak passwords, lack of patching, and improper access controls to gain initial access. Further tips include using tools like Responder to capture credentials, using a USB rubber ducky to quickly gain access when a user is logged in, and techniques for safely dumping passwords without antivirus detection. The document concludes by discussing how to escalate privileges to domain admin, loot sensitive data from file shares and databases, and scripts to automate post-exploitation tasks. Mitigations are briefly discussed as well as tips
Keynote: JP Schmetz - How i learned to stop worrying and love CloudOps Summit
Jean-Paul Schmetz, HackFwD - How I learned to stop worrying and love the Cloud
---
Please contact us for a downloadable copy of the slides at CloudOps.Summit@googlemail.com .
Follow us on Twitter @CloudOps_Summit and
Facebook http://www.facebook.com/CloudOps
Java Tools and Techniques for Solving Tricky ProblemWill Iverson
Most Java software problems come from the little “broken windows” – a null pointer here or there. Sometimes, however, you find yourself in a nasty section of town, with the heap, stack, and permgen brutally fighting for memory. Threads in nasty knife fights over resources. Sometimes just plain freaky things – how did I wind up with 1.5GB of HashSet allocations?
In this edition of CSI: Seattle Java Edition, we’ll look at the tools available to combat these nasty foes and even see some of them in action – we will blow up a lot of application servers and JVMs in the process, with graphic results.
Slides from our talk on ZeroNights 2018 about scaning Internet for the SD-WAN solutions. It answers how many SD-WAN nodes are in the Internet and how can you find it and not to lost yourself.
The goal of this talk is to provide the results of passive and active fingerprinting for SD-WAN systems using a common threat intelligence approach. We explore Internet-based and cloud-based publicly available SD-WAN systems using the well-known «Shodan» and «Censys» search engines and custom developed automation tools and show that most of the SD-WAN systems have known vulnerabilities related to outdated software and insecure configuration.
Anton Nikolaev, Denis Kolegov, Oleg Broslavsky
The document discusses best practices for password security, including using unique, long passwords for each account; avoiding reusing passwords; storing password hashes instead of plaintext passwords; using HTTPS for login and sensitive pages; and considering two-factor authentication. It recommends passwords be at least 12 characters with a mix of uppercase, lowercase, numbers and symbols; not changing passwords regularly; and using a password manager to generate secure, unique passwords for each site.
Web 3, Week 1: Amazon Web Services for Beginnersjkosoy
In the first week of our 2012 MFADT Web 3 class the students went from GoDaddy to running their own lil web server. Is it perfect? No. Are they experts? Of course not. But at least they have a sandbox to install whatever server stack they want.
I figure there sharing this will be helpful to others. If you've never heard of AWS or just want a little more control over your web hosting beyond what the GoDaddys of the world offer, this tutorial should be a great starting point.
LXC containers allow running isolated Linux systems within a single Linux host using kernel namespaces and cgroups. Namespaces partition kernel resources like processes, networking, users and filesystems to isolate containers. Cgroups limit and account for resource usage like CPU and memory. AUFS provides a union filesystem that allows containers to use a read-only root filesystem image while also having read-write layers for changes. Together these technologies provide lightweight virtualization that is faster and more resource efficient than virtual machines.
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHackito Ergo Sum
This document summarizes an approach to auditing the Adobe Shockwave file format and verifying vulnerabilities. It describes how the authors:
1) Encountered difficulties reversing the Shockwave memory manager using traditional debugging tools.
2) Developed a technique using dynamic binary instrumentation to hook the Shockwave file read function and search read buffers for fuzzed file data.
3) Further refined their approach by directly hooking the file read function in MSVCR71.dll, allowing the technique to be reused for other projects.
The document provides an overview of changes made to the Linux kernel's random number generator (RNG) code. Key points include:
- The old RNG code dating back to 1994 was complex and used outdated approaches like linear feedback shift registers (LFSRs).
- The new code uses the BLAKE2 cryptographic hash function for entropy collection and extraction. ChaCha20 is used for entropy expansion.
- Various entropy sources like interrupts, disk activity, and RDSEED/RDRAND are mixed into the entropy pool.
- Entropy estimation heuristics are used to determine when sufficient entropy is accumulated before the RNG outputs random values.
Steelcon 2015 - 0wning the internet of trashinfodox
My presentation slides from Steelcon 2015 on "Owning the Internet of Trash", a presentation on exploitation of endemic vulnerabilities in the so called "internet of things", with a focus on finding vulnerabilities in, exploiting, and gaining persistent access to, routers and other such embedded devices.
This talk was recorded, a video will be linked soonish, and went over some basics of analysing firmware, hardware, and suchlike to find bugs in things and hack the planet!
The document discusses conducting timing attacks against the Internet of Things. It begins with an overview of timing attacks and how they work by exploiting small differences in processing times. String comparison timing attacks are highlighted, where the processing time of comparing strings character-by-character can reveal information. Statistical analysis of precise timing data collected from a network can be used to infer secrets like passwords over many trials. The talk demonstrates a proof-of-concept timing attack against a Philips Hue light system to recover an API access token one character at a time. Specialized hardware and careful experimental setup is required to achieve the necessary nanosecond-level timing precision.
An idea for a log and backup policy that reduces the possibility of and potential damage from insider threats. Presented at Information Warfare Summit 2013.
Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin
This document discusses identifying and exploiting vulnerabilities in consumer routers. It provides examples of analyzing firmware from various router models, including the (--E)-LINK DIR-120 and DIR-300, to gain unauthorized access. Methods discussed include reverse engineering firmware, exploiting services like telnet that are exposed without authentication, and modifying the read-only filesystem. The document also talks about using these compromised routers as bots for botnets performing activities like DDoS attacks, cryptocurrency mining, and spam/phishing campaigns. It provides examples of real botnets like Psyb0t that have exploited routers.
This was a presentation I gave back in 2000 on Linux Security. Even though some of it is definitely dated there's still some relevant stuff in it since security is mainly common sense stuff.
What we Learned Implementing Puppet at BackstopPuppet
"What We Learned Implementing Puppet at Backstop" by Bill Weiss at Puppet Camp Chicago 2013. Learn about upcoming Puppet Camps at http://puppetlabs.com/community/puppet-camp/
The document provides an overview of a talk given by Stephen Wallace on using Puppet for system administrators. The talk introduces Puppet as a tool to help system administrators achieve goals like availability, scalability, predictability and reducing workload. It addresses common concerns that system administrators have with Puppet, such as the need to learn programming. The talk demonstrates how Puppet can be used in a simple way and provides references for further learning.
The Razors Edge - Cutting your TLS BaggageJan Schaumann
A talk on effecting change across a large organization, given at O'Reilly Security 2017.
Write-up will be posted at https://www.netmeister.org/blog/razors-edge.html
This document discusses techniques for internal penetration testing. It begins by explaining why internal pen tests are more interesting than external or web app tests due to the ability to gain shells on internal systems. It then provides tips for easy exploits such as exploiting weak passwords, lack of patching, and improper access controls to gain initial access. Further tips include using tools like Responder to capture credentials, using a USB rubber ducky to quickly gain access when a user is logged in, and techniques for safely dumping passwords without antivirus detection. The document concludes by discussing how to escalate privileges to domain admin, loot sensitive data from file shares and databases, and scripts to automate post-exploitation tasks. Mitigations are briefly discussed as well as tips
Keynote: JP Schmetz - How i learned to stop worrying and love CloudOps Summit
Jean-Paul Schmetz, HackFwD - How I learned to stop worrying and love the Cloud
---
Please contact us for a downloadable copy of the slides at CloudOps.Summit@googlemail.com .
Follow us on Twitter @CloudOps_Summit and
Facebook http://www.facebook.com/CloudOps
Java Tools and Techniques for Solving Tricky ProblemWill Iverson
Most Java software problems come from the little “broken windows” – a null pointer here or there. Sometimes, however, you find yourself in a nasty section of town, with the heap, stack, and permgen brutally fighting for memory. Threads in nasty knife fights over resources. Sometimes just plain freaky things – how did I wind up with 1.5GB of HashSet allocations?
In this edition of CSI: Seattle Java Edition, we’ll look at the tools available to combat these nasty foes and even see some of them in action – we will blow up a lot of application servers and JVMs in the process, with graphic results.
Slides from our talk on ZeroNights 2018 about scaning Internet for the SD-WAN solutions. It answers how many SD-WAN nodes are in the Internet and how can you find it and not to lost yourself.
The goal of this talk is to provide the results of passive and active fingerprinting for SD-WAN systems using a common threat intelligence approach. We explore Internet-based and cloud-based publicly available SD-WAN systems using the well-known «Shodan» and «Censys» search engines and custom developed automation tools and show that most of the SD-WAN systems have known vulnerabilities related to outdated software and insecure configuration.
Anton Nikolaev, Denis Kolegov, Oleg Broslavsky
The document discusses best practices for password security, including using unique, long passwords for each account; avoiding reusing passwords; storing password hashes instead of plaintext passwords; using HTTPS for login and sensitive pages; and considering two-factor authentication. It recommends passwords be at least 12 characters with a mix of uppercase, lowercase, numbers and symbols; not changing passwords regularly; and using a password manager to generate secure, unique passwords for each site.
Web 3, Week 1: Amazon Web Services for Beginnersjkosoy
In the first week of our 2012 MFADT Web 3 class the students went from GoDaddy to running their own lil web server. Is it perfect? No. Are they experts? Of course not. But at least they have a sandbox to install whatever server stack they want.
I figure there sharing this will be helpful to others. If you've never heard of AWS or just want a little more control over your web hosting beyond what the GoDaddys of the world offer, this tutorial should be a great starting point.
LXC containers allow running isolated Linux systems within a single Linux host using kernel namespaces and cgroups. Namespaces partition kernel resources like processes, networking, users and filesystems to isolate containers. Cgroups limit and account for resource usage like CPU and memory. AUFS provides a union filesystem that allows containers to use a read-only root filesystem image while also having read-write layers for changes. Together these technologies provide lightweight virtualization that is faster and more resource efficient than virtual machines.
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHackito Ergo Sum
This document summarizes an approach to auditing the Adobe Shockwave file format and verifying vulnerabilities. It describes how the authors:
1) Encountered difficulties reversing the Shockwave memory manager using traditional debugging tools.
2) Developed a technique using dynamic binary instrumentation to hook the Shockwave file read function and search read buffers for fuzzed file data.
3) Further refined their approach by directly hooking the file read function in MSVCR71.dll, allowing the technique to be reused for other projects.
The document provides an overview of changes made to the Linux kernel's random number generator (RNG) code. Key points include:
- The old RNG code dating back to 1994 was complex and used outdated approaches like linear feedback shift registers (LFSRs).
- The new code uses the BLAKE2 cryptographic hash function for entropy collection and extraction. ChaCha20 is used for entropy expansion.
- Various entropy sources like interrupts, disk activity, and RDSEED/RDRAND are mixed into the entropy pool.
- Entropy estimation heuristics are used to determine when sufficient entropy is accumulated before the RNG outputs random values.
Steelcon 2015 - 0wning the internet of trashinfodox
My presentation slides from Steelcon 2015 on "Owning the Internet of Trash", a presentation on exploitation of endemic vulnerabilities in the so called "internet of things", with a focus on finding vulnerabilities in, exploiting, and gaining persistent access to, routers and other such embedded devices.
This talk was recorded, a video will be linked soonish, and went over some basics of analysing firmware, hardware, and suchlike to find bugs in things and hack the planet!
The document discusses conducting timing attacks against the Internet of Things. It begins with an overview of timing attacks and how they work by exploiting small differences in processing times. String comparison timing attacks are highlighted, where the processing time of comparing strings character-by-character can reveal information. Statistical analysis of precise timing data collected from a network can be used to infer secrets like passwords over many trials. The talk demonstrates a proof-of-concept timing attack against a Philips Hue light system to recover an API access token one character at a time. Specialized hardware and careful experimental setup is required to achieve the necessary nanosecond-level timing precision.
An idea for a log and backup policy that reduces the possibility of and potential damage from insider threats. Presented at Information Warfare Summit 2013.
Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin
This document discusses identifying and exploiting vulnerabilities in consumer routers. It provides examples of analyzing firmware from various router models, including the (--E)-LINK DIR-120 and DIR-300, to gain unauthorized access. Methods discussed include reverse engineering firmware, exploiting services like telnet that are exposed without authentication, and modifying the read-only filesystem. The document also talks about using these compromised routers as bots for botnets performing activities like DDoS attacks, cryptocurrency mining, and spam/phishing campaigns. It provides examples of real botnets like Psyb0t that have exploited routers.
This was a presentation I gave back in 2000 on Linux Security. Even though some of it is definitely dated there's still some relevant stuff in it since security is mainly common sense stuff.
What we Learned Implementing Puppet at BackstopPuppet
"What We Learned Implementing Puppet at Backstop" by Bill Weiss at Puppet Camp Chicago 2013. Learn about upcoming Puppet Camps at http://puppetlabs.com/community/puppet-camp/
The document provides an overview of a talk given by Stephen Wallace on using Puppet for system administrators. The talk introduces Puppet as a tool to help system administrators achieve goals like availability, scalability, predictability and reducing workload. It addresses common concerns that system administrators have with Puppet, such as the need to learn programming. The talk demonstrates how Puppet can be used in a simple way and provides references for further learning.
Similar to Crazy Like A Fox - #Infosec Ideas That Just Might Work (20)
The Razors Edge - Cutting your TLS BaggageJan Schaumann
A talk on effecting change across a large organization, given at O'Reilly Security 2017.
Write-up will be posted at https://www.netmeister.org/blog/razors-edge.html
Safely Drinking from the Data WaterhoseJan Schaumann
An ingite talk given at DataGotham 2012 about how we extract security related events and alerts from our logs. I repeated the same talk at DevOpsDays NYC 2013.
The document discusses PGP (Pretty Good Privacy) and how it can be used to securely communicate and store secrets. It explains that PGP uses public-key cryptography to provide confidentiality, integrity, and authenticity. It also discusses how to generate a PGP key pair, and the importance of revoking keys if they are compromised or the user no longer needs them.
A talk on how system engineers and administrators, the people who maintain the infrastructure of the internet and who write a lot of code without (usually) having any training in software engineering practices, can improve their tools. Originally given at NYCBug in June 2009.
The document discusses useless uses of common Unix/Linux utilities like cat, grep, and *. It provides examples of cases where these utilities are used redundantly or ineffectively, and suggests better alternatives without the unnecessary steps. Specifically, it explains how cat is often redundant when feeding files into other commands directly, how grep can be replaced by simpler tools like awk and sed in many cases, and how using * wildcards without good reason leads to inefficient scripts. The overall message is to simplify commands and remove unnecessary processing to write clearer and more efficient shell scripts.
A presentation on how changes in Daylight Saving Time were handled at Yahoo!. Originally given at BayLISA in May 2007. Slides are available here:
netmeister.org/misc/dst_yahoo.pdf
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.