This document provides a guide for setting up a class environment using virtual machines for training on Kaspersky Security for Virtualization 3.0 Light Agent. It describes setting up domain controllers, workstations, Hyper-V servers, and various virtual machines. Key steps include installing operating systems, configuring networking and domains, deploying virtual desktop infrastructure and Remote Desktop Services, and installing Kaspersky Security Center and Protection Servers. The goal is to replicate an ABC company network with all necessary infrastructure elements for demonstrations in the training labs.
Wtf is happening_inside_my_android_phone_publicJaime Blasco
The document discusses the architecture and analysis of Android malware called Red Bunny or ADRD. It was discovered in 2011 sending device information like IMEI and IMSI to command and control servers. The malware uses encryption, sets an HTTP proxy, and sends specially crafted headers. It decrypts responses and executes commands depending on the decrypted value.
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
On December 9th, researchers uncovered a zero-day critical vulnerability in the Apache Log4j library used by millions of Java applications. CVE-2021-44228 or “Log4Shell” is a RCE vulnerability that allows attackers to execute arbitrary code and potentially take full control over an infected system. The vulnerability has been ranked a 10/10 on the CVSSv3 severity scale.
While the Apache Foundation has already released a patch for this CVE, it can take weeks or months for vendors to update their software, and there are already widespread scans being conducted by malicious attackers to exploit Log4Shell.
What should companies or organizations do?
Join Marco Preuss, Head of Europe’s Global Research and Analysis (GReAT) team, Marc Rivero and Dan Demeter, Senior Security Researchers with GReAT, for an in-depth discussion on Log4Shell and a live Q&A session.
To see the full webinar, please visit: https://securelist.com/webinars/log4shell-vulnerability-how-to-stay-secure/?utm_source=Slideshare&utm_medium=partner&utm_campaign=gl_jespo_je0066&utm_content=link&utm_term=gl_Slideshare_organic_s966w1tou5a0snh
THOR is a lightweight and portable scanner for IOCs. It ships with a huge set of Yara signatures and other indicators of compromise in order to detect attacker activity on Windows systems.
Seminario ofrecido en el marco de las sesiones de formación de la OWASP Summit Portugal 2008 que tuvo lugar en Algarbe (Portugal). En esta conferencia se presentó como se realiza una auditoría de seguridad de aplicaciones y los pasos que deben desarrollarse siguiendo las directrices que definen las guías de la propia OWASP.
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
This document discusses Opera Software's process for preventing secrets and sensitive information from being committed to code repositories. It describes the problem of secrets in codebases, various tools for identifying and managing secrets like HashiCorp Vault and detect-secrets, and Opera's implementation which uses Vault for secret storage and detect-secrets for identifying secrets in code. The process involves creating a secrets baseline, enabling detect-secrets hooks to prevent pushes with new secrets, auditing the codebase history, and updating the baseline over time.
The OWASP top 10 is a list of the most prolific security issues facing web developers today. In this talk, Robert, will take you through all 10 and demonstrate the problems (we will hack for real… in a safe way) and talk about the solutions. This is an introductory talk, so no prior experience is needed in web dev or security. Not doing web dev? Many of these apply to all development! So join in for a lively session of demos, learning and fun
Video of this talk: https://www.youtube.com/watch?v=p5YCHNnQNyg
Threat actors are increasing their use of fleless
malware for one simple reason: most organizations
aren't prepared to detect it. Education is the frst step in
determining what threat these new attacks pose and what
you can do to detect and stop fileless malware attacks. Learn more at: https://www.bluvector.io
Wtf is happening_inside_my_android_phone_publicJaime Blasco
The document discusses the architecture and analysis of Android malware called Red Bunny or ADRD. It was discovered in 2011 sending device information like IMEI and IMSI to command and control servers. The malware uses encryption, sets an HTTP proxy, and sends specially crafted headers. It decrypts responses and executes commands depending on the decrypted value.
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
On December 9th, researchers uncovered a zero-day critical vulnerability in the Apache Log4j library used by millions of Java applications. CVE-2021-44228 or “Log4Shell” is a RCE vulnerability that allows attackers to execute arbitrary code and potentially take full control over an infected system. The vulnerability has been ranked a 10/10 on the CVSSv3 severity scale.
While the Apache Foundation has already released a patch for this CVE, it can take weeks or months for vendors to update their software, and there are already widespread scans being conducted by malicious attackers to exploit Log4Shell.
What should companies or organizations do?
Join Marco Preuss, Head of Europe’s Global Research and Analysis (GReAT) team, Marc Rivero and Dan Demeter, Senior Security Researchers with GReAT, for an in-depth discussion on Log4Shell and a live Q&A session.
To see the full webinar, please visit: https://securelist.com/webinars/log4shell-vulnerability-how-to-stay-secure/?utm_source=Slideshare&utm_medium=partner&utm_campaign=gl_jespo_je0066&utm_content=link&utm_term=gl_Slideshare_organic_s966w1tou5a0snh
THOR is a lightweight and portable scanner for IOCs. It ships with a huge set of Yara signatures and other indicators of compromise in order to detect attacker activity on Windows systems.
Seminario ofrecido en el marco de las sesiones de formación de la OWASP Summit Portugal 2008 que tuvo lugar en Algarbe (Portugal). En esta conferencia se presentó como se realiza una auditoría de seguridad de aplicaciones y los pasos que deben desarrollarse siguiendo las directrices que definen las guías de la propia OWASP.
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
This document discusses Opera Software's process for preventing secrets and sensitive information from being committed to code repositories. It describes the problem of secrets in codebases, various tools for identifying and managing secrets like HashiCorp Vault and detect-secrets, and Opera's implementation which uses Vault for secret storage and detect-secrets for identifying secrets in code. The process involves creating a secrets baseline, enabling detect-secrets hooks to prevent pushes with new secrets, auditing the codebase history, and updating the baseline over time.
The OWASP top 10 is a list of the most prolific security issues facing web developers today. In this talk, Robert, will take you through all 10 and demonstrate the problems (we will hack for real… in a safe way) and talk about the solutions. This is an introductory talk, so no prior experience is needed in web dev or security. Not doing web dev? Many of these apply to all development! So join in for a lively session of demos, learning and fun
Video of this talk: https://www.youtube.com/watch?v=p5YCHNnQNyg
Threat actors are increasing their use of fleless
malware for one simple reason: most organizations
aren't prepared to detect it. Education is the frst step in
determining what threat these new attacks pose and what
you can do to detect and stop fileless malware attacks. Learn more at: https://www.bluvector.io
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
Bot herders deploy Command and Control (C&C) panels for commanding and collecting exfiltrated data from the infected hosts on the Internet. To protect C&C panels, bot herders deploy several built-in (software-centric) protection mechanisms to restrict direct access to these C&C panels. However, there exist fundamental mistakes in the design and deployment of these C&C panels that can be exploited to take complete control. This talk discusses about the methodology of launching reverse attacks on the centralized C&C panels to derive intelligence that can be used to build automated solutions. This research reveals how to detect vulnerabilities and configuration flaws in the remote C&C panels and exploit them by following the path of penetration testing. This talk is derived from the real time research in which several C&C panels were targeted and intelligence was gathered to attack the next set of C&C panels. A number of case studies will be discussed to elaborate step-by-step process of attacking and compromising C&C panels. This talk also demonstrates the use of automated tools authored for making the testing easier for the researchers.
DOWNLOAD from this link : http://secniche.org/blackhat-2014/
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
1) The document discusses several vulnerabilities in modern web applications including AngularJS template injection, server-side template injection in frameworks like Smarty and Twig, CSV injection, and Java object deserialization vulnerabilities.
2) It provides details on detecting and exploiting these vulnerabilities with examples of payloads and real-world cases that have been discovered.
3) The document includes demonstrations of exploiting template injection in Piwik and AngularJS, server-side template injection in Flask and Alfresco, and Java deserialization in applications like JBoss and Jenkins.
Abusing Glype Proxies - Attacks, Exploits and DefencesAditya K Sood
Proxies play a critical privacy role by allowing anonymous web surfing and identity cloaking. Glype is an open source PHP proxy that is commonly used and provides anonymity. However, Glype proxies also have weaknesses that can allow attackers to exploit them. Misconfigured Glype proxies can leak users' sensitive information through log files and cookies. Attackers can also use Glype proxies to distribute malware by modifying the proxy software and using plugins. Strong authentication, disabling logs, and removing vulnerabilities are recommended to prevent abuse of Glype proxies.
The document discusses security misconfiguration as the sixth most dangerous web application vulnerability according to the OWASP Top 10. It defines security misconfiguration as improper configuration settings that can enable attacks. The document outlines how attackers exploit default passwords and privileges, and provides examples of misconfigured systems. It recommends ways to prevent misconfiguration like changing defaults, deleting unnecessary accounts, and keeping systems updated. The document demonstrates how to detect hidden URLs and directory listings using Burp Suite and concludes that misconfiguration poses a high risk if not properly safeguarded against.
[OWASP Poland Day] A study of Electron securityOWASP
Electron is an open-source framework for building desktop applications using HTML, CSS and JavaScript. It has a large attack surface including outdated dependencies, insecure default configurations, and deviations from browser security models. The document outlines security issues in Electron's core framework, such as nodeIntegration bypasses allowing remote code execution, and weaknesses in "glorified" APIs. It provides a checklist for developing secure Electron apps and introduces Electronegativity, a tool to help with security testing.
[OWASP Poland Day] Web App Security ArchitecturesOWASP
The document discusses web application security architectures and their components. It provides an example of a practical web application security architecture that includes: network firewalls separating different zones, web applications and services located in a DMZ zone, a web application firewall, centralized user identities stored in Active Directory, single sign-on authentication, and identity federation components. It also discusses managed security services and a security operations center.
This document summarizes iOS security features and risks for mobile applications. It outlines the typical architecture of an iOS app, including protection features like ASLR, non-executable memory, ARC, code signing, and sandboxing. It also discusses tools for analyzing iOS apps and potential risks like insecure data storage, lack of transport layer protection, unintended data leakage, poor authentication, and lack of binary protections. The document demonstrates examples of using tools like Cycript, Clutch, and Class-dump to inspect apps and decrypt or dump classes from binaries.
The document discusses several advanced persistent threats (APTs) that have targeted systems in Korea and other countries, including the LuckyCat, Heartbeat, and Flashback malware campaigns. It provides details on the attacks, malware components, command and control infrastructure, and technical analysis of the threats. The document aims to help the digital forensics community in Korea understand these sophisticated cyber espionage activities and improve defenses against similar attacks.
The document discusses tracking vulnerable JAR (Java archive) files. It notes that many Java applications rely on large numbers of library dependencies, and over 26% of downloads from a popular repository contain known flaws. The author describes a solution used at Red Hat that involves generating a manifest of all JARs used in products, matching this against a database of known vulnerabilities, and enforcing checks for vulnerable files during the build process. This solution uses three components: a tool to generate JAR manifests, a shared vulnerabilities database, and a plugin to check for vulnerabilities during the maven build process.
This document describes Monnappa K A, a member of Cysinfo who works as an information security investigator at Cisco. It then provides information on malware analysis sandboxes and describes how Monnappa uses an automated analysis system written in Python to safely execute malware in a virtual machine, monitor its behavior, and generate reports including memory dumps and artifacts for further analysis. The system aims to determine a malware's purpose, interactions, and identifiable patterns through static, dynamic, and memory forensics techniques.
- The author discusses their journey doing source code reviews to find bugs in WordPress plugins and themes. They started with just two people manually reviewing code but then automated the process and expanded their team.
- Through their Phase 1 efforts analyzing over 250 plugins, they found over 250 issues. They are now focusing on authenticated vulnerabilities in Phase 2 like SQL injection, XSS, and CSRF.
- They have created some open source tools to help with the process and are seeking volunteers to help make open source software more secure by joining their Codevigilant platform.
Michelle K Webster: Malware - Cryptolocker Research FinalM.K. Webster
The document discusses systems disruption caused by malware like CryptoLocker ransomware. It describes how malware can infect systems through various means and then encrypt files using AES encryption. It also explains how the malware saves itself to the registry and creates encrypted file extensions. The document provides details on the files, registry keys and processes created by CryptoLocker and references tools that can help detect malware infections.
Beyond the mcse red teaming active directoryPriyanka Aash
This document summarizes Sean Metcalf's presentation on red teaming Active Directory. It discusses leveraging PowerShell for offensive security, techniques for effective AD reconnaissance, and bypassing AD security defenses. The presentation provides an overview of key AD components, demonstrates offensive PowerShell commands, and outlines methods for discovering sensitive user and group information within the AD environment. It also reviews AD security controls and common techniques attackers use to circumvent defenses like LAPS and network segmentation.
This presentation will demonstrate a complete end-to-end analysis of an Android bot. This will include the decompilation and static analysis of bot code and the dynamic analysis of the bot’s behavior in a controlled sandboxed environment. The session will provide details of the lab environment and tools used for the analysis.
(Source: RSA USA 2016-San Francisco)
Jagadeesh Parameswaran, Microsoft
Rahul Sachan, Microsoft
Windows Defender Advanced Threat Protection (WDATP) gives defenders unparalleled visibility into the enterprise. And Azure Advanced Threat Protection (AATP) gives the power to monitor attacks on the Domain Controllers and user identities. Come spend an hour with us as we pull back the covers and go through detailed examples of real attacks that we saw as we defended the Microsoft corporate environment using WDATP & AATP.
The Unexpected Attack Vector: Software UpdatersPriyanka Aash
Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.
Learning Objectives:
1: Learn about a new emerging attack vector (software supply chain and updaters).
2: Investigate findings from recent incidents involving software updates.
3: Rethink update distribution and mitigate the problem.
(Source: RSA Conference USA 2018)
The Offensive Security Certified Professional (OSCP) is one of the most technical and most challenging certifications for information security professionals.
For More information please contact us : https://www.infosectrain.com/
WebRTC is an open-source project that provides browsers and mobile applications with real-time communications capabilities via simple APIs. It allows for real-time audio/video calls, web conferencing, and direct data transfers between browsers. While WebRTC has encryption and permissions to protect users, security issues still exist, such as the potential for JavaScript injection, signaling server takeovers, and IP address leaks. The document outlines best practices for WebRTC security such as secure signaling, user authentication, clear permission requests, and fallback measures in case of compromise.
SANS @Night Talk: SQL Injection ExploitedMicah Hoffman
The document discusses SQL injection exploitation. It begins with an introduction of the presenter and an overview of topics to be covered, including what SQL injection is, what an attacker can do with it, tools to exploit it, safe places to practice, and how to prevent it. It then defines SQL injection as a web application vulnerability where an attacker can run database commands through a vulnerable web application. The document demonstrates SQL injection with an example and discusses how an attacker could read and write database records, bypass authentication, and compromise the server. It recommends tools for discovery and exploitation, suggests the Samurai Web Testing Framework as a safe target practice environment, and shows an exploitation demo. It concludes with recommendations for developers, administrators, and test
This document provides instructions for integrating FreeRadius with Novell eDirectory to enable wireless authentication. It describes installing and configuring Novell OES Linux, applying necessary patches, installing FreeRadius and the RADIUS plugin for iManager, extending the eDirectory schema, generating certificates, and configuring FreeRadius, eDirectory, and clients. The goal is to set up wireless authentication against an eDirectory user directory using FreeRadius as the RADIUS server.
SaltStack can be used to automate and orchestrate the provisioning of virtual machines on VMware ESXi 6.0. It implements the VMware APIs to allow defining VM profiles and templates that specify VM configurations, and then uses Salt commands to rapidly deploy new VMs from templates with customized configurations. Open-VM tools must be installed on templates to enable customizing VMs, such as setting the network configuration. Salt files define VM profiles and provider credentials, separating configuration from deployment logic for flexibility and reusability.
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
Bot herders deploy Command and Control (C&C) panels for commanding and collecting exfiltrated data from the infected hosts on the Internet. To protect C&C panels, bot herders deploy several built-in (software-centric) protection mechanisms to restrict direct access to these C&C panels. However, there exist fundamental mistakes in the design and deployment of these C&C panels that can be exploited to take complete control. This talk discusses about the methodology of launching reverse attacks on the centralized C&C panels to derive intelligence that can be used to build automated solutions. This research reveals how to detect vulnerabilities and configuration flaws in the remote C&C panels and exploit them by following the path of penetration testing. This talk is derived from the real time research in which several C&C panels were targeted and intelligence was gathered to attack the next set of C&C panels. A number of case studies will be discussed to elaborate step-by-step process of attacking and compromising C&C panels. This talk also demonstrates the use of automated tools authored for making the testing easier for the researchers.
DOWNLOAD from this link : http://secniche.org/blackhat-2014/
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
1) The document discusses several vulnerabilities in modern web applications including AngularJS template injection, server-side template injection in frameworks like Smarty and Twig, CSV injection, and Java object deserialization vulnerabilities.
2) It provides details on detecting and exploiting these vulnerabilities with examples of payloads and real-world cases that have been discovered.
3) The document includes demonstrations of exploiting template injection in Piwik and AngularJS, server-side template injection in Flask and Alfresco, and Java deserialization in applications like JBoss and Jenkins.
Abusing Glype Proxies - Attacks, Exploits and DefencesAditya K Sood
Proxies play a critical privacy role by allowing anonymous web surfing and identity cloaking. Glype is an open source PHP proxy that is commonly used and provides anonymity. However, Glype proxies also have weaknesses that can allow attackers to exploit them. Misconfigured Glype proxies can leak users' sensitive information through log files and cookies. Attackers can also use Glype proxies to distribute malware by modifying the proxy software and using plugins. Strong authentication, disabling logs, and removing vulnerabilities are recommended to prevent abuse of Glype proxies.
The document discusses security misconfiguration as the sixth most dangerous web application vulnerability according to the OWASP Top 10. It defines security misconfiguration as improper configuration settings that can enable attacks. The document outlines how attackers exploit default passwords and privileges, and provides examples of misconfigured systems. It recommends ways to prevent misconfiguration like changing defaults, deleting unnecessary accounts, and keeping systems updated. The document demonstrates how to detect hidden URLs and directory listings using Burp Suite and concludes that misconfiguration poses a high risk if not properly safeguarded against.
[OWASP Poland Day] A study of Electron securityOWASP
Electron is an open-source framework for building desktop applications using HTML, CSS and JavaScript. It has a large attack surface including outdated dependencies, insecure default configurations, and deviations from browser security models. The document outlines security issues in Electron's core framework, such as nodeIntegration bypasses allowing remote code execution, and weaknesses in "glorified" APIs. It provides a checklist for developing secure Electron apps and introduces Electronegativity, a tool to help with security testing.
[OWASP Poland Day] Web App Security ArchitecturesOWASP
The document discusses web application security architectures and their components. It provides an example of a practical web application security architecture that includes: network firewalls separating different zones, web applications and services located in a DMZ zone, a web application firewall, centralized user identities stored in Active Directory, single sign-on authentication, and identity federation components. It also discusses managed security services and a security operations center.
This document summarizes iOS security features and risks for mobile applications. It outlines the typical architecture of an iOS app, including protection features like ASLR, non-executable memory, ARC, code signing, and sandboxing. It also discusses tools for analyzing iOS apps and potential risks like insecure data storage, lack of transport layer protection, unintended data leakage, poor authentication, and lack of binary protections. The document demonstrates examples of using tools like Cycript, Clutch, and Class-dump to inspect apps and decrypt or dump classes from binaries.
The document discusses several advanced persistent threats (APTs) that have targeted systems in Korea and other countries, including the LuckyCat, Heartbeat, and Flashback malware campaigns. It provides details on the attacks, malware components, command and control infrastructure, and technical analysis of the threats. The document aims to help the digital forensics community in Korea understand these sophisticated cyber espionage activities and improve defenses against similar attacks.
The document discusses tracking vulnerable JAR (Java archive) files. It notes that many Java applications rely on large numbers of library dependencies, and over 26% of downloads from a popular repository contain known flaws. The author describes a solution used at Red Hat that involves generating a manifest of all JARs used in products, matching this against a database of known vulnerabilities, and enforcing checks for vulnerable files during the build process. This solution uses three components: a tool to generate JAR manifests, a shared vulnerabilities database, and a plugin to check for vulnerabilities during the maven build process.
This document describes Monnappa K A, a member of Cysinfo who works as an information security investigator at Cisco. It then provides information on malware analysis sandboxes and describes how Monnappa uses an automated analysis system written in Python to safely execute malware in a virtual machine, monitor its behavior, and generate reports including memory dumps and artifacts for further analysis. The system aims to determine a malware's purpose, interactions, and identifiable patterns through static, dynamic, and memory forensics techniques.
- The author discusses their journey doing source code reviews to find bugs in WordPress plugins and themes. They started with just two people manually reviewing code but then automated the process and expanded their team.
- Through their Phase 1 efforts analyzing over 250 plugins, they found over 250 issues. They are now focusing on authenticated vulnerabilities in Phase 2 like SQL injection, XSS, and CSRF.
- They have created some open source tools to help with the process and are seeking volunteers to help make open source software more secure by joining their Codevigilant platform.
Michelle K Webster: Malware - Cryptolocker Research FinalM.K. Webster
The document discusses systems disruption caused by malware like CryptoLocker ransomware. It describes how malware can infect systems through various means and then encrypt files using AES encryption. It also explains how the malware saves itself to the registry and creates encrypted file extensions. The document provides details on the files, registry keys and processes created by CryptoLocker and references tools that can help detect malware infections.
Beyond the mcse red teaming active directoryPriyanka Aash
This document summarizes Sean Metcalf's presentation on red teaming Active Directory. It discusses leveraging PowerShell for offensive security, techniques for effective AD reconnaissance, and bypassing AD security defenses. The presentation provides an overview of key AD components, demonstrates offensive PowerShell commands, and outlines methods for discovering sensitive user and group information within the AD environment. It also reviews AD security controls and common techniques attackers use to circumvent defenses like LAPS and network segmentation.
This presentation will demonstrate a complete end-to-end analysis of an Android bot. This will include the decompilation and static analysis of bot code and the dynamic analysis of the bot’s behavior in a controlled sandboxed environment. The session will provide details of the lab environment and tools used for the analysis.
(Source: RSA USA 2016-San Francisco)
Jagadeesh Parameswaran, Microsoft
Rahul Sachan, Microsoft
Windows Defender Advanced Threat Protection (WDATP) gives defenders unparalleled visibility into the enterprise. And Azure Advanced Threat Protection (AATP) gives the power to monitor attacks on the Domain Controllers and user identities. Come spend an hour with us as we pull back the covers and go through detailed examples of real attacks that we saw as we defended the Microsoft corporate environment using WDATP & AATP.
The Unexpected Attack Vector: Software UpdatersPriyanka Aash
Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.
Learning Objectives:
1: Learn about a new emerging attack vector (software supply chain and updaters).
2: Investigate findings from recent incidents involving software updates.
3: Rethink update distribution and mitigate the problem.
(Source: RSA Conference USA 2018)
The Offensive Security Certified Professional (OSCP) is one of the most technical and most challenging certifications for information security professionals.
For More information please contact us : https://www.infosectrain.com/
WebRTC is an open-source project that provides browsers and mobile applications with real-time communications capabilities via simple APIs. It allows for real-time audio/video calls, web conferencing, and direct data transfers between browsers. While WebRTC has encryption and permissions to protect users, security issues still exist, such as the potential for JavaScript injection, signaling server takeovers, and IP address leaks. The document outlines best practices for WebRTC security such as secure signaling, user authentication, clear permission requests, and fallback measures in case of compromise.
SANS @Night Talk: SQL Injection ExploitedMicah Hoffman
The document discusses SQL injection exploitation. It begins with an introduction of the presenter and an overview of topics to be covered, including what SQL injection is, what an attacker can do with it, tools to exploit it, safe places to practice, and how to prevent it. It then defines SQL injection as a web application vulnerability where an attacker can run database commands through a vulnerable web application. The document demonstrates SQL injection with an example and discusses how an attacker could read and write database records, bypass authentication, and compromise the server. It recommends tools for discovery and exploitation, suggests the Samurai Web Testing Framework as a safe target practice environment, and shows an exploitation demo. It concludes with recommendations for developers, administrators, and test
This document provides instructions for integrating FreeRadius with Novell eDirectory to enable wireless authentication. It describes installing and configuring Novell OES Linux, applying necessary patches, installing FreeRadius and the RADIUS plugin for iManager, extending the eDirectory schema, generating certificates, and configuring FreeRadius, eDirectory, and clients. The goal is to set up wireless authentication against an eDirectory user directory using FreeRadius as the RADIUS server.
SaltStack can be used to automate and orchestrate the provisioning of virtual machines on VMware ESXi 6.0. It implements the VMware APIs to allow defining VM profiles and templates that specify VM configurations, and then uses Salt commands to rapidly deploy new VMs from templates with customized configurations. Open-VM tools must be installed on templates to enable customizing VMs, such as setting the network configuration. Salt files define VM profiles and provider credentials, separating configuration from deployment logic for flexibility and reusability.
This presentation provides an overview of virtualization and demonstrates how to set up a virtual environment. It discusses the benefits of virtualization for development and testing. The demonstration shows how to install Windows Server 2003 and Windows XP in virtual machines, configure the virtual network and domain, and test applications across the virtual environment. Optimizing virtual machine resources and migrating physical servers to virtual machines are also covered.
This document provides a quick-start guide for installing and configuring Cloudtenna DirectShare, a file sharing and collaboration solution. It outlines the necessary pre-installation information, steps for deploying the DirectShare virtual appliance using VMware ESXi, and configuring the appliance through its GUI to integrate with Active Directory, set up file shares, and enable guest access and shared links. The guide is intended to help users get DirectShare set up and operational in their environment for secure external file sharing and collaboration.
Bare Metal to OpenStack with Razor and ChefMatt Ray
Razor is an open source provisioning tool that was originally developed by EMC and Puppet Labs. It can discover hardware, select images to deploy, and provision nodes using model-based provisioning. The demo showed setting up a Razor appliance, adding images, models, policies, and brokers. It then deployed an OpenStack all-in-one environment to a new VM using Razor and Chef. The OpenStack cookbook walkthrough explained the roles, environments, and cookbooks used to deploy and configure OpenStack components using Chef.
This document outlines deploying IBM Notes in VMware View and Microsoft RemoteApp environments. It discusses the benefits of each approach and provides an overview of the infrastructure required. It also provides guidance on installing Notes clients and tips for ensuring optimal performance on both platforms. VMware View allows full virtualized workstations on zero clients, while RemoteApp streams individual applications. The document aims to help administrators deliver the Notes client while reducing support overhead and infrastructure complexity.
- The document describes tasks to configure a network domain including Active Directory, DNS, DHCP, file shares, and websites. It involves setting up domain controllers, a certification authority, file servers, firewall, and virtualized web and application servers. The goal is to provide secure internal and external access to resources for users and clients on the intranet and internet.
This document describes how to set up a thin client deployment using PXE boot in a Microsoft-dominated network environment. Key steps include:
1. Configuring the DHCP server to provide PXE boot options and boot file information.
2. Preparing the RIS server by creating a PXE directory structure and boot images using the PXES tool.
3. Addressing bugs in PXES related to USB support, Samba password changes, and keyboard mappings to allow booting into a Linux environment and connecting to Windows terminal servers.
This is the document which explain the step by step procedure to upgrade PowerVC from 1.3.0.2 to 1.3.2.0. I've added useful information in the documents.
The document provides instructions for installing NetXMS server software on UNIX systems. It describes downloading and unpacking the NetXMS source code, running the configure script to specify installation options like the database driver and installation location, compiling the code using make, installing it on the system using make install, copying configuration files to the default or custom location, and creating a database and user for NetXMS to use. The instructions also cover upgrading an existing NetXMS server installation on UNIX.
The document provides setup instructions for deploying and configuring an Aruba Instant wireless network. It describes how to set up the initial access point which will run the virtual controller software. Additional access points will automatically inherit settings from the virtual controller. The instructions also cover creating basic employee and guest wireless networks with options for security, client IP assignment, and access controls. The process involves a simple four step configuration for each network's basic info, IP settings, security, and access rules.
Devops Day Amsterdam 2015
Arista vEOS lab in Ravello with Opscode Chef server.
Run the lab switches with chef-client and control them with cookbooks and API's
This document summarizes a workshop on network automation tools including Chef and Zero Touch Provisioning.
The agenda includes demonstrating ZTP to boot three bare metal switches, using Chef to orchestrate the baseline configuration of two switches and enforce configuration statements, creating a VXLAN tunnel between two leaf switches using Cisco's CVX, and starting an Opendaylight controller to configure Openflow on switches.
The workshop will require some Virtualbox experience and a notebook with at least 4GB RAM and 10GB storage. Software needed includes Virtualbox, Hypervisor, and virtualization solutions. Attendees should be DevOps engineers interested in the network side of DevOps.
The workshop will prepare VMs, demonstrate
Do you get too many visitors on the website, getting maximum hits on your site may crash your site, your site may get stuck or it may go through a downtime? How to avoid such instances?
This document provides guidance on how to configure VMware ESX hosts to pass a security audit. It discusses securing the ESX service console, virtual machines, networks, logging and alerts. Specific recommendations include enabling directory authentication, limiting root access, configuring firewalls and NTP, and replacing self-signed certificates with CA-signed ones. The document also warns of common security issues with virtualization like lack of intra-ESX networking controls and potential for collocating VMs that should be isolated.
This document provides instructions for a hands-on lab to install and configure DevStack, an OpenStack cloud software toolkit, on an Ubuntu virtual machine. The lab guide outlines 9 tasks to: 1) bring up an Ubuntu VM, 2) install DevStack from the stable Kilo branch, 3) access the DevStack Horizon dashboard, 4) configure a demo tenant network, 5) configure a demo tenant router, 6) create a demo tenant instance, 7) add access rules to ping and SSH to the instance, 8) add a floating IP for the instance, and 9) celebrate the successful completion of the lab. Setup instructions are provided for deploying the Ubuntu VM on VMware or VirtualBox virtualization software.
This document provides instructions for a hands-on lab to install and configure DevStack, an OpenStack cloud software stack, on an Ubuntu virtual machine. It outlines 9 tasks to: 1) bring up the Ubuntu VM; 2) install DevStack from the stable Kilo branch; 3) bring up the DevStack Horizon dashboard; 4) configure a demo tenant network; 5) configure a demo tenant router; 6) configure a demo tenant instance; 7) add access rules to allow pinging and SSHing to the instance; 8) add a floating IP for the instance; and 9) celebrate the successful completion of the lab. Setup instructions are provided for using either VMware or VirtualBox virtualization software.
Installing oracle grid infrastructure and database 12c r1Voeurng Sovann
This document provides instructions for installing Oracle Grid Infrastructure and Oracle Database 12c R1 on a standalone Linux server. It describes how to:
1. Configure the server with required packages, users, groups, and directories for the Oracle software.
2. Install Oracle Grid Infrastructure 12c R1 using the Oracle Universal Installer and configure an ASM disk group and instance.
3. Install Oracle Database 12c R1 software, and use DBCA to create a database called "asmdb" that uses the ASM disk groups for storage and is accessible by the listener called "LISTENER_ASM".
The document provides tips and techniques for optimizing performance of virtual machines when using various virtualization platforms like VMware Workstation, Microsoft Virtual Server, and ESX Server. It discusses best practices for configuring hardware, storage, networking and guest operating systems to maximize efficiency and minimize resource usage of virtual machines. General recommendations include adding RAM and CPUs, using solid state drives, installing VMware Tools/Virtual Machine Additions, and defragmenting disks.
Citrix xen desktop by Naeem ali saifi from Ricohctxnaeem
This document provides an overview of Citrix XenDesktop, including its history, products, editions, architecture, and installation/configuration. It describes how XenDesktop enables desktop virtualization and delivers complete Windows desktop experiences to any user from any device. Key components are discussed, such as XenDesktop, XenServer, and various editions. Requirements and supported operating systems/SQL servers are also outlined.
Similar to Kl 031.30 eng_class_setup_guide_1.2 (20)
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfTechgropse Pvt.Ltd.
In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.
Things to Consider When Choosing a Website Developer for your Website | FODUUFODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
2. 2 KASPERSKY LAB
KL 031.30. Kaspersky Security f or Virtualization 3.0. Light Agent
Class Setup Guide
Chapter 1. Description
1.1 Guide Description
This Guide helps to prepare a class for the "Kaspersky Security for Virtualization 3.0. Light Agent" training.
The guide describes the class setup in detail (virtual machines, their characteristics and interrelations) for trainers
who need to thoroughly understand the training environment.
For technicians who just prepare the class and do not want or need to understand the training environment, the guide
contains step-by-step instructions on how to configure physical and virtual computers.
Additionally, the guide explains the reasons why the described configuration was selected and how the instruction
can be changed depending on the available equipment.
1.2 Environment Description
All labs will be done on virtual machines. The guide presumes that VMWare Workstation is used.
An abstract ABC company is considered in the labs. Its computers belong to the abc.lab domain.
Computers
The following computers will be used in the labs:
— DC—domain controller and DNS server of the abc.lab domain. Is used in all labs as an infrastructure
element, meaning, must be running, but actions are not performed there.
— Client—a user’s workstation from which he or she connects to an RDS virtual machine. RemoteFX
demonstration requires the latest version of the RDP protocol that can be installed on Windows 7 SP1. We
will use Windows 8 in our labs, where everything works out of the box
— Hyper-V—the hypervisor where the virtual machines listed below are deployed; it also runs the roles
necessary for Remote Desktop Services
— Router—a virtual machine that connects the external network (VMware NAT) and virtual networks.
Also performs the roles of a DHCP server and DNS relay.
— Security-Center (or SC)—a computer whose main role is to be the Administration Server in the ABC
company. It belongs to the ABC domain and has a static IP address.
— Master—a template virtual machine for the Remote Desktop Services collection
— SVM-FO—a virtual machine, the Protection Server of Kaspersky Security for Virtualization. Will be
used for demonstrating how the Light Agent switches between the Protection Servers if one of them
malfunctions
3. 3
Domain
All computers belong to the ABC domain.
Users
The account of the domain administrator (ABCAdministrator) will be used on most of the computers.
The ABCAlex account will be used for accessing virtual machines belonging to the Remote Desktop Services pool.
The password is Ka5per5Ky for all users
Subnets
Two subnets are configured for virtual machines in ABC company: 10.28.1.0/24 and 10.28.2.0/24. The former is
designed for servers, the Administration Server will belong to it, and the latter—for Remote Desktop Services
virtual machines. The domain controller should not run within Hyper-V to avoid connectivity issues, therefore
the DC machine is configured within the VMware NAT network. It is necessary to change the default address for
this network: open Edit | Virtual Network Editor, select the NAT interface (usually, VMNet8) and specify address
10.28.0.0/24.
These specific addresses of subnets are not particularly important, but they were used when designing the course
labs and are mentioned in the Lab Guide.
The network schema is as follows
Operating systems
The computers that perform server functions are running Windows 2012 Standard Edition. On other computers,
Windows 8 Enterprise is installed.
4. 4 KASPERSKY LAB
KL 031.30. Kaspersky Security f or Virtualization 3.0. Light Agent
Class Setup Guide
Hardware requirements
The host machine must have at least 12 GB RAM, preferably 16 GB.
Another (and maybe even more important) bottleneck is the disk subsystem. A host machine with one HDD drive
usually cannot ensure comfortable performance. An SSD drive or performance-oriented RAID configuration is
preferred.
5. 5
Chapter 2. Class Setup Guide
2.1 DC
1. Create a virtual machine with the following minimal configuration:
— 1024 MB RAM
— 40 GB hard drive
— One network adapter (NAT)
2. Install Windows Server 2012 Standard:
— Computer name—DC
— IP address—10.28.0.10
— DNS server and gateway—10.28.0.2
— Local administrator password—Ka5per5Ky
3. Add the Active Directory Domain Services server role with the following parameters:
— New forest;
— Root domain named abc.lab;
— Password for the directory services restore mode—Ka5per5Ky;
— Other parameters—by default.
4. Add domain users
— Alex with Ka5per5Ky password
5. Modify the domain policy
— In the Server Manager, select Tools | Group Policy Management, then on the shortcut menu of the
Domains / abc.lab / Default domain policy object, click Edit
— Disable automatic Windows Updates (in Group Policy Object Editor, expand Computer
Configuration, Administrative Templates, Windows Components, click Windows Update, double-click
Configure Automatic Updates, and then click Disabled)
— Disable Windows Defender (in Group Policy Object Editor, expand Computer Configuration,
Administrative Templates, Windows Components, click Windows Defender, double-click Turn
off Windows Defender, and then click Enabled)
— Enable RDP redirection of RemoteFX USB Devices (in Group Policy Object Editor, expand
Computer Configuration, Administrative Templates, Windows Components, click Remote
Desktop Services, Remote Desktop Connection Client, RemoteFX USB Device Redirection, then
set Allow RDP redirection of the supported RemoteFX USB Devices from this computer to
Enabled and change RemoteFX USB Redirection Access Rights to Administrators and Users)
— Disable Windows Firewall for the domain profile (In Group Policy Object Editor: User
Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced
Security)
6. 6 KASPERSKY LAB
KL 031.30. Kaspersky Security f or Virtualization 3.0. Light Agent
Class Setup Guide
— Disable SmartScreen Filter for the Internet Zone (in Group Policy Object Editor: User Configuration,
Policies, Administrative Templates, Windows Components, Internet Explorer, Internet Control
Panel, Security Page, Internet Zone, Turn on SmartScreen Filter scan = Disabled)
— Disable Maximum Password Age: select Not Defined for this parameter (in Group Policy Object
Editor: User Configuration, Policies, Windows Settings, Security Settings, Account Policies,
Password Policy)
6. For the Administrator and Alex users, enable the Password never expires parameter
7. Reduce RAM to 860 MB (optional)
8. When all virtual machines are ready, turn off DC and make a snapshot named Ready
2.2 Client
1. Create a virtual machine with the following minimal configuration:
— 1 GB RAM
— 40 GB hard drive
— NAT network adapter
2. Install Windows 8 Enterprise Edition:
— Computer name—Client
— Network parameters:
IP address—10.28.0.110
Default gateway—10.28.0.2
DNS server —10.28.0.10
— Local administrator password—Ka5per5Ky
3. Join Client to ABC domain
4. Add route to the VDI subnet:
— Run PowerShell as administrator. Find out the ifIndex of the adapter
Get-NetAdapter
— Carry out:
New-NetRoute –DestinationPrefix 10.28.2.0/24 –NextHop
10.28.0.3 -ifIndex <adapter index>
5. Enable redirection of removable USB devices . Run the following command from an elevated command
prompt:
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows
NTTerminal ServicesClientUsbSelectDeviceByInterfaces" /v 101 /t
REG_SZ /d “{A5DCBF10-6530-11D2-901F-00C04FB951ED}” /f
6. Turn off the machine and make a snapshot named Ready
7. 7
2.3 Hyper-V
1. Create a virtual machine with the following minimal configuration:
— 2 CPU cores
— 8 GB RAM
— 150 GB hard drive
— Network adapter connected to VMware NAT
2. Install Windows Server 2012 Enterprise Edition:
— Computer name—Hyper-V
— NAT network adapter parameters:
IP address—10.28.0.50
Default gateway—10.28.0.2
DNS server —10.28.0.10
— Local administrator password—Ka5per5Ky
3. Edit the configuration file of the virtual machine to enable installation of the Hyper-V role on the VMware
Workstation hypervisor:
— Turn off Hyper-V
— In the folder of the Hyper-V virtual machine, open Hyper-V.vmx with Notepad and add the following
string: hypervisor.cpuid.v0 = “FALSE”
4. Select Virtualization engine
— Open the settings of the virtual machine in VMware Workstation
— Click the processor and select Virtualize Intel VT-x/EPT or AMD-V/RVI
5. Power on the virtual machine
6. Join Hyper-V to ABC domain
7. Log on to the system under the ABCAdministrator account
8. Add the Hyper-V server role
— Proceed through all steps. Do not change anything except:
Select the network adapter for the virtual switch
9. Pin the Hyper-V Manager shortcut to the taskbar
10. Create two virtual switches
— Open the Server Manager console, select Tools | Hyper-V Manager
— In the right pane, select Virtual Switch Manager
— Select New virtual network switch, then select Private and click Create Virtual Switch
— Rename the switch to Servers and click Apply
— Likewise, create another Private switch named VDI
— Rename the virtual switch created during the Hyper-V installation to External
11. Set up the Router computer (see below)
12. Deploy the Master virtual machine (see below)
8. 8 KASPERSKY LAB
KL 031.30. Kaspersky Security f or Virtualization 3.0. Light Agent
Class Setup Guide
13. Install Remote Desktop Services
— In the Add Roles and Features Wizard, select Remote Desktop Services installation
— Select Standard Deployment
— Select Virtual machine-based desktop deployment
— Add the following roles to the Hyper-V computer one by one:
RD Connection Broker server
RD Web Access server
RD Virtualization Host server
14. Create a collection
— Make sure that the Router computer is configured and running
— Open Server Manager | Remote Desktop Services | Collections
— In the Collections section, click Tasks | Create Virtual Desktop Collection
— Type Lab for the collection name
— Select the Master computer for the template
— Select the time zone and domain name: abc.lab
— Specify the number of machines in the collection: 1. You can specify 2 if the resources are plentiful;
however, re-creating the collection will take more time during the labs in this case
— Disable User profile disks
15. Set up the Master computer
— Power on the virtual machine
— Complete the initial setup wizard, similarly to an installation
— You will have to create a new user, for example, User2
— (Optional) Delete User2
— Join the Master computer to the domain
16. In the C:UsersPublicDocumentsHyper-VVirtual hard disks folder (virtual machine hard drives are
stored here by default), create a directory named SVM-FO
17. Deploy SVM-FO virtual machine (is described in the Security-Center section)
18. Open the properties of the SVM-FO virtual machine and change the network to VDI
19. Shut down all virtual machines except for Router and Lab-0 (a virtual machine from the Remote Desktop
Services collection). The Router should not be shut down, then it will start up as soon the Hyper-V
computer starts. Shut down Hyper-V and make a snapshot named Ready.
2.4 Router
1. Vyatta Core is used for the router. Its distribution can be downloaded from
http://www.vyatta.org/downloads (Virtualization ISO)
2. In the Hyper-V Manager console, create a virtual machine with the following configuration:
— Name—Router
— 128 MB RAM
— Network adapter connected to the External switch
— 1 GB hard disk
— Boot from the Vyatta Live CD iso image
9. 9
3. Add two more cards
— Open the virtual machine settings
— On the Add Hardware tab, select Network Adapter
— Click Add
— Select the Servers virtual switch for the created network adapter
— Click Apply
— Similarly, add a network adapter connected to the VDI switch
4. Power on the virtual machine
5. Log on to the system using the vyatta login and vyatta password
6. Carry out the install-image command
7. To confirm image installation to the hard drive, type Yes
8. Reject RAID-1 mirroring if two disks are found: No
9. Partitioning—Auto
10. 10 KASPERSKY LAB
KL 031.30. Kaspersky Security f or Virtualization 3.0. Light Agent
Class Setup Guide
10. Select the sda drive for the installation
11. Confirm destroying all data on it: Yes
12. Allocate all available disk space to the root directory: ENTER. The installer will create and mount the file
system
13. Agree to the offered image name: ENTER
14. Agree to copying config.boot: ENTER
15. Specify the administrator’s password, for example, Ka5per5Ky
16. Allow GRUB modify the boot partition on the sda drive: ENTER
17. Carry out the poweroff command
18. Confirm: Yes
19. On the virtual machine menu, click Media | DVD Drive, then Eject
11. 11
20. Power on the virtual machine
21. Log on to the system with the vyatta username and the password specified earlier
22. Use the configure command to enter the configuration mode
23. Configure network interfaces:
— set interfaces ethernet eth0 address 10.28.0.3/24
— set interfaces ethernet eth1 address 10.28.1.1/24
— set interfaces ethernet eth2 address 10.28.2.1/24
24. Configure the default gateway and DNS
— set system gateway-address 10.28.0.2
— set system name-server 10.28.0.10
25. Save the settings
— commit
— save
26. Configure NAT:
— set nat source rule 10
— set nat source rule 10 source address 10.28.1.0/24
— set nat source rule 10 outbound-interface eth0
— set nat source rule 10 translation address 10.28.0.3
— set nat source rule 20
— set nat source rule 20 source address 10.28.2.0/24
— set nat source rule 20 outbound-interface eth0
— set nat source rule 20 translation address 10.28.0.3
27. Configure DHCP:
12. 12 KASPERSKY LAB
KL 031.30. Kaspersky Security f or Virtualization 3.0. Light Agent
Class Setup Guide
— set service dhcp-server shared-network-name Servers subnet 10.28.1.0/24 start 10.28.1.70 stop
10.28.1.99
— set service dhcp-server shared-network-name Servers subnet 10.28.1.0/24 dns -server 10.28.0.10
— set service dhcp-server shared-network-name Servers subnet 10.28.1.0/24 default-router 10.28.1.1
— set service dhcp-server shared-network-name VDI subnet 10.28.2.0/24 start 10.28.2.100 stop
10.28.2.254
— set service dhcp-server shared-network-name VDI subnet 10.28.2.0/24 dns-server 10.28.0.10
— set service dhcp-server shared-network-name VDI subnet 10.28.2.0/24 default-router 10.28.2.1
28. Save the settings
— commit
— save
2.5 Security-Center
1. In the Hyper-V Manager console, create a virtual machine with the following minimal configuration:
— Name—Security-Center
— 1536 MB RAM
— 40 GB hard drive
— Network adapter connected to the Servers switch
2. Install Windows Server 2012 Standard Edition:
— Computer name—Security-Center
— Network parameters:
IP address—10.28.1.20
Default gateway—10.28.1.1
DNS server—10.28.0.10
— Local administrator password—Ka5per5Ky
3. Join Security-Center to the domain
4. Log on to the system under the ABCAdministrator account
5. Install Kaspersky Security Center 10 MR1 with the default settings; do not install plug-ins
6. Add Kaspersky Security Center icon to the taskbar
7. Create the following folder structure on the desktop:
— LA—root folder. Copy klcfginst.exe (the Protection Server plug-in) into it. Create two more folders
within it:
Agent—a folder for the Light Agent. Copy the Light Agent distribution there
SVM—download the Protection Server image with its XML description from kaspersky.com and
unpack into this folder
8. Install the Protection Server plug-in
9. Install the Protection Server
— Name—SVM-FO
— Image folder path: C:UsersPublicDocumentsHyper-VVirtual hard disksSVM-FO
— Network—Servers
— Password for the root user—Ka5per5Ky
13. 13
10. Run the Download updates to the repository task.
11. Create and run a key installation task for specific computers; in the computer adding window, select
Specify computer names manually or import from the list, then add SVM by IP address
12. Run the key installation task on the Protection Server
13. Create and run an Update task for the Protection Server in a similar manner
14. Delete the key installation and update tasks
15. Delete the Protection Server plug-in
16. Shut down SVM-FO and reduce RAM to 512 MB
2.6 Master
1. In the Hyper-V Manager console, create a virtual machine with the following minimal configuration:
— Name: Master
— 1024 MB RAM
— 40 GB hard drive
— Network adapter connected to the VDI switch
2. Install Windows 8 Enterprise Edition:
— Computer name—Master
— Network settings—DHCP
— Local administrator password—Ka5per5Ky
3. Join the Master computer to the domain
4. Log on to the system under the ABCAlex account
5. Copy the eicar_com.zip archive to the C:UsersAlex.ABCDownloads folder
6. Prepare a template:
— Run cmd as administrator.
— Carry out:
Sysprepsysprep.exe /generalize /oobe /shutdown /mode:vm