My slides from "Inside PHP", a talk about how to change the syntax of the PHP programming language.
Modified PHP 5.4.4 source code (with the "until" keyword added during this presentation) is available here:
http://github.com/thomaslee/oscon2012-inside-php
My slides from "Inside Python", a talk about how to change the syntax of the Python programming language.
Modified Python 3.2 source code (with the "unless" keyword added during this presentation) is available here:
http://github.com/thomaslee/oscon2012-inside-python
Though both are meant for standard input but Scanner is used for parsing tokens from the contents of the stream while BufferedReader just reads the stream and does not do any special parsing. BufferedReader is synchronized and Scanner is not, so its up to you to decide.
My slides from "Inside PHP", a talk about how to change the syntax of the PHP programming language.
Modified PHP 5.4.4 source code (with the "until" keyword added during this presentation) is available here:
http://github.com/thomaslee/oscon2012-inside-php
My slides from "Inside Python", a talk about how to change the syntax of the Python programming language.
Modified Python 3.2 source code (with the "unless" keyword added during this presentation) is available here:
http://github.com/thomaslee/oscon2012-inside-python
Though both are meant for standard input but Scanner is used for parsing tokens from the contents of the stream while BufferedReader just reads the stream and does not do any special parsing. BufferedReader is synchronized and Scanner is not, so its up to you to decide.
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires Dell EMC World
As adversaries evolve their ability to evade traditional security controls, intelligence and innovation must also come together to provide new detection and disruption capabilities for defenders. This session will discuss the next evolution of SecureWorks' AETD service technology, Red Cloak. Topics include the endpoint as today’s battleground and the unique approach AETD Red Cloak brings to the fight, and the advantage of coordinated advanced detection across the network and endpoints.
Market trends are favorable to continue consolidation in the endpoint security and management space. In this session, learn how Dell's security and management portfolios will help you address critical vulnerabilities, and simplify management and deployment of the most secure endpoints for your business.
A short introduction on how functions work. Functions are the building blocks of any modern programming language. This tutorial shows you how functions are implemented and how the process stack plays an important role in supporting functions.
A regular talk I give across the globe for both corporate innovation and startup ideation. I took a great group of Hubbers through the process of finding product market fit with their ideas, startups and products
Lean Product Management for Enterprises: The Art of Known Unknowns Thoughtworks
Natalie Hollier presentation was given at the Lean Strategy + Design Salon meetup in New York: http://www.meetup.com/LeanStrategyPlusDesign/events/200913392/
Check out Natalie's website: http://www.nataliehollier.com/
This presentation goes over basic exploitation techniques. Topics include:
- Introduction to x86 paradigms used exploited by these techniques
- Stack overflows including the classic stack smashing attack
- Ret2libc
- Format string exploits
- Heap overflows and metadata corruption attacks
Exploit Development: EzServer Buffer Overflow oleh Tom Gregoryzakiakhmad
EzServer adalah video server yang dapat melakukan stream dengan kualitas full HD ke berbagai mesin. Buffer overflow ditemukan pada aplikasi EzServer yang berjalan pada port 8000. Attacker dapat mengirimkan sejumlah kode berbahaya ke port 8000 dan mendapatkan akses setara dengan hak akses aplikasi EzServer. Pada kesempatan ini, penulis akan memaparkan proses pembuatan exploit terhadap aplikasi EzServer menggunakan Python.
Tom Gregory: Security consultant at Spentera, Metasploit exploit developer/contributor.
http://www.python.or.id/2013/04/kopi-darat-komunitas-python-indonesia.html
Nadav Markus goes over the path from a simple crash POC provided by Google Project Zero (for CVE-2015-7547), to a fully weaponized exploit.
He explores how an attacker can utilize the behavior of the Linux kernel in order to bypass ASLR, allowing an attacker to remotely execute code on vulnerable targets.
An introduction to exploit development.
I gave this talk at Hack the North 2014, and most of this information is pulled out of classics like Smashing the Stack for Fun and Profit, so there shouldn't be anything novel in here.
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires Dell EMC World
As adversaries evolve their ability to evade traditional security controls, intelligence and innovation must also come together to provide new detection and disruption capabilities for defenders. This session will discuss the next evolution of SecureWorks' AETD service technology, Red Cloak. Topics include the endpoint as today’s battleground and the unique approach AETD Red Cloak brings to the fight, and the advantage of coordinated advanced detection across the network and endpoints.
Market trends are favorable to continue consolidation in the endpoint security and management space. In this session, learn how Dell's security and management portfolios will help you address critical vulnerabilities, and simplify management and deployment of the most secure endpoints for your business.
A short introduction on how functions work. Functions are the building blocks of any modern programming language. This tutorial shows you how functions are implemented and how the process stack plays an important role in supporting functions.
A regular talk I give across the globe for both corporate innovation and startup ideation. I took a great group of Hubbers through the process of finding product market fit with their ideas, startups and products
Lean Product Management for Enterprises: The Art of Known Unknowns Thoughtworks
Natalie Hollier presentation was given at the Lean Strategy + Design Salon meetup in New York: http://www.meetup.com/LeanStrategyPlusDesign/events/200913392/
Check out Natalie's website: http://www.nataliehollier.com/
This presentation goes over basic exploitation techniques. Topics include:
- Introduction to x86 paradigms used exploited by these techniques
- Stack overflows including the classic stack smashing attack
- Ret2libc
- Format string exploits
- Heap overflows and metadata corruption attacks
Exploit Development: EzServer Buffer Overflow oleh Tom Gregoryzakiakhmad
EzServer adalah video server yang dapat melakukan stream dengan kualitas full HD ke berbagai mesin. Buffer overflow ditemukan pada aplikasi EzServer yang berjalan pada port 8000. Attacker dapat mengirimkan sejumlah kode berbahaya ke port 8000 dan mendapatkan akses setara dengan hak akses aplikasi EzServer. Pada kesempatan ini, penulis akan memaparkan proses pembuatan exploit terhadap aplikasi EzServer menggunakan Python.
Tom Gregory: Security consultant at Spentera, Metasploit exploit developer/contributor.
http://www.python.or.id/2013/04/kopi-darat-komunitas-python-indonesia.html
Nadav Markus goes over the path from a simple crash POC provided by Google Project Zero (for CVE-2015-7547), to a fully weaponized exploit.
He explores how an attacker can utilize the behavior of the Linux kernel in order to bypass ASLR, allowing an attacker to remotely execute code on vulnerable targets.
An introduction to exploit development.
I gave this talk at Hack the North 2014, and most of this information is pulled out of classics like Smashing the Stack for Fun and Profit, so there shouldn't be anything novel in here.
This presentation deals with different scenarios in attacking applications vulnerable to Buffer overflow by exploiting the default SEH chain, by the SEH overwrite
PARALELNÍ POLIS.
Koncepce proti-autoritářského uspořádání společnosti pro nás nachází svůj význam i dnes, ačkoliv bychom již měli mít minulost diktatury za sebou.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
3. A Brief History
08/11/1996 Phrack #49
Smashing The Stack For Fun And Profit, Elias
Levy
“ … Code that does this is said
to smash the stack, and can
cause return from the routine to
jump to a random address. This
can produce some of the most
insidious datadependent bugs
known to mankind.”
www.nethemba.com
4. Stack Frame
Low Memory Address
void func(int a, int b, int c) {
char buffer1[BUFSIZE];
char buffer2[BUFSIZE];
buffer2
}
int main(int argc, char **argv) {
buffer1
func(10, 20, 30); EBP
}
EIP
prologue, epilogue 10
push ebp mov esp, ebp 20
mov ebp, esp pop ebp 30
sub esp, $const ret
High Memory Address
www.nethemba.com
7. Low Memory Address
Buffer Overflow – SEH
try {
int a = 5; Local Vars
int b = 0;
Next SEH
int c = a / b;
} catch (Exception e) { SE Handler
printf(“ignore ..”);
}
EBP
EIP
args
Next → Next → Next → 0xFFFFFFFF
Pointer to Pointer to Pointer to Default
Exception Exception Exception Exception
Handler Handler Handler Handler High Memory Address
www.nethemba.com
8. Low Memory Address
Buffer Overflow – SEH
try {
int a = 5; Local Vars
int b = 0;
Next SEH
int c = a / b;
} catch (Exception e) { SE Handler
printf(“ignore ..”);
}
EBP
EIP
args
Shellcode Next → Next → 0xFFFFFFFF
address
POP POP RET Pointer to Pointer to Default
Exception Exception Exception
Handler Handler Handler High Memory Address
www.nethemba.com
9. Low Memory Address
Stack cookies – canaries Local Vars
Protection provided by the compiler Canary
(/gs, fstackprotector, StackGuard, Next SEH
ProPolice) SE Handler
Can rearrange the stack layout, so EBP
string variables are on higher EIP
addresses and cannot overwrite args
other local variables
Contain “bad” characters (0x00,
0xFF)
High Memory Address
www.nethemba.com
10. Stack cookies – canaries
Usually a challenge
Entropy weaknesses (24bit entropy on Ubuntu,
can by bypassed in reasonable time)
Sometimes helps to overwrite SEH
Cannot protect from buffer overflows in heap
www.nethemba.com
11. Protection DEP
Stack is no longer executable
W^X
Both HW (NX bit) and software support
Prevent basic buffer overflows
Four policy levels on Windows platform: Optin,
OptOut, AlwaysOn, AlwaysOff
Can be bypassed by “returntolibc”
www.nethemba.com
12. Return to LIBC
The most generic method to bypass NX
No executable code in stack
EIP is overwritten by library function (system())
Parameters are passed via stack
Chained “return to libc”
No loops, conditional jumps, complicated things
28/12/2001 Phrack #58, Advanced returninto
lib(c) exploits
www.nethemba.com
13. Low Memory Address
Return to LIBC Low Memory Address
uuu
←basic buffer overflow
Local Vars Local Vars
EBP EBP
EIP system()
args return to libc → EIP JUNK
“/bin/sh0”
High Memory Address
High Memory Address
www.nethemba.com
14. ASLR
Address Stack Layout Randomization
Including Libraries, Heap, Stack
But not necessary in all libraries
You need at least one module without ASLR for
bypassing in Windows
Implementation weaknesses
Can by bypassed by format string exploits
www.nethemba.com
16. Return Oriented Programming
● The successor of “return to libc” technique
● Small number of instructions ending with “ret”
(Gadgets) chained together
● If we find them enough, we have the Turing
Machine
● Fixed Memory location for data interchange, usually
in .data section
● 2 registers are usually efficient
www.nethemba.com
17. Return Oriented Programming
● You can bypass character restrictions (neg)
● No injected code, just rewritten stack
● ESP determines which instructions you execute
● Automated by tools (ropeme, ROPGadget)
# execve /bin/sh bindport 8080 generated by RopGadget v3.3
p += pack("<I", 0x08050dda) # pop %edx | ret
p += pack("<I", 0x080cd6a0) # @ .data
p += pack("<I", 0x080a49f6) # pop %eax | ret
p += "//us"
p += pack("<I", 0x080796ed) # mov %eax,(%edx) | ret
...
www.nethemba.com
18. Return Oriented Programming
● We can build the custom stack at fixed location
(bypass ASLR)
● .data, .bss (readelf)
● Multistage exploit
● GOT entry overwriting
offset = execve() printf()
execve() = printf() + offsef
● Countermeasure: Position
Independent Executable (PIE)
www.nethemba.com
20. Immunity Debugger
● 'mona' (successor of pvefindaddr)
● skeleton for metasploit exploit can by generated
with Immunity Debugger (mona plugin)
www.nethemba.com
21. Radare
● Reverse engineering framework, *nixstyle,
multiplatform
● 11/06/2009 Phrack #66, Manual Binary
Mangling With Radare
radare: the entrypoint for everything :)
rahash: block based hashing utility
radiff: multiple binary diffing algorithms
rabin: extract information from binaries
rasc: shellcode construction helper
rasm: commandline assembler/disassembler
rax: inline multiple base converter
xrefs: blind search for relative code references
www.nethemba.com