The document provides guidance on penetration testing biometric fingerprint authentication systems. It outlines various potential attack vectors, including local attacks on the fingerprint sensor and USB data manager, as well as remote attacks on the remote IP management, backend database, and fingerprint manager admin interface. The document then details methods for conducting local attacks, such as using a fingerprint logger to steal a print and reproducing fake fingerprints to trick the sensor. It also discusses vulnerabilities in biometric device network protocols and remote administration capabilities. The goal is to evaluate security and identify ways to bypass authentication or steal sensitive user data from biometric systems.
The document discusses Jugaad, a proof-of-concept toolkit that demonstrates code injection on Linux systems similar to CreateRemoteThread on Windows. It does this using the ptrace system call to attach to a process, read/write its memory, and inject shellcode that allocates memory and creates a thread to execute arbitrary code within the target process context. First, it explains how ptrace can be used to manipulate another process. Then it describes how Jugaad uses these ptrace capabilities to meet the requirements of allocating memory, creating a thread, and executing payload code inside the target process.
The document discusses reversing Microsoft patches to reveal vulnerable code. It describes taking a binary difference of files before and after a patch is applied to identify code changes and potential vulnerabilities. This process can be used to create better vulnerability signatures compared to exploit signatures. However, there are challenges to the process like obtaining the correct file versions to compare and dealing with compiler optimizations. Dynamic analysis by setting breakpoints in changed code is also described to help locate where user input is handled to potentially exploit vulnerabilities. The goal is to reveal vulnerable code details to help create vulnerability signatures and verify patches.
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.
Frankenstein. stitching malware from benign binariesYury Chemerkin
This document proposes a new malware propagation system called Frankenstein that stitches together code sequences from benign programs to generate obfuscated malware copies. Frankenstein searches benign programs for "gadgets", which are sequences of instructions that can be combined to perform tasks. It uses these gadgets to synthesize new malware copies by composing gadgets according to a high-level "semantic blueprint", making the copies harder to detect than traditional metamorphic malware. The authors implement a proof-of-concept Frankenstein system and show that mining a few local programs provides enough gadgets to synthesize arbitrary functionality.
The Crisis malware is an advanced malware that infects both Windows and Mac computers. It has the ability to steal browser history, contacts, audio/visual recordings and more. It spreads initially through a signed Java applet and then installs core modules and drivers onto the infected system. Both Windows and Mac versions share similar information stealing and command and control capabilities. The Windows version uniquely targets virtual machines by mounting and infecting VM disk images, and can also steal social media and email account information. The malware authors remain anonymous but the code quality suggests it was intended for espionage or private investigation.
The document discusses automatic deobfuscation of binary code. It presents a local semantic analysis approach that rewrites binary code in a simpler form without relying on manual identification of obfuscation patterns. The approach uses compiler optimization techniques like constant propagation, folding, and stack optimization on virtual machine handler functions to drastically simplify the obfuscated code. It is able to reduce handler functions from 100-200 instructions to at most 10 instructions within a single basic block.
DEVELOPING MOBILE AGENT FOR INTRUSION DETECTIONijcsit
Mobile agent is a certain agent actively able to move from one computer to another or even travel across
network to perform the task assigned. This research aimed to develop mobile agent model to detect
distributed intrusion (Distributed Intrusion Detection System).
It was expected that the produced model was able to perform its task in nearly real time manner, to be
immune against attack, and also fairly small overhead at the host, either in memory consumption or CPU
usage. In this research, the Aglets concept was also developed to aid intrusion detection. This approach
was also maintained to solve certain issues such as scalability, reliability, and configurability. Hence, the
advantages and limitations of agent-based approaches will be when it is applied in real world.
The document discusses Jugaad, a proof-of-concept toolkit that demonstrates code injection on Linux systems similar to CreateRemoteThread on Windows. It does this using the ptrace system call to attach to a process, read/write its memory, and inject shellcode that allocates memory and creates a thread to execute arbitrary code within the target process context. First, it explains how ptrace can be used to manipulate another process. Then it describes how Jugaad uses these ptrace capabilities to meet the requirements of allocating memory, creating a thread, and executing payload code inside the target process.
The document discusses reversing Microsoft patches to reveal vulnerable code. It describes taking a binary difference of files before and after a patch is applied to identify code changes and potential vulnerabilities. This process can be used to create better vulnerability signatures compared to exploit signatures. However, there are challenges to the process like obtaining the correct file versions to compare and dealing with compiler optimizations. Dynamic analysis by setting breakpoints in changed code is also described to help locate where user input is handled to potentially exploit vulnerabilities. The goal is to reveal vulnerable code details to help create vulnerability signatures and verify patches.
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.
Frankenstein. stitching malware from benign binariesYury Chemerkin
This document proposes a new malware propagation system called Frankenstein that stitches together code sequences from benign programs to generate obfuscated malware copies. Frankenstein searches benign programs for "gadgets", which are sequences of instructions that can be combined to perform tasks. It uses these gadgets to synthesize new malware copies by composing gadgets according to a high-level "semantic blueprint", making the copies harder to detect than traditional metamorphic malware. The authors implement a proof-of-concept Frankenstein system and show that mining a few local programs provides enough gadgets to synthesize arbitrary functionality.
The Crisis malware is an advanced malware that infects both Windows and Mac computers. It has the ability to steal browser history, contacts, audio/visual recordings and more. It spreads initially through a signed Java applet and then installs core modules and drivers onto the infected system. Both Windows and Mac versions share similar information stealing and command and control capabilities. The Windows version uniquely targets virtual machines by mounting and infecting VM disk images, and can also steal social media and email account information. The malware authors remain anonymous but the code quality suggests it was intended for espionage or private investigation.
The document discusses automatic deobfuscation of binary code. It presents a local semantic analysis approach that rewrites binary code in a simpler form without relying on manual identification of obfuscation patterns. The approach uses compiler optimization techniques like constant propagation, folding, and stack optimization on virtual machine handler functions to drastically simplify the obfuscated code. It is able to reduce handler functions from 100-200 instructions to at most 10 instructions within a single basic block.
DEVELOPING MOBILE AGENT FOR INTRUSION DETECTIONijcsit
Mobile agent is a certain agent actively able to move from one computer to another or even travel across
network to perform the task assigned. This research aimed to develop mobile agent model to detect
distributed intrusion (Distributed Intrusion Detection System).
It was expected that the produced model was able to perform its task in nearly real time manner, to be
immune against attack, and also fairly small overhead at the host, either in memory consumption or CPU
usage. In this research, the Aglets concept was also developed to aid intrusion detection. This approach
was also maintained to solve certain issues such as scalability, reliability, and configurability. Hence, the
advantages and limitations of agent-based approaches will be when it is applied in real world.
This document discusses attacking and exploiting antivirus software. It begins by describing how antivirus engines work and how their functionality can increase vulnerabilities. The document then details initial experiments fuzzing 14 antivirus engines, finding remote and local vulnerabilities. Specific vulnerabilities are listed for various antivirus products. Statistics on fuzzing various engines are provided. The document concludes by discussing remote exploitation of antivirus engines, noting that despite ASLR, many engines still have exploitable issues due to non-ASLR modules or RWX pages. The emulators used by antivirus engines are highlighted as a key part that can bypass some protections.
Defeating spyware and forensics on the black berry draftidsecconf
This document discusses techniques for defeating spyware and malware on BlackBerry devices by poisoning the data repositories that malware targets in order to collect and transmit private user information. It proposes attacking the source of information rather than trying to detect and remove malware. Specific techniques discussed include POEPFlood, PWNGoal, DDTS, and FMLog. POEPFlood works by introducing fake data to overwhelm repositories with useless information. PWNGoal uses third parties to generate fake messages. DDTS and FMLog aim to hamper forensic analysis by preventing device access or overwriting logs. The techniques are demonstrated for defeating malware targeting email, SMS, call history, and contacts.
This document provides an overview of a presentation on .NET for hackers. The presenter introduces themselves and their background in software development, security, and collaboration with OWASP. The agenda includes introductions to .NET, disassembling binaries, debugging .NET applications, reflection, decompilation techniques, and a malware analysis use case. Key topics covered are the .NET Common Language Runtime environment, .NET file formats, memory models, Just-In-Time compilation, debugging tools like ILDASM and SOS extensions, reflection APIs, decompilation, and anti-decompilation tricks. Examples are provided for debugging and reflection code.
[Usenix's WOOT'14] Attacking the Linux PRNG and Android - Weaknesses in Seedi...srkedmi
1) The document discusses weaknesses in the seeding of entropy pools and low boot-time entropy in the Linux PRNG used in Android.
2) It presents a proof-of-concept attack that allows recreating the internal state of the Linux PRNG during early boot by leveraging an active leak of a random value and knowledge of the boot flow and PRNG behavior.
3) The attack is demonstrated through two scenarios: an IPv6 denial of service attack and bypassing Android stack protection to enable buffer overflow exploits.
This document describes a new password authentication method that combines textual passwords with a modified cued click points technique for increased security. The method uses a special key display interface that breaks the user's password into a combination of four passwords plus three additional strings. These seven strings are then encrypted using a novel one-way encryption algorithm called One-time Data Division (ODD). This produces a 256-character encrypted password that is stored in the database for authentication. The encryption is complex and lossy, making the original password irrecoverable even by an administrator. The method aims to provide strong security while maintaining usability.
The document summarizes a research paper about protecting web applications from SQL injection attacks. It discusses how SQL injection is a common attack that allows hackers to steal or modify database information. The paper proposes applying a hybrid encryption method involving AES and Rabin cryptography to the login phase of a web application. This would encrypt username and password data before it is sent to the server to help prevent unauthorized access to the database in the case of an SQL injection attack. It also discusses related work on SQL injection prevention and provides an implementation example of the proposed hybrid encryption method using PHP and MySQL.
Automating Analysis and Exploitation of Embedded Device FirmwareMalachi Jones
Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture.
In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.
Network security interview questions & answersSimpliv LLC
This document provides 150+ interview questions and answers related to network security. It begins by stating that the document will help with network security job interviews by providing sample questions and answers. It then lists several questions and short answers related to topics like firewall configuration, protocols, attacks, and security best practices. The questions cover a wide range of network security topics and the answers provide concise responses to each question.
Source code recovery is one of the most tedious, and interesting, tasks in reverse engineering. During the course of this talk, the author will talk about a tool being developed (on and off) since last year that aims to generate auto-compilable source code from binaries. The tool is currently working though it needs a lot more work.
Finding Diversity In Remote Code Injection Exploitsamiable_indian
1. The document analyzes the diversity among remote code injection exploits by collecting exploit samples from network traces, extracting and emulating shellcodes, and clustering the shellcodes based on an exedit distance metric.
2. It finds that exploits can be grouped into families based on the vulnerability targeted. The LSASS and ISystemActivator exploit families show subtle variations among related exploits, while RemoteActivation exploits exhibit more diversity.
3. Analyzing exploit phylogenies reveals code sharing among families and subtle variations within families, providing insights into the emergence of polymorphism in malware payloads.
This document provides an overview of the Metasploit Framework and penetration testing. It discusses key Metasploit concepts like exploits, payloads, and modules. It also covers common penetration testing techniques like intelligence gathering, vulnerability scanning, exploitation, and post-exploitation activities. The document aims to teach first-time Metasploit users how to use the framework and interact with the Metasploit community. It includes instructions for common tasks like launching simulated attacks, bypassing antivirus software, and writing custom modules and exploits.
Automatic reverse engineering of malware emulatorsUltraUploader
This document proposes techniques for automatically reverse engineering malware emulators. It presents an algorithm using dynamic analysis to execute emulated malware, record the x86 instruction trace, and use data flow and taint analysis to identify the bytecode program and extract syntactic and semantic information about the bytecode instruction set. The authors implemented a proof-of-concept system called Rotalumé, which accurately revealed the syntax and semantics of emulated instruction sets for programs obfuscated by VMProtect and Code Virtualizer.
The document discusses intrusion alert correlation. It defines key terms like correlation, event, alert, and alert correlation. It outlines that the goals of correlation are to address weaknesses in individual intrusion detection systems like alert flooding, lack of context, and false positives/negatives. The main steps of the correlation process include alert collection, normalization, aggregation, verification, and producing high-level alert structures. Specific correlation techniques are also discussed.
The objective of this is to develop a Fuzzy aided Application layer Semantic Intrusion Detection System (FASIDS) which works in the application layer of the network stack. FASIDS consist of semantic IDS and Fuzzy based IDS. Rule based IDS looks for the specific pattern which is defined as malicious. A non-intrusive regular pattern can be malicious if it occurs several times with a short time interval. For detecting such malicious activities, FASIDS is proposed in this paper. At application layer, HTTP traffic’s header and payload are analyzed for possible intrusion. In the proposed misuse detection module, the semantic intrusion detection system works on the basis of rules that define various application layer misuses that are found in the network. An attack identified by the IDS is based on a corresponding rule in the rule-base. An event that doesn’t make a ‘hit’ on the rule-base is given to a Fuzzy Intrusion Detection System (FIDS) for further analysis.
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
This document discusses online intrusion alert aggregation using generative data stream modeling. It proposes a probabilistic model to collect and model alerts of similar attacks over time to identify the beginning and completion of attacks. The system architecture includes sensor, detection, alert processing and reaction layers. The alert processing layer generates meta-alerts based on attack instance information. Experimental results show the approach can generate meta-alerts and reduce false positives by executing clustering algorithms multiple times on the data stream. It concludes the method is effective for aggregating alerts in real-time intrusion detection systems.
Espressif IoT Development Framework: 71 Shots in the FootAndrey Karpov
The article summarizes the author's analysis of errors found in the Espressif IoT Development Framework using the PVS-Studio static analyzer. The analyzer found 71 errors in the framework code related to security vulnerabilities like incorrect argument order, loss of significant bits, and failure to clear private data from memory. The author notes that additional errors may be found with a more complete analysis. Conditional compilation directives and macros used in the framework code generated many false positives from the analyzer.
Automated Validation of Internet Security Protocols and Applications (AVISPA)...Krassen Deltchev
These are the slides to my first B.Sc. term paper- AVISPA, 2006.
These slides are presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
File inflection techniques allow computer viruses to infect files by inserting malicious code. Viruses can infect both executable files and data files. Executable files contain code that runs when the file is opened, while data files may contain scripts or code that can be executed through buffer overflow exploits or by hijacking entry points. In Windows, applications run in a restricted mode while the operating system kernel runs in a privileged mode, but viruses can access system resources through Windows API calls. Updates, antivirus software, and care regarding untrusted files can help prevent infection.
Self Monitoring System to Catch Unauthorized ActivityIRJET Journal
The document describes a proposed self-monitoring system called SMS that detects unauthorized insider activity on a system. SMS monitors user activity at the system call level and creates user profiles to track normal usage patterns. It compares current activity to these profiles to identify anomalous behavior that may indicate a malicious intrusion. When SMS detects potential unauthorized activity, it takes a snapshot of the event and reports it to administrators. The system aims to improve on other intrusion detection systems by identifying insider threats in real-time at the system call level using data mining and forensic techniques.
It seems like you're providing information about the publication process of the International Journal of Advanced Publication Practices. This information outlines the fast publication schedule and peer-review process by the journal of the appears to prioritize a fast and efficient publication process while maintaining the quality and integrity of the research it publishes of the best pharma journals .
This document discusses attacking and exploiting antivirus software. It begins by describing how antivirus engines work and how their functionality can increase vulnerabilities. The document then details initial experiments fuzzing 14 antivirus engines, finding remote and local vulnerabilities. Specific vulnerabilities are listed for various antivirus products. Statistics on fuzzing various engines are provided. The document concludes by discussing remote exploitation of antivirus engines, noting that despite ASLR, many engines still have exploitable issues due to non-ASLR modules or RWX pages. The emulators used by antivirus engines are highlighted as a key part that can bypass some protections.
Defeating spyware and forensics on the black berry draftidsecconf
This document discusses techniques for defeating spyware and malware on BlackBerry devices by poisoning the data repositories that malware targets in order to collect and transmit private user information. It proposes attacking the source of information rather than trying to detect and remove malware. Specific techniques discussed include POEPFlood, PWNGoal, DDTS, and FMLog. POEPFlood works by introducing fake data to overwhelm repositories with useless information. PWNGoal uses third parties to generate fake messages. DDTS and FMLog aim to hamper forensic analysis by preventing device access or overwriting logs. The techniques are demonstrated for defeating malware targeting email, SMS, call history, and contacts.
This document provides an overview of a presentation on .NET for hackers. The presenter introduces themselves and their background in software development, security, and collaboration with OWASP. The agenda includes introductions to .NET, disassembling binaries, debugging .NET applications, reflection, decompilation techniques, and a malware analysis use case. Key topics covered are the .NET Common Language Runtime environment, .NET file formats, memory models, Just-In-Time compilation, debugging tools like ILDASM and SOS extensions, reflection APIs, decompilation, and anti-decompilation tricks. Examples are provided for debugging and reflection code.
[Usenix's WOOT'14] Attacking the Linux PRNG and Android - Weaknesses in Seedi...srkedmi
1) The document discusses weaknesses in the seeding of entropy pools and low boot-time entropy in the Linux PRNG used in Android.
2) It presents a proof-of-concept attack that allows recreating the internal state of the Linux PRNG during early boot by leveraging an active leak of a random value and knowledge of the boot flow and PRNG behavior.
3) The attack is demonstrated through two scenarios: an IPv6 denial of service attack and bypassing Android stack protection to enable buffer overflow exploits.
This document describes a new password authentication method that combines textual passwords with a modified cued click points technique for increased security. The method uses a special key display interface that breaks the user's password into a combination of four passwords plus three additional strings. These seven strings are then encrypted using a novel one-way encryption algorithm called One-time Data Division (ODD). This produces a 256-character encrypted password that is stored in the database for authentication. The encryption is complex and lossy, making the original password irrecoverable even by an administrator. The method aims to provide strong security while maintaining usability.
The document summarizes a research paper about protecting web applications from SQL injection attacks. It discusses how SQL injection is a common attack that allows hackers to steal or modify database information. The paper proposes applying a hybrid encryption method involving AES and Rabin cryptography to the login phase of a web application. This would encrypt username and password data before it is sent to the server to help prevent unauthorized access to the database in the case of an SQL injection attack. It also discusses related work on SQL injection prevention and provides an implementation example of the proposed hybrid encryption method using PHP and MySQL.
Automating Analysis and Exploitation of Embedded Device FirmwareMalachi Jones
Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture.
In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.
Network security interview questions & answersSimpliv LLC
This document provides 150+ interview questions and answers related to network security. It begins by stating that the document will help with network security job interviews by providing sample questions and answers. It then lists several questions and short answers related to topics like firewall configuration, protocols, attacks, and security best practices. The questions cover a wide range of network security topics and the answers provide concise responses to each question.
Source code recovery is one of the most tedious, and interesting, tasks in reverse engineering. During the course of this talk, the author will talk about a tool being developed (on and off) since last year that aims to generate auto-compilable source code from binaries. The tool is currently working though it needs a lot more work.
Finding Diversity In Remote Code Injection Exploitsamiable_indian
1. The document analyzes the diversity among remote code injection exploits by collecting exploit samples from network traces, extracting and emulating shellcodes, and clustering the shellcodes based on an exedit distance metric.
2. It finds that exploits can be grouped into families based on the vulnerability targeted. The LSASS and ISystemActivator exploit families show subtle variations among related exploits, while RemoteActivation exploits exhibit more diversity.
3. Analyzing exploit phylogenies reveals code sharing among families and subtle variations within families, providing insights into the emergence of polymorphism in malware payloads.
This document provides an overview of the Metasploit Framework and penetration testing. It discusses key Metasploit concepts like exploits, payloads, and modules. It also covers common penetration testing techniques like intelligence gathering, vulnerability scanning, exploitation, and post-exploitation activities. The document aims to teach first-time Metasploit users how to use the framework and interact with the Metasploit community. It includes instructions for common tasks like launching simulated attacks, bypassing antivirus software, and writing custom modules and exploits.
Automatic reverse engineering of malware emulatorsUltraUploader
This document proposes techniques for automatically reverse engineering malware emulators. It presents an algorithm using dynamic analysis to execute emulated malware, record the x86 instruction trace, and use data flow and taint analysis to identify the bytecode program and extract syntactic and semantic information about the bytecode instruction set. The authors implemented a proof-of-concept system called Rotalumé, which accurately revealed the syntax and semantics of emulated instruction sets for programs obfuscated by VMProtect and Code Virtualizer.
The document discusses intrusion alert correlation. It defines key terms like correlation, event, alert, and alert correlation. It outlines that the goals of correlation are to address weaknesses in individual intrusion detection systems like alert flooding, lack of context, and false positives/negatives. The main steps of the correlation process include alert collection, normalization, aggregation, verification, and producing high-level alert structures. Specific correlation techniques are also discussed.
The objective of this is to develop a Fuzzy aided Application layer Semantic Intrusion Detection System (FASIDS) which works in the application layer of the network stack. FASIDS consist of semantic IDS and Fuzzy based IDS. Rule based IDS looks for the specific pattern which is defined as malicious. A non-intrusive regular pattern can be malicious if it occurs several times with a short time interval. For detecting such malicious activities, FASIDS is proposed in this paper. At application layer, HTTP traffic’s header and payload are analyzed for possible intrusion. In the proposed misuse detection module, the semantic intrusion detection system works on the basis of rules that define various application layer misuses that are found in the network. An attack identified by the IDS is based on a corresponding rule in the rule-base. An event that doesn’t make a ‘hit’ on the rule-base is given to a Fuzzy Intrusion Detection System (FIDS) for further analysis.
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
This document discusses online intrusion alert aggregation using generative data stream modeling. It proposes a probabilistic model to collect and model alerts of similar attacks over time to identify the beginning and completion of attacks. The system architecture includes sensor, detection, alert processing and reaction layers. The alert processing layer generates meta-alerts based on attack instance information. Experimental results show the approach can generate meta-alerts and reduce false positives by executing clustering algorithms multiple times on the data stream. It concludes the method is effective for aggregating alerts in real-time intrusion detection systems.
Espressif IoT Development Framework: 71 Shots in the FootAndrey Karpov
The article summarizes the author's analysis of errors found in the Espressif IoT Development Framework using the PVS-Studio static analyzer. The analyzer found 71 errors in the framework code related to security vulnerabilities like incorrect argument order, loss of significant bits, and failure to clear private data from memory. The author notes that additional errors may be found with a more complete analysis. Conditional compilation directives and macros used in the framework code generated many false positives from the analyzer.
Automated Validation of Internet Security Protocols and Applications (AVISPA)...Krassen Deltchev
These are the slides to my first B.Sc. term paper- AVISPA, 2006.
These slides are presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
File inflection techniques allow computer viruses to infect files by inserting malicious code. Viruses can infect both executable files and data files. Executable files contain code that runs when the file is opened, while data files may contain scripts or code that can be executed through buffer overflow exploits or by hijacking entry points. In Windows, applications run in a restricted mode while the operating system kernel runs in a privileged mode, but viruses can access system resources through Windows API calls. Updates, antivirus software, and care regarding untrusted files can help prevent infection.
Self Monitoring System to Catch Unauthorized ActivityIRJET Journal
The document describes a proposed self-monitoring system called SMS that detects unauthorized insider activity on a system. SMS monitors user activity at the system call level and creates user profiles to track normal usage patterns. It compares current activity to these profiles to identify anomalous behavior that may indicate a malicious intrusion. When SMS detects potential unauthorized activity, it takes a snapshot of the event and reports it to administrators. The system aims to improve on other intrusion detection systems by identifying insider threats in real-time at the system call level using data mining and forensic techniques.
It seems like you're providing information about the publication process of the International Journal of Advanced Publication Practices. This information outlines the fast publication schedule and peer-review process by the journal of the appears to prioritize a fast and efficient publication process while maintaining the quality and integrity of the research it publishes of the best pharma journals .
Keyloggers are a invasive software often used to harvest secret information. One of the main reasons for
this fast growth is the possibility for unprivileged programs running in the user space to secretly steal and record all the
keystrokes typed by the users on a system. The ability to run in unprivileged mode makes possible their implementation
and distribution. but, at the same time, allows one to understand and imitate their behavior in detail.
I will talk about innovation in the area of cyber security analytics - developing machine learning methods to detect and block cyber attacks (e.g. detecting ransomware within 4 seconds of execution and killing the underlying processes). Rather than just focusing on this as a 'black box', I'll pull it apart and talk about how we can use these methods to enable security practitioners (SOC/CIRT etc) to ask and answer questions about 'what' and 'why' these methods are flagging attacks. I'll also talk about resilience of machine learning methods to manipulation and adversarial attacks - how stable these approaches are to diversity and evolution of malware for example.
FINGERPRINT BASED LOCKER WITH IMAGE CAPTUREMichael George
As we are moving in a World of advancement, so the security is the major concern in order to keep data isolate from the unauthorised users to access. In today’s World, we need high degree security system for the protection of our document, important data, as well as memory and jewellery. This review paper presents a secure fingerprint locker which is feasible. This system is proved successful on all norms of security of lockers. There are other methods of verifying authentication through password, RFID but this method is most efficient and reliable. To provide perfect security to the lockers and to make the work easier, this project is taking help of two different technologies, i.e. Embedded System and Biometrics. Biometrics is basically the measurement and use of unique characteristics of living beings to make them distinguish from one another. And this is more reliable then passwords and tokens which can be lost or stolen by the humans. In this paper we are providing the work done on this technique.
Network security is enhanced through biometrics authentication which uses unique physical traits to verify user identity. Biometrics is more secure than passwords since traits cannot be forgotten, stolen, or easily copied. The document discusses common biometric traits like fingerprints, iris scans, and voice recognition. It explains how biometric systems work by enrolling traits during initial use then comparing submitted traits to stored information for authentication. Biometrics provides stronger security for networks and systems by using the human body as a verification method.
Overview of Hot Technologies that are tearing up the security ecosystem. Cyber security experts now have to ‘Move their Cheese’ and deal with threats created by the Cloud, the Internet of Things, mobile/wireless and wearable technology.
IRJET - Contactless Biometric Security System using Finger Knuckle PatternsIRJET Journal
This document proposes a contactless biometric security system using finger knuckle patterns for authentication. Finger knuckle patterns provide accurate identification similar to fingerprints but can be captured contactless. The proposed system uses a convolutional neural network and Speedup Robust Feature algorithm for fast and accurate matching of knuckle patterns from images. This combination allows recognition within the shortest time for a live security system. An illumination controller is also used to standardize lighting and improve image quality. The system aims to securely authenticate users by matching their knuckle patterns against a stored database.
This document discusses conducting a vulnerability assessment. It explains that a vulnerability assessment identifies possible security vulnerabilities in a system. The assessment involves both automated and manual techniques depending on the scope of the organization. The major steps are conducting the assessment, addressing any exposures found, and reporting and remediation. Under conducting the assessment, planning, gathering information, and defining roles and responsibilities are involved. The assessment aims to find and rank vulnerabilities to threats.
Advanced Security System for Bank Lockers using Biometric and GSMIRJET Journal
This document proposes an advanced security system for bank lockers using biometric authentication and GSM technology. The system aims to provide more secure access to bank lockers than traditional key-based systems. It works by enrolling users through fingerprint scanning and storing their fingerprint data and mobile number in a database. When a user wants to open their locker, the system verifies their identity by matching their fingerprint and sends a one-time password via SMS to their registered mobile number. The user then enters this password to unlock the locker, providing two-factor authentication through biometrics and mobile verification. The system is designed to address security issues with lost or duplicated keys and keep pace with digital authentication methods.
IRJET - Door Lock Control using Wireless BiometricIRJET Journal
This document describes a door lock control system that uses wireless biometrics. The system uses fingerprint recognition technology to unlock a door. An Arduino board controls a servo motor that locks and unlocks the door. It communicates wirelessly with an Android application over Bluetooth. When a matching fingerprint is detected by the app, it sends a signal to the Arduino board to unlock the door by turning the servo motor. This provides secure, contactless access to doors without requiring keys. The system aims to provide biometric security access at a lower cost than traditional solutions.
International Journal of Computational Engineering Research(IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
The document discusses integrating threat intelligence and incident response. It defines threat intelligence as technical and contextual information about emerging threats evaluated for accuracy. Threat intelligence feeds into strategic, operational and tactical security levels. Challenges include connecting diverse data points and filtering noise. A threat intelligence platform helps address this by analyzing data and delivering standardized information. The threat kill chain model outlines attack stages from reconnaissance to information theft. Integrating threat intelligence and incident response improves network defenses across each stage.
Our day-to-day lives are filled with situations
where we need to prove who we are; may it be for personal
reasons or as part of your profession. Locks are to be opened,
e-mail accounts are to be accessed and purchases are to be
made – but only by the person correctly authorized to do so.
we propose here a novel system for protecting finger print privacy by combining two different fingerprints into a new identity. In the enrollment, two fingerprints are captured from two different fingers
Thus, a new virtual identity is created for the two different fingerprints, which can be matched using minutiae-based fingerprint matching technique.
Biometric system is a pattern identification system that recognizes an individual by determining the originality of the physical features and behavioral characteristic of that person. Of all the recently used biometric techniques, fingerprint identification systems have gained the most popularity because of the prolonged existence of fingerprints and its extensive use. Fingerprint is dependable biometric trait as it is an idiosyncratic and dedicated. It is a technology that is increasingly used in various fields like forensics and security purpose. The vital objective of our system is to make ATM transaction more secure and user friendly. This system replaces traditional ATM cards with fingerprint. Therefore, there is no need to carry ATM cards to perform transactions. The money transaction can be made more secure without worrying about the card to be lost. In our system we are using embedded system with biometrics i.e r305 sensor and UART microcontroller. The Fingerprint and the user_id of all users are stored in the database. Fingerprints are used to identify whether the Person is genuine. A Fingerprint scanner is used to acquire the fingerprint of the individual, after which the system requests for the PIN (Personal Identification Number). The user gets three chances to get him authenticated. If the fingerprints do not match further authentication will be needed. After the verification with the data stored in the system database, the user is allowed to make transactions.
Ashrith Barthur, Security Scientist, H2o.ai, at MLconf 2017MLconf
This document discusses using machine learning to identify network attack behavior. It describes classifying different types of attacks, such as DDoS, ransomware, and phishing. Short-term attacks are aimed at overwhelming services, while long-term attacks involve reconnaissance, infrastructure vulnerabilities, and data exfiltration over long periods. Current solutions are limited as they are rule-based and stateless. The document proposes using features and machine learning models to better connect events over time and identify long-term attacks. Examples of useful features for the models include connection lengths and domain name statistics. Both manual and assisted labeling approaches are described to generate training data for the models.
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMIJNSA Journal
Classic firewall systems are built to filter traffic based on IP addresses, source and destination ports and protocol types. The modern networks have grown to a level where the possibility for users’ mobility is a must. In such networks, modern firewalls may introduce such complexity where administration can become very frustrating since it needs the intervention of a firewall administrator. The solution for this problem is an identity based firewall system. In this paper we will present a new
design of a firewall system that uses the user’s identity to filter the traffic. In the design phase we will define key points which have to be satisfied as a crucial milestone for the functioning of the whole Identity based firewall system.
This document discusses securing healthcare networks against cyber attacks. It proposes using intrusion detection systems to continuously monitor networks, firewalls to ensure endpoint devices comply with security policies, and biometrics for identity-based network access control. This would help protect patient privacy by safeguarding electronic health records and enhancing the security of hospital networks. The growing adoption of electronic records and devices in healthcare has increased risks of attacks that could intercept patient data or take over entire hospital networks. Strong network security measures are needed to address these risks.
This document discusses research progress in mobile fingerprint template protection. It covers three main schemes: biometric key generation, fuzzy schemes, and non-invertible transforms. Biometric key generation aims to directly derive cryptographic keys from fingerprints to avoid storing biometric features or secret keys. Fuzzy schemes hide secrets within public information so keys can be retrieved through biometric matching. Non-invertible transforms store transformed biometric features instead of the original template. The document analyzes the advantages and limitations of different schemes and points out open issues for future research in mobile fingerprint template protection.
Similar to nullcon 2011 - Penetration Testing a Biometric System (20)
Arun Mane is the founder and director of AmynaSec Labs. He is a security speaker and trainer who has presented at many conferences including Defcon, Blackhat, Nullcon, and HITB. His areas of expertise include security testing of IoT devices, connected vehicles, medical devices, and industrial control systems. Some common issues he finds include devices being publicly accessible, having backdoors, hardcoded credentials, and crypto or web application management problems. His testing methodology involves assessing web and mobile applications, embedded device communications, hardware testing through reverse engineering, and analyzing communication protocols and stored data.
This document outlines an agenda for a presentation on open-source intelligence (OSINT) gathering techniques. The agenda includes an introduction to OSINT, different types of intelligence gathering, a scenario example, OSINT gathering tactics and tools like Shodan, TheHarvester and Google dorks, applications of OSINT, a demonstration, references for OSINT, and a conclusion. Key OSINT tools that will be demonstrated include Twitter, Shodan, TheHarvester and Google dorks for gathering information from public online sources.
This document provides an overview of server-side request forgery (SSRF) vulnerabilities, including what SSRF is, its impact, common attacks, bypassing filters, and mitigations. SSRF allows an attacker to induce the application to make requests to internal or external servers from the server side, bypassing access controls. This can enable attacks on the server itself or other backend systems and escalate privileges. The document discusses techniques for exploiting trust relationships and bypassing blacklists/whitelists to perform SSRF attacks. It also covers blind SSRF and ways to detect them using out-of-band techniques. Mitigations include avoiding user input that can trigger server requests, sanitizing input, whitelist
Nmap is a network scanning tool that can perform port scanning, operating system detection, and version detection among other features. It works by sending TCP and UDP packets to a target machine and examining the response, comparing it to its database to determine open ports and operating system. There are different scanning techniques that can be used like TCP SYN scanning, UDP scanning, and OS detection. Nmap also includes a scripting engine that allows users to write scripts to automate networking tasks. The presentation concludes with demonstrating Nmap's features through some examples.
The document provides an introduction and overview of the Metasploit Framework. It defines key terms like vulnerability, exploit, and payload. It outlines the scenario of testing a subnet to find vulnerabilities. It describes the main features of msfconsole like searching for modules, using specific modules, and configuring options. It promotes understanding and proper use, emphasizing that Metasploit alone does not make someone a hacker.
1) The document provides guidance on testing APIs for security weaknesses, including enumerating the attack surface, common tools to use, what to test for (e.g. authentication, authorization, injections), and demo apps to practice on.
2) It recommends testing authentication and authorization mechanisms like tokens, injections attacks on state-changing requests, and how data is consumed client-side.
3) The document also discusses testing for denial of service conditions, data smuggling through middleware, API rate limiting, and cross-origin requests.
TLS 1.3 is an update to the Transport Layer Security protocol that improves security and privacy. It removes vulnerable optional parts of TLS 1.2 and only supports strong ciphers to implement perfect forward secrecy. The handshake process is also significantly shortened. TLS 1.3 provides security benefits by removing outdated ciphers and privacy benefits by enabling perfect forward secrecy by default, ensuring only endpoints can decrypt traffic even if server keys are compromised in the future.
This document provides an introduction to hacking mainframes in 2020. It begins with an overview of mainframe systems and terminology. It then discusses reconnaissance methods like port scanning and credential theft to gain initial access. Next, it covers conducting internal reconnaissance to escalate privileges by exploiting surrogate users, APF authorized libraries, and UNIX privilege escalation techniques. The document aims to provide enough context for curiosity about hacking mainframe systems.
The document discusses CRLF injection and SSRF vulnerabilities. CRLF injection occurs when user input is directly parsed into response headers without sanitization, allowing special characters to be injected. SSRF is when a server is induced to make HTTP requests to domains of an attacker's choosing, potentially escalating access. Mitigations include sanitizing user input, implementing whitelists for allowed domains/protocols, and input validation.
The document provides an overview of Active Directory, including its components and how it is used to centrally manage users, computers, and other objects within a network. It discusses key Active Directory concepts such as forests, domains, organizational units, users, computers, and domain trusts. It also provides step-by-step instructions for setting up an Active Directory lab environment for red teaming purposes and integrating a client machine into the domain.
A security engineer discusses how logs and passive reconnaissance can reveal sensitive information like AWS credentials. The engineer searched for open Jenkins and SonarQube instances which led to discovering Slack channels containing AWS access keys. Key lessons are to know your boundaries, automate mundane tasks, don't presume systems mask secrets, and persistence is important in security work.
Shodan is a search engine that indexes internet-connected devices and provides information about devices, banners, and metadata. It works by generating random IP addresses and port scans to retrieve banner information from devices. This information is then stored in a searchable database. Users can search Shodan's database using filters like country, city, IP address, operating system, and ports. Shodan can be accessed through its website or command line interface. While useful for security research, Shodan also raises privacy and security concerns by revealing information about unprotected devices.
This document outlines an agenda for discussing cloud security. It begins with an introduction to cloud computing and deployment models. It then discusses challenges of cloud computing and why cloud security is important. Specific threats like data breaches and account hijacking are listed. The document reviews the shared responsibility model and scope of security in public clouds. It describes cloud security penetration testing methods like static and dynamic application testing. Finally, it provides prerequisites and methods for conducting cloud penetration testing, including reconnaissance, threat modeling, and following standard testing methodologies.
This document discusses several techniques for maintaining persistence on Windows systems, including modifying accessibility features, injecting into image file execution options, using AppInit DLLs, application shimming, BITS jobs, registry run keys, and Windows Management Instrumentation event subscriptions. It provides details on how each technique works, common implementations, required privileges, relevant data sources, and example event log entries.
Frida is a dynamic instrumentation toolkit that allows injecting JavaScript into applications. Objection is a runtime mobile exploration toolkit powered by Frida that helps assess the security of mobile apps. It supports iOS and Android. Objection allows exploring apps by listing classes, methods, and injecting scripts to enable dynamic analysis like dumping keychain entries.
Osquery is an open source tool that allows users to perform SQL queries on their system to retrieve information. It supports various platforms and makes it easy to get details about the system. Osquery consists of Osqueryi, Osqueryd, and Osqueryctl components. Basic queries can be run in user context mode to view system information, configuration, and tables. Osqueryd runs in daemon mode and can be configured using packs and decorators to monitor specific events and files. Osqueryctl is used to control the Osquery daemon process.
This document discusses DevSecOps, beginning with an introduction from Tibin Lukose. It then covers some challenges in DevSecOps such as developers lacking security skills, cultural challenges, and difficulties balancing speed, coverage and accuracy in testing. The document proposes a model DevSecOps company, Infosys, and provides a demo and contact information for any further questions.
This document provides an introduction to XML and related technologies like libxml2, XSLT, XPath, and XML attacks. It discusses the basics of XML including elements, tags, attributes, and validation. It also describes common XML libraries and tools like libxml2, xmllint, and xsltproc. Finally, it provides an overview of different types of XML attacks like XML injection, XPath injection, XXE, and XSLT injection.
This document contains the agenda for a presentation on Linux for hackers. The agenda includes discussing the Linux file system, managing virtual machines smartly, command line tools like alias, tee, pipe, grep, cut, uniq, and xargs, Bash scripting, logging, and proxy chaining. It also mentions demonstrating several commands and tools. The presentation aims to be an interactive session where the presenter will answer any questions from attendees.
This document provides an overview of Android penetration testing. It discusses requirements and tools for static and dynamic analysis, including Apptitude, Genymotion, and ADB. It covers analyzing the Android manifest and classes.dex files. It also describes vulnerabilities in WebViews, such as loading cleartext content and improper SSL handling. Best practices for coding securely on Android are also presented.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
nullcon 2011 - Penetration Testing a Biometric System
1. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Penetration Testing Biometric System
A Penetration Testers Guide to Finger Print
Authentication
[FB1H2S aka Rahul Sasi]
http://Fb1h2s.com
http://www.Garage4Hackers.com
Presented @ NullCon International Conference 2011
http://nullcon.net/
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
2. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Abstract: This paper act as a guide explaining the necessity of including Biometric-
Devices in the scope of a network audit and the procedures that could be used for
Security auditing one such system. The paper explains both local and remote attacks and
the procedures to carry out vulnerability detection, exploitation and reporting.
Introduction: Biometric Fingerprint system is rapidly developing and the no of Biometric
systems deployed is increasing day by day along with the amount of vital information it
is holding. And this brings the necessity of including these devices on to the list of
devices subjected to a Penetration Testing/Security Auditing.
Biometric Fingerprint systems have several advantages over classical methods based on
password and ID cards. These systems are considered effective and fast. The advantages
of this system over traditional systems are very high. In spite of the many advantages
biometric systems got few draw-backs like a)Your finger print is not a secret eg: any one
could have a copy of your finger print b) it‟s a onetime password once stolen cannot be
reset to a new value. Furthermore the different attack vectors of a biometric system are
numbered and mentioned in diagram.
MIPS
Fingerprint Processor
Fingerprint Matcher
Authentication Internal Database
1) Sensor
2) USB Data Manager
+
3) Remote IP Management
IP Based Remote Management
Back End Desktop/Server
4) Back End Database (Mssql, Mysql, Excel)
5) Finger Print Manager (Admin Interface)
Remote Computer
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
3. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Diagram fb1_01 explains the various possible points of attack, and these would be the
areas this research would be concentrating on. On basis of the attack methodology we
have categorized the attacks into Local and Remote attacks.
Local Attacks:
1) Finger Print Sensor
2) USB Data Manager
Remote Attacks:
3) Remote IP Management
4) Back End Database
5) Finger Print Manager (Admin Interface)
The above mentioned architecture and attacking vectors would be same for all Biometric
implementation. Biometric Finger print scanners application are varied and we will
discuss on the following deployments,
Biometric Attendance Management System used to automate a reliable attendance
managing system.
Biometric Finger print guarded doors, implemented for keyless secure access to
doors.
Attendance Management System Door Controlling System
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
4. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Biometrics: The Non Technical part:
Local Attack: Finger print sensor
Finger print scanners read input using two methodologies:
1) Optical scanner
2) Capacitance scanner
Optical Scanner are most widely used ones and the main part of it are the CCD[charge
coupled device ], these are simply an array of light-sensitive diodes called photosites,
which generate an electrical signal in response to light photons. Each photosite records a
pixel, a tiny dot representing the light that hit that spot. Collectively, the light and dark
pixels form an image of the scanned finger print. So the theory says that if a similar
image of finger print is placed in front the scanner we would be able to bypass them. This
theory is practically not easy as the problems we would have to face would be the
validation of the machine in order to differentiate between a real and valid image by
checking the average pixel darkness, or the overall values in a small sample by rejecting
the scan if the overall image is too dark or too light. One part of this paper would be
reproducing two dimensional images of a fingerprint.
Capacitance Scannerswork on the principle of capacitance. It relies on the properties of
flesh and air to measure differences in capacitance on the scanner when the finger is
placed upon the scanner. Certain systems along with capacitance checks blood flow,
temperature, and even simulate human sweat.
One advantage of capacitance scanners over optical scanners is the fact that the
capacitance scanner requires a three-dimensional print, whereas an optical scanner needs
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
5. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
a two dimensional only. This makes the capacitance scanners more difficult to deceive.
However, if one could recreate a three-dimensional representation of a print, then one
could theoretically “trick” the scanner into falsely authenticating a user.
The objective of the first section is to try by-passing these devices by steeling and cloning
the fingerprint. And later these clones would be modified into three dimensional and two
dimensional dummy s that could be used to see the above mentions vulnerabilities exist
or not.
This above mentioned approaches are practically not easy as the problems we would have
to face would be the validation of the machine in order to differentiate between a real and
valid image by checking the average pixel darkness, or the overall values in a small
sample by rejecting the scan if the overall image is too dark or too light. .
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
6. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Local attacks:
Detailed methodology: Penetration Testing a Biometric device.
This section will explain the methodologies in order to recreate a fingerprint for tricking
these systems. Attacks like this were seen in videos that were spreading over the internet
by using a Photostat or image of the fingerprint. The issue we would be facing would be
the protection mechanism the systems have employed in order to prevent against such
attacks. Enough with the theoretical part let‟s move on to some action.
Objective: To bypass a finger print guarded door or to fake a finger print attendance
system.
Targets: Finger print guarded confidential room.
Scenario: Here our target would be a finger print guarded door where only the Manager is
allowed access using his fingerprint.
Bypassing a Finger print guarded door or attacking and faking an attendance system. The
first attack would not get the cooperation of user but in the second on we could. So I will
talk about the first case, as same methodology could be used in second scenario too. First
step would be to obtain victim‟s fingerprint that could later be used to recreate a dummy
fingerprint. Human fingers have friction ridges. And there are eccrine glands that
produce natural secretion of sweat on the fingers. So there would be the Impressions of
fingerprints left behind on surface when touched. What causes the fingerprint is a very
important factor, because recreating a fingerprint form few substances only would yield
good results. Below is an image of a finger print impression caught on a glass table.
Finger Print Logger:
Finger Impression on Glass Table
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
7. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Instead of going after cups and bottles my idea here is to build a logger, a setup that could
log fingerprints when the victim logs in using the biometric machine. A traditional
Biometric sensor looks like this.
Finger Print Sensor Area: Logger is placed here
It‟s possible to place a transparent plastic cover on top of sensor and, whenever the victim
logs in his impression would be on the plastic, the authentication would take place and
later plastic could be removed and reproduced.
Refraction:
The problems we would have to face in the above procedure are refraction, refractive
index of the material we place on top of the sensor matters, as we have to maintain
stealth. Why refractive index because when light passes form one media to another other
it may also change its propagation direction [Refraction] in proportion to the refractive
index and the sensor won‟t be able to understand the distorted image and login won‟t take
place.
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
8. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
This would create suspicion. So our logger would be build using a thin transparent sheet
placed on top of an OHP sheet cut out, in order to hold it stern.
Building the logger:
Equipments needed: OHP sheets and thin transparent plastic sheet.
1) Cut out a piece of OHP sheet with approximate size of Finger print sensor
2) Cut equal piece of transparent thin plastic sheet.
3) Make a U shaped cut out on the OHP sheet piece.
4) Wrap the thin plastic on top of the U shaped cut out and logger is ready.
Fig_01 Fig_02
Fig_03 Fig_04
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
9. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
An alternative is to find a thin OHP sheet film and directly use it as the logger.
Placing the logger:
1) Make sure you are able to reach the biometric guarded door.
2) Slide in the logger into the sensor region make sure no parts of our logger sticks
out.
3) Wait for the victim to log into using his valid finger print.
4) Remove the logger and store it in a small box, now we have a valid finger print
with us.
Dig fb1_01 Dig fb1_02 Dig fb1_03
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
10. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Working of Sensors and Detection Algorithms:
Before trying to recreate the fake finger print the few points to be noted are that, the
sensors scans the image and compares it with an internal database of stored images. The
image matching is done based on few specific branches and loops at specific points. It
could also count specific ridges from one point to another building a unique pattern for
matching. There are few special points which are practically unique for all finger prints
and the scanner image matching algorithms uses the same points for detection. So the
point is. We have to take extra care at these regions (dig) when reproducing the fake
finger print. In the below mention diagrams diagram fb1_01 shows how a finger print
impression would be stored in the database of the matcher, fb1_02 show the regions that
the scanner considers when the matching is done, and fb1_03 shows the special points
which all the comparing algorithms consider in matching algorithms.
Dig fb1_ 01 Dig fb1_02 Dig fb1_03
Reproducing a Fake Finger print:
Equipments needed: Finger print powder, cello tape, light brush, a good lab with suitable
lighting to recreate the dummy.
1) Apply finger print powder and brush the obtained impression so that the powder
will stick to the fringes (dig: fb1_03).
2) Once the fringes are visible brush out the unwanted powder.
3) Lift the finer print using a cello tape form the plastic surface and you have a 2D
fake finger print.
4) For building a 3D impression, apply fevicol to the lifted finger print and allow it
to cool.
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
11. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
5) Remove the fevicol layer once it‟s set and that will give you a 3D dummy finger
print.
Dig fb1_01 Dig fb1_02
Dig fb1_03 Dig fb1_04
Dig fb1_05
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
12. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Only optical scanners were tested and the above mentioned methods worked on a few
systems with less effort, the output is directly proportional to the quality of dummy finger
print you are able to obtain.
Local Attack: USB Data Manager.
Objective: To steel sensitive information stored on the device like employee details,
employee salary details, and other confidential details of the employees.
Targets: Finger print attendance monitoring system placed at the door of your
organization.
Biometrics devices have inbuilt data storage, were it stores the Finger prints and user
information. Unlike other data sources these Biometric devices are not kept in a protected
area instead kept at building entry or other unrestricted places where they could be easily
accessed. Basically all the Biometric systems come with a USB support in order to
download and upload finger prints and other log detail to and from the device. A normal
USB dongle could be used to download data from the device. Most of the devices do not
have any sort of protection mechanism employed to prevent data theft, and those which
uses password protection often is deployed with default password. So if the attacker
could walk to the system with a USB Pen drive then he would be able to copy all the
data. Data includes employee personal information, finger prints, time they logged in and
other sensitive information. I have gathered and listed commonly used devices default
password.
Dig fb1_ Dig fb1_
[Videos Added]
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
13. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Biometrics: The Technical part:
Remote Attack: The attack vectors.
Biometric System 1 Biometric System 2
UDP/ TCP Switch UDP/TCP
DB
Admin
Biometric Admin Interface/Data Base Biometric Server
Uses of remote management
Upload / Download logs
Manage add users to the Biometric system
Fb1
This would be the basic architecture of an IP based remote management protocol of these
systems.
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
14. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
So here the attack points would be as follows,
1) IP implementation for data transfer
2) Biometric Management Servers
3) Biometric Admin/Interface (Web Based and Desktop based )
4) Back end Database
5) Man In The Middle Attacks
The attacks would be as follows:
IP implementation for data transfer:
The following implementation on the MIPS is used for remotely administrating the
biometric devices. An IP stack would be there in the MIPS that would allow users to
query the biometric system and extract and add information on to device. A GUI program
would be there in the back end that is authenticated to manage these devices. There
would be a back end database also, that holds all the information‟s about the employees
including the salary there attendance and a lot other information. So another way of
hacking the biometrics would be to hack these implementations.
This is implemented on the Biometric hardware MIPS, most of the devices use UDP for
remotely managing the devices. UDP itself makes it vulnerable for many attacks.
Authentication
Biometric Device
ADMIN
GUI
Admin Program
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
15. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
The remote administration capability of this device lets biometric servers to authenticate
to it and manage remotely. So our primary check should be on this authentication
procedure. How the authentication is implemented on the MIPS device.
We are completely unaware of the authentication mechanism used as the program is
embedded in the Biometric MIPS device. Sniffing network traffic and analyzing the
packets work, but the device communicates to the server only when initiated, and it
would be weekly or monthly. So the chance of getting an output out of that is limited.
Solution: The admin application knows everything about the remote device so if we could
get a copy of that application it will tell us everything we want. We could analyze the
authentication mechanism, database configuration, and the commands to communicate to
these devices. Let‟s move forward with a live example.
Scenario: Attacking the remote management protocol of Biometric device.
Situation: The remote administration implementation is unknown.
Foot printing: The label on the Biometric device will reveal which company has marketed
or build that product.
Device vendor name
My Attack Methodology: Example Attack, “Basic for all systems”
Information Gathering: So a visit to the company‟s website reveals that company sells
biometric products and could find links to user manual. Site also provides link to the
application that is used to manage the devices remotely. So download a copy of the
application and we are done with phase one.
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
16. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Reverse Engineering the Application to extract the commands:
The current application is built in .Net C#, so „refelector‟ would be the right choice for
disassembling, we will have to deal with the same scenario in all the cases, languages
will vary so as the dissemblers.
The preliminary analysis revealed the Port the device use to communicate and also
information about the database settings and password files. A detailed analysis show the
algorithm embedded in Biometric device. It is possible to retrieve the commands to
interact with the system too.
TCP/IP communication details:
Now the communication methodology of the remote biometric device is clear from the
above analysis. The system uses UDP for communication on port 4370.Further analysis
on a COM object gave idea about the device communication commands and the import
library which handles all the administrative tasks. We also could find information about
the firmware and detection algorithm used on the hardware.
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
17. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Export Table of COM object.
Analyzing that Object gives all the list of all necessary commands needed to
communicate with the Device. IDA was used for dissembling. These function calls very
well explain the possibility of things that you could do on the remote device, functions
include remotely shutting down the device to uploading a new user and finger print. So
next step would be is to extract the commands. Once we have extracted enough
information about the device it would be possible for us to recreate the communication
and attack the device directly. And example code is as follows.
Code to set the language on device was as follows:
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
18. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Hence the device managing software‟s would act as a RFC for the unknown protocol we
are gone deal with.
Formatted command that were extracted from the application:
Conclusion:
1) It‟s possible to extract the data communication protocol and commands the
remote devices use from the management software‟s.
2) The remote application act as an RFC to the unknown protocol providing with
everything we want.
Auditing Back End Database
As the Database is more critical and more vulnerable to attack, a check on these would
also yield good output. It‟s possible to get a lot of info about were the data base
credentials are saved and all form the remote management software. An analysis of the
current product reveled the Managing server data base password file and the encryption
key details.
Local database Password file and Encryption Key hard coded.
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
19. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Conclusion:
1) And from every managing application we would be able to extract these
information‟s.
2) Most of the times the database password would be left default only.
3) Other database audit checks could also be done.
Biometric Admin/Interface (Web Based and Desktop based )
Another possible point of attacks are on the admin interface, these are either desktop
based or Web based. Desktop based applications are common and the possible chances to
interact with them require local privileges on the Biometric server. But web based admin
panels could be attacked form outside. So an application check on those modules could
also get u those data.
Detecting Biometric Devices on Network:
How to identify these devices?
We been discussing about the possible ways of hacking into Biometric device remotely,
but the question would be how do we detect these on the network among the many other
computers and devices. So only if we could spot the remote IP address of these devices,
then only we could use the above mention attacks on them. That‟s something to think
about. In order to get past that issue I have built an Nmap script that could scan a subnet
and spot Biometric MIPS. Currently it‟s capable of spotting majority of the devices. The
scanner has got an inbuilt list of finger print biometric systems and algorithms embedded
so using this we would be able to spot the devices.
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
20. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Biometric_Scanner.nse Script Output:
Attacking the Device
Now as we know the device IP address Port used and communication commands we
could try to build custom UDP packets and interact with the device as were not able to
detect any authentication on the device. The device was program to any commands. So
this vulnerability makes it‟s possible for an attacker to connect to the device and retrieve
any information and manipulate data.
Python Scapy was used to build custom UDP commands and successfully interacted with
the device.
Scapy Interacting with Device:
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
21. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
UDP Packets:
The attack worked and the device was responding to the command without any
authentication.
Sniffed data using Wireshark:
The vulnerability allowed the attacker to Download, Upload new users and there Finger
Prints. So it was possible for the attacker to add new users as a back door to the device.
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
22. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
Sniffed Traffic Showing Employee Details:
: Videos | Code | Ppt | Html:
Part 1: http://www.garage4hackers.com/entry.php?103-Penetration-Testing-
Biometric-System-Part-1-Local-Attacks
Video + Part 2: http://www.garage4hackers.com/entry.php?105-Penetration-Testing-
Biometric-System-Part-II-Remotel-Attacks
PPT: http://www.fb1h2s.com/nullcon-Presentation-Hacking_biometrics.rar
PDF version: http://www.fb1h2s.com/Null_Biometrics.pdf
Conclusion:
The procedure to successfully Pen-Test a biometric device has been explained. The paper
clearly explains the necessity to add Bio-metrics devices to the scope of a network audit
and the necessary care that has to be ensured on such devices.
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks
23. A Garage for Hackers http://www.Garage4Hackers.com and Security Professionals
References:
http://atvs.ii.uam.es/files/2007_SWB_VulnerabilitiesRecentAdvances_Galbally.pdf
http://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Presentation/bh-eu-
08-alonso-parada.pdf
http://www.blackhat.com/presentations/bh-europe-08/Lewis/Presentation/bh-eu-08-
lewis.pdf
http://www.blackhat.com/presentations/bh-europe-08/Lewis/Whitepaper/bh-eu-08-lewis-
WP.pdf
http://www.neurotechnology.com/download/NCheck_Finger_Attendance_Brochure_201
0-08-30.pdf
http://www.jkconsultancy.in/
Greetz to: B0Nd,Eberly,Wipu,Neo,Vinnu,prashant(null),sud0,Sagar,rohith,Nishant, atul, r4scal,
SmartKD, beenu, d4rkdawn,pk and all Null Members and AH members
Special Thanks to: the_empty, 41w4rior, d4rkest, Abishek Dutta, w3bdevil,
http://www.garage4hackers.com/entry.php?103-Penetration-Testing-Biometric-System-Part-1-Local-Attacks