Bart Leppens gave a presentation on the Browser Exploitation Framework (BeEF). He discussed BeEF's architecture, how it hooks browsers, its module and extension system, and live demonstrations of information gathering, exploitation, and using BeEF with Metasploit. He also covered topics like inter-protocol communication, exploiting protocols like ActiveFax, and porting BeEF bind shellcode to Linux. The talk provided an overview of BeEF's capabilities and real-world attack scenarios.
Magento and Continuous Integration - Damian LuszczymakMeet Magento Spain
Magento and Continuous Integration, what you can do ! How you can use CI Systems with Magento and how to start.
I show you one possible way to introduce this in small company's or even for your private project without much money.
Continuous Integration and Deployment Patterns for MagentoAOE
Fabrizio Branca (@fbrnc) speaking about "Continuous Integration and Deployment Patterns for Magento" at the Meet Magento Conference 2015 in New York City (#mm15ny)
When you don't have 0days: client-side exploitation for the massesMichele Orru
Conference: InsomniHack (21 March 2014)
Talk speakers:
Michele Orru (@antisnatchor)
Krzysztof Kotowicz (@kkotowicz)
Talk abstract:
A bag of fresh and juicy 0days is certainly something you would love to get
as a Christmas present, but it would probably be just a dream you had one of those drunken nights.
Hold on! Not all is lost! There is still hope for pwning targets without 0days.
We will walk you through multiple real-life examples of client-side pwnage, from tricking the victim to take the bait, to achieving persistence on the compromised system.
The talk will be highly practical and will demonstrate how you can do proper client-side exploitation effectively, simply by abusing existing functionalities of browsers, extensions, legacy features, etc.
We'll delve into Chrome and Firefox extensions (automating various repetitive actions that you'll likely perform in your engagements), HTML applications, abusing User Interface expectations, (Open)Office macros and more. All the attacks are supposed to work on fully patched target software, with a bit of magic trickery as the secret ingredient.
You might already know some of these exploitation vectors, but you might need a way to automate your attacks and tailor them based on the victim language, browser, and whatnot. Either way, if you like offensive security, then this talk is for you.
Magento and Continuous Integration - Damian LuszczymakMeet Magento Spain
Magento and Continuous Integration, what you can do ! How you can use CI Systems with Magento and how to start.
I show you one possible way to introduce this in small company's or even for your private project without much money.
Continuous Integration and Deployment Patterns for MagentoAOE
Fabrizio Branca (@fbrnc) speaking about "Continuous Integration and Deployment Patterns for Magento" at the Meet Magento Conference 2015 in New York City (#mm15ny)
When you don't have 0days: client-side exploitation for the massesMichele Orru
Conference: InsomniHack (21 March 2014)
Talk speakers:
Michele Orru (@antisnatchor)
Krzysztof Kotowicz (@kkotowicz)
Talk abstract:
A bag of fresh and juicy 0days is certainly something you would love to get
as a Christmas present, but it would probably be just a dream you had one of those drunken nights.
Hold on! Not all is lost! There is still hope for pwning targets without 0days.
We will walk you through multiple real-life examples of client-side pwnage, from tricking the victim to take the bait, to achieving persistence on the compromised system.
The talk will be highly practical and will demonstrate how you can do proper client-side exploitation effectively, simply by abusing existing functionalities of browsers, extensions, legacy features, etc.
We'll delve into Chrome and Firefox extensions (automating various repetitive actions that you'll likely perform in your engagements), HTML applications, abusing User Interface expectations, (Open)Office macros and more. All the attacks are supposed to work on fully patched target software, with a bit of magic trickery as the secret ingredient.
You might already know some of these exploitation vectors, but you might need a way to automate your attacks and tailor them based on the victim language, browser, and whatnot. Either way, if you like offensive security, then this talk is for you.
Abstract:
Secure code practices, system hardening, due diligence and due care principles are paramount in mitigating application level DoS attacks. These attacks often result in significant damage against unprepared and vulnerable organisations.
The intent of this talk is to help organisations in strengthening their security posture against such attacks. The talk will explore most common application level DoS attacks and will provide recommendations for protecting applications, detecting attacks and how to react under stressful conditions.
Web browsers have become part of everyday life, and are relied upon by millions of internet citizens each day. The feature rich online world has turned the once simple web browser into a highly complex (and very often insecure) desktop application.
As browser vendors have extended functionality and support to new technologies, security researchers and hackers are continuously looking for new vulnerabilities. In this talk, Roberto and Scott will share results of their assiduous browser bug hunting. The talk will examine techniques used to discover critical and less severe vulnerabilities in some of the most popular browsers on the market.
This talk will focus heavily (but not exclusively) on the following areas:
- Memory corruption bugs;
- New approaches to DOM fuzzing;
- Old school techniques against new browser technology;
- Cross Context Scripting and injection attacks;
- SOP Bypass;
The presentation will conclude with a montage of on-stage demonstrations of previously unreleased vulnerabilities, including remote code execution, injections and other tailored browser exploits.
In this session we show how to organize Magento projects using Version control and how to have a full development and deployment process in place to assure highest quality with many developers involved and teams spread over different continents. This talk covers how to run a continuous integration pipeline that takes care of testing various aspects of the webshop (unit tests, acceptance tests, performance test,…). Covers: Continuous integration, automation, Vagrant/Chef, Testing pipeline, unit/acceptance/performance tests, monitoring, deployment workflows, development best practices
Mark Wodrich, Microsoft
Jasika Bawa, Microsoft
In the Windows 10 Fall Creators Update, we introduced Windows Defender Exploit Guard (WDEG)—a feature suite that enables you to reduce the attack surface of applications while allowing you to balance security with productivity in a realistic manner. With WDEG's smart attack surface reduction (ASR) rules and exploit protection, we are looking to provide security hardening for popularly used applications without losing sight of the complex environments being managed in most organizations. But what are these security hardening options? And how do we anticipate they will be put to work?
In this talk, we will discuss why and how we embarked upon the WDEG journey, starting all the way from our passionate Enhanced Mitigation Experience Toolkit (EMET) customers, through the conception of the WDEG feature set, to the internal mechanics behind the rich set of protections it offers. We will also demonstrate how WDEG's smart ASR rules and exploit mitigation settings can be used to reduce the likelihood of exploitation of commonplace legacy applications, now directly from Windows 10.
Cross Context Scripting (XCS) is a type of XSS (Cross Site Scripting) injection which occurs from an untrusted zone, typically a web page on the Internet into the context of a trusted browser zone.
XSS injection in a trusted browser zone can be 'lethal', as injected payload runs as privileged code. No SOP (Same-Origin Policy) restrictions are enforced and direct interfacing with the underlying OS is possible.
To exploit such bugs, there is no need to use ROP gadgets, spray the heap or attempt other complex techniques. At the opposite, only few elements are required for a successful exploit, such as the right injection point and a tailored exploit payload.
This presentation will examine XCS in details and will provide a demonstration of XCS exploits of both unpatched and patched vulnerabilities in Firefox, Opera, Maxthon and Avant browsers.
Continuous Development and Deployment: Workflows and PatternsAOE
Presentation by Fabrizio Branca at the Jenkins User Conference 2015 in Santa Clara, California
This talk provides a closer look into processes from collaboratively writing code, having it tested automatically and deployed it in a safe and efficient way to multiple server with a push of a button. Learn how to setup solid workflows covering both automated steps for builds, unit and selenium testing as well as manually triggered steps for approval and automated deployments to AWS. Find out how to structure your web project and learn about the underlying deployment patterns.
Vorlon.js is a tools which helps you debug your web projects. This is mainly designed for web on mobile debugging but you can use it in many other ways.
I got 99 trends and a # is all of them or How we found over 100 200+ RCE vulnerabilities in Trend Micro software.
Presentation released at Hack In The Box 2017 Amsterdam, by Roberto Suggi Liverani @malerisch and Steven Seeley @steventseeley.
For more information, please visit: http://blog.malerisch.net or http://srcincite.io
Abstract:
Secure code practices, system hardening, due diligence and due care principles are paramount in mitigating application level DoS attacks. These attacks often result in significant damage against unprepared and vulnerable organisations.
The intent of this talk is to help organisations in strengthening their security posture against such attacks. The talk will explore most common application level DoS attacks and will provide recommendations for protecting applications, detecting attacks and how to react under stressful conditions.
Web browsers have become part of everyday life, and are relied upon by millions of internet citizens each day. The feature rich online world has turned the once simple web browser into a highly complex (and very often insecure) desktop application.
As browser vendors have extended functionality and support to new technologies, security researchers and hackers are continuously looking for new vulnerabilities. In this talk, Roberto and Scott will share results of their assiduous browser bug hunting. The talk will examine techniques used to discover critical and less severe vulnerabilities in some of the most popular browsers on the market.
This talk will focus heavily (but not exclusively) on the following areas:
- Memory corruption bugs;
- New approaches to DOM fuzzing;
- Old school techniques against new browser technology;
- Cross Context Scripting and injection attacks;
- SOP Bypass;
The presentation will conclude with a montage of on-stage demonstrations of previously unreleased vulnerabilities, including remote code execution, injections and other tailored browser exploits.
In this session we show how to organize Magento projects using Version control and how to have a full development and deployment process in place to assure highest quality with many developers involved and teams spread over different continents. This talk covers how to run a continuous integration pipeline that takes care of testing various aspects of the webshop (unit tests, acceptance tests, performance test,…). Covers: Continuous integration, automation, Vagrant/Chef, Testing pipeline, unit/acceptance/performance tests, monitoring, deployment workflows, development best practices
Mark Wodrich, Microsoft
Jasika Bawa, Microsoft
In the Windows 10 Fall Creators Update, we introduced Windows Defender Exploit Guard (WDEG)—a feature suite that enables you to reduce the attack surface of applications while allowing you to balance security with productivity in a realistic manner. With WDEG's smart attack surface reduction (ASR) rules and exploit protection, we are looking to provide security hardening for popularly used applications without losing sight of the complex environments being managed in most organizations. But what are these security hardening options? And how do we anticipate they will be put to work?
In this talk, we will discuss why and how we embarked upon the WDEG journey, starting all the way from our passionate Enhanced Mitigation Experience Toolkit (EMET) customers, through the conception of the WDEG feature set, to the internal mechanics behind the rich set of protections it offers. We will also demonstrate how WDEG's smart ASR rules and exploit mitigation settings can be used to reduce the likelihood of exploitation of commonplace legacy applications, now directly from Windows 10.
Cross Context Scripting (XCS) is a type of XSS (Cross Site Scripting) injection which occurs from an untrusted zone, typically a web page on the Internet into the context of a trusted browser zone.
XSS injection in a trusted browser zone can be 'lethal', as injected payload runs as privileged code. No SOP (Same-Origin Policy) restrictions are enforced and direct interfacing with the underlying OS is possible.
To exploit such bugs, there is no need to use ROP gadgets, spray the heap or attempt other complex techniques. At the opposite, only few elements are required for a successful exploit, such as the right injection point and a tailored exploit payload.
This presentation will examine XCS in details and will provide a demonstration of XCS exploits of both unpatched and patched vulnerabilities in Firefox, Opera, Maxthon and Avant browsers.
Continuous Development and Deployment: Workflows and PatternsAOE
Presentation by Fabrizio Branca at the Jenkins User Conference 2015 in Santa Clara, California
This talk provides a closer look into processes from collaboratively writing code, having it tested automatically and deployed it in a safe and efficient way to multiple server with a push of a button. Learn how to setup solid workflows covering both automated steps for builds, unit and selenium testing as well as manually triggered steps for approval and automated deployments to AWS. Find out how to structure your web project and learn about the underlying deployment patterns.
Vorlon.js is a tools which helps you debug your web projects. This is mainly designed for web on mobile debugging but you can use it in many other ways.
I got 99 trends and a # is all of them or How we found over 100 200+ RCE vulnerabilities in Trend Micro software.
Presentation released at Hack In The Box 2017 Amsterdam, by Roberto Suggi Liverani @malerisch and Steven Seeley @steventseeley.
For more information, please visit: http://blog.malerisch.net or http://srcincite.io
D2 t2 steven seeley - ghost in the windows 7 allocator_mr_me
I presented "Ghost in the Allocator" at Hack In The Box Amsterdam, 2012.
I demonstrated a new technique/variation for exploitation against the Windows 7 heap manager that abuses the allocation offset mechanism. Additionally, I also presented a likely attack technique against the consumer preview version of the Windows 8 heap manager.
As @nicowaisman mentioned in his talk Aleatory Persistent Threat, old school heap specific exploiting is dying. And with each windows SP or new version, is harder to attack heap itself. Heap management adapt quickly and include new mittigation techniques. But sometimes is better to rethink the idea of mittigation and do this technique properly even half version of it will cover all known heap exploit techniques…
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
Microsoft's web browsers, Internet Explorer and Edge, have a feature called 'XSS filter' built in which protects users from XSS attacks. In order to deny XSS attacks, XSS filter looks into the request for a string resembling an XSS attack, compares it with the page and finds the appearance of it, and rewrites parts of the string if it appears in the page. This rewriting process of the string - is this done safely? The answer is no. This time, I have found a way to exploit XSS filter not to protect a web page, but to create an XSS vulnerability on a web page that is completely sane and free of XSS vulnerability. In this talk, I will describe technical details about possibilities of XSS attacks exploiting XSS filter and propose what website administrators should do to face this XSS filter nightmare.
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
New Methods in Automated XSS Detection & Dynamic Exploit CreationKen Belva
This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make Cross-Site Scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015. All Material and Methods Patent Pending Globally. All Rights Reserved.
Please visit: http://xssWarrior.com
SSRF vs. Business-critical applications. XXE tunneling in SAPERPScan
Any information an attacker might want is stored in a company’s ERP. This information can include financial, customer or public relations, intellectual property, personally identifiable information and more. Industrial espionage, sabotage and fraud or insider embezzlement may be very effective if targeted at the victim’s ERP system and cause significant damage to the business.
The presentation describes the history of SSRF attack, or Server Side Request Forgery, its types and different kinds of attacks on SAP.
libinjection: from SQLi to XSS by Nick GalbreathCODE BLUE
libinjection was introduced at Black Hat USA 2012 to quickly and accurately detect SQLi attacks from user inputs. Two years later the algorithm has been used by a number of open-source and proprietary WAFs and honeypots. This talk will introduce a new algorithm for detecting XSS. Like the SQLi libinjection algorithm, this does not use regular expressions, is very fast, and has a low false positive rate. Also like the original libinjection algorithm, this is available on GitHub with free license.
Nick Galbreath
Nick Galbreath is Vice President of Engineering at IPONWEB, a world leader in the development of online advertising exchanges. Prior to IPONWEB, his role was Director of Engineering at Etsy, overseeing groups handling security, fraud, security, authentication and other enterprise features. Prior to Etsy, Nick has held leadership positions in number of social and e-commerce companies, including Right Media, UPromise, Friendster, and Open Market. He is the author of ""Cryptography for Internet and Database Applications"" (Wiley). Previous speaking engagements have been at Black Hat, Def Con, DevOpsDays and other OWASP events. He holds a master's degree in mathematics from Boston University and currently resides in Tokyo, Japan.
In 2013
- LASCON http://lascon.org/about/, Keynote Speaker Austin, Texas USA
- DevOpsDays Tokyo, Japan
- Security Development Conference (Microsoft) San Francisco, CA, USA
- DevOpsDays Austin, Texas, USA
- Positive Hack Days http://phdays.com, Moscow Russia
- RSA USA, San Francisco, CA, speaker and panelist
In 2012
- DefCon
- BlackHat USA
- Others
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...CODE BLUE
Electron is a framework to create the desktop application on Windows,OS X, Linux easily, and it has been used to develop the popular applications such as Atom Editor, Visual Studio Code, and Slack.
Although Electron includes Chromium and node.js and allow the web application developers to be able to develop the desktop application with accustomed methods, it contains a lot of security problems such as it allows arbitrary code execution if even one DOM-based XSS exist in the application. In fact, a lot of vulnerabilities which is able to load arbitrary code in applications made with Electron have been detected and reported.
In this talk, I focus on organize and understand the security problems which tend to occur on development using Electron.
--- Yosuke Hasegawa
Secure Sky Technology Inc, Technical Adviser. Known for finding numerous vulnerablities in Internet Explorer、Mozilla Firefox and other web applications.He has also presented at Black Hat Japan 2008, South Korea POC 2008, 2010 and others.
OWASP Kansai Chapter Leader, OWASP Japan Board member.
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Mario Heiderich
The clipboard is one of the most commonly used tools across operating systems, window managers and devices. Pressing Ctrl-C and Ctrl-V has become so fundamentally important to productivity and usability that we cannot get rid of it anymore. We happily and often thoughtlessly copy things from one source and paste them into another. URLs into address-bars, lengthy commands into console windows, text segments into web editors and mail interfaces. And we never worry about security when doing so. Because what could possibly go wrong, right?
But have we ever asked ourselves what the clipboard content actually consists of? Do we really know what it contains? And are we aware of the consequences a thoughtless copy&paste interaction can have? Who else can control the contents of the clipboard? Is it really just us doing Ctrl-C or is there other forces in the realm who are able to infect what we believe to be clean, who can desecrate what we trust so blindly that we never question or observe it?
This talk is about the clipboard and the technical details behind it. How it works, what it really contains – and who can influence its complex range of contents. We will learn about a new breed of targeted attacks, including cross-application XSS from PDF, ODT, DOC and XPS that allow to steal website accounts faster than you can click, turn your excel sheet into a monster and learn about ways to smuggle creepy payload that is hidden from sight until it executes. Oh, and we’ll also see what can be done about that and what defensive measures we achieved to create so far.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
In our recent work we targeted also win32k, what seems to be fruit giving target. @promised_lu made our own TTF-fuzzer which comes with bunch of results in form of gigabytes of crashes and various bugs. Fortunately windows make great work and in February most of our bugs was dead - patched, but not all of them…
Whats left were looking as seemingly unexploitable kernel bugs with ridiculous conditions. We decided to check it out, and finally combine it with our user mode bug & emet bypass. Through IE & flash we break down system and pointed out at weak points in defensive mechanism.
In this talk we will present our research dedicated for pwn2own event this year. We will describe kernel part of exploit in detail*, including bug description, resulting memory corruption conditions & caveats up to final pwn via one of our TTF bugs.
Throughout the talk we will describe how to break various exploit mitigations in windows kernel and why it is possible. We will introduce novel kernel exploitation techniques breaking all what stands { KASLR, SMEP, even imaginary SMAP or CFG } and bring you SYSTEM exec (from kernel driver to system calc).
* unfortunately bug was not fixed at the time of talk, so we do not exposed details about TTF vulnerability, and we skipped directly to some challenges during exploitation, and demonstrate how OS design can overpower introduced exploit mitigations.
If You Tolerate This, Your Child Processes Will Be NextBart Leppens
Presentation given by Bart Leppens at Belgian OWASP chapter on 17th december 2013. This preso talks about BeEF, IPC and IPE. Web-browser exploiting internal network services and Cross-Site Faxing (XSF).
(phpconftw2012) PHP as a Middleware in Embedded Systemssosorry
It is used by sosorry at PHPConf Taiwan 2012. In this presentation, we will see that why we need a middleware in embedded systems, and how PHP can play this role. Besides, some tasks about architecture design, porting libraries, development & debug, and performance tunning would be included.
How to build a tool for operating Flink on KubernetesAndreaMedeghini
Operating Flink on Kubernetes can be challenging. Which products are available? Do we need to build our own tool? Which tool do we need? How do we build it? This presentation provides some ideas how to build a Flink Operator and it contains a link to a proof of concept available on GitHub
Setting up a local development environment is an integral part of the start of any web-project.
In the report, I will share with you the challenges our team encountered during the existence of the project and the ways in which they are solved.
We will go from local installation to the workstation through VirtualBox, Vagrant + Chef and Docker-compose.
Join, it will be interesting!
Presentation given by Sid at Wise TechTalks
Watch the replay: http://cs.co/90028vTty
You have heard of NETCONF, YANG, Python, and REST. However, do you really understand what they can do for your business, network, and networking career?
Learn how you can create apps that automate operations, consume network telemetry, and control network resources with minimal programming experience.
Resources:
Watch the New Era of Networking playlist: http://cs.co/90058sI1U
Readactor-Practical Code Randomization Resilient to Memory Disclosurech0psticks
This is NOT the official slides!! Just a paper reading summary presented in our security research group.
Readactor----paper published on S&P(Oakland)2015.
Abstract: Code-reuse attacks such as return-oriented pro- gramming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging. One line of defense builds upon fine-grained code diversification to prevent the adversary from constructing a reliable code-reuse attack. However, all solutions proposed so far are either vulnerable to memory disclosure or are impractical for deployment on commodity systems.
In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks. We distinguish between direct memory disclosure, where the attacker reads code pages, and indirect memory disclosure, where attackers use code pointers on data pages to infer the code layout without reading code pages. Unlike previous work, Readactor resists both types of memory disclosure. Moreover, our technique protects both statically and dynamically generated code. We use a new compiler-based code generation paradigm that uses hardware features provided by modern CPUs to enable execute-only memory and hide code pointers from leakage to the adversary. Finally, our extensive evaluation shows that our approach is practical—we protect the entire Google Chromium browser and its V8 JIT compiler—and efficient with an average SPEC CPU2006 performance overhead of only 6.4%.
Embedded Recipes 2019 - Testing firmware the devops wayAnne Nicolas
ITRenew is selling recertified OCP servers under the Sesame brand, those servers come either with their original UEFI BIOS or with LinuxBoot. The LinuxBoot project is pushing the Linux kernel inside bios flash and using userland programs as bootloader.
To achieve quality on our software stack, as any project, we need to test it. Traditional BIOS are tested by hand, this is 2019 we need to do it automatically! We already presented the hardware setup behind the LinuxBoot CI, this talk will focus on the software.
We use u-root for our userland bootloader; this software is written in Go so we naturally choose to use Go for our testing too. We will present how we are using and extending the Go native test framework `go test` for testing embedded systems (serial console) and improving the report format for integration to a CI.
Julien Viard de Galbert
Open Source Development
Building your own Custom Firefox (or LibreOffice/OpenOffice)
from the Nightly or Developer Source Code
GIT / Mercurial (code sharing / version control)
What's new in HTML5 and JavaScript 2015
ECMAScript 2015 (ES6)
const, class, let, for of, function*, import
JavaOne 2015 : How I Rediscovered My Coding Mojo by Building an IoT/Robotics ...Mark West
Is your project dragging you down? Are you stuck with the same old technologies? Are you bored with coding? If you answer “yes” to any of these questions, you may have lost your coding mojo—just like this session’s speaker did a few years back. Come hear how he learned new technologies and rediscovered his coding mojo by building an IoT/robotics prototype: a voice-controlled robot. Along the way, you’ll hear about HTML5 speech recognition, controlling hardware with Node.js and Johnny-Five, using WebSocket and MQTT for communication between components, and finally how you can easily combine the Raspberry Pi and Arduino platforms to gain ultimate power over your own projects.
Similar to Owasp AppSecEU 2015 - BeEF Session (20)
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
2. whoami
Bart Leppens
● BeEF developer (since may 2012)
● Ported BeEF Bind shellcode to Linux
● Smashing the stack for FUN
@bmantra In
3. Disclaimer
● The views and opinions expressed here are my own and
do not necessarily represent those of my employer
● My employer has absolutely nothing to do with anything
related to BeEF
● I’m not speaking in the representation of my company
4. What the talk?
● BeEF: Browser Exploitation Framework
○ architecture
○ modules
○ extensions
● … live demos and videos
5. BeEF: Browser Exploitation Framework
● Professional security tool
● Focus on client side attack vectors
● Real attack scenarios
● v1.0 by Wade Alcorn
http://beefproject.comhttps://github.com/beefproject/beef
6. BeEF: Live CD
● https://github.
com/beefproject/beef/wiki/BeEF-
Live-CD
● Ubuntu 12.04 LTS
● Ruby 1.9.3p194
● Metasploit and sqlmap
8. BeEF: Hook a Browser
Inject the javascript hook to the DOM
● Cross-site Scripting
● MiTM
● Controlling DNS
● Social Engineering
● … be creative ;)
9. BeEF: Polling
● Once the browser is hooked, the browser
will ‘poll’ BeEF for new JavaScript
payloads to execute
● When a payload is found, the browser will
execute it
10. BeEF: A Whole Lot Of Modules
● Many different purposes
○ Information gathering
○ Social Engineering
○ Network Discovery
○ ...
● Easy to extend with your own modules
● Complex scenarios with RestFul API
http://beefproject.comhttps://github.com/beefproject/beef
12. BeEF: config.yaml
Provides basic information
● name of author
● category
● working browsers
● determines if module is enabled
http://beefproject.comhttps://github.com/beefproject/beef
15. BeEF: Sesame Magic Browser
“Internal server vulnerabilities are sitting there bored and lonely”
- Michele Orru` // ”ActiveFax, you look very bored” - Bart Leppens
19. BeEF: GlassFish XSRF
● REST CSRF in GlassFish 3.1.1 (build 12)
● Bug FOUND by Roberto Suggi Liverani
● According to ORACLE the 3th most critical
bug ever in SUN products
● Demo (fingerprint + exploit)
20. BeEF: CookieJar overflow
● JavaScript cannot modify HTTPOnly-cookies
● John Wilander overflowed the CookieJar
● Recreate those cookies
● Demo
21. BeEF: Autorun
● launch modules automatically on new
hooked browsers
● edit config.yaml set autorun: true in
each module
● limitation => used with default parameters
22. BeEF: RESTful API
Scripting BeEF through HTTP/JSON requests
● token parameter must be always added to
requests
● GET or POST
● Automate advanced attacks automatically
23. BeEF: RESTful API
Authentication
● Post credentials to /api/admin/login
● return authentication token
● e.g. curl -H "Content-Type:
application/json" -X POST -d
'{"username":"beef", "password":"beef"}'
http://127.0.0.1:3000/api/admin/login
24. BeEF: RESTful API
Hooked Browsers
● GET to /api/hooks
● return online/offline hooked browsers
● e.g. curl http://127.0.0.1:
3000/api/hooks?token=[token]
25. BeEF: RESTful API
Browser Details
● GET to /api/hooks/:session
● Information on the hooked browser
● e.g. curl http://127.0.0.1:
3000/api/hooks/[session]?token=[token]
26. BeEF: RESTful API
List Command Modules
● GET to /api/modules
● e.g. curl http://127.0.0.1:
3000/api/modules?token=[token]
27. BeEF: RESTful API
Informations on a specific module
● GET to /api/modules/:module_id
● e.g. curl http://127.0.0.1:
3000/api/modules/[module_id]?token=
[token]
28. BeEF: RESTful API
Launch a command on a specific browser
● POST to /api/modules/:session/:module_id
● e.g. curl -H "Content-Type:
application/json; charset=UTF-8" -d
'{"question":"wtf?"}' -X POST http://127.
0.0.1:3000/api/modules/[session]/
[module]?token=[token]
29. BeEF: RESTful API
Return information about the command module
previously executed
● GET to /api/modules/:session/:mod_id/:
cmd_id
● e.g. curl http://127.0.0.1:
3000/api/modules/[session]/[module_id]/
[cmd_id]?token=[token]
30. BeEF: RESTful API
A whole lot more:
● control BeEF DNS rules
● Access Logs
● ...
Refer to the BeEF Wiki: https://github.
com/beefproject/beef/wiki/BeEF-RESTful-API
31. BeEF: Console
Console is a BeEF extension
● metasploit-like console
● should be enabled in the main config.
yaml
● control hooked browsers
32. BeEF: Metasploit integration
Console is a BeEF extension
● should be enabled in the main config.
yaml
● should be configured in
extentions/metasploit/
● msfrpcd can be launched automatically
from within BeEF :-)
33. IPC: Inter-Protocol Communication
● Initial research by Wade Alcorn in 2006/2007
● “Tolerant” protocol implementation that does
not drop the client connection after N errors
● A properly encoded POST request can be
send to the target:
○ HTTP Headers are parsed as BAD COMMANDS
○ HTTP request body is parsed as VALID
COMMANDS (or as SHELLCODE)
34. IPC: Limitations
● Some ports are banned by the Browser (e.g.
21,25,110,..)
● Content-Type: text/plain or multipart/form-
data
● Doesn’t work well with binary protocols =>
often not that tolerant
35. IPC: ActiveFax Server
● Extended research done in 2013 by Michele
Orru` & myself
● Widely used Fax solution
● Manual suggest port 3000 for RAW socket
● Protocol is very tolerant
● Commands are formatted as: @Fxxx data@
36. IPC: ActiveFax Server (example message)
Sender...................... Bart Leppens, +1 11 112233-25
Recipient 1............... OWASP Belgium, Fax: 016 123456
Subject..................... IPC is cool
Priority...................... Very High
@F101 Bart Leppens@@F110 +1 11 112233-25@
@F201 OWASP Belgium@@F211 016 123456@
@F307 IPC is cool@
@F301 1@
37. IPC: ActiveFax Server (XHR)
var xhr = new XMLHttpRequest();
var uri = "http://x.x.x.x:3000/";
xhr.open("POST", uri, true);
xhr.setRequestHeader("Content-Type", "text/plain");
var post_body = "@F101 Bart Leppens@@F110 +1 11 112233-
25@@F201 OWASP Belgium@@F211 016 123456@@F307 IPC is
cool@@F301 1@";
xhr.send(post_body);
38. IPC: ActiveFax Server (XHR)
POST / HTTP/1.1
Host: 127.0.0.1:3000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101
Firefox/24.0
..
Content-Type: text/plain; charset=UTF-8
Cache-Control: no-cache
@F101 Bart Leppens@@F110 +1 11 112233-25@@F201 OWASP
Belgium@@F211 016 123456@@F307 IPC is cool@@F301 1@
40. IPC: ActiveFax Server (Time-out)
The ActiveFax RAW socket takes 60 seconds to time-out.
We can fix that! 2 seconds is more then enough to send a FAX over a
LAN network:
xhr = new XMLHttpRequest();
..
xhr.send(post_body);
setTimeout(function(){xhr.abort()}, 2000);
42. BeEF: NAT Pinning
● Samy Kamkar in 2010
● Trick user to visit page
● Access port on internal network (via IPC)
● Connection Tracking must be enabled
● not only routers, IPTables with connection
tracking works as well
44. IPE: Inter-Protocol Exploitation
● Research by Wade Alcorn (extension of IPC)
● Extended research in 2012 by Michele Orru`
○ QualCOMM WorldMail IMAP 3.0
● More research in 2013 by Michele & myself
○ ActiveFax Server
45. IPE: Inter-Protocol Exploitation
● Need to send binary data
○ sendAsBinary (FF, Chrome)
● Same restrictions: tolerance, blocked ports
● More restrictions: header space, bad chars
46. IPE: ActiveFax 5.01 RAW Server Exploit
● bug found by Craig Freyman
● @F506 crashes after 1024 bytes
● Many bad characters:
○ 0x00 -> 0x19
○ 0x40 (@)
● PoC modified to use IPE
49. BeEF Bind Shellcode
● Shellcode written by Ty Miller (Win32)
● Allows communication from the browser to a
shell
○ Commands are proxied back and forth through the
browser to cmd.exe
○ Stage is delivered through the browser as well
50. BeEF Bind Shellcode: The Stager
● Stager listens on a specified port for HTTP
requests
● Ignores HTTP headers and looks for the egg
“cmd=” which marks the start of our 2nd
stage (or any stage you like)
● Allocate executable memory + copy
● Jump into the stage shellcode
51. BeEF Bind Shellcode: The Stage
● Stage listens on a specified port for HTTP
requests as well
● Ignores HTTP headers and looks for “cmd=”
which marks the start of our command
● Requests are proxied back and forth from
the browser to a “cmd.exe” childprocess
● Access-Control-Allow-Origin: *
52. BeEF Bind Shellcode:
● Ported to Linux x86 and Linux x64
○ stager and stage
● Can also be used compiled with RCE vulns
● Metasploit modules are available for easily
encoding and removal of bad characters
55. Exploiting Webmail with XSS
Cross-site Scripting
● most common vulnerability
● impact = underestimated
● mail = interesting target for attacker
56. CVE-2011-2937 Round-cube
reflected Cross-site Scripting vulnerability
● found by Abyszko
● before 0.5.4
http://server/roundcube/?_mbox=<script>
alert(document.cookie)</script>
CVE score for this bug is 4.3 out of 10.
57. CVE-2014-0913 Lotus iNotes
stored Cross-site Scripting vulnerability
● IBM iNotes and Domino 8.5.3 FP6 before
IF2 and 9.0.1 before FP1
● Inject arbitrary web script or HTML via an e-
mail message
CVE score for this bug is 4.3 out of 10.
58. CVE-2014-0913 Lotus iNotes
telnet iNotesSMTPserver 25
HELO xss
MAIL FROM: attacker@evil.com
RCPT TO: poorvictim@good.com
DATA
MIME-Version: 1.0
FROM: ATTACKER <attacker@evil.com>
TO: VICTIM <poorvictim@good.com>
Subject: iNotes XSS vulnerable mail
Content-Type: text/html
<img style="display:none" src="x"/onerror="alert(1)">
59. Universal Cross-site Scripting and
webmail
● Control every origin
● Execute arbitrary code
● Control all webmail clients => including
Cloud based like gmail, yahoo mail, etc.
60. This is a myth: there ain’t no such thing
● Targeted mailbox attack
○ read mails
○ send mails
● Nesting and replication
○ Mailworm - Nduja by Rosario Valotta in
2007
■ spreading across multiple webmail services
■ named after spicy italian sausage from Calabria,
Italy
61. This is a myth: there ain’t no such thing
● DDoS of server
○ BeEF DOSer-module
○ also internal servers (via victims browser)
● DDoS of mailbox
○ multiple zombies sending mails to victim
62. This is a myth: there ain’t no such thing
● Sending spam
○ by email account of trusted user
● Download infection
○ attachment that seems to be sent from
well-know user (=victim)
○ Replace attachment links in existing mails
63. This is a myth: there ain’t no such thing
● Modify existing “notes”
● Social Engineering attacks by mail
● Perform reset of passwords
● names.nsf in iNotes
● ….
64. This is a myth: there ain’t no such thing
4.3/10
66. Tunneling Proxy
Reverse HTTP Proxy
● hooked browser = exit point
● XHR requests or WebSockets
● limited to the hooked domain and security
context of the victims browser
67. Tunneling Proxy
Attack scenarios
● browsing hooked domain (security context of
the victim browser)
● spidering hooked domain
● finding and exploiting SQLi with Burp Pro
Scanner and sqlmap
● Video