The document discusses configuring an ASA firewall to inspect HTTP traffic and block various threats such as URL redirection, Java applets, ActiveX controls, .exe file extensions, blocked sites by host, non-English languages, compression methods other than zip/rar, and HTTPS sites using DNS inspection. It also covers inspecting HTTP on non-standard ports, blocking Hotmail attachments, torrent traffic, and using FQDN objects to block domains.
The document provides guidelines for deploying an L.N.M.P environment on a 64-bit server. It specifies directory locations for source code, installed software, scripts and logs. It also outlines steps to update the system, install and configure MySQL, Nginx, PHP and other packages, including compiling Nginx with specific modules and options, setting Nginx as a service, and enabling syntax highlighting for Nginx configuration files.
Postgresql 12 streaming replication holVijay Kumar N
This is a step by step hands on lab for PostgreSQL 12 , setup of replication, replication slot, failover (promoting) to standby as new master cluster and also covering the scenario where old master has to be reinstated using the utility "pg_rewind"
Varnish Cache and Django (Falcon, Flask etc)Данил Иванов
Varnish is a reverse proxy cache that sits in front of web servers to improve performance by caching responses. It uses a key-value store to cache responses in memory based on requests. The document discusses Varnish's architecture including its state machine and VCL configuration language. It also covers caching policies, cache invalidation methods, and integrating Django with Varnish.
This document discusses the Shellshock vulnerability in the Bash shell. It provides background on Bash and describes how the vulnerability allows remote code execution. It then summarizes the timeline of vulnerability discovery and patches. Potential attack vectors like CGI scripts, DHCP, SSH, and SMTP are explained. Examples of known attacks from botnets, worms, and against Yahoo servers are also mentioned.
Security of go modules and vulnerability scanning in go center (1)Deep Datta
This document provides an agenda for a presentation on dependency management and security in Go. It discusses Go modules, the go.mod and go.sum files, checksum databases, potential issues like vulnerabilities, and how Jfrog GoCenter addresses security by adding vulnerability scanning. The presentation demonstrates how GoCenter scans dependencies and actively warns about vulnerable modules. It also announces the new free vulnerability scanning feature for Go in VSCode.
Slides from a talk at HPC Admintech 2019 about containers, a brief review on containers, how to create a container using common linux tools and how to integrate Docker with Slurm.
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
The Internet Public Key Infrastructure (PKIX) is broken, but several solutions exist to fix some of the issues around transport encryption with TLS and x509 certificates.
This webinar will take a deeper look at two solutions: RFC 7672 “SMTP with DANE” and draft-ietf-uta-mta-sts “SMTP MTA Strict Transport Security (MTA-STS)”. What problems are solved with these solutions? What is needed to implement MTA-STS and SMTP-DANE? Is one solution preferable over the other, or should you deploy both?
The document provides guidelines for deploying an L.N.M.P environment on a 64-bit server. It specifies directory locations for source code, installed software, scripts and logs. It also outlines steps to update the system, install and configure MySQL, Nginx, PHP and other packages, including compiling Nginx with specific modules and options, setting Nginx as a service, and enabling syntax highlighting for Nginx configuration files.
Postgresql 12 streaming replication holVijay Kumar N
This is a step by step hands on lab for PostgreSQL 12 , setup of replication, replication slot, failover (promoting) to standby as new master cluster and also covering the scenario where old master has to be reinstated using the utility "pg_rewind"
Varnish Cache and Django (Falcon, Flask etc)Данил Иванов
Varnish is a reverse proxy cache that sits in front of web servers to improve performance by caching responses. It uses a key-value store to cache responses in memory based on requests. The document discusses Varnish's architecture including its state machine and VCL configuration language. It also covers caching policies, cache invalidation methods, and integrating Django with Varnish.
This document discusses the Shellshock vulnerability in the Bash shell. It provides background on Bash and describes how the vulnerability allows remote code execution. It then summarizes the timeline of vulnerability discovery and patches. Potential attack vectors like CGI scripts, DHCP, SSH, and SMTP are explained. Examples of known attacks from botnets, worms, and against Yahoo servers are also mentioned.
Security of go modules and vulnerability scanning in go center (1)Deep Datta
This document provides an agenda for a presentation on dependency management and security in Go. It discusses Go modules, the go.mod and go.sum files, checksum databases, potential issues like vulnerabilities, and how Jfrog GoCenter addresses security by adding vulnerability scanning. The presentation demonstrates how GoCenter scans dependencies and actively warns about vulnerable modules. It also announces the new free vulnerability scanning feature for Go in VSCode.
Slides from a talk at HPC Admintech 2019 about containers, a brief review on containers, how to create a container using common linux tools and how to integrate Docker with Slurm.
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
The Internet Public Key Infrastructure (PKIX) is broken, but several solutions exist to fix some of the issues around transport encryption with TLS and x509 certificates.
This webinar will take a deeper look at two solutions: RFC 7672 “SMTP with DANE” and draft-ietf-uta-mta-sts “SMTP MTA Strict Transport Security (MTA-STS)”. What problems are solved with these solutions? What is needed to implement MTA-STS and SMTP-DANE? Is one solution preferable over the other, or should you deploy both?
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
This document discusses codifying PostgreSQL database schemas using Terraform. It begins by explaining how to bootstrap a database by hand and then introduces Terraform as a way to automate and version the database schema. Key concepts covered include using Terraform providers and resources to define database schemas, importing existing databases into Terraform, and iterating on schema designs in a declarative way. The document aims to help users avoid issues with Terraform by following best practices.
An attacker was able to gain access to an internal network by phishing a secretary's smartphone. They then used lateral movement techniques like pass-the-hash to escalate privileges and access sensitive files. This included obtaining Domain Admin credentials for the "adm.arazzi" user. The attacker was ultimately able to exfiltrate data and establish persistence on the network.
This webinar is designed as an easy-to-follow tutorial on DNSSEC signing a zone for DNS admins. Our focus will be on DNSSEC zone signing automation with the Knot DNS Server and BIND 9.
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was presented at the OWASP Belgium Chapter Meeting in May 2017.
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
This document discusses using Logstash to collect, parse, and analyze log files. It begins with an introduction to logs and Logstash. It then covers installing and configuring Logstash - including using inputs to collect logs, filters to parse and transform data, and outputs to send parsed logs to a storage system. The document demonstrates a Logstash configuration to collect Apache access logs, parse fields using Grok, and output to Elasticsearch for analysis with Kibana. It concludes with tips on using Logstash for SEO-related tasks like analyzing crawler behavior and page load speeds.
This document discusses DNS related commands in Linux. It begins by listing commands like nslookup, host and dig that can be used to query DNS servers and lookup domain names, IP addresses, MX records, NS records and more. It then provides examples of using these commands, explaining options like -query, -type and -debug. The document also covers using specific DNS servers, changing ports or timeouts, and troubleshooting DNS issues. Configuration files like resolv.conf and .nslookuprc are also mentioned.
Apresentação na Pós-Graduação em Segurança da Informação:
- Sniffer de senhas em plain text;
- Ataque de brute-force no SSH;
- Proteção: Firewall, IPS e/ou TCP Wrappers;
- Segurança básica no sshd_config;
- Chaves RSA/DSA para acesso remoto;
- SSH buscando chaves no LDAP;
- Porque previnir o acesso: Fork Bomb
This document discusses DNS commands in Linux. It begins by explaining DNS concepts like zones, authoritative and non-authoritative answers. It then demonstrates commands like nslookup, host and dig to query DNS records like A, MX, NS, SOA records and perform reverse lookups. It shows how to specify DNS servers, ports, timeouts and debug modes. Config files like resolv.conf and nslookuprc are also mentioned.
Logging is important for troubleshooting a DNS service. Conveniently with BIND 9, almost all problems will show up somewhere in the log output, but only if the logging is enabled and configured correctly.
In this webinar, we’ll discuss the BIND 9 logging configuration and best practices in searching through large log-files to find the entries of interest. In addition, we’ll release log-management tools used by Men & Mice Services.
The document discusses various tools and services provided by CQURE Team including penetration testing, incident response, security architecture design, forensics investigation, and security awareness training. It also covers technical details of how Windows protects secrets using DPAPI and DPAPI-NG, describing the key derivation functions, encryption algorithms, and key storage locations used.
SCALE 15x Minimizing PostgreSQL Major Version Upgrade DowntimeJeff Frost
This document provides instructions for minimizing downtime when performing a major version upgrade of PostgreSQL using logical replication with Slony. It discusses various methods for performing the upgrade, including dump/restore, pg_upgrade, and logical replication with Slony. It then provides a step-by-step guide to setting up logical replication between two PostgreSQL nodes using Slony, including initializing the cluster and nodes, creating replication sets, subscribing nodes, and monitoring the initial synchronization process. The document demonstrates how Slony allows performing a graceful switchover and switchback between nodes when upgrading PostgreSQL versions.
Nagios Conference 2013 - Sheeri Cabral - Alerting With MySQL and NagiosNagios
This document discusses using Nagios to monitor MySQL databases. It describes official and third-party Nagios plugins for MySQL monitoring, including check_mysql, check_mysql_query, and a custom Perl script called mysql_health_check.pl. The custom script allows flexible monitoring of system and status variables, caching of results, and calculations of rates and comparisons to previous runs. Example Nagios command definitions are provided to monitor connections, query rates, uptime, and other metrics.
This kickstart file configures an ESXi 5.0 installation on a server. It clears partitions on the first disk, installs ESXi using the first disk and overwrites any existing VMFS partitions. It sets the root password, reboots after installation, configures the management network interface, and configures a vSwitch with port groups.
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...adulau
Fingerprinting, tracing and tracking SSH network activities is a key functionality in network forensic and incident response. In the past years, Passive DNS and SSL have been a cornerstone for efficient incident handling at CIRCL. SSH connectivity is used to manage various devices from IoT up to network equipment or even critical devices. Passive SSH goal is to provide a fast-lookup database with the history of all the SSH keys seen per IPv4/IPv6 address on the global Internet. We developed an open source software toolkit to gather, analyse and store SSH key materials and provide an access to members of the CSIRT community.
Malware Detection with OSSEC HIDS - OSSECCON 2014Santiago Bassett
My presentation on how to use malware indicators of compromise to create rootcheck signatures for OSSEC. Explains different malware collection and analysis techniques.
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was updated and presented at the FSEC conference in Croatia, September 2017.
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
This webinar discusses local name resolution protocols in Windows networks. It focuses on Link Local Multicast Name Resolution (LLMNR) and Peer Name Resolution Protocol (PNRP). LLMNR provides serverless name resolution on the local subnet using multicast queries. PNRP is a peer-to-peer name resolution protocol that operates over IPv6 or IPv4-IPv6 tunnels. The webinar explains how these protocols work, how to configure and use them, and potential security issues to be aware of when using them. It also advertises upcoming Men & Mice training courses on DNS and name resolution topics.
This document provides a summary of the Transit Capital Vision Report created by the City of Bellevue Transportation Department. The report identifies over 100 projects to improve transit speed, reliability and access in Bellevue through 2030. This includes investments in pedestrian and bicycle infrastructure to access transit, bus stop amenities, park-and-ride facilities, and transit priority treatments along roadways. The goal is to help realize Bellevue's proposed 2030 Frequent Transit Network by making it easier and faster for residents, employees and visitors to use public transportation in the city.
F08 9543-015 hoja de vida aprendiz dayana arcila osornolasmaslindas1221
Este documento presenta un formato estándar para hojas de vida de aprendices. Incluye secciones para datos personales como nombre, identificación, fecha de nacimiento y domicilio. También incluye espacios para detallar la educación primaria, secundaria y estudios complementarios del aprendiz, así como su experiencia laboral y referencias personales. El formato provee un modelo uniforme para recopilar información relevante sobre los aprendices de forma organizada y completa.
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
This document discusses codifying PostgreSQL database schemas using Terraform. It begins by explaining how to bootstrap a database by hand and then introduces Terraform as a way to automate and version the database schema. Key concepts covered include using Terraform providers and resources to define database schemas, importing existing databases into Terraform, and iterating on schema designs in a declarative way. The document aims to help users avoid issues with Terraform by following best practices.
An attacker was able to gain access to an internal network by phishing a secretary's smartphone. They then used lateral movement techniques like pass-the-hash to escalate privileges and access sensitive files. This included obtaining Domain Admin credentials for the "adm.arazzi" user. The attacker was ultimately able to exfiltrate data and establish persistence on the network.
This webinar is designed as an easy-to-follow tutorial on DNSSEC signing a zone for DNS admins. Our focus will be on DNSSEC zone signing automation with the Knot DNS Server and BIND 9.
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was presented at the OWASP Belgium Chapter Meeting in May 2017.
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
This document discusses using Logstash to collect, parse, and analyze log files. It begins with an introduction to logs and Logstash. It then covers installing and configuring Logstash - including using inputs to collect logs, filters to parse and transform data, and outputs to send parsed logs to a storage system. The document demonstrates a Logstash configuration to collect Apache access logs, parse fields using Grok, and output to Elasticsearch for analysis with Kibana. It concludes with tips on using Logstash for SEO-related tasks like analyzing crawler behavior and page load speeds.
This document discusses DNS related commands in Linux. It begins by listing commands like nslookup, host and dig that can be used to query DNS servers and lookup domain names, IP addresses, MX records, NS records and more. It then provides examples of using these commands, explaining options like -query, -type and -debug. The document also covers using specific DNS servers, changing ports or timeouts, and troubleshooting DNS issues. Configuration files like resolv.conf and .nslookuprc are also mentioned.
Apresentação na Pós-Graduação em Segurança da Informação:
- Sniffer de senhas em plain text;
- Ataque de brute-force no SSH;
- Proteção: Firewall, IPS e/ou TCP Wrappers;
- Segurança básica no sshd_config;
- Chaves RSA/DSA para acesso remoto;
- SSH buscando chaves no LDAP;
- Porque previnir o acesso: Fork Bomb
This document discusses DNS commands in Linux. It begins by explaining DNS concepts like zones, authoritative and non-authoritative answers. It then demonstrates commands like nslookup, host and dig to query DNS records like A, MX, NS, SOA records and perform reverse lookups. It shows how to specify DNS servers, ports, timeouts and debug modes. Config files like resolv.conf and nslookuprc are also mentioned.
Logging is important for troubleshooting a DNS service. Conveniently with BIND 9, almost all problems will show up somewhere in the log output, but only if the logging is enabled and configured correctly.
In this webinar, we’ll discuss the BIND 9 logging configuration and best practices in searching through large log-files to find the entries of interest. In addition, we’ll release log-management tools used by Men & Mice Services.
The document discusses various tools and services provided by CQURE Team including penetration testing, incident response, security architecture design, forensics investigation, and security awareness training. It also covers technical details of how Windows protects secrets using DPAPI and DPAPI-NG, describing the key derivation functions, encryption algorithms, and key storage locations used.
SCALE 15x Minimizing PostgreSQL Major Version Upgrade DowntimeJeff Frost
This document provides instructions for minimizing downtime when performing a major version upgrade of PostgreSQL using logical replication with Slony. It discusses various methods for performing the upgrade, including dump/restore, pg_upgrade, and logical replication with Slony. It then provides a step-by-step guide to setting up logical replication between two PostgreSQL nodes using Slony, including initializing the cluster and nodes, creating replication sets, subscribing nodes, and monitoring the initial synchronization process. The document demonstrates how Slony allows performing a graceful switchover and switchback between nodes when upgrading PostgreSQL versions.
Nagios Conference 2013 - Sheeri Cabral - Alerting With MySQL and NagiosNagios
This document discusses using Nagios to monitor MySQL databases. It describes official and third-party Nagios plugins for MySQL monitoring, including check_mysql, check_mysql_query, and a custom Perl script called mysql_health_check.pl. The custom script allows flexible monitoring of system and status variables, caching of results, and calculations of rates and comparisons to previous runs. Example Nagios command definitions are provided to monitor connections, query rates, uptime, and other metrics.
This kickstart file configures an ESXi 5.0 installation on a server. It clears partitions on the first disk, installs ESXi using the first disk and overwrites any existing VMFS partitions. It sets the root password, reboots after installation, configures the management network interface, and configures a vSwitch with port groups.
Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident ...adulau
Fingerprinting, tracing and tracking SSH network activities is a key functionality in network forensic and incident response. In the past years, Passive DNS and SSL have been a cornerstone for efficient incident handling at CIRCL. SSH connectivity is used to manage various devices from IoT up to network equipment or even critical devices. Passive SSH goal is to provide a fast-lookup database with the history of all the SSH keys seen per IPv4/IPv6 address on the global Internet. We developed an open source software toolkit to gather, analyse and store SSH key materials and provide an access to members of the CSIRT community.
Malware Detection with OSSEC HIDS - OSSECCON 2014Santiago Bassett
My presentation on how to use malware indicators of compromise to create rootcheck signatures for OSSEC. Explains different malware collection and analysis techniques.
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was updated and presented at the FSEC conference in Croatia, September 2017.
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
This webinar discusses local name resolution protocols in Windows networks. It focuses on Link Local Multicast Name Resolution (LLMNR) and Peer Name Resolution Protocol (PNRP). LLMNR provides serverless name resolution on the local subnet using multicast queries. PNRP is a peer-to-peer name resolution protocol that operates over IPv6 or IPv4-IPv6 tunnels. The webinar explains how these protocols work, how to configure and use them, and potential security issues to be aware of when using them. It also advertises upcoming Men & Mice training courses on DNS and name resolution topics.
This document provides a summary of the Transit Capital Vision Report created by the City of Bellevue Transportation Department. The report identifies over 100 projects to improve transit speed, reliability and access in Bellevue through 2030. This includes investments in pedestrian and bicycle infrastructure to access transit, bus stop amenities, park-and-ride facilities, and transit priority treatments along roadways. The goal is to help realize Bellevue's proposed 2030 Frequent Transit Network by making it easier and faster for residents, employees and visitors to use public transportation in the city.
F08 9543-015 hoja de vida aprendiz dayana arcila osornolasmaslindas1221
Este documento presenta un formato estándar para hojas de vida de aprendices. Incluye secciones para datos personales como nombre, identificación, fecha de nacimiento y domicilio. También incluye espacios para detallar la educación primaria, secundaria y estudios complementarios del aprendiz, así como su experiencia laboral y referencias personales. El formato provee un modelo uniforme para recopilar información relevante sobre los aprendices de forma organizada y completa.
This document provides instructions for customizing the settings of a wiki workspace. It explains that the settings page allows the user to configure options like the wiki description, security and access settings, creating student accounts, and email preferences. The security settings allow control over who can view and edit the wiki, and students can be given individual accounts to access the workspace.
This cheat sheet provides various tips for using netcat on both linux and unix. All Syntax is designed for the original netcat versions, including ncat, gnu netcat and others.
Este documento describe los diferentes regímenes aduaneros en México, incluyendo la importación definitiva para permanecer en el país de forma permanente, la exportación definitiva para permanecer en el extranjero de forma permanente, la importación temporal para devolver los productos al extranjero sin cambios, la exportación temporal para sacar productos del país de forma temporal, el depósito fiscal para almacenar productos extranjeros o nacionales, el tránsito de mercancías entre aduanas nacionales e internacionales, y el régimen de recinto fiscalizado
Traumatic eye injury hypothetical case presentaionmeducationdotnet
This patient presented with chemical injury to the right eye after being hit with a scraper. The initial treatment of checking the pH and irrigating with 1L saline was not sufficient as chemical injuries require prolonged irrigation. The eye also was not checked for foreign bodies. Going forward, the eye requires patching, antibiotic drops, and monitoring in the hospital for complications like increased pressure or additional bleeding. Long term risks include scarring, glaucoma, and potential retinal detachment.
Chapter 17 Reproduction in Humans Lesson 2 - The Menstrual Cyclej3di79
The document summarizes the key events of the human menstrual cycle. It describes how follicles in the ovaries mature and how hormones regulate the cycle. It explains that the ovarian follicle ruptures and releases an egg (ovulation) around day 14. If the egg is not fertilized, hormone levels drop and the uterine lining is shed through menstruation around day 28, starting a new cycle. Oral contraceptives work by inhibiting the hormones FSH and LH to prevent ovulation and therefore pregnancy.
El documento discute la importancia de la cultura general y cómo ha caído en desuso. Actualmente se prefiere la especialización sobre un área específica en lugar de un conocimiento amplio. No obstante, la cultura es fundamental para desarrollar la sensibilidad, razonamiento y comunicación. Ser culto requiere aprender sobre una variedad de temas más allá de una carrera universitaria.
The CSC SSM runs Content Security and Control software on some ASA models to provide protection against viruses, spyware, spam, and other unwanted traffic. It can scan FTP, HTTP/HTTPS, POP3, and SMTP traffic on their standard ports. You must obtain configuration information like the IP addresses and passwords to set up traffic scanning between the ASA and CSC SSM. The document provides steps to create access lists and policy maps to divert specified traffic to the CSC SSM for scanning.
Reducing the spatial resolution of an image is equivalent to reducing its sampling rate. This lowers the image size and causes a checkboard effect. The program takes an input image, reduces its sampling rate by a specified factor, then reshapes the low-resolution image back to the original size to clearly show the checkboard effect. It displays the original, low-resolution, and reshaped images to demonstrate the effects of lowering spatial resolution.
When performing an investigation it is helpful to be reminded of the powerful options available to the investigator. This document is aimed to be a reference to the tools that could be used.
This document discusses various trademark issues that can arise on the internet. It covers topics like domain name registration, the different parts of a domain name, cybersquatting, typosquatting, linking, meta-tagging, and renewal snatching. Remedies for trademark infringement in cyberspace include actions under the Anti-Cybersquatting Consumer Protection Act in the US or dispute resolution policies set by ICANN internationally.
The floor plan centers around a central corridor connecting private spaces on the east side to a garage and office on the west. The only space that breaks this continuity is the kitchen, which creates a semi-private terrace area with a pool. A raised, covered entry defines the home's entrance, and a metal roof was chosen for economy and durability. The kitchen is separated from the dining room by a low wall and features a pitched roof and picture windows to create a sense of openness.
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019Matt Raible
Spring Boot is an excellent way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure.
This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more!
You’ll learn how to add these features to a real application, using the Java language you know and love.
* YouTube video: https://www.youtube.com/watch?v=PpqNMhe4Bd0
* Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
* Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
This presentation, first delivered at Heisenbug St. Petersburg 2017, covers the challenges of doing large scale testing in security from the perspective of test engineering. It's targeted to non-security test experts, with a handful of examples of what we've seen working and what failed.
Suricata is an open source intrusion detection and prevention system. It can perform network security monitoring by analyzing network traffic and detecting threats through signatures. Suricata supports offline analysis of PCAP files, traffic recording, automatic protocol detection, and JSON output of events and alerts. It is configured through a YAML file and rules files, and can output logs to files, databases like MySQL, or syslog. Signatures use keywords to detect threats based on payload, HTTP, DNS, flow, file, and IP reputation attributes.
This document summarizes best practices for secure .NET programming. It discusses guidelines for safer code like using the SecureString class and checked keywords. It also covers vulnerabilities like SQL injection and insecure configuration files. Additionally, it outlines secure communication methods in WCF like SSL and hashing, as well as runtime security features in .NET like CAS and reflection permissions. The document stresses the importance of input validation, authorization, encryption, and overall secure development practices to build a safe .NET environment.
This document provides an overview of how to set up and manage a MongoDB sharded cluster. It describes the key components of a sharded cluster including shards, config servers, and mongos query routers. It then provides step-by-step instructions for deploying, upgrading, and troubleshooting a sharded cluster. The document explains how to configure shards, config servers, and mongos processes. It also outlines best practices for upgrading between minor and major versions of MongoDB.
Cassandra Summit 2014: Lesser Known Features of Cassandra 2.1DataStax Academy
This document summarizes some lesser known features in Apache Cassandra 2.1, including:
1) Cassandra's logging was changed to use Logback, allowing for faster and more configurable logging through a logback.xml file.
2) New default paths were added in Cassandra 2.1 for data, commit logs, and configurations to keep directories cleaner.
3) A number of command line parameters and YAML configuration options were added for more control over logging levels, commit log handling, compaction settings, and more.
4) Enhancements were made to the CQL shell cqlsh and nodetool for additional debugging and management capabilities.
This document discusses PostgreSQL and Solaris as a low-cost platform for medium to large scale critical scenarios. It provides an overview of PostgreSQL, highlighting features like MVCC, PITR, and ACID compliance. It describes how Solaris and PostgreSQL integrate well, with benefits like DTrace support, scalability on multicore/multiprocessor systems, and Solaris Cluster support. Examples are given for installing PostgreSQL on Solaris using different methods, configuring zones for isolation, using ZFS for storage, and monitoring performance with DTrace scripts.
Python (Jinja2) Templates for Network AutomationRick Sherman
Templates allow network configurations to be defined separately from the configuration data. This makes configurations reusable, shareable, and easy to update. Jinja2 is a popular template language that allows variables, conditionals, loops, and inheritance in templates. Templates separate the "how" of the configuration syntax from the "what" of the configuration data values. This document provides examples of basic Jinja2 template features like variables, filters, includes, inheritance blocks, and using data sources.
This document discusses using CommandBox and Docker to deploy real projects. It covers background on the development workflow and environments, benefits of Docker and CommandBox, code cleanup tools like CFLint and git hooks, serving apps with CommandBox, server monitoring with Prometheus, dynamic configuration, caching, session storage, logging with Elasticsearch and Kibana, load balancing with Kubernetes, data changes, scheduled tasks, and canary/blue-green deployments. The overall message is that CommandBox and tools can provide structure and simplify transitions to help teams succeed in deploying applications.
This document discusses using CommandBox and Docker to deploy real projects. It covers background on the development workflow and environments, benefits of Docker and CommandBox, code cleanup tools like CFLint and git hooks, serving apps with CommandBox, server monitoring with Prometheus, dynamic configuration, caching, session storage, logging with Elasticsearch and Kibana, load balancing with Kubernetes, data changes, scheduled tasks, and canary/blue-green deployments. The overall message is that CommandBox and tools can provide structure and simplify transitions to help teams succeed in deploying applications.
ProxySQL - High Performance and HA Proxy for MySQLRené Cannaò
High Availability proxy designed to solve real issues of MySQL setups from small to very large production environments.
Presentation at Percona Live Amsterdam 2015
The document summarizes a hacking attack on a company called mBank. The attack involved scanning the website for vulnerabilities, finding credentials in PHP files that allowed accessing the MySQL database, and uploading a PHP shell to gain remote access. Key steps included SQL injection to find files on the server, extracting credentials from the configuration file to access the database as the root user, and using the database to upload a web shell.
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfacesmichelemanzotti
The document discusses security vulnerabilities found in the web interfaces of security gateways. The author details how they used automated scanners, manual testing with Burp, and SSH access to root to find over 35 exploits in various security gateway products since 2011. Common vulnerabilities included input validation issues, predictable URLs and parameters enabling CSRF, excessive privileges, and session management flaws. The author provides examples of compromising ClearOS and Websense gateways, and demonstrates OSRF through Proofpoint's email system. They conclude many techniques are older but there remains a knowledge gap between secure web and UI development.
10 Excellent Ways to Secure Spring Boot Applications - Okta Webinar 2020Matt Raible
Spring Boot is an efficient way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure.
This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more!
You’ll learn how to add these features to a real application, using the Java language you know and love.
* Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
* Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
* OIDC demo: http://bit.ly/spring-oidc-demo
10 Excellent Ways to Secure Your Spring Boot Application - The Secure Develop...Matt Raible
Spring Boot is an excellent way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure. This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more! You’ll learn how to add these features to a real application, using the Java language you know and love.
YouTube: https://www.thesecuredeveloper.com/post/10-excellent-ways-to-secure-your-spring-boot-application
Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
Content Security Policy (CSP) allows web site administrators to control resources the user agent is allowed to load for a given page. It's an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. We learn what they are and how to used them.
This document discusses advanced techniques used in modern banking trojans. It describes how trojans operate by hijacking browsers using techniques like hooking browser APIs and modifying encrypted network traffic. It also discusses how trojans evade detection from tools like BankGuard and how their command and control structures have evolved to use peer-to-peer and Tor networks.
KSQL is a stream processing SQL engine, which allows stream processing on top of Apache Kafka. KSQL is based on Kafka Stream and provides capabilities for consuming messages from Kafka, analysing these messages in near-realtime with a SQL like language and produce results again to a Kafka topic. By that, no single line of Java code has to be written and you can reuse your SQL knowhow. This lowers the bar for starting with stream processing significantly.
KSQL offers powerful capabilities of stream processing, such as joins, aggregations, time windows and support for event time. In this talk I will present how KSQL integrates with the Kafka ecosystem and demonstrate how easy it is to implement a solution using KSQL for most part. This will be done in a live demo on a fictitious IoT sample.
В докладе рассказывается о расширении для стека протоколов TCP/IP в ОС Linux, которое необходимо для того, чтобы HTTPS работал в том же стеке, что TCP и IP. DDoS-атаки такого типа как HTTP-флуд на уровне приложений, как правило, подавляются HTTP-акселераторами или балансировщиками нагрузки HTTP. Однако интерфейс сокетов Linux, используемый программным обеспечением, не дает той продуктивности, которая необходима при предельных нагрузках, вызванных DDoS-атаками. HTTP-серверы на базе стеков TCP/IP в пространстве пользователя становятся популярными в связи с увеличением их эффективности, но стеки TCP/IP представляют собой масштабный и сложный код, поэтому неблагоразумно реализовывать и исполнять его дважды — в пространстве пользователя и пространстве ядра. Стек TCP/IP в пространстве ядра хорошо интегрирован со многими мощными инструментами, например IPTables, IPVS, tc, tcpdump, которые недоступны для стека TCP/IP в пространстве пользователя или требуют сложных интерфейсов. Докладчик представит решение Tempesta FW, которое передает обработку HTTPS ядру. HTTPS встроен в стек TCP/IP Linux. Исполняя функцию межсетевого экрана HTTP, Tempesta FW устанавливает набор ограничений по скорости передачи и набор эвристических правил для защиты от таких атак как HTTPS-флуд и Slow HTTP.
This document provides an introduction to Snort rule syntax and content matching. It describes the basic components of a Snort rule including the rule header, action, protocols, addresses, ports, and rule options. It then covers various content matching techniques like content, pcre, and content modifiers like nocase, offset, depth, distance, and within. It also discusses negated content matching, content buffers, and fast_pattern. Finally, it provides examples of how content matching can be used for detection strategies like traffic triage and isolating vulnerable application traffic.
1. HTTP Deep Packet Inspection on ASA
Configure http policy, to block site which are Temporary Redirected (307), use proxy(305) & moved permently
(301)
Can Redirection pose security threat ?
If you try to login any websites or forums with your social accounts, it has to be redirected back to the original
website once after completing the authentication, but this bug allows hackers to redirect (mislead) users to
other malicious websites so that they can also have your credentials, indirectly.
Example how the status-line looks: HTTP/1.x 300 OK
ciscoasa(config)#regex REDIRECTION_BLOCK "^3.."
ciscoasa(config)#class-map type inspect http BLOCK_REDIRECTION
ciscoasa(config-cmap)# match response status-line regex class REDIRECTION_BLOCK
ciscoasa(config-cmap)# exit
ciscoasa(config)# policy-map type inspect http HTTP_INSPECTION
ciscoasa(config-pmap)# class BLOCK_REDIRECTION
ciscoasa(config-pmap-c)# drop-connection
ciscoasa(config-pmap-c)# exit
Configure http policy, to block java applet
What is Java Applet??
Java Applets are mini applications. They are developed using Java and have a structured security environment in
which the developer can implement specific security rules for the Applets to follow once they are downloaded to
a user’s computer. Applets are downloaded into the user’s computer RAM. Therefore, once the computer is
shutdown, or restarted, the Applet goes away. However, only the Applet is gone, the actions taken by the Applet
while it is in RAM are not undone.
ciscoasa(config)#access-list 1 extended permit tcp 0.0.0.0 0.0.0.0 eq 80
ciscoasa(config)#class-map type inspect http match-all BLOCK_JAVA_APPLET_CLASS
ciscoasa(config-cmap)# match access-list 1
ciscoasa(config-cmap)# match response body java-applet
ciscoasa(config-cmap)# exit
ciscoasa(config)# policy-map type inspect http HTTP_INSPECTION
ciscoasa(config-pmap)# class BLOCK_JAVA_APPLET_CLASS
ciscoasa(config-pmap-c)# drop-connection
2. ciscoasa(config-pmap-c)# exit
Configure http policy, to block activex
What is ActiveX??
Once the ActiveX control is installed on a user’s computer, it can do anything the user can do. For example,
ActiveX controls can insert harmful code into the user’s operating system, surf company’s secure intranet,
change a user’s password(s), or retrieve documents off the user’s hard disk or network drives and then mail
ciscoasa(config)#access-list 1 extended permit tcp 0.0.0.0 0.0.0.0 eq 80
ciscoasa(config)#class-map type inspect http match-all BLOCK_ACTIVEX_CLASS
ciscoasa(config-cmap)# match access-list 1
ciscoasa(config-cmap)# match response body active-x
ciscoasa(config-cmap)# exit
ciscoasa(config)# policy-map type inspect http HTTP_INSPECTION
ciscoasa(config-pmap)# class BLOCK_ACTIVEX_CLASS
ciscoasa(config-pmap-c)# drop-connection
ciscoasa(config-pmap-c)# exit
Configure http policy, to block .exe file extention
How does .exe file extension pose security threat ?
In Windows, executable programs have file extensions like “exe”, “vbs”, “com”, “bat”, etc. Some actual trojan
filenames include: “dmsetup.exe” and “LOVE-LETTER-FOR-YOU.TXT.vbs”. Which can harm you computer & steal
all you personal data.
regex BLOCK_FILE_EXTENSION ".*.([Ee][Xx][Ee])"
regex CONTENT_TYPE "Content-Type"
ciscoasa(config)#class-map type inspect http match-all BLOCK_FILE_EXTENSION_CLASS
ciscoasa(config-cmap)#match response header regex CONTENT_TYPE regex BLOCK_FILE_EXTENSION
ciscoasa(config)# policy-map type inspect http HTTP_INSPECTION
ciscoasa(config-pmap)# class BLOCK_FILE_EXTENSION_CLASS
ciscoasa(config-pmap-c)# drop-connection
ciscoasa(config-pmap-c)# exit
OR
3. regex BLOCK_FILE_EXTENSION ".*.([Vv][Bb][Ss])"
regex Content-Disposition "Content-Disposition"
ciscoasa(config)#class-map type inspect http match-all BLOCK_FILE_EXTENSION_CLASS
ciscoasa(config-cmap)#match response header regex Content-Disposition regex BLOCK_FILE_EXTENSION
ciscoasa(config)# policy-map type inspect http HTTP_INSPECTION
ciscoasa(config-pmap)# class BLOCK_FILE_EXTENSION_CLASS
ciscoasa(config-pmap-c)# reset log
ciscoasa(config-pmap-c)# exit
Configure http policy, to block any http/https sites with "host" option
What does host field in http header specify ?
The Host request-header field specifies the Internet host and port number of the resource being requested, as
obtained from the original URI given by the user or referring resource (generally an HTTP URL.)
Example how http header looks like:
POST /index.html HTTP/1.1 -- Status Line
Host: www.example.com -- Header
ciscoasa(config)# regex BLOCK_ANY_HTTP/HTTPS_SITE1 ".facebook.com"
ciscoasa(config)# regex BLOCK_ANY_HTTP/HTTPS_SITE2 ".gmail.com"
ciscoasa(config)# class-map type regex match-any BLOCK_SITES
ciscoasa(config-cmap)# match BLOCK_ANY_HTTP/HTTPS_SITE1
ciscoasa(config-cmap)# match BLOCK_ANY_HTTP/HTTPS_SITE2
ciscoasa(config-cmap)# exit
ciscoasa(config)# class-map type inspect http match-all BLOCK_SITES_CLASS
ciscoasa(config-cmap)# match request header host regex class BLOCK_SITES
ciscoasa(config)# class-map type regex match-any URLBlockList
ciscoasa(config)# class-map type inspect http match-all BlockURLsClass
ciscoasa(config-cmap)#match request uri regex class URLBlockList
ciscoasa(config)# policy-map type inspect http HTTP_INSPECTION
ciscoasa(config-pmap)# parameters
ciscoasa(config-pmap-p)# protocol-violation action drop-connection
ciscoasa(config-pmap-p)# class URLBlockList
ciscoasa(config-pmap-c)# reset log
ciscoasa(config-pmap-p)# class BlockURLsClass
ciscoasa(config-pmap-c)# reset log
4. ciscoasa(config-pmap-c)# exit
Configure http policy, to support only English language
ciscoasa(config)#regex LANGUAGES_USER_EXPECT_THE_PAGE_IN "([Ee][Nn])"
ciscoasa(config)#class-map type inspect http LANGUAGES_USER_EXPECT_THE_PAGE_IN_CLASS
ciscoasa(config-cmap)# match not request header accept-language regex class LANGUAGES_USER_EXPECT_THE_PAGE_IN
ciscoasa(config-cmap)# exit
ciscoasa(config)# policy-map type inspect http HTTP_INSPECTION
ciscoasa(config-pmap)# class LANGUAGES_USER_EXPECT_THE_PAGE_IN_CLASS
ciscoasa(config-pmap-c)# drop-connection
ciscoasa(config-pmap-c)# exit
Configure http policy, to support only .zip/.rar compression method
ciscoasa(config)#regex COMPRESSION_SUPPORTED_BY_USER ".([Zz][Ii][Pp] | [Rr][Aa][Rr])"
ciscoasa(config)#class-map type inspect http COMPRESSION_SUPPORTED_BY_USER_CLASS
ciscoasa(config-cmap)# match not request header accept-encoding regex class COMPRESSION_SUPPORTED_BY_USER
ciscoasa(config-cmap)# exit
ciscoasa(config)# policy-map type inspect http HTTP_INSPECTION
ciscoasa(config-pmap)# class COMPRESSION_SUPPORTED_BY_USER_CLASS
ciscoasa(config-pmap-c)# drop-connection
ciscoasa(config-pmap-c)# exit
Block https site using DNS
How can you block https site, when all the packets are encrypted ?
Since HTTPS traffic is encrypted, the ASA does not have the functionality to inspect that type of packets. So we
have come up with a solution that is, to inspect dns packet instead of http/https packet.
ciscoasa(config)# regex BLOCK_HTTPS "facebook.com"
ciscoasa(config)# class-map type inspect dns CMAP
ciscoasa(config-cmap)# match domain-name REGEX1
5. ciscoasa(config)# policy-map type inspect dns PMAP
ciscoasa(config-pmap)# class CMAP
ciscoasa(config-pmap-c)# drop
ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class inspection_default
ciscoasa(config-pmap-c)# no inspect dns present_dns_map
ciscoasa(config-pmap-c)# inspect dns PMAP
Block URLs using FQDN objects
The Cisco ASA firewall 8.4.2 introduced something called Identity Firewall. The IDFW gives a new level of control
to ACLs. You can now configured ACLs to block domain names.
A cool thing about this solution is that it doesn’t slow down the firewall at all. It does the DNS look up probably
once every few hours for when the TTL expires and then stores the IPs in memory. In other words it does not do
a DNS lookup for every packet that comes through the firewall, it does it before hand. Works for both HTTPS and
HTTP. The firewall doesn’t inspect domain names or URLs and it doesn’t care if the packet is encrypted or not.
The packet has to have a destination IP and that’s what the firewall will check.
ciscoasa(config)#dns domain-lookup OUTSIDE ( Public DNS )
ciscoasa(config)#DNS server-group DefaultDNS
name-server 4.2.2.2
ciscoasa(config)#object network OBJ-FACEBOOK-COM
fqdn facebook.com
ciscoasa(config)# access-list ACL_INSIDE extended deny ip any object OBJ-FACEBOOK-COM
Configure ASA to inspect http on non-standard port
Configure ASA to inspect http on non-standard port
ciscoasa(config)# class-map CMAP
ciscoasa(config-cmap)# macth port tcp eq 8080
ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class CMAP
ciscoasa(config-pmap-c)#inspect http
6. Configure ASA to block Hotmail Attachments
ciscoasa(config)# regex GET_ATTACH ".*([Gg][Ee][Tt][Aa][Tt][Tt][Aa][Cc][Hh][Mm][Ee][Nn][Tt]).([Aa][Ss][Pp][Xx]).*"
ciscoasa(config)# regex SCAN_ATTACH ".*([Ss][Cc][Aa][Nn][Aa][Tt][Tt][Aa][Cc][Hh][Mm][Ee][Nn][Tt]).([Aa][Ss][Pp][Xx]).*"
ciscoasa(config)# regex HOTMAIL_URL ".*([Mm][Aa][Ii][Ll]).([Ll][Ii][Vv][Ee]).([Cc][Oo][Mm])"
ciscoasa(config)# class-map type inspect http match-all HOTMAIL_SMACKDOWN
ciscoasa(config-cmap)# match request header host regex HOTMAIL_URL
ciscoasa(config-cmap)# match request uri regex SCAN_ATTACH
ciscoasa(config)# class-map type inspect http match-all HOTMAIL_SMACKDOWN_THE_SEQUEL
ciscoasa(config-cmap)# match request header host regex HOTMAIL_URL
ciscoasa(config-cmap)# match request uri regex GET_ATTACH
ciscoasa(config)# policy-map type inspect http HOTMAIL_SMACKDOWN
ciscoasa(config-pmap)# parameters
ciscoasa(config-pmap)# class HOTMAIL_SMACKDOWN_THE_SEQUEL
ciscoasa(config-pmap-c)# drop-connection log
ciscoasa(config-pmap)# class HOTMAIL_SMACKDOWN
ciscoasa(config-pmap-c)# drop-connection log
ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class inspection_default
ciscoasa(config-pmap-c)# inspect http HOTMAIL_SMACKDOWN
Configure ASA to block torrent
ciscoasa(config)# object-group service Blocked-UDP-Ports udp
description All ports blocked for Bit Torrent UDP DHT (all ephemeral ports except VPN encapsulation)
port-object range 10001 65535
port-object range 1024 9999
ciscoasa(config)# object-group service BitTorrent-Tracker tcp
description TCP Ports used by Bit Torrent for tracker communication
port-object eq 2710
port-object range 6881 6999
ciscoasa(config)# access-list inside_access_in extended deny udp any any object-group Blocked-UDP-Ports log warnings inact
ciscoasa(config)# access-list inside_access_in extended deny tcp any any object-group BitTorrent-Tracker log warnings inactiv
ciscoasa(config)# access-list inside_access_in extended permit tcp any any
Apply the access list in the inside interface it might need modifications depending on your configuration and its
just a sample configuration
7. ciscoasa(config)# regex bit-torrent-tracker ".*[Ii][Nn][Ff][Oo]_[Hh][Aa][Ss][Hh]=.*"
ciscoasa(config)# class-map type inspect http match-all bit-torrent-tracker
ciscoasa(config-cmap)#description Bit Torrent Tracker communication
ciscoasa(config-cmap)#match request args regex bit-torrent-tracker
ciscoasa(config-cmap)#match request method get
ciscoasa(config)# policy-map type inspect http Drop-P2P
ciscoasa(config-pmap)#description Drop protocol violations Bit Torrent Tracker traffic
ciscoasa(config-pmap)#parameters
protocol-violation action log
ciscoasa(config-pmap)#class bit-torrent-tracker
drop-connection log
ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)#class inspection_default
inspect http Drop-P2P