POTASSIUM: Penetration Testing as a Service

•Download as PPTX, PDF•

0 likes•191 views

POTASSIUM is a penetration testing as a service (PTaaS) that uses live migration techniques to clone virtual machines from a production system, capturing their full disk, memory, and network state. This cloned system is isolated to allow thorough testing without risk of damage. POTASSIUM aims to provide valid, safe, and scalable penetration testing through automated and isolated testing modes while minimizing performance impacts on the production system. An evaluation showed POTASSIUM could detect vulnerabilities with up to 100 VMs and had minimal performance overhead during consistent checkpointing compared to non-consistent checkpointing.

Presentations & Public Speaking

POTASSIUM:
Penetration Testing
as a Service
Richard Li |Hyun-wook Baek | Dallin Abendroth
Xing Lin |Robert Ricci | Yuankai Guo | Jacobus Van der Merwe
Presented by
A. Farár

Motivation
• What’s the Problem?
Pentesting on a production system is great, because the exact dynamic state of system
is captured. But there is high risk of damage: data loss, crash. System unavailable or
malware infection…
Testing against a separate system that has been designed to model the live one is also
not ideal. As the production system is not captured, thus reducing the value of the
test.

POTASSIUM PTaaS
• Pentesting Service in the Cloud.
POTASSIUM uses techniques developed for live migration of virtual machines to clone them,
capturing their full disk, memory, and network state. The cloned system is then isolated
from the rest of the cloud, so that effects from the penetration test will not damage other
tenants. Because the penetration tester owns the cloned system, testing is more thorough
and efficient.

PTaaS Design Principles
Validity
Availability
& Integrity
SafetyScalability
Extensibility

Potassium Architecture
• Workflow.
Meta-data
Clone
Attack subproject
Production

Potassium Architecture
• In depth view.
Validity
Safety
Availability
Extensibility
Pentesting
Modes
Scalability

Live Consistent Checkpointing
State Captured at
Single Instance
Snapshots
Transparent
Live ConsistentIterative
P2 must be delivered after time t4 VM state machine for consistent CP

Pentesting Process
Pentest Manager AttackersCoordinator
Mirror Subproject data
VM IP addresses,
attackers assignment
sheet
Relays commands to
attackers
Collects session info.
From attackers
Vulnerability report
generated at end of test
Metasploit auto pentest
• Simple, automated.

Pentesting Modes
Isolated Automated Scalable
Separate Availability Zones Metasploit Manage Multiple Pentests at Once
Emulate Internal /External Attacks

Evaluation
• Measurement: end-to-end time to perform pentesting as a
function of the number of VMs in the production project.
Performance Impact
of Snapshot
Checkpointing
Minimal
Consistent 68.5
Non-consistent 69.6
Pentest
Effectiveness
(2 test cases)
WordPress
Vulnerability
detected
Scalability Up to 100 VMs

Evaluation
• Measurement: end-to-end time to perform pentesting as a
function of the number of VMs in the production project.
HTTP Response Times
(ms)
Baseline 67.4
Non-consistent 69.6
Consistent 68.5
Consistency
Packet loss in VM1>VM0
steam
Automated Pentesting
Mirror Creation 227.59
Attacker Creation 77.56
Pentesting 35.99
Miscellaneous 0.87

Analysis
Strengths
• Automated pentest
• Economies of Scale
• No performance impact
on production systems
• Availability & Integrity
Weaknesses
• Automated Pentest
• Difficult to bring external
resources into the closed
system (i.e. cloud-wide
storage or DB services.
• Possible Confidentiality
concerns

References
Richard Li, et al. (2015), POTASSIUM: Penetration Testing as a Service
Proceedings of the Sixth ACM Symposium on Cloud Computing (SoCC '15)

Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it. Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear)

Shift Left Security

BATbern

The presentation focuses on the responsibilities, practices, processes, tools, and techniques that systematically increase security in the software development lifecycle (SSDLC). Software should be provisioned uniformly declarative regardless of whether software artifacts are produced in-house or purchased. This is the foundation for effective quality and security standardization, which are key facilitators of reliability engineering.

What is SIEM? A Brilliant Guide to the Basics

Sagar Joshi

Practical DevSecOps Course - Part 1

Mohammed A. Imran

Penetration testing reporting and methodology

Rashad Aliyev

Session2-Application Threat Modeling

zakieh alizadeh

The document discusses application threat modeling for a college library website. It describes decomposing the application into external dependencies, entry points, assets, and trust levels. It then covers determining and ranking threats using STRIDE and ASF categorizations. The document outlines identifying security controls and countermeasures to address vulnerabilities. It provides steps for threat analysis and defining mitigation strategies.

DEVSECOPS.pptx

MohammadSaif904342

Dos and Don'ts of DevSecOps

Priyanka Aash

DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully. Learning Objectives: 1: Identify key principles of DevSecOps and see how it relates to DevOps principles. 2: Analyze common pitfalls and see where integration security takes part in DevSecOps. 3: Demonstrate how to do “Continuous Security” by using a lifecycle approach. (Source: RSA Conference USA 2018)

This document describes an EDR (Endpoint Detection and Response) system implementation project for Invinsense. The system was developed using technologies like React JS, C language, Python REST API, Docker, Kubernetes, and deployed on both Windows and Linux agents. It provides features like agent monitoring, antivirus scanning, log collection and analysis. Screenshots show interfaces for login, agent details, scanning, dashboards, reports. Future enhancements proposed include SSO, AI/ML, Mac OS agent, Ansible deployment.

Application Security Architecture and Threat Modelling

Priyanka Aash

2019 DevSecOps Reference Architectures

Sonatype

Introduction To Vulnerability Assessment & Penetration Testing

Raghav Bisht

A vulnerability assessment identifies vulnerabilities in systems and networks to understand threats and risks. Penetration testing simulates cyber attacks to detect exploitable vulnerabilities. There are three types of penetration testing: black box with no system info; white box with full system info; and grey box with some system info. Common vulnerabilities include SQL injection, XSS, weak authentication, insecure storage, and unvalidated redirects. Tools like Nexpose, QualysGuard, and OpenVAS can automate vulnerability assessments.

Source Code Analysis with SAST

Blueinfy Solutions

The document discusses source code analysis techniques for detecting vulnerabilities. It describes several methodologies used in source code analysis tools, including style checking, semantic analysis, and deep flow analysis. Semantic analysis builds an abstract syntax tree to simulate code execution and check for faults. Deep flow analysis extends semantic analysis to generate control and data flow graphs to find issues like race conditions. The document also provides examples of source code vulnerabilities that can be detected, such as a buffer overflow, and discusses how tools can analyze source code, bytecode, and detect entry points vulnerable to attacks.

Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf

ParishSummer

The document discusses a CISO workshop agenda to modernize a security strategy and program. It includes: - An overview of who should attend, such as the CISO, CIO, security directors, and business leaders. - The agenda covers key context and fundamentals, business alignment, and security disciplines. - Exercises are included to assess maturity, discuss recommendations, and assign next steps. - Modules will provide guidance on initiatives like secure identities and access, security operations, and data security.

DevSecOps Singapore introduction

Stefan Streichsbier

The document announces events from DevSecOps Singapore to bring together developers, operations, and security professionals. It describes monthly meetups for talks and networking, workshops over 4 months on integrating security testing into the SDLC, and an annual conference in 2017. It provides announcements for the workshops and conference and calls for speakers, office space, and volunteers to help build the community.

Security Checkpoints in Agile SDLC

Rahul Raghavan

Product Engineering teams have started to realize the importance of software security. This has resulted in the trend where teams are taking efforts to include it as part of their software development life cycle; as opposed to treating it as another item in their checklist prior to release. However, the real challenge is in trying to find the balance between agility and quality which is where many team find this an uphill task. While there is no golden standard when it comes to implementing software security, product teams should focus on bringing about systematic and cultural practices within their teams. This should help them to bring about the required efficiency to enable software security as a market differentiator. This slide-deck on Software Security Initiative focuses on translating a plan of action into sustainable activities as part of the secure software development life cycle that can be adopted by engineering teams. The slides will delve deep into aspects like identifying and designing security checkpoints in the SDLC alongside concepts such as Threat Modelling in Agile, AppSec Toolchain and Security Regressions. This was presented as a we45 Webinar on April 12, 2018

DevSecOps 101

Narudom Roongsiriwong, CISSP

Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations. This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.

DevSecOps Implementation Journey

DevOps Indonesia

Yohanes Syailendra discusses DevSecOps implementation at DKATALIS, an Indonesian company. Some key points: 1. DevSecOps shifts security left to earlier stages of development to find and fix vulnerabilities sooner. This allows for faster development times and more secure applications. 2. At DKATALIS, DevSecOps includes threat modeling, static application security testing (SAST), dynamic application security testing (DAST), infrastructure as code scanning, and container security throughout the development pipeline. 3. A successful DevSecOps implementation requires changing culture, processes, and architecture to establish security as a shared responsibility across development and security teams. Automation is also important to scale practices

Introduction To OWASP

Marco Morana

The document provides an overview of the Open Web Application Security Project (OWASP). It discusses what OWASP is, the free resources it provides like publications, tools, and local chapters. It outlines some of OWASP's major publications like the OWASP Top 10 and Testing Guide. It also demonstrates the WebScarab and WebGoat tools. Finally, it describes the goals and offerings of the OWASP Cincinnati local chapter.

DevSecOps: Key Controls to Modern Security Success

Puma Security, LLC

This document outlines 5 key practices for modern security success in DevSecOps: 1) Cloud & DevSecOps practices, 2) Pre-Commit controls like the "paved road" of secure templates, 3) Commit controls through CI/CD pipelines, 4) Acceptance controls for supply chain security, and 5) Operations controls for continuous security compliance. The presentation provides examples for implementing controls at each stage to integrate security practices into the DevSecOps workflow.

MITRE ATT&CK framework

Bhushan Gurav

Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...

Beau Bullock

Your vulnerability scanner reports that there are no issues on your network. A pentester has spent the last week trying to exploit every system your organization owns with no luck. The check box for this year's compliance audit has been checked. While it is good that these things occurred, they do not complete the picture in regards to true risk. Real attackers do not solely rely on software exploits to compromise an environment. In almost every breach you hear about the root of the compromise came from a phishing attack. This is why additional tests, post-infection, should be performed to assess just how far an attacker can go after gaining a foothold into your environment. What command and control channels are available for an attacker to utilize to communicate with your internal systems? How easy is it for an attacker to move laterally within your environment and gain access to other systems? What are your detection capabilities when it comes to sensitive data being exfiltrated out of your environment? How do you test these attacker techniques using open-source tools? This lecture will address these questions and more, including a showcase of attacker methodologies.

Introduction to DevSecOps

Amazon Web Services

Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.

ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...

JamieWilliams130

This document discusses operationalizing cyber threat intelligence by emulating adversary behaviors. It explains how to take cyber threat intelligence and map behaviors to the MITRE ATT&CK framework. Specific focus is given to the "Process Doppelgänging" technique, including understanding the behavior, potential detections, and emulating the behavior. The importance of fully emulating operations and expanding emulations through tools like Caldera is also covered.

Introduction to Malware Analysis

Andrew McNicol

This document provides an overview of malware analysis, including both static and dynamic analysis techniques. Static analysis involves examining a file's code and components without executing it, such as identifying file types, checking hashes, and viewing strings. Dynamic analysis involves executing the malware in a controlled environment and monitoring its behavior and any system changes. Dynamic analysis tools discussed include Process Explorer, Process Monitor, and Autoruns to track malware processes, files accessed, and persistence mechanisms. Both static and dynamic analysis are needed to fully understand malware behavior.

Patch Management Best Practices

Ivanti

Patch management is critical to reducing your attack surface and keeping your endpoints and business running smoothly. Unfortunately, it's also a process that must be repeated weekly, monthly, quarterly, and whenever critical fixes have been identified for your environment. The good news is: with the right tools and some advance planning, this process can run smoothly and leave your IT team with more time to support core business goals. Join us to learn about trends in patch management, including the latest ways Ivanti is helping Security and IT teams work together like a well-oiled machine.

security-reference-architecture.pdf

JoniGarcia9

The document presents a security reference architecture with use cases. It includes sections on user/device security, application security, network security, SASE integration, common identity, converged multi-cloud policy, and securing IoT/OT environments. Diagrams show how different security tools and services fit together across networks, users, applications, and clouds to provide a zero trust architecture.

Owasp top 10 vulnerabilities

OWASP Delhi

Secure Application Development in the Age of Continuous Delivery

Tim Mackey

As delivered at LinuxCon and ContainerCon in Berlin 2016. Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: • How known vulnerabilities can make their way into production deployments • How deployment of vulnerable code can be minimized • How to determine the vulnerability status of a container • How to determine the risk associated with a specific package

Secure Application Development in the Age of Continuous Delivery

Black Duck by Synopsys

As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016. Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: • How known vulnerabilities can make their way into production deployments • How deployment of vulnerable code can be minimized • How to determine the vulnerability status of a container • How to determine the risk associated with a specific package

What's hot

EDR(End Point Detection And Response).pptx

SMIT PAREKH

Application Security Architecture and Threat Modelling

Priyanka Aash

2019 DevSecOps Reference Architectures

Sonatype

Introduction To Vulnerability Assessment & Penetration Testing

Raghav Bisht

Source Code Analysis with SAST

Blueinfy Solutions

Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf

ParishSummer

DevSecOps Singapore introduction

Stefan Streichsbier

Security Checkpoints in Agile SDLC

Rahul Raghavan

DevSecOps 101

Narudom Roongsiriwong, CISSP

DevSecOps Implementation Journey

DevOps Indonesia

Introduction To OWASP

Marco Morana

DevSecOps: Key Controls to Modern Security Success

Puma Security, LLC

MITRE ATT&CK framework

Bhushan Gurav

Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...

Beau Bullock

Introduction to DevSecOps

Amazon Web Services

ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...

JamieWilliams130

Introduction to Malware Analysis

Andrew McNicol

Patch Management Best Practices

Ivanti

security-reference-architecture.pdf

JoniGarcia9

Owasp top 10 vulnerabilities

OWASP Delhi

What's hot (20)

EDR(End Point Detection And Response).pptx

Application Security Architecture and Threat Modelling

2019 DevSecOps Reference Architectures

Introduction To Vulnerability Assessment & Penetration Testing

Source Code Analysis with SAST

Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf

DevSecOps Singapore introduction

Security Checkpoints in Agile SDLC

DevSecOps 101

DevSecOps Implementation Journey

Introduction To OWASP

DevSecOps: Key Controls to Modern Security Success

MITRE ATT&CK framework

Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...

Introduction to DevSecOps

ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...

Introduction to Malware Analysis

Patch Management Best Practices

security-reference-architecture.pdf

Owasp top 10 vulnerabilities

Similar to POTASSIUM: Penetration Testing as a Service

Secure Application Development in the Age of Continuous Delivery

Tim Mackey

Secure Application Development in the Age of Continuous Delivery

Black Duck by Synopsys

SCADA Security: The Five Stages of Cyber Grief

Lancope, Inc.

The document summarizes the five stages of grief experienced by organizations when they realize their critical infrastructure systems are connected to the internet and vulnerable to cyber attacks: denial, anger, bargaining, depression, and acceptance. It provides examples to illustrate why each stage occurs, such as discoveries of thousands of exposed SCADA and ICS devices online using tools like SHODAN, high-profile attacks like Stuxnet targeting critical infrastructure systems, and challenges of keeping outdated systems patched against emerging threats. The document argues organizations must ultimately accept the interconnected nature of systems and find new ways to design and manage critical infrastructure that are more secure and resilient to cyber attacks.

Integration Testing as Validation and Monitoring

Melissa Benua

In the world of software-as-a-service, just about anyone with a laptop and an Internet connection can spin up their very own cloud-based web service. Software startups, in particular, are often big on ideas but small on staff. This makes streamlining the traditional develop-test-integrate-deploy-monitor pipeline critically important. Melissa Benua says that an effective way to accomplish this is to reduce the number of different test suites that verify many of the same things for each stage. Melissa explains how teams can avoid this by authoring the right set of tests and using the right frameworks. Drawing on lessons learned in companies both large and small, Melissa shows how teams can drastically slash time spent developing automation, verifying builds for release, and monitoring code in production—without sacrificing availability or reliability.

CyberCrime in the Cloud and How to defend Yourself

Alert Logic

The document discusses cybercrime threats in the cloud and how to defend against them. It notes that traditional on-premises threats are moving to the cloud, with web application attacks and brute force attacks being most common. Honeypots are used to gather intelligence on attacks by simulating vulnerable systems. Analysis of honeypot data found increases in brute force attacks and vulnerability scans in cloud environments. The document recommends best practices like secure coding, access management, patch management, log review, and tools like firewalls and intrusion detection to help secure cloud environments.

A Distributed Malware Analysis System Cuckoo Sandbox

Andy Lee

This document describes a distributed malware analysis system using Cuckoo Sandbox. It discusses: 1) Cuckoo Sandbox is an open source automated malware analysis system that runs binary files in virtual machines to record behaviors like API calls, files created, registry access, and network traffic. 2) The motivation for a distributed system is that the computing power of a single machine is limited, causing performance bottlenecks for analyzing large numbers of samples. 3) The distributed Cuckoo system uses a master-worker architecture to assign analysis tasks to multiple worker nodes in parallel, reducing total analysis time and allowing the system to scale to more samples as hardware resources increase.

Proactive ops for container orchestration environments

Docker, Inc.

This document discusses different approaches to monitoring systems from manual and reactive to proactive monitoring using container orchestration tools. It provides examples of metrics to monitor at the host/hardware, networking, application, and orchestration layers. The document emphasizes applying the principles of observability including structured logging, events and tracing with metadata, and monitoring the monitoring systems themselves. Speakers provide best practices around failure prediction, understanding failure modes, and using chaos engineering to build system resilience.

Post Exploitation Using Meterpreter

Shubham Mittal

The document discusses using Meterpreter for post exploitation activities after gaining access to a target system. Meterpreter provides an advanced multi-function payload that injects itself into running processes to provide core and advanced command functionality through extensions in a more stealthy way than normal payloads. The document outlines how Meterpreter works and can be used for activities like enumeration, privilege escalation, information harvesting, and pivoting across a network during post exploitation.

Prometheus for Monitoring Metrics (Fermilab 2018)

Brian Brazil

DCSF19 Container Security: Theory & Practice at Netflix

Docker, Inc.

Michael Wardrop, Netflix Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads. As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.

Agile Engineering Sparker GLASScon 2015

Stephen Ritchie

This document provides information about an expert in Agile software development practices named Stephen Ritchie. It summarizes his experience, certifications, and areas of focus including Agile coaching. The document recommends practices for implementing Agile such as version control, continuous integration, automated testing, and deployment automation. It lists tools that can be used for each practice and recommends an order for implementation. The document also discusses benefits of practices like reduced defect rates and faster deployments.

Fault tolerance

Michał Waleszczuk

Michal Waleszczuk defines fault tolerance as a system's ability to continue operating properly despite failures in components. The document discusses fault tolerance techniques including checkpointing/rollback recovery. Checkpointing saves application states that can be used for recovery after failures. DMTCP is a library that provides transparent checkpointing of Linux applications. Waleszczuk's study tests DMTCP checkpointing on a matrix multiplication application, finding that multiple checkpoints increase restoration time but decrease runtime overhead compared to no checkpoints.

(Agile) engineering best practices - What every project manager should know

Richard Cheng

Detecting Evasive Malware in Sandbox

Rahul Mohandas

Service Virtualization: Delivering Complex Test Environments on Demand

Erika Barron

Build cloud native solution using open source

Nitesh Jadhav

Automated Malware Analysis and Cyber Security Intelligence

Jason Choi

How to detect side channel attacks in cloud infrastructures

Pasquale Puzio

http://www.secludit.com We integrated Elastic Detector, which is SecludIT's product, with OSSIM in order to detect side-channel attacks occurring in cloud infrastructures. Elastic Detector takes care of solving the cloud elasticity issue, collecting security-relevant logs and forwarding (rsyslog) them to OSSIM where the correlation takes place (thanks to our plugin). DEMO showed at the RaSIEM workshop (ARES conference) in Regensburg, Germany.

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato

Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

DevSecOps: Taking a DevOps Approach to Security

Alert Logic

Similar to POTASSIUM: Penetration Testing as a Service (20)

Secure Application Development in the Age of Continuous Delivery

SCADA Security: The Five Stages of Cyber Grief

Integration Testing as Validation and Monitoring

CyberCrime in the Cloud and How to defend Yourself

A Distributed Malware Analysis System Cuckoo Sandbox

Proactive ops for container orchestration environments

Post Exploitation Using Meterpreter

Prometheus for Monitoring Metrics (Fermilab 2018)

DCSF19 Container Security: Theory & Practice at Netflix

Agile Engineering Sparker GLASScon 2015

Fault tolerance

(Agile) engineering best practices - What every project manager should know

Detecting Evasive Malware in Sandbox

Service Virtualization: Delivering Complex Test Environments on Demand

Build cloud native solution using open source

Automated Malware Analysis and Cyber Security Intelligence

How to detect side channel attacks in cloud infrastructures

Azure 101: Shared responsibility in the Azure Cloud

DevSecOps: Taking a DevOps Approach to Security

Recently uploaded

ServiceNow CIS-ITSM Exam Dumps & Questions [2024]

SkillCertProExams

• For a full set of 530+ questions. Go to https://skillcertpro.com/product/servicenow-cis-itsm-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates • SkillCertPro assures 100% pass guarantee in first attempt.

The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...

OECD Directorate for Financial and Enterprise Affairs

This presentation by Tim Capel, Director of the UK Information Commissioner’s Office Legal Service, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp. This presentation was uploaded with the author’s consent.

Using-Presentation-Software-to-the-Fullf.pptx

kainatfatyma9

Gamify it until you make it Improving Agile Development and Operations with ...

Ben Linders

So many challenges, so little time. While we’re busy developing software and keeping it operational, we also need to sharpen the saw, but how? Gamification can be a way to look at how you’re doing and find out where to improve. It’s a great way to have everyone involved and get the best out of people. In this presentation, Ben Linders will show how playing games with the DevOps coaching cards can help to explore your current development and deployment (DevOps) practices and decide as a team what to improve or experiment with. The games that we play are based on an engagement model. Instead of imposing change, the games enable people to pull in ideas for change and apply those in a way that best suits their collective needs. By playing games, you can learn from each other. Teams can use games, exercises, and coaching cards to discuss values, principles, and practices, and share their experiences and learnings. Different game formats can be used to share experiences on DevOps principles and practices and explore how they can be applied effectively. This presentation provides an overview of playing formats and will inspire you to come up with your own formats.

IEEE CIS Webinar Sustainable futures.pdf

Claudio Gallicchio

The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems. Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).

一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理

gfysze

原版一模一样【微信：741003700 】【(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证成绩单】【微信：741003700 】学位证，留信认证（真实可查，永久存档）原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原。 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 【主营项目】一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才办理(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证【微信：741003700 】外观非常简单，由纸质材料制成，上面印有校徽、校名、毕业生姓名、专业等信息。办理(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证【微信：741003700 】格式相对统一，各专业都有相应的模板。通常包括以下部分：校徽：象征着学校的荣誉和传承。校名:学校英文全称授予学位：本部分将注明获得的具体学位名称。毕业生姓名：这是最重要的信息之一，标志着该证书是由特定人员获得的。颁发日期：这是毕业正式生效的时间，也代表着毕业生学业的结束。其他信息：根据不同的专业和学位，可能会有一些特定的信息或章节。办理(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证【微信：741003700 】价值很高，需要妥善保管。一般来说，应放置在安全、干燥、防潮的地方，避免长时间暴露在阳光下。如需使用，最好使用复印件而不是原件，以免丢失。综上所述，办理(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证【微信：741003700 】是证明身份和学历的高价值文件。外观简单庄重，格式统一，包括重要的个人信息和发布日期。对持有人来说，妥善保管是非常重要的。

AWS User Group Torino 2024 #3 - 18/06/2024

Guido Maria Nebiolo

2023 Ukraine Crisis Media Center Finance Balance

UkraineCrisisMediaCenter

Prsentation for VIVA Welike project 1semester.pptx

prafulpawar29

怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样

kekzed

原版定制【微信:bwp0011】《(lincoln学位证书)英国林肯大学毕业证文凭学位证书》【微信:bwp0011】成绩单、雅思、外壳、留信学历认证永久存档查询，采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。【业务选择办理准则】一、工作未确定，回国需先给父母、亲戚朋友看下文凭的情况，办理一份就读学校的毕业证【微信bwp0011】文凭即可二、回国进私企、外企、自己做生意的情况，这些单位是不查询毕业证真伪的，而且国内没有渠道去查询国外文凭的真假，也不需要提供真实教育部认证。鉴于此，办理一份毕业证【微信bwp0011】即可三、进国企，银行，事业单位，考公务员等等，这些单位是必需要提供真实教育部认证的，办理教育部认证所需资料众多且烦琐，所有材料您都必须提供原件，我们凭借丰富的经验，快捷的绿色通道帮您快速整合材料，让您少走弯路。留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才【关于价格问题（保证一手价格）】我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。

Genesis chapter 3 Isaiah Scudder.pptx

FamilyWorshipCenterD

2023 Ukraine Crisis Media Center Annual Report

UkraineCrisisMediaCenter

2023 Ukraine Crisis Media Center Financial Report

UkraineCrisisMediaCenter

The Intersection between Competition and Data Privacy – COLANGELO – June 2024...

OECD Directorate for Financial and Enterprise Affairs

This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp. This presentation was uploaded with the author’s consent.

2 December UAE National Day - United Arab Emirates

UAE Ppt

Data Processing in PHP - PHPers 2024 Poznań

Norbert Orzechowicz

The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...

OECD Directorate for Financial and Enterprise Affairs

SASi-SPi Science Policy Lab Pre-engagement

Francois Stepman

11June 2024. An online pre-engagement session was organized on Tuesday June 11 to introduce the Science Policy Lab approach and the main components of the conceptual framework. About 40 experts from around the globe gathered online for a pre-engagement session, paving the way for the first SASi-SPi Science Policy Lab event scheduled for June 18-19, 2024 in Malmö. The session presented the objectives for the upcoming Science Policy Lab (S-PoL), which featured a role-playing game designed to simulate stakeholder interactions and policy interventions for food systems transitions. Participants called for the sharing of meeting materials and continued collaboration, reflecting a strong commitment to advancing towards sustainable agrifood systems.

Proposal: The Ark Project and The BEEP Inc

Raheem Muhammad

1.) Introduction Our Movement is not new; it is the same as it was for Freedom, Justice, and Equality since we were labeled as slaves. However, this movement at its core must entail economics. 2.) Historical Context This is the same movement because none of the previous movements, such as boycotts, were ever completed. For some, maybe, but for the most part, it’s just a place to keep your stable until you’re ready to assimilate them into your system. The rest of the crabs are left in the world’s worst parts, begging for scraps. 3.) Economic Empowerment Our Movement aims to show that it is indeed possible for the less fortunate to establish their economic system. Everyone else – Caucasian, Asian, Mexican, Israeli, Jews, etc. – has their systems, and they all set up and usurp money from the less fortunate. So, the less fortunate buy from every one of them, yet none of them buy from the less fortunate. Moreover, the less fortunate really don’t have anything to sell. 4.) Collaboration with Organizations Our Movement will demonstrate how organizations such as the National Association for the Advancement of Colored People, National Urban League, Black Lives Matter, and others can assist in creating a much more indestructible Black Wall Street. 5.) Vision for the Future Our Movement will not settle for less than those who came before us and stopped before the rights were equal. The economy, jobs, healthcare, education, housing, incarceration – everything is unfair, and what isn’t is rigged for the less fortunate to fail, as evidenced in society. 6.) Call to Action Our movement has started and implemented everything needed for the advancement of the economic system. There are positions for only those who understand the importance of this movement, as failure to address it will continue the degradation of the people deemed less fortunate. No, this isn’t Noah’s Ark, nor am I a Prophet. I’m just a man who wrote a couple of books, created a magnificent website: http://www.thearkproject.llc, and who truly hopes to try and initiate a truly sustainable economic system for deprived people. We may not all have the same beliefs, but if our methods are tried, tested, and proven, we can come together and help others. My website: http://www.thearkproject.llc is very informative and considerably controversial. Please check it out, and if you are afraid, leave immediately; it’s no place for cowards. The last Prophet said: “Whoever among you sees an evil action, then let him change it with his hand [by taking action]; if he cannot, then with his tongue [by speaking out]; and if he cannot, then, with his heart – and that is the weakest of faith.” [Sahih Muslim] If we all, or even some of us, did this, there would be significant change. We are able to witness it on small and grand scales, for example, from climate control to business partnerships. I encourage, invite, and challenge you all to support me by visiting my website.

Bridging the visual gap between cultural heritage and digital scholarship

Inesm9

Recently uploaded (20)

ServiceNow CIS-ITSM Exam Dumps & Questions [2024]

The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...

Using-Presentation-Software-to-the-Fullf.pptx

Gamify it until you make it Improving Agile Development and Operations with ...

IEEE CIS Webinar Sustainable futures.pdf

一比一原版(unc毕业证书)美国北卡罗来纳大学教堂山分校毕业证如何办理

AWS User Group Torino 2024 #3 - 18/06/2024

2023 Ukraine Crisis Media Center Finance Balance

Prsentation for VIVA Welike project 1semester.pptx

怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样

Genesis chapter 3 Isaiah Scudder.pptx

2023 Ukraine Crisis Media Center Annual Report

2023 Ukraine Crisis Media Center Financial Report

The Intersection between Competition and Data Privacy – COLANGELO – June 2024...

2 December UAE National Day - United Arab Emirates

Data Processing in PHP - PHPers 2024 Poznań

The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...

SASi-SPi Science Policy Lab Pre-engagement

Proposal: The Ark Project and The BEEP Inc

Bridging the visual gap between cultural heritage and digital scholarship

POTASSIUM: Penetration Testing as a Service

2. Motivation • What’s the Problem? Pentesting on a production system is great, because the exact dynamic state of system is captured. But there is high risk of damage: data loss, crash. System unavailable or malware infection… Testing against a separate system that has been designed to model the live one is also not ideal. As the production system is not captured, thus reducing the value of the test.

3. POTASSIUM PTaaS • Pentesting Service in the Cloud. POTASSIUM uses techniques developed for live migration of virtual machines to clone them, capturing their full disk, memory, and network state. The cloned system is then isolated from the rest of the cloud, so that effects from the penetration test will not damage other tenants. Because the penetration tester owns the cloned system, testing is more thorough and efficient.

4. PTaaS Design Principles Validity Availability & Integrity SafetyScalability Extensibility

5. Potassium Architecture • Workflow. Meta-data Clone Attack subproject Production

6. Potassium Architecture • In depth view. Validity Safety Availability Extensibility Pentesting Modes Scalability

7. Live Consistent Checkpointing State Captured at Single Instance Snapshots Transparent Live ConsistentIterative P2 must be delivered after time t4 VM state machine for consistent CP

8. Pentesting Process Pentest Manager AttackersCoordinator Mirror Subproject data VM IP addresses, attackers assignment sheet Relays commands to attackers Collects session info. From attackers Vulnerability report generated at end of test Metasploit auto pentest • Simple, automated.

9. Pentesting Modes Isolated Automated Scalable Separate Availability Zones Metasploit Manage Multiple Pentests at Once Emulate Internal /External Attacks

10. Evaluation • Measurement: end-to-end time to perform pentesting as a function of the number of VMs in the production project. Performance Impact of Snapshot Checkpointing Minimal Consistent 68.5 Non-consistent 69.6 Pentest Effectiveness (2 test cases) WordPress Vulnerability detected Scalability Up to 100 VMs

11. Evaluation • Measurement: end-to-end time to perform pentesting as a function of the number of VMs in the production project. HTTP Response Times (ms) Baseline 67.4 Non-consistent 69.6 Consistent 68.5 Consistency Packet loss in VM1>VM0 steam Automated Pentesting Mirror Creation 227.59 Attacker Creation 77.56 Pentesting 35.99 Miscellaneous 0.87

12. Analysis Strengths • Automated pentest • Economies of Scale • No performance impact on production systems • Availability & Integrity Weaknesses • Automated Pentest • Difficult to bring external resources into the closed system (i.e. cloud-wide storage or DB services. • Possible Confidentiality concerns

13. Summary

14. References Richard Li, et al. (2015), POTASSIUM: Penetration Testing as a Service Proceedings of the Sixth ACM Symposium on Cloud Computing (SoCC '15)

Editor's Notes

Pentesting on a production system is great, because the exact dynamic state of system is captured. But there is high risk of damage: data loss, crash. System unavailable or malware infection… Testing against a separate system that has been designed to model the live one is also not ideal. As the production system is not captured, thus reducing the value of the test.
Penetration testing is the process where you probe network systems for vulnerabilities. POTASSIUM uses techniques developed for live migration of virtual machines to clone them, capturing their full disk, memory, and network state. The cloned system is then isolated from the rest of the cloud, so that effects from the penetration test will not damage other tenants. Because the penetration tester owns the cloned system, testing is more thorough and efficient.
POTASSIUM PTaaS has five design principles: Validity – results are the same on mirror system as on the production system Availability & Integrity – the pentest must have low impact on the performance and availability of the production system Safety – pentesting activity must not affect production projects or other systems on the Internet Scalability – ability to manage multiple pentest projects at once and deploy different strategies for allocating and positioning attacker VMs Extensibility – the design can support many pentesting tools
Step A – is the Production system in the cloud. Tenant has a allocated a collection of resources including several VMs and a network. Step B - A new project or copy of the production system is created using standard APIs of the cloud management system. It contains metadata, and has the same structure as the production project, but not the same internal state. This copy is referred to as the pentest project. Step C - A consistent snapshot of the production project is created, including all VM memory contents, disk contents, and network packets in flight. That state is inserted into the pentest project. Step D - Attacking resources are allocated and added to the pentest project; then the pentest is performed. The pentest project consists of two parts: the mirror subproject, which is the set of resources that mirror the production project, and the attack subproject, which is the set of resources introduced for pentesting. The pentest project is isolated so that the effects of the penetration test cannot harm other tenants.
Potassium is based on OpenStack, an open source software for creating private and public clouds. To ensure Availability, the Project Creator places pentest projects on physical resources that are separate from those used by production projects. This is achievable by using standard cloud APIs such as availability zones. Also, the Snapshot Agents perform live consistent checkpointing, allowing the production system to execute while it is being checkpointed. Although performance may be reduced during the time it takes to checkpoint, the project still remains available to clients. For Validity, Project Creator, Snapshot Manager, and Snapshot Agents work together to replicate the full state of the production project within the mirror subproject of a pentest project. The mirror is created in two steps: 1) the Project Creator obtains the metadata of the production project and invokes the cloud platform to create a mirror with the same metadata, and 2) the full state of the VMs and network in the production project is recreated via the Snapshot Agents that perform live, consistent checkpointing over the production project. Consistency means that the state of the production project is captured at a single, logical instant of time. Once a VM has completed its snapshot, any packet that it sends will not be delivered until the recipient VM has also completed its snapshot. Safety is implemented via the Project Creator, which uses the standard APIs of the cloud platform to disconnect the pentest project from any other network, except for an access route that allows POTASSIUM’s Pentest Manager to communicate with the attack Coordinator within the pentest project. Only the Coordinator has permission to send traffic outside of the pentest project, cannot relay traffic between the “inside” and the “outside” of the pentest project.The cloud platform is trusted, so POTASSIUM is not intended for pentests that aim to compromise the underlying cloud platform or hypervisors. POTASSIUM implemented the Metaspolit Framework as its automated pentesting tool. However, any pentesting tool can be used, satisfying the Extensibility design principle. The Coordinator serves as an adapter between POTASSIUM’s Pentest Manager and the implementations of the Attackers. POTASSIUM can insert attacking VMs into the mirror subproject’s internal networks, and capture VMs within the mirror subproject, emulating internal attacks. Scalability is fulfilled as POTASSIUM can manage multiple pentest projects at once (i.e., two separate users running pentests at the same time or concurrent pentests over a single production project). Additionally, it implements multiple strategies for allocating and positioning Attackers against a mirror subproject, for example, to emulate both external and internal attacks. By allocating large numbers of attacker VMs, POTASSIUM is able to swap space for time by performing pentests against multiple hosts in parallel.
POTASSIUM’s Snapshot Manager and Snapshot Agents implement a live, consistent checkpointing algorithm that creates snapshots of a production project. The prototype implementation uses QEMU’s live-snapshot mechanism to independently take a live snapshot for each individual VM in the production project. It uses packet coloring and buffering to deal with inconsistent packets. Snapshots = each VM saves its memory state by performing iterative memory copying Live = snapshot taken transparently Consistent = state captured at single instance in time The figure on the bottom left shows an example of a checkpoint timeline. For live, consistent checkpointing, packet P2 must be delivered after time t4. The figure on the bottom right shows an example of a VM state machine for consistent checkpointing. “Each VM in a production project is associated with an instance of the state machine shown with a VM beginning in a DEFAULT state. When POTASSIUM needs to checkpoint a production project, the Snapshot Manager sends a START_SNAPSHOT command to each VM, via the Snapshot Agents. Then, each VM transitions to the STARTED state and begins to take its snapshot. When a VM completes its snapshot, it transitions to the COMPLETED state. The Snapshot Manager periodically checks the status of each VM, and when all have completed their snapshots, the Snapshot Manager sends an ALL_SNAPSHOTS_COMPLETE command to every VM. Each VM then transitions to the ALL_COMPLETED state.”
The pentesting process in POTASSIUM is simple and automated. The Pentest Manager forwards Mirror Subproject data, VM IP addresses, and the attackers assignment sheet to the Coordinator. The Coordinator then relays the commands/data to attackers; then subsequently collects session information from Attackers. A vulnerability report is generated at the end of the test. The Attackers use the Metasploit framework to run an automated pentest.
There are three pentesting modes: Internal, External and Pivot Internal – creates multiple Attackers and attaches one to each network within the mirror subproject. Penetration testing may be directly performed by Attackers on the VMs in the mirror subproject, irrespective of whether those VMs can be reached from an external network. Overall vulnerabilities exposed in this mode. External – the attack subproject is attached to the mirror subproject to emulate an external attacker. Can be used to test correctness of security group rules. Pivot – pentesting is performed in multiple rounds from Attackers that replace VMs in the mirror subproject. This mode imitates the way an intruder is able to attack new targets from the point of view of an already compromised VM. Useful for “what if” analysis. Connectivity between mirror subproject and External network is disabled to prevent traffic leakage. OpenStack Security Groups allow attackers to be controlled by the Coordinator and reach VMs. Availability Zones is a standard cloud API that separates pentest projects on physical resources from those used by production projects.
Performance impact of Snapshot CP was minimal with a negligible difference between consistent and non-consistent. The Pentest was effective and positively detected the WordPress vulnerabilities. POTASSIUM scaled well up to 100 VMs.
HTTP response times ranged from 67% to 69.6%. Consistency tests shoed a packet loss in VM1>VM0 stream. Automatic pentest performance test showed mirror creation took the longest time (227.59), followed by attacker creation (77.56), and actual pentesting (35.99).

POTASSIUM: Penetration Testing as a Service

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to POTASSIUM: Penetration Testing as a Service

Similar to POTASSIUM: Penetration Testing as a Service (20)

Recently uploaded

Recently uploaded (20)

POTASSIUM: Penetration Testing as a Service

Editor's Notes