The lecture tries to summarize some interesting Java (remote) attack, and how to check / exploit them with Metasploit. The lecture doesn't focus on client attack vectors, like java sandbox abuses through applets, or click2play bypasses. It focus on remote attack vectors abusing RMI endpoints and technologies using RMI. The lecture won't only summarize some of the popular attack vectors, it also will review how to check/exploit them with Metasploit, presenting new capabilities and modules which are being added to the Metasploit Framework to support all the techniques discussed in the lecture.
Network Performance: Making Every Packet Count - NET401 - re:Invent 2017Amazon Web Services
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often not tuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
The document provides an overview of Logical Volume Management (LVM) in Linux. It discusses what LVM is, its main components like physical volumes, volume groups, logical volumes, and how they relate. It then gives steps to use LVM by creating a physical volume, volume group and logical volume. It also discusses how LVM allows expanding logical volumes and live resizing of file systems.
This document discusses Java serialization vulnerabilities and mitigations. It introduces Java serialization, attack vectors like serialization gadgets and deserialization endpoints, and demonstrates denial of service attacks. It covers mitigations such as validating class names during deserialization, but notes this approach can be bypassed. It proposes a new concept of also validating methods during deserialization. The goal is to help fix issues with the Java serialization process.
This document provides an overview and introduction to SIP testing using FreeSWITCH. It discusses using FreeSWITCH to test other SIP systems by generating calls with various codecs and protocols. The document outlines an agenda for functionality tests, load tests, and security tests. Functionality tests are recommended to verify expected SIP behaviors and identify key functionality to automate test scenarios for. SIPp is introduced as a tool for low-level SIP performance and functionality testing, though it requires a strong understanding of SIP. The document emphasizes the importance of testing and provides resources for open-source testing tools.
Network Performance: Making Every Packet Count - NET401 - re:Invent 2017Amazon Web Services
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often not tuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
The document provides an overview of Logical Volume Management (LVM) in Linux. It discusses what LVM is, its main components like physical volumes, volume groups, logical volumes, and how they relate. It then gives steps to use LVM by creating a physical volume, volume group and logical volume. It also discusses how LVM allows expanding logical volumes and live resizing of file systems.
This document discusses Java serialization vulnerabilities and mitigations. It introduces Java serialization, attack vectors like serialization gadgets and deserialization endpoints, and demonstrates denial of service attacks. It covers mitigations such as validating class names during deserialization, but notes this approach can be bypassed. It proposes a new concept of also validating methods during deserialization. The goal is to help fix issues with the Java serialization process.
This document provides an overview and introduction to SIP testing using FreeSWITCH. It discusses using FreeSWITCH to test other SIP systems by generating calls with various codecs and protocols. The document outlines an agenda for functionality tests, load tests, and security tests. Functionality tests are recommended to verify expected SIP behaviors and identify key functionality to automate test scenarios for. SIPp is introduced as a tool for low-level SIP performance and functionality testing, though it requires a strong understanding of SIP. The document emphasizes the importance of testing and provides resources for open-source testing tools.
Linux Traffic Control allows administrators to control network traffic through mechanisms like shaping, scheduling, classifying, policing, dropping and marking. It uses components like queuing disciplines (qdiscs), classes, filters, and actions. The tc command can be used to configure these components by adding, changing or deleting traffic control settings on network interfaces.
Introduction to the Container Network Interface (CNI)Weaveworks
CNI, the Container Network Interface, is a standard API between container runtimes and container network implementations. These slides are from the Cloud Native Computing Foundation's Webinar, and explain what CNI is, how you use it, and what lies ahead on the roadmap.
Cloud-init is a set of services that handles early initialization and configuration of virtual machines. It retrieves user-data and metadata from cloud providers to customize VMs during boot. Cloud-init runs in stages, starting with network setup and continuing through configuration and finalization. It supports various data sources like CloudStack and ConfigDrive and runs modules specified in /etc/cloud/cloud.cfg to perform tasks like package installation, user management, and more.
This document discusses configuring FreeSWITCH, an open source telephony platform, on Docker. It provides background on IP telephony systems and introduces FreeSWITCH and Docker. The benefits of using FreeSWITCH on Docker are explained, such as easier deployment and scalability. Steps are outlined to install FreeSWITCH from source on a CentOS Docker container and configure the network settings. Finally, instructions are given to configure a SIP phone like Linphone and verify the FreeSWITCH installation by placing test calls.
This document provides an overview of Amazon Elastic Block Storage (Amazon EBS) and discusses the different EBS volume types. It begins with an introduction to EBS and how it provides persistent block level storage volumes for use with EC2 instances. It then covers the various EBS volume types (SSD, HDD, provisioned IOPS, general purpose, throughput optimized), their performance characteristics and common use cases. The document also discusses strategies for choosing the right volume type and provides examples of using multiple types together for hybrid workloads.
NFV Orchestration for Telcos using OpenStack TackerSridhar Ramaswamy
ETSI MANO NFV Orchestration for Telco Service Providers using OpenStack Tacker project. Showcases integration of Tacker to orchestrate Brocade VNFs like 5600 Virtual Router and Connectem vEPC.
Getting started with SIP Express Media Server SIP app server and SBC - workshopstefansayer
How to configure a SEMS instance for offering common media services such as announcements, voicemail, audio conferencing and IVR menus, and how to use the powerful and flexible SBC application, the "Swiss Army Knife of call stateful SIP processing".
Video: https://www.youtube.com/watch?v=JRFNIKUROPE . Talk for linux.conf.au 2017 (LCA2017) by Brendan Gregg, about Linux enhanced BPF (eBPF). Abstract:
A world of new capabilities is emerging for the Linux 4.x series, thanks to enhancements that have been included in Linux for to Berkeley Packet Filter (BPF): an in-kernel virtual machine that can execute user space-defined programs. It is finding uses for security auditing and enforcement, enhancing networking (including eXpress Data Path), and performance observability and troubleshooting. Many new open source tools that have been written in the past 12 months for performance analysis that use BPF. Tracing superpowers have finally arrived for Linux!
For its use with tracing, BPF provides the programmable capabilities to the existing tracing frameworks: kprobes, uprobes, and tracepoints. In particular, BPF allows timestamps to be recorded and compared from custom events, allowing latency to be studied in many new places: kernel and application internals. It also allows data to be efficiently summarized in-kernel, including as histograms. This has allowed dozens of new observability tools to be developed so far, including measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more.
This talk will summarize BPF capabilities and use cases so far, and then focus on its use to enhance Linux tracing, especially with the open source bcc collection. bcc includes BPF versions of old classics, and many new tools, including execsnoop, opensnoop, funcccount, ext4slower, and more (many of which I developed). Perhaps you'd like to develop new tools, or use the existing tools to find performance wins large and small, especially when instrumenting areas that previously had zero visibility. I'll also summarize how we intend to use these new capabilities to enhance systems analysis at Netflix.
This document summarizes a presentation about scaling FreeSWITCH performance. It discusses how FreeSWITCH uses an insanely threaded model with session threads for each call leg. It also discusses some performance tweaks like reducing logging levels and moving the SQLite database to tmpfs memory to avoid I/O bottlenecks. Migrating to a database like PostgreSQL or MySQL may eventually be needed to move the database workload elsewhere for better performance.
The document discusses the basics of I/O and event-driven I/O models in Linux like blocking I/O, non-blocking I/O, I/O multiplexing using select/poll and their internals. It then introduces epoll as a more efficient alternative to select/poll and describes its user-space API, kernel structures and how it works by adding file descriptors to an epoll instance and waking up blocked processes on I/O events.
Receive side scaling (RSS) with eBPF in QEMU and virtio-netYan Vugenfirer
eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading a kernel module. Receive side scaling (RSS) is the mechanism of packet steering for multi-queue NICs optimizing multiple CPU utilization. The first usage of eBPF in QEMU is the optimization of the RSS packet steering in virtio-net. During this session, Yan will provide the motives for the RSS optimization using eBPF, review the technical solution, describe integration with libvirt, and discuss future development and additional usages of eBPF in QEMU.
This document discusses OSTree, a system for deploying and managing operating system updates using Git-like technologies. It describes how OSTree works with Linux distributions and containers to provide atomic operating system updates using technologies like Git, Docker, and chroot. OSTree aims to provide fast, reliable operating system updates similar to technologies used in Chrome OS and CoreOS.
The document discusses the HotRuby project, which aims to explore a server virtual machine (VM) for Ruby based on the Java VM. Some key points:
- HotRuby aims to take advantage of how the JVM optimizes programs through adaptive optimizations and allowing longer runtime to optimize.
- It uses an interpreter initially and then compiles code once the program definition is known, similar to other just-in-time VMs.
- The implementation focuses on reducing memory usage and object churn through techniques like using Java locals and specializing compiled code for receiver types.
- Initial performance results show HotRuby running at around 2.5 times faster than YARV, though it does not yet support all
Recently The Java Remote Method Invocation (RMI) system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language.
Linux Traffic Control allows administrators to control network traffic through mechanisms like shaping, scheduling, classifying, policing, dropping and marking. It uses components like queuing disciplines (qdiscs), classes, filters, and actions. The tc command can be used to configure these components by adding, changing or deleting traffic control settings on network interfaces.
Introduction to the Container Network Interface (CNI)Weaveworks
CNI, the Container Network Interface, is a standard API between container runtimes and container network implementations. These slides are from the Cloud Native Computing Foundation's Webinar, and explain what CNI is, how you use it, and what lies ahead on the roadmap.
Cloud-init is a set of services that handles early initialization and configuration of virtual machines. It retrieves user-data and metadata from cloud providers to customize VMs during boot. Cloud-init runs in stages, starting with network setup and continuing through configuration and finalization. It supports various data sources like CloudStack and ConfigDrive and runs modules specified in /etc/cloud/cloud.cfg to perform tasks like package installation, user management, and more.
This document discusses configuring FreeSWITCH, an open source telephony platform, on Docker. It provides background on IP telephony systems and introduces FreeSWITCH and Docker. The benefits of using FreeSWITCH on Docker are explained, such as easier deployment and scalability. Steps are outlined to install FreeSWITCH from source on a CentOS Docker container and configure the network settings. Finally, instructions are given to configure a SIP phone like Linphone and verify the FreeSWITCH installation by placing test calls.
This document provides an overview of Amazon Elastic Block Storage (Amazon EBS) and discusses the different EBS volume types. It begins with an introduction to EBS and how it provides persistent block level storage volumes for use with EC2 instances. It then covers the various EBS volume types (SSD, HDD, provisioned IOPS, general purpose, throughput optimized), their performance characteristics and common use cases. The document also discusses strategies for choosing the right volume type and provides examples of using multiple types together for hybrid workloads.
NFV Orchestration for Telcos using OpenStack TackerSridhar Ramaswamy
ETSI MANO NFV Orchestration for Telco Service Providers using OpenStack Tacker project. Showcases integration of Tacker to orchestrate Brocade VNFs like 5600 Virtual Router and Connectem vEPC.
Getting started with SIP Express Media Server SIP app server and SBC - workshopstefansayer
How to configure a SEMS instance for offering common media services such as announcements, voicemail, audio conferencing and IVR menus, and how to use the powerful and flexible SBC application, the "Swiss Army Knife of call stateful SIP processing".
Video: https://www.youtube.com/watch?v=JRFNIKUROPE . Talk for linux.conf.au 2017 (LCA2017) by Brendan Gregg, about Linux enhanced BPF (eBPF). Abstract:
A world of new capabilities is emerging for the Linux 4.x series, thanks to enhancements that have been included in Linux for to Berkeley Packet Filter (BPF): an in-kernel virtual machine that can execute user space-defined programs. It is finding uses for security auditing and enforcement, enhancing networking (including eXpress Data Path), and performance observability and troubleshooting. Many new open source tools that have been written in the past 12 months for performance analysis that use BPF. Tracing superpowers have finally arrived for Linux!
For its use with tracing, BPF provides the programmable capabilities to the existing tracing frameworks: kprobes, uprobes, and tracepoints. In particular, BPF allows timestamps to be recorded and compared from custom events, allowing latency to be studied in many new places: kernel and application internals. It also allows data to be efficiently summarized in-kernel, including as histograms. This has allowed dozens of new observability tools to be developed so far, including measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more.
This talk will summarize BPF capabilities and use cases so far, and then focus on its use to enhance Linux tracing, especially with the open source bcc collection. bcc includes BPF versions of old classics, and many new tools, including execsnoop, opensnoop, funcccount, ext4slower, and more (many of which I developed). Perhaps you'd like to develop new tools, or use the existing tools to find performance wins large and small, especially when instrumenting areas that previously had zero visibility. I'll also summarize how we intend to use these new capabilities to enhance systems analysis at Netflix.
This document summarizes a presentation about scaling FreeSWITCH performance. It discusses how FreeSWITCH uses an insanely threaded model with session threads for each call leg. It also discusses some performance tweaks like reducing logging levels and moving the SQLite database to tmpfs memory to avoid I/O bottlenecks. Migrating to a database like PostgreSQL or MySQL may eventually be needed to move the database workload elsewhere for better performance.
The document discusses the basics of I/O and event-driven I/O models in Linux like blocking I/O, non-blocking I/O, I/O multiplexing using select/poll and their internals. It then introduces epoll as a more efficient alternative to select/poll and describes its user-space API, kernel structures and how it works by adding file descriptors to an epoll instance and waking up blocked processes on I/O events.
Receive side scaling (RSS) with eBPF in QEMU and virtio-netYan Vugenfirer
eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading a kernel module. Receive side scaling (RSS) is the mechanism of packet steering for multi-queue NICs optimizing multiple CPU utilization. The first usage of eBPF in QEMU is the optimization of the RSS packet steering in virtio-net. During this session, Yan will provide the motives for the RSS optimization using eBPF, review the technical solution, describe integration with libvirt, and discuss future development and additional usages of eBPF in QEMU.
This document discusses OSTree, a system for deploying and managing operating system updates using Git-like technologies. It describes how OSTree works with Linux distributions and containers to provide atomic operating system updates using technologies like Git, Docker, and chroot. OSTree aims to provide fast, reliable operating system updates similar to technologies used in Chrome OS and CoreOS.
The document discusses the HotRuby project, which aims to explore a server virtual machine (VM) for Ruby based on the Java VM. Some key points:
- HotRuby aims to take advantage of how the JVM optimizes programs through adaptive optimizations and allowing longer runtime to optimize.
- It uses an interpreter initially and then compiles code once the program definition is known, similar to other just-in-time VMs.
- The implementation focuses on reducing memory usage and object churn through techniques like using Java locals and specializing compiled code for receiver types.
- Initial performance results show HotRuby running at around 2.5 times faster than YARV, though it does not yet support all
Recently The Java Remote Method Invocation (RMI) system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language.
Java is a high level, an object oriented and mostly used programming language. It has several applications as in web development, app development, android development etc. This is a ppt that will give a basic idea about java its uses and its applications.
This document provides an overview of core Java concepts including:
- A brief history of Java's development from 1991 to today.
- Key Java features such as being object-oriented, platform independent, secure, and reliable.
- Object-oriented programming concepts in Java like classes, objects, inheritance, polymorphism.
- Common Java keywords, operators, data types, and variables.
- Additional topics covered include methods, inheritance, interfaces, exceptions, and strings.
This document provides an introduction to JVM bytecode, including how to inspect, generate, and understand bytecode. It discusses two main parts - JVM bytecode itself such as basic instructions and stack operations, and the JVM JIT compiler which compiles bytecode to machine code. Various tools for working with bytecode like javap and ASM are also introduced. The document is intended to help readers gain a better understanding of how the Java platform works from the lowest level.
This document summarizes the history and future of the Java Virtual Machine (JVM). It discusses how the JVM evolved from Java 1.0 with the addition of just-in-time compilation in 1.3 and a two-year release cycle until 1.6. It then describes the dispute between Sun and Apache over access to test suites that stalled Java's progress for five years until Oracle acquired Sun. It outlines new features added since like invokedynamic, lambda expressions, and modules. Finally, it discusses improvements to native interoperability and language support on the JVM through projects like Java Native Runtime (JNR).
The document provides an overview of key Java concepts:
1. Java is an object-oriented, platform-independent language that is compiled to bytecode and interpreted by the Java Virtual Machine (JVM).
2. The JVM handles security, memory management through garbage collection, and allows multithreaded programming.
3. Developers use the Java Development Kit (JDK) for coding Java applications, which includes the compiler, JVM, and other tools. The Java Runtime Environment (JRE) provides minimum requirements to run Java applications.
Building Concurrent WebObjects applications with ScalaWO Community
This document discusses using Scala for concurrent programming in WebObjects applications. It begins by explaining why concurrent programming is important due to increasing numbers of processor cores. It then discusses challenges with traditional threading and locks and introduces the actor model as an easier and more scalable approach using message passing. The document demonstrates how to build concurrent WebObjects applications using Scala actors for processing tasks like video encoding. It shows how properties can configure WebObjects for concurrent requests and how ERXEC provides thread safety. Benchmarks show the Scala actor approach outperforms traditional threading. The document argues that Scala is a powerful, safe and easy language for concurrent programming in WebObjects.
This document discusses object serialization in Java. Serialization is the process of converting an object's state into a byte stream to store or transmit the object. Deserialization reconstructs the object from the byte stream. The Student class implements the Serializable interface, allowing its objects to be serialized. ObjectOutputStream writes objects to an output stream, while ObjectInputStream deserializes objects from an input stream and reconstructs the object. An example demonstrates serializing a Student object to a file and then deserializing and printing its attributes.
The document discusses the fundamentals of object-oriented programming and Java. It covers key concepts like abstraction, encapsulation, inheritance and polymorphism. It also describes the basic structure of a Java program, including classes, objects, methods and variables. It explains how to set up a Java development environment, compile and run a simple Java program.
This document provides an overview of object-oriented programming concepts in Java including abstraction, encapsulation, inheritance, and polymorphism. It discusses key Java concepts like classes, objects, methods, and access specifiers. It also covers Java fundamentals like variables, data types, operators, control flow statements, comments, and arrays. Additionally, it describes the Java runtime environment, how to set up a Java development environment, compile and run a simple Java program. The document is intended as an introduction to object-oriented programming and the Java programming language.
A presentation at Twitter's official developer conference, Chirp, about why we use the Scala programming language and how we build services in it. Provides a tour of a number of libraries and tools, both developed at Twitter and otherwise.
This document provides an overview of advanced C# concepts, including:
- C# can be used to create various types of applications like console apps, Windows forms, web services, and ASP.NET MVC apps.
- Assemblies are deployment units that contain code and metadata. They can be EXEs or DLLs.
- Types in C# can contain fields, methods, properties, and events. Methods are not virtual by default. Access modifiers include private, protected, internal, and public.
- Objects are allocated in memory and cleaned up through constructors, finalizers, and the garbage collector. Exceptions provide a way to handle errors.
The document discusses various features and constructs of the Java programming language including:
- Java is an object-oriented, simple, platform-independent, secure, robust, and high-performance language.
- The Java Runtime Environment (JRE) provides the runtime platform and Java Development Kit (JDK) includes development tools.
- Java programs are compiled to bytecode that runs on the Java Virtual Machine (JVM) on any platform.
- Core Java constructs include data types, variables, operators, statements, and classes. Primitive data types include numbers, booleans, characters and strings.
Java deserialization vulnerabilities allow attackers to exploit object serialization to influence in-memory program objects and code flow. If an attacker controls serialized data passed to a deserialization routine, they can manipulate the program. This has led to remote code execution attacks. Vendors have tried to mitigate this by blacklisting or whitelisting dangerous classes, but full remediation requires code changes. Exploits have included binary, XML, and text payloads triggering vulnerabilities in Spring, Weblogic, and other platforms.
The document discusses bytecode and the Java Virtual Machine (JVM). It provides an example of decompiling the "Hello World" Java program using javap to view the bytecode instructions. It also covers bytecode fundamentals like the stack machine model, instruction types, and how the operand stack and frames work. Finally, it demonstrates some common stack manipulation instructions.
Java programing language unit 1 introductionchnrketan
This document provides an overview of key Java concepts including:
- Java is a popular, platform-independent object-oriented programming language.
- Key Java features include being object-oriented, having automatic memory management, and using a virtual machine.
- Core Java topics covered include arrays, strings, classes, objects, methods, and exceptions.
The State of Managed Runtimes 2013, by Attila SzegediZeroTurnaround
There’s JVM, and that’s it, right? Well, not exactly. Even within JVM, there’s an increasing support for running all kinds of non-Java languages: we have invokedynamic, but it’s being improved, and new layers of functionality are emerging on top of it, making JVM a better home for all kinds of programming languages. There’s life outside of JVM too. JavaScript seems to be a new assembler-lever compilation target even for C programs (I’ll show some amusing examples of what exactly you can run these days in a browser) , and there are some independent efforts at managed runtimes in various stages of completion that seem promising – PyPy, Topaz, Rubinius, Parrot VM (it’s alive again!). This talk is admittedly a language-runtime-enthusiast’s walk-through the things he finds interesting happening this year. Recorded at GeekOut 2013.
Lecture from javaday.bg by Nayden Gochev/ Ivan Ivanov and Mitia Alexandrov Nayden Gochev
This document discusses new features in Java 7 and 8 including lambda expressions, method handles, invokedynamic, and exact numeric operations. The biggest additions to Java 7 are method handles which allow calling non-public methods more efficiently than reflection, and invokedynamic which allows dynamic method dispatch that the JVM can optimize. Lambdas in Java 8 allow using functional interfaces and anonymous functions. They are implemented using invokedynamic and are not anonymous classes for performance reasons. New exact numeric methods in Math and BigInteger/BigDecimal protect from overflows.
1.) Introduction
Our Movement is not new; it is the same as it was for Freedom, Justice, and Equality since we were labeled as slaves. However, this movement at its core must entail economics.
2.) Historical Context
This is the same movement because none of the previous movements, such as boycotts, were ever completed. For some, maybe, but for the most part, it’s just a place to keep your stable until you’re ready to assimilate them into your system. The rest of the crabs are left in the world’s worst parts, begging for scraps.
3.) Economic Empowerment
Our Movement aims to show that it is indeed possible for the less fortunate to establish their economic system. Everyone else – Caucasian, Asian, Mexican, Israeli, Jews, etc. – has their systems, and they all set up and usurp money from the less fortunate. So, the less fortunate buy from every one of them, yet none of them buy from the less fortunate. Moreover, the less fortunate really don’t have anything to sell.
4.) Collaboration with Organizations
Our Movement will demonstrate how organizations such as the National Association for the Advancement of Colored People, National Urban League, Black Lives Matter, and others can assist in creating a much more indestructible Black Wall Street.
5.) Vision for the Future
Our Movement will not settle for less than those who came before us and stopped before the rights were equal. The economy, jobs, healthcare, education, housing, incarceration – everything is unfair, and what isn’t is rigged for the less fortunate to fail, as evidenced in society.
6.) Call to Action
Our movement has started and implemented everything needed for the advancement of the economic system. There are positions for only those who understand the importance of this movement, as failure to address it will continue the degradation of the people deemed less fortunate.
No, this isn’t Noah’s Ark, nor am I a Prophet. I’m just a man who wrote a couple of books, created a magnificent website: http://www.thearkproject.llc, and who truly hopes to try and initiate a truly sustainable economic system for deprived people. We may not all have the same beliefs, but if our methods are tried, tested, and proven, we can come together and help others. My website: http://www.thearkproject.llc is very informative and considerably controversial. Please check it out, and if you are afraid, leave immediately; it’s no place for cowards. The last Prophet said: “Whoever among you sees an evil action, then let him change it with his hand [by taking action]; if he cannot, then with his tongue [by speaking out]; and if he cannot, then, with his heart – and that is the weakest of faith.” [Sahih Muslim] If we all, or even some of us, did this, there would be significant change. We are able to witness it on small and grand scales, for example, from climate control to business partnerships. I encourage, invite, and challenge you all to support me by visiting my website.
This presentation by OECD, OECD Secretariat, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by Thibault Schrepel, Associate Professor of Law at Vrije Universiteit Amsterdam University, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
Carrer goals.pptx and their importance in real lifeartemacademy2
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
• For a full set of 530+ questions. Go to
https://skillcertpro.com/product/servicenow-cis-itsm-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
This presentation by OECD, OECD Secretariat, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Nathaniel Lane, Associate Professor in Economics at Oxford University, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Katharine Kemp, Associate Professor at the Faculty of Law & Justice at UNSW Sydney, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Juraj Čorba, Chair of OECD Working Party on Artificial Intelligence Governance (AIGO), was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
Gamify it until you make it Improving Agile Development and Operations with ...Ben Linders
So many challenges, so little time. While we’re busy developing software and keeping it operational, we also need to sharpen the saw, but how? Gamification can be a way to look at how you’re doing and find out where to improve. It’s a great way to have everyone involved and get the best out of people.
In this presentation, Ben Linders will show how playing games with the DevOps coaching cards can help to explore your current development and deployment (DevOps) practices and decide as a team what to improve or experiment with.
The games that we play are based on an engagement model. Instead of imposing change, the games enable people to pull in ideas for change and apply those in a way that best suits their collective needs.
By playing games, you can learn from each other. Teams can use games, exercises, and coaching cards to discuss values, principles, and practices, and share their experiences and learnings.
Different game formats can be used to share experiences on DevOps principles and practices and explore how they can be applied effectively. This presentation provides an overview of playing formats and will inspire you to come up with your own formats.
This presentation by Yong Lim, Professor of Economic Law at Seoul National University School of Law, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems.
Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa
Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfBen Linders
Psychological safety in teams is important; team members must feel safe and able to communicate and collaborate effectively to deliver value. It’s also necessary to build long-lasting teams since things will happen and relationships will be strained.
But, how safe is a team? How can we determine if there are any factors that make the team unsafe or have an impact on the team’s culture?
In this mini-workshop, we’ll play games for psychological safety and team culture utilizing a deck of coaching cards, The Psychological Safety Cards. We will learn how to use gamification to gain a better understanding of what’s going on in teams. Individuals share what they have learned from working in teams, what has impacted the team’s safety and culture, and what has led to positive change.
Different game formats will be played in groups in parallel. Examples are an ice-breaker to get people talking about psychological safety, a constellation where people take positions about aspects of psychological safety in their team or organization, and collaborative card games where people work together to create an environment that fosters psychological safety.
2. Index
2
• About me
• Motivation
• RMI 101
• Java Object Serialization Protocol
• RMI: Method invocation
• Case Study: java_rmi_registry
• Case Study: java_rmi_server
• Case Study: java_jmx_server
• Conclusions
RMI
Remote
Method
Invoca/on
JMX
Java
Management
Extensions
3. About me
3
• I’m not a Java developer
• I’m not a Java hacker
• Exploit Developer at Rapid7
– Metasploit-Framework
• My English… sorry!
4. Motivation
4
• Leon Johnson, awesome pentester at Rapid7,
asked about a module for exploiting JMX RMI
endpoints.
• Excellent write-up from Braden Thomas:
– http://www.accuvant.com/blog/exploiting-jmx-rmi
8. RMI 101
8
• Wikipedia says:
“The
Java
Remote
Method
Invoca/on
(Java
RMI)
is
a
Java
API
that
performs
the
object-‐oriented
equivalent
of
remote
procedure
calls
(RPC),
with
support
for
direct
transfer
of
serialized
Java
classes
and
distributed
garbage
collec/on.”
*
*
For
a
beLer
introduc/on,
the
Java
specs
are
more
useful,
but
it’s
hard
to
find
1
summary
sentence
in
the
specs
J
19. RMI 101. RMI Transport Protocol
19
“Call
and
return
data
in
RMI
calls
are
formaLed
using
the
Java
Object
SerializaBon
Protocol”
hLp://docs.oracle.com/javase/7/docs/pla]orm/rmi/spec/rmi-‐protocol4.html
20. Java Object Serialization Protocol
20
“The
ability
to
store
and
retrieve
JavaTM
objects
is
essen/al
to
building
all
but
the
most
transient
applica/ons.
The
key
to
storing
and
retrieving
objects
in
a
serialized
form
is
represen/ng
the
state
of
objects
sufficient
to
reconstruct
the
object(s).”
hLp://docs.oracle.com/javase/7/docs/pla]orm/serializa/on/spec/serialTOC.html
Warning:
If
you
haven’t
fought
with
Java
Serializa/on
before,
the
specs
and
the
grammar
can
be
confusing…
21. Java Object Serialization Protocol
21
• Use small programs to
get serialized samples.
import java.io.*;!
!
public class NewArrayInts!
{!
public static void main(String [] args)!
{!
int[] anArray;!
anArray = new int[2];!
anArray[0] = -20;!
anArray[1] = 0x41;!
try!
{!
FileOutputStream fileOut =!
new FileOutputStream("new_array_ints.ser");!
ObjectOutputStream out = new
ObjectOutputStream(fileOut);!
out.writeObject(anArray);!
out.close();!
fileOut.close();!
} catch(IOException i)!
{!
i.printStackTrace();!
}!
}!
}!
24. Java Object Serialization Protocol
24
• Also, you have two useful (Java)
classes:
– java.io.ObjectOutputStream
– java.io.ObjectInputStream
• Read and debug them!
import java.io.*;!
!
public class NewArrayInts!
{!
public static void main(String [] args)!
{!
int[] anArray;!
anArray = new int[2];!
anArray[0] = -20;!
anArray[1] = 0x41;!
try!
{!
FileOutputStream fileOut =!
new FileOutputStream("new_array_ints.ser");!
ObjectOutputStream out = new
ObjectOutputStream(fileOut);!
out.writeObject(anArray);!
out.close();!
fileOut.close();!
} catch(IOException i)!
{!
i.printStackTrace();!
}!
}!
}!
25. Java Object Serialization Protocol
25
• Several days later…:
– Rex::Java::Serialization: Not full support, but good enough for our purposes.
• Includes
modeling
for
the
different
en//es
as
described
in
the
Java
Serializa/on
Protocol
specs/grammar.
• Every
object
allows
to
decode
(unserializa/on)
from
an
IO
or
“self”
encoding
(serializa/on).
• Rex::Java::Serializa/on::Builder
allows
easy
building
of
some
elements.
– Also: tools/java_deserializer.rb allows to inspect java serialized streams,
zooming arrays and objects.
30. Finally….
30
• Rex::Proto::Rmi
– Model for the RMI protocol as described in the specs / grammar. Every object
allows to be “self” read from an IO or written into an String.
• Msf::Java::Rmi::Client
– Mixin including the Exploit::Remote::TCP one
– Methods to made RMI calls easier from the modules.
– Also methods to build calls for some common RMI endpoints
• Registry
• JMX
Management
31. RMI Method Invocation
31
• In order to debug RMI calls, let’s understand them a little bit better.
• Use RMIC to generate the stubs (v1.2). It’s not needed anymore, since
nowadays static stubs are deprecated in favor of dynamic code.
• It will generate a new class HelloImpl_Stub.class.
rmic
-‐classpath
.
example.hello.HelloImpl
34. Case Study: java_rmi_registry
34
• The RMI Registry is just a remote
object provided by Java, so every
virtual machine knows its interface.
• Listens on a well known port
– 1099/TCP.
35. Case Study: java_rmi_registry
35
msf
>
use
auxiliary/gather/java_rmi_registry
msf
auxiliary(java_rmi_registry)
>
set
rhost
172.16.158.131
rhost
=>
172.16.158.131
msf
auxiliary(java_rmi_registry)
>
run
[*]
172.16.158.131:1099
-‐
Sending
RMI
Header...
[*]
172.16.158.131:1099
-‐
Lis/ng
names
in
the
Registry...
[+]
172.16.158.131:1099
-‐
1
names
found
in
the
Registry
[+]
172.16.158.131:1099
-‐
Name
Hello
(example.hello.HelloImpl_Stub)
found
on
172.16.158.131:1175
[*]
Auxiliary
module
execu/on
completed
36. Case Study: java_rmi_server
36
Credits:
Michael
Schierl
@mihi42
hLp://docs.oracle.com/javase/7/docs/pla]orm/rmi/spec/rmi-‐arch5.html
RMI
allows
parameters,
return
values
and
excepBons
passed
in
RMI
calls
to
be
any
object
that
is
serializable.
RMI
uses
the
object
serializa/on
mechanism
to
transmit
data
from
one
virtual
machine
to
another
and
also
annotates
the
call
stream
with
the
appropriate
locaBon
informaBon
so
that
the
class
definiBon
files
can
be
loaded
at
the
receiver.
46. Conclusions
46
• Lot of examples:
– All the RMI/JMX modules have been ported.
– Specs
– New modules: java_rmi_registry, java_jmx_server
• TODO
– Full Java Serialization support.
– Exploit all the things! PR are super welcome!