This document discusses how to create a domain-specific language (DSL) using Ruby. It begins with an introduction to DSLs and examples of external and internal DSLs. It then demonstrates how to build a DSL for configuring Meetup groups by parsing a configuration file using Ruby's instance_eval method. Key points are that instance_eval interprets a string as Ruby code in the context of an object, and using it with a block changes the default receiver inside the block. The document provides sample code for loading the configuration and implementing setter methods to configure the Meetup object.
This document provides a list of display filter keywords that can be used in Wireshark to filter packets based on fields in different protocols including Ethernet, ARP, IPv4, IPv6, TCP, UDP, ICMP, HTTP, BGP, MPLS, Frame Relay, PPP, DTP, VTP and more. It is presented in two parts and includes brief descriptions of common fields that can be filtered on for each protocol.
Welcome to the Symfony2 World - FOSDEM 2013Lukas Smith
This document provides an overview of a presentation about Symfony2. It introduces the two speakers, Lukas Smith and Daniel Kucharski, and discusses what Symfony2 is, its components, frameworks, distributions, ecosystem, and popular bundles. Key applications and libraries that integrate with Symfony2 are also summarized, such as Twig, Assetic, Monolog, Doctrine, JMSSerializer, Guzzle, and the Sonata Project.
The document discusses Jingle, an open standard protocol for real-time communication like voice and video calls over the XMPP protocol. Jingle allows for peer-to-peer connections using techniques like STUN and ICE to traverse NATs and firewalls, with the ability to fallback to using media servers. The standard is maturing and implementations exist in libraries like libjingle, allowing for open, interoperable voice and video communication on a global federated XMPP network.
This document discusses setting up a network bridge without Docker. It provides a Vagrantfile to configure a virtual machine environment with Ubuntu 18.04, along with tools like Go and Docker installed. Instructions are given to create a bridge between two network namespaces called RED and BLUE using IP addresses in the 11.11.11.0/24 range. Tests show that hosts can ping each other within this network but not across the real interface and IP range of the host machine. Additional routing and IP configuration is needed to allow outside communication.
This document discusses Linux text stream filters and provides examples of common Unix commands used to process and modify text streams. These commands include cat, head, tail, cut, and split. Cat prints the contents of files, head prints the first few lines, tail prints the last few lines, cut extracts parts of each line, and split divides files into smaller parts. The document also covers input/output redirection and how it can be used with filters to modify command output and send it to files.
This document discusses Linux text stream filters and provides examples of common Unix commands used to process and modify text streams. These commands include cat, head, tail, cut, and split. Cat prints the contents of files, head prints the first few lines, tail prints the last few lines, cut extracts parts of each line, and split divides files into smaller parts. The document also covers input/output redirection and how it can be used with text stream filters.
This document discusses various UNIX commands for processing text streams and filtering text, including cat, cut, head, tail, and split. It provides examples of using each command to select, modify, or restructure the output. The commands can be used to select parts of files like lines (head/tail) or columns (cut), and to split files into multiple parts (split). Pipelines and redirection are also covered.
This document discusses how to create a domain-specific language (DSL) using Ruby. It begins with an introduction to DSLs and examples of external and internal DSLs. It then demonstrates how to build a DSL for configuring Meetup groups by parsing a configuration file using Ruby's instance_eval method. Key points are that instance_eval interprets a string as Ruby code in the context of an object, and using it with a block changes the default receiver inside the block. The document provides sample code for loading the configuration and implementing setter methods to configure the Meetup object.
This document provides a list of display filter keywords that can be used in Wireshark to filter packets based on fields in different protocols including Ethernet, ARP, IPv4, IPv6, TCP, UDP, ICMP, HTTP, BGP, MPLS, Frame Relay, PPP, DTP, VTP and more. It is presented in two parts and includes brief descriptions of common fields that can be filtered on for each protocol.
Welcome to the Symfony2 World - FOSDEM 2013Lukas Smith
This document provides an overview of a presentation about Symfony2. It introduces the two speakers, Lukas Smith and Daniel Kucharski, and discusses what Symfony2 is, its components, frameworks, distributions, ecosystem, and popular bundles. Key applications and libraries that integrate with Symfony2 are also summarized, such as Twig, Assetic, Monolog, Doctrine, JMSSerializer, Guzzle, and the Sonata Project.
The document discusses Jingle, an open standard protocol for real-time communication like voice and video calls over the XMPP protocol. Jingle allows for peer-to-peer connections using techniques like STUN and ICE to traverse NATs and firewalls, with the ability to fallback to using media servers. The standard is maturing and implementations exist in libraries like libjingle, allowing for open, interoperable voice and video communication on a global federated XMPP network.
This document discusses setting up a network bridge without Docker. It provides a Vagrantfile to configure a virtual machine environment with Ubuntu 18.04, along with tools like Go and Docker installed. Instructions are given to create a bridge between two network namespaces called RED and BLUE using IP addresses in the 11.11.11.0/24 range. Tests show that hosts can ping each other within this network but not across the real interface and IP range of the host machine. Additional routing and IP configuration is needed to allow outside communication.
This document discusses Linux text stream filters and provides examples of common Unix commands used to process and modify text streams. These commands include cat, head, tail, cut, and split. Cat prints the contents of files, head prints the first few lines, tail prints the last few lines, cut extracts parts of each line, and split divides files into smaller parts. The document also covers input/output redirection and how it can be used with filters to modify command output and send it to files.
This document discusses Linux text stream filters and provides examples of common Unix commands used to process and modify text streams. These commands include cat, head, tail, cut, and split. Cat prints the contents of files, head prints the first few lines, tail prints the last few lines, cut extracts parts of each line, and split divides files into smaller parts. The document also covers input/output redirection and how it can be used with text stream filters.
This document discusses various UNIX commands for processing text streams and filtering text, including cat, cut, head, tail, and split. It provides examples of using each command to select, modify, or restructure the output. The commands can be used to select parts of files like lines (head/tail) or columns (cut), and to split files into multiple parts (split). Pipelines and redirection are also covered.
The document provides an overview of XMPP (eXtensible Messaging and Presence Protocol), formerly known as Jabber. It discusses that XMPP is an open standard for real-time messaging that routes small snippets of XML between servers to allow users like Alice and Sister to exchange messages and presence information in real-time. The document also covers the history and development of XMPP, its architecture and decentralized federated model, encryption and security features, common uses like instant messaging and voice/video calling, and extensible capabilities through extensions.
The document discusses the Trivial File Transfer Protocol (TFTP) which was designed to transfer files between processes with minimal overhead using UDP. TFTP uses five simple message types - read request, write request, data, acknowledgment, and error. It is commonly used to boot diskless workstations by allowing them to download boot files from a TFTP server. The document outlines the message formats, transfer modes, error codes, and concurrency considerations for implementing a TFTP server using UDP sockets.
The document summarizes the use of LLVM for code generation when recompiling Nintendo games as native games. LLVM provides a full compiler infrastructure that can be used to generate code for various platforms from a common intermediate representation (LLVM bitcode). The document discusses using LLVM for code generation from 6502 assembly to generate native code for emulation. Optimizations available through LLVM are also discussed.
Update presented at LINX in November 2013 ( the London Internet Exchange ) regarding ExaBGP, The BGP swiss army knife of networking.
It includes information about the latest developments, and features, including RFC support, for ISP and IXP.
Users of BIRD and Quagga may find some information about features not yet present in other Open Source BGP implementation.
This document summarizes the /etc/services file, which defines network services and their associated port numbers. It notes that the file contains services defined by IANA in the Assigned Numbers registry, including well-known ports from 0-1023, registered ports from 1024-49151, and dynamic/private ports from 49152-65535. Each entry lists the service name, port number, transport protocol, and optional comments or aliases.
The document introduces SD, a peer-to-peer bug tracking tool developed by Best Practical to allow tracking bugs offline and syncing work across devices. SD uses a decentralized model where each installation can pull changes from any other replica. It supports syncing with other bug trackers like RT, Trac and Google Code. The author argues that cloud services make users dependent while SD empowers fully offline and distributed work by syncing like users naturally share files.
Advances in Network-adaptive Video StreamingVideoguy
1. Advances in network-adaptive video streaming allow for better delivery of video over best-effort packet networks by jointly optimizing source coding, signal processing, and packet transport.
2. Techniques like adaptive media playout, rate-distortion optimal packet scheduling, and network-adaptive packet dependency management can reduce latency and packet loss while maximizing reconstruction quality.
3. Recent work has shown that approaches like proxy servers using rate-distortion optimized streaming, path diversity, and accelerated retroactive decoding can further improve streaming performance over lossy networks.
This document discusses various issues in client/server programming and network server design. It covers topics like identifying servers, UDP and TCP client design, specifying local addresses, partial socket closes, concurrent vs iterative servers, and design alternatives like one process per client, preforked servers, and prethreaded servers. The best design depends on factors like expected client load, transaction sizes, and available system resources. Understanding these issues and testing alternatives is important for choosing an optimal server architecture.
David Duffett
UK
TeleSpeak
8th Conference - ElastixWorld 2011
Making asterisk feel like home outside north america
Haciendo sentir a Asterisk como en casa fuera de Norte América
This document summarizes virtual networking performance measurements and analysis. It finds that virtual networking introduces overhead compared to physical networking, with legacy emulated NICs performing worse than newer virtual NIC designs. Current work focuses on areas like multiqueue support, zero copy networking, and batching to improve performance. The document outlines future work areas and ways people can help, such as through testing, profiling, and developing optimizations.
This document discusses using Docker containers without Docker. It provides a Vagrantfile configuration to set up a virtual machine environment for experiments. The Vagrantfile configures a Ubuntu 18.04 virtual machine with Docker, Go, and other tools installed. The document then covers mounting namespaces and how to isolate the root filesystem of a process to emulate containers without Docker.
1. DPDK achieves high throughput packet processing on commodity hardware by reducing kernel overhead through techniques like polling, huge pages, and userspace drivers.
2. In Linux, packet processing involves expensive operations like system calls, interrupts, and data copying between kernel and userspace. DPDK avoids these by doing all packet processing in userspace.
3. DPDK uses techniques like isolating cores for packet I/O threads, lockless ring buffers, and NUMA awareness to further optimize performance. It can achieve throughput of over 14 million packets per second on 10GbE interfaces.
XMPP Intro that also involves more advanced topics like pub/sub, using components and plugins on the XMPP server side.
The Last section covers recommendations of servers and how to install a full XMPP setup for a web scenario (using pure HTML and Strophe.js for client side).
The document discusses Distributed Virtual Router (DVR) and L3 High Availability in OpenStack Networking (Juno). It describes DVR packet flow including SNAT on the network node, floating IP/DNAT on compute nodes, and East-West traffic flow between instances on different compute nodes using GRE tunnels. Compute nodes perform distributed routing functions using Open vSwitch and namespaces.
This document discusses MPEG encoding for MediaSonic video players. It explains that MPEG uses compression to combine video and audio streams, with timestamps to synchronize them. MediaSonic players use either program or transport streams for playback or transmission. The document provides details on MPEG video and audio encoding, including GOP structure, color sampling, and AC3 audio. It also discusses software and hardware encoders, and factors for encoding video for large screens.
1) The document summarizes a presentation given by Letizia Baratti and Angelo Parnofiello at a III Transnational Meeting in Rijeka, Croatia on May 6, 2009.
2) The presentation discusses their advertising firm which has operated in northern Italy since 1983, and provides an overview of their financial situation, goals, customers, competitors, strengths/weaknesses, opportunities/threats, products/services offered, and marketing strategies.
3) Specific services offered by the firm include advertising, branding, consulting, market surveys, and feedback in response to products.
The document discusses data from surveys and statistics in several European countries regarding crimes committed by migrants versus native populations. The key findings are:
1) In many Western European countries, the belief that migrants increase crime is not supported by new sociological surveys, as crime rates have decreased despite increased migration.
2) The rate of criminal acts between natives and migrants with residence permits is almost overlapping in these countries.
3) Legalizing migrant status decreases their likelihood of committing crimes.
4) Differences in immigration laws across Europe make it difficult to draw definitive conclusions about the relationship between migration and crime rates.
The document provides an overview of XMPP (eXtensible Messaging and Presence Protocol), formerly known as Jabber. It discusses that XMPP is an open standard for real-time messaging that routes small snippets of XML between servers to allow users like Alice and Sister to exchange messages and presence information in real-time. The document also covers the history and development of XMPP, its architecture and decentralized federated model, encryption and security features, common uses like instant messaging and voice/video calling, and extensible capabilities through extensions.
The document discusses the Trivial File Transfer Protocol (TFTP) which was designed to transfer files between processes with minimal overhead using UDP. TFTP uses five simple message types - read request, write request, data, acknowledgment, and error. It is commonly used to boot diskless workstations by allowing them to download boot files from a TFTP server. The document outlines the message formats, transfer modes, error codes, and concurrency considerations for implementing a TFTP server using UDP sockets.
The document summarizes the use of LLVM for code generation when recompiling Nintendo games as native games. LLVM provides a full compiler infrastructure that can be used to generate code for various platforms from a common intermediate representation (LLVM bitcode). The document discusses using LLVM for code generation from 6502 assembly to generate native code for emulation. Optimizations available through LLVM are also discussed.
Update presented at LINX in November 2013 ( the London Internet Exchange ) regarding ExaBGP, The BGP swiss army knife of networking.
It includes information about the latest developments, and features, including RFC support, for ISP and IXP.
Users of BIRD and Quagga may find some information about features not yet present in other Open Source BGP implementation.
This document summarizes the /etc/services file, which defines network services and their associated port numbers. It notes that the file contains services defined by IANA in the Assigned Numbers registry, including well-known ports from 0-1023, registered ports from 1024-49151, and dynamic/private ports from 49152-65535. Each entry lists the service name, port number, transport protocol, and optional comments or aliases.
The document introduces SD, a peer-to-peer bug tracking tool developed by Best Practical to allow tracking bugs offline and syncing work across devices. SD uses a decentralized model where each installation can pull changes from any other replica. It supports syncing with other bug trackers like RT, Trac and Google Code. The author argues that cloud services make users dependent while SD empowers fully offline and distributed work by syncing like users naturally share files.
Advances in Network-adaptive Video StreamingVideoguy
1. Advances in network-adaptive video streaming allow for better delivery of video over best-effort packet networks by jointly optimizing source coding, signal processing, and packet transport.
2. Techniques like adaptive media playout, rate-distortion optimal packet scheduling, and network-adaptive packet dependency management can reduce latency and packet loss while maximizing reconstruction quality.
3. Recent work has shown that approaches like proxy servers using rate-distortion optimized streaming, path diversity, and accelerated retroactive decoding can further improve streaming performance over lossy networks.
This document discusses various issues in client/server programming and network server design. It covers topics like identifying servers, UDP and TCP client design, specifying local addresses, partial socket closes, concurrent vs iterative servers, and design alternatives like one process per client, preforked servers, and prethreaded servers. The best design depends on factors like expected client load, transaction sizes, and available system resources. Understanding these issues and testing alternatives is important for choosing an optimal server architecture.
David Duffett
UK
TeleSpeak
8th Conference - ElastixWorld 2011
Making asterisk feel like home outside north america
Haciendo sentir a Asterisk como en casa fuera de Norte América
This document summarizes virtual networking performance measurements and analysis. It finds that virtual networking introduces overhead compared to physical networking, with legacy emulated NICs performing worse than newer virtual NIC designs. Current work focuses on areas like multiqueue support, zero copy networking, and batching to improve performance. The document outlines future work areas and ways people can help, such as through testing, profiling, and developing optimizations.
This document discusses using Docker containers without Docker. It provides a Vagrantfile configuration to set up a virtual machine environment for experiments. The Vagrantfile configures a Ubuntu 18.04 virtual machine with Docker, Go, and other tools installed. The document then covers mounting namespaces and how to isolate the root filesystem of a process to emulate containers without Docker.
1. DPDK achieves high throughput packet processing on commodity hardware by reducing kernel overhead through techniques like polling, huge pages, and userspace drivers.
2. In Linux, packet processing involves expensive operations like system calls, interrupts, and data copying between kernel and userspace. DPDK avoids these by doing all packet processing in userspace.
3. DPDK uses techniques like isolating cores for packet I/O threads, lockless ring buffers, and NUMA awareness to further optimize performance. It can achieve throughput of over 14 million packets per second on 10GbE interfaces.
XMPP Intro that also involves more advanced topics like pub/sub, using components and plugins on the XMPP server side.
The Last section covers recommendations of servers and how to install a full XMPP setup for a web scenario (using pure HTML and Strophe.js for client side).
The document discusses Distributed Virtual Router (DVR) and L3 High Availability in OpenStack Networking (Juno). It describes DVR packet flow including SNAT on the network node, floating IP/DNAT on compute nodes, and East-West traffic flow between instances on different compute nodes using GRE tunnels. Compute nodes perform distributed routing functions using Open vSwitch and namespaces.
This document discusses MPEG encoding for MediaSonic video players. It explains that MPEG uses compression to combine video and audio streams, with timestamps to synchronize them. MediaSonic players use either program or transport streams for playback or transmission. The document provides details on MPEG video and audio encoding, including GOP structure, color sampling, and AC3 audio. It also discusses software and hardware encoders, and factors for encoding video for large screens.
1) The document summarizes a presentation given by Letizia Baratti and Angelo Parnofiello at a III Transnational Meeting in Rijeka, Croatia on May 6, 2009.
2) The presentation discusses their advertising firm which has operated in northern Italy since 1983, and provides an overview of their financial situation, goals, customers, competitors, strengths/weaknesses, opportunities/threats, products/services offered, and marketing strategies.
3) Specific services offered by the firm include advertising, branding, consulting, market surveys, and feedback in response to products.
The document discusses data from surveys and statistics in several European countries regarding crimes committed by migrants versus native populations. The key findings are:
1) In many Western European countries, the belief that migrants increase crime is not supported by new sociological surveys, as crime rates have decreased despite increased migration.
2) The rate of criminal acts between natives and migrants with residence permits is almost overlapping in these countries.
3) Legalizing migrant status decreases their likelihood of committing crimes.
4) Differences in immigration laws across Europe make it difficult to draw definitive conclusions about the relationship between migration and crime rates.
Rufus was looking for his wife Rosie and found her digging a tunnel in the backyard. After inspecting the tunnel, Rufus told Rosie "Well done love!" even though her face was covered in sand from digging. Rufus and Rosie then went inside for lunch.
This document summarizes the SWOT analysis of management activity at Liceo Scientifico Antonelli in Novara, Italy that was presented during the second transnational meeting in Onil, Spain from March 18-23, 2011. Some strengths identified include frequent commission meetings, clear work package allocation, competent staff in each area, and availability of external expertise. Weaknesses include excessive paperwork, difficulty balancing teaching duties with management responsibilities, and inefficiencies from the school being split across two sites. The presentation concluded by emphasizing the dedication of school staff despite challenges.
Network protocols like TCP/IP, DNS, and BGP were designed for functionality over security. This allows for vulnerabilities like eavesdropping, packet injection, route hijacking, and DNS poisoning. While patches have improved security for some issues, core protocols remain vulnerable by design. More secure variants have been proposed, such as using IPsec instead of IP, DNSsec instead of DNS, and SBGP instead of BGP.
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
The global cyber criminal eco-systems have and will continue to use the IPv6 as a key tool for their economic gain. IPv4 to IPv6 migration will expose organizations and individuals to a multitude of risks, much of it happen quietly under the radar. The lack of IPv6 telemetry means that most “security companies” and “service providers” will not be able to monitor this growth in criminal activity. Barry Greene, ISC’s President, will cover the drivers behind these criminal eco-systems, why these drivers will logically lead to creative IPv6 innovations, and the gaps in IPv6 adoption that increase industry risk forcing “reactionary re-thinking” of how an organization will move to IPv6.
ISC’s President and CEO, Barry Greene is leading a transformation in the Operational Security Community, providing new capabilities and capacities that empower organizations to push back against the cyber-security miscreants who threaten the resiliency, stability, and security of the Global Internet. Through the Security Information Exchange (SIE) and other projects, Barry is facilitating new models for how organizations should collaborate - fostering aggressive private-private collaboration with public participation.
A recording of the Webinar is here: https://www.isc.org/webinars
This document discusses hacking and security issues related to the Robot Operating System (ROS). ROS is a popular robot middleware that is used to build robot applications, but it lacks encryption of data transmitted between nodes. The document demonstrates through examples that packet sniffing of ROS XML-RPC packets is possible, allowing remote control of robots. It is suggested that ROS implement encryption techniques like SSH, IPSec, or SSL/TLS to secure robot control and prevent spoofing of packets since robots now connect to the internet. The document also discusses reverse engineering of the Pepper robot and programming it natively through its Linux-based OS.
Presentation by Grorg Christian Pranschkle at ZaCon 2 in 2010.
This presentation is about SNMP security The presentation begins with an overview of SNMP. SNMP security weaknesses and SNMP security in cisco apps are discussed. Frisk-0 a tool for SNMP Hacking developed by the presenter is also discussed.
This document describes how to set up a bastion server or "moat" to provide a secure single point of entry to application servers. It involves installing necessary packages on the bastion server like SSH, updating packages, changing the SSH port, disabling password logins, setting up firewall rules to only allow SSH from the bastion server, creating a special user group and keymaster user for access, and configuring SSH proxying through the bastion to access other servers securely.
Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin
This document discusses identifying and exploiting vulnerabilities in consumer routers. It provides examples of analyzing firmware from various router models, including the (--E)-LINK DIR-120 and DIR-300, to gain unauthorized access. Methods discussed include reverse engineering firmware, exploiting services like telnet that are exposed without authentication, and modifying the read-only filesystem. The document also talks about using these compromised routers as bots for botnets performing activities like DDoS attacks, cryptocurrency mining, and spam/phishing campaigns. It provides examples of real botnets like Psyb0t that have exploited routers.
Using techniques like ARP spoofing and NAT, it is possible to acquire an IP address and internet access on a network without a DHCP server. By intercepting traffic between an existing node and gateway, one can insert themselves as the "man in the middle" and route traffic through a NAT configuration using the hijacked node's IP address. This allows acquiring internet access without a free IP address by multiplexing sessions through the NAT. Scanrand port scanning observations can also reveal network topology details like firewall locations through analysis of TTL values.
The Linux Terminal Server Project (LTSP) allows inexpensive thin client computers to connect to a server running Linux, distributing the server's processing power to multiple desktop clients over the network; it works by booting the thin clients from the server using PXE, NFS and NBD to access the server's filesystem and run applications remotely; the document provides information on installing, configuring and troubleshooting an LTSP server and thin clients.
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet
The document contains configuration for a network device using Puppet automation. It configures items like logging, SNMP, NTP, routing, interfaces, and BGP to standardize the configuration for improved operations agility, service velocity, and configuration consistency across devices. Variables are used throughout to parameterize settings like hostnames, IP addresses, and credentials.
- The document discusses techniques for man-in-the-middle (MiTM) attacks in various conditions and networks.
- MiTM attacks are fundamental to communications and can be implemented in different data channels like Ethernet, WiFi, and mobile networks.
- The author has experience with historical MiTM techniques from the 1990s as well as more modern approaches like ARP cache poisoning to intercept traffic on local networks.
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
The document discusses IPv6 first hop security features like DHCP snooping and dynamic ARP inspection for IPv6. It provides an overview of the security issues with IPv6 neighbor discovery such as router advertisements being sent without authentication, allowing for man-in-the-middle attacks and denial of service. It then describes various IPv6 first hop security features that can help mitigate these issues, such as RA guard, DHCP guard, and IPv6 neighbor discovery inspection.
The document discusses security issues with IPv6 and proposed mitigation techniques. It covers topics such as router advertisements, neighbor discovery protocol, and fragmentation. Specifically, it notes that router advertisements and neighbor solicitations are not authenticated by default, allowing for spoofing attacks. The document proposes several mitigation approaches including cryptographically generated addresses, router authorization, port access control lists, and host isolation to secure IPv6 networks.
Using routing domains / routing tables in a production network by Peter Hesslereurobsdcon
Abstract
OpenBSD has supported routing domains (aka VRF-lite) since 4.6, released in 2009. In 2014, OpenBSD 5.5 gained support for IPv6 routing domains.
At it's most basic, routing domains are simply multiple routing tables. While seeming like a simple task, there are many gotcha's involved in using routing domains in a production network. This talk will give a brief history, as well as some scenarios for why and how you would use routing domains while describing several of the issues that came up during the initial deployments.
Speaker bio
Peter Hessler is 33 and has been a developer with the OpenBSD project since 2008.
Originally from San Francisco he has an interest in how things work. An OpenBSD user since 2000, he moved to Germany in 2008 and then to Switzerland in 2013. In his spare time, Peter enjoys drinking beer and bad puns.
Oscar: Rapid Iteration with Vagrant and Puppet Enterprise - PuppetConf 2013Puppet
"Oscar: Rapid Iteration with Vagrant and Puppet Enterprise" by Adrien Thebo, Software Engineer, Puppet Labs.
Presentation Overview: When trying to debug software problems it's critical to be able to reproduce the original situation, and Puppet Enterprise is no exception to this. The Puppet Labs support team needs a way to rapidly reproduce customer issues across a wide range of operating systems and various versions of Puppet Enterprise. Oscar is a set of Vagrant plugins that handles machine provisioning and configuration to install Puppet Enterprise. It's designed to make building a Puppet Enterprise as simple as running `vagrant up`. While Oscar was originally built for supporting Puppet Enterprise, it provides a general platform for developing and testing against Puppet Enterprise. This talk will go over the history of Oscar, the current state, how it's used, and where to get it.
Speaker Bio: Adrien Thebo has been in the Operations/Software development field since 2005, starting at small IT shop in Boise, Idaho. He started at Puppet Labs in 2011 on the Operations team, and used Puppet to run the Puppet Labs infrastructure. In 2013 he transferred to the Community platform team, working with contributors to merge their contributions in Puppet Core. He develops and maintains a number of Puppet modules and tools around Puppet, and when he's not writing code for Puppet then he's probably blogging about it.
This tool sends customized ICMP packets as an alternative to standard ping commands. It allows sending and receiving IP or MAC spoofed packets. The tool can be used to trace packet routes, identify remote operating systems, diagnose network issues, test firewall responses to invalid ICMP packets, and spoof router addresses to analyze network reactions. Key commands include Sing echo to ping an address, Sing to ping and get responses, and Sing -R or -O to get router info or identify an OS version.
- Man-in-the-middle (MiTM) attacks are fundamental communication attacks that can be implemented in various conditions and technologies.
- As communications technologies have advanced from dial-up to 4G/5G, security has evolved slowly, creating opportunities for MiTM attacks at new layers.
- There are many ways to conduct MiTM attacks including via Ethernet, WiFi, VPNs, and by compromising routers to intercept traffic on the local network or WAN. Practical experience with tools is important for learning different MiTM techniques.
This document contains cheat sheets and code snippets for penetration testing. It covers topics like recon, DNS enumeration, Nmap scanning, Netcat, SNMP, MySQL, MSSQL, web enumeration, RDP exploitation, file inclusion, XSS, SQL injection, and post-exploitation techniques for Linux and Windows. The document is intended to help penetration testers and those studying for the OSCP certification by providing examples for common tasks without relying on Metasploit.
This document discusses several network protocols and vulnerabilities. It begins with an overview of basic networking concepts like TCP/IP and routing. It then examines specific attacks like TCP spoofing and DNS poisoning. The document analyzes how protocols like IP, TCP, BGP, and DNS work and identifies security issues like a lack of authentication, predictable sequence numbers, and cache poisoning attacks. Defenses are discussed but many core protocols were not initially designed with security in mind.
Similar to Protecting Plone from the Big, Bad Internet (20)
Follow a Firefox crash from its genesis in a collapsing browser process through the dizzying array of collection, storage, and reporting systems that make up Socorro, our open-source crash collector. Enjoy war stories of weird, interlocking failures, and see how we nevertheless continue to fulfill our mandate: “Never lose a crash.” Observe some patterns that emerged from this system which can be useful in yours.
API design is one of the most difficult areas of programming. Besides solving your immediate problem, you must also accomodate unknown future ones—and fit nicely into other people's brains. Let's explore how to do this without a time machine, considering compactness, orthogonality, consistency, safety, coupling, state handling, and the messy interface with human cognition, all illustrated with practical examples—and gruesome mistakes—from several popular Python libraries.
This document provides recommendations and best practices for configuring and deploying Elasticsearch clusters. It discusses topics like using multiple shards to improve performance and reliability, setting an appropriate number of replicas, configuration options for discovery and unicast hosts, monitoring cluster health, tuning JVM and memory settings, and techniques for reindexing and backing up data.
Programming is hard, but we can magnify our efforts with excellent API design. Let’s explore how, as we consider compactness, orthogonality, consistency, safety, coupling, state handling, layering, and more, illustrated with practical examples (and gruesome mistakes!) from several popular Python libraries.
Nasal passages allow air to flow into and out of the lungs. Django's built-in testing framework has some pain points such as tests being slow, crowded, and overbroad. Django Nose improves upon Django's testing framework by enabling test discovery, attributes, generators, and XML output to make tests faster, more flexible, and scalable.
WebLion Hosting: Leveraging Laziness, Impatience, and HubrisErik Rose
Behind the scenes of WebLion's Plone hosting service, which uses Debian packages and a custom repository to deliver reliable, unattended updates to a cluster of heterogeneous departmental virtual servers. And it's all available for your own use for free.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
22. CVE-2007-5741
Original release date:11/07/2007
Last revised:09/05/2008
Source: US-CERT/NIST
Overview
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to
execute arbitrary Python code via network data
containing pickled objects for the (1) statusmessages or (2) linkintegrity
module, which the module unpickles and executes.
29. Bad Example: Sendmail (1990s)
from network Sendmail* to network
to |command**
to /file/name**
local submission /bin/mail* executed as recipient
local delivery * uses root privileges
** in ~/.forward files
owned by recipient mailbox file and in /etc/aliases
30. Good Example: Postfix
Compartmentalization
smtp smtp
smtp
client internet
internet smtpd
server
smtpd
client
smtpd unprivileged
unprivileged unprivileged
other
programs local mailbox
local smtpd
delivery |command
pickup smtpd /file/name
unprivileged privileged
(local submission) queue to external uucp
directories smtpd
transports fax
= root privilege
smtpd pager
= postfix privilege privileged
31. Good Example: Postfix
Compartmentalization
smtp smtp
smtp
client internet
internet smtpd
server
smtpd
client
smtpd unprivileged
unprivileged unprivileged
other
programs local mailbox
local smtpd
delivery |command
pickup smtpd /file/name
unprivileged privileged
(local submission) queue to external uucp
directories smtpd
transports fax
= root privilege
smtpd pager
= postfix privilege privileged
72. Privileged Ports
Evil Zope ZEO
(also 8080) (8100)
Evil Dude
Your Server
(2032) DO (1001) NE
H .1 + . 4 + .5 (2536) PLEASE FORGET #1
PLEASE STAS (2036) PLEASE FORG
(30 10) ) NEXT DO :5 <- quot;'?quot;:1~'
PLEA SE DO (1020 2~'#65535$#0'quot;' #65535$#0'quot;$quot;: DO .5 <- '?.
DO .2 <- #0 DO .5 <- '?quot;
~'#0$#65535'quot;$quot;'?
DO . 3 <- #2 1~'#0$#65535'quot;$quot;: quot;: 5'$#32768quot;~quot;#0$#6553
2~'#0$ quot;.5
DO .4 <- .1 #65535'quot;'~'#0$#65
DO ( 3012) NEXT DO .5 <- '?quot;'"': 535'quot; DO (2034) NEXT
EXT
(30 11) DO (1001) N 5quot;~quot;#65535$ 2~:5'~'quot;'?quot;'?quot;:5~
: DO .5 <- .3
ET #1
(30 12) PLEASE FORG DO (1010) NEXT
DO (3000) N
EXT
#2'~#3 #65535quot;'~'#65535$#0'quot;$#3 PLEASE DO .1 <-
1~#256quot;$ DO .3 <- 'V
DO .5 <- '?quot;?. 'quot; 2768'~'#0$#65535
DO (3013) N
EXT
?. DO (2035) NEXT
65535~quot;' $quot;'?quot;:5~: PLEASE DO (
DO .5 <- '?quot;'# 5quot;~quot;#65535$#65535 (2034)
quot;$#1'~#3 quot;'~'#0$#65535'quot;' DO FORGET #
1$# 10'~ #21845quot;'~#1 quot;$quot;':5~:5'~#1quot;'~# (2035)
DO (3013) NEXT DO (2534) NEXT 1quot;$#2'~#3 DO .5 <- quot;?'.4~
DO .5 <- .1 DO :5 <- :3 DO (2031) NEXT
.2~#65
76. WebServerAuth
a PluggableAuthService plugin
Redirects to HTTPS
(Challenge)
77. WebServerAuth
a PluggableAuthService plugin
Redirects to HTTPS
(Challenge)
Makes Zope believe the username header
(Extraction, Authentication)
78. WebServerAuth
a PluggableAuthService plugin
Redirects to HTTPS
(Challenge)
Makes Zope believe the username header
(Extraction, Authentication)
Makes PAS behave
(User Enumerator)
80. WebServerAuth
a PluggableAuthService plugin
<VirtualHost *:443>
ServerName www.example.com
# Prompt for authentication:
<Location />
SSLRequireSSL
AuthType Basic
AuthName quot;My Funky Web Sitequot;
AuthUserFile /etc/such-and-such
# (etc.)
Require valid-user
81. WebServerAuth
a PluggableAuthService plugin
# Put the username (stored below) into the HTTP_X_REMOTE_USER
# request header. This has to be in the <Location> block for
# some Apache auth modules, such as PubCookie, which don't set
# REMOTE_USER until very late.
RequestHeader set X_REMOTE_USER %{remoteUser}e
</Location>
# Do the typical VirtualHostMonster rewrite, adding an E= option
# that puts the Apache-provided username into the remoteUser
# variable.
RewriteEngine On
RewriteRule ^/(.*)$ http://127.0.0.1:81/VirtualHostBase/https/
%{SERVER_NAME}:443/VirtualHostRoot/
$1 [L,P,E=remoteUser:%{LA-U:REMOTE_USER}]
</VirtualHost>
95. Questions?
Steve McMahon Erik Rose
Steve@dcn.org ErikRose@psu.edu
Image Credits
• Reactor defense in depth: • Sendmail and Postfix architecture diagrams:
http://www.nea.fr/html/brief/images/br-8-1.gif The Postfix mail server as a secure
programming example, Wietse Venema
• Gate: Nuclear Power Plant Dungeness - Corey
IBM T.J. Watson Research Center
Holms 2008, CC Attribution
• The Scream: Edvard Munk
• Locks on door: Kansir, flikr, CC attribution
license • Shrug: spamily, flikr, CC by A
• What me worry? Rev. Voodoo, flikr, CC • Zope Pope photo: MrTopf
Attribution, NC
• PB&J photo: Northern Miniatures
• BSD Daemon: Created by Poul-Henning
• Other photos: Wikimedia Commons
Kamp
• INTERCAL Numerical I/O lib: Brian Raiter
• No Right Turn: greefus groinks' photostream,
CC Attribution • Crown jewels of Denmark: King Christian IV
97. WebServerAuth
Advantages over apachepas + AutoMemberMaker
Redirects to HTTPS
No user clutter
Member and Authenticated roles are
distinct
Sets up Log In link for you
Better test coverage; death to doctests
One product, not two