The global Tor network and its routing protocols provide an excellent framework for online anonymity. However, the selection of Tor-friendly software for Windows is sub-par at best.
Want to anonymously browse the web? You’re stuck with Firefox, and don’t even think about trying to anonymously use Flash. Want to dynamically analyze malware without letting the C2 server know your home IP address? You’re outta luck. Want to anonymously use any program that doesn’t natively support SOCKS or HTTP proxying? Not gonna happen.
While some solutions currently exist for generically rerouting traffic through Tor, these solutions either don’t support Windows, or can be circumvented by malware, or require an additional network gateway device.
Missed the live session at Black Hat USA 2013? Check out the slides from Jason Geffner's standing room only presentation! Jason released a free new CrowdStrike community tool to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines.
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
In this presentation from his highly popular webinar, Windows security expert, Russell Smith, explains how to effectively administer Windows systems without using privileged domain accounts, enabling you to drastically reduce your organization’s threat surface.
The global Tor network and its routing protocols provide an excellent framework for online anonymity. However, the selection of Tor-friendly software for Windows is sub-par at best.
Want to anonymously browse the web? You’re stuck with Firefox, and don’t even think about trying to anonymously use Flash. Want to dynamically analyze malware without letting the C2 server know your home IP address? You’re outta luck. Want to anonymously use any program that doesn’t natively support SOCKS or HTTP proxying? Not gonna happen.
While some solutions currently exist for generically rerouting traffic through Tor, these solutions either don’t support Windows, or can be circumvented by malware, or require an additional network gateway device.
Missed the live session at Black Hat USA 2013? Check out the slides from Jason Geffner's standing room only presentation! Jason released a free new CrowdStrike community tool to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines.
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
In this presentation from his highly popular webinar, Windows security expert, Russell Smith, explains how to effectively administer Windows systems without using privileged domain accounts, enabling you to drastically reduce your organization’s threat surface.
Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.
This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:
* Consolidating security and compliance controls
* Creating application security standards for development and operations teams
* Identifying and remediating gaps between current practices and industry accepted "best practices”
Malware classification using Machine LearningJapneet Singh
Uses examples from book titled "Malware Data Science" to explain how AV companies use Machine learning to identify malware. Also, refers to open-source project "Ember" which provides a data set and python code to train and classify malware.
The material discusses Quest's "future-ready" approach to IAM in the perspective of covering the EU GDPR compliance. We discuss about the five foundational concepts of the One Identity family of solutions, and our advantage and approach on covering the four IAM pillars.
With regards to the present audience, we also included an overview of the One Identity platform.
The presentation was developed for the RISK 2018 Conference in Lasko, Slovenia
In this presentation, you will see what is Ethical Hacking, the purpose of Ethical Hacking, who is an Ethical Hacker, and the various Ethical Hacking certifications. With the rise in the number of cybercrimes, it is necessary for companies to hire Ethical Hackers to protect their networks and data. Here you will have a look at the five different Ethical Hacking certifications, namely Certified Ethical Hacker (CEH), Global Information Assurance Certification Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP), CompTIA Pentest+ and Licensed Penetration Tester(LPT). We will talk about each of these certifications individually and have a look at their description, requirements to take up the certification, the exam fees, the exam duration, and finally, the average annual salary of a candidate with these certifications.
Below topics are explained in this Ethical Hacking certifications presentation:
1. What is Ethical Hacking?
2. Purpose of Ethical Hacking
3. Who is an Ethical Hacker?
4. Ethical Hacking certifications
5. CEH (Certified Ethical Hacker)
6. Global information assurance certification penetration tester (GPEN)
7. Offensive security certified professional (OSCP)
8. CompTia PenTest+
9. Licensed penetration tester (LPT)
This Certified Ethical Hacker-Version 10 (earlier CEHv9) course will train you on the advanced step-by-step methodologies that hackers actually use, such as writing virus codes and reverse engineering, so you can better protect corporate infrastructure from data breaches. This ethical hacking course will help you master advanced network packet analysis and advanced system penetration testing techniques to build your network security skill-set and beat hackers at their own game.
Why is the CEH certification so desirable?
The EC-Council Certified Ethical Hacker course verifies your advanced security skill-sets to thrive in the worldwide information security domain. Many IT departments have made CEH certification a compulsory qualification for security-related posts, making it a go-to certification for security professionals. CEH-certified professionals typically earn 44 percent higher salaries than their non-certified peers. The ethical hacking certification course opens up numerous career advancement opportunities, preparing you for a role as a computer network defence (CND) analyst, CND infrastructure support, CND incident responder, CND auditor, forensic analyst, intrusion analyst, security manager, and other related high-profile roles.
Learn more at https://www.simplilearn.com/cyber-security/ceh-certification
輪読発表資料: Efficient Virtual Shadow Maps for Many Lightsomochi64
とある勉強会で発表した時に作った発表資料です。
輪読した論文: Ola Olsson, et. al., Efficient Virtual Shadow Maps for Many Lights, Proceedings of the ACM SIGGRAPH Symposium on I3D, 2014.
In recent years, there has been a significant maturation in ray tracing technology. With Vulkan officially embracing ray tracing within its specifications, and mobile device GPUs beginning to offer support, the landscape is evolving rapidly. This agenda promises to delve into the foundational principles of ray tracing, the integration of ray tracing into Vulkan, and the essential rendering pipeline of Lumen in UE5. Furthermore, it will offer invaluable insights from content creators on the most effective strategies for maximizing the performance of Lumen on mobile.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.
This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:
* Consolidating security and compliance controls
* Creating application security standards for development and operations teams
* Identifying and remediating gaps between current practices and industry accepted "best practices”
Malware classification using Machine LearningJapneet Singh
Uses examples from book titled "Malware Data Science" to explain how AV companies use Machine learning to identify malware. Also, refers to open-source project "Ember" which provides a data set and python code to train and classify malware.
The material discusses Quest's "future-ready" approach to IAM in the perspective of covering the EU GDPR compliance. We discuss about the five foundational concepts of the One Identity family of solutions, and our advantage and approach on covering the four IAM pillars.
With regards to the present audience, we also included an overview of the One Identity platform.
The presentation was developed for the RISK 2018 Conference in Lasko, Slovenia
In this presentation, you will see what is Ethical Hacking, the purpose of Ethical Hacking, who is an Ethical Hacker, and the various Ethical Hacking certifications. With the rise in the number of cybercrimes, it is necessary for companies to hire Ethical Hackers to protect their networks and data. Here you will have a look at the five different Ethical Hacking certifications, namely Certified Ethical Hacker (CEH), Global Information Assurance Certification Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP), CompTIA Pentest+ and Licensed Penetration Tester(LPT). We will talk about each of these certifications individually and have a look at their description, requirements to take up the certification, the exam fees, the exam duration, and finally, the average annual salary of a candidate with these certifications.
Below topics are explained in this Ethical Hacking certifications presentation:
1. What is Ethical Hacking?
2. Purpose of Ethical Hacking
3. Who is an Ethical Hacker?
4. Ethical Hacking certifications
5. CEH (Certified Ethical Hacker)
6. Global information assurance certification penetration tester (GPEN)
7. Offensive security certified professional (OSCP)
8. CompTia PenTest+
9. Licensed penetration tester (LPT)
This Certified Ethical Hacker-Version 10 (earlier CEHv9) course will train you on the advanced step-by-step methodologies that hackers actually use, such as writing virus codes and reverse engineering, so you can better protect corporate infrastructure from data breaches. This ethical hacking course will help you master advanced network packet analysis and advanced system penetration testing techniques to build your network security skill-set and beat hackers at their own game.
Why is the CEH certification so desirable?
The EC-Council Certified Ethical Hacker course verifies your advanced security skill-sets to thrive in the worldwide information security domain. Many IT departments have made CEH certification a compulsory qualification for security-related posts, making it a go-to certification for security professionals. CEH-certified professionals typically earn 44 percent higher salaries than their non-certified peers. The ethical hacking certification course opens up numerous career advancement opportunities, preparing you for a role as a computer network defence (CND) analyst, CND infrastructure support, CND incident responder, CND auditor, forensic analyst, intrusion analyst, security manager, and other related high-profile roles.
Learn more at https://www.simplilearn.com/cyber-security/ceh-certification
輪読発表資料: Efficient Virtual Shadow Maps for Many Lightsomochi64
とある勉強会で発表した時に作った発表資料です。
輪読した論文: Ola Olsson, et. al., Efficient Virtual Shadow Maps for Many Lights, Proceedings of the ACM SIGGRAPH Symposium on I3D, 2014.
In recent years, there has been a significant maturation in ray tracing technology. With Vulkan officially embracing ray tracing within its specifications, and mobile device GPUs beginning to offer support, the landscape is evolving rapidly. This agenda promises to delve into the foundational principles of ray tracing, the integration of ray tracing into Vulkan, and the essential rendering pipeline of Lumen in UE5. Furthermore, it will offer invaluable insights from content creators on the most effective strategies for maximizing the performance of Lumen on mobile.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
TrustZone use case and trend (FFRI Monthly Research Mar 2017) FFRI, Inc.
Table of Contents
• About TrustZone
– Use case of TrustZone
– Cortex-A TrustZone
– Cortex-M TrustZone
– TEE implementation
• Vulnerability of TEE implementation
• Conclusions
• References
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...FFRI, Inc.
Table of Contents
• Background • Use case and Weave
• Android Things Security Considerations
• Android Things Version Information
• File system information • Firewall setting
• ADB port setting
• SELinux setting
• Conclusions
• Reference
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) FFRI, Inc.
• Security incidents related to IoT devices
• About the Android Things
• Major features
• Installation and Settings
• Accessible network service
• Security configurations
• Conclusions
• References
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) FFRI, Inc.
• About Black Hat
• Intriguing reports – Breaking BHAD: Abusing Belkin Home Automation Devices – (PEN)TESTING VEHICLES WITH CANTOOLZ YACHT – YET ANOTHER CAR HACKING TOOL – Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks
• Conclusions
• References
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
• About threat analysis support tool
• Examples of tools
• Analysis target system
• Analysis result
– How to read result
– Overview of threats
• Effective usage
– About template
– Additional definition of threat information
• Conclusions
• References
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)FFRI, Inc.
• About Black Hat USA
• Hot Research
• Vehicle
– CANSPY: A Platform For Auditing CAN Devices
– Advanced CAN Injection Techniques For Vehicle Networks
– Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle
• IoT
– Into The Core – In-Depth Exploration of Windows 10 IoT Core
– GATTAttacking Bluetooth Smart Devices
– Introducing A New BLE Proxy Tool
– GreatFET: Making GoodFET Great Again
• Conclusions
• References
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)FFRI, Inc.
In this report, we pick up briefings of Black Hat Asia 2016
• Mobile Security
– Android Commercial Spyware Disease and Medication, Mustafa Saad
– Su-a-Cyder: Home-Brewing iOS Malware Like a B0$$!, Chilik Tamir
• IoT Security
– Lets See Whats Out There Mapping The Wireless IOT, Tobias Zillner
– Hacking a Professional Drone, Nils Rodday
• Windows Security
– DSCompromised:A Windows DSC Attack Framework, Ryan Kazanciyan & Matt Hastings
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
In this slide, we introduce the TrustZone of information that has published at this time in relation to ARMv8-M.
It is possible to separate/isolate the security level by adding the security state.
ARMv8-M architecture has a different mechanism than TrustZone to provide traditional ARMv8-A architecture, which is optimized for embedded systems.
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)FFRI, Inc.
•CODE BLUE 2015 had over 600 visitors from many countries.
–It had started two track presentation and youth track.
–Two teenagers and a student were on stage.
•IoT Security
–Medical equipment and social infrastructure were studied.
–The white hackers reported these vulnerabilities.
•Bug Bounty
–Japanese bug hunters are active in the world.
–There are things to learn from their way.
•APT
–APT would have invaded various organizations in Japan.
–Forum for information exchange, such as the CODE BLUE is required to counter APT.
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...FFRI, Inc.
•Automobile security is hot topic in many conferences.
•Cyber security measures are essential for the automobile.
•We summarize the following topics based on the above background.
–Presentations at the conferences other than Black Hat USA 2015 and DEF CON 23.
–Introduction of vulnerability assessment methods of automobile security by CVSS v3.
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)FFRI, Inc.
Recently, OS X and iOS are becoming target of cyber attacks.
–As a result, attack technique peculiar to OS X and iOS comes up.(e.g. Abuse of sync function, malware distribution by AdHocetc.)
We recommend some security settings for Mac and iPhone based on current state of threats.
–Target system is OS X 10.10.x (Yosemite) and iOS 8.x.
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)FFRI, Inc.
•Windows 10 IoT is successor platform of Windows Embedded that optimized for embedded devices.
•Windows 10 IoT Core Insider Preview has been provided for single-board computers such as the Raspberry Pi 2.
•We show tutorial about security of Windows 10 IoT Core using the Raspberry Pi 2.
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...FFRI, Inc.
Background
•Automobiles equip a lot of ECUs which communicate mutually on In-Vehicle Network to control engine, power window, and so on
•IVI devices such as navigation system and ADAS*known-as lane-keeping or brake-assist systems often are connected in the same network
•BecauseIn-Vehicle network becoming complicated by various devices, next-generation In-Vehicle network attracts interest as feasible technology at low cost
•This slide summarized about following topics
–Ethernet prospective as next-generation In-Vehicle network
–Recent security research about conventional In-Vehicle network andproposal of measures for the CAN
【DLゼミ】XFeat: Accelerated Features for Lightweight Image Matchingharmonylab
公開URL:https://arxiv.org/pdf/2404.19174
出典:Guilherme Potje, Felipe Cadar, Andre Araujo, Renato Martins, Erickson R. ascimento: XFeat: Accelerated Features for Lightweight Image Matching, Proceedings of the 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2023)
概要:リソース効率に優れた特徴点マッチングのための軽量なアーキテクチャ「XFeat(Accelerated Features)」を提案します。手法は、局所的な特徴点の検出、抽出、マッチングのための畳み込みニューラルネットワークの基本的な設計を再検討します。特に、リソースが限られたデバイス向けに迅速かつ堅牢なアルゴリズムが必要とされるため、解像度を可能な限り高く保ちながら、ネットワークのチャネル数を制限します。さらに、スパース下でのマッチングを選択できる設計となっており、ナビゲーションやARなどのアプリケーションに適しています。XFeatは、高速かつ同等以上の精度を実現し、一般的なラップトップのCPU上でリアルタイムで動作します。
セル生産方式におけるロボットの活用には様々な問題があるが,その一つとして 3 体以上の物体の組み立てが挙げられる.一般に,複数物体を同時に組み立てる際は,対象の部品をそれぞれロボットアームまたは治具でそれぞれ独立に保持することで組み立てを遂行すると考えられる.ただし,この方法ではロボットアームや治具を部品数と同じ数だけ必要とし,部品数が多いほどコスト面や設置スペースの関係で無駄が多くなる.この課題に対して音𣷓らは組み立て対象物に働く接触力等の解析により,治具等で固定されていない対象物が組み立て作業中に運動しにくい状態となる条件を求めた.すなわち,環境中の非把持対象物のロバスト性を考慮して,組み立て作業条件を検討している.本研究ではこの方策に基づいて,複数物体の組み立て作業を単腕マニピュレータで実行することを目的とする.このとき,対象物のロバスト性を考慮することで,仮組状態の複数物体を同時に扱う手法を提案する.作業対象としてパイプジョイントの組み立てを挙げ,簡易な道具を用いることで単腕マニピュレータで複数物体を同時に把持できることを示す.さらに,作業成功率の向上のために RGB-D カメラを用いた物体の位置検出に基づくロボット制御及び動作計画を実装する.
This paper discusses assembly operations using a single manipulator and a parallel gripper to simultaneously
grasp multiple objects and hold the group of temporarily assembled objects. Multiple robots and jigs generally operate
assembly tasks by constraining the target objects mechanically or geometrically to prevent them from moving. It is
necessary to analyze the physical interaction between the objects for such constraints to achieve the tasks with a single
gripper. In this paper, we focus on assembling pipe joints as an example and discuss constraining the motion of the
objects. Our demonstration shows that a simple tool can facilitate holding multiple objects with a single gripper.
30. GDT (超約)
30
仮想メモリ空間
• 仮想メモリ空間をセグメントとして管理
• カーネルコード、カーネルデータ
• ユーザコード、ユーザデータ等seg. A
seg. B
seg. C
0x0
0xff
ID seg. base limit type
0x00 A 0x0 0x3f RW
0x08 B 0x40 0x7f RE
0x10 C 0x0 0xff RE
セグメントセレクタ
GDT
31. Windows 7(x64)でのGDTダンプ結果
31
kd> dg 0x00 0x60
P Si Gr Pr Lo
Sel Base Limit Type l ze an es ng Flags
---- ----------------- ----------------- ---------- - -- -- -- -- --------
0000 00000000`00000000 00000000`00000000 <Reserved> 0 Nb By Np Nl 00000000
0008 00000000`00000000 00000000`00000000 <Reserved> 0 Nb By Np Nl 00000000
0010 00000000`00000000 00000000`00000000 Code RE Ac 0 Nb By P Lo 0000029b
0018 00000000`00000000 00000000`ffffffff Data RW Ac 0 Bg Pg P Nl 00000c93
0020 00000000`00000000 00000000`ffffffff Code RE 3 Bg Pg P Nl 00000cfa
0028 00000000`00000000 00000000`ffffffff Data RW Ac 3 Bg Pg P Nl 00000cf3
0030 00000000`00000000 00000000`00000000 Code RE Ac 3 Nb By P Lo 000002fb
0038 00000000`00000000 00000000`00000000 <Reserved> 0 Nb By Np Nl 00000000
0040 00000000`00b9b080 00000000`00000067 TSS32 Busy 0 Nb By P Nl 0000008b
0048 00000000`0000ffff 00000000`0000f800 <Reserved> 0 Nb By Np Nl 00000000
0050 ffffffff`fffe0000 00000000`00003c00 Data RW Ac 3 Bg By P Nl 000004f3
0058 00000000`00000000 00000000`00000000 <Reserved> 0 Nb By Np Nl 00000000
0060 00000000`00000000 00000000`ffffffff Code RE 0 Bg Pg P Nl 00000c9a
Kernel CS(x64), Kernel DS User CS(x86), User DS
User CS(x64)