A quick introduction to the popular reverse engineering framework : radare2, basic binary analysis for 3 crackMe challenges for NULL/OWASP/Garage4Hackers Bangalore Meet .
Scriptless Attacks - Stealing the Pie without touching the SillMario Heiderich
- The document discusses scriptless attacks that can bypass traditional XSS defenses like NoScript and XSS filters by leveraging new HTML5 and CSS features.
- It presents several proof-of-concept attacks including using CSS to steal passwords, using SVG fonts to brute force CSRF tokens, and using custom fonts to leak sensitive information like passwords without using JavaScript.
- The attacks demonstrate that even without scripting, features in HTML5 and CSS can be abused to conduct traditional XSS attacks and undermine security defenses, so more work is needed to protect against side-channels and unwanted data leakage from the browser.
This document provides an overview of the radare2 reverse engineering framework and its various utilities. It discusses radare2's multi-platform support, large number of contributors, and different usage modes including CLI, visual, GUI, and web. It also summarizes several important radare2 utilities like rabin2, rasm2, radiff2, rafind2, rahash2, and rarun2. The document demonstrates examples of using radare2's analysis, search, string printing, commenting, and debugging functionality. It also briefly introduces the ragg2/ragg2-cc tools for compiling shellcodes.
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It is maintained by Offensive Security and is a rewrite of their previous distribution, BackTrack. Kali Linux includes over 600 penetration testing tools and can run natively, from a live USB/CD, or in a virtual machine. It is specialized for penetration testing and forensics, unlike the more general purpose Ubuntu distribution. Common penetration testing tools included are nmap, Wireshark, John the Ripper, and Aircrack-ng for wireless assessments. Packet injection allows sending frames in monitor mode for wireless attacks like impersonation and deauthentication. The Alfa Network wireless adapter is often used for wireless hacks with its high
Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.
Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.
The topic will cover content such as: * Why virtualisation in embedded * Hypervisor architectures on ARM and a quick roundup of examples * Relevant security technologies * Specific requirements for embedded systems * Example usage of FOSS based hypervisors in embedded * Challenges such as safety certification and how this may be approached
This document summarizes the history and security of Wi-Fi networks. It discusses how early security protocols like WEP were cracked and how newer protocols like WPA and WPA2 improved security but still have vulnerabilities. It provides advice on securing Wi-Fi networks including using a VPN, long passwords, and MAC address filtering. The document warns about risks of public hotspots and outlines legal issues around unauthorized network access.
This document summarizes key topics related to IPv6 and routing in IP networks. It discusses IPv6 addressing architecture, including unicast addresses, link-local addresses, and multicast addresses. It also covers IPv6 packet format, extension headers, fragmentation, and ICMPv6. The document then discusses routing within IP networks, including IPv6 subnets, routing organization with autonomous systems, and interdomain routing protocols.
Scriptless Attacks - Stealing the Pie without touching the SillMario Heiderich
- The document discusses scriptless attacks that can bypass traditional XSS defenses like NoScript and XSS filters by leveraging new HTML5 and CSS features.
- It presents several proof-of-concept attacks including using CSS to steal passwords, using SVG fonts to brute force CSRF tokens, and using custom fonts to leak sensitive information like passwords without using JavaScript.
- The attacks demonstrate that even without scripting, features in HTML5 and CSS can be abused to conduct traditional XSS attacks and undermine security defenses, so more work is needed to protect against side-channels and unwanted data leakage from the browser.
This document provides an overview of the radare2 reverse engineering framework and its various utilities. It discusses radare2's multi-platform support, large number of contributors, and different usage modes including CLI, visual, GUI, and web. It also summarizes several important radare2 utilities like rabin2, rasm2, radiff2, rafind2, rahash2, and rarun2. The document demonstrates examples of using radare2's analysis, search, string printing, commenting, and debugging functionality. It also briefly introduces the ragg2/ragg2-cc tools for compiling shellcodes.
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It is maintained by Offensive Security and is a rewrite of their previous distribution, BackTrack. Kali Linux includes over 600 penetration testing tools and can run natively, from a live USB/CD, or in a virtual machine. It is specialized for penetration testing and forensics, unlike the more general purpose Ubuntu distribution. Common penetration testing tools included are nmap, Wireshark, John the Ripper, and Aircrack-ng for wireless assessments. Packet injection allows sending frames in monitor mode for wireless attacks like impersonation and deauthentication. The Alfa Network wireless adapter is often used for wireless hacks with its high
Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.
Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.
The topic will cover content such as: * Why virtualisation in embedded * Hypervisor architectures on ARM and a quick roundup of examples * Relevant security technologies * Specific requirements for embedded systems * Example usage of FOSS based hypervisors in embedded * Challenges such as safety certification and how this may be approached
This document summarizes the history and security of Wi-Fi networks. It discusses how early security protocols like WEP were cracked and how newer protocols like WPA and WPA2 improved security but still have vulnerabilities. It provides advice on securing Wi-Fi networks including using a VPN, long passwords, and MAC address filtering. The document warns about risks of public hotspots and outlines legal issues around unauthorized network access.
This document summarizes key topics related to IPv6 and routing in IP networks. It discusses IPv6 addressing architecture, including unicast addresses, link-local addresses, and multicast addresses. It also covers IPv6 packet format, extension headers, fragmentation, and ICMPv6. The document then discusses routing within IP networks, including IPv6 subnets, routing organization with autonomous systems, and interdomain routing protocols.
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
Cilium is open source software for providing and transparently securing network connectivity and load balancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. The foundation of Cilium is the new Linux kernel technology BPF which supports the dynamic insertion of BPF bytecode into the Linux kernel at various integration points. This presentation reveals the secrets of Kubernetes networking and gives you a deep dive into Cilium and why it is awesome!
This document provides instructions for setting up site-to-site IPsec virtual private networks (VPNs) between multiple locations. It explains that IPsec is a common network security standard used to create secure VPN tunnels between networks over public networks. The document then gives step-by-step directions for configuring IPsec VPN connections between two sites, and later expands the configuration to include a third site. The goal is to demonstrate how to securely connect multiple branch office networks through IPsec VPNs.
This document discusses virtual private networks (VPNs). It defines VPNs as private networks that use public telecommunications like the internet instead of leased lines. VPNs allow remote access to company networks and save costs by reducing equipment and maintenance expenses. The document outlines common VPN protocols like PPTP, L2TP, and IPsec. It also discusses VPN implementations, device types, advantages, applications, industries that use VPNs, and the future of VPN technology.
This document discusses man-in-the-middle attacks using ARP spoofing. It explains how ARP works and its vulnerabilities, such as a lack of authentication. It then describes how an attacker can send spoofed ARP messages to trick other clients on the network into updating their ARP mappings and sending traffic to the attacker instead of the intended destination. The document recommends defenses like static ARP entries, physical security, and encryption to help prevent man-in-the-middle attacks. It also notes that while technology can help, humans and slow adoption of security practices contribute to ongoing issues.
OpenVAS is an open source vulnerability scanning framework consisting of services and tools that allow for vulnerability scanning and management. It includes OpenVAS scanner which executes network vulnerability tests daily using over 530,000 plugins, and OpenVAS manager which controls scanners and the central SQL database where scan results are stored. The OpenVAS CLI allows users to create batch processes to control the OpenVAS manager.
The document discusses various vulnerabilities in the Metasploitable virtual machine that can be exploited to gain unauthorized access. It describes how backdoors in FTP, IRC, and other services can be used to obtain root shells. It also explains how unintended access points like DistCC and Samba shares are misconfigured, allowing command execution and access to the file system.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Cobbler - Fast and reliable multi-OS provisioningRUDDER
In a lot of companies, machine deployment is a delicate subject: every administrator has his own recipe, using CD-ROMs, static binary images deployed via the network, peer delegation ...
However, one solution makes the consensus when it comes to automated mass deployments ( except in the Cloud ): PXE boot. The main cons are that the deployment and the management of such a service is a pain, and every OS has its own installation automation system.
This is where Cobbler saves the day: it enables a painless and reliably to create a PXE service, usable on either virtual or physical machines, while beeing the most agnostic possible towards the target OSes and its preconfiguration system (preseed, kickstart, sysprep, ...) while offering the possibility to handle lots of configuration parameters in a modular fashion (network, partitionning, user accounts, configuration management agent...)
This conference aims to introduce the audience to the general concepts of Cobbler, and some scenarios where it would be a useful solution.
ARP spoofing allows an attacker to intercept or modify communications between two hosts on a local network by falsifying ARP responses and changing a target's ARP cache entries. The attacker sends spoofed ARP replies associating the target's IP addresses with the attacker's MAC address, intercepting traffic intended for another host. This enables man-in-the-middle attacks where the attacker can sniff or modify intercepted traffic before forwarding it. Defenses include static ARP entries and port security on switches, but weaknesses remain, especially on networks using dynamic addressing protocols like DHCP.
According to Claude Shannon, confusion and diffusion are two key properties for building strong encryption algorithms. Confusion obscures the relationship between the ciphertext and key by having each ciphertext bit depend on multiple key bits. Diffusion spreads the influence of each plaintext symbol over many ciphertext symbols. Modern block ciphers use repeated rounds of confusion and diffusion operations to build strong encryption.
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?ArangoDB Database
View the video of this webinar here: https://www.arangodb.com/arangodb-events/gvisor-kata-containers-firecracker-docker/
Containers* have revolutionized the IT landscape and for a long time. Docker seemed to be the default whenever people were talking about containerization technologies**. But traditional container technologies might not be suitable if strong isolation guarantees are required. So recently new technologies such as gVisor, Kata Container, or firecracker have been introduced to close the gap between the strong isolation of virtual machines and the small resource footprint of containers.
In this talk, we will provide an overview of the different containerization technologies, discuss their tradeoffs, and provide guidance for different use cases.
* We will define the term container in more detailed during the talk
** and yes we will also cover some of the pre-docker container space!
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
The document introduces CrowdStrike speakers George Kurtz, Georg Wicherski, and Alex Radocea. It then discusses the evolution of threats from commercial remote access tools (RATs) to targeted RATs and advanced threats. Examples of commercial RATs like FlexiSPY and targeted RATs like LuckyCat are analyzed. The feasibility of developing exploits and native Android RATs is also explored.
Ricardo Mourato gave a presentation on hacking the QNX RTOS. Some key points:
- QNX is a real-time operating system used in embedded systems like medical devices, robots, and cars. It has a microkernel architecture for reliability.
- Potential vulnerabilities were demonstrated, like exploiting default services like Telnet and FTP to gain root access, or abusing the QCONN debugging protocol.
- The Qnet inter-process communication could allow accessing resources like files and processes remotely in a transparent way.
- A live demonstration showed exploiting these avenues to hack into a QNX system remotely or locally. Default configurations and services provide initial access points to attack the system.
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Cisco Russia
The document discusses the internal architecture of Cisco IOS-XE software and hardware platforms like ASR1000 and ISR4000 routers. It describes the key components like the Route Processor (RP), Embedded Services Processor (ESP), Quantum Flow Processor (QFP), and how they work together. Diagnostic tools for troubleshooting traffic forwarding like conditional debugging, packet tracer and embedded packet capture are also covered.
The document discusses deploying the Wazuh SIEM solution. It describes Wazuh's architecture with agents on endpoints sending security data to a central server. It provides a step-by-step process for installing Wazuh including setting up the server, installing and configuring agents, and integrating network devices via syslog. It also discusses customizing Wazuh through additional decoders and rules to monitor any log data and enhance detection capabilities.
Basic ip traffic management with access control listsSourabh Badve
The document discusses basic concepts of access control lists (ACLs) including the types of ACLs, how they are configured and used, and how traffic is processed when ACLs are applied. It provides details on standard and extended ACLs, how they can be used to filter traffic by source/destination IP addresses, protocols, ports and ICMP message types. The document also covers best practices for verifying, monitoring and placing ACLs on network interfaces.
The document discusses the configuration and setup of the Cisco ASA Firepower module. It provides the following key points:
1. The ASA Firepower module adds next-generation firewall services like IPS, application control, URL filtering, and malware protection. It can be configured in single or multiple context mode, and inline or transparent mode.
2. The module is configured using the separate Firesight Management Center application, either on an external appliance or virtual machine. Basic CLI configuration is also available directly on the ASA.
3. Setup involves installing the module software and image on the ASA, then building and configuring the Firesight Management Center to register and manage the module. Traffic policies on
This document presents a technique to identify the correct IP to MAC address mapping when an attacker is performing ARP spoofing. It discusses limitations of existing probe packet-based detection techniques when facing a strong attacker. The proposed technique generates broadcast ARP requests to identify the correct mapping, even if the attacker can modify the protocol stack. Experimental results show the technique can correctly identify the attacker in both weak and strong attacking environments with only a small increase in network traffic overhead.
This document discusses threat intelligence and the CRITs threat intelligence platform. It defines threat intelligence as information about threats like actors, vulnerabilities, exploits, and malware. It provides examples of the costs of threat intelligence data feeds, from $17,400 to $175,000 per year. It then discusses CRITs, a web-based tool that combines an analytic engine with a cyber threat database for conducting malware analyses and correlating intelligence. CRITs supports various data formats and services to automate tasks and correlate past threat data.
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
Cilium is open source software for providing and transparently securing network connectivity and load balancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. The foundation of Cilium is the new Linux kernel technology BPF which supports the dynamic insertion of BPF bytecode into the Linux kernel at various integration points. This presentation reveals the secrets of Kubernetes networking and gives you a deep dive into Cilium and why it is awesome!
This document provides instructions for setting up site-to-site IPsec virtual private networks (VPNs) between multiple locations. It explains that IPsec is a common network security standard used to create secure VPN tunnels between networks over public networks. The document then gives step-by-step directions for configuring IPsec VPN connections between two sites, and later expands the configuration to include a third site. The goal is to demonstrate how to securely connect multiple branch office networks through IPsec VPNs.
This document discusses virtual private networks (VPNs). It defines VPNs as private networks that use public telecommunications like the internet instead of leased lines. VPNs allow remote access to company networks and save costs by reducing equipment and maintenance expenses. The document outlines common VPN protocols like PPTP, L2TP, and IPsec. It also discusses VPN implementations, device types, advantages, applications, industries that use VPNs, and the future of VPN technology.
This document discusses man-in-the-middle attacks using ARP spoofing. It explains how ARP works and its vulnerabilities, such as a lack of authentication. It then describes how an attacker can send spoofed ARP messages to trick other clients on the network into updating their ARP mappings and sending traffic to the attacker instead of the intended destination. The document recommends defenses like static ARP entries, physical security, and encryption to help prevent man-in-the-middle attacks. It also notes that while technology can help, humans and slow adoption of security practices contribute to ongoing issues.
OpenVAS is an open source vulnerability scanning framework consisting of services and tools that allow for vulnerability scanning and management. It includes OpenVAS scanner which executes network vulnerability tests daily using over 530,000 plugins, and OpenVAS manager which controls scanners and the central SQL database where scan results are stored. The OpenVAS CLI allows users to create batch processes to control the OpenVAS manager.
The document discusses various vulnerabilities in the Metasploitable virtual machine that can be exploited to gain unauthorized access. It describes how backdoors in FTP, IRC, and other services can be used to obtain root shells. It also explains how unintended access points like DistCC and Samba shares are misconfigured, allowing command execution and access to the file system.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Cobbler - Fast and reliable multi-OS provisioningRUDDER
In a lot of companies, machine deployment is a delicate subject: every administrator has his own recipe, using CD-ROMs, static binary images deployed via the network, peer delegation ...
However, one solution makes the consensus when it comes to automated mass deployments ( except in the Cloud ): PXE boot. The main cons are that the deployment and the management of such a service is a pain, and every OS has its own installation automation system.
This is where Cobbler saves the day: it enables a painless and reliably to create a PXE service, usable on either virtual or physical machines, while beeing the most agnostic possible towards the target OSes and its preconfiguration system (preseed, kickstart, sysprep, ...) while offering the possibility to handle lots of configuration parameters in a modular fashion (network, partitionning, user accounts, configuration management agent...)
This conference aims to introduce the audience to the general concepts of Cobbler, and some scenarios where it would be a useful solution.
ARP spoofing allows an attacker to intercept or modify communications between two hosts on a local network by falsifying ARP responses and changing a target's ARP cache entries. The attacker sends spoofed ARP replies associating the target's IP addresses with the attacker's MAC address, intercepting traffic intended for another host. This enables man-in-the-middle attacks where the attacker can sniff or modify intercepted traffic before forwarding it. Defenses include static ARP entries and port security on switches, but weaknesses remain, especially on networks using dynamic addressing protocols like DHCP.
According to Claude Shannon, confusion and diffusion are two key properties for building strong encryption algorithms. Confusion obscures the relationship between the ciphertext and key by having each ciphertext bit depend on multiple key bits. Diffusion spreads the influence of each plaintext symbol over many ciphertext symbols. Modern block ciphers use repeated rounds of confusion and diffusion operations to build strong encryption.
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?ArangoDB Database
View the video of this webinar here: https://www.arangodb.com/arangodb-events/gvisor-kata-containers-firecracker-docker/
Containers* have revolutionized the IT landscape and for a long time. Docker seemed to be the default whenever people were talking about containerization technologies**. But traditional container technologies might not be suitable if strong isolation guarantees are required. So recently new technologies such as gVisor, Kata Container, or firecracker have been introduced to close the gap between the strong isolation of virtual machines and the small resource footprint of containers.
In this talk, we will provide an overview of the different containerization technologies, discuss their tradeoffs, and provide guidance for different use cases.
* We will define the term container in more detailed during the talk
** and yes we will also cover some of the pre-docker container space!
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
The document introduces CrowdStrike speakers George Kurtz, Georg Wicherski, and Alex Radocea. It then discusses the evolution of threats from commercial remote access tools (RATs) to targeted RATs and advanced threats. Examples of commercial RATs like FlexiSPY and targeted RATs like LuckyCat are analyzed. The feasibility of developing exploits and native Android RATs is also explored.
Ricardo Mourato gave a presentation on hacking the QNX RTOS. Some key points:
- QNX is a real-time operating system used in embedded systems like medical devices, robots, and cars. It has a microkernel architecture for reliability.
- Potential vulnerabilities were demonstrated, like exploiting default services like Telnet and FTP to gain root access, or abusing the QCONN debugging protocol.
- The Qnet inter-process communication could allow accessing resources like files and processes remotely in a transparent way.
- A live demonstration showed exploiting these avenues to hack into a QNX system remotely or locally. Default configurations and services provide initial access points to attack the system.
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Cisco Russia
The document discusses the internal architecture of Cisco IOS-XE software and hardware platforms like ASR1000 and ISR4000 routers. It describes the key components like the Route Processor (RP), Embedded Services Processor (ESP), Quantum Flow Processor (QFP), and how they work together. Diagnostic tools for troubleshooting traffic forwarding like conditional debugging, packet tracer and embedded packet capture are also covered.
The document discusses deploying the Wazuh SIEM solution. It describes Wazuh's architecture with agents on endpoints sending security data to a central server. It provides a step-by-step process for installing Wazuh including setting up the server, installing and configuring agents, and integrating network devices via syslog. It also discusses customizing Wazuh through additional decoders and rules to monitor any log data and enhance detection capabilities.
Basic ip traffic management with access control listsSourabh Badve
The document discusses basic concepts of access control lists (ACLs) including the types of ACLs, how they are configured and used, and how traffic is processed when ACLs are applied. It provides details on standard and extended ACLs, how they can be used to filter traffic by source/destination IP addresses, protocols, ports and ICMP message types. The document also covers best practices for verifying, monitoring and placing ACLs on network interfaces.
The document discusses the configuration and setup of the Cisco ASA Firepower module. It provides the following key points:
1. The ASA Firepower module adds next-generation firewall services like IPS, application control, URL filtering, and malware protection. It can be configured in single or multiple context mode, and inline or transparent mode.
2. The module is configured using the separate Firesight Management Center application, either on an external appliance or virtual machine. Basic CLI configuration is also available directly on the ASA.
3. Setup involves installing the module software and image on the ASA, then building and configuring the Firesight Management Center to register and manage the module. Traffic policies on
This document presents a technique to identify the correct IP to MAC address mapping when an attacker is performing ARP spoofing. It discusses limitations of existing probe packet-based detection techniques when facing a strong attacker. The proposed technique generates broadcast ARP requests to identify the correct mapping, even if the attacker can modify the protocol stack. Experimental results show the technique can correctly identify the attacker in both weak and strong attacking environments with only a small increase in network traffic overhead.
This document discusses threat intelligence and the CRITs threat intelligence platform. It defines threat intelligence as information about threats like actors, vulnerabilities, exploits, and malware. It provides examples of the costs of threat intelligence data feeds, from $17,400 to $175,000 per year. It then discusses CRITs, a web-based tool that combines an analytic engine with a cyber threat database for conducting malware analyses and correlating intelligence. CRITs supports various data formats and services to automate tasks and correlate past threat data.
The document summarizes a panel discussion on understanding and thwarting social engineering attacks. The panelist discusses what social engineering is, why it is so successful due to human psychological principles, how maximize efficiency in social engineering tests, and how to thwart social engineering attacks through trust but verification, demanding more data, checking body language, and implementing security by design. The panelist also demonstrates macroexpressions, microexpressions, and provides resources on the topic.
This document discusses Grinder, a system for automating the fuzzing of web browsers and managing large numbers of crashes. It fuzzes browsers by providing invalid, unexpected, or random data to program inputs and monitors for crashes or exceptions. Everything happening in the browser during fuzzing is logged. Grinder has a server, fuzzer nodes, and logging functionality to generate test cases from logs and reduce tests to a minimum size.
This document discusses Content Security Policy (CSP), which defines an HTTP header to whitelist approved sources of content like scripts to prevent XSS attacks. It describes how CSP directives like script-src restrict where code can be loaded from to enhance security. The speaker then demonstrates how to construct CSP policies and explains options like 'unsafe-inline' that disable the protection CSP is meant to provide. In the end, resources on CSP that informed the presentation are listed.
Netcat, also known as the Swiss Army knife of networking tools, can be used for various purposes including creating chat servers, serving web pages, port scanning, file transfers, and obtaining remote shells. The document discusses different versions of Netcat, provides examples of using Netcat for these tasks, and notes some security disadvantages when using it without encryption. Key topics covered include creating a basic chat server and web server, using Netcat for port scanning and file transfers, and obtaining a remote Windows command shell, although this last use raises security concerns.
Shivang Desai presented on OWASP Mobile Top 10 risks M7 (Client Side Injection) and M8 (Security Decisions via Untrusted Inputs). He defined the risks, showed examples like SQL injection, XSS, and URL scheme hijacking. The impacts include consuming paid resources, data exfiltration, and privilege escalation. Prevention methods include sanitizing untrusted data, prepared statements, input validation, and checking caller permissions.
Social engineering is a technique used to manipulate people into revealing confidential information through deception. The document discusses how social engineers create profiles of their targets using online tools and then develop relationships to gain their trust over time in order to attack them through espionage, doxing, or scams. It provides examples of social engineering attacks and tips for protecting personal information online to avoid being targeted.
Venom vulnerability Overview and a basic demoAkash Mahajan
This vulnerability, called VENOM, allows an attacker to escape from a virtual machine guest into the host system. It affects virtualization platforms that use Xen, Qemu, KVM, or VirtualBox as their hypervisor. The vulnerability is in the virtual floppy disk controller code, which contains a buffer overflow issue. This allows an attacker to potentially gain code execution on the host machine. It is a serious issue because many cloud providers use these vulnerable virtualization platforms.
This document discusses buffer overflow attacks and provides an introduction to related concepts like the stack, return addresses, environment pointers, and function calls. It then demonstrates how to write and use exit shellcode by disassembling code, crafting shellcode, and analyzing exploits using gdb. The document aims to educate about buffer overflows through examples and references additional learning resources.
The document discusses the OWASP Top 10 for IoT security risks. It lists the top 10 risks as: 1) Insecure Web Interface, 2) Insufficient Authentication/Authorization, 3) Insecure Network Services, 4) Lack of Transport Encryption, 5) Privacy Concerns, 6) Insecure Cloud Interface, 7) Insecure Mobile Interface, 8) Insufficient Security Configurability, 9) Insecure Software/Firmware, and 10) Poor Physical Security. It provides a brief 1-2 sentence description of each risk, focusing on default passwords, lack of encryption, weak authentication, and exposed services as common issues.
This document provides an overview of Metasploit for beginners. It discusses why Metasploit is useful, how to set up a demo environment, and how to use auxiliary and exploit modules. It then demonstrates auxiliary modules for scanning and information gathering. It also demonstrates two exploit modules against ElasticSearch and Jenkins, using reverse shell payloads. The document provides a cheat sheet for navigating msfconsole and describes common commands used prior to demonstrations.
This document provides an introduction to Security Assertion Markup Language (SAML) and Single Sign-On (SSO). It describes SAML as an XML-based communication mechanism that increases security and application access by enabling single sign-on. The key components of SAML are Identity Providers, Service Providers, and users. SAML defines protocols for authentication assertions and an architecture involving requests, responses, and trust relationships between Identity Providers and Service Providers. SAML profiles include active and passive, depending on whether authentication is via an API call or browser-based. An example use case is SSO for internet applications.
Security Incident Event Management
Real time monitoring of Servers, Network Devices.
Correlation of Events
Analysis and reporting of Security Incidents.
Threat Intelligence
Long term storage
Exploiting publically exposed Version Control SystemAnant Shrivastava
This document discusses exploiting version control systems (VCS) like Git, SVN, and Mercurial. It describes how VCS work and why they can be exploited, noting that auto-deployment features can allow code to be deployed by committing changes. It provides an overview of common VCS files and folders that can be used to extract code from repositories. Tools for extracting code from VCS are also listed. The document concludes with a demonstration of exploiting VCS and checks that can be done to find exposed VCS files.
This document provides an overview of Linux topics including:
1. It discusses various Linux distributions like Debian, Redhat and file system basics like directories and permissions.
2. It covers important commands like ls, grep, sed and editors like vim. It also summarizes installing software, automation with cronjobs and configuring services like SSH.
3. Finally, it touches on shell scripting basics like variables, conditions and loops to automate tasks. It provides examples of overloading commands and writing custom scripts.
Systemd: the modern Linux init system you will learn to loveAlison Chaiken
The talk combines a design overview of systemd with some tutorial incofrmation about how to configure it. Systemd's features and pitfalls are illustrated by short demos and real-life examples. Files used in the demos are listed under "Presentations" at http://she-devel.com/
Video of the live presentation will appear here:
http://www.meetup.com/Silicon-Valley-Linux-Technology/events/208133972/
This document contains notes from a presentation given by Neal Ford on productivity techniques for programmers. Some key topics covered include: accelerating work by using keyboard shortcuts, search over navigation, reducing distractions, applying DRY principles, and automating repetitive tasks. Ford advocates focusing on acceleration, focus, and automation to work more efficiently. He provides many examples of tools and techniques to improve productivity.
This document summarizes an OpenShift State of the Union presentation given at Devoxx 2012. It provides a brief history of OpenShift including its acquisition by Red Hat in 2010 and open sourcing in 2012. It then demonstrates how to get started with OpenShift including signing up, installing client tools, creating a domain and applications, deploying applications using Git, and available web cartridges. Tips and demos of deploying sample applications are also provided.
Norman Maurer discusses how to build low-cost master/slave clusters on Linux using Linux-HA (Heartbeat and DRBD) to provide high availability for mission critical services. Linux-HA allows configuring clusters that can failover services between nodes to ensure availability. DRBD replicates data between nodes, while Heartbeat monitors nodes and fails over services if needed. Configuring DRBD, Heartbeat, and associated scripts allows building clusters for services like Apache HTTPD, databases, mail servers, and more.
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...RootedCON
Radare was originally created as a forensics tool but now also supports bindiffing binaries. It can perform multiple search methods on files including regular expressions, strings, and hexpairs. Signatures and magic templates allow parsing unknown file formats. Scripting is supported through Vala bindings. Filesystems can be mounted and partitions analyzed. Bindiffing helps analyze differences between binaries through function and basic block matching and fingerprints. A work-in-progress graphical interface called ragui is also being built.
(1) Pick up one Android phone and discover its internals
(2) Learn how to select the "weapons" to fight with
Android system facilities
(3) Skipping Java parts, we focus on the native area:
dynamic linking, processes, debugger, memory
layout, IPC, and interactions with frameworks.
(4) It is not comprehensive to familarize Android. The
goal is to utilize Android platforms, which are the
popular and powerful development devices to us.
This document provides an overview of customizing Android systems. It discusses the different types of Android devices that can be customized, including smartphones, tablets, mini PCs and more. It describes the different types of Android source code and licenses. It then gives instructions on setting up development environments and building Android from source for two example devices - the Nexus 7 tablet and Pandaboard evaluation board. The document outlines the boot process, init files, and building OTA update packages to write customized ROMs to devices.
The Saga of JavaScript and Typescript: in Deno landHaci Murat Yaman
This document discusses Deno, a JavaScript and TypeScript runtime built in Rust. It provides 3 key points:
1. Deno was created by Ryan Dahl to address issues he saw in Node.js like security, dependencies, and build systems.
2. Deno is a secure runtime that only allows access to files, network, etc. if explicitly enabled. It uses V8 and includes built-in modules similar to Golang's standard library.
3. Code samples demonstrate creating an HTTP server and reading/writing JSON files in Deno, highlighting features like ES modules and TypeScript support.
Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin
This document discusses identifying and exploiting vulnerabilities in consumer routers. It provides examples of analyzing firmware from various router models, including the (--E)-LINK DIR-120 and DIR-300, to gain unauthorized access. Methods discussed include reverse engineering firmware, exploiting services like telnet that are exposed without authentication, and modifying the read-only filesystem. The document also talks about using these compromised routers as bots for botnets performing activities like DDoS attacks, cryptocurrency mining, and spam/phishing campaigns. It provides examples of real botnets like Psyb0t that have exploited routers.
JS Fest 2019. Ryan Dahl. Deno, a new way to JavaScriptJSFestUA
From async-await to ArrayBuffers, the JavaScript language has changes significantly in the decade since Node.js was designed. Deno takes advantage of these developments and incorporate lessons learned in the development of Node to provide a new JavaScript platform built on V8 and Rust. This talk will teach the audience how to get started with Deno.
Take care of hundred containers and not go crazyHonza Horák
This document summarizes Honza Horak's presentation on strategies for managing a large portfolio of container images. It discusses sharing sources and scripts across versions to reduce duplication and simplify maintenance. Templating approaches are presented to generate downstream variants from a single upstream source. Maintaining common packages and scripts in intermediate layers is suggested to facilitate reuse. The use of automated tests for container images on each change is also advocated to prevent regressions.
This document provides an overview of the Android mobile platform architecture. It describes that Android is based on the Linux kernel with additional enhancements for power management, inter-process communication, and more. It also discusses the Dalvik virtual machine, core libraries, and hardware abstraction layer. Finally, it covers aspects of application development including setting up the manifest, laying out UI with XML, and debugging apps.
JavaScript all the things! - FullStack 2017Jan Jongboom
This document discusses using JavaScript on microcontrollers. It outlines how to set up JerryScript, a JavaScript VM, on an ARM microcontroller with Mbed OS to run JavaScript applications. It also describes how to create C++ drivers and expose them to JavaScript through bindings. The document provides code examples and demos running JavaScript on a microcontroller board to interact with sensors. It envisions further standardizing JavaScript APIs for microcontrollers and improving code sharing across ecosystems.
This document discusses debugging techniques for production environments. It covers using debuggers and symbol files to debug running processes, remote debugging to debug processes on other machines, analyzing core dumps to debug crashed processes postmortem, and snapshot debugging using Application Insights to capture the state of an application during errors. It also introduces the OzCode production debugging platform, which aims to provide a unified experience for debugging applications running in cloud, on-premise, and other complex environments.
The lecture by Norman Feske for Summer Systems School'12.
Genode Compositions
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
Genode[2] - The Genode operating-system framework provides a uniform API for applications on top of 8 existing microkernels/hypervisors: Linux, L4ka::Pistachio, L4/Fiasco, OKL4, NOVA, Fiasco.OC, Codezero, and a custom kernel for the MicroBlaze architecture.
1. http://ksyslabs.org/
2. http://genode.org
Clonezilla is an open-source disk and partition imaging/cloning application similar to commercial tools like Ghost and Acronis True Image. It can be used to clone hard drives, restore disk images, and deploy images across multiple systems. The presentation discusses Clonezilla features, how it works, related projects like DRBL-Winroll and Cloudboot, and use cases like mass deployment and bare metal recovery. It also provides information on the Clonezilla team and community.
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
The document discusses vulnerabilities found in various database software products through analyzing their code and installation directories. Local privilege escalation bugs were found in IBM DB2 and Informix by exploiting how environment variables and shared libraries were handled. Remote code execution bugs were also discovered in UniData and Informix through fuzzing protocols and by exploiting unsafe functions. The document encourages searching for more bugs in database software.
Similar to Radare2 - An Introduction by Anto Joseph (20)
DDS Security Version 1.2 was adopted in 2024. This revision strengthens support for long runnings systems adding new cryptographic algorithms, certificate revocation, and hardness against DoS attacks.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
Odoo ERP software
Odoo ERP software, a leading open-source software for Enterprise Resource Planning (ERP) and business management, has recently launched its latest version, Odoo 17 Community Edition. This update introduces a range of new features and enhancements designed to streamline business operations and support growth.
The Odoo Community serves as a cost-free edition within the Odoo suite of ERP systems. Tailored to accommodate the standard needs of business operations, it provides a robust platform suitable for organisations of different sizes and business sectors. Within the Odoo Community Edition, users can access a variety of essential features and services essential for managing day-to-day tasks efficiently.
This blog presents a detailed overview of the features available within the Odoo 17 Community edition, and the differences between Odoo 17 community and enterprise editions, aiming to equip you with the necessary information to make an informed decision about its suitability for your business.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
2. @whoami
Ê Anto
Joseph
C
J
Ê Security
Engineer
@
Citrix
Ê Speaker
/
Trainer
@
NullCon
,
GroundZero,C0C0n
,
X0rConf…
Ê Primary
Interests
in
Android
/
IOS
,
IOT
and
a
little
bit
of
everything
Ê Twitter
:
@antojosep007
3.
4. Ê radare
is
a
reverse
engineering
framework
Ê Lots
of
cli
tools
to
work
with
binary
files
and
understand
the
way
they
work.
Ê supports
analyzing
binaries,
disassembling
code,
debugging
programs,
attaching
to
remote
gdb
servers
and
so
on.
source
(http://radare.org/r/)
radare2
5. Use
Cases
Ê Disassemble
(and
assemble
for)
many
different
architectures
Ê Debug
with
local
native
and
remote
debuggers
(gdb,
rap,
webui,
r2pipe,
winedbg,
windbg)
Ê Perform
forensics
on
file
systems
and
data
carving
Ê Be
scripted
in
Python,
Javascript,
Go
and
more
Ê Support
collaborative
analysis
using
the
embedded
webserver
Ê Visualize
data
structures
of
several
file
types
Ê Patch
programs
to
uncover
new
features
or
fix
vulnerabilities
Ê Use
powerful
analysis
capabilities
to
speed
up
reversing
Ê Aid
in
software
exploitation
(
source
:
http://radare.org/r/
)
10. Basic
Analysis
Ê “?
“
is
your
friend
,
useful
for
understanding
commands
Ê Radare2
ELF_NAME
Ê AAA
:
Full
Analysis
Ê V
:
Enter
Graphical
Mode
Ê n
:
Seek
b/w
Sections
Ê Get
to
Main
and
Use
V
again
to
see
the
data
flow
11. Basic
Commands
Ê pdf
@
main
:
prints
the
dis-‐assembled
function,
which
is
the
main
function
in
this
case
Ê x
10
:
prints
the
first
10
bytes
of
memory
from
the
current
offset
Ê s
(
0x0ffset)
:
seeks
to
the
specified
offset
Ê ?
0x34
^
0x34
:
does
xor
within
radare2
and
prints
output
in
different
formats
Ê 117
^
0x34
:
does
base
conversion
and
then
does
xor
12. Demo
Time
:
3
little
crackme
Ê First
2
crackme’s
from
ripsec
(
http://security.cs.rpi.edu/courses/binexp-‐spring2015/
)
Ê 3rd
challenge
:
EasyELF
from
(
http://reversing.kr/download.php?n=11)
Ê Start
from
strings
or
Main
Function
Ê Analyze
where
the
input
goes
to
Ê Locate
the
FLAG
in
memory
Ê
Identify
the
Logic
Ê Enter
your
FLAG
J