Programmers naturally assume that different programs require different code. Minesweeper is not the same as AES, Windows is not the same as Linux, and Notepad is not the same as malware. But what if this were not the case? We'll walk through how we can convert all programs into the exact same code - allowing the CPU to execute the same sequence of instructions, to run any possible application. By fundamentally changing our ideas about what it means to "compute", we'll outline the unsettling implications for malware detection, and open some fascinating new doors in exploitation.
This document lists over 200 game commands used by game masters and administrators in an online game. It provides brief explanations for many commands, indicating what they do or that the user does not have permission to test them. Placeholders like <USERNAME> indicate where users should input specific values.
O desenvolvimento de aplicações Android comumente exigem a criação de chamadas assíncronas, que podem acabar gerando diversos problemas como por exemplo o famigerado callback hell. As Coroutines oferecem uma maneira de escrever códigos assíncronos de forma sequencial em uma co-rotina, possibilitando um código mais compacto, fácil de gerenciar e alterar, além de gerar as chamadas lightweight threads, muito mais performáticas que as threads comuns. Nessa palestra vamos mostrar as principais features do Coroutines que podem resolver esse tipo de problema.
Behind the Performance of Quake 3 Engine: Fast Inverse Square RootMaksym Zavershynskyi
Quake 3 was probably the most famous first-person shooter back in 1999. It had fascinating graphics and very high-responsiveness which is the result of a performance optimization and high-quality code written by id
Software team. One of the most famous optimization tricks is the function that computes the approximate of inverse (reciprocal) square root through some clever bit hacking. This function is the subject of investigations by mathematicians and programmers even today. In this presentation we try to understand how it works and we also try to find the author.
The Ring programming language version 1.7 book - Part 57 of 196Mahmoud Samir Fayed
This document provides documentation for a Super Man game created with the Ring game engine. It includes the code for game objects like sprites, maps, and text displays. The player controls a Superman sprite to collect stars and keys while avoiding enemy sprites. The game ends if the player runs out of energy or reaches the exit.
Sine Wave Generator with controllable frequency displayed on a seven segment ...Karthik Rathinavel
• Designed a Sine Wave Generator Hardware, whose frequency could be controlled using a quadrature encoder.
• Coded the FPGA board in System Verilog to display a count (going from 0 to 9999) on to a seven segment board. This count that was displayed, was same as the frequency of the sine wave generated.
• Incorporated a brightness control feature for all the digits being displayed. This was done by changing the duty cycle using a push button for the PWM control.
• Included an additional feature of increasing the count and the frequency by tens, hundreds or thousands, instead of increasing by just one.
Presentation given to the London Ruby User Group (LRUG) and the Ipswich Ruby User Group (IPRUG) on a simple project I made called IttyBittyBoom.com which is an HTML5 based bomberman clone.
The Ring programming language version 1.5.4 book - Part 25 of 185Mahmoud Samir Fayed
This document describes various file handling functions in Ring programming language including Read(), Write(), Dir(), Rename(), Remove(), Fopen(), Fclose(), Fflush(), Freopen(), Tempfile(), Tempname(), Fseek(), Ftell(), and provides examples of how to use each function to read, write, modify and get information about files. It also covers opening and closing files, seeking to different positions in a file, generating temporary file names and more.
The document demonstrates various Kotlin programming concepts including:
1. Classes, objects, properties and methods are defined to represent a Person with a name and age.
2. Functions like maxBy() are used to find the oldest person by comparing their age properties.
3. Different ways of handling null values safely are shown using elvis operator and safe calls.
4. Control flow structures like if/else and when are demonstrated along with various operators.
This document lists over 200 game commands used by game masters and administrators in an online game. It provides brief explanations for many commands, indicating what they do or that the user does not have permission to test them. Placeholders like <USERNAME> indicate where users should input specific values.
O desenvolvimento de aplicações Android comumente exigem a criação de chamadas assíncronas, que podem acabar gerando diversos problemas como por exemplo o famigerado callback hell. As Coroutines oferecem uma maneira de escrever códigos assíncronos de forma sequencial em uma co-rotina, possibilitando um código mais compacto, fácil de gerenciar e alterar, além de gerar as chamadas lightweight threads, muito mais performáticas que as threads comuns. Nessa palestra vamos mostrar as principais features do Coroutines que podem resolver esse tipo de problema.
Behind the Performance of Quake 3 Engine: Fast Inverse Square RootMaksym Zavershynskyi
Quake 3 was probably the most famous first-person shooter back in 1999. It had fascinating graphics and very high-responsiveness which is the result of a performance optimization and high-quality code written by id
Software team. One of the most famous optimization tricks is the function that computes the approximate of inverse (reciprocal) square root through some clever bit hacking. This function is the subject of investigations by mathematicians and programmers even today. In this presentation we try to understand how it works and we also try to find the author.
The Ring programming language version 1.7 book - Part 57 of 196Mahmoud Samir Fayed
This document provides documentation for a Super Man game created with the Ring game engine. It includes the code for game objects like sprites, maps, and text displays. The player controls a Superman sprite to collect stars and keys while avoiding enemy sprites. The game ends if the player runs out of energy or reaches the exit.
Sine Wave Generator with controllable frequency displayed on a seven segment ...Karthik Rathinavel
• Designed a Sine Wave Generator Hardware, whose frequency could be controlled using a quadrature encoder.
• Coded the FPGA board in System Verilog to display a count (going from 0 to 9999) on to a seven segment board. This count that was displayed, was same as the frequency of the sine wave generated.
• Incorporated a brightness control feature for all the digits being displayed. This was done by changing the duty cycle using a push button for the PWM control.
• Included an additional feature of increasing the count and the frequency by tens, hundreds or thousands, instead of increasing by just one.
Presentation given to the London Ruby User Group (LRUG) and the Ipswich Ruby User Group (IPRUG) on a simple project I made called IttyBittyBoom.com which is an HTML5 based bomberman clone.
The Ring programming language version 1.5.4 book - Part 25 of 185Mahmoud Samir Fayed
This document describes various file handling functions in Ring programming language including Read(), Write(), Dir(), Rename(), Remove(), Fopen(), Fclose(), Fflush(), Freopen(), Tempfile(), Tempname(), Fseek(), Ftell(), and provides examples of how to use each function to read, write, modify and get information about files. It also covers opening and closing files, seeking to different positions in a file, generating temporary file names and more.
The document demonstrates various Kotlin programming concepts including:
1. Classes, objects, properties and methods are defined to represent a Person with a name and age.
2. Functions like maxBy() are used to find the oldest person by comparing their age properties.
3. Different ways of handling null values safely are shown using elvis operator and safe calls.
4. Control flow structures like if/else and when are demonstrated along with various operators.
DEF CON 23 - Atlas - fun with symboliksFelipe Prado
This document provides an introduction to symbolik analysis using Vivisect, a binary analysis framework. It discusses key concepts like symbolic emulation, symbolic effects, constraints, graph theory, and reduction. Examples are given of how symbolik analysis can be used for tasks like identifying register traversal ROP gadgets, solving switch/case statements, and aiding the discovery of 0-day vulnerabilities through techniques like input substitution. The document encourages experimenting with Vivisect's Python API to further understand and apply symbolic analysis.
The document discusses reverse engineering techniques and obfuscation using only the mov instruction. It describes how an experienced reverse engineer would approach analyzing code that has been obfuscated to only use mov instructions by tracking data flows and values. An example of obfuscated mov-only code is provided.
Tokyo APAC Groundbreakers tour - The Complete Java DeveloperConnor McDonald
A look at the techniques that middle tier developers can employ to get greater value out of their applications, simply by having an understanding of how the database works and how to make it sing.
This document discusses several Python peculiarities and quirks through examples of code snippets. Some key points covered include:
- Importing * can override expected values
- Default arguments are evaluated once at compile time
- Built-in functions like str behave differently on integers vs other objects
- Special modules and future imports can enable unusual syntax as easter eggs
- Implicit variables like _ can cause unexpected behavior
- Indexing issues can arise from iterating over lists in certain ways
The examples serve to illustrate subtle behaviors in Python and emphasize writing clear and intentional code over clever tricks that may confuse others or cause bugs. Readability, commenting, and avoiding imports of all symbols are suggested.
This document describes BE-PUM, a tool for generating control flow graphs (CFGs) from binary malware code to facilitate model checking. BE-PUM uses binary emulation and pushdown model generation to handle obfuscation techniques like indirect jumps, self-modifying code, decryption, and packers. It generates more precise models than tools like Jakstab and IDA Pro. The document outlines BE-PUM's approach, provides examples of how it handles different obfuscations, and compares it to other tools based on experiments. It is presented as both a model generator and emulator that can under-approximate programs through concolic testing and white-box testing.
The document describes exploiting a vulnerability in the Nebula Death Stick Services website. It finds that arbitrary files can be read via the ?page= parameter. It then uses this to read the binary and determine the environment. It constructs a ROP chain using gadgets in the binary to hijack control flow, modify the GOT to point execve to the libc execve function, and spawn a shell. It builds the ROP chain on a custom stack location by abusing sprintf calls to transfer bytes.
본 장에서는 C언어의 관계연산자, 논리연산자, 비트연산자에 대해 다루어 보겠습니다.
- Youtube 강의동영상
https://youtu.be/XGPVLztgiOI
- 코드는 여기에서 다운 받으세요
https://github.com/dongupak/Basic-C-Programming
Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.
함태윤(erkas.c) / DAUM WEBTOON COMPANY
동영상이 포함된 pdf를 아래 링크에서 다운받아서, adobe reader에서 확인가능합니다.
https://mk.kakaocdn.net/dn/if-kakao/conf2018/Daum_Webtoons_UX.pdf
---
다음웹툰 안드로이드 앱에 적용된 UX(Animation, Transition, Custom View) 에 대한 소개와
단순히 현재 개발된 모습만이 아니라 그 과정을 같이 소개합니다.
부드럽고 자연스러우며 의미있는 그러면서 과하지 않은 UX를 고민하였고,
그에 따른 결과물로 다음웹툰 2.0 이 출시되었고, 출시 후 Transition, Animation 에 대한 좋은 피드백을 받았었습니다.
그래서 사용자 UX 적으로 어떤 고민들을 하였고, 어떻게 적용, 발전시켜 왔는지에 대해서 공유하도록 하겠습니다.
1. 디자인 시안 분석에서 시작되는 UX 구성 과정
2. 프로토타이핑 및 UX 구현, 튜닝 과정
3. 다음웹툰의 향후 UX 개발과정 공개
My DEEPSEC 2012 talk explores the fine art of packaging when it comes to exploits. No this is not another talk about packers or crypters. We are talking STYLE! A successful exploit is one that is innovatively delivered, in style. We shall be talking about a number of sneaky, funny and innovative techniques for delivering exploits to their doorsteps without annoyances like anti-virus or content filtering getting in the way.
This talk goes beyond the obvious obfuscation. We combine the power of web hacking, the power of sophisticated exploit development and goofball creativity to ensure that exploits get delivered and detonate on time, as planned. Did you know you can literally paint an exploit on canvas? Have you heard of chameleon Javascript? This and more in the talk!
There are two types of ciphers - Block and Stream. Block is used to .docxrelaine1
This document provides an overview of different modes of operation for ciphers including Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, Output Feedback (OFB) mode, and Counter (CTR) mode. It explains the basic operations of each mode, such as how plaintext blocks are encrypted and how subsequent blocks depend on previous encrypted blocks. Weaknesses of the DES cipher are also discussed, noting it was withdrawn in 2005 due to insufficient security. The document then provides an example of applying CBC mode to DES encryption.
An introduction to the elixir language and the otp framework. A workshop was done and the code can be found here: https://github.com/mendrugory/elixir_and_otp_apps_presentation_1
Beyond PHP - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just writing PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
This document contains code examples in assembly language for the EMU8086 emulator. It includes examples for "Hola Mundo" (Hello World), displaying data, comparing numbers, and summing 10 numbers. The code displays text on the screen and performs basic operations like addition, comparison and printing values.
[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...Asuka Nakajima
[Abstract]
When developing a 1-day exploit code, patch diffing (binary diffing) is one of the major techniques to identify the part that security fixes are applied. This technique is well-known since long ago among reverse engineers, and thus to support the diffing, various tools such as BinDiff, TurboDiff, and Diaphora have been developed. However, although those fantastic tools greatly support the analysis, patch diffing is still a difficult task because it requires deep knowledge and experience. In order to address this issue, we conducted a pilot study with the goal to achieve a semi-automated patch diffing by applying machine-learning techniques. Based on the hypothesis that “similar types of vulnerabilities will be fixed in a similar manner,” we have applied the unsupervised machine learning technique to extract those patterns and considered the way to achieve semi-automated patch diffing. In the talk, we will show the details of our pilot study and share the insights that we have gained it. We believe that our insights will help other researchers who will conduct similar research in the future.
This slide is my presentation for a reading circle "Machine Learning Professional Series".
Japanese version is here.
http://www.slideshare.net/matsukenbook/ss-50545587
A C# coding challenge to solve a range of mazes with differing dimensions and styles. The total run time was considerably less than a target maximum run time.
This document provides an overview of WebAssembly (WASM) and analyzes its attack surface. It begins with a brief history of WASM and describes its Minimum Viable Product (MVP) 1.0 specification, which defines its instruction set and file format. It then discusses WASM's implementation in web browsers and interaction with JavaScript, highlighting its potential attack surface. Examples of past vulnerabilities leveraging WASM are also provided, such as CVE-2017-5116 which used a race condition to redirect execution to attacker-controlled code. The document concludes by discussing the future of WASM and taking questions.
This document discusses techniques used for hunting and analyzing malware on Mac systems. It describes common commands used by attackers for reconnaissance, backdoor installation, persistence, cleanup, and lateral movement. Specific indicators are also provided, such as backdoor file names and IP addresses. Hunting involves understanding the process tree and difficulties in detection given legitimate system tools are also used by attackers.
DEF CON 23 - Atlas - fun with symboliksFelipe Prado
This document provides an introduction to symbolik analysis using Vivisect, a binary analysis framework. It discusses key concepts like symbolic emulation, symbolic effects, constraints, graph theory, and reduction. Examples are given of how symbolik analysis can be used for tasks like identifying register traversal ROP gadgets, solving switch/case statements, and aiding the discovery of 0-day vulnerabilities through techniques like input substitution. The document encourages experimenting with Vivisect's Python API to further understand and apply symbolic analysis.
The document discusses reverse engineering techniques and obfuscation using only the mov instruction. It describes how an experienced reverse engineer would approach analyzing code that has been obfuscated to only use mov instructions by tracking data flows and values. An example of obfuscated mov-only code is provided.
Tokyo APAC Groundbreakers tour - The Complete Java DeveloperConnor McDonald
A look at the techniques that middle tier developers can employ to get greater value out of their applications, simply by having an understanding of how the database works and how to make it sing.
This document discusses several Python peculiarities and quirks through examples of code snippets. Some key points covered include:
- Importing * can override expected values
- Default arguments are evaluated once at compile time
- Built-in functions like str behave differently on integers vs other objects
- Special modules and future imports can enable unusual syntax as easter eggs
- Implicit variables like _ can cause unexpected behavior
- Indexing issues can arise from iterating over lists in certain ways
The examples serve to illustrate subtle behaviors in Python and emphasize writing clear and intentional code over clever tricks that may confuse others or cause bugs. Readability, commenting, and avoiding imports of all symbols are suggested.
This document describes BE-PUM, a tool for generating control flow graphs (CFGs) from binary malware code to facilitate model checking. BE-PUM uses binary emulation and pushdown model generation to handle obfuscation techniques like indirect jumps, self-modifying code, decryption, and packers. It generates more precise models than tools like Jakstab and IDA Pro. The document outlines BE-PUM's approach, provides examples of how it handles different obfuscations, and compares it to other tools based on experiments. It is presented as both a model generator and emulator that can under-approximate programs through concolic testing and white-box testing.
The document describes exploiting a vulnerability in the Nebula Death Stick Services website. It finds that arbitrary files can be read via the ?page= parameter. It then uses this to read the binary and determine the environment. It constructs a ROP chain using gadgets in the binary to hijack control flow, modify the GOT to point execve to the libc execve function, and spawn a shell. It builds the ROP chain on a custom stack location by abusing sprintf calls to transfer bytes.
본 장에서는 C언어의 관계연산자, 논리연산자, 비트연산자에 대해 다루어 보겠습니다.
- Youtube 강의동영상
https://youtu.be/XGPVLztgiOI
- 코드는 여기에서 다운 받으세요
https://github.com/dongupak/Basic-C-Programming
Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.
함태윤(erkas.c) / DAUM WEBTOON COMPANY
동영상이 포함된 pdf를 아래 링크에서 다운받아서, adobe reader에서 확인가능합니다.
https://mk.kakaocdn.net/dn/if-kakao/conf2018/Daum_Webtoons_UX.pdf
---
다음웹툰 안드로이드 앱에 적용된 UX(Animation, Transition, Custom View) 에 대한 소개와
단순히 현재 개발된 모습만이 아니라 그 과정을 같이 소개합니다.
부드럽고 자연스러우며 의미있는 그러면서 과하지 않은 UX를 고민하였고,
그에 따른 결과물로 다음웹툰 2.0 이 출시되었고, 출시 후 Transition, Animation 에 대한 좋은 피드백을 받았었습니다.
그래서 사용자 UX 적으로 어떤 고민들을 하였고, 어떻게 적용, 발전시켜 왔는지에 대해서 공유하도록 하겠습니다.
1. 디자인 시안 분석에서 시작되는 UX 구성 과정
2. 프로토타이핑 및 UX 구현, 튜닝 과정
3. 다음웹툰의 향후 UX 개발과정 공개
My DEEPSEC 2012 talk explores the fine art of packaging when it comes to exploits. No this is not another talk about packers or crypters. We are talking STYLE! A successful exploit is one that is innovatively delivered, in style. We shall be talking about a number of sneaky, funny and innovative techniques for delivering exploits to their doorsteps without annoyances like anti-virus or content filtering getting in the way.
This talk goes beyond the obvious obfuscation. We combine the power of web hacking, the power of sophisticated exploit development and goofball creativity to ensure that exploits get delivered and detonate on time, as planned. Did you know you can literally paint an exploit on canvas? Have you heard of chameleon Javascript? This and more in the talk!
There are two types of ciphers - Block and Stream. Block is used to .docxrelaine1
This document provides an overview of different modes of operation for ciphers including Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, Output Feedback (OFB) mode, and Counter (CTR) mode. It explains the basic operations of each mode, such as how plaintext blocks are encrypted and how subsequent blocks depend on previous encrypted blocks. Weaknesses of the DES cipher are also discussed, noting it was withdrawn in 2005 due to insufficient security. The document then provides an example of applying CBC mode to DES encryption.
An introduction to the elixir language and the otp framework. A workshop was done and the code can be found here: https://github.com/mendrugory/elixir_and_otp_apps_presentation_1
Beyond PHP - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just writing PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
This document contains code examples in assembly language for the EMU8086 emulator. It includes examples for "Hola Mundo" (Hello World), displaying data, comparing numbers, and summing 10 numbers. The code displays text on the screen and performs basic operations like addition, comparison and printing values.
[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...Asuka Nakajima
[Abstract]
When developing a 1-day exploit code, patch diffing (binary diffing) is one of the major techniques to identify the part that security fixes are applied. This technique is well-known since long ago among reverse engineers, and thus to support the diffing, various tools such as BinDiff, TurboDiff, and Diaphora have been developed. However, although those fantastic tools greatly support the analysis, patch diffing is still a difficult task because it requires deep knowledge and experience. In order to address this issue, we conducted a pilot study with the goal to achieve a semi-automated patch diffing by applying machine-learning techniques. Based on the hypothesis that “similar types of vulnerabilities will be fixed in a similar manner,” we have applied the unsupervised machine learning technique to extract those patterns and considered the way to achieve semi-automated patch diffing. In the talk, we will show the details of our pilot study and share the insights that we have gained it. We believe that our insights will help other researchers who will conduct similar research in the future.
This slide is my presentation for a reading circle "Machine Learning Professional Series".
Japanese version is here.
http://www.slideshare.net/matsukenbook/ss-50545587
A C# coding challenge to solve a range of mazes with differing dimensions and styles. The total run time was considerably less than a target maximum run time.
This document provides an overview of WebAssembly (WASM) and analyzes its attack surface. It begins with a brief history of WASM and describes its Minimum Viable Product (MVP) 1.0 specification, which defines its instruction set and file format. It then discusses WASM's implementation in web browsers and interaction with JavaScript, highlighting its potential attack surface. Examples of past vulnerabilities leveraging WASM are also provided, such as CVE-2017-5116 which used a race condition to redirect execution to attacker-controlled code. The document concludes by discussing the future of WASM and taking questions.
This document discusses techniques used for hunting and analyzing malware on Mac systems. It describes common commands used by attackers for reconnaissance, backdoor installation, persistence, cleanup, and lateral movement. Specific indicators are also provided, such as backdoor file names and IP addresses. Hunting involves understanding the process tree and difficulties in detection given legitimate system tools are also used by attackers.
The document summarizes a presentation about exploiting a vulnerability in Apple's code signing process on macOS. The vulnerability allows ad-hoc signed malicious code to bypass Gatekeeper and execute on systems where only Apple-signed code is supposed to run. The presentation covered code signing basics, a demonstration of the vulnerability, technical details, how it impacts third-party software vendors, the disclosure process to Apple, and recommendations for properly validating signed code.
Cloud forensics putting the bits back togetherShakacon
The document discusses forensic investigations of AWS EC2 instances and EBS volumes. It details the process the author took to launch EC2 instances with different EBS volume types, write and delete files, snapshot the volumes, and use forensic software to recover deleted files from the snapshots. The results showed that standard, gp2 and io1 volume types had the highest recovery rates of deleted files from snapshots, while sc1 and st1 volume types recovered fewer files and in some cases produced anomalously large PDF files. Maintaining chain of custody of forensic evidence and using separate AWS accounts was recommended to safeguard recovered data.
Pwned in Translation - from Subtitles to RCEShakacon
What if I told you, that when you're watching a movie on your PC or streamer - someone might also be watching you. And he might be doing so - using subtitles.
Yes, subtitles, those innocent looking text lines at the bottom of your screen. Millions of people use them without a second thought – never wondering where they come from, where they're parsed or how they are rendered. You might be surprised to find that there are actually more than 25 subtitle formats out there, most of which support exotic features such as HTML tags, raw images or even freeform binary (What?). Moreover, there is no standard library designed to parse subtitles, which leaves this task to be independently implemented by the various media players. What can go wrong?
Well, basically - everything.
This presentation will show, for the first-ever time on stage, the disastrous potential of subtitles as an attack vector. We will explain and demo the numerous vulnerabilities we found involving subtitles. There will be unsanitized JavaScript running on native web applications; file systems being manipulated; heaps being corrupted; and full RCE on the most common streaming platforms including VLC, Kodi (XBMC) and PopcornTime. It really seems there is no limit to what can be done using those little helpful text files.
But perhaps the best thing about this attack vector, is that in some of these media players, subtitles are automatically downloaded, requiring no user interaction. These subtitles are commonly downloaded from shared online repositories (such as OpenSubtitles) where they are indexed and ranked. In order to make sure our crafted malicious subtitles would be the ones downloaded by the video player, we had to manipulate the website ranking algorithm. So, we did that as well - Look ma, no MITM.
Since we showed full control over the entire subtitles chain is possible, an attacker using this technique can also choose to narrow his target audience based on the subtitle language and specific movies or simply spray his exploits in all directions, which leaves millions of people exposed to this new infection method.
One of the most insidious actions of malware is abusing the video and audio capabilities of an infected host to record an unknowing user. Macs of course, are not immune; malware such as OSX/Eleanor, OSX/Crisis, and others, all attempt to spy on OS X users.
And as was recently shown by the author, more advanced malware could piggyback into legitimate webcam sessions in order to covertly record the local user. As there are no visible indications of this malicious activity (as the LED light is already on), the malware can record both audio and video without fear of detection.
After examining various ‘webcam-aware’ OS X malware samples and describing the technical details of the piggyback attack, the talk will dive into OverSight.
OverSight is a free tool that implements various novel protection mechanisms in order to alert Mac users of any code that attempts to access the mic or webcam (even via the stealthy piggyback attack). We’ll dive into the design and technical details of tool, describing various components for the first time.
Following this, we’ll look at an interesting case study, where OverSight discovered that a popular mac application was continuing to record, even when the user turned it off. Yikes! Finally, the talk will conclude by discussing future trends of both webcam/mic aware macOS malware and defensive detection methodologies. With such insights, we’ll strive to keep macOS users protected and secure!
Modern Reconnaissance Phase on APT - protection layerShakacon
The document discusses 5 case studies of modern reconnaissance techniques used by advanced persistent threat (APT) actors. Each case study examines a different infection vector involving documents with embedded objects that first perform reconnaissance on the target system before deciding whether to deploy a final payload. The case studies demonstrate evolving tactics to avoid exposing valuable code and thwart analysis.
This session will provide insight into highly disruptive breaches that MANDIANT investigated over the past year. It describes how threat actors have destroyed system infrastructure and taken companies offline for weeks. The threat actors are split into two categories for this talk and focused on the SHAMOON cases. I will also talk about highlights from Incident Response cases of 2017. Financially motivated vs Non Financially motivated. I will talk about how recent attacks with SHAMOON differ - their motives compared to financially motivated threat actors. Highlights from a couple of 2017 IRs - Overview of TTPs of the important State Sponsored Attacks seen in 2017.
A Decompiler for Blackhain-Based Smart Contracts BytecodeShakacon
The document discusses decompiling Ethereum smart contracts. It describes how smart contracts written in Solidity are compiled to Ethereum Virtual Machine (EVM) bytecode that is stored on the blockchain. The bytecode contains a dispatcher that uses the first 4 bytes of the call data, representing the function hash, to determine which function to execute. Function parameters and local variables are accessed using EVM instructions like CALLDATALOAD and stored in memory and on the stack.
Honey, I Stole Your C2 Server: A Dive into Attacker InfrastructureShakacon
As an incident responder, have you ever thought about how much easier an investigation would be if you had the C2 server in your possession? In this talk, we are going to deep dive a rare investigation in which Mandiant obtained a forensic copy of an attacker C2 system. You will learn about the initial compromise of the C2 server, the tools and tactics used by the attacker, and the investigative steps taken to identify the full scope of the attack. In addition, you will learn about the specific challenges involved with the analysis, the tool I developed to carve all PostGreSQL rows from a forensic image, and some unique lessons learned from performing this investigation.
Dock ir incident response in a containerized, immutable, continually deploy...Shakacon
This document discusses incident response strategies in a containerized and immutable infrastructure environment like Docker. It addresses challenges like lack of system and software inventory visibility due to rapid container changes, and lack of agent-based security due to single-purpose containers. It proposes solutions like establishing managed base container OSs, whitelisting allowed containers and files, and leveraging logs and sidecar containers to monitor for detections. Response challenges around long investigation timeframes due to short container lifetimes and lack of access are addressed with strategies like comprehensive logging, filesystem artifact preservation, and automating remote response capabilities.
Reviewing the Security of ASoC Drivers in Android KernelShakacon
The ALSA System on Chip (ASoC) provides a common architecture for chip vendors to develop drivers for their sound SoCs and codecs. It is also the core management of sound drivers in Android kernel. Compare with the well-known libstagefright library, the ASoC driver works in kernel space and talk to up level media libraries through HAL, thus it plays a much more important role, it is the real heart of the whole Android media service.
However, few vulnerabilities have been disclosed on this part on Android before our research (starting from the middle of 2016). There are multiple reasons: The ALSA project has almost twenty years history and most bugs may have been killed in the past few years in main linux kernel; Developers become more and more familiar with the project thus not easy to introduce bunch of new bugs; The standard of coding style, testing flow and code review processes guaranteed the quality, and this is often what the open source projects benefits.
But what if this old project meets with the much younger Android OS? The situation is really out of my expectation. With a total review of the ASoC implementation and combining effective fuzzing tools, I was able to disclose dozens of bugs in Android ASoC drivers. These bugs includes the type of normal OOBs, the stack overflows, the heap overflows, race conditions and the use-after-free/double-frees. And what comes out more interesting is that, these bugs were introduced from several different channels: chip vendors, device manufacturers, and the ALSA project maintainers.
This proves me the fact that the ASoC driver in Android kernel is a completely vulnerable but overlooked attack surface.
Silent Protest: A Wearable Protest NetworkShakacon
Independent observers are noting a decrease in Freedom of speech worldwide. In its 2016 report, Reporter without Borders unveils a "climate of fear and tension combined with increasing control over newsrooms by governments and private-sector interests.", while Amnesty International's report on the State of the World Human Rights states that “2016 was the year when the cynical use of ‘us vs them’ narratives of blame, hate and fear took on a global prominence to a level not seen since the 1930s. Too many politicians are answering legitimate economic and security fears with a poisonous and divisive manipulation of identity politics in an attempt to win votes”.
At the same time, the United Nations Statistics Division insist on the unprecedented literacy rate achieved by Mankind globally. Human beings have more and more things to say.
With this project, we present ProtestWear: a wearable DIY protest network build of inexpensive network gear and open source software. Its goal is to facilitate Freedom of Speech, enable Art sharing in countries where this Human Right is being challenged by authorities, and offer a customizable portable Anonymous Protest Network platform reliable and affordable enough to be built in third world countries and developed countries alike.
We introduce a new type of IMSI catcher which operates over WiFi. Whilst existing Stingray type IMSI catchers exploit 24G radio protocols to track movements of mobile subscribers, in this talk, we introduce a two new approaches to track mobile devices which exploit authentication protocols that operate over WiFi. These protocols are now widely implemented in most modern mobile OSes, allowing for the creation of a low cost (<25$) IMSI catcher.
We demonstrate how users may be tracked on range of smartphones and tablets including those running iOS, Android and other mobile OSs. This tracking can be performed silently and automatically without any interaction from the tracked user. We have developed a proof of concept system that demonstrates our IMSI catcher employing passive and active techniques.
Finally, we present guidelines for vendors and cellular network operators to mitigate the user privacy issues that arise.
The document discusses various malware techniques, including:
1) Devolving malware discusses getting unauthorized access to systems through social engineering and exploiting software vulnerabilities to gain shell access or sensitive files.
2) Password protected documents and embedded macros aim to trick users into enabling malicious macros that download and execute additional payloads like VBS scripts.
3) Several malware samples are described that use techniques like delayed execution, encoded payloads, and displaying decoy documents to evade detection in sandboxes and steal sensitive information from victims.
4) The document advocates copying code from other malware projects instead of writing original malware due to the time and effort required. User targeting, anti-sandbox tricks, and packers are also
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Windows Systems & Code Signing Protection by Paul RascagneresShakacon
This presentation explains the code signing mechanism (authenticode) developed by Microsoft on Windows systems. The presentation will first explain the kernel implication and the impact on driver development. This protection firstly annoyed rootkit developers but they found several ways to bypass it. Well-known rootkits such as Derusbi, Uroburos or GrayFish use tricks to bypass driver signature. These techniques will be described during the presentation. Finally, the user-land will be discussed with the new library injection protection based on code signing implemented in Windows 10 TH2 and especially for the Edge process.
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...Shakacon
Communication protocols are core to computing devices. They have evolved from the traditional Serial and LAN ports to complex (and lightweight) protocols of today, such as Bluetooth Low Energy (BLE), ANT+, ZigBee, etc.
Bluetooth Low Energy (BLE) is a popular protocol of choice for low energy, low performance computing systems. While versions of the BLE specification prior to 4.2 allowed simple key mechanisms to encrypt the communication between connected nodes, the more recent specification of BLE (4.2) provides better channel encryption via the Secure Simple Pairing (SSP) mode to protect data against snooping and man-in-the-middle style attacks. These protocols are used extensively by wearables such as smart watches and activity trackers.
Most wearables work in conjunction with a companion mobile application running on a platform that supports BLE with the aforementioned security mechanisms. We looked at Android and iOS for our study. We observe that there are fundamental assumptions (leading security limitations) in the adoption of the BLE security specifications on these two platforms. Relying on the standard BLE APIs for Android and iOS may be insufficient and may even project a false sense of security. It is critical to understand the degree of security that the BLE specifications can offer, and clearly separate that from the developers’ responsibility to design application level security in order to assure confidentiality and integrity of data being transmitted between a wearable device and its companion application.
The Search for the Perfect Door - Deviant OllamShakacon
You have spent lots of money on a high-grade, pick-resistant, ANSI-rated lock for your door. Your vendor has assured you how it will resist attack and how difficult it would be for someone to copy your key. Maybe they’re right. But… the bulk of attacks that both penetration testers and also criminals attempt against doors have little or nothing to do with the lock itself! This talk will be a hard-hitting exploration (full of photo and video examples) of the ways in which your door — the most fundamental part of your physical security — can possibly be thwarted by someone attempting illicit entry. The scary problems will be immediately followed by simple solutions that are instantly implementable and usually very within-budget. You, too, can have a near-perfect door… if you’re willing to learn and understand the problems that all doors tend to have.
At WWDC 2014, Apple introduced Swift, their revolutionary new programming language for the future. Swift promises unapologetic optimization, outstanding speed, and best-in-class language features. Swift is sleek, stunning, and already the most loved language on StackOverflow. Up until now, no reverse engineer has dissected the language or the artifacts it produces and presented their findings. However, since an hour long presentation discussing Swift class structure and string layouts would be painfully boring, this talk actually presents a systematic approach to binary reverse engineering new foreign ABIs using Swift as a case study. I’ll present approaches for identifying control structures and flow, recovering class layouts, mapping machine code patterns to higher level language constructs, and more!
This presentation will leave you with the knowledge and confidence needed to take on any ABIs – maybe even Haskell.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
3. Observation:
Different paths can produce the same result.
Thought experiment:
Can the inverse be true?
Can one path produce different results?
./intro
4. Observation:
Groups of (machine) instructions can often be reduced
x = x * 2
x = x + x
vs.
x = x * 4
Thought experiment:
How much could one program be reduced?
./intro
12. Removing all but the mov instruction from
future iterations of the x86 architecture
would have many advantages: the
instruction format would be greatly
simplified, the expensive decode unit
would become much cheaper, and silicon
currently used for complex functional
units could be repurposed as even more
cache. As long as someone else
implements the compiler.
- Stephen Dolan
21. Build on Dolan’s ideas
Adapt primitive TM operations for higher level logic
Work on actual data, not abstract symbols
Add new operations
If/else
Arithmetic
Logic
Jumps
Loops
Etc…
Bring it closer to something we can use
Idea…
24. The catch:
We have no branches
All paths execute, no matter what
Solution:
Force a path to operate on “dummy” data,
if we don’t want its results
Implementing if
25. IF X == Y THEN
X = 100
Implementing if
Selector
Data
Scratch
26. IF X == Y THEN
X = 100
Implementing if
Data
Scratch
⇐
⇐
Selector
27. IF X == Y THEN
X = 100
Implementing if
Data
Scratch
Selector
28. IF X == Y THEN
X = 100
Implementing if
Data
Scratch
⇐
⇐
Selector
29. IF X == Y THEN
X = 100
Implementing if
Data
Scratch
Selector
30. ; X == Y
mov eax, [X]
mov [eax], 0
mov eax, [Y]
mov [eax], 4
mov eax, [X]
; X = 100
mov eax, [SELECT_X + eax]
mov [eax], 100
Implementing if
64. How much can we simplify a program?
We’ve gotten rid of…
Functions
Loops
Branches
Arithmetic
… it’s an okay start.
Reduction
65. We have all the same instructions
mov
But they’re not all the ”same”
mov eax, edx
mov [100], bl
mov di, 0x1337
mov eax, [edx + 2 * ecx + 0x1094801]
Reduction
70. Simplify memory addressing
mov eax, [0x1234 + ecx + 8 * edx]
Use the M/o/Vfuscator ALU!
Calculate ecx + 8 * edx
Accumulate results in ecx
Result:
(dozens of mov ALU instructions)
mov eax, [0x1234 + ecx]
x86 addressing
71. No more register to register transfers.
No more constant to register transfers.
No more 8 or 16 bit instructions.
All memory accesses are of the form
[reg + constant]
mov instructions are now all
mov reg, [reg + constant]
or
mov [reg + constant], reg
Almost there.
72. We still use 8 registers!
Decrease to 2 by storing extras to
scratchpad memory
All mov instructions now
mov esi/edi, [esi/edi + constant]
or
mov [esi/edi + constant], esi/edi
Registers
73. Writes: mov [esi/edi + constant], esi/edi
Reads: mov esi/edi, [esi/edi + constant]
Alternate reads and writes
1 read, followed by 1 write,
followed by 1 read, followed by 1 write…
Insert dummy (unused) accesses
Alternating memory
76. Psuedo-registers
Instead of registers,
use memory to hold the register contents
esi becomes [0x890100]
edi becomes [0x890200]
Let’s call these memory locations
“psuedo-registers”
77. A ‘synthetic’ mov
With psuedo-registers, our movs look like
mov [0x890100],[[0x890200]+0x816d0e8]
At this point, we’re just moving values
to/from different locations in memory
… but this is no longer a valid x86 instruction
79. A ‘synthetic’ mov
Translate the old mov instructions
into the more generic MOVE instruction
mov esi,[edi+0x816d0e8]
becomes
MOVE [ *0x890100 + 0 ], [ *0x890200 + 0x816d0e8 ]
mov [edi+0x816d0e8], esi
becomes
MOVE [ *0x890200 + 0x816d0e8 ], [ *0x890100 + 0 ]
80. A ‘synthetic’ mov
Why is this useful?
All instructions now have exactly the same form.
81. Extracting the essence
MOVE [ *0x890100 + 0 ], [ *0x890200 + 0x816d0e8 ]
{ 0x890100, 0, 0x890200, 0x816d0e8 }
Extract all of the MOVE operands into a table.
82. We’ve distilled our entire C program
into a table describing
a long list of simple data transfers
Let’s write a program to
perform the actions described in the table
So now what?
83. Load the table into esi…
table:
0x890100, 0, 0x890200, 0x816d0e8
...
mov esi, table
94. The instruction sequence
executed by the processor
is the same for every program.
mov esi, table
loop:
mov ebx, [esi]
mov ebx, [ebx]
add ebx, [esi+4]
mov ebx, [ebx]
mov edx, [esi+8]
mov edx, [edx]
add edx, [esi+12]
mov [edx], ebx
mov esi, [esi+16]
jmp loop
95. 1.
If every program is the same,
malware detection gets a whole lot harder.
(demo)
Doing the same thing
(In practice)
Implications
96. 2.
Exploitation
“AVROP” (Mark Barnes, MWR Labs)
https://github.com/mwrlabs/avrop
AVR microcontroller (Raspberry Pi)
Harvard architecture: limited to ROP
Small memory: very few gadgets
Fortunately, all we need is mov.
Implications