The document discusses different archive formats and their relationships. It begins with an introduction to the presenter and then covers zlib, gzip, and zip file formats. Zlib and gzip both wrap deflate compression, but in different ways, so while the compressed data can be transferred between them, the formats are not directly compatible. Zip can use deflate but also other compression methods and a different one for each file. In conclusion, deflate is a common algorithm while the various formats wrap it with different headers and metadata.
Three tricks how to understand what's happening inside of .NET Core app running on Linux: perf, lttng and lldb. As unrelated bonus, last slides have a brief intro into Google Cloud Platform
Ange Albertini and Gynvael Coldwind: Schizophrenic Files – A file that thinks...Area41
As file format specs leave room for interpretation and sometimes are misunderstood or ignored by the programmers, some well-formed files may be interpreted inconsistently by different tools and libraries. As a result, this can be (ab)used for simple jokes, anti-forensics or to bypass sanitizers which might lead to data exfiltration.
Ange Albertini: Reverse Engineer, author of Corkami
Gynvael Coldwind: His main areas of interest are low-level security (kernel, OS, client), web security and reverse-engineering. Captain of Dragon Sector CTF team :) Currently working as an Information Security Engineer at Google.
Доклад рассказывает об устройстве и опыте применения инструментов динамического тестирования C/C++ программ — AddressSanitizer, ThreadSanitizer и MemorySanitizer. Инструменты находят такие ошибки, как использование памяти после освобождения, обращения за границы массивов и объектов, гонки в многопоточных программах и использования неинициализированной памяти.
Three tricks how to understand what's happening inside of .NET Core app running on Linux: perf, lttng and lldb. As unrelated bonus, last slides have a brief intro into Google Cloud Platform
Ange Albertini and Gynvael Coldwind: Schizophrenic Files – A file that thinks...Area41
As file format specs leave room for interpretation and sometimes are misunderstood or ignored by the programmers, some well-formed files may be interpreted inconsistently by different tools and libraries. As a result, this can be (ab)used for simple jokes, anti-forensics or to bypass sanitizers which might lead to data exfiltration.
Ange Albertini: Reverse Engineer, author of Corkami
Gynvael Coldwind: His main areas of interest are low-level security (kernel, OS, client), web security and reverse-engineering. Captain of Dragon Sector CTF team :) Currently working as an Information Security Engineer at Google.
Доклад рассказывает об устройстве и опыте применения инструментов динамического тестирования C/C++ программ — AddressSanitizer, ThreadSanitizer и MemorySanitizer. Инструменты находят такие ошибки, как использование памяти после освобождения, обращения за границы массивов и объектов, гонки в многопоточных программах и использования неинициализированной памяти.
Optimizing Parallel Reduction in CUDA : NOTESSubhajit Sahu
Highlighted notes on Optimizing Parallel Reduction in CUDA
While doing research work under Prof. Dip Banerjee, Prof. Kishore Kothapalli.
Interesting optimizations, i should try these soon as PageRank is basically lots of sums.
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
Open Enea Linux workshop at the Embedded Conference Scandinavia 2014EneaSoftware
Open Enea Linux (http://www.openenealinux.org) is a binary distribution based on the poky example distro from the Yocto Project. The concept is to make embedded devices easy to use, adapt and extend with a simple flick of the package-manager.
At ECS we held a workshop on BeagleBone Black demonstrating the ease of customizing the distro, installing a toolchain and doing remote debugging.
OSSNA 2017 Performance Analysis Superpowers with Linux BPFBrendan Gregg
Talk by Brendan Gregg for OSSNA 2017. "Advanced performance observability and debugging have arrived built into the Linux 4.x series, thanks to enhancements to Berkeley Packet Filter (BPF, or eBPF) and the repurposing of its sandboxed virtual machine to provide programmatic capabilities to system tracing. Netflix has been investigating its use for new observability tools, monitoring, security uses, and more. This talk will be a dive deep on these new tracing, observability, and debugging capabilities, which sooner or later will be available to everyone who uses Linux. Whether you’re doing analysis over an ssh session, or via a monitoring GUI, BPF can be used to provide an efficient, custom, and deep level of detail into system and application performance.
This talk will also demonstrate the new open source tools that have been developed, which make use of kernel- and user-level dynamic tracing (kprobes and uprobes), and kernel- and user-level static tracing (tracepoints). These tools provide new insights for file system and storage performance, CPU scheduler performance, TCP performance, and a whole lot more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations."
Valerio Di Giampietro - Introduction To IoT Reverse Engineering with an examp...linuxlab_conf
Introduction to firmware reverse engineering process of IoT devices. The process, described with an example on a home router, is based on Information Gathering of hardware and software, Building of an Emulation Environment to run binaries, and Techniques to analyze, hack and modify the firmware.
The introduction to firmware reverse engineering process is described with a real example, done by the author, on a recent home router with the target to load a modified firmware overcoming the router protection that doesn’t allow loading of unsigned firmware (ref: https://github.com/digiampietro/adbtools2 )
The process described is based on:
Information Gathering hw: identify main device components (CPU, Flash, SDRAM, main components) hw: locate UART and JTAG interfaces hw tools: Bus Pirate, OpenOCD, Jtagulator sw: get os image file or firmware file sw tools: strings, file, binwalk, dd, jefferson, uncramfs etc. identification of CPU, Flash, RAM, kernel version, C library, toolchain used etc. identification of Original Manufacturer and Original Firmware Manufacturer Emulation Environment using QEMU select a QEMU machine and CPU reasonably similar to the IoT device (same CPU, similar kernel version, similar modules and libraries) select a tool to build the kernel and the root file system (brief description of Yocto Project, Buildroot and OpenWRT build system). Buildroot will be used in the example and described in more detail Buildroot and kernel configuration, generation of root file system with binaries and libraries with debugging information Overcoming obstacles created by the firmware manufacturer Running interesting binaries in the emulated environment Use tools like strace, ltrace, gdb to reverse engineer the most interesting binaries Analyze how the device works the firmware upgrade process CLI and Web interface analisys main processes analisys finding vulnerabilities hacking into the system hack the firmware upgrade process replace the original firmware Create a Firmware Modification Kit to simplify the firmware modification process.
Lustre Generational Performance Improvements & New Featuresinside-BigData.com
In this video from LAD'17 in Paris, Adam Roe from Intel presents: Lustre Generational Performance Improvements & New Features.
"Lustre has had a number of compelling new features added in recent releases; this talk will look at those features in detail and see how well they all work together from both a performance and functionality perspective. Comparing some of the numbers from last year we will see how far the Lustre* filesystem has come in such a short period of time (LAD’16 to LAD’17), comparing the same use cases observing the generational improvements in the technology."
Watch the video: https://wp.me/p3RLHQ-i1h
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
My presentation in LinuxCon/CloudOpen Japan 2014.
It has passed few days since GlusterFS 3.5 released so feel free to correct me if you find my mistakes or misunderstandings. Thanks.
HKG15-401: Ceph and Software Defined Storage on ARM serversLinaro
HKG15-401: Ceph and Software Defined Storage on ARM servers
---------------------------------------------------
Speaker: Yazen Ghannam Steve Capper
Date: February 12, 2015
---------------------------------------------------
★ Session Summary ★
Running Ceph in the colocation, ongoing optimizations
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250828
Video: https://www.youtube.com/watch?v=RdZojLL7ttk
Etherpad: http://pad.linaro.org/p/hkg15-401
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Chapter 1
Syllabus
Catalog Description: Computer structure, machine representation of data,
addressing and indexing, computation and control instructions, assembly
language and assemblers; procedures (subroutines) and data segments,
linkages and subroutine calling conventions, loaders; practical use of an
assembly language for computer implementation of illustrative examples.
Course Goals
0 Knowledge of the basic structure of microcomputers - registers, mem-
ory, addressing I/O devices, etc.
1 Knowledge of most non-privileged hardware instructions for the Ar-
chitecture being studied.
2 Ability to write small programs in assembly language
3 Knowledge of computer representations of data, and how to do simple
arithmetic in binary & hexadecimal, including conversions
4 Being able to implementing a moderately complicated algorithm in
assembler, with emphasis on efficiency.
5 Knowledge of procedure calling conventions and interfacing with high-
level languages.
Optional Text: Kip Irvine, Assembly Language for the IBM PC, Prentice
Hall, 4th or 5th edition
1
Additional References: Intel and DOS API documentation as presented
in Intel publications and online at www.x86.org; lecture notes (to be sup-
plied as we go).
Prerequisites by Topic. Working knowledge of some programming lan-
guage (102/103: C/C++); Minimal programming experience
Major Topics Covered in the Course:
1 Low-level and high-level languages; why learn assembler?
2 How does one study a new computer: the CPU, memory, addressing
modes, operation modes.
3 History of the Intel family of microprocessors.
4-5 Registers; simple arithmetic instructions; byte order; Arithmetic and
logical operations.
6 Implementing longer integer type support; carry and overflow.
7 Shifts, multiplication and division.
8 Memory layout.
9 Direct video memory access; discussion of the first project.
10 Assembler syntax; how to use the tools.
11-13 Conditional & unconditional jumps; loops; emulating high-level lan-
guage constructions; Stack; call and return; procedures
14-15 String instructions: effcient memory-to-memory operations.
16 Interrupts overview: interrupt table; how do interrupts work; classif-
cation.
17 Summary of the most important interrupts.
18-20 DOS interrupt; File I/O functions; file-copy program; discussion of
the second project
21 Interrupt handlers; keyboard drivers; timer-driven processes; viruses
and virus-protection software.
2
22 Debug interrupts; how do debuggers and profilers work.
23-24 (Optional).interfacing with high level languages; Protected mode fun-
damentals
Grading The grading is based on two projects, midterm project is 49%
and the final is 51%. Please note that the projects are individual, submitting
projects that are similar to submissions of others and/or are essentially
downloads from the Web would result in a fail.
Office Hours My hours this term for CSc 210 will be 3:45 ¶Ł 4:45 on
Mondays.
Zoom links:
11am https://ccny.zoom.us/j/8 ...
"Technical challenges"? More like horrors!
Let's explore first the technical debt of old file formats,
with the evolution of the "MP3" format.
Then we go through more recent forms of file format abuses and tools:
polyglots, polymocks, and crypto-polyglots.
Last, an overview of recent collisions and other forms of art with MD5.
They say that with file formats, "specs are enough".
Should we laugh, cry or run away screaming?
Presented at Digital Preservation Coalition's CyberSec & DigiPres event.
Optimizing Parallel Reduction in CUDA : NOTESSubhajit Sahu
Highlighted notes on Optimizing Parallel Reduction in CUDA
While doing research work under Prof. Dip Banerjee, Prof. Kishore Kothapalli.
Interesting optimizations, i should try these soon as PageRank is basically lots of sums.
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
Open Enea Linux workshop at the Embedded Conference Scandinavia 2014EneaSoftware
Open Enea Linux (http://www.openenealinux.org) is a binary distribution based on the poky example distro from the Yocto Project. The concept is to make embedded devices easy to use, adapt and extend with a simple flick of the package-manager.
At ECS we held a workshop on BeagleBone Black demonstrating the ease of customizing the distro, installing a toolchain and doing remote debugging.
OSSNA 2017 Performance Analysis Superpowers with Linux BPFBrendan Gregg
Talk by Brendan Gregg for OSSNA 2017. "Advanced performance observability and debugging have arrived built into the Linux 4.x series, thanks to enhancements to Berkeley Packet Filter (BPF, or eBPF) and the repurposing of its sandboxed virtual machine to provide programmatic capabilities to system tracing. Netflix has been investigating its use for new observability tools, monitoring, security uses, and more. This talk will be a dive deep on these new tracing, observability, and debugging capabilities, which sooner or later will be available to everyone who uses Linux. Whether you’re doing analysis over an ssh session, or via a monitoring GUI, BPF can be used to provide an efficient, custom, and deep level of detail into system and application performance.
This talk will also demonstrate the new open source tools that have been developed, which make use of kernel- and user-level dynamic tracing (kprobes and uprobes), and kernel- and user-level static tracing (tracepoints). These tools provide new insights for file system and storage performance, CPU scheduler performance, TCP performance, and a whole lot more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations."
Valerio Di Giampietro - Introduction To IoT Reverse Engineering with an examp...linuxlab_conf
Introduction to firmware reverse engineering process of IoT devices. The process, described with an example on a home router, is based on Information Gathering of hardware and software, Building of an Emulation Environment to run binaries, and Techniques to analyze, hack and modify the firmware.
The introduction to firmware reverse engineering process is described with a real example, done by the author, on a recent home router with the target to load a modified firmware overcoming the router protection that doesn’t allow loading of unsigned firmware (ref: https://github.com/digiampietro/adbtools2 )
The process described is based on:
Information Gathering hw: identify main device components (CPU, Flash, SDRAM, main components) hw: locate UART and JTAG interfaces hw tools: Bus Pirate, OpenOCD, Jtagulator sw: get os image file or firmware file sw tools: strings, file, binwalk, dd, jefferson, uncramfs etc. identification of CPU, Flash, RAM, kernel version, C library, toolchain used etc. identification of Original Manufacturer and Original Firmware Manufacturer Emulation Environment using QEMU select a QEMU machine and CPU reasonably similar to the IoT device (same CPU, similar kernel version, similar modules and libraries) select a tool to build the kernel and the root file system (brief description of Yocto Project, Buildroot and OpenWRT build system). Buildroot will be used in the example and described in more detail Buildroot and kernel configuration, generation of root file system with binaries and libraries with debugging information Overcoming obstacles created by the firmware manufacturer Running interesting binaries in the emulated environment Use tools like strace, ltrace, gdb to reverse engineer the most interesting binaries Analyze how the device works the firmware upgrade process CLI and Web interface analisys main processes analisys finding vulnerabilities hacking into the system hack the firmware upgrade process replace the original firmware Create a Firmware Modification Kit to simplify the firmware modification process.
Lustre Generational Performance Improvements & New Featuresinside-BigData.com
In this video from LAD'17 in Paris, Adam Roe from Intel presents: Lustre Generational Performance Improvements & New Features.
"Lustre has had a number of compelling new features added in recent releases; this talk will look at those features in detail and see how well they all work together from both a performance and functionality perspective. Comparing some of the numbers from last year we will see how far the Lustre* filesystem has come in such a short period of time (LAD’16 to LAD’17), comparing the same use cases observing the generational improvements in the technology."
Watch the video: https://wp.me/p3RLHQ-i1h
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
My presentation in LinuxCon/CloudOpen Japan 2014.
It has passed few days since GlusterFS 3.5 released so feel free to correct me if you find my mistakes or misunderstandings. Thanks.
HKG15-401: Ceph and Software Defined Storage on ARM serversLinaro
HKG15-401: Ceph and Software Defined Storage on ARM servers
---------------------------------------------------
Speaker: Yazen Ghannam Steve Capper
Date: February 12, 2015
---------------------------------------------------
★ Session Summary ★
Running Ceph in the colocation, ongoing optimizations
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250828
Video: https://www.youtube.com/watch?v=RdZojLL7ttk
Etherpad: http://pad.linaro.org/p/hkg15-401
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Chapter 1
Syllabus
Catalog Description: Computer structure, machine representation of data,
addressing and indexing, computation and control instructions, assembly
language and assemblers; procedures (subroutines) and data segments,
linkages and subroutine calling conventions, loaders; practical use of an
assembly language for computer implementation of illustrative examples.
Course Goals
0 Knowledge of the basic structure of microcomputers - registers, mem-
ory, addressing I/O devices, etc.
1 Knowledge of most non-privileged hardware instructions for the Ar-
chitecture being studied.
2 Ability to write small programs in assembly language
3 Knowledge of computer representations of data, and how to do simple
arithmetic in binary & hexadecimal, including conversions
4 Being able to implementing a moderately complicated algorithm in
assembler, with emphasis on efficiency.
5 Knowledge of procedure calling conventions and interfacing with high-
level languages.
Optional Text: Kip Irvine, Assembly Language for the IBM PC, Prentice
Hall, 4th or 5th edition
1
Additional References: Intel and DOS API documentation as presented
in Intel publications and online at www.x86.org; lecture notes (to be sup-
plied as we go).
Prerequisites by Topic. Working knowledge of some programming lan-
guage (102/103: C/C++); Minimal programming experience
Major Topics Covered in the Course:
1 Low-level and high-level languages; why learn assembler?
2 How does one study a new computer: the CPU, memory, addressing
modes, operation modes.
3 History of the Intel family of microprocessors.
4-5 Registers; simple arithmetic instructions; byte order; Arithmetic and
logical operations.
6 Implementing longer integer type support; carry and overflow.
7 Shifts, multiplication and division.
8 Memory layout.
9 Direct video memory access; discussion of the first project.
10 Assembler syntax; how to use the tools.
11-13 Conditional & unconditional jumps; loops; emulating high-level lan-
guage constructions; Stack; call and return; procedures
14-15 String instructions: effcient memory-to-memory operations.
16 Interrupts overview: interrupt table; how do interrupts work; classif-
cation.
17 Summary of the most important interrupts.
18-20 DOS interrupt; File I/O functions; file-copy program; discussion of
the second project
21 Interrupt handlers; keyboard drivers; timer-driven processes; viruses
and virus-protection software.
2
22 Debug interrupts; how do debuggers and profilers work.
23-24 (Optional).interfacing with high level languages; Protected mode fun-
damentals
Grading The grading is based on two projects, midterm project is 49%
and the final is 51%. Please note that the projects are individual, submitting
projects that are similar to submissions of others and/or are essentially
downloads from the Web would result in a fail.
Office Hours My hours this term for CSc 210 will be 3:45 ¶Ł 4:45 on
Mondays.
Zoom links:
11am https://ccny.zoom.us/j/8 ...
"Technical challenges"? More like horrors!
Let's explore first the technical debt of old file formats,
with the evolution of the "MP3" format.
Then we go through more recent forms of file format abuses and tools:
polyglots, polymocks, and crypto-polyglots.
Last, an overview of recent collisions and other forms of art with MD5.
They say that with file formats, "specs are enough".
Should we laugh, cry or run away screaming?
Presented at Digital Preservation Coalition's CyberSec & DigiPres event.
You are *not* an idiot ~ or maybe we're all idiots.
Keynote at NorthSec 2021.
Talking about school, failure, success, diploma, impostor syndrom, manipulators, burn out, suicide, and how to deal with them.
The talk delivery was more personal, the slides are kept generic.
The recording is available @ https://youtu.be/Iu70J49bPlE?t=20869 (starts at 5:47:49)
Demystifying hash collisions.
Pass the Salt, 1st July 2019.
video @ https://passthesalt.ubicast.tv/videos/kill-md5-demystifying-hash-collisions/
Hack.Lu, 22 October 2019.
video @ https://www.youtube.com/watch?v=JXazRQ0APpI
Beyond your studies ~ You studied X at Y. now what?
HackPra, July 2018
A student's life ago, the author somehow managed to graduate.
On the way, he made a lot of mistakes -- and he still does.
A few people since called him 'successful', but LOL, if only they knew....
And now, the author will do another (big!) mistake:
instead of hiding in shame as he probably should,
he'll share his mistakes with anyone bored enough to attend,
in the hope that he's the last person to ever look that dumb to commit such mistakes.
If you're a genius and you know what to do in life, please skip this. Seriously.
If, like the author at the time, you wonder WTF is going on with graduation, professional work and life, then hopefully you learn a few things. Maybe.
Btw the author is 42 (WTF - old!).
Maybe that will help to provide a few answers.
Presented at Troopers 2016.
When Infosec and Digipres share interests...
TL;DR
- Attack surface with file formats is too big.
- Specs are useless (just a nice ‘guide’), not representing reality.
- We can’t deprecate formats because we can’t preserve and we can’t define how they really work
- We need open good libraries to simplify landscape, and create a corpus to express the reality of file format, which gives us real “documentation”.
- Then we can preserve and deprecate older format, which reduces attack surface.
- From then on, we can focus on making the present more secure.
- We don't need new formats: reality will diverge from the specs anyway - we need 'alive' (up to date, traceable) specs.
AKA "How people can create better video games via hacks"
Presented at Hack.Lu's Cryptoparty4kids 2015
Fallback slides: this was actually presented with videos and sound
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
3. - reverse engineering since 1989
- author of Corkami
- File Formats For Ever
at PoC or GTFO
- malware analysis
- infosec engineer
About the author
my license plate is a CPU,
my phone case is a PDF doc,
my PDF resume is a SNES/MD rom.
My own views
and opinions.
3
4. Tl:Dr;
A lot of confusion regarding Zlib/Gzip/Zip/Deflate.
Is Deflate “Zip’s algorithm” ?
This deck is not about explaining compression algorithms.
THE CURRENT SLIDE IS AN
A CORKAMI ORIGINAL PRODUCTION
HONEST TALK TRAILER
zlib — Compression compatible with gzip
4
5. Standards timeline
1989-2020 Zip file format (AppNote)
1996/05 - RFC 1950 - Zlib Compressed Data Format Specification
1996/05 - RFC 1951 - Deflate Compressed Data Format Specification
1996/05 - RFC 1952 - Gzip file format
Zip is much older.
All related RFCs were submitted together, which is confusing.
5
7. Zip supports a lot more than Deflate
Since 1992,
Deflate is ZIP’s standard ‘generic’ compression.
Some tools only support Deflate (and reject other methods):
-> using older compressions is an easy security bypass.
7
8. Ok, we know that Deflate is
one of Zip’s algorithm
The standard one
8
10. The minimal Deflate stream
Deflate stream of an empty stream:
Tiny, but already complex for empty data!
03 00
Deflate data:
- Last/Type
- Length
True/Dynamic Huffman
0
00 01
01 00 00 FF FF
Deflate data:
- Last/Type
- Length
- !Length
True/No Compression
0
-1
00 01 02 03 04
Compressed form
Raw form
10
11. Zip Store method
Pure raw data - the original file as-is.
(useful to keep payloads still useable)
Zip Storing is not the same as
Deflate with no compression.
Last/Type
Length
!Length
True/NC
0
0xFFFF
Zip-Stored empty string “”
Deflate-stored empty string: 01 00 00 FF FF
The other standard ZIP method.
“No Compression”.
11
13. A minimal Zlib stream (simplified)
78 DA 03 00 00 00 00 01
00 01 02 03 04 05 06 07
[4 bits]
Method
[1 byte]
Deflate data
[4 bytes]
Simplified contents:
- Some parameters
- including the Compression Method
- Deflate data
- a footer
Always 2 bytes before, 4 bytes after.
13
14. A minimal Zlib stream
78 DA 03 00 00 00 00 01
00 01 02 03 04 05 06 07
Window Size
Method
Flags
Checksum
Deflate data:
- Last/Type
- Length
Adler32
7 = 32Kb
8 = Deflate
No Dictionary Extra
0x78DA % 31 = 0
True/Dynamic Huffman
0
0x00000001
CM (Compression method)
This identifies the compression method used in the file. CM = 8
denotes the "deflate" compression method with a window size up
to 32K. This is the method used by gzip and PNG (see
references [1] and [2] in Chapter 3, below, for the reference
documents). CM = 15 is reserved. It might be used in a future
version of this specification to indicate the presence of an
extra field before the compressed data.
14
15. 0x
1x
1F 8B 08 00 00 00 00 00 02 FF 03 00 00 00 00 00
00 00 00 00
0 1 2 3 4 5 6 7 8 9 A B C D E F
[2 bytes]
Compression Method
[variable]
Deflate data
[8 bytes]
A minimal Gzip archive
Compression method is always 08 (Deflate).
15
1F 8B
8 = Deflate
CM (Compression Method)
This identifies the compression method used in the file. CM
= 0-7 are reserved. CM = 8 denotes the "deflate"
compression method, which is the one customarily used by
gzip and which is documented elsewhere.
16. In details…
0x
1x
1F 8B 08 00 00 00 00 00 02 FF 03 00 00 00 00 00
00 00 00 00
0 1 2 3 4 5 6 7 8 9 A B C D E F
Magic
Method
Flags
ModTime
Extra Flags
OS
Deflate data:
- Last/Type
- Length
CRC32
lenUncomp
Some fixed length information is required before and after the Deflate data.
FileName, Comments, Extra Field are variable and optional (not used here).
16
1F 8B
8 = Deflate
None
0/0/1980 00:00
Max compression
Unknown
True/Dynamic Huffman
0
0x00000000
0
17. Zlib <-> Gzip
2 different ways to store a Deflate data stream.
Both with data before and after.
The compressed data can be tranferred,
but both formats aren’t compatible.
17
18. 78 DA 03 00 00 00 00 01
0 1 2 3 4 5 6 7
[4 bits]
Method
[1 byte]
Deflate data
[4 bytes]
8 = Deflate
0x
1x
1F 8B 08 00 00 00 00 00 02 FF 03 00 00 00 00 00
00 00 00 00
0 1 2 3 4 5 6 7 8 9 A B C D E F
[2 bytes]
Method
[variable]
Deflate data
[8 bytes]
8 = Deflate
Zlib data stream
GZip “member”
Deflate data
18
19. 78 DA 03 00 00 00 00 01
0 1 2 3 4 5 6 7
Window Size
Method
Flags
Checksum
Deflate data:
- Last/Type
- Length
Adler32
7 = 32Kb
8 = Deflate
No Dictionary Extra
0x78DA % 31 = 0
True/Dynamic Huffman
0
0x00000001
0x
1x
1F 8B 08 00 00 00 00 00 02 FF 03 00 00 00 00 00
00 00 00 00
0 1 2 3 4 5 6 7 8 9 A B C D E F
Magic
Method
Flags
ModTime
Extra Flags
OS
Deflate data:
- Last/Type
- Length
CRC32
lenUncomp
1F 8B
8 = Deflate
None
0/0/1980 00:00
Max compression
Unknown
True/Dynamic Huffman
0
0x00000000
0
Zlib data stream
GZip “member”
Deflate data
19
22. Disambiguation
Deflate is a compression algorithm.
Zip usually uses Deflate, but not necessarily.
Zlib and Gzip are both wrapping only Deflate,
but in a different way.
Same exchangeable data, but no direct compatibility.
22
24. 3 different wrappers around Deflate
Zlib GZIP
member
ZIP
Local
File
Header
Store
Deflate64
Bzip2…
Deflate
25. Conclusion
Deflate is a very standard compression algorithm.
Zip can use Deflate, but other algorithms too (Storing…)
Zip can use a different compression per file.
Zlib is a wrapper around a Deflate stream.
A Gzip member is a wrapper around a Deflate stream.
A Gzip file is one or more members.
25
26. Moving data around
Deflate data can be moved from/to:
- Zlib
- Gzip
- Zip using Deflate
2 bytes before // 4 bytes after.
Variable header // 8 bytes after.
26
32. A Gzip file (with a filename before the Deflate data) 32
33. Magic
Method
Flags
ModTime
Extra Flags
OS
Extra Field:
- Size16
- SubField:
- Type
- Size16
- Data
Filename
- Data
Comment
- Data
Deflate data:
- Last/Type
- Length
- !Length
- Data
CRC32
lenUncomp
1F 8B 08 1C 26 F7 4F 62 00 FF 14 00 G Z 10 00
e x t r a f i e l d d a t a
f i l e n a m e 0 c o m m e n t
0 01 0C 00 F3 FF H e l l o W o r l
d ! A3 1C 29 1C 0C 00 00 00
Extra Field, Filename, Comment: set in Flags
stored between OS and Deflate data.
Filename & Comment: Null-terminated.
Extra field: Size16 first, then SubFields
0x
1x
2x
3x
4x
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
1F 8B
8 = Deflate
Extra Field, Filename, Comment
1980/4/8 10:49
None
Unknown
20
GZ
16
“extra field data”
“filename0”
“comment0”
True/Raw
12
0xFFF3
Hello World!
0x1c291ca3
12
33
A full-featured GZIP 4 8 10
TEXT and CRC16 are
not usually supported
36. How can you prove
that it’s the same data?
Make files that are both simultaneously,
with the Deflate data in common 😱😉
ZGip: Zip/Gzip polyglots, with shared Deflate data.
36
37. ∂ ∂ ∂ ∂ ∂ ∂ ∂ ∂ ∂
The End G
2
D2
E1
T1
A1
E1
B3
G2
Z10
I1
P3
L1
I1
F4