This presentation is intended to provide an overview of vulnerabilities and attack techniques that are popular in penetration testing at the moment. This talk includes real-world examples of attacks that they use on a daily basis, and some reflections on what techniques have changed over the last year. Vulnerabilities related to the application, network, and server layers will all be covered along with current anti-virus bypass and privilege escalation techniques used by attackers and penetration testers. This presentation should be interesting to security professionals and system administrators looking for more insight into real world attacks.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation is intended to provide an overview of vulnerabilities and attack techniques that are popular in penetration testing at the moment. This talk includes real-world examples of attacks that they use on a daily basis, and some reflections on what techniques have changed over the last year. Vulnerabilities related to the application, network, and server layers will all be covered along with current anti-virus bypass and privilege escalation techniques used by attackers and penetration testers. This presentation should be interesting to security professionals and system administrators looking for more insight into real world attacks.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_F16.shtml
This presentation is intended to provide an overview of vulnerabilities and attack techniques that are popular in penetration testing at the moment. Vulnerabilities related to the application, network, and server layers will be covered along with current anti-virus bypass and privilege escalation techniques used by attackers and penetration testers. This presentation should be interesting to security professionals and system administrators looking for more insight into real world attacks. Karl Fosaaen and I put this together for Secure 360 in Minneapolis. We hope you enjoy it.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
The Dark Side of PowerShell by George DobreaEC-Council
PowerShell is now a ‘mandatory-to-use’ tool for IT professionals in order to automate administration of the Windows OS and applications, including Azure and Nano Server. Unfortunately, threat actors have recently taken advantage of this powerful scripting language just because PowerShell it’s already installed on your Windows machines, trusted by Admins and most AntiVirus tools! The session presents the steps that should get you starting on (Ethical) Hacking and Pen Testing with PowerShell and some new techniques like JEA (Just Enough Administration) that a defender can use in order to limit the effectiveness of PowerShell attacks.
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Matt Oh, Microsoft
We are seeing new technique used everyday by malware. But, it is very hard to find any impressive techniques used in the wild. Recently there was huge buzz about Detrahere malware which used internally known issues with certificate signing in Windows 10 kernel driver. Even though the certificate check bypass technique itself is very interesting, also I found that the tactics used by the malware is more impressive. Even though the malware is mainly focused on Ad-hijacking functionality through Netfilter driver installation, but it also has rootkit ability through file system driver hooking. This feels like old days coming back with various new arsenals. The rootkit detects kernel debugging settings and will destroy the system when it finds one. The unpacking process can be very challenging job, too as it uses kernel driver image hollowing technique (something similar to process hollowing) to deobfuscate itself and run unpacked code. Our patchguard doesn't seem like triggering on this action, because all the sections are pre-allocated with execute permission already.
Through this talk, I want to present various techniques used by this malware focusing on the kernel level obfuscation and anti-analysis tactics. This will give us new insights on how new Windows rootkit malware might look like in the future and how detecting them from security systems and detonation systems can be a challenge.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...The Linux Foundation
Docker and other container runtimes are gathering momentum and becoming the new industry standard for server applications. Linux namespaces, commonly used to run Docker apps, come with a large surface of attack which is difficult to reduce. Intel’s Clear Containers use KVM to run containers as VMs to provide additional isolation. It is possible to provide VM-like isolation for containers without sacrificing performance.
This talk focuses on the benefits of using Xen to provide an execution environment for Docker apps. The presentation starts by listing the requirements of this environment. It explains why monitoring container syscalls is important and what its security benefits are. The talk introduces a new paravirtualized protocol to virtualize IP sockets and provides the design and implementation details. The presentation clarifies the impact of the new protocol from a security perspective. The discussion concludes by comparing performance figures with the traditional PV network frontend and backend drivers in Linux, explaining the reasons for any performance gaps.
Niek Timmers, Riscure B.V.
Cristofaro Mune, Independent Embedded Security Consultant
Fault injection attacks have been historically perceived as high-end attacks not available to most hackers. They used to require expensive tooling and a mysterious mix of skills which resulted them being out of reach for even the most skilled attackers. These days are over as low-cost fault injection tooling is changing the capabilities of the hacking masses at a rapid pace.
Historically, fault injection attacks are used to break cryptographic implementation (e.g. Differential Fault Analysis) or bypassing security checks like performed by a pin verification function. However, nothing prevents them to be used on richer systems like embedded devices or IoT devices. Fault injection attacks can be used to change the intended behavior of hardware and software, due, among the others, to corrupted memory reads and instructions execution.
In this talk we show that fault injection attacks and, more specifically, voltage fault injection, allow escalating privileges from an unprivileged context, in absence of logically exploitable software vulnerabilities. This is demonstrated using practical examples where the control flow of the Linux kernel is influenced in order to gain root privileges. All practical examples are performed on a fully patched Linux operating system, executed by a fast and feature rich System-on-Chip. A live demonstration of Fault Injection is part of the talk.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_F16.shtml
This presentation is intended to provide an overview of vulnerabilities and attack techniques that are popular in penetration testing at the moment. Vulnerabilities related to the application, network, and server layers will be covered along with current anti-virus bypass and privilege escalation techniques used by attackers and penetration testers. This presentation should be interesting to security professionals and system administrators looking for more insight into real world attacks. Karl Fosaaen and I put this together for Secure 360 in Minneapolis. We hope you enjoy it.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
The Dark Side of PowerShell by George DobreaEC-Council
PowerShell is now a ‘mandatory-to-use’ tool for IT professionals in order to automate administration of the Windows OS and applications, including Azure and Nano Server. Unfortunately, threat actors have recently taken advantage of this powerful scripting language just because PowerShell it’s already installed on your Windows machines, trusted by Admins and most AntiVirus tools! The session presents the steps that should get you starting on (Ethical) Hacking and Pen Testing with PowerShell and some new techniques like JEA (Just Enough Administration) that a defender can use in order to limit the effectiveness of PowerShell attacks.
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Matt Oh, Microsoft
We are seeing new technique used everyday by malware. But, it is very hard to find any impressive techniques used in the wild. Recently there was huge buzz about Detrahere malware which used internally known issues with certificate signing in Windows 10 kernel driver. Even though the certificate check bypass technique itself is very interesting, also I found that the tactics used by the malware is more impressive. Even though the malware is mainly focused on Ad-hijacking functionality through Netfilter driver installation, but it also has rootkit ability through file system driver hooking. This feels like old days coming back with various new arsenals. The rootkit detects kernel debugging settings and will destroy the system when it finds one. The unpacking process can be very challenging job, too as it uses kernel driver image hollowing technique (something similar to process hollowing) to deobfuscate itself and run unpacked code. Our patchguard doesn't seem like triggering on this action, because all the sections are pre-allocated with execute permission already.
Through this talk, I want to present various techniques used by this malware focusing on the kernel level obfuscation and anti-analysis tactics. This will give us new insights on how new Windows rootkit malware might look like in the future and how detecting them from security systems and detonation systems can be a challenge.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...The Linux Foundation
Docker and other container runtimes are gathering momentum and becoming the new industry standard for server applications. Linux namespaces, commonly used to run Docker apps, come with a large surface of attack which is difficult to reduce. Intel’s Clear Containers use KVM to run containers as VMs to provide additional isolation. It is possible to provide VM-like isolation for containers without sacrificing performance.
This talk focuses on the benefits of using Xen to provide an execution environment for Docker apps. The presentation starts by listing the requirements of this environment. It explains why monitoring container syscalls is important and what its security benefits are. The talk introduces a new paravirtualized protocol to virtualize IP sockets and provides the design and implementation details. The presentation clarifies the impact of the new protocol from a security perspective. The discussion concludes by comparing performance figures with the traditional PV network frontend and backend drivers in Linux, explaining the reasons for any performance gaps.
Niek Timmers, Riscure B.V.
Cristofaro Mune, Independent Embedded Security Consultant
Fault injection attacks have been historically perceived as high-end attacks not available to most hackers. They used to require expensive tooling and a mysterious mix of skills which resulted them being out of reach for even the most skilled attackers. These days are over as low-cost fault injection tooling is changing the capabilities of the hacking masses at a rapid pace.
Historically, fault injection attacks are used to break cryptographic implementation (e.g. Differential Fault Analysis) or bypassing security checks like performed by a pin verification function. However, nothing prevents them to be used on richer systems like embedded devices or IoT devices. Fault injection attacks can be used to change the intended behavior of hardware and software, due, among the others, to corrupted memory reads and instructions execution.
In this talk we show that fault injection attacks and, more specifically, voltage fault injection, allow escalating privileges from an unprivileged context, in absence of logically exploitable software vulnerabilities. This is demonstrated using practical examples where the control flow of the Linux kernel is influenced in order to gain root privileges. All practical examples are performed on a fully patched Linux operating system, executed by a fast and feature rich System-on-Chip. A live demonstration of Fault Injection is part of the talk.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupEC-Council
When the iPhone was first released, the security of its data was…not as good as it should’ve been. But with every release since then, data security has improved, until now it’s the subject of court cases and CNN panel discussions.
But how exactly does it work, anyway? Sure, it uses “encryption,” but what does that really mean, and just how far can we trust it?
I try to explain, in simple terms and with useful diagrams, just how the complex encryption models on iOS work. Based on published research and Apple’s own documentation, I show where there are things we don’t know, or don’t quite understand, and describe iOS protects (or doesn’t) against forensics, law enforcement, and hackers.
Private sector cyber resilience and the role of data diodesOllie Whitehouse
This whitepaper intended for enterprise architects and cyber security professionals looks at the role of data diodes in modern network design and operation.
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_F19.shtml
EuroBSDcon 2017 System Performance Analysis MethodologiesBrendan Gregg
keynote by Brendan Gregg. "Traditional performance monitoring makes do with vendor-supplied metrics, often involving interpretation and inference, and with numerous blind spots. Much in the field of systems performance is still living in the past: documentation, procedures, and analysis GUIs built upon the same old metrics. Modern BSD has advanced tracers and PMC tools, providing virtually endless metrics to aid performance analysis. It's time we really used them, but the problem becomes which metrics to use, and how to navigate them quickly to locate the root cause of problems.
There's a new way to approach performance analysis that can guide you through the metrics. Instead of starting with traditional metrics and figuring out their use, you start with the questions you want answered then look for metrics to answer them. Methodologies can provide these questions, as well as a starting point for analysis and guidance for locating the root cause. They also pose questions that the existing metrics may not yet answer, which may be critical in solving the toughest problems. System methodologies include the USE method, workload characterization, drill-down analysis, off-CPU analysis, chain graphs, and more.
This talk will discuss various system performance issues, and the methodologies, tools, and processes used to solve them. Many methodologies will be discussed, from the production proven to the cutting edge, along with recommendations for their implementation on BSD systems. In general, you will learn to think differently about analyzing your systems, and make better use of the modern tools that BSD provides."
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
System Device Tree is an extension to Device Tree to describe all the hardware on an SoC, including heterogeneous CPU clusters and secure resources not typically visible to an Operating System like Linux. This full view allows the System Device Tree to be the "One true source" of the entire hardware description and helps to prevent the common (and hard-to-debug) problem of conflicting resources and system consistency. Lopper is an Open Source framework to parse and manipulate System Device Tree. With Lopper, it is possible to generate multiple traditional Device Trees from a single larger System Device Tree. This presentation will provide an overview of System Device Tree and will discuss the latest updates of the specification and tooling. The talk will illustrate multiple use-cases for System Device Tree with concrete examples, such as Linux running on the more powerful CPU cluster and Zephyr running on a smaller Cortex-R cluster. It will also show how to use Lopper to generate multiple traditional Device Trees targeting different OSes, not just Linux but also Zephyr/other RTOSes. Finally, an end-to-end demo based on Yocto to build a complete heterogeneous system with multiple OSes and RTOSes running on different clusters on a single reference board will be shown.
Continuous Security: From tins to containers - now what!Michael Man
Information Security departments often view containers as challenging to manage (code moves too fast for risk analysis, thousands of containers with limited visibility or control). Government organizations such as NIST have come out with guidelines for Application Container Security, while serverless technologies such as Azure Container Instances or AWS Fargate create additional challenges regarding how security risks are managed.
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_F18.shtml
Amazon EC2 provides a broad selection of instance types to accommodate a diverse mix of workloads. In this session, we provide an overview of the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current generation design choices of the different instance families, including General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and GPU instance. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances.
Monitoring in Motion: Monitoring Containers and Amazon ECSAmazon Web Services
Containers and other forms of dynamic infrastructure can prove challenging to monitor. How do you define normal, when your infrastructure is intentionally in motion and change from minute to minute? Join us as we discuss proven strategies for monitoring your containerized infrastructure on AWS and ECS.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
2. UK Offices
Manchester - Head Office
Cheltenham
Edinburgh
Leatherhead
London
Thame
North American Offices
San Francisco
Atlanta
New York
Seattle
Australian Offices
Sydney
European Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland
3. Agenda
Part One:
• Overview of the USB enumeration phase
• Different USB stack implementations
• USB testing platform
• Installed drivers and supported devices
• Fingerprinting techniques
• Umap demo
Part Two:
• The Windows 8 RNDIS kernel pool overflow
• Challenges faced when exploiting USB bugs
• Conclusions
4. Part One: Information gathering
• Why do we care?
• If you connect to a device surely you already know the platform?
• Embedded devices are mostly based on Linux anyway aren't they?
• Allows you to focus your testing on only supported functionality
6. Overview of the USB enumeration phase
• What is enumeration for?
• Assign an address
• Speed of communication
• Power requirements
• Configuration options
• Device descriptions
• Identify class drivers
• Lots of information exchange – implemented in many different ways
Image from :http://ewalk2.blog117.fc2.com
7. The USB enumeration phase
< Get Device descriptor
> Set Address
< Get Device descriptor
< Get Configuration descriptor
< Get String descriptor 0
< Get String descriptor 2
< Get Configuration descriptor
< Get Configuration descriptor
> Set Configuration
8. Enumeration phase peculiarities
• Why is the device descriptor initially requested twice?
• Why are there multiple requests for other descriptors?
• Class-specific descriptors:
< Get Hub descriptor
< Get HID Report descriptor
9. Different USB stack implementations
• Typical components of a USB stack
• Windows USB driver stack
• Linux USB stack
• Embedded Access USB stack
Image from: blogs.msdn.com
10. Typical components of a USB stack
• Host Controller hardware
• USB System software:
• Host Controller Driver – Hardware Abstraction Layer
• USB Driver
• Class drivers
• Application software
Image from: www.wired.com
15. USB interaction requirements
• Need to capture and replay USB traffic
• Full control of generated traffic
• Class decoders extremely useful
• Support for Low/High/Full speed required
• USB 3.0 a bonus
16. USB testing – gold-plated solution
• Commercial test equipment
17. USB testing – the cheaper approach
• Facedancer (http://goodfet.sourceforge.net/hardware/facedancer21)
18. Best solution: A combination of both
• Device data can be carefully crafted
• Host response data can be captured
• Microsecond timing is also recorded
• All class-specific data is decoded
20. Target list
• Windows 8
• Ubuntu Linux 12.04 LTS
• Apple OS X Lion
• FreeBSD 5.3
• Chrome OS
• Linux-based TV STB
21. Installed drivers and supported devices
• Enumerating supported class types – standard USB drivers
• Enumerating all installed drivers
• Other devices already connected
22. Enumerating supported class types
Where is USB class information stored?
Device Descriptor
Interface Descriptor
23. Installed drivers and supported devices
• Drivers are referenced by class (Device and Interface descriptors)
• Also, by VID and PID:
• For each device class VID and PID values can be brute-forced
(can easily be scripted using Facedancer)
• Although there may be some shortcuts….
• Valid PIDs and VIDs are available (http://www.linux-usb.org/usb.ids)
25. Sniffing the bus - Other connected devices
• Data from other devices will be displayed on other addresses
• Controlling other devices? (untested)
26. Fingerprinting techniques
• Descriptor request patterns
• Timing information
• Descriptor types requested
• Responses to invalid data
• Order of Descriptor requests
27. OS Identification
Linux-based TV STB Windows 8
< Get Max LUN (Mass Storage)
> CBW: INQUIRY
< MSC Data In
< CSW - Status Passed
> CBW: TEST UNIT READY
< CSW - Status Passed
> CBW: READ CAPACITY
< MSC Data In
< CSW - Status Passed
> CBW: MODE SENSE
< Get Max LUN (Mass Storage)
> CBW: INQUIRY
< MSC Data In
< CSW - Status Passed
> CBW: INQUIRY
< MSC Data In
< CSW - Status Passed
> CBW: READ FORMAT CAPACITIES
< MSC Data In
< CSW - Status Passed
28. Application identification
gphoto2 (Linux) “Photos” Metro app (Windows 8)
> Image: OpenSession
< Image: OK
> Image: GetDeviceInfo
< Image: DeviceInfo
< Image: OK
> Image: GetStorageIDs
< Image: StorageIDs
< Image: OK
> Image: GetStorageInfo
< Image: StorageInfo
< Image: OK
> Image: CloseSession
< Image: OK
> Image: OpenSession
< Image: OK
> Image: GetDeviceInfo
< Image: DeviceInfo
< Image: OK
> Image: SetDevicePropValue
> Image: DeviceProperty
< Image: OK
< Image: DeviceInfoChanged
DeviceProperty includes some text:
/Windows/6.2.9200
MTPClassDriver/6.2.9200.16384
29. Request patterns unique elements?
• Windows 8 (HID) – 3 x Get Configuration descriptor requests (others have two)
• Apple OS X Lion (HID) – Set Feature request right after Set Configuration
• FreeBSD 5.3 (HID) – Get Status request right before Set Configuration
• Linux-based TV STB (Mass Storage) – Order of class-specific requests
32. Using timing information? (work in progress…)
• Large amount of variance over entire enumeration phase:
• 4.055s, 3.834s, 3.612s, 3.403s, 3.089s
• Much greater accuracy between specific requests:
• Between String Descriptor #0 and #2 requests - 5002us, 5003us, 5003us, 4999us, 5001us
• If we know the OS can we potentially determine the processor speed?
33. Descriptor types requested
• Microsoft OS Descriptors (MOD)
• Used for “unusual” devices classes
• Devices that support Microsoft OS Descriptors must store a special USB string
descriptor in firmware at the fixed string index of 0xEE. The request is:
34. Responses to invalid data
• Different USB stacks respond to invalid data in
different ways
• Maximum and minimum values
• Logically incorrect values
• Missing data
• In some cases: Crashes (potential vulnerabilities)
• Other cases: Unique behaviour
Image from: windows7.iyogi.com
35. Invalid data unique elements?
Windows (all versions)
If you send a specific, logically incorrect HID Report descriptor this happens:
36. Invalid data unique elements?
Windows (all versions)
If you send a specific, logically incorrect HID Report descriptor this happens:
37. Order of Descriptor requests
• Some USB stacks request data from devices in a different order
• Different drivers may request different descriptors multiple times
• Sometimes descriptors are re-requested after enumeration is complete
39. Umap overview
• Supported device classes can be enumerated
• Operating system information can be enumerated
• Devices with specific VID/PID/REV can be emulated
• The enumeration phase and class-specific data can be fuzzed
• Endpoint protection systems configuration can be assessed
• Endpoint protection systems USB protection can be circumvented
• USB host implementations can be comprehensively tested
41. The Windows 8 RNDIS kernel pool overflow
• MS13-027
• usb8023x.sys - default (Microsoft-signed) Windows Remote NDIS driver that
provides network connectivity over USB.
• When the following USB descriptor field is manipulated a Bug check occurs
indicating a kernel pool overwrite:
Configuration descriptor: bNumInterfaces field > actual number of USB interfaces
42. The Bug Check
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
<Truncated for brevity>
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 83e38610, The pool entry we were looking for within the page.
Arg3: 83e38690, The next pool entry.
Arg4: 08100008, (reserved)
<Truncated for brevity>
WARNING: SystemResourcesList->Flink chain invalid. Resource may be
corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be
corrupted, or already deleted.
SYMBOL_NAME: usb8023x!SelectConfiguration+1bd
45. Analysis #1
When bNumInterfaces = 3 (one more than it should be) and bNumEndpoints = 2
(valid value)
Next kernel pool:
849c3b28 10 00 0a 04 56 61 64 6c-6b 8f 94 85 28 8c 90 85 ....Vadlk...(...
becomes:
849c3b28 00 00 0a 04 56 61 64 6c-6b 8f 94 85 28 8c 90 85 ....Vadlk...(...
So we’re overwriting "PreviousSize" in the next nt!_POOL_HEADER - this is what
triggered the original Bug Check when ExFreePool() is called
46. Analysis #2
When bNumInterfaces = 3 (one more than it should be) and bNumEndpoints = 5
(three more than it should be)
Next kernel pool:
84064740 17 00 03 00 46 72 65 65-48 2d 09 84 30 a8 17 84 ....FreeH-..0...
becomes:
84064740 17 00 03 00 00 72 65 65-48 2d 09 84 30 a8 17 84 .....reeH-..0...
So we’re now overwriting "PoolTag" in the next nt!_POOL_HEADER
47. What’s going on?
kd> dt nt!_POOL_HEADER
– +0x000 PreviousSize : Pos 0, 8 Bits
– +0x000 PoolIndex : Pos 8, 8 Bits
– +0x000 BlockSize : Pos 16, 8 Bits
– +0x000 PoolType : Pos 24, 8 Bits
– +0x004 PoolTag : Uint4B
– +0x008 ProcessBilled : Ptr64 _EPROCESS
By manipulating bNumInterfaces and bNumEndpoints in a USB Configuration
descriptor we appear to have a degree of control over where in the next adjacent
kernel memory pool we can overwrite a single byte with a null (the null write occurs
four bytes after the end of the pool I control and I can also control its size and some
elements of its contents so could also potentially overwrite the next pool header with
something useful)
49. Challenges faced when exploiting USB bugs
• Lack of feedback channel
• The bug is often in kernel code
• Descriptors are generally very size-constrained
• Typical impact of USB exploitation typically restricted to privilege escalation
• Modern operating systems e.g. Windows 8 have comprehensive exploit mitigation
• What about USB over RDP?
Image from: leadershipfreak.wordpress.com
50. Conclusions
• The USB enumeration phase reveals useful information for fingerprinting
• Class-specific communication is potentially even more revealing
• Even vendors with mature SDL processes have USB bugs
• USB bugs can potentially be exploited, to provide privilege escalation
• …but it is extremely difficult to achieve reliably