Tim Hsu is the founder of CHROOT and HITCON. He previously worked as the security manager for Taiwan Mobile and currently works for VARMOUR, an American cybersecurity company. The document discusses AppArmor security profiles for Docker containers, the VulApps tool for testing container vulnerabilities, the Pornhub bug bounty program, Docker security best practices, and links to resources about remote code execution vulnerabilities in WordPress plugins and Apache Struts.
Tim Hsu is the founder of CHROOT and HITCON. He previously worked as the security manager for Taiwan Mobile and currently works for VARMOUR, an American cybersecurity company. The document discusses AppArmor security profiles for Docker containers, the VulApps tool for testing container vulnerabilities, the Pornhub bug bounty program, Docker security best practices, and links to resources about remote code execution vulnerabilities in WordPress plugins and Apache Struts.
This document contains an agenda for a presentation that includes topics such as exploit development, web application hacking methodology, SQLMap, vulnerability assessment, malware analysis, reverse engineering, and cybersecurity conferences. It also addresses frequently asked questions about capture the flag events, bug bounty programs, and security certifications. Resources like exploit code examples, tool documentation, hacking forums, and malware repositories are listed.
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueChong-Kuan Chen
The document discusses automatic attack and defense techniques explored through DARPA's Cyber Grand Challenge (CGC) and DEFCON CTF competitions. It introduces CGC and covers topics like vulnerability discovery, fuzzing, symbolic/concolic execution, and software hardening. It describes CGC's qualification round in 2015 and final event in 2016, which was won by ForAllSecure/Mayhem. Various techniques used by competing teams are discussed, including AFL fuzzing, symbolic execution tools like S2E and Angr, and approaches that combined fuzzing and symbolic execution like Driller.
This document provides an overview of ransomware, including what it is, how it spreads, examples of ransomware families, and prevention strategies. Ransomware encrypts files on an infected system and demands payment, usually in cryptocurrency, to decrypt the files. It spreads through spam emails containing malicious attachments or links, compromised websites using exploit kits, and by exploiting vulnerabilities in operating systems. The document demonstrates ransomware infections through snapshots and shares folders. Prevention includes regularly backing up important files, avoiding unsolicited documents, and keeping systems updated.
Everyone understands disk has become the primary target for backups in the last several years. It’s also safe to say that the main type of disk storage used as a target for backups would be a purpose-built backup appliance that presents itself to the backup application as an NFS or SMB server and then deduplicates any backups stored on it.
But what about object storage? Object storage vendors tout that their systems are less expensive to buy and less expensive to operate than traditional disk arrays and NAS appliances. So, does it make sense to use them for backups? How much is deduplication a factor and is deduplication even available with object storage? What else can object storage bring to the table that traditional disk backup appliances can’t?
This document contains information about malware, cybercrime tools, and system utilities. It lists common types of malware like viruses, worms, trojans, and spyware. It also lists tools used by hackers and security researchers like IDA Pro, Ollydbg, and Sysinternals utilities. Cryptocurrency wallet addresses and encryption keys are included at the end.
Practical Attacks Against Encrypted VoIP Communicationsiphonepentest
The slides from MDSec's presentation at HackInTheBox KUL 2013. The presentation describes attacks that can be used to deduce spoken conversations from encrypted VoIP communications. The presentation uses Skype as a case study.
This document discusses many challenges facing security teams, including lack of visibility into all IT systems and assets ("shadow IT"), numerous vulnerabilities being discovered regularly, inability to identify attack paths, and poor communication between security and business teams. It advocates adopting a continuous monitoring approach that automates asset discovery, vulnerability assessments, log analysis and security metrics to improve visibility, prioritize risks, and demonstrate security's value to the business.
The document discusses crawlers and how they work. Crawlers walk the network, search for anything they find, and do anything they want. Crawlers can download web pages, operate on the data, and find the next seeds to crawl. However, servers often block crawlers, data is unstructured, and it's difficult to find the next seeds. Crawlers must behave like human users to avoid detection by fetching pages slowly and randomly. Distributed and remote processing models can help make crawlers more efficient.
This is my keynote for AppSec California 2015. In it I discuss how application security is taking over all areas of security and how we need to change how we build and deploy security tools as a result.
Here is the video of me giving the talk:
https://www.youtube.com/watch?v=-1kZMn1RueI
一直以來資安都被視為較難入門的領域,加上繁體中文的文獻相較於英文及簡體中文少非常多,導致了台灣有許多人想入門資安卻不知該從何學起,抹煞了許多初學者的熱情。於是 Got Your PW 也就這麼成立了,立志於提供初學者豐富的資源提供學習與使用,使大家能夠更輕易的踏入資安圈而不會被高聳的門檻給嚇退,讓學資安成為一種輕鬆的「微旅行」。這回我們將述說 Got Your PW 建立的背景,故事,挫折等等不為人知的故事,並且探討現今的問題,以及未來的展望。
@SITCON2016
This document discusses reverse engineering techniques including bypassing hackshield, analyzing Windows binaries with IDA Pro and Ollydbg, unpacking binaries with UPX and protecting binaries with encryption and anti-debugging techniques. It also covers basic x86 assembly instructions and reversing concepts like the stack, registers, and anti-debugging APIs.
11. CVE-2014-7187
! only works when Bash is built with –fsanitize
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in
{1..200} ; do echo done ; done) | bash ||
echo "CVE-2014-7187 vulnerable, word_lineno”
15. CGI 測試結果
Bash
v4.1.2
C
PHP
v5.3.3
PERL
V5.10.1
PYTHON
v2.6.6
RUBY
v1.8.7
mod_cgi
V
V
V
O
V
O
mod_fastcgi
V
mod_fcgid X
X
X
X
mod_php
X
mod_perl X
mod_python X
mod_ruby
X
V: 可直接利用或透過 system()/popen() 利用
O: 在未最佳化執行的 system()/popen() 情況下可利用
X: 不可被利用
16. Default shell (/bin/sh)
OS /bin/sh
RHEL
bash
CentOS
bash
Fedora
bash
MacOSX
bash
Ubuntu
dash
Android
sh
FreeBSD
tcsh
18. DHCPClient 分析
! 從 Internet Systems Consortium DHCP Distribution Version 4.2.4
的原始碼來看,的確是 dhclient.c 會從 DHCP 封包中將參數值透
過內建的 client_envadd() 轉換成環境變數,再經由 execve() 執⾏行
了 dhclient-script (bash script),所以當然也就中獎了
! 下列兩道指令可⽤用來檢測系統上的 dhclient 是否會被此漏洞影響
$ /sbin/dhclient - 2>&1 | grep "ISC"
This version of ISC DHCP is based on the release available
$ which dhclient-script
/sbin/dhclient-script