A explanation about docker, new C.I. / C.D. cycles with docker, how to dissect a Docker image and trojanize and how to abuse of Functionality of Docker Registry
Inspiring Marketing Episode 1: The Rise of MessengersKepios
These are the slides for Inspiring Marketing Episode 0001: The Rise of Messengers. You can watch the full video as an embed within this presentation.
Messengers are a recent addition to marketers' toolkits, but they've already changed the rules of social media marketing. This video explores messengers' dramatic rise, and offers advice for marketers who want to make best use of them.
A explanation about docker, new C.I. / C.D. cycles with docker, how to dissect a Docker image and trojanize and how to abuse of Functionality of Docker Registry
Inspiring Marketing Episode 1: The Rise of MessengersKepios
These are the slides for Inspiring Marketing Episode 0001: The Rise of Messengers. You can watch the full video as an embed within this presentation.
Messengers are a recent addition to marketers' toolkits, but they've already changed the rules of social media marketing. This video explores messengers' dramatic rise, and offers advice for marketers who want to make best use of them.
22@ Barcelona 2000-2015: Barcelona's innovation districtBarcelona Activa
This report presents an evaluation of the milestones reached in Barcelona's 22@ innovation district from the moment of its conception and implementation up until the present.
A presentation listing the top online formats for content distribution created by 2 The Top marketing, Inc of Boise, Idaho. Content marketing can take many forms and is not just limited to text based copy.
Cómo entender la diplomacia pública como complemento de la diplomacia tradicional. Understanding public diplomacy as a complement to traditional diplomacy .
SearchLove 2016 - WhatsAppening with Chat App MarketingJes Scholz
Why is chat app marketing becoming popular now? What are some best practice examples? How do I launch my own messenger app? What is in the future for inbound marketing? The questions are more were answered at SearchLove 2016.
A 6ª edição do Mapa do Emprego 2017 foi elaborada pela Fecomércio-RS com base nos dados da RAIS 2015. O estudo traça uma radiografia completa do trabalhador que atua no setor terciário, englobando as áreas de comércio (varejista, atacadista e reparação de veículos automotores e motocicletas) e serviços.
The 2016 Land Markets Survey is a tool for real estate land professionals in all sectors of the business to use for bench-marking and as an informational resource when conducting business published annually by the REALTORS® Land Institute and the National Association of REALTORS® Research Department. This year marks the third consecutive year that the survey has been conducted to reveal current trends and the current state of land markets. The survey includes responses from over six-hundred and fourteen expert land professionals including respondents from across North America.
In high security environments, we are often behind proxies, firewalls or obnoxious corporate policies that disallow access to Github or RubyGems. What gives?! In this session, I will talk about what problems we need to solve to build and manage environments in an offline world and how infrastructure as code is at the heart of making it happen.
U.S. secondary markets see record multifamily investmentJLL
Led by the West, secondary markets saw a 16-year high in multifamily investment during 2016. A combination of strong job and population growth, as well as above average household formations made cities such as Austin, Denver, Phoenix, Portland and Tampa top targets for multifamily investment.
Slides from the talk that Helen Bevan gave at London Women's Leadership Network on 8th March 2017 on the occasion of International Women's Day #womenlead
A brief guide on how to optimize creatives on digital for better conversions and higher retention. These learnings are provided as a selection of takeaways that are readily implementable as part of your company's digital strategy.
These slides were originally presented by me at the Google Startup Bootcamp, New Delhi in October 2015. They have subsequently presented at Adwords conferences at Berlin and at several other events.
Vacation inn Group of hotels & resorts in Indiavacationinn
A period of unsurpassed opportunity for those prepared for the recent economic climate is about to emerge. Vacation Inn stands ready to participate in an ambitious yet controlled fashion.
Presented by Faisal Hoque at the #AirBus Leadership University.
“These tumultuous times can present us with ground-breaking opportunities for changing how we see the world, and how we operate within it.” - WEF
The constant cascade of social, economic, and technological change is reshaping our globe. Workforces are increasingly dispersed, demanding of self-expression, and quite possibly disengaged. Within this topsy-turvy context, leaders must spark #creativity, drive #innovation, and ensure #sustainability.
What are the remedies? The newest problems of the world find solutions in the oldest and timeless practices such as #mindfulness, authenticity, perseverance, and #empathy―because Everything Connects.
To inspire your team to be together and celebrate collaboration, we've gathered some of our favorite quotes on the power of teamwork and unity. Take a look at it and share your views.
22@ Barcelona 2000-2015: Barcelona's innovation districtBarcelona Activa
This report presents an evaluation of the milestones reached in Barcelona's 22@ innovation district from the moment of its conception and implementation up until the present.
A presentation listing the top online formats for content distribution created by 2 The Top marketing, Inc of Boise, Idaho. Content marketing can take many forms and is not just limited to text based copy.
Cómo entender la diplomacia pública como complemento de la diplomacia tradicional. Understanding public diplomacy as a complement to traditional diplomacy .
SearchLove 2016 - WhatsAppening with Chat App MarketingJes Scholz
Why is chat app marketing becoming popular now? What are some best practice examples? How do I launch my own messenger app? What is in the future for inbound marketing? The questions are more were answered at SearchLove 2016.
A 6ª edição do Mapa do Emprego 2017 foi elaborada pela Fecomércio-RS com base nos dados da RAIS 2015. O estudo traça uma radiografia completa do trabalhador que atua no setor terciário, englobando as áreas de comércio (varejista, atacadista e reparação de veículos automotores e motocicletas) e serviços.
The 2016 Land Markets Survey is a tool for real estate land professionals in all sectors of the business to use for bench-marking and as an informational resource when conducting business published annually by the REALTORS® Land Institute and the National Association of REALTORS® Research Department. This year marks the third consecutive year that the survey has been conducted to reveal current trends and the current state of land markets. The survey includes responses from over six-hundred and fourteen expert land professionals including respondents from across North America.
In high security environments, we are often behind proxies, firewalls or obnoxious corporate policies that disallow access to Github or RubyGems. What gives?! In this session, I will talk about what problems we need to solve to build and manage environments in an offline world and how infrastructure as code is at the heart of making it happen.
U.S. secondary markets see record multifamily investmentJLL
Led by the West, secondary markets saw a 16-year high in multifamily investment during 2016. A combination of strong job and population growth, as well as above average household formations made cities such as Austin, Denver, Phoenix, Portland and Tampa top targets for multifamily investment.
Slides from the talk that Helen Bevan gave at London Women's Leadership Network on 8th March 2017 on the occasion of International Women's Day #womenlead
A brief guide on how to optimize creatives on digital for better conversions and higher retention. These learnings are provided as a selection of takeaways that are readily implementable as part of your company's digital strategy.
These slides were originally presented by me at the Google Startup Bootcamp, New Delhi in October 2015. They have subsequently presented at Adwords conferences at Berlin and at several other events.
Vacation inn Group of hotels & resorts in Indiavacationinn
A period of unsurpassed opportunity for those prepared for the recent economic climate is about to emerge. Vacation Inn stands ready to participate in an ambitious yet controlled fashion.
Presented by Faisal Hoque at the #AirBus Leadership University.
“These tumultuous times can present us with ground-breaking opportunities for changing how we see the world, and how we operate within it.” - WEF
The constant cascade of social, economic, and technological change is reshaping our globe. Workforces are increasingly dispersed, demanding of self-expression, and quite possibly disengaged. Within this topsy-turvy context, leaders must spark #creativity, drive #innovation, and ensure #sustainability.
What are the remedies? The newest problems of the world find solutions in the oldest and timeless practices such as #mindfulness, authenticity, perseverance, and #empathy―because Everything Connects.
To inspire your team to be together and celebrate collaboration, we've gathered some of our favorite quotes on the power of teamwork and unity. Take a look at it and share your views.
The (Io)Things you don't even need to hack. Should we worry?SecuRing
The prevalence of computers in form of so called "smart" devices embedded in our everyday environment is inevitable. From pentester's perspective, the adjective "smart" at first glance can hardly be used to describe their inventors and ambassadors.
Based on a few examples (i.a. BTLE beacons, smart meters, security cameras...) I will show how easily "smart" devices can be outsmarted. Sometimes you don't even need any 'hacking' skills, or the default configuration is wide-open. But are we doomed? What are the conditions for real threat? Can the vulnerabilities be exploited anonymously and as easily as in web application? Where is the physical border the intruder would be likely to cross? The risks involved are usually different, but does it mean we don't have to worry? Are we sure how to use securely the emerging technology?
Advanced view of atmega microcontroller projects list at mega32 avrWiseNaeem
Most of the electronics geeks are asking the whole list of Atmega AVR projects PDF here we will share list every month as our projects are being updated on daily basis. PDF is a good source to work offline. We will offer direct PDF file download link with info of its release date , number of projects.
Talk about how to use Open-Source and especially Apache PLC4X to access industry machinery data and to use open-source to build the next generation of industrial software
We are building a mass-market 2mm-thin handheld and a TV-connected boxthat, jointly, radically exceed state-of-the art in (A) the privacy and security of your communications, and (B) in the choice of content and quality of experience of your home entertainment.
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
1. Основные понятия и определения: продукт, пакет, связи между ними.
2. Как узнать, какие изменения произошли в продукте?
3. Проблемы changelog и release note.
4. Решение: инструмент ChangelogBuilder для автоматической подготовки Release Notes
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
1. Обзор Windows Docker (кратко)
2. Как мы построили систему билда приложений в Docker (Visual Studio\Mongo\Posgresql\etc)
3. Примеры Dockerfile (выложенные на github)
4. Отличия процессов DockerWindows от DockerLinux (Долгий билд, баги, remote-регистр.)
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
1. Проблемы в построении CI процессов в компании
2. Структура типовой сборки
3. Пример реализации типовой сборки
4. Плюсы и минусы от использования типовой сборки
1. Что такое BI. Зачем он нужен.
2. Что такое Qlik View / Sense
3. Способ интеграции. Как это работает.
4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды.
5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).
Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.
Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений?
На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей.
К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.
Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных.
Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.
Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
4. What’s
a
SmartTV?
(1)
4
0 Describes
a
trend
of
integration
of
the
Internet
and
Web
2.0
features
into
television
0 Technological
convergence
between
computers
and
television
sets
and
set-‐top
boxes
0 SmartTV
=
a
television
with
integrated
Internet
capabilities
that
offers
more
advanced
computing
ability
and
connectivity
than
a
contemporary
TV
14. 1st
Commercial
• If
you
have
to
choose
between
a
simple
TV
and
a
TV
with
a
lot
of
features,
even
features
that
you
don’t
know
(but
they
sound
cool),
you
will
go
for
the
second
one
14
15. 2nd
Advertising
0 Advertising
=
Money
for
Vendors/Ads
Providers
0 Targeted
advertising
and
other
advanced
advertising
features
such
as
ad
telescoping
using
VOD
and
PVR,
enhanced
TV
for
consumer
call-‐to-‐action
and
audience
measurement
solutions
for
ad
campaign
effectiveness
0 Bidirectional
Blow
between
TV
and
Ads
providers
15
16. Advertising
and
Security
16
0 This
bidirectional
Xlow
between
TV
and
Ads
provider,
has
2
main
consequences:
0 Privacy,
the
viewer
is
disclosing
personal
habits
0 Security,
a
man-‐in-‐the-‐middle
attack
can
be
pretty
effective
to
achieve
one
of
the
following
goals:
0 Ads-‐Hijacking
=>
To
inXluence
the
viewer
0 Vulnerability
Exploitation
=>
To
get
access
to
the
TV
17. Why
SmartTV
as
Target?
0 Used
worldwide
0 Huge
attack
surface
0 And..
17
20. 1984
20
0 An
attacker
able
to
gain
access
to
your
SmartTV
can:
0 Get
access
to
your
Home
privacy
0 Get
access
to
your
Company
meeting
room
0 And
more..
22. The
Problem
(2):
Bad
&
Obscure
0 They
rely
on
bad
coding
practice
and..
0 They
usually
rely
on
security
by
obscurity
(sigh)
22
23. The
Problem
(3):
Server
&
Client
0 Affected
both
by
Server-‐side
issues..
0 There
are
several
services
running
and
listening
for
incoming
connections
(by
default)
0 And
Client-‐side
issues
0 Any
of
the
Apps
installed
by
default
can
represent
a
possible
attack
vector
against
the
device
itself
23
24. The
Problem
(4):
Updates
0 A
lot
of
software
installed
on
the
TV..
0 Have
you
ever
updated
your
TV?
0 How
security
Bix
are
pushed
on
your
TV
by
the
Vendor?
0 Are
you
running
the
latest
release
of
the
web
browser?
24
26. Things
to
know..
(1)
0 A
SmartTV
is
an
expensive
hardware
device
0 Usually
>
1000
Euro
(47.000
RUB)
0 You
might
“brick”
the
TV
(no
longer
works)
0 Big
hardware
and
software
differences
between
the
TV
models,
even
those
of
the
same
vendor
0 Multiple
names
for
the
same
features
(i.e.
HDMI-‐CEC*)
26
*
http://en.wikipedia.org/wiki/HDMI#CEC
27. Things
to
know..
(2)
0 SmartTV
are
usually
based
on
Linux
0 Using
MIPS
and
ARM
CPU
0 Having
a
number
of
different
embedded
stuff
including:
WiFi,
USB,
Camera,
Microphone,
sensors,
etc
0 Running
a
wide
range
of
proprietary
and
customized
software,
with
crazy
conXigurations
0 Black-‐box
testing
means
wasting
lot
of
time
to
get
information,
having
few
control
over
the
TV
and
limited
debugging
27
28. How
to
get
the
Software?
(1)
0 SmartTV
vendors
(like
Samsung
and
LG)
usually
release
emulators
and/or
SDK
for
developers
willing
to
create
new
Apps
for
the
TV
0 The
idea
of
using
the
emulators
on
the
PC
to
Xind
issues
affecting
the
TV
might
sound
interesting
0 The
problem
is
that
the
emulator
doesn’t
usually
match
the
software
running
on
the
real
TV
0 For
example
if
you
Xind
10
issues
in
the
emulator,
probably
only
1
or
2
will
work
on
the
TV
and
bugs
affecting
the
TV
may
not
work
on
the
emulators
0 But
emulators
are
good
to
have
an
idea
of
some
protocols
and
how
the
code
works
28
29. How
to
get
the
Software?
(2)
0 Via
Xirmware
updates
0 Don’t
need
to
access
the
TV
0 Thousands
of
updates
available
for
free
on
the
Vendors
websites
0 Usually
encrypted
with
an
encryption
key
deXined
on
a
TV/
model
base.
i.e.:
2
different
models
of
the
same
vendor
will
have
2
different
keys
0 Require
some
reverse
engineering
work
to
extract
the
content
29
30. How
to
get
the
Software?
(3)
0 Via
directory
traversal
0 Needs
a
vulnerability
0 If
you
can
access
/proc
you
have
lot
of
information
0 If
you
can
access
/dev
you
can
download
all
the
Xilesystems
0 Otherwise
you
have
to
guess
Xile/directory
names
by
using
some
techniques
30
31. How
to
get
the
Software?
(4)
0 Via
code
execution
0 Needs
a
vulnerability
0 Full
access
to
Xiles,
directory
and
attached
devices!
0 Execute
whatever
commands
you
want
:]
0 Bye
Bye
TV
Caveat:
You
might
brick
the
TV!!!
31
32. How
to
get
the
Software?
(5)
0 Via
JTAG
or
NAND/SD
physical
reading
0 Hardware
solution,
you
must
open
the
TV
and
playing
with
its
content…
bye
bye
warranty
0 Not
always
available
or
easy
to
access
0 It
might
cause
some
trouble
to
the
device
0 A
lot
of
effort
and
only
for
skilled
people
32
35. Attack
Surface
0 As
you
might
have
guessed
there
are
a
lot
of
different
ways
to
attack
a
SmartTV
0 To
get
a
better
understanding
let’s
take
a
look
at
a
real
world
device
0 We
will
just
focus
on
a
subset
of
the
device
attack
surface
0 To
do
that
we
take
in
consideration
the
following
schema
related
to
a
Philips
SmartTV…
35
37. Attack
Surface
-‐
USB
37
USB
Malicious
USB
stick
containing
malformed
data
i.e.:
• Video
and
Audio
codecs
• Filesystem
• USB
stack
• Auto
executed
Xiles
38. Attack
Surface
-‐
HDMI
38
HDMI
Communication
protocols:
• CEC
• HEC*
for
device
interoperability
Rogue
hardware
via
Ethernet
connection
(HEC)
*HEC
is
not
that
popular,
not
clear
how
many
devices
are
using
this
standard..
39. Attack
Surface
-‐
DVB
39
DVB
Radio
signal
to
the
TV
DVB
!=
Analog
It’s
a
protocol,
which
allows
using
different
codecs
to
decode
the
video/audio
streams
Different
standards:
• DVB-‐T
(terrestrial)
• DVB-‐C
(cable)
• DVB-‐S
(satellite)
Homemade
DVB
transmitter
40. Wait!
Before
we
forget..
0 The
DVB
audio/video
streams
are
a
possible
fuzzing
target:
0 HEVC,
H.262,
H.264,
AVS,
MP2,
MP3,
AC-‐3,
AAC,
HE-‐AAC
0 But
the
embedded
interactive
content
is
the
best
way
to
attack
the
TV:
0 HbbTV
0 CE-‐HTML
0 MHEG
40
41. Attack
Surface
-‐
WiFi
41
WiFi
WiFi
adapter
of
the
TV
acting
as
access-‐point
listening
for
WiFi
connections.
The
Miracast
protocol
is
composed
by
out-‐of-‐band
WiFi
packets,
protocols
and
codecs
A
vulnerability
in
Miracast
allows
the
attacker
to
access
the
TV
from
outside
your
house
42. Attack
Surface
-‐
Apps
42
Apps
Vulnerabilities
affecting
Apps
on
the
TV:
• Skype
• Web
browser
• Malicious
Apps
43. Attack
Surface
-‐
LAN
0 Most
of
the
SmartTV
issues
are
related
to
services
exposed
via
LAN:
0 UPNP
0 Video/Audio
service
(like
DirectFB)
0 Various
HTTP/HTTPS
servers
0 Network
remote
controller
0 Media
sharing
0 Status
and
information
0 First
thing
to
try
on
your
SmartTV
is
using
NMAP:
0 You
will
see
a
number
of
different
TCP
and
UDP
ports
open
0 Some
of
them
awaiting
for
you
to
connect
:]
0 If
you
try
to
send
some
junk
data
to
these
ports
you
might
get
some
easy
way
to
crash/reboot
the
TV,
a
starting
point
to
investigate
0 The
TV
also
scans
the
LAN,
an
attacker
can
passively
exploit
vulnerabilities
43
45. Samsung
#1
(1)
0 Date:
2012
0 Tested
device:
Samsung
SmartTV
D6000
0 Affected
Service/Protocol:
DMRND,
an
HTTP
server
listening
on
ports
52253
and
52396
0 Vulnerability:
Directory
Traversal,
which
allows
to
download
any
Xile
available
on
the
device
except
special
Xiles
like
those
in
/proc
0 Details:
The
server
has
a
security
check
to
allow
people
to
download
Xiles
having
only
whitelisted
Xile
extensions
(jpg,
png,
..).
To
bypass
the
check
the
attacker
needs
to
append
a
NULL
byte
followed
by
the
whitelisted
extension:
0 http://SERVER:52235/../../etc/passwd%00.png
45
46. Samsung
#1
(2)
46
0 Download
all
the
Xilesystems
from
the
remote
TV
0 Download
the
Xilesystems
related
to
all
the
connected
USB
devices
47. TV
controller
conXiguration
Xile,
it
contains
the
parameters
used
by
the
whitelisted
remote
controller
ConXiguration
Xile
used
by
the
our
PC
program,
we
need
only
to
copy
the
above
parameters
here
Samsung
#1
(3)
47
These
Xields
are
not
part
of
the
Ethernet
packets,
but
are
deXined
inside
the
protocol
itself
so
it’s
possible
to
spoof
the
IP,
MAC
address
and
hostname
to
allow
an
attacker
in
the
network
to
impersonate
the
whitelisted
TV
controller
48. Samsung
#1
(4)
48
0 Now
we
can
control
the
TV
when
the
victim
is
not
watching
0 The
attacker
can
install
arbitrary
malicious
Apps
on
the
TV
using
the
“develop”
account
49. Samsung
#2
(1)
0 Date:
2012
0 Tested
device:
Samsung
SmartTV
D6000
0 Affected
Service/Protocol:
DLNA
client
0 Vulnerability:
Buffer
overXlow
exploitable
as
soon
as
the
device
tries
to
download
the
icon
image
associated
to
a
DLNA
host
49
1
-‐
NOTIFY
UDP
Packet
–
new
DLNA
host
is
available
2
-‐
Connect
to
host
3
-‐
XML
data
containing
the
icon
image
51. Samsung
#2
(3)
51
<iconList>
<icon>
<mimetype>image/png</mimetype>
<width>48</width>
<height>48</height>
<depth>32</depth>
<url>/images/
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaa [...]
1
-‐
NOTIFY
UDP
Packet
–
new
DLNA
host
is
available
2
-‐
Connect
to
host
3
-‐
XML
data
containing
the
icon
image
52. Samsung
#3
0 Date:
2012
0 Tested
device:
Samsung
SmartTV
D6000
0 Vulnerability:
Persistent
Endless
Loop
0 Details:
The
controller
packet
contains
a
string,
which
is
used
to
identify
the
controller
itself.
A
malformed
string
will
trigger
an
endless
loop.
The
only
way
to
Xix
this
issue
is
to
access
the
device
service
mode
before
the
reboot.
52
nnnttttHACKED!nnnnn
2
–
Allow/Deny
controller
3
–
Endless
Loop
53. Philips
Miracast
(1)
0 Found
in
2014
0 ALL
the
Philips
TV
2013
models
are
affected
0 Silently
exploitable
probably
from
Summer
2013
0 No
PIN
0 No
authorization
request
0 Hardcoded
Xixed
password…
“Miracast”
J
0 Full
access
to
the
TV
services
just
like
in
LAN
0 Exploiting
of
directory
traversal
in
JointSpace
0 Abuse
of
the
available
services
0 Let’s
check
what
we
can
do…
53
55. Philips
Miracast
(3)
0 Sending
audio
and
video
to
the
TV…
the
TV
is
talking
to
you!
55
56. Philips
Miracast
(4)
0 Stealing
conXiguration
Xiles
and
cookies
via
a
directory
traversal
public
from
September
2013
but
unXixed
56
57. What’s
next?
0 Android
will
be
adopted
on
the
upcoming
SmartTV
models:
0 One
platform
makes
exploit
development
easier
0 Same
vulnerable
App
will
be
used
across
different
Vendors..
0 Less
customized
software
means
less
vulnerabilities
L
57
58. Conclusion
0 SmartTV
are
insecure
0 SmartTV
are
a
perfect
target
for
“monitoring”
a
speciXic
target:
a
person
or
even
a
company
(TVs
are
everywhere)
0 Exploiting
them
usually
requires
to
be
in
the
LAN
or
some
user
interaction
0 Currently
it’s
difXicult
to
have
a
vulnerability
for
owning
many
models
of
TV,
so
you
must
focuse
on
the
one
of
your
target
58