This document summarizes a presentation about hacking the Globalstar simplex data service satellite network. It describes how the speaker analyzed the network's spread spectrum modulation and packet structure to intercept and decode signals. Methods are outlined for recovering the pseudo-random number sequence, despreading signals, and extracting location and payload data from packets. Potential impacts of the capabilities are discussed, such as spoofing emergency alerts or hijacking vehicle tracking data. The presentation concludes by calling for further collaboration and optimization of the techniques.
Join Teledyne LeCroy for a discussion of what S-parameters are and why we should care about them. As serial data rates move into the multi-gigabit domain, S-parameters play an important role in understanding system performance. We will uncover the four main patterns found in s-parameters and learn what they can tell us about our interconnects.
This talk will give an overview of the current phased array radar systems and its requirements for weather observations, performance in sensitivity, antenna design requirement for dual-polarized weather radars.
C2 discrete time signals and systems in the frequency-domainPei-Che Chang
Discrete-Time Signals and Systems in the Frequency-Domain
Discrete-Time Fourier Transform
time domain convolution theorem
frequency domain convolution theorem
Z transform
Join Teledyne LeCroy for a discussion of what S-parameters are and why we should care about them. As serial data rates move into the multi-gigabit domain, S-parameters play an important role in understanding system performance. We will uncover the four main patterns found in s-parameters and learn what they can tell us about our interconnects.
This talk will give an overview of the current phased array radar systems and its requirements for weather observations, performance in sensitivity, antenna design requirement for dual-polarized weather radars.
C2 discrete time signals and systems in the frequency-domainPei-Che Chang
Discrete-Time Signals and Systems in the Frequency-Domain
Discrete-Time Fourier Transform
time domain convolution theorem
frequency domain convolution theorem
Z transform
It is sometimes desirable to have circuits capable of selectively filtering one frequency or range of frequencies out of a mix of different frequencies in a circuit. A circuit designed to perform this frequency selection is called a filter circuit, or simply a filter. A common need for filter circuits is in high-performance stereo systems, where certain ranges of audio frequencies need to be amplified or suppressed for best sound quality and power efficiency. You may be familiar with equalizers, which allow the amplitudes of several frequency ranges to be adjusted to suit the listener's taste and acoustic properties of the listening area. You may also be familiar with crossover networks, which block certain ranges of frequencies from reaching speakers. A tweeter (high-frequency speaker) is inefficient at reproducing low-frequency signals such as drum beats, so a crossover circuit is connected between the tweeter and the stereo's output terminals to block low-frequency signals, only passing high-frequency signals to the speaker's connection terminals. This gives better audio system efficiency and thus better performance. Both equalizers and crossover networks are examples of filters, designed to accomplish filtering of certain frequencies.
UVM is a standardized methodology for verifying complex IP and SOC in the semiconductor industry. UVM is an Accellera standard and developed with support from multiple vendors Aldec, Cadence, Mentor, and Synopsys. UVM 1.0 was released on 28 Feb 2011 which is widely accepted by verification Engineer across the world. UVM has evolved and undergone a series of minor releases, which introduced new features.
UVM provides the standard structure for creating test-bench and UVCs. The following features are provided by UVM
• Separation of tests from test bench
• Transaction-level communication (TLM)
• Sequences
• Factory and configuration
• Message reporting
• End-of-test mechanism
• Register layer
The signal processing algorithms can be implemented on hardware using various strategies such as DSP processors and ASIC. This PPT compares and contrasts the two methods.
It discusses about the 3G call flow scenarios for both the Circuit Switched (CS) and Packet Switched (PS). Calls are mobile originated. Call making and call tear down both are discussed.
Jitter measurements are commonly done taking small snapshots in time, yet systems often experience jitter from sources that occur over relatively long time intervals, which may not be accounted for using short time interval measurements methods.
In this webinar we will present the application of a real time, digital clock recovery and trigger system to the measurement of jitter on clock and data signals. Details of the measurement methodology will be provided along with measurement examples on both clock and data signals.
You Will Learn:
- What is Jitter
- Different types of Jitter
- Jitter measurement techniques
- Benefits of Jitter analysis using real-time DDC techniques
Wireless Communication and Networking by WilliamStallings Chap2Senthil Kanth
Hai I'm Senthilkanth, doing MCA in Mepco Schlenk Engineering College..
The following presentation covers topic called Wireless Communication and Networking
by WilliamStallings for BSc CS, BCA, MSc CS, MCA, ME students.Make use of it.
Wireless Communication and Networking
by WilliamStallings Chapter : 2Transmission Fundamentals
Chapter 2
Electromagnetic Signal
Function of time
Can also be expressed as a function of frequency
Signal consists of components of different frequencies
Time-Domain Concepts
Analog signal - signal intensity varies in a smooth fashion over time
No breaks or discontinuities in the signal
Digital signal - signal intensity maintains a constant level for some period of time and then changes to another constant level
Periodic signal - analog or digital signal pattern that repeats over time
s(t +T ) = s(t ) -¥< t < +¥
where T is the period of the signal
Time-Domain Concepts
Aperiodic signal - analog or digital signal pattern that doesn't repeat over time
Peak amplitude (A) - maximum value or strength of the signal over time; typically measured in volts
Frequency (f )
Rate, in cycles per second, or Hertz (Hz) at which the signal repeats
Time-Domain Concepts
Period (T ) - amount of time it takes for one repetition of the signal
T = 1/f
Phase () - measure of the relative position in time within a single period of a signal
Wavelength () - distance occupied by a single cycle of the signal
Or, the distance between two points of corresponding phase of two consecutive cycles
Sine Wave Parameters
General sine wave
s(t ) = A sin(2ft + )
Figure 2.3 shows the effect of varying each of the three parameters
(a) A = 1, f = 1 Hz, = 0; thus T = 1s
(b) Reduced peak amplitude; A=0.5
(c) Increased frequency; f = 2, thus T = ½
(d) Phase shift; = /4 radians (45 degrees)
note: 2 radians = 360° = 1 period
Sine Wave Parameters
Time vs. Distance
When the horizontal axis is time, as in Figure 2.3, graphs display the value of a signal at a given point in space as a function of time
With the horizontal axis in space, graphs display the value of a signal at a given point in time as a function of distance
At a particular instant of time, the intensity of the signal varies as a function of distance from the source
Frequency-Domain Concepts
Fundamental frequency - when all frequency components of a signal are integer multiples of one frequency, it’s referred to as the fundamental frequency
Spectrum - range of frequencies that a signal contains
Absolute bandwidth - width of the spectrum of a signal
Effective bandwidth (or just bandwidth) - narrow band of frequencies that most of the signal’s energy is contained in
Frequency-Domain Concepts
Any electromagnetic signal can be shown to consist of a collection of periodic analog signals (sine waves) at different amplitudes, frequencies, and phases
The period of the total signal is equal to the period of the fundamenta
It is sometimes desirable to have circuits capable of selectively filtering one frequency or range of frequencies out of a mix of different frequencies in a circuit. A circuit designed to perform this frequency selection is called a filter circuit, or simply a filter. A common need for filter circuits is in high-performance stereo systems, where certain ranges of audio frequencies need to be amplified or suppressed for best sound quality and power efficiency. You may be familiar with equalizers, which allow the amplitudes of several frequency ranges to be adjusted to suit the listener's taste and acoustic properties of the listening area. You may also be familiar with crossover networks, which block certain ranges of frequencies from reaching speakers. A tweeter (high-frequency speaker) is inefficient at reproducing low-frequency signals such as drum beats, so a crossover circuit is connected between the tweeter and the stereo's output terminals to block low-frequency signals, only passing high-frequency signals to the speaker's connection terminals. This gives better audio system efficiency and thus better performance. Both equalizers and crossover networks are examples of filters, designed to accomplish filtering of certain frequencies.
UVM is a standardized methodology for verifying complex IP and SOC in the semiconductor industry. UVM is an Accellera standard and developed with support from multiple vendors Aldec, Cadence, Mentor, and Synopsys. UVM 1.0 was released on 28 Feb 2011 which is widely accepted by verification Engineer across the world. UVM has evolved and undergone a series of minor releases, which introduced new features.
UVM provides the standard structure for creating test-bench and UVCs. The following features are provided by UVM
• Separation of tests from test bench
• Transaction-level communication (TLM)
• Sequences
• Factory and configuration
• Message reporting
• End-of-test mechanism
• Register layer
The signal processing algorithms can be implemented on hardware using various strategies such as DSP processors and ASIC. This PPT compares and contrasts the two methods.
It discusses about the 3G call flow scenarios for both the Circuit Switched (CS) and Packet Switched (PS). Calls are mobile originated. Call making and call tear down both are discussed.
Jitter measurements are commonly done taking small snapshots in time, yet systems often experience jitter from sources that occur over relatively long time intervals, which may not be accounted for using short time interval measurements methods.
In this webinar we will present the application of a real time, digital clock recovery and trigger system to the measurement of jitter on clock and data signals. Details of the measurement methodology will be provided along with measurement examples on both clock and data signals.
You Will Learn:
- What is Jitter
- Different types of Jitter
- Jitter measurement techniques
- Benefits of Jitter analysis using real-time DDC techniques
Wireless Communication and Networking by WilliamStallings Chap2Senthil Kanth
Hai I'm Senthilkanth, doing MCA in Mepco Schlenk Engineering College..
The following presentation covers topic called Wireless Communication and Networking
by WilliamStallings for BSc CS, BCA, MSc CS, MCA, ME students.Make use of it.
Wireless Communication and Networking
by WilliamStallings Chapter : 2Transmission Fundamentals
Chapter 2
Electromagnetic Signal
Function of time
Can also be expressed as a function of frequency
Signal consists of components of different frequencies
Time-Domain Concepts
Analog signal - signal intensity varies in a smooth fashion over time
No breaks or discontinuities in the signal
Digital signal - signal intensity maintains a constant level for some period of time and then changes to another constant level
Periodic signal - analog or digital signal pattern that repeats over time
s(t +T ) = s(t ) -¥< t < +¥
where T is the period of the signal
Time-Domain Concepts
Aperiodic signal - analog or digital signal pattern that doesn't repeat over time
Peak amplitude (A) - maximum value or strength of the signal over time; typically measured in volts
Frequency (f )
Rate, in cycles per second, or Hertz (Hz) at which the signal repeats
Time-Domain Concepts
Period (T ) - amount of time it takes for one repetition of the signal
T = 1/f
Phase () - measure of the relative position in time within a single period of a signal
Wavelength () - distance occupied by a single cycle of the signal
Or, the distance between two points of corresponding phase of two consecutive cycles
Sine Wave Parameters
General sine wave
s(t ) = A sin(2ft + )
Figure 2.3 shows the effect of varying each of the three parameters
(a) A = 1, f = 1 Hz, = 0; thus T = 1s
(b) Reduced peak amplitude; A=0.5
(c) Increased frequency; f = 2, thus T = ½
(d) Phase shift; = /4 radians (45 degrees)
note: 2 radians = 360° = 1 period
Sine Wave Parameters
Time vs. Distance
When the horizontal axis is time, as in Figure 2.3, graphs display the value of a signal at a given point in space as a function of time
With the horizontal axis in space, graphs display the value of a signal at a given point in time as a function of distance
At a particular instant of time, the intensity of the signal varies as a function of distance from the source
Frequency-Domain Concepts
Fundamental frequency - when all frequency components of a signal are integer multiples of one frequency, it’s referred to as the fundamental frequency
Spectrum - range of frequencies that a signal contains
Absolute bandwidth - width of the spectrum of a signal
Effective bandwidth (or just bandwidth) - narrow band of frequencies that most of the signal’s energy is contained in
Frequency-Domain Concepts
Any electromagnetic signal can be shown to consist of a collection of periodic analog signals (sine waves) at different amplitudes, frequencies, and phases
The period of the total signal is equal to the period of the fundamenta
This presentation from Virus Bulletin 2015 will provide a solid technical overview of Gatekeeper's design and implementation, and will discuss both patched and currently unpatched vulnerabilities or weaknesses, in this core OS X security mechanism.
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItSynack
DEF CON 23
You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea!
The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now.
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!Synack
DEF CON 23
Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment).
By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked.
Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware.
Black Hat '15: Writing Bad @$$ Malware for OS XSynack
In comparison to Windows malware, known OS X threats are really quite lame. As an Apple user that has drank the 'Apple Juice,' I didn't think that was fair!
From novel persistence techniques, to native OS X components that can be abused to thwart analysis, this talk will detail exactly how to create elegant, bad@ss OS X malware. And since detection is often a death knell for malware, the talk will also show how OS X's native malware mitigations and 3rd-party security tools were bypassed. For example I'll detail how Gatekeeper was remotely bypassed to allow unsigned download code to be executed, how Apple's 'rootpipe' patch was side-stepped to gain root on a fully patched system, and how all popular 3rd-party AV and personal firewall products were generically bypassed by my simple proof-of-concept malware.
However, don't throw out your Macs just yet! The talk will conclude by presenting several free security tools that can generically detect or even prevent advanced OS X threats. Armed with such tools, we'll ensure that our computers are better protected against both current and future OS X malware.
So unless you work for Apple, come learn how to take your OS X malware skills to the next level and better secure your Mac at the same time!
This presentation from ShmooCon 2016 elaborates on a trivial bypass of Apple’s Gatekeeper, a core OS X security mechanism, which still remains flawed following Apple’s patch efforts to the vulnerabilities previously reported and presented by Patrick Wardle at Virus Bulletin 2015.
As presented at this year's RSA Conference, a 2016 survey of critical infrastructure companies and officials demonstrates that this scenario could be reality. Jay and Julia will take you through the spine-chilling specifics of why the nation's critical infrastructure is at an ever increased risk of cyber attacks as hackers make them their prime target.
[DefCon 2016] I got 99 Problems, but Little Snitch ain’t one!Synack
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail
Presentation about Structural insulated panels price from www.large-span.com
contact us by info@large-span.com largespangroup@gmail.com
LARGE SPAN GROUP
TEL: 0086-13333016262, 18731151165
FAX: 0086-18032909635, 18032909637
EMAIL: largespangroup@gmail.com, info@large-span.com
Large-Span group is big stated owned corporation established over 30 years and has certificated by BV, TUV, SGS inspection. As one of the most famous manufacturers in China, we have committed ourselves to developing and producing high quality products, professional suggestions and good services for customers all over the world.
Leading in Local! Advance Auto Parts Discusses How To Win The Local Marketing...Placeable
Consumers today are not only conducting more local searches, but they are making instant decisions to engage with brands. It’s essential that enterprise brands be there in these moments when people are actively looking to learn, discover and BUY.
-When your customers are ready to buy, can they find you?
-Or, are you losing traffic to your competitors?
-What key pieces are you missing in order to start winning at local search?
Listen to an interactive webinar with Heath Bradbury, Digital Marketing and Innovation at Advance Auto Parts, as he shares his experience navigating the complex world of local marketing. Mr. Bradbury will discuss how he partnered with Placeable to activate national marketing campaigns at the local level.
In this webinar you’ll learn:
Why a local marketing program requires a different approach than a national marketing program
How to succeed in winning the local marketing game
Where local search fits in the consumer journey
The Multi-barrier Approach to Address Water Quality and Disease PreventionMadelyn Skinner
How can you eliminate waterborne hospital acquired infections (HAIs) by choosing the right water treatment? Popular chemical treatments, like monochloramine, cause harmful byproducts and have little effect. Learn about copper silver ionization, and how the multi-barrier approach protects the people in your facility. Get introduced to the CDC and ASHRAE 188 and learn how to follow ethical practices.
Presentation about Mgo+eps+mgo structural insulated panels from www.large-span.com
contact us by info@large-span.com largespangroup@gmail.com
LARGE SPAN GROUP
TEL: 0086-13333016262, 18731151165
FAX: 0086-18032909635, 18032909637
EMAIL: largespangroup@gmail.com, info@large-span.com
Large-Span group is big stated owned corporation established over 30 years and has certificated by BV, TUV, SGS inspection. As one of the most famous manufacturers in China, we have committed ourselves to developing and producing high quality products, professional suggestions and good services for customers all over the world.
Behavioral modeling of Clock/Data RecoveryArrow Devices
Clock/Data recovery (CDR) is a tricky logic to implement correctly. To verify the clock/data recovery logic implemented in designs, the corresponding verification infrastructure needs to be modeled correctly.
This presentation aims to present the various issues faced for modeling CDR behaviorally along with their solutions.
Screaming Channels: When Electromagnetic Side Channels Meet Radio TransceiversPriyanka Aash
The drive for ever smaller and cheaper components in microelectronics has popularized so-called "mixed-signal circuits," in which analog and digital circuitry are residing on the same silicon die. A typical example is WiFi chips which include a microcontroller (digital logic) where crypto and protocols are implemented together with the radio transceiver (analog logic). The special challenge of such designs is to separate the "noisy" digital circuits from the sensitive analog side of the system.
In this talk, we show that although isolation of digital and analog components is sufficient for those chips to work, it's often insufficient for them to be used securely. This leads to novel side-channel attacks that can break cryptography implemented in mixed-design chips over potentially large distances. This is crucial as the encryption of wireless communications is essential to widely used wireless technologies, such as WiFi or Bluetooth, in which mixed-design circuits are prevalent on consumer devices.
The key observation is that in mixed-design radio chips the processor's activity leaks into the analog portion of the chip, where it is amplified, up-converted and broadcast as part of the regular radio output. While this is similar to electromagnetic (EM) side-channel attacks which can be mounted only in close proximity (millimeters, and in a few cases a few meters), we show that it is possible to recover the original leaked signal over large distances on the radio. As a result, variations of known side-channel analysis techniques can be applied, effectively allowing us to retrieve the encryption key by just listening on the air with a software defined radio (SDR).
Radio Signal Classification with Deep Neural NetworksKachi Odoemene
6th place solution to 2018 Army Signal Classification Challenge.
Radio Signal Modulation Recognition.
Competition hosted by Army Rapid Capabilities Office and MITRE.
DEF CON 23: Internet of Things: Hacking 14 DevicesSynack
DEF CON 23
Internet of Things: Hacking 14 Devices
It is easy to find poorly designed devices with poor security, but how do the market leading devices stack up? Are they more secure than a Linux-powered rifle? This presentation documents our effort to assess the state of security of top selling Internet of Things Devices.
We procured 14 of the leading “connected home” IoT devices and tore them down, all the way from software to hardware and compared their relative security. This talk will demonstrate techniques useful for assessing any IoT device, while showing how they were applied across a wide range of devices.
Attend for stories of device rooting, SSL interception, firmware unpacking, mobile app vulnerabilities and more. Stay to find out why your favorite new gadget might just be a backdoor into your home. If you own (or are considering buying) one of the following devices, come and find out how secure it actually is!
Devices:
Dlink DCS-2132L
Dropcam Pro
Foscam FI9826W
Simplicam
Withings Baby Monitor
Ecobee
Hive
Honeywell Lyric
Nest Thermostat
Nest Protect
Control4 HC-250
Lowes Iris
Revolv
SmartThings
Samsung Smart Refrigerator (model RF28HMELBSR)
Samsung LED Smart TV (model UN32J5205AFXZA)
REASON:
The best thing about this talk is that it covers a large number of devices, all devices which are among the industry leaders for their category.
While we have published the high level findings from assessing these devices, this talk will include full technical details on how to attack each of these devices, and full tech details on any of the vulns which we found. Those details have not yet been released, and will be of interest to anyone who owns or wants to hack any of these devices.
Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simpl...Synack
Black Hat 2015
Recently, there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems.
In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I'll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk.
Presentation by Wesley Wineberg at B-Sides Vancouver 2015. It includes an analysis of EMU-2, introduction to hardware security and the ZigBee Smart Energy device.
Synack completed a benchmarking test in a series of home automation devices from cameras to home automation controllers to thermostats. The devices were examined head to head to derive conclusions on the relative state of security across the board. Interested in what we found?
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
5. MOTIVATION
• Try something new
• Satellite hacking often too
theoretical
• Unexplored frontier
• Systems are hopelessly
broken
• Inspire and collaborate
6. WHAT ARE WE GOINGTO
LEARN?
• RF signals and modulation
• What is spread spectrum?
• Selecting a target and
reverse engineering
• Exploiting the target
7. PREREQUISITES
• High school mathematical
knowledge
• Lets keep things relatively
“understandable”
• Will provide resources
(see github)
10. • SPOT - Consumer grade satellite tracking
• Aging satellite network: voice, data, messaging
• But wait… this tech is used everywhere. Jackpot.
11. WHERE IS IT USED?
Military / Classified
Trailers / Containers
Air Quality Monitoring
PersonnelTracking
Fire Detection and Prevention
Water Quality Monitoring
Tank Level Gauging
Perimeter / Border monitoring
Asset / Vehicle Tracking
Remote Meters
Buoys
Ship Movement
Fishing vessel monitoring
Power line monitoring
Dispersed sensors
and many more…
12. SIMPLEX DATA NETWORK
“Simplex works where infrequent, small packets of data are to be collected”
GPS Satellite
Asset
Globalstar Satellite
Globalstar Ground StationThe Internet
Globalstar Infrastructure
User Infrastructure
13. BENT PIPE
“A bent pipe satellite does not demodulate or decode
the signal.A gateway station on the ground is
necessary to control the satellite and route traffic to
and from the satellite and to the internet.”
14. REDUNDANCY
• Yes, the network only talks in one direction (simplex)
• How is this reliable?
18. “Error 100: Database query failed - retrieving
login information You have an error in your
SQL Syntax;…”
NOT SO MUCH…
19. –Globalstar
“The received data is then forwarded to a user defined
network interface that may be in the form of an FTP
host or HTTP host where the user will interpret the data
for further processing.”
33. PHASE SHIFT KEYING (PSK)
Modulated Signal
Modulating Signal (Data)
0 0 1 1 0 1 1 1
0˚ 180˚ 0˚ 180˚
BPSK - Two phases (0 and 180 degrees) are used to represent 1 and 0
35. SPREAD SPECTRUM
MODULATION
• Why is Spread Spectrum special?
• WiFi, Bluetooth, GPS, and basically all modern RF
communications
• Processing Gain
• Jam Resistant
• CDMA
37. DIRECT SEQUENCE SPREAD
SPECTRUM (DSSS)
• Mixes a slow signal with fast pseudo-random signal
• Signal still contains original information but occupies much
more bandwidth.
BPSK Signal
Occupies ~100Hz
Spread BPSK Signal
Occupies ~1.25Mhz
38. DSSS CONTD.
Data Signal
Pseudo Random
Result
000000000000 111111111111
110001111001 010000101000
110001000110 010000010111
⊕
⊕
39. DSSS CONTD.
Data Signal
Pseudo Random
Result
000000000000 111111111111
110001111001 010000101000
110001000110 010000010111
⊕
⊕
40. M-SEQUENCES AS PN CODES
• Periodic binary codes that have strong
autocorrelation properties
• Commonly generated with LFSRs
42. DECODINGTHEORY
• Simple in practice. More difficult in theory
• Mix incoming signal with PN sequence and the original
BPSK signal will emerge.
• Compensate for frequency differential between local and
remote oscillators
• Signal needs to be phase aligned with PN code
47. SAMPLING
Nyquist: Sample at least
twice as fast as the signal’s
fastest frequency.
The human ear can’t hear frequencies higher than 20Khz.
CD audio is sampled at 44.1Khz (twice the human range).
48. IQ MODULATION
• Makes generation of signals easy in software!
https://www.youtube.com/watch?v=h_7d-m1ehoY
Basics of IQ Signals and IQ modulation & demodulation - A tutorial
50. WHATTO EXPECT
• Pseudo random sequence
(1s and 0s)
• Repeating
• 255 bits long
• 1.25 million “chips” per
second
Much like Bart in detention, the PN will
repeat over and over and over…
51. PN RECOVERY
• In order to decode the signal, we need to know the PN sequence
• DSSS BPSK == BPSK
BPSK DSSS
BPSK
LowFrequencyHighFrequency
52. SAMPLING REQUIREMENTS
32 Mhz
———— = 4 Mhz (> 1.25 x 2)
8 Mhz > 2x faster than 1.25 Mhz (Nyquist)
Even multiple of 32 Mhz (USRP)
4 Mhz 3.2 samples
—————— = —————— (not even)
1.25 Mcps 1 symbol
4 Mhz 5 4 samples
—————— x —— = —————
1.25 Mcps 4 symbol
Even samples / symbol
(Implementation Specific)
*We can resample the
signal from 4 to 5 Mhz.
*
53. PN RECOVERY
• PN Sequence is much shorter than bit length
• PN repeats 49 times for each bit
• PN ⊕ Data == PN (within a bit boundary)
1,250,000 chips 1 second 1 PN seq. 49 PN seq.
———————— x —————— x ————— = —————
1 second 100.04 bits 255 chips 1 bit
57. WHATTO EXPECT
• Mix original signal with PN
• Narrow band signal will
emerge
• Shown as sharp spike on
FFT
58. REALTIME IS HARD
• Unfortunately doing this is very computational intensive
• Lots of room for optimizations
• Record now, process later
sh-‐3.2#
time
python
sync.py
real
0m58.326s
user
0m48.754s
sys
0m0.909s
1.4 second capture (one packet)
4M samp/sec * 2 floats/samp * 4 bytes/float = 30.5 MB/sec
60. CODETRACKING
Time (samples)
Correlation
Correlation Peak
If we don’t compensate for misalignment, we will drift and lose
correlation over time.
Search for
peaks, and track
themStrong Correlation (PN aligned)
No Correlation (PN unaligned)
Early
Late
Aligned
66. LOCATION DECODING
Latitude: bits 8:32
Longitude: bits 32:56 + -
Latitude
Northern
Hemisphere
Southern
Hemisphere
Longitude
Eastern
Hemisphere
Western
Hemisphere
Convert to decimal
(signed int MSB to LSB)
Multiply by degrees per
count
1.
2.
3.
67. CHECKSUM
Packet (without preamble and CRC)
110 bits
CRC
(Code Provided)
Compare
If we known how to reproduce the checksum, we can create our own
packets… no signing, no encryption, lets spoof!
000000101100101001101100011110100000010100000000010011110000000100000010000010000000000000000100000000000000000000000000000011001000001010010011
24 bits
68. INTERCEPTING ON
DOWNLINK
• Bigger antennas and better equipment
• RF downconversion
• Doppler Shift
• Multipath
Worst Case Doppler Shift
70. DISCLAIMER
Transmitting on Globalstar’s frequencies may be illegal where you live and could
interfere with critical communications.
Donotdothis!
Seriously,don’t.
No one likes late night visits from the FCC.
71. TRANSMITTING
MGA-2000 0.5W RF Amplifier
$190.00
But if you like late night visits from the FCC…
• This is actually the easy part.
• ~.2 Watts power
• Simply mix data, PN, and carrier and correct rates
72. BUT WAIT… ITS EASIER
Spot Device Updater SPOT3FirmwareTool.jar
Currently $49.99
84. "Like all companies and industries in the 21st century, including those that Wired
reported on this week to expose hacking vulnerabilities like Chrysler, GM, Brinks
and others, Globalstar monitors the technical landscape and its systems to protect
our customers. Our engineers would know quickly if any person or entity was
hacking our system in a material way, and this type of situation has never been an
issue to date.We are in the business of saving lives daily and will continue to
optimize our offerings for security concerns and immediately address any illegal
actions taken against our Company."
DISCLOSURE & RESPONSE
• ~180 days ago
• Friendly and concerned for user privacy, but no further
communication