Apresentação na Pós-Graduação em Segurança da Informação:
- Sniffer de senhas em plain text;
- Ataque de brute-force no SSH;
- Proteção: Firewall, IPS e/ou TCP Wrappers;
- Segurança básica no sshd_config;
- Chaves RSA/DSA para acesso remoto;
- SSH buscando chaves no LDAP;
- Porque previnir o acesso: Fork Bomb
We present findings in addition to the work in the following analyses.Worm Backdoors and Secures QNAP Network Storage Devices. https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices/19061
Shellshock Worm Exploiting Unpatched QNAP NAS Devices https://threatpost.com/shellshock-worm-exploiting-unpatched-qnap-nas-devices/109870
A little ShellShock fun http://jrnerqbbzrq.blogspot.com/2014/12/a-little-shellshock-fun.html
This is what we found, missing pieces from previous researches.
Your website just went down. As you try to understand what has gone wrong, you quickly realize something is different this time. There’s no clear reason why your site should be down, but indeed it is.
This talk is about the story of our team’s first unprepared fight against a DDoS attack.
We present findings in addition to the work in the following analyses.Worm Backdoors and Secures QNAP Network Storage Devices. https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices/19061
Shellshock Worm Exploiting Unpatched QNAP NAS Devices https://threatpost.com/shellshock-worm-exploiting-unpatched-qnap-nas-devices/109870
A little ShellShock fun http://jrnerqbbzrq.blogspot.com/2014/12/a-little-shellshock-fun.html
This is what we found, missing pieces from previous researches.
Your website just went down. As you try to understand what has gone wrong, you quickly realize something is different this time. There’s no clear reason why your site should be down, but indeed it is.
This talk is about the story of our team’s first unprepared fight against a DDoS attack.
Slides from a talk at HPC Admintech 2019 about containers, a brief review on containers, how to create a container using common linux tools and how to integrate Docker with Slurm.
Packet Filter is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
As every coin has two side as a same way we know only the single side of Nmap which is port scanning.
While researching I found that a lot more other than port scanning and banner grabbing can be done with the use of Nmap.
We can use Nmap for web application pen-testing and exploitation too. Yeah it won't work as efficiently as of MSF.
This can replace the use of acunetix and other paid version scanner.
Slides from a talk at HPC Admintech 2019 about containers, a brief review on containers, how to create a container using common linux tools and how to integrate Docker with Slurm.
Packet Filter is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization.
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
As every coin has two side as a same way we know only the single side of Nmap which is port scanning.
While researching I found that a lot more other than port scanning and banner grabbing can be done with the use of Nmap.
We can use Nmap for web application pen-testing and exploitation too. Yeah it won't work as efficiently as of MSF.
This can replace the use of acunetix and other paid version scanner.
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
Leland Lammert's presentation on Nagios in a Multi-Platform Enviornment.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Sudo – Giving access while staying in controlAll Things Open
Presented at All Things Open 2023
Presented by Peter Czanik - One Identity
Title: Sudo – Giving access while staying in control
Abstract: Sudo is used by millions to control and log administrator access to systems, but using the default configuration only, there are plenty of blind spots. Using the latest features in sudo let you watch some previously blind spots and control access to them. Here are four major new features, which arrived since the 1.9.0 release, allowing you see your blind spots:
- configuring a working directory or chroot within sudo often makes full shell access redundant
- JSON-formatted logs give you more details on events and are easier to act on
- relays in sudo_logsrvd make session recording collection more secure and reliable
- you can log and control sub-commands executed by the command run through sudo
Let us take a closer look at each of these.
Previously, there were quite a few situations where you had to give users full shell access through sudo. Typical examples include when you need to run a command from a given directory, or running commands in a chroot environment. You can now configure the working directory or the chroot directory and give access only to the command the user really needs.
Logging is a central role of sudo, to see who did what on the system. Using JSON-formatted log messages gives you even more information about events. What is even more: structured logs are easier to act on. Setting up alerting for suspicious events is much easier when you have a single parser to configure for any kind of sudo logs. You can collect sudo logs not only by local syslog, but also by using sudo_logsrvd, the same application used to collect session recordings.
Speaking of session recordings: instead of using a single central server, you can now have multiple levels of sudo_logsrvd relays between the client and the final destination. This allows session collection even if the central server is unavailable, providing you with additional security. It also makes your network configuration simpler.
Finally, you can log sub-commands executed from the command started through sudo. You can see commands started from a shell. No more unnoticed shell access from text editors. Best of all: you can also intercept sub-commands.
These are just a few of the most prominent features helping you to watch and control previous blind spots on your systems. See these and other possibilities in action in some live demos during our presentation.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 3
SSH: Seguranca no Acesso Remoto
1. Segurança - Acesso Remoto
Leandro Silva
Leandro Purificacão
David Wallace
Tiago Cruz - http://everlinux.com
Jeferson
Níve: Intermediário
Pre-requisitos: Básico em Inglês, protocolos de
rede e universo Unix.
2. Tópicos
Sniffer de senhas em plain text;
Ataque de brute-force no SSH;
Proteção: Firewall, IPS e/ou TCP Wrappers;
Segurança básica no sshd_config;
Chaves RSA/DSA para acesso remoto;
SSH buscando chaves no LDAP;
Porque previnir o acesso: Fork Bomb
3. Segurança - Acesso Remoto
Telnet não tem criptografia, um atacante pode
pegar a sua senha usando um sniffer
OpenSSH criptografa a comunicação
Presente em todos os Unixes (*BSD, Solaris,
Linux, AIX...) e também nos roteadores
Porém, uma máquina comprometida com um
keylogger pode pegar a senha do
administrador
8. SSH é sempre visado
...
Aug 31 23:21:28 localhost sshd[4560]: Illegal user admin from ::ffff:206.113.121.118
Aug 31 23:21:31 localhost sshd[4562]: Illegal user test from ::ffff:206.113.121.118
Aug 31 23:21:36 localhost sshd[4564]: Illegal user guest from ::ffff:206.113.121.118
Aug 31 23:21:39 localhost sshd[4566]: Illegal user webmaster from ::ffff:206.113.121.118
Aug 31 23:21:44 localhost sshd[4568]: Illegal user mysql from ::ffff:206.113.121.118
Aug 31 23:21:47 localhost sshd[4570]: Illegal user oracle from ::ffff:206.113.121.118
Aug 31 23:21:49 localhost sshd[4572]: Illegal user library from ::ffff:206.113.121.118
Aug 31 23:21:52 localhost sshd[4574]: Illegal user info from ::ffff:206.113.121.118
Aug 31 23:21:55 localhost sshd[4576]: Illegal user shell from ::ffff:206.113.121.118
Aug 31 23:21:59 localhost sshd[4578]: Illegal user linux from ::ffff:206.113.121.118
Aug 31 23:22:01 localhost sshd[4580]: Illegal user unix from ::ffff:206.113.121.118
Aug 31 23:22:05 localhost sshd[4582]: Illegal user webadmin from ::ffff:206.113.121.118
Aug 31 23:22:08 localhost sshd[4584]: Illegal user ftp from ::ffff:206.113.121.118
Aug 31 23:22:12 localhost sshd[4586]: Illegal user test from ::ffff:206.113.121.118
Aug 31 23:22:18 localhost sshd[4590]: Illegal user admin from ::ffff:206.113.121.118
Aug 31 23:22:21 localhost sshd[4592]: Illegal user guest from ::ffff:206.113.121.118
Aug 31 23:22:25 localhost sshd[4594]: Illegal user master from ::ffff:206.113.121.118
Aug 31 23:22:28 localhost sshd[4596]: Illegal user apache from ::ffff:206.113.121.118
Aug 31 23:22:33 localhost sshd[4598]: User root not allowed because not listed in AllowUsers
Aug 31 23:22:37 localhost sshd[4600]: User root not allowed because not listed in AllowUsers
...
12. Básico /etc/ssh/sshd_config
# Grupos com acesso via SSH
AllowGroups sysadmin suporte
AllowUsers tcruz maria
# Logar direto como root é suicídio:
PermitRootLogin no
# Mudar a porta padrão mata alguns script kiddies:
Port 2258
tcruz@tuxkiller:~$ ssh -p 2258 192.168.15.129
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
tcruz@tuxkiller:~$ ssh userteste@192.168.15.129
Permission denied (publickey).
14. Brute Force - Mitigação
- No servidor a ser protegido:
# iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state
NEW -m recent –set
# iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state
NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
# iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT
- Teste na estação ”atacante”:
$ for i in `seq 1 10` ; do echo 'exit' | nc 192.168.1.1 22 ; done
192.168.15.129 22 ; done
SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
Protocol mismatch.
SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
Protocol mismatch.
SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
Protocol mismatch.
SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
Protocol mismatch.
^C
15. TCP Wrappers
O pacote TCP Wrappers (tcp_wrappers) faz parte da instalação padrão e
oferece controle de de acesso a serviços de rede baseado no host. O
componente mais importante do pacote é a biblioteca /usr/lib/libwrap.a.
$ cat /etc/hosts.deny
sshd: ALL
$ cat /etc/hosts.allow
sshd: 10.10.1.0/255.255.255.0 10.10.2.240/255.255.255.240
$ cat /etc/hosts.allow
sshd: 200.222.222.55 200.222.222.94: ALLOW
17. Chaves de Criptografia
tiago@cliente:~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/tiago/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/tiago/.ssh/id_dsa.
Your public key has been saved in /home/tiago/.ssh/id_dsa.pub.
The key fingerprint is:
46:de:5d:e5:52:2a:8b:03:2d:75:e9:fd:fa:e6:b7:26 tiago@tuxkiller
tiago@cliente:~$ ssh-copy-id -i /home/tiago/.ssh/id_dsa
id_dsa id_dsa.pub
tiago@cliente:~$ ssh-copy-id -i ~/.ssh/id_dsa.pub 192.168.15.129
tiago@192.168.15.129 password:
Now try logging into the machine, with "ssh '192.168.15.129'", and
check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
18. Copiando manualmente
Caso você não tenha o ssh-copy-id:
root@server:~# cat /home/tiago/.ssh/authorized_keys
ssh-dss
AAAAB3NzaC1kc3MAAACBANbDleaS26kY1Wukd0LiKhhzdxfG1dZC0EObXp8hIrK+xsNy
g6dLRFPbbDYtZGJ06M5/SIqPCFoeLqHIMVroIPzZ
1gDMSdOesSbJMYkTgytJQltG2RHBp9OdTd7sp9xldQj93IAvAPTzFoUUtq9RaBzJJZbu
2ZK9Jqg8Spc/lT8JAAAAFQD5kI62O8bqAS1lFqmf1kklnskl
SQAAAIA7Ff28UoKWAoECh0WFE5zqxvUPW+1Qz9sxCXjmXfDIwt2jBgyrGcDrJiyRffqQ
kWEAlgqPZPQ6HQ68sFS052CjYU/5HlLbh2lXaiFBEvYpRqPg
gnqbMgOcI2lBom1LSYwTCsbb61OZBKE9CC2KptGJdzXesaO4eo8ARzzOolnjUgAAAIEA
gBdKmuccKaMtUJPapa3Q7OJxPq5lHnOXNUVRwkavVjLd7MB/
OWJI1FBOcExb9nGuVRVB1DB1VxYjz1QEa9KxNyx8eZQTtvA64McyjUuWJuSS1ld+DqJG
TaeVvYDPICkgPK9HlDOvJUZmFHiUdwbn/BLUWAR/Bg106nkn
5s8WnQg= tiago@tuxkiller
root@server:~# ls -l /home/tiago/.ssh/authorized_keys
-rw------- 1 tiago tiago 605 2009-06-17 15:06 ~/.ssh/authorized_keys
root@server:~# ls -ld /home/tiago/.ssh
drwx------ 2 tiago tiago 4096 2009-06-17 15:06 /home/tiago/.ssh
19. Logs de acesso
# Log Antes:
Jun 17 15:06:15 ubuntu sshd[2938]:
Accepted password for tiago from
192.168.15.1 port 32813 ssh2
# Log Depois:
Jun 17 15:28:26 ubuntu sshd[3184]:
Accepted publickey for tiago from
192.168.15.1 port 60079 ssh2
21. SSH com as chaves
públicas centralizadas em
LDAP
22. SSH buscando chave no LDAP
OpenSSH-LPK
The OpenSSH LDAP Public Key patch provides an easy way of centralizing
strong user authentication by using an LDAP
server for retrieving public keys instead of ~/.ssh/authorized_keys.
=> http://code.google.com/p/openssh-lpk/
No Servidor LDAP - slapd.conf:
include /etc/openldap/schema/openssh-lpk_openldap.schema
Nos clientes - sshd_config:
UseLPK yes
LpkLdapConf /etc/ldap.conf
25. Fork Bomb
Um processo que cria várias cópias dele mesmo recursivamente com o objetivo de
acabar com os recursos do servidor – DOS ou denial of service
A fork bomb using the Microsoft Windows (any version) batch language:
%0|%0
In poetic Perl:
fork while fork
Using Python:
import os
while True:
os.fork()
Or in C or C++:
#include <unistd.h>
int main(void)
{
while(1)
fork();
return 0;
}
26. Fork Bomb
tcruz@ubuntu:~$ ulimit -a | grep proce
max user processes (-u) unlimited
tcruz@ubuntu:~$ ulimit -u 1024
tcruz@ubuntu:~$ ulimit -a | grep proce
max user processes (-u) 1024
tcruz@ubuntu:~$ :(){ :|:& };:
[1] 3755
tcruz@ubuntu:~$ -bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
[1]+ Terminated : | :
Nota: Utilizado nesse teste uma VM com 512 GB de RAM