Report
Share
Recommended
Censorship in Media
Censorship involves controlling the flow of information in a society. The document discusses different types of censorship such as political censorship, moral censorship, and internet censorship. It provides examples of the top 10 most censored countries for political reasons which include Eritrea, North Korea, Saudi Arabia, and China. The document also discusses censoring media and certain television shows or scenes for children due to concerns they cannot differentiate between real and fictional violence.
Qlync RD 第三屆讀書會候選清單
The document lists candidate topics and books for Qlync Inc.'s 3rd reading group: 1) Refactoring, 2) Unit Testing, 3) Scalable Web Application Architecture, and 4) Web Service and API Design. Books proposed include Refactoring: Improving the Design of Existing Code, Refactoring to Patterns, and RESTful Web Services. The document also provides summaries of chapters and concepts for some of the suggested books.
Design Pattern Explained CH1
This document discusses the object-oriented paradigm and how it can be applied to solve problems. It provides an example of directing students to their next class and compares functional decomposition and object-oriented approaches. The key aspects of object-oriented design discussed are identifying objects based on problem domain concepts, defining responsibilities and interfaces for each object, and limiting coupling between objects.
Recommended
Censorship in Media
Censorship involves controlling the flow of information in a society. The document discusses different types of censorship such as political censorship, moral censorship, and internet censorship. It provides examples of the top 10 most censored countries for political reasons which include Eritrea, North Korea, Saudi Arabia, and China. The document also discusses censoring media and certain television shows or scenes for children due to concerns they cannot differentiate between real and fictional violence.
Qlync RD 第三屆讀書會候選清單
The document lists candidate topics and books for Qlync Inc.'s 3rd reading group: 1) Refactoring, 2) Unit Testing, 3) Scalable Web Application Architecture, and 4) Web Service and API Design. Books proposed include Refactoring: Improving the Design of Existing Code, Refactoring to Patterns, and RESTful Web Services. The document also provides summaries of chapters and concepts for some of the suggested books.
Design Pattern Explained CH1
This document discusses the object-oriented paradigm and how it can be applied to solve problems. It provides an example of directing students to their next class and compares functional decomposition and object-oriented approaches. The key aspects of object-oriented design discussed are identifying objects based on problem domain concepts, defining responsibilities and interfaces for each object, and limiting coupling between objects.
被遺忘的資訊洩漏 / Information Leakage in Taiwan
(HITCON 2014 ENT 講題)
『資訊收集』在一場成功的入侵行動中扮演十分關鍵的步驟,攻擊者往往能透過一些枝微末節的訊息,組織出有效的攻擊行動。暴露資訊通常不會有立即性危害,是以企業往往也最容易忽視這些暴露的訊息,不知道這些資訊有可能會帶來殺身之禍。
本議程將根據 DEVCORE 監控中心提供的數據,介紹台灣企業目前資訊洩漏的概況及其風險,包含企業內部主機資訊洩漏、程式碼流出等問題。同時,我們將從 DEVCORE 團隊在過往滲透測試的經驗中,整理出幾項最容易被忽略的細節,並介紹這些細節帶來的潛在危機,以及 DEVCORE 如何透過資訊洩漏,在滲透測試中給予目標致命一擊...。
Asp.net mvc 概觀介紹
針對寫asp.net webform 的人介紹asp.net mvc
介紹為什麼使用mvc。
Asp .Net MVC 在 Model View Controller 3個部分開發的時候會用到的內容。
和一些常用的工具、套件、方法。
Censorship
This document discusses the topic of censorship from multiple perspectives. It begins by defining censorship and exploring its various forms. Students then discuss in groups whether censorship is good or bad, and its positive and negative aspects. The discussion shifts to censorship of the internet, including perspectives from President Obama on internet freedom. Methods of internet censorship are explained. References are provided for additional information.
Csw2016 macaulay eh_trace-rop_hooks
This document discusses techniques for hooking and tracing program execution without a debugger. It introduces EhTrace, a tool that uses hardware exceptions to perform branch stepping on binaries. EhTrace sets CPU flags to single step and trace branches in a target process. Blockfighting techniques like page protection are discussed to maintain control during analysis. Coverage information like flame graphs can be generated from the trace data to visualize control flow. Future work includes tighter symbol support and additional "blockfighters" to handle CPU flag and page protection monitoring.
Csw2016 evron sysman_apt_reports_and_opsec_evolution
This document summarizes a presentation about the evolution of advanced persistent threat (APT) actors and operations security (OPSEC). It discusses how the disclosure of APT1 by Mandiant in 2013 significantly disrupted operations and caused actors to adapt their techniques. Over time, actors have incorporated more off-the-shelf tools, constrained operations based on targets, and improved OPSEC in response to previous reports. The presentation also outlines a simplified attacker engagement process and discusses how defenders can respond by demanding more actionable information in APT reports.
大學與信息安全
How ancient Chinese Classics, Great Learning, remains relevant in modern information security profession. This presentation will show side by side of what was true back in 400 BC, can also apply to modern day 21st Century. It is also the first book on MaaS (Management as a Service).
大學的三綱跟(ISC)2和SAN的守則沒有什麼不同。
十資安域和技術信息的知識是對於信息安全專業有必要地。但個人的道德標準是有預期但不多指示、只要按照各種法律/裁決像HIPAA、SOX、GLBA、安全港等就算了。
我相信大學是信息安全(InfoSec)專業倫理有用的指南。
Csw2016 julien moinard-hardsploit
Hardsploit is a framework and hardware device that allows security researchers to audit and pentest hardware devices like IoT systems. It functions as a bridge between hardware interfaces and software testing tools. The framework includes a programmable hardware board with 64 I/O channels that can communicate over various protocols to analyze components, dump memory, and exploit vulnerabilities found in hardware. The goal of Hardsploit is to advance the field of hardware security testing and evaluation.
跨平台佈署建築資訊模型應用系統
SITCON 2016 小石快報 Vol.8 http://goo.gl/GyEQjm | SITCON 2016 Schedule http://sitcon.org/2016/#target-schedule | 2016/02/27(六) 中央研究院 人文社會科學館 第二會議室 [R2] 15:30~15:40 | 建築資訊模型(BIM)是建築學、工程學及土木工程的新工具,它是建築過程的數位展示方式來協助數位資訊交流及合作。本議程的焦點鎖定在將建築資訊模型系統開源化,並枚舉一些建築資訊模型的跨平台應用專案,藉此探討:小至「檢視居家生活安全」、大至「降低公民監督大型國家建設的門檻」的可能。 Keyword: #BIM #IFC #設施設備管理 #建築生命週期 #公民參與 #Unity3D #無線感測
Csw2016 gawlik bypassing_differentdefenseschemes
The document discusses crash-resistance in software and how it can be exploited. It explains how exceptions generated by crashes in callback functions in Windows are handled, allowing programs to continue running despite crashes. This crash-resistance property is demonstrated through a simple example program. The document then discusses how crash-resistant probing of memory can be used to bypass defenses like ASLR by scanning process memory from a web worker without crashing the browser. Techniques like heap spraying and type confusion are used to craft fake objects and scan memory in a crash-resistant manner to discover information like the TEB and DLL base addresses.
Csw2016 wang docker_escapetechnology
This document summarizes Docker escape techniques. It begins with an overview of Docker and how it uses namespaces and control groups (cgroups) for isolation. It then discusses vulnerabilities in Docker from untrusted images and escaping namespaces to access the host or other containers. The main part describes the Docker escape technology, which involves getting a task structure handle, resetting its namespaces proxy to the initial namespace, and gaining root access on the host system by exploiting vulnerabilities or setting credentials. Example code is provided to switch the filesystem structure and namespace proxy to escape the container.
Csw2016 economou nissim-getting_physical
This document discusses techniques for abusing the Intel paging mechanism on Windows to achieve arbitrary write capabilities despite modern kernel protections. It describes how the HAL's heap can be accessed from user mode by modifying page table entries, allowing kernel pointers to be leaked. It also explains how spraying process memory with fake page directories can cause physical memory exhaustion and potentially lead to arbitrary writes if a sprayed page is mapped. Live demos are promised for Windows and Linux attacks.
Csw2016 d antoine_automatic_exploitgeneration
The document discusses automated exploit generation through program analysis techniques. It introduces dynamic binary instrumentation, symbolic execution, and concolic execution as program analysis methods that can help automate finding the path to a vulnerability and generating an exploit. It provides examples of how these techniques work and common tools used like PIN, KLEE, Angr. The document concludes by discussing challenges like defining semantics of vulnerabilities precisely and the potential of program analysis to find more bugs through techniques like automated proving of program correctness.
Csw2016 song li-smart_wars
The document summarizes research into hacking the Kevo smart lock using a Bluetooth-enabled smartphone. The researcher was able to bind their phone to the Kevo fob and unlock the smart lock while the owner was asleep by taking advantage of the fob's brief window of continued radio transmission after being bound to another device. Potential fixes discussed include adding a button to the fob, using broadcasting instead of point-to-point Bluetooth mode, or requiring authentication through a smartphone app instead of the standalone fob. A demo video of the attack is referenced.
ASP.NET 5 的創新與變革
此份簡報是 Will 保哥在【Modern Web 2015】的演講內容。
Web技術的變化之快速,不再有任何一家公司或團體可以主導其走向,即便軟體界的巨人微軟也不例外,ASP.NET經過了十多年的發展與演進,終於來到了一個架構翻新的時刻,即將推出的ASP.NET 5到底從架構面、工具面做出了哪些創新與變革,將在這場演說中一一展現。
More Related Content
Viewers also liked
被遺忘的資訊洩漏 / Information Leakage in Taiwan
(HITCON 2014 ENT 講題)
『資訊收集』在一場成功的入侵行動中扮演十分關鍵的步驟,攻擊者往往能透過一些枝微末節的訊息,組織出有效的攻擊行動。暴露資訊通常不會有立即性危害,是以企業往往也最容易忽視這些暴露的訊息,不知道這些資訊有可能會帶來殺身之禍。
本議程將根據 DEVCORE 監控中心提供的數據,介紹台灣企業目前資訊洩漏的概況及其風險,包含企業內部主機資訊洩漏、程式碼流出等問題。同時,我們將從 DEVCORE 團隊在過往滲透測試的經驗中,整理出幾項最容易被忽略的細節,並介紹這些細節帶來的潛在危機,以及 DEVCORE 如何透過資訊洩漏,在滲透測試中給予目標致命一擊...。
Asp.net mvc 概觀介紹
針對寫asp.net webform 的人介紹asp.net mvc
介紹為什麼使用mvc。
Asp .Net MVC 在 Model View Controller 3個部分開發的時候會用到的內容。
和一些常用的工具、套件、方法。
Censorship
This document discusses the topic of censorship from multiple perspectives. It begins by defining censorship and exploring its various forms. Students then discuss in groups whether censorship is good or bad, and its positive and negative aspects. The discussion shifts to censorship of the internet, including perspectives from President Obama on internet freedom. Methods of internet censorship are explained. References are provided for additional information.
Csw2016 macaulay eh_trace-rop_hooks
This document discusses techniques for hooking and tracing program execution without a debugger. It introduces EhTrace, a tool that uses hardware exceptions to perform branch stepping on binaries. EhTrace sets CPU flags to single step and trace branches in a target process. Blockfighting techniques like page protection are discussed to maintain control during analysis. Coverage information like flame graphs can be generated from the trace data to visualize control flow. Future work includes tighter symbol support and additional "blockfighters" to handle CPU flag and page protection monitoring.
Csw2016 evron sysman_apt_reports_and_opsec_evolution
This document summarizes a presentation about the evolution of advanced persistent threat (APT) actors and operations security (OPSEC). It discusses how the disclosure of APT1 by Mandiant in 2013 significantly disrupted operations and caused actors to adapt their techniques. Over time, actors have incorporated more off-the-shelf tools, constrained operations based on targets, and improved OPSEC in response to previous reports. The presentation also outlines a simplified attacker engagement process and discusses how defenders can respond by demanding more actionable information in APT reports.
大學與信息安全
How ancient Chinese Classics, Great Learning, remains relevant in modern information security profession. This presentation will show side by side of what was true back in 400 BC, can also apply to modern day 21st Century. It is also the first book on MaaS (Management as a Service).
大學的三綱跟(ISC)2和SAN的守則沒有什麼不同。
十資安域和技術信息的知識是對於信息安全專業有必要地。但個人的道德標準是有預期但不多指示、只要按照各種法律/裁決像HIPAA、SOX、GLBA、安全港等就算了。
我相信大學是信息安全(InfoSec)專業倫理有用的指南。
Csw2016 julien moinard-hardsploit
Hardsploit is a framework and hardware device that allows security researchers to audit and pentest hardware devices like IoT systems. It functions as a bridge between hardware interfaces and software testing tools. The framework includes a programmable hardware board with 64 I/O channels that can communicate over various protocols to analyze components, dump memory, and exploit vulnerabilities found in hardware. The goal of Hardsploit is to advance the field of hardware security testing and evaluation.
跨平台佈署建築資訊模型應用系統
SITCON 2016 小石快報 Vol.8 http://goo.gl/GyEQjm | SITCON 2016 Schedule http://sitcon.org/2016/#target-schedule | 2016/02/27(六) 中央研究院 人文社會科學館 第二會議室 [R2] 15:30~15:40 | 建築資訊模型(BIM)是建築學、工程學及土木工程的新工具,它是建築過程的數位展示方式來協助數位資訊交流及合作。本議程的焦點鎖定在將建築資訊模型系統開源化,並枚舉一些建築資訊模型的跨平台應用專案,藉此探討:小至「檢視居家生活安全」、大至「降低公民監督大型國家建設的門檻」的可能。 Keyword: #BIM #IFC #設施設備管理 #建築生命週期 #公民參與 #Unity3D #無線感測
Csw2016 gawlik bypassing_differentdefenseschemes
The document discusses crash-resistance in software and how it can be exploited. It explains how exceptions generated by crashes in callback functions in Windows are handled, allowing programs to continue running despite crashes. This crash-resistance property is demonstrated through a simple example program. The document then discusses how crash-resistant probing of memory can be used to bypass defenses like ASLR by scanning process memory from a web worker without crashing the browser. Techniques like heap spraying and type confusion are used to craft fake objects and scan memory in a crash-resistant manner to discover information like the TEB and DLL base addresses.
Csw2016 wang docker_escapetechnology
This document summarizes Docker escape techniques. It begins with an overview of Docker and how it uses namespaces and control groups (cgroups) for isolation. It then discusses vulnerabilities in Docker from untrusted images and escaping namespaces to access the host or other containers. The main part describes the Docker escape technology, which involves getting a task structure handle, resetting its namespaces proxy to the initial namespace, and gaining root access on the host system by exploiting vulnerabilities or setting credentials. Example code is provided to switch the filesystem structure and namespace proxy to escape the container.
Csw2016 economou nissim-getting_physical
This document discusses techniques for abusing the Intel paging mechanism on Windows to achieve arbitrary write capabilities despite modern kernel protections. It describes how the HAL's heap can be accessed from user mode by modifying page table entries, allowing kernel pointers to be leaked. It also explains how spraying process memory with fake page directories can cause physical memory exhaustion and potentially lead to arbitrary writes if a sprayed page is mapped. Live demos are promised for Windows and Linux attacks.
Csw2016 d antoine_automatic_exploitgeneration
The document discusses automated exploit generation through program analysis techniques. It introduces dynamic binary instrumentation, symbolic execution, and concolic execution as program analysis methods that can help automate finding the path to a vulnerability and generating an exploit. It provides examples of how these techniques work and common tools used like PIN, KLEE, Angr. The document concludes by discussing challenges like defining semantics of vulnerabilities precisely and the potential of program analysis to find more bugs through techniques like automated proving of program correctness.
Csw2016 song li-smart_wars
The document summarizes research into hacking the Kevo smart lock using a Bluetooth-enabled smartphone. The researcher was able to bind their phone to the Kevo fob and unlock the smart lock while the owner was asleep by taking advantage of the fob's brief window of continued radio transmission after being bound to another device. Potential fixes discussed include adding a button to the fob, using broadcasting instead of point-to-point Bluetooth mode, or requiring authentication through a smartphone app instead of the standalone fob. A demo video of the attack is referenced.
ASP.NET 5 的創新與變革
此份簡報是 Will 保哥在【Modern Web 2015】的演講內容。
Web技術的變化之快速,不再有任何一家公司或團體可以主導其走向,即便軟體界的巨人微軟也不例外,ASP.NET經過了十多年的發展與演進,終於來到了一個架構翻新的時刻,即將推出的ASP.NET 5到底從架構面、工具面做出了哪些創新與變革,將在這場演說中一一展現。
Viewers also liked (19)
Csw2016 evron sysman_apt_reports_and_opsec_evolution
Csw2016 evron sysman_apt_reports_and_opsec_evolution
Sys Security
- 4. 我們想保護的是….
- 5. • 私人生活 • 財產 • 非公開資料
- 21. 我們想保護的是….?