The document discusses various inter-process communication (IPC) mechanisms for Linux system programming, including pipes, FIFOs, System V IPC mechanisms like semaphores, messages and shared memory, and POSIX IPC analogs. It provides details on how to implement and use these different IPC primitives, as well as code examples for shared memory allocation and synchronization using POSIX semaphores.
various tricks for remote linux exploitsć by Seok-Ha Lee (wh1ant)CODE BLUE
Ā
Modern operating systems include hardened security mechanisms to block exploit attempts. ASLR and NX (DEP) are two examples of the mechanisms that are widely implemented for the sake of security. However, there exists ways to bypass such protections by leveraging advanced exploitation techniques. It becomes harder to achieve code execution when the exploitation originates from a remote location, such as when the attack originates from a client, targeting server daemons. In such cases it is harder to find out the context information of target systems and, therefore, harder to achieve code execution. Knowledge on the memory layout of the targeted process is a crucial piece of the puzzle in developing an exploit, but it is harder to figure out when the exploit attempt is performed remotely. Recently, there have been techniques to leverage information disclosure (memory leak) vulnerabilities to figure out where specific library modules are loaded in the memory layout space, and such classes of vulnerabilities have been proven to be useful to bypass ASLR. However, there is also a different way of figuring out the memory layout of a process running in a remote environment. This method involves probing for valid addresses in target remote process. In a Linux environment, forked child processes will inherit already randomized memory layout from the parent process. Thus every client connection made to server daemons will share the same memory layout. The memory layout randomization is only done during the startup of the parent service process, and not randomized again when it is forking a child process to handle client connections. Due to the inheritance of child processes, it is possible to figure out a small piece of different information from every connection, and these pieces can be assembled later to get the idea of a big picture of the target process's remote memory layout. Probing to see if a given address is a valid memory address in context of the target remote process and assembling such information together, an attacker can figure out where the libc library is loaded on the memory, thus allowing exploits to succeed further in code execution. One might call it brute force, but with a smart brute forcing strategy, the number of minimal required attempts are significantly reduced to less than 10 in usual cases. In this talk, we will be talking about how it is possible to probe for memory layout space utilizing a piece of code to put the target in a blocked state, and to achieve stable code execution in remote exploit attempt scenarios using such information, as well as other tricks that are often used in remote exploit development in the Linux environment.
http://codeblue.jp/en-speaker.html#SeokHaLee
Grand Central Dispatch (GCD) dispatch queues are a powerful tool for performing tasks. Dispatch queues let you execute arbitrary blocks of code either asynchronously or synchronously with respect to the caller.
TMPA-2017: Predicate Abstraction Based Configurable Method for Data Race Dete...Iosif Itkin
Ā
TMPA-2017: Tools and Methods of Program Analysis
3-4 March, 2017, Hotel Holiday Inn Moscow Vinogradovo, Moscow
Predicate Abstraction Based Configurable Method for Data Race Detection in Linux Kernel
Pavel Andrianov, Vadim Mutilin,Alexey Khoroshilov, Institute for System Programming
For video follow the link: https://youtu.be/SxDVQ7lSTqc
Would like to know more?
Visit our website:
www.tmpaconf.org
www.exactprosystems.com/events/tmpa
Follow us:
https://www.linkedin.com/company/exactpro-systems-llc?trk=biz-companies-cym
https://twitter.com/exactpro
My presentation in the OpenData day organized by GDG in Mushtarak TechHub in Cairo, Egypt. at March 12nd 2016. It's mainly talking about why governments should go for opening its data and the benefits on the government, NGOs, businesses, and indeveduals.
various tricks for remote linux exploitsć by Seok-Ha Lee (wh1ant)CODE BLUE
Ā
Modern operating systems include hardened security mechanisms to block exploit attempts. ASLR and NX (DEP) are two examples of the mechanisms that are widely implemented for the sake of security. However, there exists ways to bypass such protections by leveraging advanced exploitation techniques. It becomes harder to achieve code execution when the exploitation originates from a remote location, such as when the attack originates from a client, targeting server daemons. In such cases it is harder to find out the context information of target systems and, therefore, harder to achieve code execution. Knowledge on the memory layout of the targeted process is a crucial piece of the puzzle in developing an exploit, but it is harder to figure out when the exploit attempt is performed remotely. Recently, there have been techniques to leverage information disclosure (memory leak) vulnerabilities to figure out where specific library modules are loaded in the memory layout space, and such classes of vulnerabilities have been proven to be useful to bypass ASLR. However, there is also a different way of figuring out the memory layout of a process running in a remote environment. This method involves probing for valid addresses in target remote process. In a Linux environment, forked child processes will inherit already randomized memory layout from the parent process. Thus every client connection made to server daemons will share the same memory layout. The memory layout randomization is only done during the startup of the parent service process, and not randomized again when it is forking a child process to handle client connections. Due to the inheritance of child processes, it is possible to figure out a small piece of different information from every connection, and these pieces can be assembled later to get the idea of a big picture of the target process's remote memory layout. Probing to see if a given address is a valid memory address in context of the target remote process and assembling such information together, an attacker can figure out where the libc library is loaded on the memory, thus allowing exploits to succeed further in code execution. One might call it brute force, but with a smart brute forcing strategy, the number of minimal required attempts are significantly reduced to less than 10 in usual cases. In this talk, we will be talking about how it is possible to probe for memory layout space utilizing a piece of code to put the target in a blocked state, and to achieve stable code execution in remote exploit attempt scenarios using such information, as well as other tricks that are often used in remote exploit development in the Linux environment.
http://codeblue.jp/en-speaker.html#SeokHaLee
Grand Central Dispatch (GCD) dispatch queues are a powerful tool for performing tasks. Dispatch queues let you execute arbitrary blocks of code either asynchronously or synchronously with respect to the caller.
TMPA-2017: Predicate Abstraction Based Configurable Method for Data Race Dete...Iosif Itkin
Ā
TMPA-2017: Tools and Methods of Program Analysis
3-4 March, 2017, Hotel Holiday Inn Moscow Vinogradovo, Moscow
Predicate Abstraction Based Configurable Method for Data Race Detection in Linux Kernel
Pavel Andrianov, Vadim Mutilin,Alexey Khoroshilov, Institute for System Programming
For video follow the link: https://youtu.be/SxDVQ7lSTqc
Would like to know more?
Visit our website:
www.tmpaconf.org
www.exactprosystems.com/events/tmpa
Follow us:
https://www.linkedin.com/company/exactpro-systems-llc?trk=biz-companies-cym
https://twitter.com/exactpro
My presentation in the OpenData day organized by GDG in Mushtarak TechHub in Cairo, Egypt. at March 12nd 2016. It's mainly talking about why governments should go for opening its data and the benefits on the government, NGOs, businesses, and indeveduals.
Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...Ahmed Mekkawy
Ā
There's a common misconception that Free/Open Source Software is of significantly less security than propitiatory software. This was proven wrong in many occasions, and the speaker was the one behind one of these occasions in a nation-level project, which was the Egyptian Elections for seven consecutive rounds, starting the March 2011 referendums until the latest presidential elections in 2014.
Spirula Systems's presentation in RiseUp summit 2015, talking about the benefits of using full DevOps automation to implement infrastructure as a code concept, with a basic ansible tutorial and quick docker overview.
Encrypted Traffic in Egypt - an attempt to understandAhmed Mekkawy
Ā
UPDATE: The video is added after the last slide.
After OONI report about internet censorship in Egypt, I'm publishing some technical logs that discusses the existence of an active DPI with MITM capabilities in Egypt.
Why Cloud Computing has to go the FOSS wayAhmed Mekkawy
Ā
This presentation tries to show the trends of software industry to reach the conclusion that cloud computing as a concept is inevitable, and having them as open clouds in inevitable as well.
My presentation in "ICT in our lives" in Faculty of Commerce, Alexandria University, Dec 2013
Trying to understand the IT industry trends in the lights of the game theory, with a focus on cloud computing and FOSS.
operating system ubuntu,linux,MacProgram will work only if you g.pdfaptcomputerzone
Ā
//operating system ubuntu,linux,Mac
Program will work only if you give command like
sum 2 3 or
sum 4 (sub 4 3)
#include
#include
#include
#include
/*Sum function implementation*/
int sum(int number1,int number2){
return number1+number2;
}
/*sub function implementation*/
int sub(int number1,int number2){
return number1-number2;
}
/*mul function implementation*/
int mul(int number1,int number2){
return number1*number2;
}
/*divide function implementation*/
float divide(int number1,int number2){
if(number2==0){
printf(\"We can not divide by 0 \ \");
return 0.0f;
}
return (float)(number1/number2);
}
char *substring(char *string, int position, int length)
{
char *pointer;
int c;
pointer = malloc(length+1);
if (pointer == NULL)
{
printf(\"Unable to allocate memory.\ \");
exit(1);
}
for (c = 0 ; c < length ; c++)
{
*(pointer+c) = *(string+position-1);
string++;
}
*(pointer+c) = \'\\0\';
return pointer;
}
/*Main Function start*/
int main(int argc, char *argv[]){
/*Variable declarations*/
int number1,number2;
char *operator,*str1,*str2;
char line[50];
char s[2] = \" \";
int errorFlag=0;// checking if user entered more then one operands
while(1){
/*User input*/
printf(\"Please Enter the command \");
gets(line);
int len=0;
for(int i=0; line[i]!=\'\\0\'; ++i){len++;}
if(len==0){
return 1;
}
/*Spliting into Tokens*/
operator = strtok(line, \" \");
if(strcmp(operator,\"bye\")==0){
break;
}
/*String to integer --- token1*/
number1=atoi(strtok(NULL, s));
/*Removing ( and ) from String*/
str2=strtok(NULL, s);
char *content;int length=0;
for(int i=0; str2[i]!=\'\\0\'; ++i){length++;}
if(str2[0]==\'(\'){
content=substring(str2,2,length-1);
char *opr=content;
int n1=atoi(strtok(NULL, s));
int n2=atoi(strtok(NULL, s));
/*If user entered more then two operands then it will return some token otherwise it will
return NULL pointer*/
if(strtok(NULL, s)!=NULL){
printf(\"You need to enter operator operand1 operand2 \ \");
errorFlag=1;
}else{
if(strcmp(opr,\"sum\")==0){
number2=sum(n1,n2);
}else if(strcmp(opr,\"sub\")==0){
number2=sub(n1,n2);
}else if(strcmp(opr,\"mul\")==0){
number2=mul(n1,n2);
} else if(strcmp(opr,\"div\")==0){
number2=divide(n1,n2);
}
}
}else{
number2=atoi(str2);
/*If user entered more then two operands then it will return some token otherwise it will return
NULL pointer*/
if(strtok(NULL, s)!=NULL){
printf(\"You need to enter operator operand1 operand2 \ \");
errorFlag=1;
}
}
if(errorFlag!=1){
/*Checking operator by strcmp function*/
if(strcmp(operator,\"sum\")==0){
printf(\"Result %d \ \",sum(number1,number2));
}else if(strcmp(operator,\"sub\")==0){
printf(\"Result %d \ \",sub(number1,number2));
}else if(strcmp(operator,\"mul\")==0){
printf(\"Result %d \ \",mul(number1,number2));
} else if(strcmp(operator,\"div\")==0){
printf(\"Result %.2f \ \",divide(number1,number2));
}
}
}
return 0;
}
/*******************Output***********************/
gopal@gopal:~/Desktop/chegg$ gcc Calculator.c
Calculator.c: In function āmainā:
Calculator.c:67:3: warning: implici.
We all make mistakes while programming and spend a lot of time fixing them.
One of the methods which allows for quick detection of defects is source code static analysis.
We all make mistakes while programming and spend a lot of time fixing them.
One of the methods which allows for quick detection of defects is source code static analysis.
Being a slow interpreter, Python may drive a system to deliver utmost speed if some guidelines are followed. The key is to treat programming languages as syntactic sugar to the machine code. It expedites the workflow of timing, iterative design, automatic testing, optimization, and realize an HPC system balancing the time to market and quality of code.
Speed is the king. 10x productive developers change business. So does 10x faster code. Python is 100x slower than C++ but it only matters when you really use Python to implement number-crunching algorithms. We should not do that, and instead go directly with C++ for speed. It calls for strict disciplines of software engineering and code quality, but it should be noted that here the quality is defined by the runtime and the time to market.
The presentation focuses on the Python side of the development workflow. It is made possible by confining C++ in architecture defined by the Python code, which realizes most of the software engineering. The room for writing fast C++ code is provided by pybind11 and careful design of typed data objects. The data objects hold memory buffers exposed to Python as numpy ndarrays for direct access for speed.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Ā
Are you looking to streamline your workflows and boost your projectsā efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, youāre in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part āEssentials of Automationā series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Hereās what youāll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
Weāll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Donāt miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Ā
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
Ā
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties ā USA
Expansion of bot farms ā how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks ā Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
Ā
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
Ā
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Ā
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as āpredictable inferenceā.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
Ā
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more āmechanicalā approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
Ā
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. Whatās changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
Ā
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Ā
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Ā
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.