This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
Writing malware while the blue team is staring at youRob Fuller
Talk given at DerbyCon 2016 and RuxCon 2016
Malware authors and reverse engineers have been playing cat and mouse for a number of years now when it comes to writing and reversing of malware. From nation state level malware to the mass malware that infects grandmas and grandpas, mothers and fathers, the different types of malware employ a myriad of techniques to stop those who look at it from guessing the true intent. This talk will be about some of the unorthodox methods employed by some malware to stay hidden from, or out right ignore the reverse engineering community.
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
This talk covers the basics of how PowerShell works and how to use it. It then goes over a lot of the interesting offensive PowerShell tools that are available and gives a demo of using PowerShell to escalate to Domain Admin privileges on a network.
A video of the talk is available here: https://www.youtube.com/watch?v=YSUJNInriiY
Think Like a Hacker - Database Attack VectorsMark Ginnebaugh
More here: http://bit.ly/2OMTu4
Sudha Iyer of LogLogic and Slavik Markovich of Sentrigo discuss how hackers learn their trade and what you can do to protect your database.
Learn about methods for protecting against each type of attack, including secure coding practices, database hardening methods and deep-scanning database activity monitoring tools.
You will learn:
• How to think like a hacker (including a demonstration of basic hacking)
• SQL injection in depth
• How to avoid SQL injection problems
• User-defined DBMS security policies
• Taking control of SQL injection, buffer overflow and other privilege-escalation attacks
• How to preserve the confidentiality and integrity of your data
• Strategies for monitoring and analyzing database activities without impacting performance
A presentation covering some of the interesting things going on with Powershell in the Infosec community. I give a brief overview of what powershell is, then go over some interesting aspects of three different offensive powershell frameworks and finally give a demo of how a local user can escalate to domain admin privileges using just these frameworks.
Writing malware while the blue team is staring at youRob Fuller
Talk given at DerbyCon 2016 and RuxCon 2016
Malware authors and reverse engineers have been playing cat and mouse for a number of years now when it comes to writing and reversing of malware. From nation state level malware to the mass malware that infects grandmas and grandpas, mothers and fathers, the different types of malware employ a myriad of techniques to stop those who look at it from guessing the true intent. This talk will be about some of the unorthodox methods employed by some malware to stay hidden from, or out right ignore the reverse engineering community.
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
This talk covers the basics of how PowerShell works and how to use it. It then goes over a lot of the interesting offensive PowerShell tools that are available and gives a demo of using PowerShell to escalate to Domain Admin privileges on a network.
A video of the talk is available here: https://www.youtube.com/watch?v=YSUJNInriiY
Think Like a Hacker - Database Attack VectorsMark Ginnebaugh
More here: http://bit.ly/2OMTu4
Sudha Iyer of LogLogic and Slavik Markovich of Sentrigo discuss how hackers learn their trade and what you can do to protect your database.
Learn about methods for protecting against each type of attack, including secure coding practices, database hardening methods and deep-scanning database activity monitoring tools.
You will learn:
• How to think like a hacker (including a demonstration of basic hacking)
• SQL injection in depth
• How to avoid SQL injection problems
• User-defined DBMS security policies
• Taking control of SQL injection, buffer overflow and other privilege-escalation attacks
• How to preserve the confidentiality and integrity of your data
• Strategies for monitoring and analyzing database activities without impacting performance
A presentation covering some of the interesting things going on with Powershell in the Infosec community. I give a brief overview of what powershell is, then go over some interesting aspects of three different offensive powershell frameworks and finally give a demo of how a local user can escalate to domain admin privileges using just these frameworks.
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
BruCon 2019 Keynote -=> My name is Rob Fuller, I've been around a bit, not as long as some but longer than others. From the US military to government contracting, consulting, large companies, tiny startups and silicon valley behemoths, from podcasting to television, I've had a storied and humbling career in infosec. Let’s get past complaining about blinky lights and users. Let’s talk about what actually works and what doesn't.
Incorporating PowerShell into your Arsenal with PS>Attackjaredhaight
This talk serves as a follow up to my Introducing PS>Attack talk and covers some new features that have been added to the tool as well as how to defend an environment against PowerShell based attacks.
20+ ways to bypass your mac os privacy mechanismsCsaba Fitzl
"TotallyNotAVirus.app" would like to access the camera and spy on you. To protect your privacy, Apple introduced Transparency, Consent, and Control (TCC) framework that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism's main design concern was clear user consent.
In this talk, we will share multiple techniques that allowed us to bypass this prompt, and as a malicious application, get access to protected resources without any additional privileges or user's consent. Together, we submitted over 40 vulnerabilities just to Apple through the past year, which allowed us to bypass some parts or the entire TCC. We also found numerous vulnerabilities in third-party apps (including Firefox, Signal, and others), which allowed us to avoid the OS restrictions by leveraging the targeted apps' privileges.
In the first part of the talk, we will give you an overview of the TCC framework, its building blocks, and how it limits application access to private data. We will explore the various databases it uses and discuss the difference between user consent and user intent.
Next, we will go through various techniques and specific vulnerabilities that we used to bypass TCC. We will cover how we can use techniques like process injection, mounting, application behavior, or simple file searches to find vulnerabilities and gain access to the protected resources.
The audience will leave with a solid understanding of the macOS privacy restrictions framework (TCC) and its weaknesses. We believe there is a need to raise awareness on why OS protections are not 100% effective, and in the end, users have to be careful with installing software on their machines. Moreover - as we're going to publish several exploits - red teams will also benefit from the talk.
A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon 2011, this talk is aimed at detailing not just escalation from user to admin and admin to system, but persistence and forced authentication as well as a few other treats.
PowerUp - Automating Windows Privilege EscalationWill Schroeder
This slidedeck was given as a firetalk at @BSidesBoston '14, and covers the genesis and implementation of PowerUp, a Powershell tool for Windows privilege escalation.
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
PS>Attack is designed to make it easy for Penetration Testers to incorporate PowerShell into their bag of tricks. Its a custom PowerShell console packed with some of the best offensive tools available. It's designed to be easy to use and opsec safe.
Exploiting Directory Permissions on macOSCsaba Fitzl
This talk covers how we can exploit applications on macOS (including macOS itself), where some of the directory / file permissions are incorrectly set. The incorrectness of these settings is not trivial at first sight because understanding these permissions are not intuitive. We will see bugs from simple arbitrary overwrites, to file disclosures and privilege escalation. The concepts applicable to *nix based system as well, however this talk focuses on macOS bugs only. We will also cover different techniques about how to control contents of files, to what we don’t have direct write access.
We will do a deep dive overview of the various r / w / x permissions, what do they mean in case of files, and more importantly in case of directories. We will also take a look at the additional settings, like ownership and the ‘lock’ flag and how do they affect the previous permissions. As part of this we will see how to find such bugs.
We will see a file information disclosure bug affecting macOS Mojave, where we can get read access to files which would normally be accessible only for root users. We will also cover 4 vulnerabilities that are caused due to our ability to control the location of certain files. As we have direct control over only the file location, but not the contents, we will explore tricky techniques how we can influence the contents of some of these files to our benefit.
The slides of my ObjectiveByTheSea v4 conference talk.
Abstract
---------
In this talk we will dive into mount operation internals on macOS and discuss several vulnerabilities impacted the system.
In the first half we will introduce how mounting is happening, how the sandbox is tied to the mount operation. We will also discuss the diskarbitration service, which is also responsible some of the mounting which can be done by the user.
Next we will detail different bugs impacted macOS in the past, where mounting had a key role. These range from privilege escalation to complete privacy (TCC) bypasses.
Lastly we will review how we can use the mount command for our own advantage when exploiting third party applications.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
BruCon 2019 Keynote -=> My name is Rob Fuller, I've been around a bit, not as long as some but longer than others. From the US military to government contracting, consulting, large companies, tiny startups and silicon valley behemoths, from podcasting to television, I've had a storied and humbling career in infosec. Let’s get past complaining about blinky lights and users. Let’s talk about what actually works and what doesn't.
Incorporating PowerShell into your Arsenal with PS>Attackjaredhaight
This talk serves as a follow up to my Introducing PS>Attack talk and covers some new features that have been added to the tool as well as how to defend an environment against PowerShell based attacks.
20+ ways to bypass your mac os privacy mechanismsCsaba Fitzl
"TotallyNotAVirus.app" would like to access the camera and spy on you. To protect your privacy, Apple introduced Transparency, Consent, and Control (TCC) framework that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism's main design concern was clear user consent.
In this talk, we will share multiple techniques that allowed us to bypass this prompt, and as a malicious application, get access to protected resources without any additional privileges or user's consent. Together, we submitted over 40 vulnerabilities just to Apple through the past year, which allowed us to bypass some parts or the entire TCC. We also found numerous vulnerabilities in third-party apps (including Firefox, Signal, and others), which allowed us to avoid the OS restrictions by leveraging the targeted apps' privileges.
In the first part of the talk, we will give you an overview of the TCC framework, its building blocks, and how it limits application access to private data. We will explore the various databases it uses and discuss the difference between user consent and user intent.
Next, we will go through various techniques and specific vulnerabilities that we used to bypass TCC. We will cover how we can use techniques like process injection, mounting, application behavior, or simple file searches to find vulnerabilities and gain access to the protected resources.
The audience will leave with a solid understanding of the macOS privacy restrictions framework (TCC) and its weaknesses. We believe there is a need to raise awareness on why OS protections are not 100% effective, and in the end, users have to be careful with installing software on their machines. Moreover - as we're going to publish several exploits - red teams will also benefit from the talk.
A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon 2011, this talk is aimed at detailing not just escalation from user to admin and admin to system, but persistence and forced authentication as well as a few other treats.
PowerUp - Automating Windows Privilege EscalationWill Schroeder
This slidedeck was given as a firetalk at @BSidesBoston '14, and covers the genesis and implementation of PowerUp, a Powershell tool for Windows privilege escalation.
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
PS>Attack is designed to make it easy for Penetration Testers to incorporate PowerShell into their bag of tricks. Its a custom PowerShell console packed with some of the best offensive tools available. It's designed to be easy to use and opsec safe.
Exploiting Directory Permissions on macOSCsaba Fitzl
This talk covers how we can exploit applications on macOS (including macOS itself), where some of the directory / file permissions are incorrectly set. The incorrectness of these settings is not trivial at first sight because understanding these permissions are not intuitive. We will see bugs from simple arbitrary overwrites, to file disclosures and privilege escalation. The concepts applicable to *nix based system as well, however this talk focuses on macOS bugs only. We will also cover different techniques about how to control contents of files, to what we don’t have direct write access.
We will do a deep dive overview of the various r / w / x permissions, what do they mean in case of files, and more importantly in case of directories. We will also take a look at the additional settings, like ownership and the ‘lock’ flag and how do they affect the previous permissions. As part of this we will see how to find such bugs.
We will see a file information disclosure bug affecting macOS Mojave, where we can get read access to files which would normally be accessible only for root users. We will also cover 4 vulnerabilities that are caused due to our ability to control the location of certain files. As we have direct control over only the file location, but not the contents, we will explore tricky techniques how we can influence the contents of some of these files to our benefit.
The slides of my ObjectiveByTheSea v4 conference talk.
Abstract
---------
In this talk we will dive into mount operation internals on macOS and discuss several vulnerabilities impacted the system.
In the first half we will introduce how mounting is happening, how the sandbox is tied to the mount operation. We will also discuss the diskarbitration service, which is also responsible some of the mounting which can be done by the user.
Next we will detail different bugs impacted macOS in the past, where mounting had a key role. These range from privilege escalation to complete privacy (TCC) bypasses.
Lastly we will review how we can use the mount command for our own advantage when exploiting third party applications.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
New MITM Framework Bettercap A complete, modular, portable and easily extensible MITM framework. Bettercap is a complete, modular,
portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could
need in order to perform a man in the middle attack.
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
In this talk we’ll see how Authentication and Secrets delivery work in distributed containerized applications from the inside. We’ll start from the theory of security and will go through the topics like Container Auth Role, Static & Dynamic secrets, Env vars/volumes for secret delivery, Vault & K8S secrets. After this talk you’ll get an understanding how to securely deploy your containerized workloads.
Step by Step on How to Setup DarkCometPich Pra Tna
This is a guide on how setup DarkComet RAT the free and popular Remote Administration Tool.
This software is an efficient type of software, especially created to remote control any Microsoft
Windows machine.
Ultimate Guide to Setup DarkComet with NoIPPich Pra Tna
Simply Step by Step tutorial on how to setup DarkComet RAT the free and popular Remote Administration Tool.
This software is an efficient type of software, especially created to remote control any Microsoft
Windows machine.
A presentation I gave on September 26 at the Melbourne Symfony developers group on using Environment Variables (envvars) in Symfony and managing secrets in your PHP applications.
For more information on these subjects, check out the supporting piece I wrote: https://samjarrett.com.au/swipe-right
This presentation was given at BSides Austin '15, and is an expanded version of the "I hunt sys admins" Shmoocon firetalk. It covers various ways to hunt for users in Windows domains, including using PowerView.
[Meet Magento 2015, Germany] In this presentation I'll show some pure evil bad practices that somehow made it into way too many Magento modules out there making it hard to integrate, adapt, scale, debug, secure or extend your project. Join this presentation and help making the Magento module ecosystem be a better place instead by spotting these "code smells" in your modules or the modules you're using.
Similar to The Dirty Little Secrets They Didn’t Teach You In Pentesting Class (20)
Memory Forensics for Pentesters: FirefoxRob Fuller
This is part one in a series of presentations I will be giving at the NoVAHackers meetings on forensics of all kinds as it can be leveraged in a penetration test.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
1. The Dirty Little Secrets They Didn’t Teach You In Pentesting Class DerbyCon 2011
2. meterpreter> getuid Chris Gates (CG) Twitter carnal0wnage Blog carnal0wnage.attackresearch.com Job Partner/Principal Security Consultant at Lares Affiliations Attack Research, Metasploit Work Previous Talks Attack Oracle (via web) wXf Web eXploitation Framework Open Source Information Gathering Attacking Oracle (via TNS) Client-Side Attacks
3. meterpreter> getuid Rob Fuller (mubix) Twitter -> mubix Blog -> http://www.room362.com Job -> Penetration Tester for Rapid7 Previous Talks Networking for Penetration Testers Metasploit Framework/Pro Training for Rapid7 Deep Magic 101 Couch to Career in 80 hours
4. The setup… We do things You do things There’s a better way to do things* Because ‘they’ do them that way Or… now they will because you are some of ‘they’ Use what you works for you
5. Domain Admin Or Bust Usually this means adding yourself as one (aka fastest way to get caught) Really just about measuring…
6. Pentesting Goals What’s our goal? Vulnerability Driven vs. Data Driven vs. Capability Driven pentest/goal What’s a *good* goal? Domain Admin is “A Goal” but it’s a stupid goal. What makes the client money is a better goal (if you* can identify it) Problems arise in actually identifying this. What’s important to testers vs client vs bad guys… Best goal, testing client’s ability to detect & respond to various levels of attackers
16. k, enough fiddle faddle… IT Security Industry is currently focused on minimizing the presence of vulnerabilities Consider a change in focus to what attacker tactics/techniques you can detect and respond to Let’s call this “Capability Driven Security Assessments” See my BruCon talk with Joe McCray To do this we need to ramp up post exploitation and stealth
19. Prep Work Prep work, its awesome, show it some love… Make your click scripts Update your stuff Have script and screen ready to go
20. How many of you have lost a shell because _your_ connection died?
21. Screen No, not like drug screen… “Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells.”
22. Screen Commands and Keyboard Shortcuts screen –S mycustomer CTRL-A then D (Detach) screen –ls screen –x –d mycustomer attaches to ‘mycustomer’ screen detaches other ‘attached’ sessions CTRL-A :multiuser on (Does not work on Debian based)
23. How many of you have lost a data because your scrollback wasn’t set to be long enough?
24. Script No, not like java script… Logs all your stuff Use it user@ubuntu:~$ script clientname.txt Script started, file is clientname.txt user@ubuntu:~$ exit exit Script done, file is clientname.txt user@ubuntu:~$
28. Your passwords suck One of these passwords almost always works… OK back to it….
29. Nmap Scripts Obligatory nod to nmap scripts Best scripts don’t fire off automatically with “-A” Some of the cooler scripts… Citrix, NFS, AFP, SNMP, LDAP awesome Database coverage http* Lots of handy stuff, some overlap with MSF aux but some things aux doesn’t have. Go See Ron’s talk on Sunday
34. MSF Auxiliary Modules Metasploit Aux modules are awesome Handle all the BS for you Uses lib/rex ==“Ruby EXploitationlibrary” Basic library for most tasks Sockets, protocols, command shell interface SSL, SMB, HTTP, XOR, Base64, random text Intended to be useful outside of the framework Lib/rex ported to a ruby gem! Can make use of rex outside of MSF if so desired
35. MSF Auxiliary Modules Designed to help with reconnaissance Dozens of useful service scanners Simple module format, easy to use Specify THREADS for concurrency Keep this under 16 for native Windows 256 is fine on Linux Uses RHOSTS instead of RHOST
36. MSF Auxiliary Modules Uses OptAddressRangeoption class, similar to nmap host specification 192.168.0.1,3,5-7 Standard ranges 192.168.1-7.230 Same IP on multiple subnets 192.168.0.* 0-255 www.metasploit.com/24 0-255 for whatever this resolves to file:/tmp/ranges.txt Line separated list of targets
43. Post Exploitation Google Docs http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html Or http://bitly.com/qrbKQP Open Source (Anyone can edit them) Will always be public (might have to lock down the edit privs based on defacement rate)
44. What is the best persistence method? Meterpreter? HTTPS Pro’s Persistence Agent MOS_DEF? Thunderbird SPAM Persistence DNS, HTTP, HTTPS, etc CORE Agent? Wiz-bang custom binary/backdoor? RAT (probably backdoored in other ways)
67. GOOD net group “domain admins” /domain net group “domain admins” /domain:DM net localgroup Administrators net group localgroup Administrators /domain net user domainadmin_username /domain net user username /domain
68. BETTER Rpcclient Enumerate users #!/bin/bash for i in {500..600} do rpcclient -U “user%Password1" -W DOMAIN 1.2.3.4 -c "lookupsids S-1-5-21-1289870825-1602939633-2792175544-$i done
79. BEST Just ask for it… Explain ‘Ask’ module Looking for the user that has the $stuff Tasklist tasklist /V /S $IP /U $user /P $password for /F "skip=3 delims=" %A in ('net view') do tasklist /V /S %A /U $user /P $password
81. BEST Just ask for it… Explain ‘Ask’ module Looking for the user that has the $stuff Tasklist tasklist /V /S $IP /U $user /P $password for /F "skip=3 delims=" %A in ('net view') do tasklist /V /S %A /U $user /P $password
83. Searching for Gold (Good) Dir /s “My Documents” Dir /s “Desktop” Dir /s *.pcf ListDrives
84. Searching for Gold (Good) Searching for files dir c:password* /s dir c:competitor* /s dir c:finance* /s dir c:risk* /s dir c:assessment* /s dir c:.key* /s dir c:.vsd /s dir c:.pcf /s dir c:.ica /s dirc:.crt /s dir c:.log /s Search in files findstr /I /N /S /P /C:password * findstr /I /N /S /P /C:secret * findstr /I /N /S /P /C:confidential * findstr /I /N /S /P /C:account * Powershell/WMIC to do it
85. Searching for Gold (Better) Dumplinks GetFirefoxCreds GetPidginCreds Outlook, IE, Chrome, RDP Password Extraction Basically the whole ‘credentials’ post module section SharePoint Intranet.company.com Shouts to illwill, Kx499, thelightcosine
86. Searching for Gold (Best) OpenDLP Fiction’s Database Searcher Search in Meterpreter Uses windows indexing i.e. outlook email Dir /s $share > filetosearchoffline.txt Findstr too Do what works for you…click scripts rule
Chris*How I do shit MAY not be better for you…but you’re here. So hopefully it will helpWhat the collective we are doing so far, obviouslyisnt working.
Rob
You == the tester, the client, the consultantChris
Rob
Chris
Chris
Chris
Chris
Rob
“there is no spoon” moment, where we talk about how pivoting, persistence, and post exploitation are just parts of the normal cycleRob
Chris
Chris
Rob
Chris
Rob
Rob
Rob
Chris
Chris
remember that your passwords suckChris
ChrisScript arguements
Chris
Chris
Chris
Chris
Chris & Rob with table example
Chris
Chris
Chris
Chris
Chris
Rob
Rob
Rob
Getting shells, keeping shells, keeping a backup shellKick yourself a shell before you do stupid shellKeep a host where you have a shell in case everything goes to hellChris
Rob
This slide not in public deck!
chris
chris
Push up ‘mycmd.exe’ / command.com 16bit bypassRob then Chris
rob
rob
Rob
ChrisSharing domain accounts across domainsLook for Enterprise admins
If you need help getting the SID…well…googlechris
Chris
rob
rob
rob
chris
Chris
Chris
Chris
ChrisStory 1: Shared drives with Everyone accessStory 2: LophtCrack password dump with Admin Share
ChrisKey is using windows tools to move around and find stuff. But also use custom tools to find stuff.Powershell search string stuffOpenDLPpsexec set EXE::Custom Operator vs Attacker (look at it on target, vsexfil then hand off to analyst)