This document discusses container security and potential attacks. It begins with an overview of existing container security features like non-root users, namespaces, and seccomp profiles. It then discusses potential attacks like cryptocurrency mining malware, kernel/host attacks that bypass security restrictions, and network-level attacks. Throughout, it provides examples of how to detect and mitigate these risks using tools like Falco, network policies, and restricting egress traffic. The overall message is that containers can improve security but are not a silver bullet, and visibility and limiting what containers can access is important.
Take a Jailbreak -Stunning Guards for iOS Jailbreak- by Kaoru OtsukaCODE BLUE
In this talk, I investigate several exploiting ideas for iOS kernel jailbreak using recently exposed vulnerabilities. Recently, Ian Beer found the following promising vulnerabilities:
CVE-2016-7637: Broken kernel mach port name ‘uref’ handling on iOS/MacOS can lead to privileged port name replacement in other processes,
CVE-2016-7644: XNU kernel UaF due to lack of locking in set_dp_control_port,
CVE-2016-7661: MacOS/iOS arbitrary port replacement in powerd.
However, naive combination of the above vulnerabilities cannot easily break recent mitigations implemented in iOS versions. Recent iOS provides the kernel level mitigations against exploitation such as kernel patch protection, sandboxing, AMFI(Apple Mobile File Integrity), MAC(Mandatory Access Control) policy, KASLR(Kernel ASLR) etc. These mitigations will be briefly explained.
My talk at FullStackFest, 4.9.2017. Become more familiar with managing infrastructure using Terraform, Packer and deployment pipeline. Code repository - https://github.com/antonbabenko/terraform-deployment-pipeline-talk
Testing your infrastructure with litmusBram Vogelaar
We have been able to test our puppet modules using rspec-puppet and
serverspec for a while now and the quality of our code is improving because
of it. This talk will introduce the new kid on the block litmus. This talk will show you how
to use litmus to test puppet modules and how to convert your existing modules to make use of litmus.
Sphinx autodoc - automated api documentation - PyCon.MY 2015Takayuki Shimizukawa
Using the automated documentation feature of Sphinx, you can make with ease the extensive documentation of Python program.
You just write python function documents (docstrings), Sphinx organizes them into the document, can be converted to a variety of formats.
In this session, I'll explain a documentation procedure that uses with sphinx autodoc and autosummary extensions.
Sphinx autodoc - automated API documentation (EuroPython 2015 in Bilbao)Takayuki Shimizukawa
Using the automated documentation feature of Sphinx, you can make with ease the extensive documentation of Python program. You just write python function documents (docstrings), Sphinx organizes them into the document, can be converted to a variety of formats. In this session, I’ll explain a documentation procedure that uses with sphinx autodoc and autosummary extensions.
In this session, I’ll explain a documentation procedure that uses with sphinx autodoc, autosummary, coverage and doctest extensions.
Take a Jailbreak -Stunning Guards for iOS Jailbreak- by Kaoru OtsukaCODE BLUE
In this talk, I investigate several exploiting ideas for iOS kernel jailbreak using recently exposed vulnerabilities. Recently, Ian Beer found the following promising vulnerabilities:
CVE-2016-7637: Broken kernel mach port name ‘uref’ handling on iOS/MacOS can lead to privileged port name replacement in other processes,
CVE-2016-7644: XNU kernel UaF due to lack of locking in set_dp_control_port,
CVE-2016-7661: MacOS/iOS arbitrary port replacement in powerd.
However, naive combination of the above vulnerabilities cannot easily break recent mitigations implemented in iOS versions. Recent iOS provides the kernel level mitigations against exploitation such as kernel patch protection, sandboxing, AMFI(Apple Mobile File Integrity), MAC(Mandatory Access Control) policy, KASLR(Kernel ASLR) etc. These mitigations will be briefly explained.
My talk at FullStackFest, 4.9.2017. Become more familiar with managing infrastructure using Terraform, Packer and deployment pipeline. Code repository - https://github.com/antonbabenko/terraform-deployment-pipeline-talk
Testing your infrastructure with litmusBram Vogelaar
We have been able to test our puppet modules using rspec-puppet and
serverspec for a while now and the quality of our code is improving because
of it. This talk will introduce the new kid on the block litmus. This talk will show you how
to use litmus to test puppet modules and how to convert your existing modules to make use of litmus.
Sphinx autodoc - automated api documentation - PyCon.MY 2015Takayuki Shimizukawa
Using the automated documentation feature of Sphinx, you can make with ease the extensive documentation of Python program.
You just write python function documents (docstrings), Sphinx organizes them into the document, can be converted to a variety of formats.
In this session, I'll explain a documentation procedure that uses with sphinx autodoc and autosummary extensions.
Sphinx autodoc - automated API documentation (EuroPython 2015 in Bilbao)Takayuki Shimizukawa
Using the automated documentation feature of Sphinx, you can make with ease the extensive documentation of Python program. You just write python function documents (docstrings), Sphinx organizes them into the document, can be converted to a variety of formats. In this session, I’ll explain a documentation procedure that uses with sphinx autodoc and autosummary extensions.
In this session, I’ll explain a documentation procedure that uses with sphinx autodoc, autosummary, coverage and doctest extensions.
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...Positive Hack Days
Основная цель доклада — познакомить аудиторию с динамической бинарной инструментацией (DBI), углубиться в эту тему, продемонстрировать основные преимущества этой методики, а также рассмотреть типичные проблемы, связанные с ее применением на практике. Слушатели узнают об основных аспектах технологии DBI, поймут, в каких сферах ее можно использовать, а также познакомятся с потенциальными проблемами при написании собственной утилиты на основе DBI-фреймворков Intel PIN и DynamoRIO. Докладчик на реальных примерах покажет, как DBI может применяться для поиска ошибок типа переполнения кучи в «тяжеловесных» программах и для динамического анализа вредоносного кода.
https://www.youtube.com/watch?v=IeweKUdHJc4
My presentation from Hashiconf 2017, discussing our use of Terraform, and our techniques
to help make it safe and accessible.
Who is afraid of privileged containers ?Marko Bevc
This talk will focus on a possible privilege escalation to bypass RBAC rules when running privileged containers without any security policies in place. We will also do a live demo and show how this can be achieved in AWS EKS cluster. Afterwards we will show how to remediate this using PodSecurityPolicies and what to watch for when implementing those in an active cluster.
This document contains various methods to hack or pentest the web-server and web-applications.
1. A person can use it as hand book for hacking websites.
2. All contents of these hand book is searched and taken out from various other websites & blogs...
3. Use these knowledge for education purpose only.
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...Positive Hack Days
Основная цель доклада — познакомить аудиторию с динамической бинарной инструментацией (DBI), углубиться в эту тему, продемонстрировать основные преимущества этой методики, а также рассмотреть типичные проблемы, связанные с ее применением на практике. Слушатели узнают об основных аспектах технологии DBI, поймут, в каких сферах ее можно использовать, а также познакомятся с потенциальными проблемами при написании собственной утилиты на основе DBI-фреймворков Intel PIN и DynamoRIO. Докладчик на реальных примерах покажет, как DBI может применяться для поиска ошибок типа переполнения кучи в «тяжеловесных» программах и для динамического анализа вредоносного кода.
https://www.youtube.com/watch?v=IeweKUdHJc4
My presentation from Hashiconf 2017, discussing our use of Terraform, and our techniques
to help make it safe and accessible.
Who is afraid of privileged containers ?Marko Bevc
This talk will focus on a possible privilege escalation to bypass RBAC rules when running privileged containers without any security policies in place. We will also do a live demo and show how this can be achieved in AWS EKS cluster. Afterwards we will show how to remediate this using PodSecurityPolicies and what to watch for when implementing those in an active cluster.
This document contains various methods to hack or pentest the web-server and web-applications.
1. A person can use it as hand book for hacking websites.
2. All contents of these hand book is searched and taken out from various other websites & blogs...
3. Use these knowledge for education purpose only.
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf
Adversary Simulation pada lingkungan cloud memiliki karakteristik unik sehingga memerlukan pendekatan khusus. Stratus menawarkan fleksibilitas dalam melakukan simulasi attack secara native pada lingkungan cloud. Presentasi ini akan memberikan penjelasan tentang penggunaan Stratus dalam adversary simulation dan bagaimana mengembangkan skenario khusus sesuai kebutuhan.
When you are designing a production environment security is essential. All the Docker ecosystem but in particular Docker Swarm allows us to ship our containers out of our laptop, how can we make this process safe? During my talk, I will share tips around production environment, immutability and how troubleshooting common attack as code injection with Docker. Static analysis of our images, content trust with Notary to make our journey secure.
How can we setup a cluster on the main cloud providers with VPN and node labeling to expose only a portion of our cluster? I will also show what Docker provides (Content Trust, Static Analysis) but also open source alternatives as Notary, centos/clair and Cilium.
In the end of this talk, we had a better idea around how manage Docker in production.
CloudNativeTurkey - Lines of Defence.pdfKoray Oksay
Kubernetes has become the de facto standard for container orchestration, and it is being widely adopted by organizations of all sizes. However, as with any complex system, there are a number of security challenges that need to be addressed in order to properly secure a Kubernetes deployment.
In his talk, Koray will first show you some security problem areas in Kubernetes and then give an overview of various security tools such as image screening and auditing. You will learn how to run Kubernetes clusters securely and how to proactively counteract security challenges.
Scaleable PHP Applications in KubernetesRobert Lemke
Kubernetes is also called the "distributed Linux of the cloud" – which implies that it provides fundamental infrastructure, which can solve a lot of challenges. Let’s see how PHP applications fit into this picture. In this presentation, we are going to explore when Kubernetes is a good fit for operating your PHP application and how it can be done in practice. We’ll look at the whole lifecycle: how to build your application, create or choose the right Docker images, deploy and scale, and how to deal with performance and monitoring. At the end you will have a good understanding about all the different stages and building blocks for running a PHP application with Kubernetes in production.
The recent launch of the Docker Init command has significantly simplified the process of generating Dockerfiles and Docker Compose templates for containerized applications. This presentation aims to explore the evolution of Docker deployment resources generation process, comparing its approach prior to the Docker Init command release and discussing the way forward. Before the introduction of the Docker Init command, I've been delivering some projects like the "alfresco-docker-installer"[1], which provides custom scripts and configurations to streamline the process of deploying Alfresco in Docker containers. These kinds of projects use tools like Yeoman or raw Python. There are some differences between a Docker Template for a technology (Go, Python, Node or Rust) and a Docker Template for a product (like Alfresco) that may be covered when generating automatic deployment resources. This presentation will delve into the methodologies employed before the Docker Init command:
Custom Dockerfile Extension
Compose Template for a complete product deployment, including a set of services like the database, content repository, search engine, or web application
Configuration Management, including techniques such as environment variable injection, externalized configuration files, and configuration overrides
Following the release of the Docker Init command, this presentation will provide insights into the possibilities and advantages it brings to complex products Docker deployment process. A PoC of a Docker Plugin, including this product-oriented approach for docker init, will be demoed live. >> Note that the Open Source Alfresco product is used only to explain the concepts of building a Docker Compose generator with a real example.
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:InventHenning Jacobs
Many clusters, many problems? Having many clusters has benefits: reduced blast radius, less vertical scaling of cluster components, and a natural trust boundary. In this session, Zalando shows its approach for running 140+ clusters on AWS, how it does continuous delivery for its cluster infrastructure, and how it created open-source tooling to manage cost efficiency and improve developer experience. The company openly shares its failures and the learnings collected during three years of Kubernetes in production.
AWS re:Invent session OPN211 on 2019-12-05
Cloud Native TLV Meetup: Securing Containerized Applications PrimerPhil Estes
A talk give on Tuesday, January 28th, 2020 at the Tel Aviv, Israel Cloud Native meetup covering the core concepts of how to secure containerized applications in a Kubernetes context.
Open Source Summit 2018, Vancouver (Canada): Workshop by Josef Adersberger (@adersberger, CTO at QAware) and Michael Frank (Software Architect at QAware)
Abstract:
Istio service mesh is a thrilling new tech that helps getting a lot of technical stuff out of your microservices (circuit breaking, observability, mutual-TLS, ...) into the infrastructure - for those who are lazy (aka productive) and want to keep their microservices small. Come one, come all to the Istio playground:
(1) We provide an overview of all current Istio features on a YAML and CLI level.
(2) We guide you through the installation of Istio on a local Kubernetes cluster.
(3) We bring a small sample application.
(4) We provide assistance in the case you get stuck ... and it's up to you to explore and tinker with Istio on your own paths and with your own pace.
*** Please find prerequisites and content here: https://github.com/adersberger/istio-playground ***
Hunting for APT in network logs workshop presentationOlehLevytskyi1
Nonamecon 2021 presentation.
Network logs are one of the most efficient sources to hunt adversaries, but building good analytics capabilities require a deep understanding of benign activity and attacker behavior. This training focuses on detecting real-case attacks, tools and scenarios by the past year.
The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations.
Presentation topics:
- Netflow Mitre Matrix view
- Full packet captures vs Netflow
- Zeek
- Zeek packages
- RDP initial comprometation
- Empire Powershell and CobaltStrike or what to expect after initial loader execution.
- Empire powershell initial connection
- Beaconing. RITA
- Scanning detection
- Internal enumeration detection
- Lateral movement techniques widely used
- Kerberos attacks
- PSExec and fileless ways of delivering payloads in the network
- Zerologon detection
- Data exfiltration
- Data exfiltration over C2 channel
- Data exfiltration using time size limits (data chunks)
- DNS exfiltration
- Detecting ransomware in your network
- Real incident investigation
Authors:
Oleh Levytskyi (https://twitter.com/LeOleg97)
Bogdan Vennyk (https://twitter.com/bogdanvennyk)
Similar to Three Years of Lessons Running Potentially Malicious Code Inside Containers (20)
The Art Of Documentation for Open Source ProjectsBen Hall
Delivered at Kubecon US 2018 by Ben Hall. Watch the recording at https://www.youtube.com/embed/Yjxupg-NKnA
In this talk, Ben uses his expertise of building an Interactive Learning Platform to highlight The Art of Documentation. The aim of the talk is to help open source contributors understand how small changes to their documentation approach can have an enormous impact on how users get started.
Tips on solving E_TOO_MANY_THINGS_TO_LEARN with KubernetesBen Hall
Presented at Skills Matter, 8th February 2017.
Discusses the Kubernetes community and tools such as Minikube, Kubeadm, Helm and Weave Flux. Demos driven by katacoda.com
Deploying applications to Windows Server 2016 and Windows ContainersBen Hall
Deploying applications to Windows Server 2016 and Windows Containers.
Delivered at NDC London 2017 on 20th January.
Sponsored by Katacoda.com, interactive learning platform for Docker and Cloud Native platforms.
Deploying Windows Containers on Windows Server 2016Ben Hall
Introduction into the new Windows Containers and Windows Hyper-V Containers coming in Windows Server 2016.
Presented at WinOps Meetup #5 on Wednesday 20th April 2016. http://www.meetup.com/WinOps/events/229065341/
Implementing Google's Material Design GuidelinesBen Hall
Implementing Google's Material Design Guidelines. Presented on 6th November 2015 at Oredev.
Dropbox link with working Gifs - https://www.dropbox.com/s/m7ug6m6139hpsd9/Material%20Design%20-%20Oredev.pptx?dl=0
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
13. Container (Docker) Security 101
• Non-Root User: Run as user 1000
• User Namespaces
• Copy on Write: File isolation
• cgroups: How much resources can I use?
• namespaces: What can I see?
• Kernel Flags:
• No New Priv: Block setuid/setgid to gain root
• seccomp: What can I run?
• Apparmor: What is my running profile?
• Capabilities (CAP_*): Enable/Disable functionality
25. The attackers hid the malware behind an IP
address hosted by security firm Cloudflare.
They also configured the mining software to use
a non-standard port to reach the Internet and to
connect to an unlisted or semi-public endpoint
rather than well-known mining pools.
https://arstechnica.com/information-technology/2018/02/tesla-cloud-resources-are-hacked-to-run-cryptocurrency-mining-malware/
66. If I’m on the inside, I’ll spin up another container/pod, by-
passing memory restrictions…
Attacking Kubernetes API Server
via Service Accounts & Tokens
79. Think VMs contain?
CVE-2016-3710: QEMU: out-of-bounds memory access
issue
Venom QEMU/KVM – Attack via floppy driver
#include <sys/io.h>
#define FIFO 0x3f5
int main() {
int i;
iopl(3);
outb(0x0a,0x3f5); /* READ ID */
for (i=0;i<10000000;i++)
outb(0x42,0x3f5); /* push */
}
80.
81. Quick Wins!
• Don’t allow root (limits easy attacks)
• Read Only Filesystems
• Block Egress – Why do I need to run apt-get in production?
• Network Policies / Service Mesh / Istio!
• Create Visibility
:(){ :|:& };:
\_/| |||| ||\- ... the function ':', initiating a chain-reaction: each ':' will start two more.
| | |||| |\- Definition ends now, to be able to run ...
| | |||| \- End of function-block
| | |||\- disown the functions (make them a background process), so that the children of a parent
| | ||| will not be killed when the parent gets auto-killed
| | ||\- ... another copy of the ':'-function, which has to be loaded into memory.
| | || So, ':|:' simply loads two copies of the function, whenever ':' is called
| | |\- ... and pipe its output to ...
| | \- Load a copy of the function ':' into memory ...
| \- Begin of function-definition
\- Define the function ':' without any parameters '()' as follows: