A computer network plays a major part in the development of any industry. Nowadays, in this fast paced
networking world each and every industry depends on internet for their progress. As said above this is the fast
paced world, the attack to disable the progress are also fast paced. DDoS (Distributed Denial of Service) is one
among them. Though it is one of the many attacks, they temporarily disable a service provided by the company.
This paper proposes a series of steps which not only checks the possible attack but also tries its best to thwart
them. Instead of going for conventional approach of blocking the excess traffic, the proposed approach will
prolong the access to the service. In the mean time checking for the possible attack is done. Thus, not only it
thwarts the attacks but also gives them reliable user their access with a little bit of delay, resulting in high
reliability.
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...Abhinav Biswas
TOR (The Onion Router) is a volunteer-based distributed overlay network that allows anonymous publishing of websites and other TCP services inside the Darknet. These location Hidden Services (HS) operate under the .onion TLD & can only be accessed through the TOR network, whilst maintaining anonymity of the Visitors as well as the HS Operators. Operators run HSs for a multitude of reasons. Some Operators want their HS to be public & advertise its existence in the Clearnet, whereas many want to keep the HS’s existence as private & hidden from even regular TOR users.
The research questions that arise here are, “Are TOR Hidden Services really Hidden?”, “Is someone monitoring the HS Directories for private .onion addresses?”. The main idea of this paper is to answer these questions by methodologically running private unannounced HSs (aka Onion Decoys) inside the TOR Network to detect whether there is any surveillance done on HS Directories. The Onion Decoys were implemented with docker containers as honeypots for this research. The paper details the observations made from the scanning activity done on the Onion Decoys.
Keywords: TOR Hidden Services, Private Onion Decoys
Presented on May 9, 2018 at SOURCE Conference Boston
(https://sourceconference.com/events/bos18/).
This version contains minor updates from previous presentations.
This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
This talk serves as a practical introduction to Distributed Tracing. We will see how we can make best use of open source distributed tracing platforms like Hypertrace with Azure and find the root cause of problems and predict issues in our critical business applications beforehand.
Presentation part of Open Source Days on 30 Oct - ossdays.konfhub.com
This was a group project which was created by myself, Samy Izebboudjen, Daniel Phan, and Eric Hernandez in which we tested a denial of service SYN flood script against a targeted website on our own local network on a virtual machine. In this project, we also used virtual machines (via VirtualBox) in order to set up our testing environment as well as used Wireshark to analyze the network traffic during the simulation.
This project was conducted during our ISYS-575 (Information Security Management) course at San Francisco State University and the purpose of this project and write-up was to test network security and determine the overall effects a denial of service attack has against a targeted website/network.
MALICIOUS URL DETECTION USING CONVOLUTIONAL NEURAL NETWORKijcseit
The World Wide Web has become an important part of our everyday life for information communication
and knowledge dissemination. It helps to transact information timely, rapidly and easily. Identifying theft
and identity fraud are referred as two sides of cyber-crime in which hackers and malicious users obtain the
personal data of existing legitimate users to attempt fraud or deception motivation for financial gain.
Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting
users to become victims of scams (monetary loss, theft of private information, and malware installation),
and cause losses of billions of dollars every year. To detect such crimes systems should be fast and precise
with the ability to detect new malicious content. Traditionally, this detection is done mostly through the
usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated
malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have
been explored with increasing attention in recent years. In this paper, I use a simple algorithm to detect
and predicting URLs it is good or bad and compared with two other algorithms to know (SVM, LR).
MALICIOUS URL DETECTION USING CONVOLUTIONAL NEURAL NETWORKijcseit
The World Wide Web has become an important part of our everyday life for information communication
and knowledge dissemination. It helps to transact information timely, rapidly and easily. Identifying theft
and identity fraud are referred as two sides of cyber-crime in which hackers and malicious users obtain the
personal data of existing legitimate users to attempt fraud or deception motivation for financial gain.
Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting
users to become victims of scams (monetary loss, theft of private information, and malware installation),
and cause losses of billions of dollars every year. To detect such crimes systems should be fast and precise
with the ability to detect new malicious content. Traditionally, this detection is done mostly through the
usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated
malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have
been explored with increasing attention in recent years. In this paper, I use a simple algorithm to detect
and predicting URLs it is good or bad and compared with two other algorithms to know (SVM, LR).
Behavioral Malware Detection in Dtn Using Intrusion Detection Systemtheijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Behavioral Malware Detection in Dtn Using Intrusion Detection Systemtheijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The papers for publication in The International Journal of Engineering& Science are selected through rigorous peer reviews to ensure originality, timeliness, relevance, and readability.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
Presented on April 14, 2018 at CarolinaCon (https://www.carolinacon.org). This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
In this paper we propose a system that allows a safe and secure data transfer in MANETs between the source and the destination. As MANETs are unplanned networks and networks of instant communication, they are prone to attacks like disclosure, brute force attacks etc. In this paper we mainly concentrate on limiting the disclosure attacks in MANETs. Disclosure attack means that the network is monitored quietly without modifying it. The monitoring of network is possible only if the traffic is known. Hiding of traffic between the source and destination would prevent disclosure attacks in MANETs. To hide the traffic between the source and destination we must identify it. The traffic is identified using STARS(Statistical Traffic Pattern Discovery System for MANETs) technique. Using this technique, the traffic is made observable only for the intermediary nodes and the data is sent via intermediary nodes to the destination as single hop. The data which is sent as single hop by hop via intermediary nodes prevents the malicious node from knowing the original source and destination and thus preventing MANETs from disclosure attack.
A predictive model for mapping crime using big data analyticseSAT Journals
Abstract Crime reduction and prevention challenges in today’s world are becoming increasingly complex and are in need of a new technique that can handle the vast amount of information that is being generated. Traditional police capabilities mostly fall short in depicting the original division of criminal activities, thus contribute less in the suitable allocation of police services. In this paper methods are described for crime event forecasting, using Hadoop, by studying the geographical areas which are at greater risk and outside the traditional policing limits. The developed method makes the use of a geographical crime mapping algorithm to identify areas that have relatively high cases of crime. The term used for such places is hot spots. The identified hotspot clusters give valuable data that can be used to train the artificial neural network which further can model the trends of crime. The artificial neural network specification and estimation approach is enhanced by processing capability of Hadoop platform. Keywords— Crime forecasting; Cluster analysis; artificial neural networks; Patrolling; Big data; Hadoop; Gamma test.
A computer network plays a major part in the development of any industry. Nowadays, in this fast paced
networking world each and every industry depends on internet for their progress. As said above this is the fast
paced world, the attack to disable the progress are also fast paced. DDoS (Distributed Denial of Service) is one
among them. Though it is one of the many attacks, they temporarily disable a service provided by the company.
This paper proposes a series of steps which not only checks the possible attack but also tries its best to thwart
them. Instead of going for conventional approach of blocking the excess traffic, the proposed approach will
prolong the access to the service. In the mean time checking for the possible attack is done. Thus, not only it
thwarts the attacks but also gives them reliable user their access with a little bit of delay, resulting in high
reliability.
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...Abhinav Biswas
TOR (The Onion Router) is a volunteer-based distributed overlay network that allows anonymous publishing of websites and other TCP services inside the Darknet. These location Hidden Services (HS) operate under the .onion TLD & can only be accessed through the TOR network, whilst maintaining anonymity of the Visitors as well as the HS Operators. Operators run HSs for a multitude of reasons. Some Operators want their HS to be public & advertise its existence in the Clearnet, whereas many want to keep the HS’s existence as private & hidden from even regular TOR users.
The research questions that arise here are, “Are TOR Hidden Services really Hidden?”, “Is someone monitoring the HS Directories for private .onion addresses?”. The main idea of this paper is to answer these questions by methodologically running private unannounced HSs (aka Onion Decoys) inside the TOR Network to detect whether there is any surveillance done on HS Directories. The Onion Decoys were implemented with docker containers as honeypots for this research. The paper details the observations made from the scanning activity done on the Onion Decoys.
Keywords: TOR Hidden Services, Private Onion Decoys
Presented on May 9, 2018 at SOURCE Conference Boston
(https://sourceconference.com/events/bos18/).
This version contains minor updates from previous presentations.
This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
This talk serves as a practical introduction to Distributed Tracing. We will see how we can make best use of open source distributed tracing platforms like Hypertrace with Azure and find the root cause of problems and predict issues in our critical business applications beforehand.
Presentation part of Open Source Days on 30 Oct - ossdays.konfhub.com
This was a group project which was created by myself, Samy Izebboudjen, Daniel Phan, and Eric Hernandez in which we tested a denial of service SYN flood script against a targeted website on our own local network on a virtual machine. In this project, we also used virtual machines (via VirtualBox) in order to set up our testing environment as well as used Wireshark to analyze the network traffic during the simulation.
This project was conducted during our ISYS-575 (Information Security Management) course at San Francisco State University and the purpose of this project and write-up was to test network security and determine the overall effects a denial of service attack has against a targeted website/network.
MALICIOUS URL DETECTION USING CONVOLUTIONAL NEURAL NETWORKijcseit
The World Wide Web has become an important part of our everyday life for information communication
and knowledge dissemination. It helps to transact information timely, rapidly and easily. Identifying theft
and identity fraud are referred as two sides of cyber-crime in which hackers and malicious users obtain the
personal data of existing legitimate users to attempt fraud or deception motivation for financial gain.
Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting
users to become victims of scams (monetary loss, theft of private information, and malware installation),
and cause losses of billions of dollars every year. To detect such crimes systems should be fast and precise
with the ability to detect new malicious content. Traditionally, this detection is done mostly through the
usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated
malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have
been explored with increasing attention in recent years. In this paper, I use a simple algorithm to detect
and predicting URLs it is good or bad and compared with two other algorithms to know (SVM, LR).
MALICIOUS URL DETECTION USING CONVOLUTIONAL NEURAL NETWORKijcseit
The World Wide Web has become an important part of our everyday life for information communication
and knowledge dissemination. It helps to transact information timely, rapidly and easily. Identifying theft
and identity fraud are referred as two sides of cyber-crime in which hackers and malicious users obtain the
personal data of existing legitimate users to attempt fraud or deception motivation for financial gain.
Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting
users to become victims of scams (monetary loss, theft of private information, and malware installation),
and cause losses of billions of dollars every year. To detect such crimes systems should be fast and precise
with the ability to detect new malicious content. Traditionally, this detection is done mostly through the
usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated
malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have
been explored with increasing attention in recent years. In this paper, I use a simple algorithm to detect
and predicting URLs it is good or bad and compared with two other algorithms to know (SVM, LR).
Behavioral Malware Detection in Dtn Using Intrusion Detection Systemtheijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Behavioral Malware Detection in Dtn Using Intrusion Detection Systemtheijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
The papers for publication in The International Journal of Engineering& Science are selected through rigorous peer reviews to ensure originality, timeliness, relevance, and readability.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
Presented on April 14, 2018 at CarolinaCon (https://www.carolinacon.org). This talk will provide a quick overview honeypots, an explanation of the cyber deception space, and the benefits of implementing deception as part of your cyber defense program. In addition, this talk will highlight the HoneyDB project, which enables anyone to get started with operating deception sensors and start collecting threat information. Finally, this presentation will describe how I built scalable honeypot sensor collection, employing a "Frankenstein Cloud Architecture", for minimal cost.
In this paper we propose a system that allows a safe and secure data transfer in MANETs between the source and the destination. As MANETs are unplanned networks and networks of instant communication, they are prone to attacks like disclosure, brute force attacks etc. In this paper we mainly concentrate on limiting the disclosure attacks in MANETs. Disclosure attack means that the network is monitored quietly without modifying it. The monitoring of network is possible only if the traffic is known. Hiding of traffic between the source and destination would prevent disclosure attacks in MANETs. To hide the traffic between the source and destination we must identify it. The traffic is identified using STARS(Statistical Traffic Pattern Discovery System for MANETs) technique. Using this technique, the traffic is made observable only for the intermediary nodes and the data is sent via intermediary nodes to the destination as single hop. The data which is sent as single hop by hop via intermediary nodes prevents the malicious node from knowing the original source and destination and thus preventing MANETs from disclosure attack.
A predictive model for mapping crime using big data analyticseSAT Journals
Abstract Crime reduction and prevention challenges in today’s world are becoming increasingly complex and are in need of a new technique that can handle the vast amount of information that is being generated. Traditional police capabilities mostly fall short in depicting the original division of criminal activities, thus contribute less in the suitable allocation of police services. In this paper methods are described for crime event forecasting, using Hadoop, by studying the geographical areas which are at greater risk and outside the traditional policing limits. The developed method makes the use of a geographical crime mapping algorithm to identify areas that have relatively high cases of crime. The term used for such places is hot spots. The identified hotspot clusters give valuable data that can be used to train the artificial neural network which further can model the trends of crime. The artificial neural network specification and estimation approach is enhanced by processing capability of Hadoop platform. Keywords— Crime forecasting; Cluster analysis; artificial neural networks; Patrolling; Big data; Hadoop; Gamma test.
Google's Effort to Fight Content Piracy. Google is ready to fulfil its commitment to downgrade the search rankings of ‘notorious’ piracy sites globally that often rank above legal and commercial sites.
Multiple Vulnerabilities in Mozilla Firefox for AndroidThe Hacker News
Multiple Vulnerabilities in Firefox for Android, reported by IBM Security researchers.
1. (CVE-2014-1516) Profile Directory Name Weak Randomization.
2. (CVE-2014-1484) Profile Directory Name Leaks to Android System Log.
3. (CVE-2014-1515) Automatic File Download to SD Card.
4. (CVE-2014-1506) Crash Reporter File Manipulation.
More Details: http://thehackernews.com/2014/03/multiple-de-in-firefox-for-android-leak.html
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Tor honions
1. HOnions: Towards Detection and Identification of
Misbehaving Tor HSDirs
Amirali Sanatinia
Northeastern University
amirali@ccs.neu.edu
Guevara Noubir
Northeastern University
noubir@ccs.neu.edu
ABSTRACT
Over the last decade privacy infrastructures such as Tor
proved to be very successful and widely used. However, Tor
remains a practical system with a variety of limitations and
open to abuse [2]. Tor’s security and anonymity is based on
the assumption that the large majority of the its relays are
honest and do not misbehave. Particularly the privacy of
the hidden services is dependent on the honest operation of
Hidden Services Directories (HSDirs). In this work we intro-
duce, the concept of honey onions (HOnions), a framework
to detect and identify misbehaving and snooping HSDirs.
After the deployment of our system and based on our ex-
perimental results during the period of 72 days, we detect
and identify at least 110 such snooping relays. Furthermore,
we reveal that more than half of them were hosted on cloud
infrastructure and delayed the use of the learned information
to prevent easy traceback.
1. HONION GENERATION & DETECTION
We introduce the concept of honey onions (honions), to
expose when a Tor relay with HSDir capability has been
modified to snoop into the hidden services that it currently
hosts. In order to automate the process of generating and
deploying honions in a way that they cover a significant frac-
tion of HSDirs, we developed several tools. A key constraint
in this process was to minimize the number of deployed ho-
nions. This derives primarily from our desire to not impact
the Tor statistics about hidden services (specially given the
recent surge anomaly). By considering the number of HS-
Dirs (approximately 3000), we could infer that we need to
generate around 1500 honions to cover all HSDirs with 0.95
probability. We used 1500 honions per batch (daily, weekly,
or monthly) and could verify that 95% of the HSDirs were
systematically covered.
HOnion back end servers: Each honion corresponds to
a process that is running locally. The server behind hidden
services, should not be running on a public IP address, to
avoid de-anonymization [1], [3]. We also log all the requests
that are made to the server programs and the time of each
visit. Recording the content of the requests allows us to
investigate the snoopers’ behavior and intent.
HOnions generation and deployment schedule: To
keep the total number of honions small, we decided on three
schedules for their generation and placement, daily, weekly,
and monthly. The three schedules allow us to detect the
malicious HSDirs who visit the honions shortly (less than 24
hours) after hosting them. Since the HSDirs for hidden ser-
vices change periodically, more sophisticated snoopers may
1. Generate honions
ho
i
ho
j
2. Place honions on HSDirs3. Build bipartite graph
On visit, mark potential HSDirs
ho
j
d
i
d
i+2
d
i+1
d
i
d
i+1
d
i+2
On visit, add to bipartite graph
Figure 1: Flow diagram of the honion system.
wait for a longer duration of time, so they can evade detec-
tion and frame other HSDirs.
Identifying snooping HSDirs: Based on the visited hid-
den service, the time of the visit, and the HSDir that have
been hosting the specific onion address prior to the visit, we
can mark the potential malicious and misbehaving HSDirs.
Then, we add the candidates to a bipartite graph, which con-
sists of edges between HSDirs and the visited honions. The
analysis of this graph allows us to infer a lower bound on
the number of malicious HSDirs as well as specific snoopers.
Figure 1 depicts the architecture of the system.
HOnion Visit Graph Formation: In the following we
first introduce a formal model and notation for the Honey
Onions system. First, HO denotes the set of honey onions
generated by the system that were visited, and HSD the set
of Tor relays with the HSDir flag (so far referred to as HS-
Dir relays). The visits of honions allow us to build a graph
G = (V, E) whose vertices are the union of HO and HSD
and edges connect a honion hoj and HSDir di iff hoj was
placed on di and subsequently experienced a visit. G is by
construction a bipartite graph. We also note that each ho-
nion periodically changes descriptors and therefore HSDirs
(approximately once a day). However, a HSDir currently a
honion ho cannot explain visits during past days. Therefore,
each time a honion changes HSDirs we clone its vertex ho
to ho and only add edges between ho and the HSDirs who
know about its existence when the visit happened.
Estimation & Set Cover: Since each honion is simultane-
ously placed on multiple HSDirs, the problem of identifying
which ones are malicious is not trivial. We first formulate
the problem of deriving a lower-bound on their number by
finding the smallest subset S of HSD that can explain all
the visits. The size s of the minimal set tells us that there
cannot be less than s malicious HSDirs who would explain
the visits.
argmin
S⊆HSD
|S : ∀(hoj, di) ∈ E∃di ∈ S ∧ (hoj, di) ∈ E| (1)
2. (a) Daily Visits (b) All Visits
Figure 2: Plot of the visits to the honions.
Finding the smallest set S as defined by Equation 1, is
not trivial as one can easily see that it is equivalent to the
hitting set problem, which itself is equivalent to the set cover
problem, which is well known to be NP-Complete. However,
it can also be formulated as an Integer Linear Program. Let
x1≤j≤|HSD| be binary variables taking values 0 or 1. Solving
Equation 1, consists of finding integer assignments to the xj
such that:
min(x1,...,xHSD)
|HSD|
j=1 xj
subject to ∀hoi ∈ HO ∀j:(hoi,dj )∈E xj ≥ 1
2. RESULTS & DISCUSSION
We started the daily honions on Feb 12, 2016; the weekly
and monthly experiments on February 21, 2016, which lasted
until April 24, 2016. During this period there were three
spikes in the number of hidden services, with one spike more
than tripling the average number of hidden services. There
are some theories suggesting that this was due to botnets,
ransomware, or the success of the anonymous chat service,
called Ricochet. However, none of these explanations can
definitely justify the current number of hidden services. Our
daily honions spotted snooping behavior before the spike in
the hidden services, this gives us a level of confidence that
the snoopings are not only a result of the anomaly (Figure 2).
Rather, there are entities that actively investigate hidden
services.
Snooping HSDirs Nature and Location: In total we
detected at least 110 malicious HSDir using the ILP algo-
rithm, and about 40000 visits. More than 70% of these HS-
Dirs are hosted on Cloud infrastructure. Around 25% are
exit nodes as compared to the average, 15% of all relays in
2016, that have both the HSDir and the Exit flags. This
can be interesting for further investigation, since it is known
that some Exit nodes are malicious and actively interfere
with users’ traffic and perform active MITM attacks [4].
Furthermore, 20% of the misbehaving HSDirs are, both exit
nodes and are hosted on Cloud systems, hosted in Europe
and Northern America. The top 5 countries are, USA, Ger-
many, France, UK, and Netherlands. Figure 3 depicts the
spread and the geolocation of the malicious HSDirs.
HSDirs Behavior and Intensity of the Visits: Most
of the visits were just querying the root path of the server
and were automated. However, we identified less than 20
possible manual probing, because of a query for favicon.ico,
the little icon that is shown in the browser, which the Tor
browser requests. Some snoopers kept probing for more
information even when we returned an empty page. For
Figure 3: The global map of detected misbehaving HSDirs
and their geographic origin.
example, we had queries for description.json, which is
a proposal to all HTTP servers inside Tor network to al-
low hidden services search engines such as Ahmia, to in-
dex websites. One of the snooping HSDirs (5.*.*.*:9011)
was actively querying the server every 1 hour asking for a
server-status page of Apache. It is part of the functionality
provided by mod status in Apache, which provides infor-
mation on server activity and performance. Additionally,
we detected other attack vectors, such as SQL injection,
targeting the information_schema.tables, username enu-
meration in Drupal, cross-site scripting (XSS), path traver-
sal (looking for boot.ini and /etc/passwd), targeting Ruby
on Rails framework (rails/info/properties), and PHP Easter
Eggs (?=PHP*-*-*-*-*).
3. CONCLUSION & FUTURE WORK
In this work, we introduced honey onions (HOnions), a
framework for methodically estimating and identifying Tor
HSDir nodes that are snooping on hidden services they are
hosting. We propose algorithms to both estimate the num-
ber of snooping HSDirs and identify them. Our experimen-
tal results indicate that during the period of the study (72
days) at least 110 such nodes were snooping information
about hidden services they host. Based on our observations
not all snooping HSDirs operate with the same level of so-
phistication. For example, some do not visit the hosted ho-
nions immediately to avoid detection by daily honions, our
weekly and monthly honions can detect them. We believe
that behavior of the snoopers can be modeled and studied
in more detail. Furthermore, we reveal that more than half
of them were hosted on cloud infrastructure making it dif-
ficult to detect malicious Tor nodes. Furthermore, cloud
providers such as Vultr, even accepts payments in the form
of bitcoins, which prevents the traceback and identification
of misbehaving entities.
4. REFERENCES
[1] S. Matic, P. Kotzias, and J. Caballero. Caronte:
Detecting location leaks for deanonymizing tor hidden
services. In CCS, 2015.
[2] A. Sanatinia and G. Noubir. Onionbots: Subverting
privacy infrastructure for cyber attacks. In DSN, 2015.
[3] M. Thomas and A. Mohaisen. Measuring the leakage of
onion at the root: A measurement of tor’s. onion
pseudo-tld in the global domain name system. In
WPES, 2014.
[4] P. Winter, R. K¨ower, M. Mulazzani, M. Huber,
S. Schrittwieser, S. Lindskog, and E. Weippl. Spoiled
onions: Exposing malicious tor exit relays. In PETs,
2014.