Ever wanted to find out someone’s IP address online? Of course you have! Tracing “calls” on the Internet is much more complicated than on the plain old telephone network. This expose` includes a history of traditional techniques used to discover the IP address of a target user in: chat rooms, forums and other types of social networking sites. Attention will be centered around a fundamental weakness in the IRC protocol that allows client IP addresses to be determined. Proof-of-concept samples targetting multiple IRC daemons will be released. Prizes will be awarded to the most interesting submissions for an online edition of ‘Spot The Fed.’
Bio: At the time of writing, Derek is currently an independent security contractor (and in the past for @stake and Symantec.) He’s written various tool packages including a Linux stealth patch to evade nmap’s transport layer OS detection as well as porkbind, a nameserver security scanner. In 2007, he won Cenzic’s SANS contest.
In this module, you’ll learn:
- IPFS’s Content Exchange protocols, namely, Bitswap and GraphSync,
- the message types and workflows of Bitswap and GraphSync, and
- the differences between the two protocols.
The document provides an introduction to Wireshark, including a brief history of its development from Ethereal, the benefits it provides, how to install it, and an overview of fundamental Wireshark concepts like capturing packets, its main window interface, and preferences customization. It explains that Wireshark enables protocol support, usability, program and operating system compatibility and guides the reader through their first packet capture and exploration of Wireshark's interface.
This document presents a framework for generating recipes from food images. The framework first predicts a list of ingredients present in an image using neural networks. It then generates cooking instructions by considering both the image features and predicted ingredients. The system is evaluated on a large dataset and is shown to outperform previous baselines by accurately predicting ingredients and generating coherent recipes directly from images. Key aspects of the framework include using transformers to generate sequential instructions conditioned on image and ingredient embeddings.
This document provides instructions for installing pfSense software on firewall appliances. It describes choosing installation types like full install or embedded, downloading the pfSense image, preparing installation media, performing the installation, assigning interfaces, configuring the default settings, and troubleshooting installation issues. The document is intended to guide users through the end-to-end pfSense installation process.
This document discusses firewalls and their configuration. It begins by defining what a firewall is and how they can be implemented as hardware or software. It then describes common firewall filtering techniques like packet filtering, application gateways, circuit-level gateways, and proxy servers. Next, it outlines characteristics of firewall protection such as different protection levels based on network location, protection of wireless networks, access to networks and the internet, and protection against intruders. Finally, it lists important aspects to consider when configuring a firewall, such as enabling/disabling it, setting security levels, and configuring permissions and rules for programs and connections.
Presentation by Hansang Lee
Automotive Software Engineering
Technical University of Chemnitz
13th May 2019
This presentation is mainly about,
- Basic Knowledge of AUTOSAR
- Task Scheduling Concepts on AUTOSAR with Multicore Supporing
In this module, you’ll learn:
- IPFS’s Content Exchange protocols, namely, Bitswap and GraphSync,
- the message types and workflows of Bitswap and GraphSync, and
- the differences between the two protocols.
The document provides an introduction to Wireshark, including a brief history of its development from Ethereal, the benefits it provides, how to install it, and an overview of fundamental Wireshark concepts like capturing packets, its main window interface, and preferences customization. It explains that Wireshark enables protocol support, usability, program and operating system compatibility and guides the reader through their first packet capture and exploration of Wireshark's interface.
This document presents a framework for generating recipes from food images. The framework first predicts a list of ingredients present in an image using neural networks. It then generates cooking instructions by considering both the image features and predicted ingredients. The system is evaluated on a large dataset and is shown to outperform previous baselines by accurately predicting ingredients and generating coherent recipes directly from images. Key aspects of the framework include using transformers to generate sequential instructions conditioned on image and ingredient embeddings.
This document provides instructions for installing pfSense software on firewall appliances. It describes choosing installation types like full install or embedded, downloading the pfSense image, preparing installation media, performing the installation, assigning interfaces, configuring the default settings, and troubleshooting installation issues. The document is intended to guide users through the end-to-end pfSense installation process.
This document discusses firewalls and their configuration. It begins by defining what a firewall is and how they can be implemented as hardware or software. It then describes common firewall filtering techniques like packet filtering, application gateways, circuit-level gateways, and proxy servers. Next, it outlines characteristics of firewall protection such as different protection levels based on network location, protection of wireless networks, access to networks and the internet, and protection against intruders. Finally, it lists important aspects to consider when configuring a firewall, such as enabling/disabling it, setting security levels, and configuring permissions and rules for programs and connections.
Presentation by Hansang Lee
Automotive Software Engineering
Technical University of Chemnitz
13th May 2019
This presentation is mainly about,
- Basic Knowledge of AUTOSAR
- Task Scheduling Concepts on AUTOSAR with Multicore Supporing
The document discusses the Internet of Things (IoT) architecture. It defines IoT as a network of devices that communicate with each other and with human users. It describes the different types of devices that are part of IoT and categorizes IoT use cases into personal, group, community, and industrial. It also discusses some of the key technologies used to build IoT systems, including Apache Kafka, Fluentd, Apache Storm, Apache Spark, Apache HBase, and Apache Drill. Finally, it provides examples of IoT architectures for automotive, biometric identification, financial services, and waste recycling applications.
Makalah ini membahas tentang jaringan komputer modern dengan 3 poin utama: (1) mendefinisikan jaringan komputer modern sebagai jaringan yang menggunakan teknologi canggih dan praktis, (2) menjelaskan sejarah perkembangan jaringan komputer dari era 1960-an hingga berkembangnya internet, dan (3) menggambarkan berbagai manfaat jaringan komputer termasuk untuk berbagi sumber daya, komunikasi, dan efisi
Artikel ini menjelaskan cara memasang dan menggunakan Mikrotik RouterOS secara virtual menggunakan Virtualbox untuk tujuan belajar secara gratis dan mudah tanpa perlu memiliki perangkat fisik Mikrotik. Langkah-langkahnya meliputi download dan instalasi Virtualbox, menambahkan file iso Mikrotik RouterOS, konfigurasi jaringan, instalasi sistem operasi Mikrotik, dan cara mengaksesnya melalui Winbox.
VPS atau Virtual Private Server merupakan virtualisasi lingkungan sistem operasi server yang memungkinkan sistem operasi satu berjalan di atas sistem operasi lain. Dedicated Server digunakan untuk aplikasi besar yang tidak bisa dijalankan di VPS atau shared hosting, dengan penyediaan perangkat keras sepenuhnya oleh penyedia hosting bekerja sama dengan vendor.
There are three types of First Hop Redundancy Protocols (FHRP): HSRP, VRRP, and GLBP. HSRP and VRRP elect an active router to forward traffic for a virtual IP address, while GLBP allows multiple routers to act as active forwarders. Only GLBP supports load balancing traffic across multiple routers. All FHRP protocols run per VRF and VDC.
This document provides an overview of software components (SWCs) in AUTOSAR. It defines different types of SWCs including application SWCs, sensoractuator SWCs, parameter SWCs, and others. It describes the purpose and functionality of each SWC type. It also discusses SWC elements like ports, runnables, and implementation.
1) Content addressing identifies content by a cryptographic hash of the content rather than its location. This allows content to be accessed from any node holding a copy of the content and ensures integrity as any change to the content results in a different hash/address.
2) In IPFS, content is chunked and the chunks are linked together in a Merkle DAG structure using their cryptographic hashes as identifiers. This allows for deduplication, random access, and integrity checking of content.
3) The IPFS Content Identifier (CID) is used to name every piece of data in IPFS. It contains the cryptographic hash, along with metadata to indicate the hash function and encoding, in a self-
The document discusses Cisco CCNA topics including the OSI and TCP/IP models, Cisco IOS, IPv4 addressing, subnetting, and password recovery procedures.
It provides details on each layer of the OSI and TCP/IP models, components of a Cisco router like ROM, RAM, NVRAM, and flash memory. It also covers Cisco IOS boot commands, router modes, and cursor commands.
The document also explains IPv4 addressing fundamentals like address classes, private addressing, subnet masks, CIDR notation, and provides examples of converting between binary and decimal.
Finally, it discusses subnetting concepts and provides examples of determining subnet masks and number of subnets based on given host or subnet requirements
This document provides an overview of Linux PCI Express drivers, including PCIe topology, configuration space, driver initialization, and common port service drivers. It describes the PCIe standard for replacing older PCI standards and how PCIe preserves backward compatibility at the software level. It also outlines the device enumeration process, driver access methods, and reference resources for PCIe specifications and Linux PCIe documentation.
This document discusses various types of malicious software including viruses, worms, and malware. It provides definitions and examples of different viruses and worms, how they spread and replicate on systems. It also summarizes approaches for detecting, identifying and removing viruses and worms, as well as proactive containment strategies for worms.
Mifare cards come in two technologies: Classic Mifare with sector/block structure, and Desfire with a file system and greater security features like DES encryption. Desfire has enhanced memory sizes up to 8k, more files and applications per card, and supports DES and triple DES encryption. It allows up to 32 applications identified by Application IDs. DESfire implements cryptographic security through challenge-response authentication, data encryption for confidentiality, message signatures for integrity and non-repudiation. DES is a symmetric key algorithm that encrypts data in 64-bit blocks, with security increased using triple DES. DESfire supports public key algorithms for encryption/decryption and signing with hash functions like MD5 and SHA providing message
The document provides an overview of peer-to-peer networking, describing how peers directly communicate and share resources in contrast to the client-server model. It discusses various P2P applications and research areas, including content sharing challenges, approaches to group management and data placement, and measurement studies analyzing user behavior on networks like Gnutella. The document also summarizes several structured P2P networks and routing techniques like Chord, CAN, and Tapestry/Pastry.
Dos & Ddos Attack. Man in The Middle Attackmarada0033
The document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks, as well as man-in-the-middle attacks. It defines DoS and DDoS, noting that a DDoS involves multiple hosts attacking at once. Common DoS attack types like penetration, eavesdropping, man-in-the-middle, and flooding are described. Symptoms of attacks and preventative measures are outlined. The document then explains how man-in-the-middle attacks work using techniques like ARP poisoning to intercept communications. Defenses against man-in-the-middle attacks through encryption and detection methods are also presented.
Wireshark is a free and open-source packet analyzer that allows users to examine network traffic and protocol data in real-time. It can be used by network administrators to troubleshoot issues, security engineers to examine security problems, and developers to debug protocol implementations. Wireshark captures packets in real-time and displays them in an easy-to-read format with filters, color-coding and other features to analyze individual packets and network traffic.
This document provides an overview of a hands-on workshop on the Constrained Application Protocol (CoAP). It outlines the agenda which includes introductions to CoAP, the Californium CoAP framework, and hands-on projects. Attendees will work through example CoAP client and server code using the Californium libraries and test their implementations. Advanced CoAP topics like security, proxies, and resource directories are also discussed.
The document discusses the history and architecture of Intel processors including the i3 processor. It describes the Nehalem architecture that the i3 is based on, which improved on earlier Core architectures by establishing direct point-to-point communication between cores and memory. The document provides a detailed timeline of Intel processors from the 4004 in 1971 to the Sandy Bridge in 2011, noting improvements in performance, transistor count, and features with each generation. It focuses on the i3 processor and describes its 64-bit architecture and three main designs including the Nehalem.
PLX Technology provides PCI Express switches and bridges that connect various components within servers, storage systems, networking equipment, and other devices. They have over 70% market share in PCI Express switches and are focused on growing their business connecting components within data centers and cloud computing environments. Their ExpressFabric technology uses PCI Express as a converged fabric to connect servers, storage, and networking within a data center rack in order to reduce costs and power consumption compared to using multiple traditional networking protocols.
[若渴計畫] Challenges and Solutions of Window Remote ShellcodeAj MaChInE
This document discusses challenges and solutions related to window remote shellcode. It outlines challenges posed by antivirus software, EMET, firewalls, and IDS/IPS systems. It then describes various techniques for bypassing these protections, such as encryption, obfuscation, non-standard programming languages, and the use of tools like Meterpreter and Veil Framework payloads. Specific bypass techniques covered include DLL injection, process hollowing, reflective loading, and the use of techniques like one-way shells and HTTP stagers.
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
Firmware analysis often involves searching firmware images for known file headers and file systems like SquashFS to extract contained files. Automated binary analysis tools like binwalk can help extract files from images. HTTP interfaces are common targets for security testing since they are often exposed without authentication. Testing may uncover vulnerabilities like XSS, CSRF, SQLi or command injection. Wireless interfaces also require testing to check for issues like weak encryption or exposure of credentials in cleartext.
The document discusses the Internet of Things (IoT) architecture. It defines IoT as a network of devices that communicate with each other and with human users. It describes the different types of devices that are part of IoT and categorizes IoT use cases into personal, group, community, and industrial. It also discusses some of the key technologies used to build IoT systems, including Apache Kafka, Fluentd, Apache Storm, Apache Spark, Apache HBase, and Apache Drill. Finally, it provides examples of IoT architectures for automotive, biometric identification, financial services, and waste recycling applications.
Makalah ini membahas tentang jaringan komputer modern dengan 3 poin utama: (1) mendefinisikan jaringan komputer modern sebagai jaringan yang menggunakan teknologi canggih dan praktis, (2) menjelaskan sejarah perkembangan jaringan komputer dari era 1960-an hingga berkembangnya internet, dan (3) menggambarkan berbagai manfaat jaringan komputer termasuk untuk berbagi sumber daya, komunikasi, dan efisi
Artikel ini menjelaskan cara memasang dan menggunakan Mikrotik RouterOS secara virtual menggunakan Virtualbox untuk tujuan belajar secara gratis dan mudah tanpa perlu memiliki perangkat fisik Mikrotik. Langkah-langkahnya meliputi download dan instalasi Virtualbox, menambahkan file iso Mikrotik RouterOS, konfigurasi jaringan, instalasi sistem operasi Mikrotik, dan cara mengaksesnya melalui Winbox.
VPS atau Virtual Private Server merupakan virtualisasi lingkungan sistem operasi server yang memungkinkan sistem operasi satu berjalan di atas sistem operasi lain. Dedicated Server digunakan untuk aplikasi besar yang tidak bisa dijalankan di VPS atau shared hosting, dengan penyediaan perangkat keras sepenuhnya oleh penyedia hosting bekerja sama dengan vendor.
There are three types of First Hop Redundancy Protocols (FHRP): HSRP, VRRP, and GLBP. HSRP and VRRP elect an active router to forward traffic for a virtual IP address, while GLBP allows multiple routers to act as active forwarders. Only GLBP supports load balancing traffic across multiple routers. All FHRP protocols run per VRF and VDC.
This document provides an overview of software components (SWCs) in AUTOSAR. It defines different types of SWCs including application SWCs, sensoractuator SWCs, parameter SWCs, and others. It describes the purpose and functionality of each SWC type. It also discusses SWC elements like ports, runnables, and implementation.
1) Content addressing identifies content by a cryptographic hash of the content rather than its location. This allows content to be accessed from any node holding a copy of the content and ensures integrity as any change to the content results in a different hash/address.
2) In IPFS, content is chunked and the chunks are linked together in a Merkle DAG structure using their cryptographic hashes as identifiers. This allows for deduplication, random access, and integrity checking of content.
3) The IPFS Content Identifier (CID) is used to name every piece of data in IPFS. It contains the cryptographic hash, along with metadata to indicate the hash function and encoding, in a self-
The document discusses Cisco CCNA topics including the OSI and TCP/IP models, Cisco IOS, IPv4 addressing, subnetting, and password recovery procedures.
It provides details on each layer of the OSI and TCP/IP models, components of a Cisco router like ROM, RAM, NVRAM, and flash memory. It also covers Cisco IOS boot commands, router modes, and cursor commands.
The document also explains IPv4 addressing fundamentals like address classes, private addressing, subnet masks, CIDR notation, and provides examples of converting between binary and decimal.
Finally, it discusses subnetting concepts and provides examples of determining subnet masks and number of subnets based on given host or subnet requirements
This document provides an overview of Linux PCI Express drivers, including PCIe topology, configuration space, driver initialization, and common port service drivers. It describes the PCIe standard for replacing older PCI standards and how PCIe preserves backward compatibility at the software level. It also outlines the device enumeration process, driver access methods, and reference resources for PCIe specifications and Linux PCIe documentation.
This document discusses various types of malicious software including viruses, worms, and malware. It provides definitions and examples of different viruses and worms, how they spread and replicate on systems. It also summarizes approaches for detecting, identifying and removing viruses and worms, as well as proactive containment strategies for worms.
Mifare cards come in two technologies: Classic Mifare with sector/block structure, and Desfire with a file system and greater security features like DES encryption. Desfire has enhanced memory sizes up to 8k, more files and applications per card, and supports DES and triple DES encryption. It allows up to 32 applications identified by Application IDs. DESfire implements cryptographic security through challenge-response authentication, data encryption for confidentiality, message signatures for integrity and non-repudiation. DES is a symmetric key algorithm that encrypts data in 64-bit blocks, with security increased using triple DES. DESfire supports public key algorithms for encryption/decryption and signing with hash functions like MD5 and SHA providing message
The document provides an overview of peer-to-peer networking, describing how peers directly communicate and share resources in contrast to the client-server model. It discusses various P2P applications and research areas, including content sharing challenges, approaches to group management and data placement, and measurement studies analyzing user behavior on networks like Gnutella. The document also summarizes several structured P2P networks and routing techniques like Chord, CAN, and Tapestry/Pastry.
Dos & Ddos Attack. Man in The Middle Attackmarada0033
The document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks, as well as man-in-the-middle attacks. It defines DoS and DDoS, noting that a DDoS involves multiple hosts attacking at once. Common DoS attack types like penetration, eavesdropping, man-in-the-middle, and flooding are described. Symptoms of attacks and preventative measures are outlined. The document then explains how man-in-the-middle attacks work using techniques like ARP poisoning to intercept communications. Defenses against man-in-the-middle attacks through encryption and detection methods are also presented.
Wireshark is a free and open-source packet analyzer that allows users to examine network traffic and protocol data in real-time. It can be used by network administrators to troubleshoot issues, security engineers to examine security problems, and developers to debug protocol implementations. Wireshark captures packets in real-time and displays them in an easy-to-read format with filters, color-coding and other features to analyze individual packets and network traffic.
This document provides an overview of a hands-on workshop on the Constrained Application Protocol (CoAP). It outlines the agenda which includes introductions to CoAP, the Californium CoAP framework, and hands-on projects. Attendees will work through example CoAP client and server code using the Californium libraries and test their implementations. Advanced CoAP topics like security, proxies, and resource directories are also discussed.
The document discusses the history and architecture of Intel processors including the i3 processor. It describes the Nehalem architecture that the i3 is based on, which improved on earlier Core architectures by establishing direct point-to-point communication between cores and memory. The document provides a detailed timeline of Intel processors from the 4004 in 1971 to the Sandy Bridge in 2011, noting improvements in performance, transistor count, and features with each generation. It focuses on the i3 processor and describes its 64-bit architecture and three main designs including the Nehalem.
PLX Technology provides PCI Express switches and bridges that connect various components within servers, storage systems, networking equipment, and other devices. They have over 70% market share in PCI Express switches and are focused on growing their business connecting components within data centers and cloud computing environments. Their ExpressFabric technology uses PCI Express as a converged fabric to connect servers, storage, and networking within a data center rack in order to reduce costs and power consumption compared to using multiple traditional networking protocols.
[若渴計畫] Challenges and Solutions of Window Remote ShellcodeAj MaChInE
This document discusses challenges and solutions related to window remote shellcode. It outlines challenges posed by antivirus software, EMET, firewalls, and IDS/IPS systems. It then describes various techniques for bypassing these protections, such as encryption, obfuscation, non-standard programming languages, and the use of tools like Meterpreter and Veil Framework payloads. Specific bypass techniques covered include DLL injection, process hollowing, reflective loading, and the use of techniques like one-way shells and HTTP stagers.
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
Firmware analysis often involves searching firmware images for known file headers and file systems like SquashFS to extract contained files. Automated binary analysis tools like binwalk can help extract files from images. HTTP interfaces are common targets for security testing since they are often exposed without authentication. Testing may uncover vulnerabilities like XSS, CSRF, SQLi or command injection. Wireless interfaces also require testing to check for issues like weak encryption or exposure of credentials in cleartext.
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesDefconRussia
This document summarizes vulnerabilities related to server-side request forgery (SSRF) attacks and how they can be exploited. It discusses how external network access and internal network access can be obtained through SSRF. It provides examples of vulnerabilities in various protocols like HTTP, FTP, TFTP, and protocols used by services like Memcached, databases, and file uploads. It also describes how file descriptors can be used to write to open sockets or files to forge server responses or inject malicious content. Overall, the document is an overview of real-world SSRF attacks and exploitation techniques.
This document provides an overview and introduction to network theory and Java programming. It discusses key topics like network communication models (OSI and TCP/IP), protocols, ports, sockets, firewalls, proxies, and an overview of Java. The document also provides code samples for basic Java socket programming including using ServerSocket for servers and Socket for clients. It explains concepts like connection-oriented and connectionless sockets in UDP and TCP. The objective is to help readers understand network environments and be able to develop basic networking applications in Java.
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Codemotion
DevOps is increasingly blending the work of both application and network security professionals. In a quest to move faster, organisations can end up creating security vulnerabilities using the tools and products meant to protect them. What happens when these tools are used insecurely or - even worse - they are just insecure? Technologies discussed will encompass AWS, Puppet, Hudson/Jenkins, Vagrant, Docker and much, much more. Everything from common misconfigurations to remote code execution.
This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. The key point is that inputs may come from sources beyond just user input, and outputs may contain sensitive information, so all data processed across layers needs to be carefully validated. Specific examples are provided of vulnerabilities the author has discovered in how various popular systems handle specific inputs or transformations at each layer.
DevOoops (Increase awareness around DevOps infra security)
DevOps is increasingly blending the work of both application and network security professionals. In a quest to move faster, organisations can end up creating security vulnerabilities using the tools and products meant to protect them. What happens when these tools are used insecurely or - even worse - they are just insecure? Technologies discussed will encompass AWS, Puppet, Hudson/Jenkins, Vagrant, Docker and much, much more. Everything from common misconfigurations to remote code execution.
This document provides an overview of Burp Suite and how to use its features to perform vulnerability assessments. It discusses Burp Suite's key components like the proxy, scanner, intruder, repeater, collaborator, and extender. It also covers techniques like bypassing filters, server-side request forgery, XML external entities, and common vulnerabilities to target like open redirects, insufficient entropy, and insecure deserialization.
This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. Many real-world examples are provided of how inputs passed between layers can bypass validation checks if the layers' data processing rules are not well understood by developers. The key message is that all variables not explicitly set in code should be considered untrusted.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
This presentation is intended to provide an overview of vulnerabilities and attack techniques that are popular in penetration testing at the moment. This talk includes real-world examples of attacks that they use on a daily basis, and some reflections on what techniques have changed over the last year. Vulnerabilities related to the application, network, and server layers will all be covered along with current anti-virus bypass and privilege escalation techniques used by attackers and penetration testers. This presentation should be interesting to security professionals and system administrators looking for more insight into real world attacks.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Ch 22: Web Hosting and Internet Serverswebhostingguy
Web hosting involves providing space on a server for websites. Linux is commonly used for hosting due to its maintainability and performance. A web server software like Apache is installed to handle HTTP requests from browsers. URLs identify resources on the web using protocols like HTTP and FTP. CGI scripts allow dynamic content generation but pose security risks. Load balancing distributes server load across multiple systems. Choosing a server depends on factors like robustness, performance, updates, and cost. Apache is widely used and configurable using configuration files that control server parameters, resources, and access restrictions. Virtual interfaces allow a single server to host multiple websites. Caching and proxies can improve performance and security. Anonymous FTP allows public file downloads.
Using hypervisor and container technology to increase datacenter security pos...Black Duck by Synopsys
As presented by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
As presented at LinuxCon/ContainerCon 2016:
Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and anti-malware agents. Unfortunately, those techniques introduce performance and management challenges when used at large VM densities, and may not work well with containerized applications.
Fortunately, the Xen Project community has collaborated to create a solution which reduces the potential of success associated with rootkit attack vectors. When combined with recent advancements in processor capabilities, and secure development models for container deployment, it’s possible to both protect against and be proactively alerted to potential zero-day attacks. In this session, we’ll cover models to limit the scope of compromise should an attack be mounted against your infrastructure. Two attack vectors will be illustrated, and we’ll see how it’s possible to be proactively alerted to potential zero-day actions without requiring significant reconfiguration of your datacenter environment.
Technology elements explored include those from Black Duck, Bitdefender, Citrix, Intel and Guardicore.
Attendees will learn the best web application security practices used by major US government entities. The presentation will cover network configuration, caching, replication, common web application vulnerabilities, and how making these changes will result in better web site performance and user satisfaction. The five most common types of web application attacks will be explained, along with simple ways to prevent them.
09 Systems Software Programming-Network Programming.pptxKushalSrivastava23
This document discusses client-server networking and the TCP/IP protocol stack.
It begins by explaining the client-server model and how servers manage resources for clients. It then describes the layers of a computer network from SAN to WAN. The document discusses how Ethernet segments, bridges, and routers connect local area networks. It introduces the concepts of internet protocols and how they provide naming and delivery of packets across incompatible networks. The roles of IP, TCP, UDP, and sockets in client-server communication are summarized. Finally, it provides examples of functions like getaddrinfo() and getnameinfo() for host and service name resolution.
This document discusses anatomy of cloud hacks by analyzing past data breaches and vulnerabilities. It begins by looking at known attacks where compromised infrastructure was based in the cloud. Specific case studies of attacks on Code Spaces, Olindata, and Tesla are described. The document then covers techniques for enumerating cloud services and resources like storage containers. Methods for gaining an initial foothold like leaked credential hunting and exploiting server-side request forgery are also outlined.
(1) Security Objectives' Pass The Hash (PTH) solution goes beyond traditional signature-based malware detection by auditing systems to identify all running code and verify that programs have not been modified. (2) PTH reliably identifies what software is present without needing to reveal any internal data. (3) Whitelisting known safe software is more effective than blacklisting malware, as blacklisting is reactive and cannot keep up with new threats, while whitelisting enforces an organization's approved software policy.
The document discusses a technique called Fractal Merkle Hash Trees for identifying and comparing files. It allows for efficient software inventory, rapid incident response between analysts without sharing malware, and verticalized domains for different industry needs. The approach uses lossless hashing aided by fractal compression to enable partial verification of file matches while maintaining atomic autonomy of the tree structure.
DNA Computing Notes Taken for Dr. Harlan Wood at UDel on Oct 9, 2003Derek Callaway
A set of notes, formulas, diagrams, etc. written during the lecture for a 400-level computer & information sciences course. It describes how DNA primers will behave during each step of the PCR (polymerase chain reaction) in a concise manner. Throughout the pages, the term "primer" is being used to refer to single strands of oligonucleotide material as opposed to the typical nucleotides: adenine, guanine, thymine and cytosine. Note that oligonucleotides may pair with more than one regular nucleotide! The state that the DNA strands are in and what is being noted takes place before any nucleotides pair together--in fact, it may not be possible for a double helix to form depending upon how the sequences of oligonucleotide values are laid out.
Various techniques that allow FCC-licensed amateur radio operators to get on the airwaves without the need for transceiver hardware. The slides from this presentation were presented at Nanticoke Amateur Radio Club. SDR (Software Defined Radio) and Internet-accessible radio are covered as well as much more..
Software Testing: Test Design and the Project Life CycleDerek Callaway
The software development process consists of an indeterminate number of fundamental steps that together comprise the project life cycle. All of these steps carry out software testing in one form or another. Some organizations have an entire team delegated exclusively to software testing. (Royer 16-17,20) As a result, a substantial amount of a software development project’s budget is allocated solely toward testing. This establishes the need to utilize formal techniques in order to trim cost. (Amman and Black, Coverage 20) Such techniques are the subject of an ample amount of scholarly investigation and are generally classified into two complementary integration approaches (top-down and bottom-up) and fall into one of a pair of distinct methods (black-box and white-box). In this report, the distinguishing characteristics and merits of each are presented, as well as their relative disadvantages and ways to mitigate their limitations.
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)Derek Callaway
Tcl is like many scripting languages{insofar as when it is combined with CGI (Common Gateway Interface,) it tends to exhibit some rather critical security issues as unintended side-effects of dynamic web page generation processes. This whitepaper describes some important findings made by vulnerability researchers at Security Objectives Corporation. The first half of the paper will provide an overall synopsis of sensitive language features; the later half will present in detail several practical examples as case studies of the cgi.tcl and tclhttpd software packages.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
3. A presentation by Derek Callaway <decal {at} sdf {dot} org>
http://decal.sdf.org
4. A presentation by Derek Callaway <decal {at} sdf {dot} org>
http://decal.sdf.org
5. • Independent Digital Security Consultant
• Web Application Penetration Testing, Network Vulnerability
Assessment, Host Hardening, Code Review, etc.
• Studied Computer Science & Philosophy @ University of Delaware
• Former employee of @stake, Inc. and Symantec Corporation
• Winner Cenzic’s SANS Contest in August 2007
• Home Page at http://decal.sdf.org
• Twitter @decalresponds
• E-mail decal@sdf.org
• Primary Interests
• Writing tools to automate pen testing & vuln research
• Software assurance, fuzz testing, gray-box binary analysis
• FCC-licensed amateur radio hobbyist; flair for SDR
6. Some techniques from the olden days:
DCC == Direct Client Connection
Sending DCC requests
If the target accepts the DCC request, TCP connection is made..
(Unless a firewall within the route interferes, of course)
Once the target client connect() and the local server accept() calls
complete, invoking getpeername() will return the target’s IP address
In client command terms, this can be accomplished with /dcc
Receiving DCC requests
Anyone who sends a DCC request has automatically disclosed their
network address in base10 format via a CTCP styled PRIVMSG
Numeric IP addresses represented in decimal can be converted to
dotted-quad format with inet_aton()
Depending on platform endian-ness, htonl() may be needed..
7. Side note regarding Direct Client Connections:
If a client listening for DCC connections sets
the sin_addr.saddr member of struct sockaddr
to INADDR_ANY (#define is 0x0) and the
kernel’s TCP stack sequentially increments the
TCP source port, the client is very susceptible
to DCC hijacking from an observing third-party
Intercept warez transferred via DCC SEND
Spoof DCC CHAT conversations
Can be used to bypass quotas enforced by
XDCC eggdrop bots, mIRC/irssi FSERVE, etc.
8. PRIVMSG target with URI that references daemon on accessible server
(tail –f access_log&);(tail –f error_log)
Alternatively, PRIVMSG target with a link to a web server that has an
access_log file it’s writing to which is under the web root directory
Create a forum posting that references an off-site image
Works on craigslist.org if image URI has non-commercial TLD
<IMG SRC=“http://rogue.webserv.dom/images/apic.gif”/>
IN AXFR (DNS zone transfer) resource records for parent domain, or..
nslookup common subdomains, i.e. www, mail, ftp, etc.
Subdomain could be DNS IN CNAME resource record for the target
Viewing world-read data on shell account of server running ircd
process
Simply asking (in essence, social engineering)
9.
10. • Depends on: settings in the ircd.conf file and whether the IRC server’s name
resolver is receives a response for the rDNS (reverse DNS) lookup from client registration
• Successful rDNS lookup (IN A resource record exists in authoritative zone file):
• First subdomain portion of the DNS address is replaced by a truncated MD5 hash
• ~otk@clk-1F6C27AC.members.linode.com
• Unsuccessful rDNS lookup:
• !irc.net.org *** Couldn't resolve your hostname; using your IP
address instead
• The numeric IPv4 address is replaced by three truncated MD5 hashes
• ~nobody@5B008B3D.4A839DBA.321F6D56.IP
• The hostmask’s truncated MD5 hashes can be computed in different ways
• Addresses formatted with RFC4291 style IPv6 notation use a similar process.
• A ciphertext-only attack can be used against WHOWAS output since identical
hash values in the cloaked hostmask imply identical client source addresses
11. • UnrealIRCd MODULE command lists loaded modules
• Most IRC client software can execute the following:
• /quote MODULE <irc.net.org>
• Hostname is optional--can be another IRC server name
• Without hostname argument, MODULE defaults to local daemon
• Many raw IRC commands use optional last parameter format
• Quite useful for reconnaissance against other server links that are
connected to the same network
• Note that the optional server name argument can represent an
IRC daemon or a services daemon
• We’re looking for the “cloak” module from src/modules/cloak.c
12. • Atheme uses SASL (Simple Authentication and Security Layer)
• SASL is specified in RFC4422 with a wide variety of authentication
mechanisms… Furthermore, Atheme’s is targeted by irc-sasl-brute, Lua code
in Nmap’s Scripting Engine: http://nmap.org/nsedoc/scripts/irc-sasl-brute.html
• Anope uses HostServ
• Both use UMODE +x
• IRC servers are often configured to auto-set UMODE +x after client registration
• Client registration is the process involving the raw commands USER, NICK
and sometimes a nonce PING from a no-spoof patch that requires a
corresponding PONG before the MOTD is displayed…
• Older versions may use UMODE +h
• Non-RFC compliant IRC protocol commands might be supported depending on
server software and which dynamic modules the ircd process loads at runtime:
• CHGIDENT, CHGHOST, SETNAME, SETHOST, SETIDENT, VHOST
13.
14.
15.
16.
17. • Inputs to cryptographic hash functions are typically IP addresses (or parts
thereof) combined with some mixture of hard-coded integers (like the KEY
preprocessor constant shown below), pseudo-random numbers generated
at compile-time, typing certain config entries values at random, etc.
• In the case of UnrealIRCD, MD5 inputs are network address (or perhaps a
few chosen fragments of them since interleaved with cloak-keys values
• The cloak-keys directive used by unrealircd.conf (demo on next slide…)
19. • The chosen-ciphertext cryptanalysis technique works because:
• The cloak keys put in ircd.conf during install almost never change
• All servers on the entire network must use identical cloak keys!
• Ciphertext shown by the WHOIS & WHOWAS commands is revealing
• Other users from the same IP as yourself can be easily identified
• This is because their cloaked hostname will be identical to yours
• WHOWAS responses will show how a particular nickname may have
changed IP’s as well as went back to an earlier one
• Another result of the same IP always matching up to the same address
• The effectiveness of this approach is completely dependent upon how
many WHOWAS responses are shown and how far they go back in time
21. • What got passed to the srandom() library call?
• Essentially time(NULL)
• The time that the IRC daemon started (give or take a few seconds)
• Commands that will disclosure the build time of the ircd:
• VERSION, INFO, STATS u, STATS T
• Note: these commands have optional server name arguments
• i.e. /quote VERSION services.*
12:00 -!- Birth Date: Sun Feb 17 2008 at 22:40:55 EST, compile # 1
12:00 -!- On-line since Thu Aug 18 02:34:04 2011
12:00 -!- ReleaseID (1.1.1.1.2.1.2.1.2.2234.2.676 2007/07/13 10:43:04)
12:00 -!- End of /INFO list.
12:00 -!- [services.net.org] Anope-1.7.21 (1341) irc.net.org UnrealIRCd 3.2.x - M
(enc_md5) -- build #1, compiled Jan 21 2010 09:12:30
22. • Convert the time/date string to a UNIX timestamp with strftime()
• Now we have a value roughly equivalent to the srand() argument
• This depends on how synchronized the target server’s time is with the rest
of the servers on the network
• Unsynchronized IRC server system times may allow netsplit riders to hack
channel modes
• Now we can show that the cloak values were generated by an
MD5 algorithm that was seeded with the UNIX timestamp
corresponding to the server uptime, allowing us to crack the cloak!
23.
24.
25.
26.
27.
28.
29. Atheme IRC Services available from http://www.atheme.net/atheme.html
Anope IRC services available from http://www.anope.org
DenoraStats (Anope-based) is available from http://www.denorastats.org
“What?! Only Three?!”
Yes, only mainstream UNIX style IRC daemons supporting cloaking were tested
(i.e. ircu, EFNet, 2600net, vantage, etc. don’t support cloaking to begin with!)
Atheme & Anope are the top two IRC services in terms of contemporaneous use
Some of you are probably idling in a channel controlled by one of these right now..
Check what target network running…
30. Anope Atheme DenoraStats
Deployed on a myriad of IRC
networks
Compatible with dozens
of ircd’s
A bit more rare, but still in use; based
on Anope so similar uncloak attacks
Forked from Epona in 2003
Orion IRC Svcs. Anope-based
Contains code from
Shrike, Sentinel & ratbox
Collects stats and exports to MySQL,
HTML, XML and flatfile databases.
Packaged with UnrealIRCd out-
of-the-box
Used by FreeNode, the
largest IRC network
Also has the PHP MagIRC Web
Frontend
http://anope.org http://atheme.org http://denorastats.org
An IRC services daemon is a special type of server that provides extensions such as
bots which handle nickname/channel registration and such. Most people are familiar
with the nicknames of bots that IRC services provide such as: NickServ, ChanServ,
HostServ, MemoServ, BotServ, etc. X3/evilnet, srvx & GNUWorld weren’t tested--they’re
all for ircu: Undernet’s daemon. See also: http://irc-wiki.org
31.
32.
33. 02:42 -!- WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=#
PREFIX=(qaohv)~&@%+ CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTG
NETWORK=anet CASEMAPPING=ascii EXTBAN=~,cqnr ELIST=MNUCT
STATUSMSG=~&@%+ EXCEPTS are supported by this server
34.
35.
36. RFC 5735 Special Use IPv4 Addresses January 2010
Address Block Present Use Reference
0.0.0.0/8 “This” Network RFC 1122 Section 3.2.1.3
10.0.0.0/8 Private-Use Networks RFC1918
127.0.0.0/8 Loopback RFC1122 Section 3.2.1.3
169.254.0.0/16 Link Local RFC3927
172.16.0.0/12 Private-Use Networks RFC1918
192.0.0.0/24 IETF Protocol Assignments RFC5736
192.88.99.0/24 6to4 Relay Anycast RFC3068
192.168.0.0/16 Private-Use Networks RFC1918
198.51.100.0/24 TEST-NET-2 RFC5737
203.0.113.0/24 TEST-NET-3 RFC5737
224.0.0.0/4 Multicast RFC3171
240.0.0.0/4 Reserved for Future Use RFC1112 Section 4
255.255.255.255/32 Limited Broadcast RFC912 Section 7
RFC922 Section 7
37. • Logs that are published on
public web sites
• A client that is set to
automatically remove
UMODE +x
• Stats scripts like phpDenora
and others may display a
literal host
• A user pastes a piece of data
containing their address
unintentionally
• For example, in a technical
support channel
• IRC operators are able to see
the real address via an
additional WHOIS reply field
• Scripts and bots can also
spill the beans, so be careful!
38.
39. Worst case asymptotic computational complexity for sequential
search is O(n) and worst for binary search is O(log(n))
40. IPv4/IPv6 numeric addresses can be
targeted using ban-masks w/ CIDR blocks
The additional 92-bits won’t impact
performance very much since using CIDR
blocks in ban-masks is essentially a binary
search algorithm of complexity O(log(n))
Not much difference between log(128)
& log(32), log(128) = 2.1 – log(32) = 1.5
Can discover hosts under .onion TLD
Have a unique identifier
Useful for chosen ciphertext
Most helpful if the .onion host
corresponds to a truncated route a la
Moxie Marlinspike’s tortunnel
41. Popular IRC networks that disclose cloaked IP addresses!
• FreeNode (hybrid-seven, Atheme) irc.freenode.net
• #1 largest IRC network with ~75K average daily users, dedicated to discussion of
open source projects, #linpeople originally
• Rizon (hybrid, Anope) irc.rizon.net
• #5 largest IRC network after Undernet with ~25K users
• AnonOps (InspIRCd, Atheme) irc.anonops.com
• Associated with the infamous hacktivist collective “Anonymous”
• Mozilla IRC (UnrealIRCd, Anope) irc.mozilla.org
• Maintained by the Mozilla project community best-known for the FireFox web browser
• Indymedia IRC (charbydis, atheme) irc.indymedia.org.
• Swift IRC (UnrealIRCd, Anope) irc.swiftnet.net
42. Other smaller IRC networks that allow uncloaking of IP addresses!
• Obsidian IRC (UnrealIRCd, Denora) irc.obsidianirc.net
• Obsidian-IRC is a small but growing IRC community with user
satisfaction in mind.
• Foonetic(UnrealIRCd, Atheme) irc.foonetic.net
• SolidIRC (InspirIRCd, Denora) irc.solidirc.com
• DarkMyst (charbydis, Atheme) irc.darkmyst.org
• Darksin (UnrealIRCd, Anope) irc.darksin.net
47. • Defense
• Patch Security Holes
• Reserve for Future Use
• Report to Provider
• Offense
• Deny of Service
• (D)DoS a Target
• Escalate Zombie Privs
• Seize Node Control
• Lock-out Admins
• Utilize rootkit(s)
48. • Botntets have long used IRC for C&C (command and control)
• For example, eggdrops and skiddies meta-searching for PHP RFI
exploitable HTTP daemons for CGI webshell and bot hosting
• Enumerating fully qualified addresses for all nodes in botnet
• See also: http://botnetsexposed.com & http://skidlist.com
To help take over the botnet & use it for their own ends
• Exploit original vulnerability or take advantage of existing rootkits
Legal prosecution by expert witness testimony
• Much faster than obtaining identity info via subpoena
• To notify the relevant providers and users
49.
50.
51.
52.
53. Dylan Webb suggested Derbycon as a venue at an early stage
of research; shoulder surfed a big part of the project and came
up with the idea for the “Spot The Fed: Online Edition” contest
David Klein for helping beta test the initial Perl exploit
Hal Brodigan always answered my Ruby and ronin questions
John Tan from L0pht Heavy Industries and HNN (Hacker News
Network) .. You need to write a book!
Shane Macaulay for being awesome