This document provides an overview of a Bolt workshop that will be held virtually on April 1, 2020. It introduces two presenters, Stephen P Potter and Josef Singer, and provides information about their backgrounds and areas of focus. The document also provides instructions for submitting questions during the webinar and notes that presentation materials will be shared after the event.
Learn how to use Bolt in an interactive workshop with hands-on labs.
Join us for an interactive, virtual Bolt workshop on 28 April 2020. You’ll learn how to install and configure common Bolt activities and leave with your laptops Puppet-ready, with Bolt + PDK + Puppet Agent + VS Code. Plus, you’ll get to speak with experts from Puppet and the community.
What's Bolt? Bolt is an open source, agentless multi-platform automation tool that reduces your time to automation and makes it easier to get started with DevOps. Bolt makes automation much more accessible without requiring any Puppet knowledge, agents, or master. It uses SSH or WinRM to communicate and execute tasks on remote systems.
Your teams can perform various tasks like starting and stopping services, rebooting remote systems, and gathering packages and systems facts from your workstation or laptop on any platform (Linux and Windows).
Modulesync- How vox pupuli manages 133 modules, Tim MeuselPuppet
Managing a single Puppet module isn't easy, especially if you want to stay up-to-date with current best practices, modern testing, and the Puppet-DSL guidelines. This becomes even more difficult when maintaining multiple modules. Modulesync is the open source tool to change this! Learn from Vox Pupuli how we manage over 130 modules with no overhead and how we lowered the bar for newcomers in the open source world to more easily contribute.
Kernel vulnerabilities was commonly used to obtain admin privileges, and main rule was to stay in kernel as small time as possible! But nowdays even when you get admin / root then current operating systems are sometimes too restrictive. And that made kernel exploitation nice vector for installing to kernel mode!
In this talk we will examine steps from CPL3 to CPL0, including some nice tricks, and we end up with developing kernel mode drivers.
Learn how to use Bolt in an interactive workshop with hands-on labs.
Join us for an interactive, virtual Bolt workshop on 28 April 2020. You’ll learn how to install and configure common Bolt activities and leave with your laptops Puppet-ready, with Bolt + PDK + Puppet Agent + VS Code. Plus, you’ll get to speak with experts from Puppet and the community.
What's Bolt? Bolt is an open source, agentless multi-platform automation tool that reduces your time to automation and makes it easier to get started with DevOps. Bolt makes automation much more accessible without requiring any Puppet knowledge, agents, or master. It uses SSH or WinRM to communicate and execute tasks on remote systems.
Your teams can perform various tasks like starting and stopping services, rebooting remote systems, and gathering packages and systems facts from your workstation or laptop on any platform (Linux and Windows).
Modulesync- How vox pupuli manages 133 modules, Tim MeuselPuppet
Managing a single Puppet module isn't easy, especially if you want to stay up-to-date with current best practices, modern testing, and the Puppet-DSL guidelines. This becomes even more difficult when maintaining multiple modules. Modulesync is the open source tool to change this! Learn from Vox Pupuli how we manage over 130 modules with no overhead and how we lowered the bar for newcomers in the open source world to more easily contribute.
Kernel vulnerabilities was commonly used to obtain admin privileges, and main rule was to stay in kernel as small time as possible! But nowdays even when you get admin / root then current operating systems are sometimes too restrictive. And that made kernel exploitation nice vector for installing to kernel mode!
In this talk we will examine steps from CPL3 to CPL0, including some nice tricks, and we end up with developing kernel mode drivers.
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses we’ve experienced – EVER!
https://www.hackitoergosum.org
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Jeremy Brown
The web client is critical software to secure from any perspective. No matter if you're an organization or a casual client, you're typically just as vulnerable as anyone else. OSes are often supplemented with hardening toolsets or built-in mitigations as an extra measure to avoid compromise, but as with all things, they aren't completely solid either. Thus the need for systems that break systems, some of which deploy fuzzing and almost all of them work to find implementation bugs. Browser fuzzing has been explored and improved in many different ways over the past several years. In this presentation, we'll be primarily talking about a mutation engine that provides a somewhat novel technique for finding bugs in a still-ripe attack surface: the browser's rendering engine. This technique has the flexibility to be applied even more broadly than browsers, for example, there's initial support for fuzzing PDF readers. We'll also be discussing the tooling and infrastructure areas of the process, detailing what's needed to build a system that will scale and enable your fuzzing strategies to be successful. Finally, we can conclude the talk with some incubation results and how you can start making use of these fuzzing techniques today to find the bugs you need to exploit browsers or identify and fix the code responsible for each vulnerability.
As computer systems become more sophisticated, process injection techniques also evolve. These techniques are notorious for their use by "malicious software" to hide code execution and avoid detection. In this presentation we dive deep into the Windows runtime and we demonstrate these techniques. Besides, we also learn how to code construction and design patterns that relate to perform hidden code can recognize.
Steelcon 2014 - Process Injection with Pythoninfodox
This is the slides to accompany the talk given by Darren Martyn at the Steelcon security conference in July 2014 about process injection using python.
Covers using Python to manipulate processes by injecting code on x86, x86_64, and ARMv7l platforms, and writing a stager that automatically detects what platform it is running on and intelligently decides which shellcode to inject, and via which method.
The Proof of Concept code is available at https://github.com/infodox/steelcon-python-injection
44CON 2013 - Browser bug hunting - Memoirs of a last man standing - Atte Kett...44CON
Just like drinking is not a game in Finland; neither is browser bug hunting - it’s serious business! Browser bugs have been supporting Atte Kettunen (@attekett) traditional Finnish way of living since late 2011 and he’s going to tell you all about how he has been living the dream browser bug hunting - focusing on one of the most secure browser around, Google Chrome!
He’ll tell you a tale of his experiences with bounty programs and how those have evolved since he started way back (vendors can show the love too!) and how he’s managed to survive in the harsh environment of browser bug hunting. He’ll impart some important bug hunting social skills by showing you how and how NOT to step on the others guys toes - very competitive cottage industry is browser bug hunting. ;)
Atte is also going to share with you how and why he selected his current target feature *(still full of bugs!), how he built his fuzzer-module(s) and the results produced. We’ll all walk a mile in a bug hunters shoes together and take a peek at the tool sets, as well as the infrastructures that are used to find browser bugs by individuals and vendors!
Yocto project has been used at Open-RnD for building a number of IoT related products. The talk will go though the details of integration of Poky build system and OpenEmbedded layers into 3 projects carried out at Open-RnD:
an antonomous parking space monitoring system
a distributed 3D steroscopic image acquisition system
a gadget for acquisition of metabolic parameters of professional athletes
The presentation will approach to building software, automation and upstreaming of fixes.
Open-RnD is a small software company from Łódź, Poland. We have started using Yocto/Poky in late 2013 as a better alternative to in-house build system. Since then, we have successfully implemented a number of projects based on Poky. The presentation will go through the details of 3 projects that cover a diverse range of applications:
an autonomous parking space monitoring system (ParkEasily)
a distributed 3D stereoscopic image acquisition system (Ros3D)
a gadget for acquisition of metabolic parameters of professional athletes (Sonda)
We only use widely available hardware platforms such as BeagleBone Black, Raspberry Pi, Wandboard or Gateworks GW5400 (not as widely used as the previous ones, but still fully supported), hence all the points made during presentation are directly applicable by professionals and hobbyists alike.
Ice Age melting down: Intel features considered usefull!Peter Hlavaty
Decades history of kernel exploitation, however still most used techniques are such as ROP. Software based approaches comes finally challenge this technique, one more successful than the others. Those approaches usually trying to solve far more than ROP only problem, and need to handle not only security but almost more importantly performance issues. Another common attacker vector for redirecting control flow is stack what comes from design of today’s architectures, and once again some software approaches lately tackling this as well. Although this software based methods are piece of nice work and effective to big extent, new game changing approach seems coming to the light. Methodology closing this attack vector coming right from hardware - intel. We will compare this way to its software alternatives, how one interleaving another and how they can benefit from each other to challenge attacker by breaking his most fundamental technologies. However same time we go further, to challenge those approaches and show that even with those technologies in place attackers is not yet in the corner.
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Tim Bunce
Slides of my talk on Devel::NYTProf and optimizing perl code at the Italian Perl Workshop (IPW09). It covers the new features in NYTProf v3 and a new section outlining a multi-phase approach to optimizing your perl code.
30 mins long plus 10 mins of questions. Best viewed fullscreen.
Badge Hacking with Nerves Workshop - ElixirConf 2016 - Justin Schneck and Fra...GregMefford
These are the slides from the Badge Hacking with Nerves workshop from ElixirConf 2016, presented by Justin Schneck and Frank Hunleth, with help from Garth Hitchens, Chris Dutton, and Greg Mefford.
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
As time goes on operating systems keep evolving, like Microsoft Windows do, it ships new designs, features and codes from time to time. However sometimes it also ships more than bit of codes for complex subsystems residing in its kernel ... and at some future point it starts implementing new designs to prevent unnecessary access to it. However is it safe enough?
As we can see from security bulletins, win32k subsystem attracts lots of attention. It looks that with efforts of many security researchers who has dug into this area, finding bugs here shall becomes pretty tough and almost fruitless. But unfortunately this is not true, as win32k is backed up by very complex logic and large amount of code by nature..
We will present our point of view to Windows graphic subsystem, as well as schema of our fuzzing strategies. We will introduce some unusual areas of win32k, its extensions and how it can breaks even locked environments.
Part of our talk will be dedicated to CVE-2016-0176, the bug we used for this year's Pwn2Own Edge sandbox bypass, from its discovery to its exploitation techniques, which could serves as an example for universal DirectX escape which is independent of graphics vendors.
Yocto - Embedded Linux Distribution MakerSherif Mousa
Yocto is an Embedded Linux distribution maker.
This presentation is a quick start guide for Yocto buildsystem to get familiar with the tool and how to start building your own custom Linux system for a specific hardware target.
The Yocto Project is a collaborative open source project that provides prototypes, tools and methods that let you create personalized Linux-based systems for embedded products independent from the hardware architecture. The project was born in 2010 as a partnership of many different hardware manufacturers, open-source operative systems providers and electronic companies, to bring some order to the chaos that was the development of Linux Embedded. Why use Project Yocto? Because it's a development environment for Linux embedded complete with tools, meta-data and documentation - everything that one needs. The free of charge tools that Yocto makes available are powerful and easy to generate (included emulation environments, debuggers, a tool-kit to generate applications and others) and they let you create and continue projects, without causing you a loss of optimizations and investments made in the prototyping phase. Project Yocto supports the adoption of this technology by the open-source community letting users concentrate on the characteristics and development of their product.
Virtual Bolt workshop
Learn how to use Bolt in an interactive virtual workshop.
Join us for an interactive virtual Bolt workshop on Wednesday, 11 March 2020. You’ll learn how to install and configure common Bolt activities and leave with your laptops Puppet-ready, with Bolt + PDK + Puppet Agent + VS Code. Plus, you’ll get to speak with experts from Puppet and the community.
What's Bolt? Bolt is an open source, agentless multi-platform automation tool that reduces your time to automation and makes it easier to get started with DevOps. Bolt makes automation much more accessible without requiring any Puppet knowledge, agents, or master. It uses SSH or WinRM to communicate and execute tasks on remote systems.
Your teams can perform various tasks like starting and stopping services, rebooting remote systems, and gathering packages and systems facts from your workstation or laptop on any platform (Linux and Windows).
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses we’ve experienced – EVER!
https://www.hackitoergosum.org
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Jeremy Brown
The web client is critical software to secure from any perspective. No matter if you're an organization or a casual client, you're typically just as vulnerable as anyone else. OSes are often supplemented with hardening toolsets or built-in mitigations as an extra measure to avoid compromise, but as with all things, they aren't completely solid either. Thus the need for systems that break systems, some of which deploy fuzzing and almost all of them work to find implementation bugs. Browser fuzzing has been explored and improved in many different ways over the past several years. In this presentation, we'll be primarily talking about a mutation engine that provides a somewhat novel technique for finding bugs in a still-ripe attack surface: the browser's rendering engine. This technique has the flexibility to be applied even more broadly than browsers, for example, there's initial support for fuzzing PDF readers. We'll also be discussing the tooling and infrastructure areas of the process, detailing what's needed to build a system that will scale and enable your fuzzing strategies to be successful. Finally, we can conclude the talk with some incubation results and how you can start making use of these fuzzing techniques today to find the bugs you need to exploit browsers or identify and fix the code responsible for each vulnerability.
As computer systems become more sophisticated, process injection techniques also evolve. These techniques are notorious for their use by "malicious software" to hide code execution and avoid detection. In this presentation we dive deep into the Windows runtime and we demonstrate these techniques. Besides, we also learn how to code construction and design patterns that relate to perform hidden code can recognize.
Steelcon 2014 - Process Injection with Pythoninfodox
This is the slides to accompany the talk given by Darren Martyn at the Steelcon security conference in July 2014 about process injection using python.
Covers using Python to manipulate processes by injecting code on x86, x86_64, and ARMv7l platforms, and writing a stager that automatically detects what platform it is running on and intelligently decides which shellcode to inject, and via which method.
The Proof of Concept code is available at https://github.com/infodox/steelcon-python-injection
44CON 2013 - Browser bug hunting - Memoirs of a last man standing - Atte Kett...44CON
Just like drinking is not a game in Finland; neither is browser bug hunting - it’s serious business! Browser bugs have been supporting Atte Kettunen (@attekett) traditional Finnish way of living since late 2011 and he’s going to tell you all about how he has been living the dream browser bug hunting - focusing on one of the most secure browser around, Google Chrome!
He’ll tell you a tale of his experiences with bounty programs and how those have evolved since he started way back (vendors can show the love too!) and how he’s managed to survive in the harsh environment of browser bug hunting. He’ll impart some important bug hunting social skills by showing you how and how NOT to step on the others guys toes - very competitive cottage industry is browser bug hunting. ;)
Atte is also going to share with you how and why he selected his current target feature *(still full of bugs!), how he built his fuzzer-module(s) and the results produced. We’ll all walk a mile in a bug hunters shoes together and take a peek at the tool sets, as well as the infrastructures that are used to find browser bugs by individuals and vendors!
Yocto project has been used at Open-RnD for building a number of IoT related products. The talk will go though the details of integration of Poky build system and OpenEmbedded layers into 3 projects carried out at Open-RnD:
an antonomous parking space monitoring system
a distributed 3D steroscopic image acquisition system
a gadget for acquisition of metabolic parameters of professional athletes
The presentation will approach to building software, automation and upstreaming of fixes.
Open-RnD is a small software company from Łódź, Poland. We have started using Yocto/Poky in late 2013 as a better alternative to in-house build system. Since then, we have successfully implemented a number of projects based on Poky. The presentation will go through the details of 3 projects that cover a diverse range of applications:
an autonomous parking space monitoring system (ParkEasily)
a distributed 3D stereoscopic image acquisition system (Ros3D)
a gadget for acquisition of metabolic parameters of professional athletes (Sonda)
We only use widely available hardware platforms such as BeagleBone Black, Raspberry Pi, Wandboard or Gateworks GW5400 (not as widely used as the previous ones, but still fully supported), hence all the points made during presentation are directly applicable by professionals and hobbyists alike.
Ice Age melting down: Intel features considered usefull!Peter Hlavaty
Decades history of kernel exploitation, however still most used techniques are such as ROP. Software based approaches comes finally challenge this technique, one more successful than the others. Those approaches usually trying to solve far more than ROP only problem, and need to handle not only security but almost more importantly performance issues. Another common attacker vector for redirecting control flow is stack what comes from design of today’s architectures, and once again some software approaches lately tackling this as well. Although this software based methods are piece of nice work and effective to big extent, new game changing approach seems coming to the light. Methodology closing this attack vector coming right from hardware - intel. We will compare this way to its software alternatives, how one interleaving another and how they can benefit from each other to challenge attacker by breaking his most fundamental technologies. However same time we go further, to challenge those approaches and show that even with those technologies in place attackers is not yet in the corner.
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Tim Bunce
Slides of my talk on Devel::NYTProf and optimizing perl code at the Italian Perl Workshop (IPW09). It covers the new features in NYTProf v3 and a new section outlining a multi-phase approach to optimizing your perl code.
30 mins long plus 10 mins of questions. Best viewed fullscreen.
Badge Hacking with Nerves Workshop - ElixirConf 2016 - Justin Schneck and Fra...GregMefford
These are the slides from the Badge Hacking with Nerves workshop from ElixirConf 2016, presented by Justin Schneck and Frank Hunleth, with help from Garth Hitchens, Chris Dutton, and Greg Mefford.
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
As time goes on operating systems keep evolving, like Microsoft Windows do, it ships new designs, features and codes from time to time. However sometimes it also ships more than bit of codes for complex subsystems residing in its kernel ... and at some future point it starts implementing new designs to prevent unnecessary access to it. However is it safe enough?
As we can see from security bulletins, win32k subsystem attracts lots of attention. It looks that with efforts of many security researchers who has dug into this area, finding bugs here shall becomes pretty tough and almost fruitless. But unfortunately this is not true, as win32k is backed up by very complex logic and large amount of code by nature..
We will present our point of view to Windows graphic subsystem, as well as schema of our fuzzing strategies. We will introduce some unusual areas of win32k, its extensions and how it can breaks even locked environments.
Part of our talk will be dedicated to CVE-2016-0176, the bug we used for this year's Pwn2Own Edge sandbox bypass, from its discovery to its exploitation techniques, which could serves as an example for universal DirectX escape which is independent of graphics vendors.
Yocto - Embedded Linux Distribution MakerSherif Mousa
Yocto is an Embedded Linux distribution maker.
This presentation is a quick start guide for Yocto buildsystem to get familiar with the tool and how to start building your own custom Linux system for a specific hardware target.
The Yocto Project is a collaborative open source project that provides prototypes, tools and methods that let you create personalized Linux-based systems for embedded products independent from the hardware architecture. The project was born in 2010 as a partnership of many different hardware manufacturers, open-source operative systems providers and electronic companies, to bring some order to the chaos that was the development of Linux Embedded. Why use Project Yocto? Because it's a development environment for Linux embedded complete with tools, meta-data and documentation - everything that one needs. The free of charge tools that Yocto makes available are powerful and easy to generate (included emulation environments, debuggers, a tool-kit to generate applications and others) and they let you create and continue projects, without causing you a loss of optimizations and investments made in the prototyping phase. Project Yocto supports the adoption of this technology by the open-source community letting users concentrate on the characteristics and development of their product.
Virtual Bolt workshop
Learn how to use Bolt in an interactive virtual workshop.
Join us for an interactive virtual Bolt workshop on Wednesday, 11 March 2020. You’ll learn how to install and configure common Bolt activities and leave with your laptops Puppet-ready, with Bolt + PDK + Puppet Agent + VS Code. Plus, you’ll get to speak with experts from Puppet and the community.
What's Bolt? Bolt is an open source, agentless multi-platform automation tool that reduces your time to automation and makes it easier to get started with DevOps. Bolt makes automation much more accessible without requiring any Puppet knowledge, agents, or master. It uses SSH or WinRM to communicate and execute tasks on remote systems.
Your teams can perform various tasks like starting and stopping services, rebooting remote systems, and gathering packages and systems facts from your workstation or laptop on any platform (Linux and Windows).
Virtual Puppet Ecosystem Workshop - March 18,2020Puppet
Join us a hands-on virtual Puppet workshop exploring our open source tools and products, including Bolt, Puppet Remediate, and Project Nebula. This event will be held on 18 March from 1:00 p.m. - 3:00 p.m. CST.
In this virtual workshop, you can expect to learn how to utilize Puppet tools to automate away repetitive takes in your Windows and Linux environments. Plus, you’ll get to mingle with experts from Puppet and the community.
Manage your Windows Infrastructure with Puppet Bolt - August 26 - 2020Puppet
This two-hour workshop will focus on the following:
Improving operational efficiency for managing Windows infrastructure
Applying configuration baselines to Windows Server and IIS web servers
Utilizing PowerShell and Bolt to automate day to day management tasks
What's Bolt? Puppet Bolt is the easiest way to get started with DevOps and does not require Puppet knowledge. During this workshop you will utilize WinRM or SSH to communicate with your server environments.
You will leave this workshop with a working knowledge of Bolt, and your laptop equipped to start tackling automation challenges across your organization.
DevOps Automation with Puppet Bolt & Puppet EnterpriseEficode
Learn how you can easily automate complex application deployments with Puppet Bolt and ensure continuous compliance in day-to-day operations with Puppet Enterprise. Presented at Eficode's DevOps Tooling Morning 2019.
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Joblinuxlab_conf
Buildroot and Yocto, the two leading embedded Linux buildsystems, have largely overlapping goals but vastly different implementations.
Perhaps you’re familiar with either, and wonder how your daily job would change if you used the other.
Luca will share insights he gained while managing projects with both tools, spending a lot of time in learning how to achieve the same goals in a different way.
He will give a sort of “translation table” to ease the transition
between the two, covering: bootstrapping a project, what happens under the hood, invoking the build, customizing the rootfs and tweaking recipes.
A story of how we went about packaging perl and all of the dependencies that our project has.
Where we were before, the chosen path, and the end result.
The pitfalls and a view on the pros and cons of the previous state of affairs versus the pros/cons of the end result.
Have a quick overview of most of the embedded linux components and their details. How ti build Embedded Linux Hardware & Software, and developing Embedded Products
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1SJ7PSV.
Alex Blewitt talks about Swift, the open source released in December 2015 and available on Linux as well as OSX and iOS. He looks at the open-source project, how applications and libraries can be built for both platforms, the differences between the different builds and how Swift works under the hood. Filmed at qconlondon.com.
Alex Blewitt has over 20 years of experience in Objective-C and has been using Apple frameworks since NeXTSTEP 3.0. He currently works for a financial company in London and writes for the online technology news site InfoQ, as well as other books for Packt Publishing. He also has a number of apps on the App Store through Bandlem Limited.
Why work with Ansible to deliver software in a secure and reliable way? Gain insight quickly, this deck shows the strenghts of the IT automation tool that does it all.
Bas Meijer is an Ansible Ambassador co-hosting the Ansible Benelux Meetup since 2014. He introduced the tool to major corporate clients for use in mission critical infrastructure provisioning, application construction, container orchestration, security operations, and more.
Automating it management with Puppet + ServiceNowPuppet
As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization.
Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance.
In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.
Simplified Patch Management with Puppet - Oct. 2020Puppet
Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse.
Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution.
Join this webinar to learn how to do the following with Puppet:
Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems.
Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console.
Ensure your systems are compliant and patched in a healthy state
How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems.
Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
2. Meet our Presenters
BOLT WORKSHOP2
Stephen P Potter
Senior Sales Engineer, Columbus, OH
• 25+ years Unix/Linux, Virtualization, Cloud
• Focus on Automation and Performance Management
• Father, Scouts BSA Leader, Martial Arts Instructor
Josef Singer
Senior Sales Engineer, New York City
• 20+ years Software Development, Automation, IT
• Enjoys taking things apart, good at reassembly too
• Father, woodworker, video editor, music level 0 (-1?)
3. Questions?
• Please feel free to submit questions throughout the webinar using the Chat
function, which you can find in the control bar on the right hand side of
your screen. We have a few people on hand to provide assistance if you
run into any issues.
• We will be sending out a link to the recording and slides within the next
couple of days, so keep an eye on your inbox.”
BOLT WORKSHOP3
5. All About Bolt
• Bolt provides a simple way to execute agentless automation against remote hosts
• Zero requirements to the remote host. No agents, no python, no nothing
• Authenticate via SSH, WinRM, PCP
• Execute arbitrary commands, scripts, Bolt Tasks and Bolt Plans
• Use scripts in any language the remote host can execute
• Mature at your own pace from scripts → tasks → plans → puppet code
• If you have Puppet Enterprise, leverage Bolt from PE
BOLT WORKSHOP5
6.
7. Environment Setup
• Create a Bolt playground directory (i.e. ~/boltworkshop or c:usersyouboltworkshop)
• Download the Linux cert:
• Visit http://bit.ly/ws0325student
• Store the contents in your Bolt playground directory as student.pem.
• i.e. ~/boltworkshop/Boltdir/student.pem
• c:usersyouboltworkshopBoltdir/student.pem
BOLT WORKSHOP7
8. Using Bolt
Example syntax (you don’t need to run these)
• Bolt command line syntax:
bolt [command|script|task|plan] run <name> --targets <targets> [options]
• To run a simple Bash command on a remote SSH host:
bolt command run 'echo Hello World!' --targets 10.0.0.1,10.0.0.2
--user root --private-key /path/to/key --transport ssh --no-host-key-check
• To run a simple PowerShell command on a remote WinRM host:
bolt command run 'write-host Hello World!' --targets 10.0.0.1,10.0.0.2
--user Administrator --password ‘Puppetlabs!' --transport winrm --no-ssl
BOLT WORKSHOP8
10. Lab 1: Instructions (A Long Command For A Ping!)
• Student Bolt Instances
Linux: bolt41nix#.classroom.puppet.com
Windows: bolt41win#.classroom.puppet.com
• Credentials
Linux: centos / student.pem
Windows: Administrator / Puppetlabs!
• Run these from the command line in your boltworkshop directory
bolt command run 'ping 8.8.8.8 -c2' --targets <linux_node>
--user centos --private-key ./Boltdir/student.pem --no-host-key-
check
bolt command run 'ping 8.8.8.8 –n 2' --targets <win_node> --user
Administrator --password Puppetlabs! --transport winrm --no-ssl
BOLT WORKSHOP10
11. Easing Bolt Configuration
http://www.puppet.com/docs/bolt
• Bolt provides ways to make repetitive tasks more efficient
• Use a bolt.yaml file to store generic settings like modulepath or PE integration
• Use an inventory.yaml file to prevent typing in connection info every time
• Use a Boltdir to bundle all the files you need and have Bolt automatically use it
BOLT WORKSHOP11
12. Bolt Configuration File
• Bolt supports a configuration file to manage default configuration settings
• The configuration file is YAML and can have any name you want
• If unspecified, Bolt will look in these locations for an configuration file
• ./Boltdir/bolt.yaml
• ~/.puppetlabs/bolt/bolt.yaml (~ = %HOMEPATH%)
• A custom configuration file can be specified at runtime with --configfile [full path]
BOLT WORKSHOP12
14. Lab 2: Instructions (Making some Defaults)
1. Create Boltdir/bolt.yaml in your bolt playground folder (e.g. boltworkshop).
2. add host-key-check: false to SSH section of bolt.yaml and ssl: false to WinRM
section of bolt.yaml
ssh:
host-key-check: false
winrm:
ssl: false
3. Run commands to targets without specifying these 2 options (from boltworkshop dir)
bolt command run 'ping 8.8.8.8 -c2' --targets <linux_node>
--user centos --private-key ./Boltdir/student.pem
bolt command run 'ping 8.8.8.8 –n 2' --targets <win_node> --user Administrator
--password Puppetlabs! --transport winrm
BOLT WORKSHOP14
15. Bolt Inventory
• Bolt supports an inventory file to maintain a list of known targets
• The inventory file is YAML and can have any name you want
• If unspecified, Bolt will look in these locations for an inventory file:
• ./Boltdir/inventory.yaml
• ~/.puppetlabs/bolt/inventory.yaml (~ = %HOMEPATH%)
• A custom inventory file can be specified on the command line with --inventoryfile
[full path]
• A custom inventory file can be specified in bolt.yaml with the inventoryfile keyword.
BOLT WORKSHOP15
18. Lab 3: Reference
1. Create an inventory.yaml in your workshop folder
2. One group for your Linux node, connecting over SSH
3. One group for your Windows node, connecting over WinRM
Reference (download this and place in boltworkshop/Boltdir):
https://bit.ly/ws0325inventory
Note:
● You’ll need to use your student number in the provided file.
BOLT WORKSHOP18
20. Lab 4: Reference (Using our Inventory)
Note: Run these commands from your boltworkshop/Boltdir directory…
1. bolt command run 'ping 8.8.8.8 -c2' --targets linux
1. bolt command run 'ping 8.8.8.8 -n 2' -t windows
1. bolt command run 'hostname’ --targets linux,windows
BOLT WORKSHOP20
21. The Boltdir
To assist in packaging Bolt with source code, Bolt supports a Boltdir
When Bolt sees a directory called ./Boltdir it overrides all other configuration
The Boltdir has the following structure:
./Boltdir/bolt.yaml # Configuration settings
./Boltdir/inventory.yaml # Target system inventory
./Boltdir/Puppetfile # Additional Forge modules
./Boltdir/modules # Path where modules are installed via Puppetfile
./Boltdir/site # Another modulepath, safe from Puppetfile
./Boltdir/modules/mymod/tasks # Bolt Tasks in module ‘mymod’
./Boltdir/modules/mymod/plans # Bolt Task Plans in module ‘mymod’
BOLT WORKSHOP21
22. Running Scripts
• Bolt will copy the script file to the remote host and run it in the native shell
• Linux = Bash
• Windows = PowerShell
• Bolt expects the shell to execute the correct parser (based on file extension)
• You can pass arguments, but Bolt doesn’t do input validation for scripts
bolt script run <script> [[arg1] ... [argN]] [options]
BOLT WORKSHOP22
24. Lab 5: Instructions (Running a Script)
1. On your laptop, recreate the timesync.ps1 script at https://bit.ly/ws0325time_sync Place
this file above your Boltdir, in our ~/boltworkshop directory
2. From our boltworkshop directory: Use Bolt to run the script on your Windows node
bolt script run time_sync.ps1 --targets windows
BOLT WORKSHOP24
25. Scripts into Tasks!
• Make your scripts more useful in Bolt by turning them into Puppet Tasks
• Any script file in a tasks directory of a module becomes a Task
• Tasks are “name spaced” automatically, using familiar Puppet syntax:
site/mymod/tasks/script1.ps1 # mymod::script1
site/aws/tasks/show_vpc.sh # aws::show_vpc
site/mysql/tasks/sql.rb # mysql::sql
site/yum/tasks/init.rb # yum (notice that?)
BOLT WORKSHOP25
27. Lab 6: Instructions (Turning Scripts into Tasks)
1. Create Boltdir/site/tools/tasks
2. Move the time_sync.ps1 script into the tasks directory
3. bolt task show to verify the new task is available
4. bolt task run tools::time_sync --targets windows to execute the task.
BOLT WORKSHOP27
28. Bolt Task Metadata
• Make your Tasks more useful and robust by writing metadata files for them
• A metadata file has the same name as the script file, but with a .json extension
• Metadata files using the following (JSON) syntax:
{
"description": "Description of your Puppet Task",
"input_method": "environment | stdin | powershell",
"parameters": {
"param1": {
"description": "Description of the parameter usage",
"type": "String | Enum | Pattern | Integer | Array | Hash | Boolean“
}
}
}
BOLT WORKSHOP28
29. Bolt Task Input Methods
• The chosen input method determines how variables are accessible in the script
“input_method”: “environment | stdin | powershell”
• environment: creates environment variable for each parameter as $PT_<variable>
• stdin: creates a JSON hash of all parameters and passes it via stdin
• powershell: creates a PowerShell named argument for each parameter
• The default for Linux is environment and stdin
• The default for Windows is powershell
BOLT WORKSHOP29
31. Lab 7: Instructions (Parameterizing Tasks)
1. Retrieve timesync.json from https://bit.ly/ws0325time_syncjson
2. Retrieve timesync.ps1 from https://bit.ly/ws0325timesyncparm
• Adds a “Restart” Parameter
• Adds an if statement restarting W32Time if Restart parameter is passed in
3. Copy timesync.json and timesync.ps1 to ./Boltdir/site/tools/tasks
4. bolt task show (Look, we have a description now!)
5. bolt task show tools::timesync
6. bolt task run tools::timesync -t windows restart=true
BOLT WORKSHOP31
32. Writing Bolt Plans
Bolt Plans can use all the previously covered capabilities, and more, in a single plan.
It’s ideally suited to:
• Orchestrate multiple tasks
• Perform more complex logic & error handling, or interact with Puppet Enterprise
• Combine command/scripts/Tasks with applying desired-state Puppet code
• Plans are stored in a plans directory of a module and have a .pp extension
• Plans must be name spaced according to their module & plan name
BOLT WORKSHOP32
34. Lab 8: Instructions (Building a Plan)
1. Retrieve https://bit.ly/ws0325timesyncplan
1. Place timesync.pp in Boltdir/site/tools/plans (New Directory)
2. bolt plan show
3. bolt plan show tools::timesync
4. bolt plan run tools::timesync --targets windows
BOLT WORKSHOP34
36. Desired State - What Now?
• So far, we’ve been using scripting approaches to fix time synchronization issues
• But the script only works on Windows
• If we also built a script for Linux, it wouldn’t look anything like the Windows one
• We don’t *want* to keep running scripts on systems over and over
• How would we know if we needed to run the script again? Would that even work?
• Surely *someone* has solved this issue already, right?!
BOLT WORKSHOP36
40. Lab 9: Instructions (Applying Puppet Code)
• Retrieve Plan manifest from https://bit.ly/ws0325timesyncmanifest and save it as
timesync_windows.pp in your working directory (above Boltdir)
• bolt apply timesync_windows.pp --targets windows
NOTE: This lab will fail to complete and spew yellow and red: Could not
find declared class windowstime is the proper error!
BOLT WORKSHOP41
43. Lab 10: Instructions (Dependencies, the Puppetfile and You!)
1. Download Puppetfile from https://bit.ly/ws0325Puppetfile
1. It should contain these dependencies: Stdlib, Registry, Windowstime and NTP
# Modules from the Puppet Forge.
mod 'puppetlabs-stdlib', '5.1.0'
mod 'puppetlabs-registry', '2.1.0'
mod 'ncorrare-windowstime', '0.4.3'
mod 'puppetlabs-ntp', '7.3.0'
1. bolt puppetfile install
2. With the modules now installed, let’s try this again:
bolt apply timesync_windows.pp --targets windows
BOLT WORKSHOP44
46. Lab 11: Instructions (Let’s get Multi-Platform!)
1. Retrieve https://bit.ly/ws0325timesyncmulti and place it in
boltworkshop/Boltdir/site/tools/plans/timesync_code.pp
2. Change directory to ./Boltdir (path to .pem file)
3. bolt plan run tools::timesync_code --targets windows,linux
BOLT WORKSHOP47
47. Recap Time!
We’ve now learned how with Puppet Bolt:
• Commands, scripts, tasks, plans and manifests can be run with Puppet Bolt
• What the natural progression of automation looks like
• Turning interactive commands into scripts
• Turning scripts into tasks
• Turning tasks into plans
• Leveraging existing desired state modules and manifests
• Incorporating desired state code into plans
BOLT WORKSHOP48
48. Connecting to Puppet Enterprise
• To complete the automation journey, all that’s left to do is maturing into PE
• Leverage PE to continuously & automatically enforce desired state code
• Gain auditability in PE on Bolt Tasks, Task Plans and manifests
• Use RBAC in PE to delegate permissions to other teams/coworkers
• Connect Bolt to PE to gain direct control over PE-managed targets
BOLT WORKSHOP49