This document provides an overview of Gatekeeper, Apple's built-in macOS security feature that aims to block unauthorized code from being installed or run on a user's system. It discusses how Gatekeeper works under the hood, including how it uses file quarantine attributes and the launchservices framework to check for and potentially block execution of apps from untrusted developers. The document also examines ways that Gatekeeper's protections can be bypassed or understood in more detail.
This presentation from ShmooCon 2016 elaborates on a trivial bypass of Apple’s Gatekeeper, a core OS X security mechanism, which still remains flawed following Apple’s patch efforts to the vulnerabilities previously reported and presented by Patrick Wardle at Virus Bulletin 2015.
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItSynack
DEF CON 23
You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea!
The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now.
Black Hat '15: Writing Bad @$$ Malware for OS XSynack
In comparison to Windows malware, known OS X threats are really quite lame. As an Apple user that has drank the 'Apple Juice,' I didn't think that was fair!
From novel persistence techniques, to native OS X components that can be abused to thwart analysis, this talk will detail exactly how to create elegant, bad@ss OS X malware. And since detection is often a death knell for malware, the talk will also show how OS X's native malware mitigations and 3rd-party security tools were bypassed. For example I'll detail how Gatekeeper was remotely bypassed to allow unsigned download code to be executed, how Apple's 'rootpipe' patch was side-stepped to gain root on a fully patched system, and how all popular 3rd-party AV and personal firewall products were generically bypassed by my simple proof-of-concept malware.
However, don't throw out your Macs just yet! The talk will conclude by presenting several free security tools that can generically detect or even prevent advanced OS X threats. Armed with such tools, we'll ensure that our computers are better protected against both current and future OS X malware.
So unless you work for Apple, come learn how to take your OS X malware skills to the next level and better secure your Mac at the same time!
This presentation from ShmooCon 2016 elaborates on a trivial bypass of Apple’s Gatekeeper, a core OS X security mechanism, which still remains flawed following Apple’s patch efforts to the vulnerabilities previously reported and presented by Patrick Wardle at Virus Bulletin 2015.
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItSynack
DEF CON 23
You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea!
The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now.
Black Hat '15: Writing Bad @$$ Malware for OS XSynack
In comparison to Windows malware, known OS X threats are really quite lame. As an Apple user that has drank the 'Apple Juice,' I didn't think that was fair!
From novel persistence techniques, to native OS X components that can be abused to thwart analysis, this talk will detail exactly how to create elegant, bad@ss OS X malware. And since detection is often a death knell for malware, the talk will also show how OS X's native malware mitigations and 3rd-party security tools were bypassed. For example I'll detail how Gatekeeper was remotely bypassed to allow unsigned download code to be executed, how Apple's 'rootpipe' patch was side-stepped to gain root on a fully patched system, and how all popular 3rd-party AV and personal firewall products were generically bypassed by my simple proof-of-concept malware.
However, don't throw out your Macs just yet! The talk will conclude by presenting several free security tools that can generically detect or even prevent advanced OS X threats. Armed with such tools, we'll ensure that our computers are better protected against both current and future OS X malware.
So unless you work for Apple, come learn how to take your OS X malware skills to the next level and better secure your Mac at the same time!
[DefCon 2016] I got 99 Problems, but Little Snitch ain’t one!Synack
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!Synack
DEF CON 23
Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment).
By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked.
Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware.
DEF CON 23: Internet of Things: Hacking 14 DevicesSynack
DEF CON 23
Internet of Things: Hacking 14 Devices
It is easy to find poorly designed devices with poor security, but how do the market leading devices stack up? Are they more secure than a Linux-powered rifle? This presentation documents our effort to assess the state of security of top selling Internet of Things Devices.
We procured 14 of the leading “connected home” IoT devices and tore them down, all the way from software to hardware and compared their relative security. This talk will demonstrate techniques useful for assessing any IoT device, while showing how they were applied across a wide range of devices.
Attend for stories of device rooting, SSL interception, firmware unpacking, mobile app vulnerabilities and more. Stay to find out why your favorite new gadget might just be a backdoor into your home. If you own (or are considering buying) one of the following devices, come and find out how secure it actually is!
Devices:
Dlink DCS-2132L
Dropcam Pro
Foscam FI9826W
Simplicam
Withings Baby Monitor
Ecobee
Hive
Honeywell Lyric
Nest Thermostat
Nest Protect
Control4 HC-250
Lowes Iris
Revolv
SmartThings
Samsung Smart Refrigerator (model RF28HMELBSR)
Samsung LED Smart TV (model UN32J5205AFXZA)
REASON:
The best thing about this talk is that it covers a large number of devices, all devices which are among the industry leaders for their category.
While we have published the high level findings from assessing these devices, this talk will include full technical details on how to attack each of these devices, and full tech details on any of the vulns which we found. Those details have not yet been released, and will be of interest to anyone who owns or wants to hack any of these devices.
Poc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitianLiang Chen
With the popularity of Apple's system, many OS X kernel vulnerabilities were discovered by fuzzing IOKit. OS X kernel exploitation technology has developed in the past few years, yet recent Apple patches have mitigated most of those technology to avoid generic address leak as well as zone Feng Shui approaches, which, as a result, make harder to exploit OS X kernel vulnerabilities.
In the first part of this talk, we will show several vulnerabilities discovered by KeenTeam whose details have never been published before. Then we conclude about several root causes to Apple IOKit driver's weakness, and how to take advantage of those weakness to find bugs more efficiently.
The second part will cover how to exploit a vulnerability in such case, and how to pave a road from crash to root with the presence of Apple’s new mitigation.
Fire & Ice: Making and Breaking macOS FirewallsPriyanka Aash
"In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.
However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.
This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy' macOS firewalls.
In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).
Of course any security tool, including firewalls, can be broken. After looking at various macOS malware specimens that proactively attempt to detect such firewalls, we'll don our 'gray' (black?) hats to discuss various attacks against these products. And while some attacks are well known, others are currently undisclosed and can generically bypass even today's most vigilant Mac firewalls.
But all is not lost. By proactively discussing such attacks, combined with our newly-found understandings of firewall internals, we can improve the existing status quo, advancing firewall development. With a little luck, such advancements may foil, or at least complicate the lives of tomorrow's sophisticated Mac malware!"
"In today's digital world the mouse, not the pen is arguably mightier than the sword. Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? click ...allowed. Authorize keychain access? click ...allowed. Load 3rd-party kernel extension? click ...allowed. Authorize outgoing network connection? click ...allowed. Luckily security-conscious users will (hopefully) heed such warning dialogues—stopping malicious code in its tracks. But what if such clicks can be synthetically generated and interact with such prompts in a completely invisible way? Well, then everything pretty much goes to hell.
Of course OS vendors such as Apple are keenly aware of this 'attack' vector, and thus strive to design their UI in a manner that is resistant against synthetic events. Unfortunately they failed.
In this talk we'll discuss a vulnerability (CVE-2017-7150) found in all recent versions of macOS that allowed unprivileged code to interact with any UI component including 'protected' security dialogues. Armed with the bug, it was trivial to programmatically bypass Apple's touted 'User-Approved Kext' security feature, dump all passwords from the keychain, bypass 3rd-party security tools, and much more! And as Apple's patch was incomplete (surprise surprise) we'll drop an 0day that (still) allows unprivileged code to post synthetic events and bypass various security mechanisms on a fully patched macOS box!
And while it may seem that such synthetic interactions with the UI will be visible to the user, we'll discuss an elegant way to ensure they happen completely invisibly!"
Как мы взломали распределенные системы конфигурационного управленияPositive Hack Days
В лекции речь пойдет о том, как команда исследователей обнаружила и эксплуатировала уязвимости различных систем конфигурационного управления в ходе пентестов. Авторы представят различные инструменты распределенного управления конфигурациями, например Apache ZooKeeper, HashiCorp Consul и Serf, CoreOS Etcd; расскажут о способах создания отпечатков этих систем, а также о том, как использовать в своих целях типичные ошибки в конфигурации для увеличения площади атак.
As presented at this year's RSA Conference, a 2016 survey of critical infrastructure companies and officials demonstrates that this scenario could be reality. Jay and Julia will take you through the spine-chilling specifics of why the nation's critical infrastructure is at an ever increased risk of cyber attacks as hackers make them their prime target.
[DefCon 2016] I got 99 Problems, but Little Snitch ain’t one!Synack
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!Synack
DEF CON 23
Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment).
By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijacker libraries, or detect if you've been hijacked.
Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware.
DEF CON 23: Internet of Things: Hacking 14 DevicesSynack
DEF CON 23
Internet of Things: Hacking 14 Devices
It is easy to find poorly designed devices with poor security, but how do the market leading devices stack up? Are they more secure than a Linux-powered rifle? This presentation documents our effort to assess the state of security of top selling Internet of Things Devices.
We procured 14 of the leading “connected home” IoT devices and tore them down, all the way from software to hardware and compared their relative security. This talk will demonstrate techniques useful for assessing any IoT device, while showing how they were applied across a wide range of devices.
Attend for stories of device rooting, SSL interception, firmware unpacking, mobile app vulnerabilities and more. Stay to find out why your favorite new gadget might just be a backdoor into your home. If you own (or are considering buying) one of the following devices, come and find out how secure it actually is!
Devices:
Dlink DCS-2132L
Dropcam Pro
Foscam FI9826W
Simplicam
Withings Baby Monitor
Ecobee
Hive
Honeywell Lyric
Nest Thermostat
Nest Protect
Control4 HC-250
Lowes Iris
Revolv
SmartThings
Samsung Smart Refrigerator (model RF28HMELBSR)
Samsung LED Smart TV (model UN32J5205AFXZA)
REASON:
The best thing about this talk is that it covers a large number of devices, all devices which are among the industry leaders for their category.
While we have published the high level findings from assessing these devices, this talk will include full technical details on how to attack each of these devices, and full tech details on any of the vulns which we found. Those details have not yet been released, and will be of interest to anyone who owns or wants to hack any of these devices.
Poc2015 os x_kernel_is_as_strong_as_its_weakest_part_liang_shuaitianLiang Chen
With the popularity of Apple's system, many OS X kernel vulnerabilities were discovered by fuzzing IOKit. OS X kernel exploitation technology has developed in the past few years, yet recent Apple patches have mitigated most of those technology to avoid generic address leak as well as zone Feng Shui approaches, which, as a result, make harder to exploit OS X kernel vulnerabilities.
In the first part of this talk, we will show several vulnerabilities discovered by KeenTeam whose details have never been published before. Then we conclude about several root causes to Apple IOKit driver's weakness, and how to take advantage of those weakness to find bugs more efficiently.
The second part will cover how to exploit a vulnerability in such case, and how to pave a road from crash to root with the presence of Apple’s new mitigation.
Fire & Ice: Making and Breaking macOS FirewallsPriyanka Aash
"In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.
However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.
This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy' macOS firewalls.
In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).
Of course any security tool, including firewalls, can be broken. After looking at various macOS malware specimens that proactively attempt to detect such firewalls, we'll don our 'gray' (black?) hats to discuss various attacks against these products. And while some attacks are well known, others are currently undisclosed and can generically bypass even today's most vigilant Mac firewalls.
But all is not lost. By proactively discussing such attacks, combined with our newly-found understandings of firewall internals, we can improve the existing status quo, advancing firewall development. With a little luck, such advancements may foil, or at least complicate the lives of tomorrow's sophisticated Mac malware!"
"In today's digital world the mouse, not the pen is arguably mightier than the sword. Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? click ...allowed. Authorize keychain access? click ...allowed. Load 3rd-party kernel extension? click ...allowed. Authorize outgoing network connection? click ...allowed. Luckily security-conscious users will (hopefully) heed such warning dialogues—stopping malicious code in its tracks. But what if such clicks can be synthetically generated and interact with such prompts in a completely invisible way? Well, then everything pretty much goes to hell.
Of course OS vendors such as Apple are keenly aware of this 'attack' vector, and thus strive to design their UI in a manner that is resistant against synthetic events. Unfortunately they failed.
In this talk we'll discuss a vulnerability (CVE-2017-7150) found in all recent versions of macOS that allowed unprivileged code to interact with any UI component including 'protected' security dialogues. Armed with the bug, it was trivial to programmatically bypass Apple's touted 'User-Approved Kext' security feature, dump all passwords from the keychain, bypass 3rd-party security tools, and much more! And as Apple's patch was incomplete (surprise surprise) we'll drop an 0day that (still) allows unprivileged code to post synthetic events and bypass various security mechanisms on a fully patched macOS box!
And while it may seem that such synthetic interactions with the UI will be visible to the user, we'll discuss an elegant way to ensure they happen completely invisibly!"
Как мы взломали распределенные системы конфигурационного управленияPositive Hack Days
В лекции речь пойдет о том, как команда исследователей обнаружила и эксплуатировала уязвимости различных систем конфигурационного управления в ходе пентестов. Авторы представят различные инструменты распределенного управления конфигурациями, например Apache ZooKeeper, HashiCorp Consul и Serf, CoreOS Etcd; расскажут о способах создания отпечатков этих систем, а также о том, как использовать в своих целях типичные ошибки в конфигурации для увеличения площади атак.
As presented at this year's RSA Conference, a 2016 survey of critical infrastructure companies and officials demonstrates that this scenario could be reality. Jay and Julia will take you through the spine-chilling specifics of why the nation's critical infrastructure is at an ever increased risk of cyber attacks as hackers make them their prime target.
DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex ...Synack
DEF CON 23
Recently there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection and spoofing capability. I will also demonstrate how an attacker might simulate critical conditions in satellite connected SCADA systems.
In recent years, Globalstar has gained popularity with the introduction of its consumer focused SPOT asset-tracking solutions. During the session, I’ll deconstruct the transmitters used in these (and commercial) solutions and reveal design and implementation flaws that result in the ability to intercept, spoof, falsify, and intelligently jam communications. Due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk.
Colby Moore is Synack's Manager of Special Activities. He works on the oddball and difficult problems that no one else knows how to tackle and strives to embrace the attacker mindset during all engagements. He is a former employee of VRL and has identified countless 0day vulnerabilities in embedded systems and major applications. In his spare time you will find him focusing on that sweet spot where hardware and software meet, usually resulting in very interesting consequences.
Scopriamo insieme i consigli di fotografi professionisti su come scegliere l'album di matrimonio giusto senza il rischio di incappare in spiacevoli sorprese.
Presentation about Sip structural insulated panels from www.large-span.com
contact us by info@large-span.com largespangroup@gmail.com
LARGE SPAN GROUP
TEL: 0086-13333016262, 18731151165
FAX: 0086-18032909635, 18032909637
EMAIL: largespangroup@gmail.com, info@large-span.com
Large-Span group is big stated owned corporation established over 30 years and has certificated by BV, TUV, SGS inspection. As one of the most famous manufacturers in China, we have committed ourselves to developing and producing high quality products, professional suggestions and good services for customers all over the world.
The Multi-barrier Approach to Address Water Quality and Disease PreventionMadelyn Skinner
How can you eliminate waterborne hospital acquired infections (HAIs) by choosing the right water treatment? Popular chemical treatments, like monochloramine, cause harmful byproducts and have little effect. Learn about copper silver ionization, and how the multi-barrier approach protects the people in your facility. Get introduced to the CDC and ASHRAE 188 and learn how to follow ethical practices.
ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)Alexandre Borges
Malware threats have been impacting the way that companies make and protect their business. In general, most of companies have bought several different products to compose their infrastructure and defense line, but they are only efficient against known and simple threats. Curiously, most infections start through simple vector such as a malicious document or a simple fishing. However, the problem is another one: what kind of malware a simple dropper can download in the system? Most ring 3 threats are visible, but some of them are not. Additionally, ring 0 threats are usually very dangerous because they work under the radar, compromising deeply the system and bypassing my protection. Worse, they can make the monitoring tools useless and open the way to advanced threats like BIOS/UEFI malware. What kind of techniques are used by these threats? What protections do we have? This presentation aims to show and explain some techniques used by malware advanced threats and protections against them.
Slides from my beginner level talk on FRIDA and its usage while Pentesting Android Applications. Covers topics like Installation of Frida and Bypassing Pinning and Root Detection using Frida.
This Presentation will give u information about Android :
1. Creating an Activity Declaring the activity in the manifest
2. Starting an Activity Starting an activity for a result Shutting
3. Down an Activity Managing the Activity Lifecycle Implementing the lifecycle callbacks Saving
4. activity state Handling configuration changes
Deploying Spring Boot applications with Docker (east bay cloud meetup dec 2014)Chris Richardson
This presentation describes how to deploy a Spring Boot-based microservice using Docker.
See http://plainoldobjects.com/2014/11/16/deploying-spring-boot-based-microservices-with-docker/
Maxim Salnikov - Service Worker: taking the best from the past experience for...Codemotion
There is no doubt that 2018 is the year when Progressive Web Apps will get the really broad adoption and recognition by all the involved parties: browser vendors (finally, all the major ones), developers, users. And the speed and smoothness of this process heavily depend on how correctly we, developers, use the power of new APIs. In my session based on the accumulated experience of developing and maintaining PWAs we go through the list of advanced tips & tricks, showcase best practices, learn how to avoid common pitfalls and have a look at the latest browser support and known limitations.
Docker and Maestro for fun, development and profitMaxime Petazzoni
Presentation on MaestroNG, an orchestration and management tool for multi-host container deployments with Docker.
#lspe meetup, February 20th, 2014 at Yahoo!'s URL café.
Burn down the silos! Helping dev and ops gel on high availability websitesLindsay Holmwood
HA websites are where the rubber meets the road - at 200km/h. Traditional separation of dev and ops just doesn't cut it.
Everything is related to everything. Code relies on performant and resilient infrastructure, but highly performant infrastructure will only get a poorly written application so far. Worse still, root cause analysis in HA sites will more often than not identify problems that don't clearly belong to either devs or ops.
The two options are collaborate or die.
This talk will introduce 3 core principles for improving collaboration between operations and development teams: consistency, repeatability, and visibility. These principles will be investigated with real world case studies and associated technologies audience members can start using now. In particular, there will be a focus on:
- fast provisioning of test environments with configuration management
- reliable and repeatable automated deployments
- application and infrastructure visibility with statistics collection, logging, and visualisation
How dorma+kaba leverages and deploys on CloudFoundry - CloudFoundry Summit Eu...Adriano Raiano
DORMA Group and Kaba Group, merged to form dorma+kaba in September 2015. The merger has created one of the top three companies in the global market for security and access solutions, with pro forma sales of more than CHF 2 billion and around 16,000 employees. dorma+kaba is active in over 50 countries and has a presence, through both production sites and distribution and service offices, in all relevant markets. In this presentation, you will take part of the journey of how dorma+kaba is leveraring Cloud Foundry for their access control as a service "exivo" and how they deploy on it.
Cloud Foundry makes it exceptionally simple to deploy and manage applications with simple commands like 'cf push'. However, as your application grows in complexity and the number of deployed components explodes it becomes difficult to keep an overview of the required services and bindings. Many organisations, like dorma+kaba, face these challenges sooner or later, especially with microservices architecture. Starting from the naive idea of automating deployments using shell scripts wrapping the Cloud Foundry cli, the pitfalls encountered with this approach, and the evolution towards sophisticated and reliable tooling. Finally dorma+kaba built their open framework to deploy 80+ applications through multiple deployment stages including production and open sourced it during the CF Summit
In dieser Session werfen wir einen Blick auf die Android Platform jenseits der Dalvik VM. Wir entdecken den Android Source Code und erklären wo sich interessante Beispiele und Referenzen für App-Entwickler sowie nützliche Tools verbergen. Ein High-Level Überblick über die Platform-Architektur und das Platform-Build-System runden die Session ab.
Node Interactive: Node.js Performance and Highly Scalable Micro-ServicesChris Bailey
The fundamental performance characteristics of Node.js, along with the improvements driven through the community benchmarking workgroup, makes Node.js ideal for highly performing micro-service workloads. Translating that into highly responsive, scalable solutions however is still far from easy. This session will discuss why Node.js is right for micro-services, introduce the best practices for building scalable deployments, and show you how to monitor and profile your applications to identify and resolve performance bottlenecks.
Software is changing the world. CGC is a Common Gateway Coding as the name says, it is a "common" language approach for almost everything. I want to show how a multi-language approach to infrastructure as code using general purpose programming languages lets cloud engineers and code producers unlocking the same software engineering techniques commonly used for applications.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. “leverages the best combination of humans and technology to discover
security vulnerabilities in our customers’ web apps, mobile apps, IoT
devices and infrastructure endpoints”
WHOIS
@patrickwardle
security for the
21st century
career
hobby
3. {all aspects of gatekeeper
OUTLINE
Gatekeeper
fixing?bypassingunderstanding
5. ...os x trojans everywhere? everywhere!
LIFE BEFORE GATEKEEPER
2009 2012
gatekeeper
2006
leap-‐a
2007
rsplug
2008
macsweeper
hovdy-‐a
rkosx-‐a
jahlav-‐a
iworks-‐a
2010
pinhead
boonana
opinionspy
2011
macdefender
qhost
PDF
revir
devilrobber
countless OS X users infected
6. as there is no patch for human stupidity ;)
GATEKEEPER AIMS TO PROTECT
Gatekeeper is a built-in anti-malware feature of OS X (10.7+)
"If a [downloaded] app was developed by an unknown
developer—one with no Developer ID—or tampered with,
Gatekeeper can block the app from being installed" -apple.com
TL;DR
block
unauthorized
code
from
the
internet
only option!
7. ...from low-tech adversaries
GATEKEEPER PROTECT USERS
fake codecs
fake installers/updates
infected torrents
rogue "AV" products
???
poor naive users!
"Gatekeeper Slams the Door on Mac
Malware Epidemics" -tidbits.com
8. ...from high-tech adversaries
GATEKEEPER PROTECTS USERS
LittleSnitch
Sophos
ClamXav
Q1 2015: all security software,
I downloaded -> served over HTTP :(
MitM + infect
insecure downloads
my dock
9. an overview
HOW GATEKEEPER WORKS
quarantine attributes
//attributes
$
xattr
-‐l
~/Downloads/malware.app
com.apple.quarantine:0001;534e3038;
Safari;
B8E3DA59-‐32F6-‐4580-‐8AB3...
quarantine attribute
added
gatekeeper settings
iff quarantine
attribute is set!
gatekeeper in action
10. simply put; file metadata
EXTENDED FILE ATTRIBUTES
dumping quarantine attributes
$
xattr
-‐l
~/Downloads/eicar.com.txt
com.apple.metadata:kMDItemWhereFroms:
00000000
62
70
6C
69
73
74
30
30
A2
01
02
5F
10
2B
68
74
|bplist00..._.+ht|
00000010
74
70
3A
2F
2F
77
77
77
2E
65
69
63
61
72
2E
6F
|tp://www.eicar.o|
00000020
72
67
2F
64
6F
77
6E
6C
6F
61
64
2F
65
69
63
61
|rg/download/eica|
00000030
72
2E
63
6F
6D
2E
74
78
74
5F
10
27
68
74
74
70
|r.com.txt_......|
com.apple.quarantine:
0001;55ef7b62;Google
Chrome.app;3F2688DE-‐C34D-‐4953-‐8AF1-‐4F8741FC1326
dump w/ xattr command
extended attr.
(com.apple.*) brief details
FinderInfo information for Finder.app (such as folder colors)
metadata Spotlight data, such as download location & version info
quarantine indicates that file is from an 'untrusted' source (internet)
Jonathan Levin
"Mac OS X & iOS Internals"
11. realized by the com.apple.quarantine file attribute
'FILE QUARANTINE'
//dictionary for quarantine attributes
NSDictionary* quarantineAttributes = nil;
//get attributes
[fileURL getResourceValue:&quarantineAttributes
forKey:NSURLQuarantinePropertiesKey error:NULL];
added in Leopard "file from internet"
$
dumpAttrs
~/Downloads/eicar.com.txt
LSQuarantineAgentBundleIdentifier
=
"com.google.Chrome";
LSQuarantineAgentName
=
"Google
Chrome.app";
LSQuarantineDataURL
=
"http://www.eicar.org/download/eicar.com.txt";
LSQuarantineEventIdentifier
=
"3F2688DE-‐C34D-‐4953-‐8AF1-‐4F8741FC1326";
LSQuarantineOriginURL
=
"http://www.eicar.org/85-‐0-‐Download.html";
LSQuarantineTimeStamp
=
"2015-‐09-‐09
00:20:50
+0000";
LSQuarantineType
=
LSQuarantineTypeWebDownload;
dumping a file's
com.apple.quarantine attribute
note; not gatekeeper
file quarantine in action
code to get attributes
13. apps can manually add it
SETTING THE QUARANTINE ATTRIBUTE
-(void)setQAttr:(NSString*)localFile
{
//quarantine attributes dictionary
NSMutableDictionary* quarantineAttributes = [NSMutableDictionary dictionary];
//add agent bundle id
quarantineAttributes[kLSQuarantineAgentBundleIdentifierKey] = [[NSBundle mainBundle] bundleIdentifier];
//add agent name
quarantineAttributes[kLSQuarantineAgentNameKey] = [[[NSBundle mainBundle] infoDictionary] objectForKey:kCFBundleNameKey];
...
//manually add quarantine attributes to file
[[NSURL fileURLWithPath:localFile] setResourceValues:@{NSURLQuarantinePropertiesKey: quarantineAttributes} error:NULL];
return;
}
$
xattr
-‐l
~/Downloads/eicar.com.txt
com.apple.quarantine:
0000;55efddeb;downloader;ED9BFEA8-‐10B1-‐48BA-‐87AF-‐623EA7599481
$
dumpAttrs
~/Downloads/eicar.com.txt
LSQuarantineAgentBundleIdentifier
=
"com.synack.downloader";
LSQuarantineAgentName
=
downloader;
LSQuarantineDataURL
=
"http://www.eicar.org/download/eicar.com.txt";
LSQuarantineEventIdentifier
=
"ED9BFEA8-‐10B1-‐48BA-‐87AF-‐623EA7599481";
LSQuarantineTimeStamp
=
"2015-‐09-‐09
07:21:15
+0000";
LSQuarantineType
=
LSQuarantineTypeWebDownload;
consts in LSQuarantine.h
manually set, quarantine attribute
code to set a file's quarantine attribute
14. or, apps can generically tell the OS to add it
SETTING THE QUARANTINE ATTRIBUTE
$
xattr
-‐l
~/Downloads/eicar.com.txt
com.apple.quarantine:
0000;55f139c4;downloader.app;
$
dumpAttrs
~/Downloads/eicar.com.txt
LSQuarantineAgentName
=
"downloader.app";
LSQuarantineTimeStamp
=
"2015-‐09-‐10
08:05:24
+0000";
automatically (OS) set, quarantine attribute
Info.plist keys: LSFileQuarantineEnabled
"When the value of this key is true, all files created by the
application process will be quarantined by OS X" -apple.com
app's Info.plist file updated (LSFileQuarantineEnabled)
$
grep
-‐A
1
LSFileQuarantineEnabled
Info.plist
<key>LSFileQuarantineEnabled</key>
<true/>
15. an overview
GATEKEEPER IN ACTION
Finder.app
LaunchServices
framework
Quarantine.kext
XPC request
XPC request
CoreServicesUIAgent
XProtect framework
Launchd
23. ...unauthorized code should be blocked!
RECALL; GATEKEEPER AIMS TO PROTECT
block
unauthorized
code
from
the
internet
gatekeeper in action
XcodeGhost
24. binaries downloaded via exploits
GATEKEEPER SHORTCOMINGS
"exploit payload
downloads"
"malware that comes onto the system through vulnerabilities...bypass
quarantine entirely. The infamous Flashback malware, for example, used
Java vulnerabilities to copy executable files into the system. Since this
was done behind the scenes, out of view of quarantine, those executables
were able to run without any user interactions" -www.thesafemac.com
} download via
shellcode
25. downloading app, must 'support' quarantine attribute
GATEKEEPER SHORTCOMINGS
"the quarantine system relies on the app being used for downloading
doing things properly. Not all do, and this can result in the quarantine flag
not being set on downloaded files" -www.thesafemac.com
$
xattr
-‐p
com.apple.quarantine
Adobe
Photoshop
CC
2014.dmg
xattr:
Adobe
Photoshop
CC
2014.dmg:
No
such
xattr:
com.apple.quarantine
no quarantine attribute :(
vb201410-iWorm.pdf
iWorm infected applications
uTorrent
attribute added?
26. allowing unsigned code to execute
GATEKEEPER BYPASSES
2014
2015
CVE
2014-‐8826
(patched)
CVE
2015-‐3715
(patched)
today "runtime shenanigans"
dylib hijacking
malicious jar file
required java
}default OS install
unpatched
27. (dylib) hijacking external content
GATEKEEPER BYPASS 0X1 (CVE 2015-3715)
find an signed app that contains an external, relative dependency to a
hijackable dylib
create a .dmg/.zip with the necessary folder structure (i.e. placing the
malicious dylib in the externally referenced location)
host online or inject
verified, so can't
modify
.dmg/.zip layout
(signed) application
<external>.dylibgatekeeper only verified
the app bundle!
wasn't verified!
white paper
www.virusbtn.com/dylib
28. a signed app that contains an external dependency to hijackable dylib
GATEKEEPER BYPASS 0X1 (CVE 2015-3715)
$
spctl
-‐vat
execute
/Applications/Xcode.app/Contents/Applications/Instruments.app
Instruments.app:
accepted
source=Apple
System
$
otool
-‐l
Instruments.app/Contents/MacOS/Instruments
Load
command
16
cmd
LC_LOAD_WEAK_DYLIB
name
@rpath/CoreSimulator.framework/Versions/A/CoreSimulator
Load
command
30
cmd
LC_RPATH
path
@executable_path/../../../../SharedFrameworks
spctl tells you if gatekeeper will accept the app
Instruments.app - fit's the bill
29. create a .dmg with the necessary layout
GATEKEEPER BYPASS 0X1 (CVE 2015-3715)
required directory structure
'clean up' the .dmg
‣ hide files/folder
‣ set top-level alias to app
‣ change icon & background
‣ make read-only
(deployable) malicious .dmg
31. runtime shenanigans
GATEKEEPER BYPASS 0X2
find any signed app that at runtime, loads and executes a relatively
external binary
create a .dmg/.zip with the necessary folder structure (i.e. placing the
malicious binary in the externally referenced location)
verified, so can't
modify
.dmg/.zip layout
(signed) -application
<external> binary
gatekeeper only statically
verifies the app bundle!
(still) isn't verified!
host online/inject into insecure downloads
32. example 1: Adobe (Photoshop, etc)
GATEKEEPER BYPASS 0X2
Q:
Can
I
add/modify
files
in
my
signed
(app)
bundle?
3rd party plugins, etc.
-> go outside the bundle!
A: "This is no longer allowed. If you must modify your bundle, do it
before signing. If you modify a signed bundle, you must re-sign it
afterwards. Write data into files outside the bundle" -apple.com
app bundle
validates!
NSString* pluginDir = APPS_DIR + @"../Plug-ins";
for(NSString* plugins in pluginDir)
{
//load plugin dylib!
}
plugin loading pseudo code
not validated
gatekeeperiWorm
vs.
movie time!
}
Adobe Photoshop
33.
34. example 2: Apple (redacted)
GATEKEEPER BYPASS 0X2
//execute reacted
redacted()
{
//redacted
redacted = redacted()
execv(redacted, ....)
}
//redacted
char* redacted()
{
//redacted
redacted = redacted()
//redacted
redacted = redacted(redacted)
...
//redacted
return redacted
}
$
spctl
-‐vat
execute
redacted/redacted/redacted/redacted
redacted/redacted/redacted/redacted:
accepted
source=Apple
System
gatekeeper, happy with redacted
$
xattr
-‐l
*
redacted:
com.apple.quarantine:
0001;55ee3bea;Googlex20Chrome.app
redacted:
com.apple.quarantine:
0001;55ee3bea;Googlex20Chrome.app
$
codesign
-‐dvv
redacted
redacted:
code
object
is
not
signed
at
all
...but redacted is unsigned
redacted's pseudo code
35. example 2: Apple (redacted)
GATEKEEPER BYPASS 0X2
gatekeeper setting's (max.)
alias to redacted
...name & icon attacker controlled
apple-signed redacted
.app extension prevents Terminal.app popup
unsigned redacted
command-line executable
unsigned application
only visible item
}hide
unsigned code execution
.dmg setup
37. a suggestion to thwart runtime bypasses?
VALIDATE ALL BINARIES AT RUNTIME!
Quarantine.kext
or
executable dylib
exec hook
dlopen hook
}
BOOL isQuarantined()
{
//get flags
call _quarantine_get_flags
test eax, eax
jz notQ
//first time exec/loaded?
and eax, 40h
jz notQ
//file has quarantine bit set!
// ->log & return TRUE, to alert
}
checking quarantine attributeetc...
alert on all unauthorized code
39. GATEKEEPER
theory (or, apple marketing)
protects naive OS X users
from attackers
protects naive OS X users
from lame attackers
"omg, my mac is so secure,
no need for AV" -mac users
GATEKEEPER
the unfortunate reality
highly recommend;
3rd-party security tools
& false sense
of security?
40. MY CONUNDRUM
…I love my mac, but it's so easy to hack
"No one is going to provide you a quality service for nothing. If
you’re not paying, you’re the product." -unnamed AV company
i beg to differ!
+ I should write some OS X security tools
to protect my Mac
....and share 'em freely :)
41. free security tools & malware samples
OBJECTIVE-SEE
os x malware samples
KnockKnock BlockBlock TaskExplorer