The document discusses different types of denial of service (DoS) attacks against web servers, focusing on Slowloris, Slow Post, and Slow Read attacks. Slowloris keeps connections open by sending partial HTTP requests and headers. Slow Post sends complete headers but an incomplete message body. Slow Read maliciously throttles the receipt of large HTTP responses to tie up server resources. These low-bandwidth attacks can be effective at consuming connection pools and overloading servers. The document provides details on how each attack works and recommendations for detection and mitigation techniques.
HTTP Request Smuggling via higher HTTP versionsneexemil
This document summarizes HTTP request smuggling vulnerabilities. It explains how an attacker can craft a single HTTP request that is parsed differently by the frontend and backend servers, allowing the backend to interpret additional hidden requests. Several exploitation techniques and detection methods are described, including issues that can arise with HTTP/1, HTTP/2, and protocols like WebSockets. Automated testing tools have been developed but further research is still needed to fully understand and prevent these attacks.
Zombilizing The Web Browser Via Flash Player 9thaidn
This document summarizes potential vulnerabilities in Adobe Flash Player 9 that could allow a malicious SWF file to bypass the same-origin policy and control a victim's web browser. It describes how the Flash Player Socket class could be used to perform port scanning or relay sockets without permission. It also explains how DNS spoofing could trick the Flash Player into granting a SWF file access to a different domain. An actual malware program called "FlashBot" is presented that leverages these techniques to turn infected browsers into a botnet to perform tasks instructed by a command and control server. Workarounds like disabling Flash or using a firewall are suggested to prevent exploitation.
How you can benefit from using Redis - RamirezCodemotion
The document discusses how Redis can be used and its benefits. Redis is an open source, BSD licensed key-value store that can be used as an advanced data structure server since keys can contain strings, hashes, lists, sets and sorted sets. It describes how Redis is very fast, useful for caching, and commonly used by large companies like Twitter, Pinterest, Wikipedia and others to power their infrastructure. Examples of how Redis is used include storing user timelines and profiles, caching query results, and as a message broker for pub/sub features.
Curl is an open source command line tool and library for transferring data with various internet protocols. It supports many protocols including HTTP, HTTPS, FTP, FTPS, SFTP, SCP, SMTP, IMAP, POP3, and more. Curl has over 2,000 contributors and is widely used across operating systems like Linux, Windows, macOS, and others. The presentation discussed curl's history, features, usage examples, and how it can be used to mimic browser behavior and inspect HTTPS traffic.
Side-Channels on the Web: Attacks and DefensesTom Van Goethem
In this presentation we explore various side-channel attacks in the Web that can be used to leak information on cross-origin responses. These so-called XS-Leaks issues may allow an adversary to extract sensitive information from an unwitting visitor, ranging from personal information this victim shared with social media networks to CSRF tokens, which may lead to full account takeover.
Finally, we discuss the various defenses that can be used to harden web applications against the different types of attacks.
Daniel Stenberg gave a presentation on the evolution of HTTP from versions 1 to 2 to the upcoming version 3. He explained the problems with HTTP/1 and how HTTP/2 aimed to address these by using a single TCP connection with multiple streams. However, middleboxes in the internet slow the adoption of upgrades. QUIC was developed as a new transport protocol to run over UDP and enable always-encrypted connections with fewer head-of-line blocking problems. HTTP/3 defines how HTTP can be run over QUIC, providing features like independent streams and faster handshakes while keeping the basic request-response model of HTTP the same. Several challenges around implementations and tooling remain before HTTP/3 is widely adopted.
HTTP Request Smuggling via higher HTTP versionsneexemil
This document summarizes HTTP request smuggling vulnerabilities. It explains how an attacker can craft a single HTTP request that is parsed differently by the frontend and backend servers, allowing the backend to interpret additional hidden requests. Several exploitation techniques and detection methods are described, including issues that can arise with HTTP/1, HTTP/2, and protocols like WebSockets. Automated testing tools have been developed but further research is still needed to fully understand and prevent these attacks.
Zombilizing The Web Browser Via Flash Player 9thaidn
This document summarizes potential vulnerabilities in Adobe Flash Player 9 that could allow a malicious SWF file to bypass the same-origin policy and control a victim's web browser. It describes how the Flash Player Socket class could be used to perform port scanning or relay sockets without permission. It also explains how DNS spoofing could trick the Flash Player into granting a SWF file access to a different domain. An actual malware program called "FlashBot" is presented that leverages these techniques to turn infected browsers into a botnet to perform tasks instructed by a command and control server. Workarounds like disabling Flash or using a firewall are suggested to prevent exploitation.
How you can benefit from using Redis - RamirezCodemotion
The document discusses how Redis can be used and its benefits. Redis is an open source, BSD licensed key-value store that can be used as an advanced data structure server since keys can contain strings, hashes, lists, sets and sorted sets. It describes how Redis is very fast, useful for caching, and commonly used by large companies like Twitter, Pinterest, Wikipedia and others to power their infrastructure. Examples of how Redis is used include storing user timelines and profiles, caching query results, and as a message broker for pub/sub features.
Curl is an open source command line tool and library for transferring data with various internet protocols. It supports many protocols including HTTP, HTTPS, FTP, FTPS, SFTP, SCP, SMTP, IMAP, POP3, and more. Curl has over 2,000 contributors and is widely used across operating systems like Linux, Windows, macOS, and others. The presentation discussed curl's history, features, usage examples, and how it can be used to mimic browser behavior and inspect HTTPS traffic.
Side-Channels on the Web: Attacks and DefensesTom Van Goethem
In this presentation we explore various side-channel attacks in the Web that can be used to leak information on cross-origin responses. These so-called XS-Leaks issues may allow an adversary to extract sensitive information from an unwitting visitor, ranging from personal information this victim shared with social media networks to CSRF tokens, which may lead to full account takeover.
Finally, we discuss the various defenses that can be used to harden web applications against the different types of attacks.
Daniel Stenberg gave a presentation on the evolution of HTTP from versions 1 to 2 to the upcoming version 3. He explained the problems with HTTP/1 and how HTTP/2 aimed to address these by using a single TCP connection with multiple streams. However, middleboxes in the internet slow the adoption of upgrades. QUIC was developed as a new transport protocol to run over UDP and enable always-encrypted connections with fewer head-of-line blocking problems. HTTP/3 defines how HTTP can be run over QUIC, providing features like independent streams and faster handshakes while keeping the basic request-response model of HTTP the same. Several challenges around implementations and tooling remain before HTTP/3 is widely adopted.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
NotaCon 2011 - Networking for PentestersRob Fuller
This document provides introductions and background information for two presenters, JP Bourget and Rob Fuller, for a presentation on networking for pentesters. JP Bourget has a background in IT, computer security and information assurance. He currently works in network and security management and also teaches networking and security classes. Rob Fuller has 10 years experience in information security and IT, including work as a network attack operator and penetration tester. The presentation agenda includes topics like networking, information operations, vulnerability hunting, exploitation, persistence and pivoting.
The document discusses DDoS attacks and countermeasures. It begins with an overview of common DDoS attack types like botnet attacks and distributed reflected DNS attacks. It then discusses challenges like how easy it is to build botnets and buy them online. The document also covers the xFlash attack technique and new capabilities in Flash 9. The second part discusses countermeasures, emphasizing performance tuning, caching, scalability through architecture like shared nothing, and implementing defense in depth. It concludes by thanking the audience and asking for questions.
This document discusses DNS cache poisoning. It begins by explaining what DNS is and its purpose of mapping domain names to IP addresses. It then discusses how DNS servers implement caching to improve performance and defines DNS cache poisoning as getting unauthorized entries into a DNS server's cache. The document outlines how an attacker could poison a cache to redirect traffic to a machine they control in order to perform man-in-the-middle attacks or install malware. It describes various methods of poisoning caches locally or remotely, such as between end users and nameservers or between nameservers themselves using the Kaminsky attack. Defenses like DNSSEC are mentioned along with encouragement to try cache poisoning in a controlled lab environment.
1) The document proposes using Google Drive as an indirect communication channel between the BeEF command server and hooked browsers to avoid detection. BeEF normally requires direct communication but this could be tracked.
2) The approach works by having each hooked browser pull commands from and upload results to its own folder on Google Drive. The BeEF command server coordinates by updating files on Google Drive.
3) Authentication is required to access Google Drive via its API. The proposed system uses multiple API keys to allow the client and server to read/write to the shared Google Drive folder for each hooked browser.
A @textfiles approach to gathering the world's DNSRob Fuller
This document discusses using DNS records to gather intelligence about companies and domains. It describes using tools like ARIN lookups, zone transfers, mass DNS resolution, and parsing the results to build a database of DNS information called DeepMagic. The goal is to have a single source of as much DNS data as possible about a target domain without directly interacting with its servers.
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
Leveraging DNS data to detect new Internet threats has been gaining in popularity in the past few years. However, most industry and academic work examines DNS solely from the authoritative layer through the use of passive DNS. This presentation covers three novel methods that can be used to detect network threats at an Internet scale by analyzing DNS traffic below and above the recursive layer, monitoring malware hosting IP infrastructures, and applying graph analytics on DNS lookup patterns.
Phreebird Suite 1.0: Introducing the Domain Key InfrastructureDan Kaminsky
Phreebird Suite 1.0 introduces the Domain Key Infrastructure through DNSSEC to enable easy and secure authentication across domains. It includes Phreebird, a zero configuration DNSSEC server that can sign responses in real-time without requiring offline key generation or zone signing. It also includes Phreeload, which integrates DNSSEC validation into OpenSSL using LD_PRELOAD to enable end-to-end security for applications. The suite aims to make DNSSEC easy to deploy and leverage its authentication capabilities to enable new secure cross-domain applications.
The document appears to be notes for a book on web application security. It includes an index listing chapter topics such as HTTP, sessions, and the same origin policy. Chapter sections discuss the basics of HTTP requests and responses, status codes, headers, methods, and REST vs SOAP. Other topics covered include how sessions are implemented using cookies to maintain state, same origin policy restrictions, and an appendix about TLS/SSL.
1. The document discusses DNS cache poisoning using a man-in-the-middle attack. It provides details on setting up the attack using Kali Linux, Windows Server 2008, and Windows 7. It clones the Facebook website and poisons the DNS cache so traffic is redirected to the fake site.
2. Testing confirms the attack was successful when pinging the fake Facebook site returns the IP of the Kali machine for both Windows systems. The document also proposes short and long-term solutions to prevent DNS cache poisoning attacks, such as disabling open recursive name servers and implementing DNSSEC.
3. In conclusion, the document notes that while DNS cache poisoning is easy to setup, protection requires more effort but is still important for network
Using techniques like ARP spoofing and NAT, it is possible to acquire an IP address and internet access on a network without a DHCP server. By intercepting traffic between an existing node and gateway, one can insert themselves as the "man in the middle" and route traffic through a NAT configuration using the hijacked node's IP address. This allows acquiring internet access without a free IP address by multiplexing sessions through the NAT. Scanrand port scanning observations can also reveal network topology details like firewall locations through analysis of TTL values.
This document discusses DNS DDoS attack types and defenses. It describes the history of major DNS DDoS attacks from 2012 to 2013, including attacks against Spamhaus and GoDaddy. It then analyzes different DNS DDoS attack types like bandwidth consuming attacks, massive query attacks, amplification attacks using open resolvers, and attacks using non-existent domain queries. Finally, it discusses defenses like packet filtering, rate limiting, response rate limiting (RRL), and distributing DNS infrastructure.
This document discusses how to launch and defend against DDoS attacks. It explains that DDoS attacks are easy to conduct using tools that allow for spoofing of IP addresses. It also describes how protocols like UDP and DNS amplification attacks can be used to launch large attacks. The document then provides recommendations for how to defend against DDoS attacks, including using a global network with anycast, hiding your origin IP, separating protocols by IP, and working closely with your upstream provider.
This document discusses DNS cache poisoning vulnerabilities, including:
- Explanations of how cache poisoning works by entering non-authoritative records into a resolver's cache.
- A timeline of vulnerabilities discovered from 1993-2008 related to implementation issues that allowed cache poisoning.
- Countermeasures like DNSSEC that add authentication and integrity to DNS to prevent cache poisoning attacks.
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...OpenDNS
The document discusses tracking infrastructure related to malware botnets through passive monitoring and active probing techniques. It provides an overview of tracking systems used to monitor the Gameover Zeus (GOZ) and newGOZ botnets. Specific case studies are described on tracking the fast flux proxy network of the Zbot botnet and predicting and identifying command and control domains generated by the domain generation algorithm (DGA) of the newGOZ botnet.
"How to use fiddler" This presentation will be help you, if you first user about fiddler. Some presentation's page has gammer error then, Please, Email me with feedback, i will fix it quickly. Thanks for your watching
writter's email : dydwls121200@gmail.com
I'm a student in korea.
Exactly There are lots of grammer error. .
Presentation material for TokyoRubyKaigi11.
Describes techniques used by H2O, including: techniques to optimize TCP for responsiveness, server-push and cache digests.
ION Tokyo slides for "The Business Case for Implementing DNSSEC" by Dan York (Internet Society).
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Chanaka Lasantha
This document provides instructions for configuring various server applications and services on a Linux server including Apache, PHP, MySQL, FTP, SSL, IPTables, PHPMyAdmin, and server monitoring. It discusses installing and configuring each of these applications and services individually with specific configuration details. The document is intended to provide a complete solution for setting up these common LAMP stack components and services on a Linux server.
This talk focuses on various ways to attempt to be as much like normal users/behavior/traffic as possible. We also demonstrate the limitations of signature-based detection systems and then discuss a prototype Remote Access Tool (RAT) that is designed to blend in with normal activity.
Presented at CodeMash, January 8, 2014
Skynet is a Tor-based botnet that spreads via Usenet downloads and has capabilities including Tor communication, credential grabbing, DDoS attacks, IRC, and Bitcoin mining. It comprises around 15MB and includes components like a Tor client, Zeus bot, CGMiner, and OpenCL.dll. The botnet sizes is estimated at over 12,000 infected systems spread globally. The document discusses the botnet's command and control panels and provides examples of IRC commands. It also covers the botnet's Bitcoin mining behavior and potential future adoption of Tor by other botnets.
Почему не работает Wi-Fi? Ошибки при проектировании сетиSkillFactory
Презентация для вебинара от 24.04.2014.
Специалист компании Fluke Networks Виталий Белявцев – о том, какие типовые ошибки совершают специалисты при работе с Wi-Fi, как правильно спроектировать и развернуть беспроводную сеть, а также какие инструменты помогут вам в этом деле.
Запись вебинара на Youtube: http://www.youtube.com/watch?v=mmffo4JbVjU
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
NotaCon 2011 - Networking for PentestersRob Fuller
This document provides introductions and background information for two presenters, JP Bourget and Rob Fuller, for a presentation on networking for pentesters. JP Bourget has a background in IT, computer security and information assurance. He currently works in network and security management and also teaches networking and security classes. Rob Fuller has 10 years experience in information security and IT, including work as a network attack operator and penetration tester. The presentation agenda includes topics like networking, information operations, vulnerability hunting, exploitation, persistence and pivoting.
The document discusses DDoS attacks and countermeasures. It begins with an overview of common DDoS attack types like botnet attacks and distributed reflected DNS attacks. It then discusses challenges like how easy it is to build botnets and buy them online. The document also covers the xFlash attack technique and new capabilities in Flash 9. The second part discusses countermeasures, emphasizing performance tuning, caching, scalability through architecture like shared nothing, and implementing defense in depth. It concludes by thanking the audience and asking for questions.
This document discusses DNS cache poisoning. It begins by explaining what DNS is and its purpose of mapping domain names to IP addresses. It then discusses how DNS servers implement caching to improve performance and defines DNS cache poisoning as getting unauthorized entries into a DNS server's cache. The document outlines how an attacker could poison a cache to redirect traffic to a machine they control in order to perform man-in-the-middle attacks or install malware. It describes various methods of poisoning caches locally or remotely, such as between end users and nameservers or between nameservers themselves using the Kaminsky attack. Defenses like DNSSEC are mentioned along with encouragement to try cache poisoning in a controlled lab environment.
1) The document proposes using Google Drive as an indirect communication channel between the BeEF command server and hooked browsers to avoid detection. BeEF normally requires direct communication but this could be tracked.
2) The approach works by having each hooked browser pull commands from and upload results to its own folder on Google Drive. The BeEF command server coordinates by updating files on Google Drive.
3) Authentication is required to access Google Drive via its API. The proposed system uses multiple API keys to allow the client and server to read/write to the shared Google Drive folder for each hooked browser.
A @textfiles approach to gathering the world's DNSRob Fuller
This document discusses using DNS records to gather intelligence about companies and domains. It describes using tools like ARIN lookups, zone transfers, mass DNS resolution, and parsing the results to build a database of DNS information called DeepMagic. The goal is to have a single source of as much DNS data as possible about a target domain without directly interacting with its servers.
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
Leveraging DNS data to detect new Internet threats has been gaining in popularity in the past few years. However, most industry and academic work examines DNS solely from the authoritative layer through the use of passive DNS. This presentation covers three novel methods that can be used to detect network threats at an Internet scale by analyzing DNS traffic below and above the recursive layer, monitoring malware hosting IP infrastructures, and applying graph analytics on DNS lookup patterns.
Phreebird Suite 1.0: Introducing the Domain Key InfrastructureDan Kaminsky
Phreebird Suite 1.0 introduces the Domain Key Infrastructure through DNSSEC to enable easy and secure authentication across domains. It includes Phreebird, a zero configuration DNSSEC server that can sign responses in real-time without requiring offline key generation or zone signing. It also includes Phreeload, which integrates DNSSEC validation into OpenSSL using LD_PRELOAD to enable end-to-end security for applications. The suite aims to make DNSSEC easy to deploy and leverage its authentication capabilities to enable new secure cross-domain applications.
The document appears to be notes for a book on web application security. It includes an index listing chapter topics such as HTTP, sessions, and the same origin policy. Chapter sections discuss the basics of HTTP requests and responses, status codes, headers, methods, and REST vs SOAP. Other topics covered include how sessions are implemented using cookies to maintain state, same origin policy restrictions, and an appendix about TLS/SSL.
1. The document discusses DNS cache poisoning using a man-in-the-middle attack. It provides details on setting up the attack using Kali Linux, Windows Server 2008, and Windows 7. It clones the Facebook website and poisons the DNS cache so traffic is redirected to the fake site.
2. Testing confirms the attack was successful when pinging the fake Facebook site returns the IP of the Kali machine for both Windows systems. The document also proposes short and long-term solutions to prevent DNS cache poisoning attacks, such as disabling open recursive name servers and implementing DNSSEC.
3. In conclusion, the document notes that while DNS cache poisoning is easy to setup, protection requires more effort but is still important for network
Using techniques like ARP spoofing and NAT, it is possible to acquire an IP address and internet access on a network without a DHCP server. By intercepting traffic between an existing node and gateway, one can insert themselves as the "man in the middle" and route traffic through a NAT configuration using the hijacked node's IP address. This allows acquiring internet access without a free IP address by multiplexing sessions through the NAT. Scanrand port scanning observations can also reveal network topology details like firewall locations through analysis of TTL values.
This document discusses DNS DDoS attack types and defenses. It describes the history of major DNS DDoS attacks from 2012 to 2013, including attacks against Spamhaus and GoDaddy. It then analyzes different DNS DDoS attack types like bandwidth consuming attacks, massive query attacks, amplification attacks using open resolvers, and attacks using non-existent domain queries. Finally, it discusses defenses like packet filtering, rate limiting, response rate limiting (RRL), and distributing DNS infrastructure.
This document discusses how to launch and defend against DDoS attacks. It explains that DDoS attacks are easy to conduct using tools that allow for spoofing of IP addresses. It also describes how protocols like UDP and DNS amplification attacks can be used to launch large attacks. The document then provides recommendations for how to defend against DDoS attacks, including using a global network with anycast, hiding your origin IP, separating protocols by IP, and working closely with your upstream provider.
This document discusses DNS cache poisoning vulnerabilities, including:
- Explanations of how cache poisoning works by entering non-authoritative records into a resolver's cache.
- A timeline of vulnerabilities discovered from 1993-2008 related to implementation issues that allowed cache poisoning.
- Countermeasures like DNSSEC that add authentication and integrity to DNS to prevent cache poisoning attacks.
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...OpenDNS
The document discusses tracking infrastructure related to malware botnets through passive monitoring and active probing techniques. It provides an overview of tracking systems used to monitor the Gameover Zeus (GOZ) and newGOZ botnets. Specific case studies are described on tracking the fast flux proxy network of the Zbot botnet and predicting and identifying command and control domains generated by the domain generation algorithm (DGA) of the newGOZ botnet.
"How to use fiddler" This presentation will be help you, if you first user about fiddler. Some presentation's page has gammer error then, Please, Email me with feedback, i will fix it quickly. Thanks for your watching
writter's email : dydwls121200@gmail.com
I'm a student in korea.
Exactly There are lots of grammer error. .
Presentation material for TokyoRubyKaigi11.
Describes techniques used by H2O, including: techniques to optimize TCP for responsiveness, server-push and cache digests.
ION Tokyo slides for "The Business Case for Implementing DNSSEC" by Dan York (Internet Society).
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Chanaka Lasantha
This document provides instructions for configuring various server applications and services on a Linux server including Apache, PHP, MySQL, FTP, SSL, IPTables, PHPMyAdmin, and server monitoring. It discusses installing and configuring each of these applications and services individually with specific configuration details. The document is intended to provide a complete solution for setting up these common LAMP stack components and services on a Linux server.
This talk focuses on various ways to attempt to be as much like normal users/behavior/traffic as possible. We also demonstrate the limitations of signature-based detection systems and then discuss a prototype Remote Access Tool (RAT) that is designed to blend in with normal activity.
Presented at CodeMash, January 8, 2014
Skynet is a Tor-based botnet that spreads via Usenet downloads and has capabilities including Tor communication, credential grabbing, DDoS attacks, IRC, and Bitcoin mining. It comprises around 15MB and includes components like a Tor client, Zeus bot, CGMiner, and OpenCL.dll. The botnet sizes is estimated at over 12,000 infected systems spread globally. The document discusses the botnet's command and control panels and provides examples of IRC commands. It also covers the botnet's Bitcoin mining behavior and potential future adoption of Tor by other botnets.
Почему не работает Wi-Fi? Ошибки при проектировании сетиSkillFactory
Презентация для вебинара от 24.04.2014.
Специалист компании Fluke Networks Виталий Белявцев – о том, какие типовые ошибки совершают специалисты при работе с Wi-Fi, как правильно спроектировать и развернуть беспроводную сеть, а также какие инструменты помогут вам в этом деле.
Запись вебинара на Youtube: http://www.youtube.com/watch?v=mmffo4JbVjU
Презентация для вебинара от 22.04.2014. Запись вебинара на Youtube: http://www.youtube.com/watch?v=3ZBLXqOW8mQ&hd=1
Эксперт по информационной безопасности Григорий Земсков – об эффективных методах предотвращения взлома сайта, кражи конфиденциальных данных и заражения вирусами, а также о том, что следует предпринять, если ваш сайт взломали.
www.vk.com/siteprotect - группа ВК “Безопасность сайтов”
twitter.com/revisium - Твиттер компании Revisium
facebook.com/Revisium - страница Revisium в Facebook
www.revisium.com/ru/blog/ - блог Revisium (rss подписка)
Пять секретов оптимальной настройки цифровой АТС Cisco UCMSkillFactory
Александр Левичев – ведущий инструктор онлайн-школы SkillFactory по направлению VoIP – о способах оптимальной настройки цифровых АТС Cisco Unified Communications Manager 8.6
This document discusses the growing threat of distributed denial of service (DDoS) attacks and strategies for mitigating them. It notes that DDoS attacks are increasing in size and sophistication, with some now reaching hundreds of gigabits per second. The document outlines different types of network layer and application layer DDoS attacks and examines methods that can be used to detect and prevent these attacks, such as packet anomaly checking, blacklisting, authentication, rate limiting, and protocol inspection. It also describes A10 Networks' Thunder TPS appliance for high-performance DDoS mitigation.
Самый исчерпывающий доклад, с которым компания Qrator Labs когда-либо выступала. Здесь все о DDoS, начиная с истории, развенчания мифов и заканчивая кейсами падения сайтов отраслевых лидеров.
Встреча CodeFreeze. Москва, 17.09.2015
DDoS-атаки: почему они возможны, и как их предотвращатьQrator Labs
Презентация раскрывает все аспекты, касающиеся доступности веб-ресурсов в Интернете.
Прежде всего, этот тьюториал предназначен для сетевых инженеров и системных администраторов. Однако владельцам бизнеса и другим заинтересованным лицам также будет полезно окунуться в специфику предмета и понять почему так сложно, но в то же время важно поддерживать непрерывную доступность сайта.
Правила успешной карьеры в IT. Часть 2. Взгляд HR-отделаSkillFactory
Презентация для вебинара "Правила успешной карьеры в IT. Часть 2. Взгляд HR-отдела" от 15.04.2014.
Руководитель карьерного направления компании HeadHunter Марина Хадина делится рекомендациями по составлению резюме, а также рассказывает о том, как сертификация в IT влияет на трудоустройство и уровень заработной платы.
Запись вебинара на Youtube: http://www.youtube.com/watch?v=SSqQ6Zc58wE&hd=1
Варианты решений для подключения мобильных устройствSkillFactory
Презентация для доклада, сделанного в рамках конференции Juniper New Network Day 01.01.2014.
Докладчик -- Consulting Engineer компании Juniper Networks Владимир Ураев.
Видеозапись этого доклада с онлайн-трансляции конференции вы можете увидеть здесь:
http://www.youtube.com/watch?v=QVid-A3bbq4
Технология операторов связи DWDM: все самое важное за 1 вебинарSkillFactory
Эксперт в области волоконно-оптических сетей связи Леонид Титов – об актуальной технологии операторских сетей DWDM.
Запись вебинара на Youtube: http://www.youtube.com/watch?v=y-8X_R1tBok&hd=1
Презентация для доклада, сделанного в рамках конференции Juniper New Network Day 01.01.2014.
Докладчик -- Product Line Manager компании Juniper Дмитрий Шокарев.
Видеозапись этого доклада с онлайн-трансляции конференции вы можете увидеть здесь: http://www.youtube.com/watch?v=dJwevBdrviU&hd=1
This document provides an overview of MX Trio load balancing. It discusses how packets are parsed and hashed to select the next hop in a load balancing system. Key points include:
- Packets are parsed to select fields for hashing. A hash is computed from the fields to select the next hop.
- Fields included in the hash depend on packet encapsulation like IP, MPLS, Ethernet. Advanced topics cover techniques for determining encapsulation.
- Hashes are symmetric and consistent across devices to prevent polarization. Load balancing occurs at multiple levels by using different hash bits at each level.
- The hash algorithm uses CRC polynomials for efficiency. A hash seed based on device MAC ensures different results across
Презентация для доклада, сделанного в рамках конференции Juniper New Network Day 01.01.2014.
Докладчик -- Product Line Manager компании Juniper Дмитрий Шокарев.
Видеозапись этого доклада с онлайн-трансляции конференции вы можете увидеть здесь: http://www.youtube.com/watch?v=R2groq4YMaQ
DDoS Threat Landscape - Ron Winward CHINOG16Radware
- DDoS attacks continue to grow in complexity and now utilize multi-vector attacks across all layers of the infrastructure. The top failure points for networks are internet pipe saturation and stateful firewalls.
- Common attack types include UDP, ICMP, reflection attacks, TCP weaknesses like SYN floods, low and slow attacks like Slowloris, and encrypted attacks such as HTTPS floods. Anonymous hacking tools enable these attacks.
- Successful mitigation of DDoS attacks requires proactive preparation across the network, including a hybrid solution of on-premise and cloud-based detection and mitigation, emergency response planning, and a single point of contact during attacks.
Презентация для доклада, сделанного в рамках конференции Juniper New Network Day 01.01.2014.
Докладчик -- Architect Specialist компании Juniper Networks Julian Lucek.
Видеозапись этого доклада с онлайн-трансляции конференции вы можете увидеть здесь:
http://www.youtube.com/watch?v=885L18ocIjY
This document is a memorandum from the Office of Inspector General to the Director of USCIS regarding an audit of the EB-5 Regional Center Program. The audit found that USCIS faces challenges in administering and managing the program effectively due to limitations in its legal authority, difficulties ensuring the program's integrity, and an inability to demonstrate the economic benefits of foreign investment. The memorandum recommends that USCIS strengthen regulations to improve oversight authority and consistent application of policies, enhance coordination with other agencies, conduct comprehensive reviews of the program, and implement quality assurance procedures to ensure program integrity.
OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.
- HTTP is the protocol for communication between web browsers and servers. It uses requests and responses, with the request line specifying the method, URI, and HTTP version. Common methods are GET, HEAD, and POST.
- A proxy server acts as an intermediary for requests, forwarding them to the destination server. The proxy must parse and handle different request types like GET, HEAD, and POST, as well as response headers.
- For the project, students need to write an HTTP proxy server that can filter requests based on domain and handle the basic request methods based on the HTTP specifications. The proxy needs to be robust to different request types and formats.
Wifi Security, or Descending into Depression and DrinkSecurityTube.Net
This document discusses various techniques for exploiting weaknesses in WiFi security to intercept and manipulate web traffic. It describes how unencrypted management frames and shared wireless media allow spoofing access points and intercepting sessions. With tools like LORCON, attackers can inject packets to hijack TCP streams and manipulate browsers by rewriting HTML, JavaScript and redirecting HTTPS to HTTP. Persistent attacks are also possible by caching manipulated content for long periods.
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
The document discusses techniques for fingerprinting web servers by analyzing differences in their responses to common HTTP requests. It then outlines how this information can be used to identify specific web server software and versions. The document also examines how web server fingerprinting could enable cross-site tracing attacks if certain HTTP request methods like TRACE are enabled.
The document discusses various techniques for hacking client-side insecurities, including discovering clients on the internet and intranet, attacking client-side through JavaScript jacking and pluggable protocol handlers, exploiting cross-site request forgery vulnerabilities, and fingerprinting clients through analysis of HTTP headers and browser information leaks. The presentation aims to demonstrate these hacking techniques through examples and a question/answer session.
Compression Oracle Attacks on VPN NetworksPriyanka Aash
Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.
This document discusses web servers. It begins by defining a web server as hardware or software that helps deliver internet content. It then discusses the history of web servers, including the first web server created by Tim Berners-Lee at CERN in 1990. The document outlines common uses of web servers like hosting websites, data storage, and content delivery. It also describes how web servers work, including how they handle requests and responses using HTTP. Finally, it covers topics like installing and hosting a web server, load limits, overload causes and symptoms, and techniques to prevent overload.
Presentation Video: http://youtu.be/hZQc335WIvc
Goals:
Thorough understanding of Varnish.
Understanding of how VCL works and how to use it.
Know how varnish works with Drupal and Wordpress.
Debug using varnish tools.
This multiple choice quiz covers topics in Chapter 2 of the textbook "Computer Networking: A Top-Down Approach" including the application layer, HTTP, caching, and peer-to-peer file sharing protocols. It contains 12 questions testing knowledge of concepts like application layer protocols, HTTP request and response headers, DNS records, TCP vs UDP, and characteristics of BitTorrent file sharing.
This document provides steps for hardening an Apache web server. It discusses creating a web server group/user, downloading and patching Apache, configuring httpd.conf for security settings like access controls and attack signatures, changing file permissions, cleaning unnecessary files, and advanced security enhancements. Potential problems like denial of service attacks and exploits are also covered. The goal is to guide system administrators on securely configuring Apache to prevent hacking and protect sensitive data.
Aditya - Hacking Client Side Insecurities - ClubHack2008ClubHack
Hacking Client Side Insecurities discusses discovering clients on the internet and intranet through techniques like fingerprinting embedded devices and HTTP server fingerprinting. It then covers various client side attack patterns such as pluggable protocol handlers, JavaScript jacking, HTTP verb jacking, insecure cookie design, cross-site request forgery attacks targeting both browsers and embedded devices, and traffic hijacking attacks. The document provides demonstrations of these attacks and discusses exploiting client-side insecurities through the manipulation of protocols and scripts.
The document discusses various vulnerabilities in web servers and web applications. It covers popular web servers like IIS, Apache, and others. It then discusses attacking vulnerabilities in web servers like sample files, source code disclosure, canonicalization, and buffer overflows. It also discusses vulnerabilities in web applications like cross-site scripting, SQL injection, cross-site request forgery, and HTTP response splitting. It provides examples of exploits and recommendations for countermeasures to secure web servers and applications.
Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...Ontico
РИТ++ 2017, HighLoad Junior
Зал Сингапур, 6 июня, 11:00
Тезисы:
http://junior.highload.ru/2017/abstracts/2545.html
Вы поставили HTTP-акселератор перед вашим web-сервером для ускорения отдачи контента, но запросы пользователей по-прежнему отдаются с большой задержкой, а ресурсы сервера кажутся незагруженными. А, может, после того, как поставили
web-акселератор, web-приложение сломалось, да еще и так, что проблема воспроизводится редко, хуже того, о ней могут знать ваши пользователи, но не вы.
...
Securing Network Access with Open Source solutionsNick Owen
My presentation from Atlanta Linux Fest on how to allow users secure access to your network using open source technologies. Examples include how to add two-factor authentication to Apache, OpenVPN, Astaro, NX etc.
Since 2007 GOFORTUTION.coM is the search engine of tutors & Students in Delhi and all over India .It provides cheapest and best home tutors to students and it also helps to Tutors who are seeking students for home tution. We at Mentor Me provide highly qualified, result oriented, enthusiastic and responsible tutors for all classes, all subjects and in all locations across Delhi & all over India. Here we have tutors for all subjects of CBSE, ICSE,B.com, B.Sc, BBA, BCA,MBA,CA,CS,MCA,BCA,”O” Level, “A” Level etc.GOFORTUTION is a best portal for tutors and students it is not only a site.
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...Sandro Gauci
WebRTC is often considered to be secure by default - with most security concerns being around IP address leakage which is more of a privacy issue than anything. Well, I have news for you - the applications and infrastructure that handles WebRTC can be attacked. It may indeed have various types of security vulnerabilities which are often overlooked. This presentation is based on experiences gained through security testing of WebRTC applications with anecdotal stories to illustrate the dangers. We will also take a peek at Video Delivery mechanisms such as RIST and SRT and discuss what could possibly go wrong there too!
PLNOG 17 - Patryk Wojtachnio - DDoS mitygacja oraz ochrona sieci w środowisku...PROIDEA
Kazdy z nas w dobie obecnego Internetu i Pokemon Go ma swoja stronę internetowa, forum czy tez prowadzi sklep e-commerce. Z punktu widzenia klienta, rozwiązanie jest proste. Loguje się na swoje konto, uruchamia instalator CMS i zaczyna prowadzić swoje usługi bądź
tez dostarczać treści. Będzie to pierwsze case study skutecznej obrony przed potężnymi atakami
wolumetrycznymi mające na celu wyłącznie usług HTTP bądź HTTPS za pomocą wysyłania dużej ilości pakietów SYN na serwer który hostuje zainfekowana stronę www. Celem prezentacji jest pokazanie mechanizmu obrony przed szeroko znanego problemu jakim jestDDoS, metody mitygacji, blackholing oraz przykładowe scenariusze w raz z konfiguracja w oparciu o dystrybucje CentOS oraz modułu HAProxy.
This document discusses smuggling TCP traffic through HTTP by leveraging HTTP upgrades. It proposes a new project called Purr that implements a TCP "smuggling" server in Ruby using Rack and a client-side proxy. Purr aims to allow anything TCP-based to be tunneled through HTTP, controlled by a browser extension using native messaging and accessible from web apps via a JS library. The incomplete implementation has a server and basic client-side proxy functionality, but more work is needed for distribution, libraries, HTTPS support, and testing.
Oss web application and network securityRishabh Mehan
The document provides an overview of web application and network security. It begins with definitions of web applications and how requests are made via protocols like HTTP and HTTPS. It then covers common security attacks such as denial of service attacks, TCP hijacking, and packet sniffing. The document discusses countermeasures for these attacks like firewalls, intrusion detection systems, and encryption. It also covers vulnerabilities in web applications like SQL injection, cross-site scripting, and input validation issues. The key information is on common security attacks against web applications and networks and their corresponding countermeasures.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
This document discusses WhatsApp forensics and summarizes the key steps and artifacts. It introduces the speaker as an IT security analyst and outlines the main evidence files, directories, recovery methods, and challenges of WhatsApp forensics. Examples of tools like Oxygen Forensic Suite and recovery websites are provided. The document serves to inform about performing WhatsApp forensic analysis and recovering deleted messages.
This document discusses structured exception handling (SEH) and exploitation techniques. It provides background on SEH, how it is used to handle exceptions in Windows, and protections like SafeSEH. It then describes exploiting a vulnerability found through fuzzing the BigAnt Messenger Server application by overwriting SEH pointers and injecting shellcode. Exploitation steps include understanding the application, finding a crash through fuzzing, removing bad characters, and developing an exploit to gain control.
Securitynewsbytes april2015-150418153901-conversion-gate01Raghunath G
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
The document discusses the history and specifications of the Raspberry Pi, a credit card-sized computer designed for education. Key points include:
- The Raspberry Pi was created by the Raspberry Pi Foundation, a UK-based charity, to promote computer science education.
- At about $35 per unit, the Raspberry Pi is inexpensive due to its use of low-cost, low-power ARM processors and barebone components.
- The latest Raspberry Pi 2 model has a 900MHz quad-core processor, 1GB of RAM, MicroSD storage, and Broadcom VideoCore IV graphics.
- The Raspberry Pi runs Linux-based operating systems and can be used for programming practice
This document discusses analyzing malicious PDF files. It provides an overview of PDF file structure and common strings found in PDFs. Tools are presented for parsing and scanning PDFs like pdf-parser.py, pdfid.py and Peepdf. A demo is shown using these tools to analyze a sample PDF. Limitations of only scanning for strings are noted, and it is recommended to also use antivirus and online scanning services to more thoroughly check for malware in PDFs.
This one sentence document provides a single email address for contacting the author. It suggests contacting the author at pbssubhash@gmail.com and includes a smiley face emoticon.
The author is not a security expert and introduces themselves. While a dictionary defines null as meaning zero, the author's mind defines it as meaning something immense, and they prioritize following their own mind over established definitions.
- ISO 27001 is an international standard for information security management systems that specifies requirements for implementing controls around information security risks. It includes 114 controls grouped into 14 domains.
- Recent large-scale data breaches at companies like JP Morgan, Sony Pictures, Anthem Healthcare, and a small accounting firm could potentially have been avoided or detected earlier if the organizations had implemented appropriate controls aligned with the ISO 27001 standard, such as access control policies, encryption of data at rest, logging and monitoring of administrator activities, independent security reviews, and physical security measures.
- While the full details of the breaches are not public, lack of implementation of basic security practices around access controls, encryption, logging, monitoring, reviews, and
This document provides an overview of the search engine SHODAN and how to use it for scanning devices connected to the internet. It discusses SHODAN's history and purpose for security research and business intelligence. It outlines the tools that can be used with SHODAN like SHODAN Diggity. It also explains how to perform searches using search terms and filters, and operations like filtering results by hostname, network, operating system or port.
This document provides an introduction to Metasploit, including its history, architecture, modules, and how to use it for tasks like port scanning, exploitation, maintaining access, post-exploitation, privilege escalation, bypassing firewalls, and attacking Linux and Android systems. It describes how Metasploit was created by H.D. Moore and is now maintained by Rapid7, its core components and interfaces, and how to get started using exploits, payloads, and the msfconsole interface.
1) 12 million home and office routers are vulnerable to "Misfortune Cookie" attacks that allow hackers to take control over a network by sending a specially crafted HTTP cookie to the public IP address.
2) A critical vulnerability in the Git version control software allows remote code execution when cloning or checking out repositories from a malicious Git server.
3) The global internet authority ICANN was hacked through a spear phishing campaign targeting its staff, allowing hackers to gain administrative access to some of its systems.
This document summarizes the speaker's experience with cracking barcodes. It discusses breaking down EAN-13 barcodes and generating QR codes. It provides examples of using modified or fake barcodes to get free items from stores or access to paid events. The speaker demonstrates how barcodes can be manipulated and encourages the audience to try it themselves, while also including a disclaimer about misuse.
An iOS security expert developed the "Damn Vulnerable iOS App" to provide a legal platform for mobile security professionals, students, and enthusiasts to test their iOS penetration testing skills. The app contains vulnerabilities like a remote control system that can be exploited to demonstrate different attack types without violating any laws. It aims to help people enhance their mobile security testing abilities.
This document discusses decoy documents, which are machine-generated documents containing bogus credentials and beacons. They are used to detect insider threats by enticing attackers to steal fake information and alerting administrators. Decoy documents are generated to appear believable and enticing using realistic names and data of interest to attackers. They are embedded with watermarks, beacons, and markers to detect unauthorized access and exfiltration. The Decoy Document Distributor system generates and monitors decoy documents containing honeytokens like fake login credentials and bank information.
Spear phishing is a targeted form of phishing that aims to steal information from specific individuals or organizations. Unlike regular phishing, which casts a wide net, spear phishing targets key people who would have access to sensitive data. The attacker performs reconnaissance to gather personal details about the target from social media and other sources. Then they craft a personalized email that appears to come from a trusted source, tempting the target to click a link or attachment and reveal credentials or sensitive information. Spear phishing is a significant security risk as it bypasses traditional defenses and directly targets valuable insider information.
Social engineering is manipulating people into taking actions or revealing confidential information. It has been used for over 100 years by con artists known as social engineers. Popular social engineers from the 20th century included Victor Lustig, who sold the Eiffel Tower multiple times, and Frank Abagnale Jr., who impersonated professionals like pilots and lawyers. More recently, Kevin Mitnick used social engineering to gain unauthorized access to computer networks in the 1990s. Social engineering works by gathering information about targets, developing trust with them, then exploiting that trust to obtain information or actions. It is accomplished using techniques like phone calls, online chatting, looking through trash, and shoulder surfing. Organizations can help prevent social engineering by establishing frameworks for
Netcat is a tool that can be used for port scanning, banner grabbing, file transfer, remote shell access, and chatting over networks using TCP or UDP. It allows viewing open ports on a system through port scanning. Banner grabbing determines the service, version, and OS by connecting to an open port. File transfer and chat are done by setting up Netcat in server and client modes. Remote shell access can be provided through a bind shell, which binds a shell like cmd.exe to a port, or a reverse shell, which sends a shell from the client to a listening Netcat server.
Cross Site Scripting (XSS) allows malicious users to insert client-side scripts into web pages by exploiting vulnerabilities. There are three main types of XSS attacks: non-persistent XSS only affects the current user, while persistent XSS saves the malicious script to databases and can target multiple users. DOM-based XSS modifies the DOM environment rather than HTTP responses. XSS can be used to steal cookies, hijack sessions, modify page content, and redirect users. Developers can prevent XSS by validating, sanitizing, and escaping all untrusted user input to the application.
Firewalking is a network security technique that uses traceroute principles to determine which layer 4 protocols a firewall will allow by sending packets with incrementing TTL values. It has two phases: first, it discovers the network topology and identifies the target gateway using traceroute; second, it scans the gateway by sending TCP/UDP packets with the TTL set to the gateway plus one, and analyzes the responses to determine open ports. Concerns about firewalking include false negatives if devices drop packets, and it can be used to map networks in an unauthorized manner. Mitigation techniques include disabling ICMP TTL exceeded messages and using NAT or proxies.
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
2. About me!
Security Enthusiast
Graphic & Web Designer
Entrepreneur
Engineering in the making
CISE v 2.0
Security Enthusiast
Graphic & Web Designer
Entrepreneur
Engineering in the making
CISE v 2.0
3. Topics
Dos Attacks – A general description
Slowloris – Denial of Service – Stops Apache Web
servers
Other Dos Attacks
Dos Attacks – A general description
Slowloris – Denial of Service – Stops Apache Web
servers
Other Dos Attacks
5. Types of Dos Attacks
There is a variety of forms aiming at a variety of services:
Traffic consuming attacks or Network Layer Attacks(DNS,
firewall, router, load balancer, OS, etc.)
Application Layer attacks (web server, media server,
mail server)
There is a variety of forms aiming at a variety of services:
Traffic consuming attacks or Network Layer Attacks(DNS,
firewall, router, load balancer, OS, etc.)
Application Layer attacks (web server, media server,
mail server)
13. HyperText Transfer Protocol (HTTP)
Message example
GET /page.htm HTTP/1.1CRLF
Host: www.example.com:8080CRLF
Content-Length: 25CRLF
CRLF
Optional Message Body
GET /page.htm HTTP/1.1CRLF
Host: www.example.com:8080CRLF
Content-Length: 25CRLF
CRLF
Optional Message Body
14. SEND INCOMPLETE HTTP REQUESTS
Apache has a queue of approx. 256 requests
Each one waits approx. 400 seconds by default for
the request to complete
So less than one packet per second is enough to
occupy them all
Which means Low-bandwidth DoS and no collateral
damage!
Apache has a queue of approx. 256 requests
Each one waits approx. 400 seconds by default for
the request to complete
So less than one packet per second is enough to
occupy them all
Which means Low-bandwidth DoS and no collateral
damage!
16. Slowloris
Low bandwidth attack that sends HTTP requests with
incomplete headers. It continues to send headers at
regular intervals to keep the sockets active
First mentioned by Adrian Ilarion Ciobanu in 2007
and implemeted by Robert Hansen in 2009
Low bandwidth attack that sends HTTP requests with
incomplete headers. It continues to send headers at
regular intervals to keep the sockets active
First mentioned by Adrian Ilarion Ciobanu in 2007
and implemeted by Robert Hansen in 2009
17. How slowloris works
GET / HTTP/1.1rn
Host: vulnerable-server.com:80rn
X-sadwqeq: dfg4t3rn
X-4rete: fdsgvryrn
59 seconds later
X-4rete: fdsgvryrn
X-4rete: fdsgvryrn
X-egyr7j: 8ihrn
59 seconds later
59 seconds later
Client Server
19. Slow POST
Attack that sends HTTP requests with complete
headers but incomplete message body. There will
be no delay in HTTP header. Continues to send
data at regular intervals to keep the sockets
active
Nullifies IIS internal defence.
Discovered by Wong Onn Chee and popularized
by Tom Brennan in 2009
Attack that sends HTTP requests with complete
headers but incomplete message body. There will
be no delay in HTTP header. Continues to send
data at regular intervals to keep the sockets
active
Nullifies IIS internal defence.
Discovered by Wong Onn Chee and popularized
by Tom Brennan in 2009
20. How Slow POST works
POST / HTTP/1.1rnHost: vulnerable-server.com:80rn
Content-Length: 4096rn
Content-Type: application/x-www-form-urlencodedrn
59 seconds later
rn
foo=barrn
&Owkuvj5=POaLLIrn
&uWat9wGqrP4SxV=SN3qrn
59 seconds later
59 seconds later
59 seconds later
...
Client Server
21. Slow Read
Attack that keeps server sockets busy by maliciously
throttling down the receipt of large HTTP responses
Uses known Network Layer flaws to aim Application Layer
First mentioned by Outpost24 in sockstress. Implemented
as part of nkiller2 by Fotis Hantzis, a.k.a. ithilgore in
2009
Attack that keeps server sockets busy by maliciously
throttling down the receipt of large HTTP responses
Uses known Network Layer flaws to aim Application Layer
First mentioned by Outpost24 in sockstress. Implemented
as part of nkiller2 by Fotis Hantzis, a.k.a. ithilgore in
2009
22. Related TCP details
“Window size (16 bits) – the size of the receive
window, which specifies the number of bytes (beyond
the sequence number in the acknowledgment field)
that the sender of this segment is currently willing to
receive” – Wikipedia
“Window size (16 bits) – the size of the receive
window, which specifies the number of bytes (beyond
the sequence number in the acknowledgment field)
that the sender of this segment is currently willing to
receive” – Wikipedia
23. How Slow Read works
bigpage.html
Client ServerGET bigpage.html HTTP/1.1rn
Host: vulnerable-server.com:80rnrn
BTW, my recv window is only 32 bytes
HTTP/1.1 200 OKrn
Content-Length: 131072rn
Content-type: text/htmlrnrn message
Recvbuffer
Sendbuffer
bigpage.html
HTTP/1.1 200 OKrn
Content-Length: 131072rn
Content-type: text/htmlrnrn messageKernel to app: I can send only 32 bytes now
Got it, wait for now (ACK window 0)
9090
Are you ready to receive more bytes?
OK, give me another 32 bytes
24. Prerequisites for successful Slow
Read attack
The larger server response is - increasing the chances of
prolonging the connection
make server generate a data stream that doesn't fully fit
into socket's send buffer (65536 bytes is default on most
Linux systems /proc/sys/net/ipv4/tcp_wmem, if server
doesn't set its own value)
Request large resource by naturally finding it and/or
amplifying the response size by using HTTP pipelining.
The larger server response is - increasing the chances of
prolonging the connection
make server generate a data stream that doesn't fully fit
into socket's send buffer (65536 bytes is default on most
Linux systems /proc/sys/net/ipv4/tcp_wmem, if server
doesn't set its own value)
Request large resource by naturally finding it and/or
amplifying the response size by using HTTP pipelining.
time
25. Why is Slow Read different?
Traditional (slowloris/slowpost) DoS
Customer stuck deciding
what he wants
Makes an order
Pays
Takes the order
Next!
It is possible to identify and isolate
slow client in his request state
Customer stuck deciding
what he wants
Makes an order
Pays
Takes the order
Next!
It is possible to identify and isolate
slow client in his request state
26. Why Slow Read is different?
Slow Read DoS
Makes an order for
party of 50
Pays
Cannot take the
entire order with him,
makes several trips
to the car.
Next!
it is quite late to do anything, as
the request was already accepted
and processed
Makes an order for
party of 50
Pays
Cannot take the
entire order with him,
makes several trips
to the car.
Next!
27. Why is Slow Read different?
Makes an order for
party of 50
Pays
Cannot take the
entire order with him,
makes several trips to
the car
Next!
Customer stuck deciding
what he wants Makes an
order & Pays Takes the
order Next!
Makes an order for
party of 50
Pays
Cannot take the
entire order with him,
makes several trips to
the car
Next!
28. Why is Slow Read different? (contd..)
Defense mechanisms expect the crushing fist of malice to
appear in the request
Instead, the entire transaction should be monitored
Defense mechanisms expect the crushing fist of malice to
appear in the request
Instead, the entire transaction should be monitored
29. There is a good chance that you are. Default
configurations of nginx, lighttpd, IIS, Apache, Varnish
cache proxy, Shoutcast streaming server - are vulnerable
to at least one of the mentioned attacks
Am I vulnerable?
There is a good chance that you are. Default
configurations of nginx, lighttpd, IIS, Apache, Varnish
cache proxy, Shoutcast streaming server - are vulnerable
to at least one of the mentioned attacks
30. Use available tools to simulate attacks. SlowHTTPTest
covers all mentioned attacks and some more at
http://slowhttptest.googlecode.com
Check out http://slowhammer.me to get access to your
own whitehat botnet in the cloud
Use Qualys WAF or other firewalls that are supposed to
protect, but test before you pay!
What should I do?
Use available tools to simulate attacks. SlowHTTPTest
covers all mentioned attacks and some more at
http://slowhttptest.googlecode.com
Check out http://slowhammer.me to get access to your
own whitehat botnet in the cloud
Use Qualys WAF or other firewalls that are supposed to
protect, but test before you pay!
31. Detection and Mitigation
Drop connections with abnormally small TCP advertised
window(s) (i.e. <<16bits)
Set an absolute connection timeout, if possible
Limit length, number of headers to accept
Limit max size of message body to accept
Drop connections with HTTP methods (verbs) not supported
by the URL
Limit accepted header and message body to a minimal
reasonable length
Define the minimum data rate, and drop connections that
are slower than that rate
Drop connections with abnormally small TCP advertised
window(s) (i.e. <<16bits)
Set an absolute connection timeout, if possible
Limit length, number of headers to accept
Limit max size of message body to accept
Drop connections with HTTP methods (verbs) not supported
by the URL
Limit accepted header and message body to a minimal
reasonable length
Define the minimum data rate, and drop connections that
are slower than that rate
32. Detection and Mitigation
Qualys Web Application Scanner passively detects the
slow attack vulnerabilities
ModSecurity v2.6 introduced a directive called
SecWriteStateLimit that places a time limit on the
concurrent number of threads (per IP address)
Snort is working on detecting connections with small TCP
advertised window(s)
Christian Folini introduced Flying Frog script at
https://www.netnea.com
Qualys Web Application Scanner passively detects the
slow attack vulnerabilities
ModSecurity v2.6 introduced a directive called
SecWriteStateLimit that places a time limit on the
concurrent number of threads (per IP address)
Snort is working on detecting connections with small TCP
advertised window(s)
Christian Folini introduced Flying Frog script at
https://www.netnea.com
34. OSI Model- a new approach
OSI Model DoS Attack
7 Application Slowloris – Incomplete HTTP Requests
6 Presentation
5 Session5 Session
4 Transport SYN Flood – Incomplete TCP Handshakes
3 Network HTTP GET/POST Flood
2 Data Link
1 Physical Cut a cable
36. “the sky is falling.... but we cannot tell you why”
The new TCP DoS attacks
Source: news.softpedia.com
37. The “new” TCP DoS attacks
During 2008, the discovery of some (supposedly)
new vulnerabilities received their share of press.
They were “announced” by Outpost24, but no
details were provided – thus resulting in speculation
by the community.
No counter-measures were proposed to vendors,
either.
While not publicly credited for our work, we
provided advice to vendors on these issues.
During 2008, the discovery of some (supposedly)
new vulnerabilities received their share of press.
They were “announced” by Outpost24, but no
details were provided – thus resulting in speculation
by the community.
No counter-measures were proposed to vendors,
either.
While not publicly credited for our work, we
provided advice to vendors on these issues.
38. The “new” TCP DoS attacks
For the most part, the vulnerabilities are:
Connection-flooding attacks (Naphta and FIN-WAIT-2
flooding attacks)
Socket send buffer attacks (Netkill and closed windows)
TCP reassembly buffer attacks
For the most part, the vulnerabilities are:
Connection-flooding attacks (Naphta and FIN-WAIT-2
flooding attacks)
Socket send buffer attacks (Netkill and closed windows)
TCP reassembly buffer attacks
39. Some insights on the recent TCP DoS
vulnerabilities
Some insights on the recent TCP DoS
vulnerabilities
41. Naphta (connection-flooding
attack)
TCP connections require end-points to keep state (in
system memory) for the connections.
Memory is a limited resource, and thus can be
targeted for exhaustion: simply establish lots of
connections with the target system.
This attack vector was known as “Naphta” -- see
CERT Advisory CA-2000-21.
To avoid exhausting his own resources simply crafts
the required packets to establish TCP connections
with the target system, thus bypassing its kernel
implementation of TCP.
TCP connections require end-points to keep state (in
system memory) for the connections.
Memory is a limited resource, and thus can be
targeted for exhaustion: simply establish lots of
connections with the target system.
This attack vector was known as “Naphta” -- see
CERT Advisory CA-2000-21.
To avoid exhausting his own resources simply crafts
the required packets to establish TCP connections
with the target system, thus bypassing its kernel
implementation of TCP.
43. Countermeasures for Naphta
Key problem: an actual attack does not necessarily
differ from a high-load scenario
Possible counter-measures:
Enforce per-user and pre-process limits
Enforce limits on the number of ongoing connections
from a single system/prefix at the application-layer
Enforce limits on the number of ongoing connections
from a single system/prefix at a firewall
Key problem: an actual attack does not necessarily
differ from a high-load scenario
Possible counter-measures:
Enforce per-user and pre-process limits
Enforce limits on the number of ongoing connections
from a single system/prefix at the application-layer
Enforce limits on the number of ongoing connections
from a single system/prefix at a firewall
44. A typical connection-termination scenario:
FIN-WAIT-2 flooding attack
A typical connection-termination scenario:
45. FIN-WAIT-2 flooding attack
Problems that may arise due to the FIN-WAIT-2
state
There’s no limit on the amount of time a connection can
stay in the FIN-WAIT-2 state – connections could stay
forever in FIN-WAIT-2.
When TCP gets into the FIN-WAIT-2 state there’s no
user-space controlling process (i.e., it’s hard to enforce
application-layer limits)
Problems that may arise due to the FIN-WAIT-2
state
There’s no limit on the amount of time a connection can
stay in the FIN-WAIT-2 state – connections could stay
forever in FIN-WAIT-2.
When TCP gets into the FIN-WAIT-2 state there’s no
user-space controlling process (i.e., it’s hard to enforce
application-layer limits)
47. Counter-measures for FIN-WAIT-2
flooding
Enforce a limit on the duration of the FIN-WAIT-2
state. E.g., Linux 2.4 enforces a limit of 60 seconds.
Once that limit is reached, the connection is
aborted.
Enforce on the number of ongoing connections with
no controlling process.
The counter-measures for the Naptha attack still
apply. However, it is difficult for applications to
enforce limits (remember: no controlling process for
the connections).
Enforce a limit on the duration of the FIN-WAIT-2
state. E.g., Linux 2.4 enforces a limit of 60 seconds.
Once that limit is reached, the connection is
aborted.
Enforce on the number of ongoing connections with
no controlling process.
The counter-measures for the Naptha attack still
apply. However, it is difficult for applications to
enforce limits (remember: no controlling process for
the connections).
48. Counter-measures for FIN-WAIT-2
flooding
Applications should be modified so that they retain
control of the connection for most states. This can be
achieved with a conbination of the shutdown(),
setsockopt(), and close().
Applications should be modified so that they retain
control of the connection for most states. This can be
achieved with a conbination of the shutdown(),
setsockopt(), and close().
49. Socket send buffer vulnerabilities
The socket send buffer keeps a copy of those data
that have been accepted by TCP for delivery to the
remote TCP end-point.
It is possible to exploit the Socket send buffer for a
memory exhaustion attack:
Send an application request to the target system, but
never acknowledge the response (Netkill).
Send an application request, but immediately close the
receive window, so that the target TCP refrains from
actually sending the response.
The socket send buffer keeps a copy of those data
that have been accepted by TCP for delivery to the
remote TCP end-point.
It is possible to exploit the Socket send buffer for a
memory exhaustion attack:
Send an application request to the target system, but
never acknowledge the response (Netkill).
Send an application request, but immediately close the
receive window, so that the target TCP refrains from
actually sending the response.
50. Netkill
Data that have been sent but not yet acknowledged
are kept in the socket send buffer for their possible
retransmission.
TCP will retransmit those data until they either get
acknowledged or the connection times out. In the
mean time, system memory is tied to those data.
Easy to exploit for memory exhaustion: establish lots
of TCP connections, send an applicattion-request on
each of them, and never acknowledge the received
data.
Data that have been sent but not yet acknowledged
are kept in the socket send buffer for their possible
retransmission.
TCP will retransmit those data until they either get
acknowledged or the connection times out. In the
mean time, system memory is tied to those data.
Easy to exploit for memory exhaustion: establish lots
of TCP connections, send an applicattion-request on
each of them, and never acknowledge the received
data.
52. Netkill (countermeasures)
Problem: it’s very hard to infer attack from the
behavior of a single connection.
Possible counter-measures:
Measure connection progress at the application-
layer
Do not use an unnecessarily large socket send
buffer
Enforce per-user and pre-process limits
Enforce limits on the number of ongoing connections
from a single system/prefix at the application-
layer
Problem: it’s very hard to infer attack from the
behavior of a single connection.
Possible counter-measures:
Measure connection progress at the application-
layer
Do not use an unnecessarily large socket send
buffer
Enforce per-user and pre-process limits
Enforce limits on the number of ongoing connections
from a single system/prefix at the application-
layer
53. Netkill(countermeasures)
Enforce limits on the number of on-going connections
from a single system/prefix at a firewall
When dropping connection, these are possible parameters
that may provide hints for selecting the target connection:
Large amount of data queued in the TCP retransmission
buffer
Small amount of data successfully transferred to the
remote endpoint
Enforce limits on the number of on-going connections
from a single system/prefix at a firewall
When dropping connection, these are possible parameters
that may provide hints for selecting the target connection:
Large amount of data queued in the TCP retransmission
buffer
Small amount of data successfully transferred to the
remote endpoint
54. Closed windows
The TCP sliding-window mechanism prevents a fast
sender from overwhelming a slow consumer
application.
When the advertised window is zero, the window is
said to be closed.
The TCP sender polls the receiver from time to time
to find out if the window has opened (persist timer).
However, there’s no limit on the amount of time that
the window can be closed.
The TCP sliding-window mechanism prevents a fast
sender from overwhelming a slow consumer
application.
When the advertised window is zero, the window is
said to be closed.
The TCP sender polls the receiver from time to time
to find out if the window has opened (persist timer).
However, there’s no limit on the amount of time that
the window can be closed.
55. Closed windows
Easy to exploit for memory exhaustion: just send an
applicattion-request to the remote end-point, and
close the receive window.
Easy to exploit for memory exhaustion: just send an
applicattion-request to the remote end-point, and
close the receive window.
57. Closed windows (countermeasures)
Problem: it’s very hard to infer attack from the
behavior of a single connection.
It has been proposed that TCP should impose a limit
on the amount of time that the window can be
closed. However, this counter-measure is trivial to
circumvent: just open the window a bit from time to
time.
Problem: it’s very hard to infer attack from the
behavior of a single connection.
It has been proposed that TCP should impose a limit
on the amount of time that the window can be
closed. However, this counter-measure is trivial to
circumvent: just open the window a bit from time to
time.
58. Closed windows (countermeasures)
Measure connection progress at the application-layer
Do not use an unnecessarily large socket send buffer
Enforce per-user and pre-process limits
Enforce limits on the number of ongoing connections
from a single system/prefix at the application-layer
Enforce limits on the number of ongoing connections
from a single system/prefix at a firewall
Measure connection progress at the application-layer
Do not use an unnecessarily large socket send buffer
Enforce per-user and pre-process limits
Enforce limits on the number of ongoing connections
from a single system/prefix at the application-layer
Enforce limits on the number of ongoing connections
from a single system/prefix at a firewall
59. Summary
Even though the simplest distributed DoS
attacks are enough to knock down most web
sites today, the nature of the attack will be
sure to improve, and it’s better to be ready
or, at least be aware of upcoming problems.
Even though the simplest distributed DoS
attacks are enough to knock down most web
sites today, the nature of the attack will be
sure to improve, and it’s better to be ready
or, at least be aware of upcoming problems.
60. References
ModSecurity Advanced Topic of the Week: Mitigation of 'Slow Read" Denial of
Service Attack
http://blog.spiderlabs.com/2012/01/modsecurity-advanced-topic-of-the-week-
mitigation-of-slow-read-denial-of-service-attack.html
DDoS attacks in H2 2011
http://www.securelist.com/en/analysis/204792221/DDoS_attacks_in_H2_2011
The State of the Internet
http://www.akamai.com/stateoftheinternet/
Evaluation of slowhttptest against servers protected by CloudFlare
http://samsclass.info/123/proj10/slow-read.html
Blog posts on hardening web servers
https://community.qualys.com/blogs/securitylabs/
ModSecurity Advanced Topic of the Week: Mitigation of 'Slow Read" Denial of
Service Attack
http://blog.spiderlabs.com/2012/01/modsecurity-advanced-topic-of-the-week-
mitigation-of-slow-read-denial-of-service-attack.html
DDoS attacks in H2 2011
http://www.securelist.com/en/analysis/204792221/DDoS_attacks_in_H2_2011
The State of the Internet
http://www.akamai.com/stateoftheinternet/
Evaluation of slowhttptest against servers protected by CloudFlare
http://samsclass.info/123/proj10/slow-read.html
Blog posts on hardening web servers
https://community.qualys.com/blogs/securitylabs/