From banking details to glimpses of passwords, there are lots valuable data elements on your screen. Unfortunately, as far as Apple’s Mac is concerned this information is up for grabs to whoever gets there first. This is due to the lack of protections surrounding the pixel grabbing API’s of the operating system. With ease of access to computer vision libraries and services, attackers can track screens at scale to pick out only the useful information.
Apple ships a screen capture utility to make it easy for the user to take screenshots. In this presentation, we will lift the bonnet of this utility to learn about the API’s surrounding screen grabbing. Armed with the knowledge, we will explore discovered malware that takes screenshots. Then, we will build better, stealthier malware as an educational exercise. And finally, we will explore some options for improving security of the operating system so that the user can continue enjoying the convenience of taking screenshots but malware would have to work harder.
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...MongoDB
Proximus is one of the biggest Telecom companies in the Belgian market. This year the company began developing a new IoT network using LoRaWan technology. The talk will detail our development team’s search for a database suited to meet the needs of our IoT project, the selection and implementation of MongoDB as a database, as well as well as how we built a system for storing a variety of sensor data with high throughput by leveraging sleepy.mongoose. The talk will also discuss how different decisions around data storage impact applications in regards to both performance and total cost.
EWD 3 Training Course Part 23: Traversing a Range using DocumentNode ObjectsRob Tweed
This presentation is Part 23 of the EWD 3 Training Course. It looks at some of the more advanced techniques that you can use for traversing Global Storage using DocumentNode objects, in particular by NodeName prefixes and ranges
EWD 3 Training Course Part 24: Traversing a Document's Leaf NodesRob Tweed
This presentation is Part 24 of the EWD 3 Training Course. It examines another way to iterate through Global Storage, via its leaf nodes. In some situations this can be a faster and more efficient technique.
MongoDB - Back to Basics - La tua prima ApplicazioneMassimo Brignoli
Eccoci alla seconda puntata della serie Back to Basics edizione 2017. Vedremo come sviluppare un'applicazione con MongoDB studiando come interagire con la base dati. Vedremo come fare le query, creare un indice e studiarne il piano di esecuzione
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...MongoDB
Proximus is one of the biggest Telecom companies in the Belgian market. This year the company began developing a new IoT network using LoRaWan technology. The talk will detail our development team’s search for a database suited to meet the needs of our IoT project, the selection and implementation of MongoDB as a database, as well as well as how we built a system for storing a variety of sensor data with high throughput by leveraging sleepy.mongoose. The talk will also discuss how different decisions around data storage impact applications in regards to both performance and total cost.
EWD 3 Training Course Part 23: Traversing a Range using DocumentNode ObjectsRob Tweed
This presentation is Part 23 of the EWD 3 Training Course. It looks at some of the more advanced techniques that you can use for traversing Global Storage using DocumentNode objects, in particular by NodeName prefixes and ranges
EWD 3 Training Course Part 24: Traversing a Document's Leaf NodesRob Tweed
This presentation is Part 24 of the EWD 3 Training Course. It examines another way to iterate through Global Storage, via its leaf nodes. In some situations this can be a faster and more efficient technique.
MongoDB - Back to Basics - La tua prima ApplicazioneMassimo Brignoli
Eccoci alla seconda puntata della serie Back to Basics edizione 2017. Vedremo come sviluppare un'applicazione con MongoDB studiando come interagire con la base dati. Vedremo come fare le query, creare un indice e studiarne il piano di esecuzione
This presentation is showing how to use the Aggregation Framework, the powerful aggregation language of MongoDB. Using some real data coming from the USA Census, we will discover the most important operations.
EWD 3 Training Course Part 21: Persistent JavaScript ObjectsRob Tweed
This presentation is Part 21 of the EWD 3 Training Course. It explains how Document Node objects and its $() function allow the abstraction of Persistent JavaScript Objects from Global Storage
We use tokens to identify resources and try to ensure data security in insecure environments, however the management of these tokens can get quite complex. When we have distributed environments things are harder to deal with. Come to the magical world of JSON Web Tokens and make your life simpler!
Beyond php - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just wrting PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB
Many applications with high-sensitivity workloads require enhanced technical options to control and limit access to confidential and regulated data. In some cases, system requirements or compliance obligations dictate a separation of duties for staff operating the database and those who maintain the application layer. In cloud-hosted environments, certain data are sometimes deemed too sensitive to store on third-party infrastructure. This is a common pain for system architects in the healthcare, finance, and consumer tech sectors — the benefits of managed, easily expanded compute and storage have been considered unavailable because of data confidentiality and privacy concerns.
This session will take a deep dive into new security capabilities in MongoDB 4.2 that address these scenarios, by enabling native client-side field-level encryption, using customer-managed keys. We will review how confidential data can be securely stored and easily accessed by applications running on MongoDB. Common query design patterns will be presented, with example code demonstrating strong end-to-end encryption in Atlas or on-premise. Implications for developers and others designing systems in regulated environments will be discussed, followed by a Q&A with senior MongoDB security engineers.
This talk is focused on tuning analysing and optimizing MongoDB query and index with the use of Database Profiler and "explain()" function.
Also, performance of database can also be impacted by configuring the underline ( Linux ) OS with some recommended settings which do not come by default.
Geth is widely used to interact with Ethereum networks. Ethereum software enables a user to set up a
“private” or “testnet” Ethereum chain. This chain will be totally different from main chain.
Component that tell geth that we want to use/create a private Ethereum Chain:
1. Custom Genesis file
2. Custom Data Directory
3. Custom Network Id
4. Disable Node Discovery
MongoDB Days Silicon Valley: Data Analysis and MapReduce with MongoDBMongoDB
Presented by Alexander Hendorf, Königsweg
Experience level: Deep dive
The MongoDB aggregation framework provides a means to calculate aggregated values without having to use map-reduce. While map-reduce is powerful, it is often more difficult than necessary for many simple aggregation tasks, such as totaling or averaging field values. In this talk, I will showcase how to use the built-in data-aggregation-pipelines for averages, summation, grouping, reshaping. You will learn how to work with documents, sub-documents, grouping by year, month, day and more.
MongoDB Days Silicon Valley: MongoDB and the Hadoop ConnectorMongoDB
Presented by Luke Lovett, Software Engineer, MongoDB
Experience level: Introductory
MongoDB and Hadoop work powerfully together as complementary technologies. Learn how the Hadoop connector allows you to leverage the power of MapReduce to process data sourced from your MongoDB cluster.
Aggregation pipeline has been able to power your analysis of data since version 2.2. In 4.2 we added more power and now you can use it for more powerful queries, updates, and outputting your data to existing collections. Come hear how you can do everything with the pipeline, including single-view, ETL, data roll-ups and materialized views.
This presentation is showing how to use the Aggregation Framework, the powerful aggregation language of MongoDB. Using some real data coming from the USA Census, we will discover the most important operations.
EWD 3 Training Course Part 21: Persistent JavaScript ObjectsRob Tweed
This presentation is Part 21 of the EWD 3 Training Course. It explains how Document Node objects and its $() function allow the abstraction of Persistent JavaScript Objects from Global Storage
We use tokens to identify resources and try to ensure data security in insecure environments, however the management of these tokens can get quite complex. When we have distributed environments things are harder to deal with. Come to the magical world of JSON Web Tokens and make your life simpler!
Beyond php - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just wrting PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB
Many applications with high-sensitivity workloads require enhanced technical options to control and limit access to confidential and regulated data. In some cases, system requirements or compliance obligations dictate a separation of duties for staff operating the database and those who maintain the application layer. In cloud-hosted environments, certain data are sometimes deemed too sensitive to store on third-party infrastructure. This is a common pain for system architects in the healthcare, finance, and consumer tech sectors — the benefits of managed, easily expanded compute and storage have been considered unavailable because of data confidentiality and privacy concerns.
This session will take a deep dive into new security capabilities in MongoDB 4.2 that address these scenarios, by enabling native client-side field-level encryption, using customer-managed keys. We will review how confidential data can be securely stored and easily accessed by applications running on MongoDB. Common query design patterns will be presented, with example code demonstrating strong end-to-end encryption in Atlas or on-premise. Implications for developers and others designing systems in regulated environments will be discussed, followed by a Q&A with senior MongoDB security engineers.
This talk is focused on tuning analysing and optimizing MongoDB query and index with the use of Database Profiler and "explain()" function.
Also, performance of database can also be impacted by configuring the underline ( Linux ) OS with some recommended settings which do not come by default.
Geth is widely used to interact with Ethereum networks. Ethereum software enables a user to set up a
“private” or “testnet” Ethereum chain. This chain will be totally different from main chain.
Component that tell geth that we want to use/create a private Ethereum Chain:
1. Custom Genesis file
2. Custom Data Directory
3. Custom Network Id
4. Disable Node Discovery
MongoDB Days Silicon Valley: Data Analysis and MapReduce with MongoDBMongoDB
Presented by Alexander Hendorf, Königsweg
Experience level: Deep dive
The MongoDB aggregation framework provides a means to calculate aggregated values without having to use map-reduce. While map-reduce is powerful, it is often more difficult than necessary for many simple aggregation tasks, such as totaling or averaging field values. In this talk, I will showcase how to use the built-in data-aggregation-pipelines for averages, summation, grouping, reshaping. You will learn how to work with documents, sub-documents, grouping by year, month, day and more.
MongoDB Days Silicon Valley: MongoDB and the Hadoop ConnectorMongoDB
Presented by Luke Lovett, Software Engineer, MongoDB
Experience level: Introductory
MongoDB and Hadoop work powerfully together as complementary technologies. Learn how the Hadoop connector allows you to leverage the power of MapReduce to process data sourced from your MongoDB cluster.
Aggregation pipeline has been able to power your analysis of data since version 2.2. In 4.2 we added more power and now you can use it for more powerful queries, updates, and outputting your data to existing collections. Come hear how you can do everything with the pipeline, including single-view, ETL, data roll-ups and materialized views.
Lecture 4 from the COSC 426 graduate class on Augmented Reality. Taught by Mark Billinghurst from the HIT Lab NZ at the University of Canterbury. August 1st 2012
The Doodle3D WiFi-Box makes almost all 3D printers wirelessly controllable through a simple REST API. This means you can control them
using Processing, openFrameworks, JavaScript, Arduino, Delphi, Cinder etc. Basically any language that can send and receive HTTP requests (AJAX).
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-daysPriyanka Aash
Death from a million bugs. Android has become one of the world’s most deployed operating systems. Recently researchers have been focused on uncovering vulnerabilities in the Android smartphone ecosystem. This session will present newly developed automated vulnerability analysis techniques that resulted in the discovery of hundreds of previously unknown vulnerabilities.
Learning Objectives:
1: Learn how to use automated vulnerability analysis to ID security bugs at scale.
2: Learn about state-of-the-art and novel techniques for automated vulnerability analysis.
3: Learn proven techniques to find vulnerabilities in bootloaders, kernel drives and apps.
(Source: RSA Conference USA 2018)
Wszyscy zostaliśmy oszukani! Automatyczne zarządzanie pamięci rozwiąże wszystkie Wasze problemy, mówili. W zarządzanych środowiskach takich jak CLR JVM nie będzie wycieków pamięci, mówili! Właściwie pamięć jest tania i nie musisz się już nią nigdy więcej martwić. Wszyscy kłamali. Automatyczne zarządzanie pamięcią jest wygodną abstrakcją i bardzo często działa dobrze. Ale jak każda abstrakcja, wcześniej czy później "wycieka" ona. I to najczęściej w najmniej spodziewanym i przyjemnym momencie. W tej sesji spróbuję otworzyć oczy na fakt, że błoga nieświadomość nt. tej abstrakcji może być kosztowna. Pokażę jak może się objawić frywolne traktowanie pamięci i co możemy zyskać pisząc kod zdając sobie sprawę, że pamięć jednak nie jest nieskończona, tania i zawsze jednakowo szybka.
Beyond php - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just wrting PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.
From the user’s perspective Android and iOS are not too dissimilar. One is cheaper than the other and pretty much everyone makes their apps for both types of phones. However, from the security testing perspective things are very different. Android is open and has lots of standard mechanisms to assist with testing. On the other hand, iOS is closed and requires lots of non standard methods for black box testing. The caveat is, of course, unless you own and control the build of the application but, that not completely black box. If you do then you can use any number of tools: Appium, Apple UI Automation, etc.
This talk will cover reasons for why we constrain ourselves to this type of testing as well as various tools and techniques for instrumenting iOS apps to do UI automation. Specifically, we are constrained to no source code and no way to make a special build. The jailbreak community has developed many of these building blocks that if used in concert can provide for a powerful testing automation framework. This talk will also demonstrate a reference implementation of an extensible tool that brings all the primitives together to automate the testing of iOS application.
iOS holds some of our most important data. So, it is important to understand how it works and hopefully get a better sense of how to protect it. In this talk we will start with some relatively high level attacker perspectives. Then, we will dive deep into some of the tools and techniques we can use to analyze most sensitive phone apps.
ISIS (Now OSIRIS) Lab at NYU Tandon school hosts weekly sessions for young hackers. They excelled at developing this talent. This week I gave a talk discussing where vulnerabilities occur, how people handle them as well as a deep dive into various technical aspects of the Application Binary Interface (ABI) for the XNU derived kernels. The deep dive also included covering the loading mechanisms for Mach-O though the kernel and DYLD.
For the second part, I did a walk through which is recorded on youtube (https://www.youtube.com/watch?v=yg9svg9xE8g). It is about how we can use GCC to help you write assembly for your shellcode. It is especially useful for complex logic and for getting you bootstrapped on architectures you might not be familiar with. We use GCC to build up concise code for executing a system call. Just be aware that using GCC for this purpose will usually be enough to buildup ~90% of the work, you'd be responsible to shape it into something that meets all the requirements of your exploit.
At the end, there is a challenge given. It is to build shellcode which downloads and loads a dylib into a process without touch disk. There is a template on github (https://github.com/nologic/shellcc) for downloading and loading from disk.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
3. “Synack leverages the best combination of humans
and technology to discover security
vulnerabilities in our customers’ web
apps, mobile apps, IoT devices and infrastructure
endpoints”
6. ● Reported by Kaspersky in May 2018
● Android based malware
● Targeted middle eastern phones
● Focuses on information theft
○ Exfiltration via HTTP GET request
parameters
● Distributed via Watering Holes
○ Alnaharegypt[.]com - with an iframe to
malicious APK.
ZooPark
the inspiration
7. ● Version 1
○ Contacts/Accounts
● Version 2
○ Call logs/GPS Location
○ SMS Messages/Device Information
● Version 3
○ Audio Call Records
○ Installed Application Details
○ Browser Data - bookmarks & History
○ Photos & Pictures from memory card
● Version 4 (suspected to be outsourced)
○ Keylogs/Clip data
○ Arbitrary file/folders
○ Capturing photos/videos/audio/ screenshots/screen records
○ External Application data (Telegram, WhatsApp, IMO, Chrome)
○ Remote Shell/Silently Sending SMS/Making phone calls
ZooPark
features
F536BC5B79C16E9A84546C2049E810E1
Android screencapture malware
in not unique! (July 2017)
9. $ otool -L /usr/sbin/screencapture
/usr/sbin/screencapture:
/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/SkyLight
/System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Which screencapture
an overview
The "bin" version contains general-use programs, while the "sbin" version
contains programs that're generally only used for system administration.
http://www.westwind.com/reference/OS-X/invisibles.html
$ codesign -d --entitlements - `which screencapture`
Executable=/usr/sbin/screencapture
Libraries with the relevant functions:
_CGDisplayCreateImage (CoreGraphics)
-> _SLSHWCaptureDesktop (SkyLight)
Maps to _XHWCaptureDesktop in
server-side SkyLight
Shared with
WindowServer!
No Special
entitlements!
17. 1. msgh_id = 0x7152 // start a session
2. msgh_id = 0x7148 // test connection, get MIG version
3. msgh_id = 0x7475 // display state, find the display ID
4. msgh_id = 0x7468 // create secondary session
5. msgh_id = 0x732A // request screen pixels
6. mach_vm_map // map pixels to local process memory
Mach msg sequence
MIG
18. There is more than one way
There usually is!
CGImageRef screenshot = CGWindowListCreateImage(
CGRectInfinite,
kCGWindowListOptionOnScreenOnly,
kCGNullWindowID,
kCGWindowImageDefault);
NSBitmapImageRep *bitmapRep =
[[NSBitmapImageRep alloc] initWithCGImage:screenshot];
https://krausefx.com/blog/mac-privacy-sandboxed-mac-apps-can-take-screenshots
rdar://37423927
20. Malware in action
video demo
1. Cocoa base application
2. Runs in a full sandbox
3. File write allowed for demo
21. (allow mach-lookup (global-name "com.apple.windowserver.active"))
● cdm.sb:
○ Content Decryption Module (CDM). A CDM is required for a media renderer, audio decoder or
video decoder to handle protected content (chromium).
● gpu_v2.sb
○ Allow communication between the GPU process and the UI server.
● ppapi_v2.sb
○ Pepper Plugin API (PPAPI) was initially only supported by Google Chrome and Chromium.
Later, other Chromium-based browsers such as Opera and Vivaldi, also added PPAPI plugin
support.
Sandbox
Chrome
https://www.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design
22. // The "Safe Mode" Flash NPAPI plugin process profile
static const char flashPluginSandboxRules[] = R"SANDBOX_LITERAL(
; Services
(allow mach-lookup
(global-name "com.apple.windowserver.active")
Sandbox
firefox
static const char widevinePluginSandboxRulesAddend[] = R"SANDBOX_LITERAL(
(allow mach-lookup (global-name "com.apple.windowserver.active"))
) SANDBOX_LITERAL";
https://hg.mozilla.org/mozilla-central/file/tip/security/sandbox/mac/SandboxPolicies.h
- Widevine DRM is also used with the Chromium web browser and on Android.
static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
(version 1)
(if (string=? hasWindowServer "TRUE")
(allow mach-lookup (global-name "com.apple.windowserver.active")))
23. Sandbox
Positron - a experimental, Electron-compatible runtime on top of Gecko
static const char widevinePluginSandboxRulesAddend[] =
"(allow mach-lookup (global-name
"com.apple.windowserver.active"))n";
https://github.com/mozilla/positron/blob/master/security/sandbox/mac/Sandbox.mm
- Widevine DRM is also used with the
Chromium web browser and on Android.
static const char contentSandboxRules[] =
"(version 1)n"
"n"
"(define sandbox-level %d)n"
" (allow mach-lookupn"
" (global-name
"com.apple.windowserver.active")n"
24. Window server gets abused a lot:
https://blog.ret2.io/2018/07/25/pwn2own-2018-safari-sandbox/
Sandbox
Safari - Webkit
com.apple.WebProcess.sb.in:
(allow mach-lookup
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400
#else
(global-name "com.apple.windowserver.active")
#endif
)
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400
(deny mach-lookup (with no-log)
(global-name "com.apple.windowserver.active"))
#endif
com.apple.WebKit.plugin-common.sb.in:
;; Various services required by AppKit
;; and other frameworks
(allow mach-lookup
(global-name "com.apple.windowserver.active")
https://github.com/WebKit/webkit
25. Why is that an issue?
Protected by sandbox
python extractshell.py -o screencap -s screencap.b
hexdump -C screencap.b
00000000 55 41 57 41 56 41 55 41 54 53 48 81 ec 48 08 00 |UAWAVAUATSH..H..|
00000010 00 31 ed 48 8d 5c 24 34 89 2b 4c 8d 74 24 2c 41 |.1.H.$4.+L.t$,A|
00000020 89 2e 4c 8b 25 6c 06 00 00 41 8b 3c 24 be 04 00 |..L.%l...A.<$...|
…
000003f0 40 13 15 00 00 89 44 24 48 e8 45 01 00 00 89 44 |@.....D$H.E....D|
00000400 24 4c 48 b8 00 00 00 00 2a 73 00 00 48 89 44 24 |$LH.....*s..H.D$|
00000410 50 c6 44 24 5c 01 0f 57 c0 0f 29 44 24 60 0f 28 |P.D$..W..)D$`.(|
…
00000510 00 00 00 63 6f 6d 2e 61 70 70 6c 65 2e 77 69 6e |...com.apple.win|
00000520 64 6f 77 73 65 72 76 65 72 2e 61 63 74 69 76 65 |dowserver.active|
Shellcode can do it in
about 9076 bytes
mach_msg and
mach_vm_map are
mach system calls
Can networking and
windowserver be
accessed at the same
time?
https://github.com/nologic/shellcc SHELLCC is a build environment for making shellcode in C
using GCC and other binary tool. It is meant to enable people with limited knowledge of assembly
to write quality shellcode as well as bring code maintainability by using a high level language.
26. Chrome is active:
Sublime has these documents open:
And now, the terminal:
Efficient collection
Thanks touchbar
● Screenshot of regular resolution is about:
1.4M PNG Compressed.
● An image of touchbar can be used for a more
efficient selection of timing.
29. Finding malware
thanks VT/Yara
1124 matched samples
15 Anti-virus (AV) flagged
6 Sample with great than 1 AV
Great for research, need better rules
for anything production
Simple static signatures aren’t great
for endpoint protection
30. while [ -z "$DONE" ]; do
DONE="done"
for hash in `cat hashes`; do
if [ -z "`cat $hash.json`" ]; then
curl -s --request POST
--url 'https://www.virustotal.com/vtapi/v2/file/report'
-d apikey=${APIKEY}
-d "resource=$hash" > $hash.json
cat $hash.json
sleep 2
DONE=
fi
done
sleep 2
done
Filtering samples
Getting around throttling
31. Meeting the malware: Mokes
664e0a048f61a76145b55d1f1a5714606953d69edccec5228017eb546049dc8c
Mokes
● Uses CoreGraphics via Qt
● Specifically:
QCocoaScreen::grabWindow
● Capturing Screen (every 30 sec.)
QPixmap QCocoaScreen::grabWindow(WId window,
int x, int y, int width, int height) const
{
// 128 displays should be enough
// for everyone.
const int maxDisplays = 128;
CGDirectDisplayID displays[maxDisplays];
CGDisplayCount displayCount;
...
for (uint i = 0; i < displayCount; ++i) {
const CGRect bounds =
CGDisplayBounds(displays[i]);
...
QCFType<CGImageRef> cgImage =
CGDisplayCreateImage(displays[i]);
const QImage image =
qt_mac_toQImage(cgImage);
}
}
32. Meeting the malware: Macs
6acd92d0dfe3e298d73b78a3dcc6d52ff4f85a70a9f2d0dcfe7ae4af2dd685cc
Macs
● Uses ‘/usr/sbin/screencapture -x [] -T 20’
● It dumps screenshots into a folder called MacApp
33. Meeting the malware: blackhole
d1a0c589b3ac33626d47156aaa938be92ba3d6f889de5a6f62d4afe0ac2cf65a
blackhole
● Comes with a PPC version
○ why?!
● /usr/sbin/screencapture -x
/Applications/.JavaUpdater/.Data/Screen.png
● No one reports on screen capture capability
34. Meeting the malware: Eh?!
f1e98602683603bab5e08de8dc00e62ae27bf4ed6164f3e45ab26628f5453481
vmdk part with malware
● I’m not malware
● Why would someone upload this to VT?
● References screencapture but nothing directly executable
$ strings f1e98602683603bab5e08de8dc00e62ae27bf4ed6164f3e45ab26628f5453481 | grep
screencapture
Pscreencapture
I,screencapture -T 0 -x 1.png/miner.sh %s %u %s %s/polipo -c polipo.cfgtcp
jO/usr/sbin/screencapture/bin/sh/usr/bin/curlX-ASIHTTPRequest-Expiresm_FolderList
m_zipUploadm_ComputerName_UserNamem_uploadURL/lang.php
$ hexdump -C f1e98602683603bab5e08de8dc00e62ae27bf4ed6164f3e45ab26628f5453481 |
head
00000000 4b 44 4d 56 01 00 00 00 03 00 00 00 00 00 7f 00 |KDMV............|
00000010 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 |................|
Definitely some kind
of malware in there
35. Meeting the malware: WINDSHIFT
Need a hash
Recent findings by
DarkMatter at HiTB
APT?
37. On the endpoint
file attributes
$ mdfind kMDItemIsScreenCapture = 1
/Users/nl/Desktop/Screen Shot 2018-05-15 at 10.52.35 PM.png
/Users/nl/Desktop/Screen Shot 2018-04-24 at 6.26.21 PM.png
/Users/nl/Desktop/Screen Shot 2018-04-24 at 6.25.52 PM.png
$ ls -l@ "Screen Shot 2018-05-15 at 10.52.35 PM.png"
-rw-r--r--@ 1 nl staff 120087 May 15 22:52 /Users/nl/Desktop/Screen Shot
2018-05-15 at 10.52.35 PM.png
com.apple.FinderInfo 32
com.apple.lastuseddate#PS 16
com.apple.metadata:kMDItemIsScreenCapture 42
com.apple.metadata:kMDItemScreenCaptureGlobalRect 86
com.apple.metadata:kMDItemScreenCaptureType 51
$ mdls "Screen Shot 2018-05-15 at 10.52.35 PM.png"
_kMDItemDisplayNameWithExtensions = "Screen Shot 2018-05-15 at 10.52.35 PM.png"
kMDItemIsScreenCapture = 1
$ xattr -l "Screen Shot 2018-05-15 at 10.52.35 PM.png"
com.apple.metadata:kMDItemIsScreenCapture:
00000000 62 70 6C 69 73 74 30 30 09 08 00 00 00 00 00 00 |bplist00........|
00000010 01 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 09
1. Who created the
file?
2. Why would malware
set this
attribute?
3. Why would malware
create a file?
38. $ sudo frida-trace
-a 'SkyLight!43287' WindowServer
Instrumenting functions...
sub_43287: Auto-generated handler at
"./__handlers__/SkyLight/sub_43287.js"
Started tracing 1 function. Press Ctrl+C to stop.
/* TID 0x307 */
6791 ms sub_43287()
On the endpoint
tracing functions
_XHWCaptureDesktop
1. Frida/DTrace lite-weight tracing frameworks
2. Proper debugging is too heavy
3. Thwarted by SIP on OS X (Good! But blunt)
39. On the endpoint
who did it?!
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
frame #0: 0x00007fff544c3287 SkyLight`_XHWCaptureDesktop
SkyLight`_XHWCaptureDesktop:
-> 0x7fff544c3287 <+0>: pushq %rbp
0x7fff544c3288 <+1>: movq %rsp, %rbp
0x7fff544c328b <+4>: pushq %r15
0x7fff544c328d <+6>: pushq %r14
Target 0: (WindowServer) stopped.
(lldb) x/10wx $rdi
0x7ffee4c12610: 0x00001112 0x00000048 0x000153ab 0x0001249b
0x7ffee4c12620: 0x00000000 0x0000732a 0x00000000 0x00000001
0x7ffee4c12630: 0x00000000 0x00000000
$ sudo lsmp -a
Process (4460) : screencapture
name ipc-object rights identifier type
--------- ---------- ---------- ----------- ------------
0x00000103 0x56e57599 send 0x00000000 TASK SELF (4460) screencapture
0x00000507 0x56e57a31 send 0x00000000 THREAD (0x7faf5)
0x00000603 0x56e56729 recv
+ send-once 0x000153ab (157) WindowServer
1. Breakpoint in
WindowServer
2. First parameter is
the mach message
3. We can see the
source port
4. Using source port
we can get the
PID/Task of the
source process
41. OS Mitigations
1) proposal: logging
Build a mechanism for allowing
logging or trapping functions in
SIP protected processes
Notification popup for any app
that triggered screen capture
42. OS Mitigations
2) proposal: filter
Mach ports pass messages. It’s high time that
a firewall is developed to block certain
messages on demand:
○ Message ID 732Ah is a request for a
screencapture.
○ Could be defined in the same way as
sandbox permissions:
(deny mach-msg
(mach-msg-id 0x732a))
○ Performance concerns balanced via
ports/processes selection
43. OS Mitigations
3) proposal: permissions
Only sandboxed applications with proper
entitlements should be given access to API’s
that access pixels of other applications.*
* macOS Mojave: New data protections require apps to get user
permission before using Mac camera and microphone (It’s a start)
45. Some malware is thorny!
... but
“In particular, our study concludes that targeted
malware does not use more anti-debugging and
anti-VM techniques than generic malware, although
targeted malware tend to have a lower antivirus
detection rate.”
-- “Advanced or not?..,” P. Chen, et. al.
46. ● Lots of malware steals pixels
● Can do it direct through Mach Interfaces
● Sandboxes don’t help... Maybe a little.
● Proposed mitigations. Thoughts?
Conclusion
takeaways