The document discusses several tools for testing iOS applications, including ChaoticMarch, Machshark, and Objc_trace. ChaoticMarch is described as a tool for simulating user interactions and automating testing of an iOS app. It allows writing Lua scripts to interact with the UI and regulate test execution speed. Machshark is a tool for analyzing Mach IPC messages and Objc_trace is used to trace Objective-C method calls. Code snippets are provided showing examples of how to use ChaoticMarch to automate tapping buttons and entering text, as well as how Machshark and Objc_trace work.
Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.
OSX/Flashback
El sistema operativo Apple OS X, al igual que todos los sistemas operativos, puede convertirse en una víctima de software malicioso. Antes de la aparición de OSX/Flashback, hubo varios casos documentados de malware dirigido a OS X; pero hasta ahora, OSX/Flashback fue el que cobró la mayor cantidad de víctimas. En este artículo se describen las características técnicas más interesantes de la amenaza, en especial el método utilizado para espiar las comunicaciones de red y los algoritmos para la generación dinámica de nombres de dominio. También se incluye una línea de tiempo con los puntos más importantes del malware, cuyo ciclo de vida persistió durante tantos meses.
Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.
OSX/Flashback
El sistema operativo Apple OS X, al igual que todos los sistemas operativos, puede convertirse en una víctima de software malicioso. Antes de la aparición de OSX/Flashback, hubo varios casos documentados de malware dirigido a OS X; pero hasta ahora, OSX/Flashback fue el que cobró la mayor cantidad de víctimas. En este artículo se describen las características técnicas más interesantes de la amenaza, en especial el método utilizado para espiar las comunicaciones de red y los algoritmos para la generación dinámica de nombres de dominio. También se incluye una línea de tiempo con los puntos más importantes del malware, cuyo ciclo de vida persistió durante tantos meses.
Не так давно Гор Нишанов представил свой доклад: C++ Coroutines a negative overhead abstraction. В этом докладе Гор упомянул, что предложенный дизайн корутин позволяет их использовать практически в любых окружениях, в том числе и с "бедным" C++ рантаймом.
Я решил попробовать запустить корутины в следующих окружениях: обычное приложение, драйвер ОС Windows, EFI приложение. Только в одном из этих окружений есть полноценный C++ рантайм и поддержка исключений, в остальных ничего этого нет. Более того, EFI приложение вообще выполняется до старта ОС.
Я хочу рассказать о том, как мне удалось запустить корутины в этих окружениях, поговорим о том, какие проблемы существуют в асинхронном системном программировании и как их можно обойти.
In the recent Functional Thursday meetup, I gave this talk about SpiderMonkey: Mozilla's JavaScript engine used in Firefox. The content covers the architecture and some interesting internal implementations.
[2007 CodeEngn Conference 01] seaofglass - Linux Virus AnalysisGangSeok Lee
2007 CodeEngn Conference 01
리눅스 바이러스인 Sickabs.dr에 대해 각 함수별 상세 분석 설명과 이를 C 언어로 구현하여 설명한다. File #1은 Sickabs.dr 바이러스를 C로 복원한 파일이고, File #2는 Sickabs.dr 바이러스 백신이다.
http://codeengn.com/conference/01
Работа с реляционными базами данных в C++corehard_by
Поговорим в первую очередь о библиотеках, которые унифицируют работу с различными БД: Oracle, MSSQL, Postgres, MySQL и др. Я поделюсь своим опытом работы с некоторыми из них. А также посмотрим, что может нас ожидать в будущем в плане работы с SQL базами данных.
Buffer overflows have been the most common security vulnerability for the last few years. These are considered as one of the oldest and more reliable methods. Due to the latest linux defences it has become difficult to attack using traditional buffer overflow technique . This led to the development of the return-oriented programming technique.
Return-oriented programming is a type of security attack, in which you can take the control over saved instruction pointer and can induce unpredictable behavior in a program in which exploit is under our control without injecting any malicious code.
In this presentation I will trace the origins of ROP and some related techniques such as Call and Jump Oriented Programming as well as some advanced techniques like JIT-ROP, BROP and SROP.
Вы узнаете о том, как при помощи syzkaller обнаружить уязвимости ядра Linux. syzkaller — инструмент для фаззинга системных вызовов Linux. Во время тестирования ядра Linux внутри компании Google фаззер нашел более 400 уязвимостей; внешними пользователями также было обнаружено множество ошибок.
Leilão da Prefeitura Municipal de Paracuru, Ceará-BRFrancisco Luz
Leilão de Paracuru é constituído de 43 lotes, sendo 14 pirâmides formadas por sucatas de metais e madeiras diversas; equipamentos de informática, som&imagem, copiadoras, telefonia, refrigeração; carteiras e mesas escolares, equipamentos odontológicos, hospitalares e acessórios diversos; mobiliário em madeira e ferro, além de dois cofres de aço e compactador para lixo.
Os outros 29 lotes se referem a veículos automotores, sendo 3 motocicletas Honda, 13 automóveis de várias marcas, 4 camionetas tipos Saveiro (ambulância), Kombi, Ducato, D-20; jipe Troller; 4 caminhões; ônibus, microônibus, motoniveladora e pá carregadeira.
Не так давно Гор Нишанов представил свой доклад: C++ Coroutines a negative overhead abstraction. В этом докладе Гор упомянул, что предложенный дизайн корутин позволяет их использовать практически в любых окружениях, в том числе и с "бедным" C++ рантаймом.
Я решил попробовать запустить корутины в следующих окружениях: обычное приложение, драйвер ОС Windows, EFI приложение. Только в одном из этих окружений есть полноценный C++ рантайм и поддержка исключений, в остальных ничего этого нет. Более того, EFI приложение вообще выполняется до старта ОС.
Я хочу рассказать о том, как мне удалось запустить корутины в этих окружениях, поговорим о том, какие проблемы существуют в асинхронном системном программировании и как их можно обойти.
In the recent Functional Thursday meetup, I gave this talk about SpiderMonkey: Mozilla's JavaScript engine used in Firefox. The content covers the architecture and some interesting internal implementations.
[2007 CodeEngn Conference 01] seaofglass - Linux Virus AnalysisGangSeok Lee
2007 CodeEngn Conference 01
리눅스 바이러스인 Sickabs.dr에 대해 각 함수별 상세 분석 설명과 이를 C 언어로 구현하여 설명한다. File #1은 Sickabs.dr 바이러스를 C로 복원한 파일이고, File #2는 Sickabs.dr 바이러스 백신이다.
http://codeengn.com/conference/01
Работа с реляционными базами данных в C++corehard_by
Поговорим в первую очередь о библиотеках, которые унифицируют работу с различными БД: Oracle, MSSQL, Postgres, MySQL и др. Я поделюсь своим опытом работы с некоторыми из них. А также посмотрим, что может нас ожидать в будущем в плане работы с SQL базами данных.
Buffer overflows have been the most common security vulnerability for the last few years. These are considered as one of the oldest and more reliable methods. Due to the latest linux defences it has become difficult to attack using traditional buffer overflow technique . This led to the development of the return-oriented programming technique.
Return-oriented programming is a type of security attack, in which you can take the control over saved instruction pointer and can induce unpredictable behavior in a program in which exploit is under our control without injecting any malicious code.
In this presentation I will trace the origins of ROP and some related techniques such as Call and Jump Oriented Programming as well as some advanced techniques like JIT-ROP, BROP and SROP.
Вы узнаете о том, как при помощи syzkaller обнаружить уязвимости ядра Linux. syzkaller — инструмент для фаззинга системных вызовов Linux. Во время тестирования ядра Linux внутри компании Google фаззер нашел более 400 уязвимостей; внешними пользователями также было обнаружено множество ошибок.
Leilão da Prefeitura Municipal de Paracuru, Ceará-BRFrancisco Luz
Leilão de Paracuru é constituído de 43 lotes, sendo 14 pirâmides formadas por sucatas de metais e madeiras diversas; equipamentos de informática, som&imagem, copiadoras, telefonia, refrigeração; carteiras e mesas escolares, equipamentos odontológicos, hospitalares e acessórios diversos; mobiliário em madeira e ferro, além de dois cofres de aço e compactador para lixo.
Os outros 29 lotes se referem a veículos automotores, sendo 3 motocicletas Honda, 13 automóveis de várias marcas, 4 camionetas tipos Saveiro (ambulância), Kombi, Ducato, D-20; jipe Troller; 4 caminhões; ônibus, microônibus, motoniveladora e pá carregadeira.
Olá, tudo bem?
Sou eu, Flávio Queiroz, neste post vou ensinar como criar um e-mail Gmail, este e-mail vai facilitar muito sua vida como empreender, visto que após realizar seu cadastro, você estará automaticamente cadastrado em todos os serviços Google.
Para saber mais clique aqui: http://flavioqueiroz.com/como-criar-um-e-mail-gmail/
MVP ShowCast 2014 - O dia a dia do Cientista de DadosDiego Nogare
Com o novo buzzword de tecnologia Big Data, surgiu uma nova profissão: a do Cientista de Dados. Nesta palestra, o MVP em SQL Server Diego Nogare apresenta o que o mercado (e os outros profissionais) devem esperar de um Cientista de Dados, e como esta nova profissão pode ajudar sua empresa.
Ml based detection of users anomaly activities (20th OWASP Night Tokyo, Japan...Yury Leonychev
This is a Japanese slides of my presentation about machine learning implementation for model web application. Some advices for developers, which decided to create the same implementation in real production environment.
We're living in an age of devices and applications that push the boundaries of dreams, an age of instant gratification, but also the age of Digital Rights Management and Copyright laws. With questionably illegal modifications becoming simple enough for children to use, where does the line get drawn between squeezing more functionality out of your digital devices and software and breaking felony laws? In this talk attendees will explore the justifications and rationales behind the use of questionable hardware and software modifications and understand the mentality behind why their use is rapidly catching on in the general population.
Drupal Coder Zafiyet Analizi & İstismar Kodu GeliştirimesiMehmet Ince
Geçtiğimiz ay, popüler bir Drupal modülü üzerinde kritik güvenlik açığı yaması Drupal Security ekibi tarafından yayınlanmıştı.
Bu zafiyetin PoC kodunun internete düşmemesi, bildiğimiz kadarıyla Core Security firmasında çalışan güvenlik araştırmacılarının henüz zafiyeti ciddi anlamda tetikleyici yöntem bulamamış olmaları, şahsım adına benim ilgimi çeken nokta olmuştu. 2 gün süren çalışmanın neticesinde stabil çalışan bir uzaktan komut çalıştırma zafiyetini tespit edip ve metasploit modülünü geliştirdik.
Zafiyetin son derece basit olmasına karşın, sömürme yönteminin son derece karmaşık olması güzel bir case-study ortaya koyduğu kanaatindeyim.
Bu nedenle, tüm süreci anlatan ve 19. sayfa süren "Drupal Coder Vulnerability Analysis & Metasploit Module Dev" başlıklı Türkçe zafiyet analizi yazımızı sizlerle paylaşmak istedim.
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. While many analysts have a grasp on how to appropriately reverse malware, there is large room for improvement by extracting critical indicators, correlating on key details, and cataloging artifacts in a way to improve your corporate response for the next attack. This talk will cover beyond the basics of malware analysis and focus on critical indicators that should analysts should focus on for attribution and better reporting.
From the user’s perspective Android and iOS are not too dissimilar. One is cheaper than the other and pretty much everyone makes their apps for both types of phones. However, from the security testing perspective things are very different. Android is open and has lots of standard mechanisms to assist with testing. On the other hand, iOS is closed and requires lots of non standard methods for black box testing. The caveat is, of course, unless you own and control the build of the application but, that not completely black box. If you do then you can use any number of tools: Appium, Apple UI Automation, etc.
This talk will cover reasons for why we constrain ourselves to this type of testing as well as various tools and techniques for instrumenting iOS apps to do UI automation. Specifically, we are constrained to no source code and no way to make a special build. The jailbreak community has developed many of these building blocks that if used in concert can provide for a powerful testing automation framework. This talk will also demonstrate a reference implementation of an extensible tool that brings all the primitives together to automate the testing of iOS application.
Pierre Alban nous présentera le fonctionnement de la technologie de détection d’empreintes de nos iPhones, plus connu sous le nom de TouchID. Il abordera le côté technique (dont les nouvelles API iOS8) mais aussi les cas d’usages qui nous sont offerts.
Every software developer knows object oriented programming; in fact most use it every day. Using OOP enables code reuse and creates readable and maintainable code.
But there are places where object oriented is just not enough. There are features that cut across the entire system such as security, logging and transaction handling which are hard to implement efficiently using the OO paradigm.
Aspect Oriented Programming (AOP) helps us deal with these application-wide concerns by adding a high level of reuse to the traditional OOP framework.
In this session I'll explain what AOP is all about and how it can be implemented in .NET using simple methods and industrial grade frameworks to improve the developer's everyday work by using aspects.
Secure integration of cryptographic software. By modeling the variability in cryptography components, we help application developers configure the cryptography tasks they need. Presented at ONWARD! '15 in Pittsburgh.
The ColdBox cbsecurity module is a collection of modules to help secure your ColdBox applications. In this session, we will explore all the features behind CBSecurity 3. We will build an application using the module to showcase authentication, authorization, and JWT authentication.
https://coldbox-security.ortusbooks.com/
https://intothebox.org
https://cfcasts.com/
Docker Logging and analysing with Elastic StackJakub Hajek
Collecting logs from the entire stateless environment is challenging parts of the application lifecycle. Correlating business logs with operating system metrics to provide insights is a crucial part of the entire organization. What aspects should be considered while you design your logging solutions?
Docker Logging and analysing with Elastic Stack - Jakub Hajek PROIDEA
Collecting logs from the entire stateless environment is challenging parts of the application lifecycle. Correlating business logs with operating system metrics to provide insights is a crucial part of the entire organization. We will see the technical presentation on how to manage a large amount of the data in a typical environment with microservices.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
2. ME!
“leverages the best combination of humans
and technology to discover security
vulnerabilities in our customers’ web
apps, mobile apps, IoT devices
and infrastructure endpoints”
Employer!
- SYNACK.com
3. Our privacy. Our money.Our freedoms.
Wouldn’t want to lose any of those things!
8. 1. Allocate a page - a jump page
2. Set objc_msgSend readable and writable
3. Copy preamble bytes from objc_msgSend
4. Check for branch instructions in preamble
5. Modify objc_msgSend preamble
6. Set jump page to readable and executable
7. Set objc_msgSend readable and executable
Objc_Trace
Call Sequence
Hook Steps
9. void* hook_callback64_pre(id self, SEL op, void* a1, ...) {
Class cls = object_getClass(self);
if(cls != NULL && op != NULL)
cacheImp = c_cache_getImp(cls, op);
if(!cacheImp) {
// not in cache, never been called, record the call.
…
const struct mach_header* libobjc_base = libobjc_dylib_base();
c_cache_getImp = (p_cache_getImp)((uint8_t*)libobjc_base) + 97792 + 0x4000;
Only record unseen
method calls
Find the cache check
function cache_getImp
18. ● Lua Scriptable Logic
● Standard functions for touching the device
● Options for record/replay
● Finding UI Components
● Regulating speed of execution
● Support for multiple targets
● Mechanisms for generic logic
● Lightweight injected module
Source
20. while true do
local button = getButton(clickedButtons)
-- put some info in.
fill_all_fields()
click_button(button)
if(button["text"] ~= nil) then
clickedButtons[button["text"]] = 1
end
usleep(2 * 1000000)
end
23. 1 - Make a post
2 - Get exploited
binary/XSS with phish
3 - Steal creds or tokens
4 - Put up a draft
5 - Request messages
6 - respond with attack
content
Attacker
User
We focus
on this
24.
25. while true do
local inputs = findOfTypes("UITextField", "")
for index, inputField in pairs(inputs) do
click_button(inputField)
inputText("SomeInput!!")
end
-- touch login
touchDown(3, 138, 619);
usleep(83148.83);
touchUp(3, 141, 615);
check_alert()
end
Source