SlideShare une entreprise Scribd logo

Attacking Drupal

Greg Foss
Greg Foss

Drupal is a very popular content management system that has been widely adopted by government agencies, major businesses, social networks, and more. This talk focuses on the penetration tester's perspective of Drupal and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists. Download the associated scripts, movies, and checklist here: https://github.com/gfoss/attacking-drupal

Technologie
1  sur  104
Télécharger pour lire hors ligne
Company Confidential Attacking  Drupal   Hacking  and  Securing  Drupal  Web  Applications     Greg  Foss  |  @heinzarelli  
Company Confidential •  Greg  .  Foss  [at]  LogRhythm  .  com   •  Senior  Security  Research  Engineer  @     •  LogRhythm  Labs  -­‐-­‐  Threat  Intelligence  Team   •  Web  Developer    =>    Penetration  Tester    =>    Researcher   who  
Company Confidential what  
Company Confidential •  Open  Source!   •  Popular  –  Government,  Business,  Personal,  etc.   •  Easy  to  install,  configure,  and  use.   •  Minimal  back-­‐end  knowledge  or  PHP/MySQL  experience  necessary   (for  basic  site  configurations)     •  Excellent  community!   why  
Company Confidential think  like  the  bad  guys…   how  
Company Confidential question…  
Company Confidential NO  
Company Confidential •  Drupal  core  is  fairly  well  hardened  against  injection  attacks   •  Contributed  and/or  third-­‐party  modules  are  not…   •  Good  exploits  are  few  and  far  between…   why  scanning  isn’t  enough  
Company Confidential why  scanning  isn’t  enough  
Company Confidential why  scanning  isn’t  enough  
Company Confidential •  [domain.com]  inurl:changelog.txt   other  ways  to  find  site  information  
Company Confidential •  https://code.google.com/p/cms-­‐explorer/   •  #  perl  cms-­‐explorer.pl  -­‐-­‐url  http:// attacking.drupal.org/d7/  -­‐-­‐type  drupal  -­‐-­‐osvdb     •  http://blindelephant.sourceforge.net/   •  #  python  BlindElephant.py  http:// attacking.drupal.org/d7  drupal   intelligent  fingerprinting  
Company Confidential
Company Confidential GitHub  queries  
Company Confidential •  http://blog.conviso.com.br/2013/06/github-­‐hacking-­‐for-­‐fun-­‐and-­‐ sensitive.html     GitHub  scraping  
Company Confidential •  Scrape  an  internal  GitHub  deployment…   GitHub  scraping  
Company Confidential •  Drupal  6   •  MySQL  Connection  String:   [docroot]/sites/default/settings.php  
Company Confidential •  Drupal  7   •  MySQL  Credentials   •  Drupal  Hash  Salt   [docroot]/sites/default/settings.php  
Company Confidential remediation  
Company Confidential •  Static  analysis  is  outside  of  the  scope  of  this  talk…   •  For  more  information  on  the  inner-­‐workings  of  Drupal  security,  please   visit  the  following  resources:   •  https://drupal.org/security   •  http://crackingdrupal.com/   •  http://drupalscout.com/   •  http://www.madirish.net/   resources  
Company Confidential Breaking Live Drupal Applications Dynamic  Analysis  
Company Confidential •  Appropriate  access  for  testing:   •  Administrative  account   •  ‘Basic  user’  account   •  Content  manager/creator  account   •  Other  applicable  accounts   necessary  access  
Company Confidential •  Already  have  server  access?   •  Drush  available?   •  Create  a  one-­‐time  link  to  log  in  as  an  admin…   •  $  cd  [drupal  directory]   $  drush  uli   necessary  access  
Company Confidential necessary  access  
Company Confidential Authentication  
Company Confidential forgot  password  abuse  
Company Confidential forgot  password  abuse  
Company Confidential •  Iterate  through  accounts   •  View  comments,  posts,  etc.   •  Social  features,  forums,  etc.   •  User  Profiles.   •  Not  seen  as  a  vuln  by  many.   user  enumeration  
Company Confidential user  enumeration  
Company Confidential user  enumeration  
Company Confidential •  https://drupal.org/node/1004778   user  enumeration  
Company Confidential dictionary  attacks  –  drupal  6  
Company Confidential dictionary  attacks  –  drupal  7  
Company Confidential dictionary  attacks  –  drupal  7  
Company Confidential dictionary  attacks  –  drupal  7  
Company Confidential #  site="attacking.drupal.org"       #  id=$(curl  -­‐s  http://$site/user/  |  grep   "form_build_id"  |  cut  -­‐d  """  -­‐f  6)       #  /usr/bin/hydra  -­‐L  usernames.txt  -­‐P  pwds.txt  $site   http-­‐form-­‐post  /? q=user/:name=^USER^&pass=^PASS^&form_id=user_login&form _build_id="$id":Sorry"     dictionary  attacks  with  Hydra  
Company Confidential dictionary  attacks  with  Hydra  –  Drupal  6  
Company Confidential dictionary  attacks  with  Hydra  –  Drupal  7  
Company Confidential [demo]       User  Enumeration  and  Dictionary  Attack  Scripts     https://github.com/gfoss/attacking-­‐drupal/    
Company Confidential • Replace  the  default  forgot  password  and  failed  logon  attempt   messages   • Do  not  display  authors  of  articles,  if  possible  use  pseudonym   • Limit  permissions  of  anonymous  /  basic  users  to  view  user   profiles:  https://drupal.org/node/849602     • Log  and  alert  on  attempts  to  scrape  user  account  information   • Not  just  server  logs!   • Watchdog  or  Drupal  syslog  should  be  captured  and  stored   remotely   user  enumeration  (partial)  mitigations  
Company Confidential user  enumeration  –  watchdog  logs  
Company Confidential dictionary  attack  –  watchdog  logs  
Company Confidential dictionary  attack  -­‐  web  server  logs  
Company Confidential dictionary  attack  mitigations  -­‐  CAPTCHA  
Company Confidential •  configure  CAPTCHA  securely   CAPTCHA  –  security  precautions  
Company Confidential •  modules/user/user.module  –  line  2183     Drupal  7  –  built-­‐in  brute-­‐force  protection  
Company Confidential •  https://drupal.org/project/password_policy   •  https://drupal.org/project/zxcvbn     enforce  strong  passwords  
Company Confidential •  Limit  number  of  invalid  login  attempts  and  block  attacker  IP   addresses   •  https://drupal.org/project/login_security   •  LDAP  Integration   •  Single  Sign  On  (SSO)   •  Multifactor  Authentication:  https://drupal.org/project/tfa     other  brute  force  protections  
Company Confidential session  handling   • Drupal  6   • Drupal  7  
Company Confidential Enable  SSL!             secure  transport  
Company Confidential •  User  permissions  properly  implemented?   •  administration  =>  people  =>  permissions   •  trust  but  verify…   •  Create  new  roles  as  necessary   •  Drupal  6  –  defaults  to  2  roles  (anonymous  &  authenticated)   •  Drupal  7  –  defaults  to  3  roles  (anonymous,  authenticated,  &  admin)   •  Test  the  app  using  all  user  roles,  verify  their  permissions  and  search   for  security  weakness   authorization  
Company Confidential content  creation  &  comments  
Company Confidential comments  –  persistent  XSS  
Company Confidential comments  –  XSS  cookie  theft  
Company Confidential comments  –  MSF  JavaScript  keylogger  
Company Confidential •  http://beefproject.com/     comments  –  BeEF  XSS  
Company Confidential [demo]         Cross-­‐Site  Scripting  (XSS)  -­‐-­‐  Client  Side  Attacks    
Company Confidential persistent  XSS  –  everywhere!  
Company Confidential reflected  XSS  –  even  more  common!  
Company Confidential user  content  -­‐  file  uploads  
Company Confidential lock  down  permitted  file  types  
Company Confidential •  Uploading  and  executing  PHP  code  has  been  ‘fixed’  in  recent  versions   of  Drupal  as  of  November  2013   •  https://drupal.org/SA-­‐CORE-­‐2013-­‐003     •  Code  execution  prevention  (Files  directory  .htaccess  for  Apache  -­‐   Drupal  6  and  7)   file  upload  –  PHP  code  execution  
Company Confidential •  Modules  that  assist  with  the  active  development  of  a  Drupal   application.   •  Excellent  for  Development   •  Remove  prior  to  Test/Staging   •  Never  leave  installed  on  Production  applications   •  Picking  on…   •  Masquerade  (https://drupal.org/project/masquerade)   •  Devel  (https://drupal.org/project/devel)   development  modules  
Company Confidential •  Allows  the  user  to  change  accounts  to  any  other  user.   •  Could  be  used  to  implicate  other’s  in  suspicious  activities,  elevate   privileges,  etc.   masquerade  
Company Confidential •  Module  used  for  development   •  Should  never  be  installed  on  production,  ever…   •  Allows  users  to  view  debugging  information,  including  full  database   details  of  application  content.   •  Also  allows  for  PHP  code  execution!   devel  
Company Confidential devel  –  account  info  disclosure  
Company Confidential devel  –  scraping  account  info  
Company Confidential devel  –  account  disclosure  –  log  traces    
Company Confidential [demo]       Devel  –  Account  Harvester     https://github.com/gfoss/attacking-­‐drupal      
Company Confidential •  Defines  the  hashing  algorithms  for  Drupal  7   •  Hashes  the  password  using  SHA512  and  a  randomly  generated  Salt.   •  Password  passed  through  hash  function  numerous  times  to   increase  the  time  it  will  take  to  crack.   ./includes/password.inc  
Company Confidential •  Drupal  7   #  john  list.txt  –wordlist=“  ”  –salt=“  ”  – format=“drupal7”   •  Drupal  6   #  john  list.txt  –wordlist=“  ”   cracking  Drupal  hashes  
Company Confidential cracking  Drupal  7  hashes  
Company Confidential cracking  Drupal  7  hashes  
Company Confidential devel  –  PHP  code  execution  
Company Confidential devel  –  PHP  code  execution  
Company Confidential [demo]         Devel  –  PHP  Code  Execution    
Company Confidential •  Easier  said  than  done…   •  Alert  on  unauthorized  file  access  /  writes  /  etc.   •  ‘Strange’  server  behavior…   •  Utilizing  WAF  /  Web  Proxy  /  Net  Flow  Data  /  etc.  -­‐    alert  on  reverse-­‐ shell  attempts  and  similar  activities  the  server  should  not  be  doing…   catch  code  execution  
Company Confidential •  We’ve  discussed  many  very  common  Drupal  development  pitfalls   today…   •  How  do  we  fix  these  issues  now  and  avoid  them  in  the  future?   •  Simple…   what  to  do?!  
Company Confidential Checklist               https://github.com/gfoss/attacking-­‐drupal   what  to  do?!  
Company Confidential 1.  Integrate  your  security  team  early  on  in  the  development  process   to  assure  that  your  needs  can  be  met  in  an  acceptable  timeframe.   •  Applications  should  periodically  be  reviewed  by  a  third-­‐party,  to   assure  security.   •  Develop  an  ongoing  security  testing  plan,  to  regularly  review  the   security  of  the  applications.   •  Re-­‐review  the  application  whenever  major  changes  have  been  made.   Drupal  security  checklist  
Company Confidential 2.  Harden  the  application  and  server  architecture.   •  Protect  risky  Drupal  files  from  the  internet:   •  Install.php,  cron.php,  &  xmlrpc.php   •  Example  Hardening  Guides  –  Bare  Minimum:     •  Harden  PHP:   https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet   •  Harden  the  Server  (Linux):   http://www.sans.org/score/checklists/linuxchecklist.pdf   •  Harden  the  Server  (Windows):   http://technet.microsoft.com/en-­‐us/security/jj720323.aspx     Drupal  security  checklist  
Company Confidential 3.  Disallow  weak  passwords  for  privileged  users  and  enforce  a  strong   password  policy.   •  Utilize  the  Password  Policy  Drupal  module  to  enforce  a  password   policy  that  meets  your  company  security  guidelines.   •  https://drupal.org/project/password_policy   •   https://drupal.org/project/zxcvbn   Drupal  security  checklist  
Company Confidential 4.  Implement  Server,  Application,  and  Drupal  logging.     •  Assure  that  logs  are  being  stored  on  a  separate  and  trusted  server   and  actively  review/parse  these  logs  for  security  events.   •  Do  not  rely  on  the  integrity  of  local  logs  within  the  database  or  on  the   server  itself…   Drupal  security  checklist  
Company Confidential •  Two  options…   •  Watchdog  –  Drupal’s  built  in  logging,  captures  data  within  the   ‘Watchdog’  database  table.   •  Syslog  –  Export  Drupal’s  logs  to  the  Linux  syslog.  Creates  a  flat  file   that  is  easy  to  monitor.   Drupal  security  checklist  
Company Confidential •  Watchdog  logs  should  be  captured  and  stored  outside  of  the   database  to  ensure  log  integrity.   •  Centralized  log  management   •  SIEM  –  Security  Information  Event  Management   •  Drupal  has  a  built-­‐in  feature  to  clear  these  logs,  effectively  erasing  a   large  portion  of  the  evidence  within  the  application  itself.   remote  log  management  -­‐  Watchdog  
Company Confidential •  Extract  the  logs  from  the  database  (MySQL  /  PostgresSQL)  with   Universal  Database  Layer  Access  (UDLA):   remote  log  management  -­‐  Watchdog  
Company Confidential •  Send  watchdog  logs  to  Syslog   •  Core  Module  –  Drupal  6  &  7   remote  log  management  -­‐  Syslog  
Company Confidential •  Parse  the  logs  using  Regular  Expressions:       ^.*?type=.*?(?<session>.*?)smessage=(? <tag1>.*?)variables=(.*?"|.*?)(?<loginw+).*? location=.*?(<url>).*?referer=(.*?<referer>).*? hostname=.*?(<sip>)s   remote  log  management  –  parsing  rules  
Company Confidential •  Configure  Monitoring  and  Alerts   remote  log  management  -­‐  alerts  
Company Confidential 5.  Make  sure  that  Development  modules  are  not  installed  on   production  applications.   •  Remember  Devel  and  Masquerade?   Drupal  security  checklist  
Company Confidential 6.  Review  and  apply  all  available  Drupal  security  updates  as  soon  as   possible.   Drupal  security  checklist  
Company Confidential •  Set  up  alerts  within  Drupal   security  updates  
Company Confidential •  http://lists.drupal.org/mailman/listinfo/security-­‐news   •  https://drupal.org/security/rss.xml   •  https://drupal.org/security/contrib/rss.xml   •  https://drupal.org/security/psa/rss.xml   security  update  notifications  
Company Confidential 7.  Disallow  untrusted  user  roles  from  creating  content  using  HTML   (filtered  /  unfiltered)  to  avoid  JavaScript  inclusion.  Also  explicitly   disallow  PHP  code  execution.   •  While  limited  HTML  is  recommended  by  the  Drupal  community,  a   skilled  attacker  may  still  bypass  these  restrictions  and  attack  a  site   or  its  users  via  user-­‐generated  content.   •  Be  careful  with  what  HTML  entities  are  explicitly  allowed…   Drupal  security  checklist  
Company Confidential 8.  Check  file  permissions;  verify  there  are  no  unintentional  world-­‐ writeable  files.   Drupal  security  checklist  
Company Confidential 9.  Implement  CAPTCHA  or  a  similar  mechanism  in  front  of  user-­‐ registration  and  login  forms.   •  Assure  that  this  is  not  configured  to  allow  authentication/ registration  attempts  following  an  initial  successful  CAPTCHA   completion.   •  This  will  also  help  mitigate  the  creation  of  accounts  by  a  botnet  and   deter  subsequent  comment  spam.   Drupal  security  checklist  
Company Confidential   10.   Install  and  run  the  Security  Review  module     •  https://drupal.org/project/security_review   •  Verify  and  resolve  any  uncovered  issues.   •  Install  Paranoia  if  you  are  especially  security  conscious…   •  https://drupal.org/project/paranoia     Drupal  security  checklist  
Company Confidential 11.   Regularly  check  the  site’s  status  report  page  and  resolve  any  open   issues.   Drupal  security  checklist  
Company Confidential 12.   Assure  that  the  HTTPOnly  flag  is  set  to  protect  user  sessions  from   attacks  such  as  XSS.   •  Whenever  possible,  implement  the  Secure  Flag  as  well,  so  session   tokens  are  not  inadvertently  passed  in  plain  text  over  HTTP.   Drupal  security  checklist  
Company Confidential 13.   Implement  additional  layers  of  application  protection   •  PHP  IDS   •  https://phpids.org/   •  Drupal  Module:  https://drupal.org/project/phpids   •  Mod  Security   •  http://www.modsecurity.org/   •  Commercial  Web  Application  Firewall’s  (WAF)  and  Intrusion   Detection/Prevention  (IDS  /  IPS)  appliances   Drupal  security  checklist  
Company Confidential 14.   Assure  there  are  no  resident  phpinfo  files  /  phpmyadmin   installations  /  etc.  accessible  to  users…   Drupal  security  checklist  
Company Confidential •  Do  your  research  to  better  understand  your  organizational   architecture,  servers,  applications,  log  data,  etc.   •  Pen  Test  your  applications,  don’t  just  scan…   •  Update  early  and  often!   •  Leverage  assistance  from  external  entities  as  necessary   •  Listen  to  Greg.    ;-­‐)   closing  thoughts…  
Company Confidential •  https://github.com/gfoss/attacking-­‐drupal/   download  all  the  things…  
Company Confidential Thank  You!   questions?      

Recommandé

0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for IdentityNikhil Mittal
 
OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)Michael Furman
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouDouglas Bienstock
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]RootedCON
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10Linh Hoang
 
SpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedSpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedWill Schroeder
 

Recommandé

0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for IdentityNikhil Mittal
 
OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)Michael Furman
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouDouglas Bienstock
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]RootedCON
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10Linh Hoang
 
SpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedSpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedWill Schroeder
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISNull Bhubaneswar
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...DirkjanMollema
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesMikhail Egorov
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionMichael Hendrickx
 
RACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceRACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceNikhil Mittal
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basicsn|u - The Open Security Community
 
Red Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATARed Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATANikhil Mittal
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat Security Conference
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsMikhail Egorov
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 

Contenu connexe

Tendances

Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...DirkjanMollema
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesMikhail Egorov
 
RACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceRACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceNikhil Mittal
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Red Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATARed Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATANikhil Mittal
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat Security Conference
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsMikhail Egorov
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 

Tendances (20)

OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting Revisited
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
 
RACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceRACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory Dominance
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basics
 
Red Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATARed Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATA
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 

Similaire à Attacking Drupal

CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015kriptonium
 
Doing Drupal security right
Doing Drupal security rightDoing Drupal security right
Doing Drupal security rightGábor Hojtsy
 
Drupal security
Drupal securityDrupal security
Drupal securityTechday7
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
Drupal security
Drupal securityDrupal security
Drupal securityJozef Toth
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Drupal, lessons learnt from real world security incidents
Drupal, lessons learnt from real world security incidentsDrupal, lessons learnt from real world security incidents
Drupal, lessons learnt from real world security incidentssydneydrupal
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMark Swarbrick
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
All ivanti is a secure workspace - Bsides Delft 2018
All ivanti is a secure workspace - Bsides Delft 2018All ivanti is a secure workspace - Bsides Delft 2018
All ivanti is a secure workspace - Bsides Delft 2018Johanna Curiel
 
Drupal Security from Drupalcamp Bratislava
Drupal Security from Drupalcamp BratislavaDrupal Security from Drupalcamp Bratislava
Drupal Security from Drupalcamp BratislavaGábor Hojtsy
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!Adelle Frank
 
Doing Drupal security right from Drupalcon London
Doing Drupal security right from Drupalcon LondonDoing Drupal security right from Drupalcon London
Doing Drupal security right from Drupalcon LondonGábor Hojtsy
 

Similaire à Attacking Drupal (20)

CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015
 
Doing Drupal security right
Doing Drupal security rightDoing Drupal security right
Doing Drupal security right
 
Drupal security
Drupal securityDrupal security
Drupal security
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
Drupal security
Drupal securityDrupal security
Drupal security
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Drupal, lessons learnt from real world security incidents
Drupal, lessons learnt from real world security incidentsDrupal, lessons learnt from real world security incidents
Drupal, lessons learnt from real world security incidents
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicated
 
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaTietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 Security
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security Basics
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
All ivanti is a secure workspace - Bsides Delft 2018
All ivanti is a secure workspace - Bsides Delft 2018All ivanti is a secure workspace - Bsides Delft 2018
All ivanti is a secure workspace - Bsides Delft 2018
 
Drupal Security from Drupalcamp Bratislava
Drupal Security from Drupalcamp BratislavaDrupal Security from Drupalcamp Bratislava
Drupal Security from Drupalcamp Bratislava
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!
 
Doing Drupal security right from Drupalcon London
Doing Drupal security right from Drupalcon LondonDoing Drupal security right from Drupalcon London
Doing Drupal security right from Drupalcon London
 

Plus de Greg Foss

Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Future of Destructive Malware
Future of Destructive MalwareFuture of Destructive Malware
Future of Destructive MalwareGreg Foss
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerGreg Foss
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Greg Foss
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseGreg Foss
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 

Plus de Greg Foss (14)

Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime Ops
 
Future of Destructive Malware
Future of Destructive MalwareFuture of Destructive Malware
Future of Destructive Malware
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto Farmer
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint Data
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture Training
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven Defense
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
 

Dernier

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 

Dernier (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 

Attacking Drupal