Roman Korkikyan - Timing analysis workshop Part 2 Practice

•

0 j'aime•558 vues

DefconRussia

Technologie

Roman Korkikyan - Timing analysis workshop Part 2 Practice

Contenu connexe

Plus de DefconRussia

Георгий Зайцев - Reversing golang

DefconRussia

Мы поговорим об общей проблеме валидации входных данных и качестве их обработки. Интерпретация входящих данных оказывает прямое влияние на решения, принимаемые в физической инфраструктуре: если какая-либо часть данных обрабатывается недостаточно аккуратно, это может повлиять на эффективность и безопасность процесса. В этой беседе мы обсудим атаки на процесс обработки данных и природу концепции «never trust your inputs» в контексте информационно-физических систем (в общем смысле, то есть любых подобных систем). Для иллюстрации проблемы мы используем уязвимости аналого-цифровых преобразователей (АЦП), которые можно заставить выдавать поддельный цифровой сигнал с помощью изменения частоты и фазы входящего аналогового сигнала: ошибка масштабирования такого сигнала может вызывать целочисленное переполнение и дает возможность эксплуатировать уязвимости в логике PLC/встроенного ПО. Также мы покажем реальные примеры использования подобных уязвимостей и последствия этих нападений.

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

DefconRussia

Cisco network equipment has always been an attractive attack target due to its prevalence and the key role that it plays in network structure and security. This equipment is based on a wide variety of OS (firmware) architectures, types, and versions, so it is much harder to develop a universal shellcode. Publicly available Cisco IOS shellcodes are tailored to specific equipment, have narrow functionality, and are not exactly useful for penetration testing. This talk is the presentation of a research initiated by our research center to create a shellcode which is as easily portable between different IOS firmwares as possible and which provides a lot of pentesting features because it can dynamically change the shellcode destination at the stage of post-exploitation. We will also consider the possibility of creating a worm which could spread across the infrastructure, from firewall to router, from router to switch, etc.

Cisco IOS shellcode: All-in-one

DefconRussia

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

DefconRussia

HTTP HOST header attacks

DefconRussia

Attacks on tacacs - Алексей Тюрин

DefconRussia

Weakpass - defcon russia 23

DefconRussia

nosymbols - defcon russia 20

DefconRussia

static - defcon russia 20

DefconRussia

Zn task - defcon russia 20

DefconRussia

Vm ware fuzzing - defcon russia 20

DefconRussia

Nedospasov defcon russia 23

DefconRussia

Advanced cfg bypass on adobe flash player 18 defcon russia 23

DefconRussia

Miasm defcon russia 23

DefconRussia

Расскажу где и как iCloud Keychain хранит пароли, и какие потенциальные риски это несёт. Apple утверждает, что пароли надежно защищены, и даже её сотрудники не могут получить к ним доступ. Чтобы это подтвердить или опровергнуть, необходимо разобраться с внутренним устройством iCloud Keychain, чем мы и займемся.

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

DefconRussia

Все шире и шире получают распространение bugbounty программы - программы вознаграждения за уязвимости различных вендоров. И порой при поиске уязвимостей находятся места, которые явно небезопасны (например - self XSS), но доказать от них угрозу сложно. Но чем крупнее (хотя, скорее адекватнее) вендор, тем они охотнее обсуждают и просят показать угрозу от сообщенной уязвимости, и при успехе – вознаграждают 8). Мой доклад – подборка таких сложных ситуаций и рассказ, как же можно доказать угрозу.

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

DefconRussia

Мои последние исселодования показали, что у SharePoint есть определенное количество вэб сервисов, которые могут помочь аудитору собрать крайне полезную информацию с сайта (списки пользователей, групп, ролей и т д). Также данные сервисы, в комбинации с хранимыми XSS, могут быть использованы для вертикального повышения привилегий или предоставить информацию для компрометации доменных записей AD.

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

DefconRussia

Кратко расскажу о концепции изолированных сетей и возможных путях их компрометации. Сделаю обзор аппаратной закладки pwnie express- для чего создавалось, какие возможности использования. Расскажу о том как pwnie express применялась в реальном проекте, какие были трудности и что из этого вышло.

Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...

DefconRussia

Alexey Sintsov- SDLC - try me to implement

DefconRussia

Anton Alexanenkov - Tor and Botnet C&C

DefconRussia

Plus de DefconRussia (20)

Георгий Зайцев - Reversing golang

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

Cisco IOS shellcode: All-in-one

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

HTTP HOST header attacks

Attacks on tacacs - Алексей Тюрин

Weakpass - defcon russia 23

nosymbols - defcon russia 20

static - defcon russia 20

Zn task - defcon russia 20

Vm ware fuzzing - defcon russia 20

Nedospasov defcon russia 23

Advanced cfg bypass on adobe flash player 18 defcon russia 23

Miasm defcon russia 23

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...

Alexey Sintsov- SDLC - try me to implement

Anton Alexanenkov - Tor and Botnet C&C

Dernier

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

ICT role in 21st century education and its challenges

rafiqahmad00786416

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

DBX First Quarter 2024 Investor Presentation

Dropbox

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Dernier (20)

Why Teams call analytics are critical to your entire business

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

MS Copilot expands with MS Graph connectors

Artificial Intelligence Chap.5 : Uncertainty

ICT role in 21st century education and its challenges

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

FWD Group - Insurer Innovation Award 2024

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

[BuildWithAI] Introduction to Gemini.pdf

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

How to Troubleshoot Apps for the Modern Connected Worker

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Six Myths about Ontologies: The Basics of Formal Ontology

DBX First Quarter 2024 Investor Presentation

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

AWS Community Day CPH - Three problems of Terraform

Roman Korkikyan - Timing analysis workshop Part 2 Practice

Recommandé

Recommandé

Contenu connexe

Plus de DefconRussia

Plus de DefconRussia (20)

Dernier

Dernier (20)