Exploiting nginx chunked overflow bug, the undisclosed attack vector
|
|
- Edgar Day
- 8 years ago
- Views:
Transcription
1 Exploiting nginx chunked overflow bug, the undisclosed attack vector Long Le
2 About VNSECURITY.NET CLGT CTF team 2 VNSECURITY.NET
3 In this talk Nginx brief introduction Nginx chunked overflow bug The analysis The exploit The undisclosed attack vector x86-64 ROP tricks Demo 3 VNSECURITY.NET
4 Nginx [engine x] HTTP and reverse proxy server Fast, light-weight Popular 4 VNSECURITY.NET
5 Nginx architecture Non-blocking IO Event driven Single threaded Single master, multiple workers Resources efficient Highly modular ref: 5 VNSECURITY.NET
6 Nginx architecture big picture ref: 6 VNSECURITY.NET
7 The vulnerability 7 VNSECURITY.NET
8 The analysis (1) HTTP header: Transfer-Encoding: chunked 8 VNSECURITY.NET
9 The analysis (2) 9 VNSECURITY.NET
10 The analysis (3) 10 VNSECURITY.NET
11 The analysis (4) stack based overflow 11 VNSECURITY.NET
12 The exploit Stack cookie bruteforcing May require hundred/thousand of connections Noisy error logs nginx < binaries from nginx.org has no stack cookie ASLR return to binary Default is non PIE NX ROP 12 VNSECURITY.NET
13 The humble mitigation 13 VNSECURITY.NET
14 Quick summary Default nginx settings (static contents) Stack based overflow Straight to exploit Stack cookie slows down attack 14 VNSECURITY.NET
15 Practical Nginx deployment Nginx + FastCGI backend E.g: Wordpress Nginx + Apache/Lighttpd Reverse proxy 15 VNSECURITY.NET
16 The undisclosed attack vector Same vulnerability Different configuration More targets Heap based overflow! No worry about stack cookie Not straight to exploit 16 VNSECURITY.NET
17 The analysis (1) 17 VNSECURITY.NET
18 The analysis (2) 18 VNSECURITY.NET
19 The analysis (3) 19 VNSECURITY.NET
20 The analysis (4) 20 VNSECURITY.NET
21 The analysis (5) heap based overflow 21 VNSECURITY.NET
22 POC trigger 22 VNSECURITY.NET
23 Crash dump 23 VNSECURITY.NET
24 The exploit Send enough data Crafted payload to pass some checks ROP stuff Run n Pray! It s unreliable 24 VNSECURITY.NET
25 The unreliable issue Interfered by events Connections coming Connections have data Connections closing Heap metadata corruption Nginx internal pool libc Difficult to debug Event driven 25 VNSECURITY.NET
26 Crash madness VNSECURITY.NET
27 Nginx internals (1) ref: 27 VNSECURITY.NET
28 Nginx internals (2) 28 VNSECURITY.NET
29 Nginx internals (3) 29 VNSECURITY.NET
30 The solution Heap spraying Open many connections Force each connection to allocate large chunk Reserve contiguous memory Overflow the handler and trigger read_event_handler() Send more data to trigger read event 30 VNSECURITY.NET
31 The refined POC 31 VNSECURITY.NET
32 Heap spraying (1) 32 VNSECURITY.NET
33 Heap spraying (2) header N buffer N header N+1 buffer N+1 header N+2 33 VNSECURITY.NET
34 Overflow the handler (1) header N buffer N header N+1 buffer N+1 header N+2 34 VNSECURITY.NET
35 Overflow the handler (2) 35 VNSECURITY.NET
36 The refined exploit Open N connections (e.g N=32) All connections send the chunk trigger For connections from N/2 to N send same ROP payload Jump to controlled, contiguous memory before overflowing 36 VNSECURITY.NET
37 x86-64 ROP tricks (1) Use 32-bits gadgets Heap address is 32-bits xchg rsp, rax xchg esp, eax 37 VNSECURITY.NET
38 x86-64 ROP tricks (2) RET blocks RIP call [rax+0x30] RAX heap payload RAX RIP ret ret ret ret ret pop_ret xchg_ret real payload address growth 38 VNSECURITY.NET
39 x86-64 ROP tricks (3) Use less argument functions for ret2plt, ret2libc mprotect() vs mmap64() mmap64() rdi => address rsi => size rdx => proto rcx => flags r8 => fd r9 => offset mprotect() rdi => address rsi => size rdx => proto libc offset: mprotect mmap = 0x60 39 VNSECURITY.NET
40 Shellcode tricks Continue to serve normal HTTP requests fork() then parent exit() Advanced socket reuse stage-1: fd hunting loop read from fd check for tag jump to stage-2 with found fd stage-2: normal socket reuse shell 40 VNSECURITY.NET
41 Demo 41 VNSECURITY.NET
42 Conclusion We found another (now known) attack vector of the ngxin chunked overflow bug Not only stack based overflow Impact to almost practical deployments We built a reliable heap based overflow exploit No worry about stack cookie bruteforcing Fast to gain shell Exploit on x86 should be the same but easier 42 VNSECURITY.NET
43 Questions? 43 VNSECURITY.NET
Bypassing Memory Protections: The Future of Exploitation
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript
More informationBypassing Browser Memory Protections in Windows Vista
Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov markdowd@au1.ibm.com alex@sotirov.net Setting back browser security by 10 years Part I: Introduction Thesis Introduction
More informationI Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application
More informationtelnetd exploit FreeBSD Telnetd Remote Exploit Für Compass Security AG Öffentliche Version 1.0 Januar 2012
telnetd exploit FreeBSD Telnetd Remote Exploit Für Compass Security AG Öffentliche Version 1.0 Januar 2012 Content Part I Info Bug Telnet Exploit Part II Advanced Exploitation Meta Information Disclosed
More informationASL IT SECURITY XTREME XPLOIT DEVELOPMENT
ASL IT SECURITY XTREME XPLOIT DEVELOPMENT V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: The most dangerous threat is the one which do not have a CVE. Until now developing reliable exploits
More informationUsing a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcement. MJ0011 th_decoder@126.com
Using a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcement MJ0011 th_decoder@126.com Agenda Background A Patched Vulnerability: CVE-2010-4398 Bypass DSE on Windows7 x64 Windows8
More informationTuning WebSphere Application Server ND 7.0. Royal Cyber Inc.
Tuning WebSphere Application Server ND 7.0 Royal Cyber Inc. JVM related problems Application server stops responding Server crash Hung process Out of memory condition Performance degradation Check if the
More informationPractical taint analysis for protecting buggy binaries
Practical taint analysis for protecting buggy binaries So your exploit beats ASLR/DEP? I don't care Erik Bosman Traditional Stack Smashing buf[16] GET / HTTP/1.100baseretnarg1arg2 Traditional
More informationGoogle Apps Engine. G-Jacking AppEngine-based applications. Presented 30/05/2014. For HITB 2014 By Nicolas Collignon and Samir Megueddem
Google Apps Engine G-Jacking AppEngine-based applications Presented 30/05/2014 For HITB 2014 By Nicolas Collignon and Samir Megueddem Introduction to GAE G-Jacking The code The infrastructure The sandbox
More informationGoogle Apps Engine. G-Jacking AppEngine-based applications. Presented 20/11/2014. For NoSuchCon 2014 By Nicolas Collignon
Google Apps Engine G-Jacking AppEngine-based applications Presented 20/11/2014 For NoSuchCon 2014 By Nicolas Collignon Introduction to GAE G-Jacking The code The infrastructure The sandbox Conclusion Introduction
More informationModern Binary Exploitation Course Syllabus
Modern Binary Exploitation Course Syllabus Course Information Course Title: Modern Binary Exploitation Course Number: CSCI 4968 Credit Hours: 4 Semester / Year: Spring 2015 Meeting Days: Tuesday/Friday
More informationERNW Newsletter 51 / September 2015
ERNW Newsletter 51 / September 2015 Playing With Fire: Attacking the FireEye MPS Date: 9/10/2015 Classification: Author(s): Public Felix Wilhelm TABLE OF CONTENT 1 MALWARE PROTECTION SYSTEM... 4 2 GAINING
More informationCustom Penetration Testing
Custom Penetration Testing Compromising a Vulnerability through Discovery and Custom Exploitation Stephen Sims Advanced Penetration Testing - 2009 SANS 1 Objectives Penetration Testing Precompiled Tools
More information64-Bit NASM Notes. Invoking 64-Bit NASM
64-Bit NASM Notes The transition from 32- to 64-bit architectures is no joke, as anyone who has wrestled with 32/64 bit incompatibilities will attest We note here some key differences between 32- and 64-bit
More informationHacking your perimeter. Social-Engineering. Not everyone needs to use zero. David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K
Hacking your perimeter. Social-Engineering Not everyone needs to use zero days David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K About the speaker Wrote the Social-Engineer Toolkit (SET),
More informationBug hunting. Vulnerability finding methods in Windows 32 environments compared. FX of Phenoelit
Bug hunting Vulnerability finding methods in Windows 32 environments compared FX of Phenoelit The goal: 0day What we are looking for: Handles network side input Runs on a remote system Is complex enough
More informationLecture 26: Obfuscation
Lecture 26: Obfuscation 15411: Compiler Design Robbie Harwood and Maxime Serrano 21 November 2013 1 Introduction We have previously (lecture 20) considered the problem of doing compilation backwards (i.e.,
More informationFormat string exploitation on windows Using Immunity Debugger / Python. By Abysssec Inc WwW.Abysssec.Com
Format string exploitation on windows Using Immunity Debugger / Python By Abysssec Inc WwW.Abysssec.Com For real beneficiary this post you should have few assembly knowledge and you should know about classic
More informationCompromise-as-a-Service
ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda
More informationSECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith
SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING Presented by: Dave Kennedy Eric Smith AGENDA Penetration Testing by the masses Review of current state by most service providers Deficiencies in
More informationHacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail All materials is licensed under a Creative Commons Share Alike license http://creativecommonsorg/licenses/by-sa/30/ # whoami Ali
More informationEMET 4.0 PKI MITIGATION. Neil Sikka DefCon 21
EMET 4.0 PKI MITIGATION Neil Sikka DefCon 21 ABOUT ME Security Engineer on MSRC (Microsoft Security Response Center) I look at 0Days EMET Developer I enjoy doing security research on my free time too:
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationXNU:asecurityevaluation
XNU:asecurityevaluation XNU: a security evaluation D Keuper (s1019775) University of Twente and Certified Secure December 13, 2012 Abstract The XNU kernel is the kernel that powers Apple s OS X and ios
More informationUnix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>
Unix Security Technologies Pete Markowsky What is this about? The goal of this CPU/SWS are: Introduce you to classic vulnerabilities Get you to understand security advisories Make
More informationApplication Denial of Service Is it Really That Easy?
Application Denial of Service Is it Really That Easy? Shay Chen Agenda Introduction to Denial of Service Attacks Application Level DoS Techniques Case Study Denial of Service Testing Mitigation Summary
More informationSecurity & Exploitation
Security & Exploitation Operating Systems Spring 2015 RPISEC - 05/11/2015 OS Security 1 whoami Markus Gaasedelen B.S. Computer Science 15 Security Enthusiast I like to hack things President of RPISEC http://rpis.ec
More informationAttacking Hypervisors via Firmware and Hardware
Attacking Hypervisors via Firmware and Hardware Mikhail Gorobets, Oleksandr Bazhaniuk, Alex Matrosov, Andrew Furtak, Yuriy Bulygin Advanced Threat Research Agenda Hypervisor based isolation Firmware rootkit
More informationMonitoring Nginx Server
Monitoring Nginx Server eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may be reproduced
More informationDynamic Behavior Analysis Using Binary Instrumentation
Dynamic Behavior Analysis Using Binary Instrumentation Jonathan Salwan jsalwan@quarkslab.com St'Hack Bordeaux France March 27 2015 Keywords: program analysis, DBI, DBA, Pin, concrete execution, symbolic
More information風 水. Heap Feng Shui in JavaScript. Alexander Sotirov. asotirov@determina.com
風 水 Heap Feng Shui in JavaScript Alexander Sotirov asotirov@determina.com Black Hat Europe 2007 Introduction What is Heap Feng Shui? the ancient art of arranging heap blocks in order to redirect the program
More information============================================================= =============================================================
Stephan Lantos Subject: FW: @RISK: The Consensus Security Vulnerability Alert: Vol. 13, Num. 23 In partnership with SANS and Sourcefire, Qualys is pleased to provide you with the @RISK Newsletter. This
More informationLinux exploit development part 2 (rev 2) - Real app demo (part 2)
Linux exploit development part 2 (rev 2) - Real app demo (part 2) This will be a short tutorial demonstrating a "buffer overflow" exploit on a real application which is freely available using the techniques
More informationSandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
More informationCVE-2012-1535 Adobe Flash Player Integer Overflow Vulnerability Analysis
Your texte here. CVE-2012-1535 Adobe Flash Player Integer Overflow Vulnerability Analysis October 11 th, 2012 Brian MARIANI & Frédéric BOURLA A FEW WORDS ABOUT FLASH PLAYER Your Adobe texte Flash here
More informationCSC 2405: Computer Systems II
CSC 2405: Computer Systems II Spring 2013 (TR 8:30-9:45 in G86) Mirela Damian http://www.csc.villanova.edu/~mdamian/csc2405/ Introductions Mirela Damian Room 167A in the Mendel Science Building mirela.damian@villanova.edu
More informationIntroduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code
Introduction Application Security Tom Chothia Computer Security, Lecture 16 Compiled code is really just data which can be edit and inspected. By examining low level code protections can be removed and
More informationTool-based Approaches to Software Security. Prof. Dr. Eric Bodden Andreas Follner
Tool-based Approaches to Software Security Prof. Dr. Eric Bodden Andreas Follner Outline General Information Timeline Term Paper / Review / Talk Grading Next Steps Topics General Information Purpose of
More informationPHP web serving study Performance report
PHP web serving study Performance report by Stefan "SaltwaterC" Rusu Date: May - June 2010 Contact: http://saltwaterc.net/contact or admin [at] saltwaterc [dot] net Hardware Configurations Web Server:
More informationReview and Exploit Neglected Attack Surface in ios 8. Tielei Wang, Hao Xu, Xiaobo Chen of TEAM PANGU
Review and Exploit Neglected Attack Surface in ios 8 Tielei Wang, Hao Xu, Xiaobo Chen of TEAM PANGU BlackHat 2015 Agenda ios Security Background Review of Attack Surfaces Fuzz More IOKit and MIG System
More informationIntro to Load-Balancing Tomcat with httpd and mod_jk
Intro to Load-Balancing Tomcat with httpd and mod_jk Christopher Schultz Chief Technology Officer Total Child Health, Inc. * Slides available on the Linux Foundation / ApacheCon2015 web site and at http://people.apache.org/~schultz/apachecon
More informationMSc Computer Science Dissertation
University of Oxford Computing Laboratory MSc Computer Science Dissertation Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities Author: Sean Heelan Supervisor: Dr. Daniel
More informationTFE listener architecture. Matt Klein, Staff Software Engineer Twitter Front End
TFE listener architecture Matt Klein, Staff Software Engineer Twitter Front End Agenda TFE architecture overview TSA architecture overview TSA hot restart Future plans Q&A TFE architecture overview Listener:
More informationLecture 7: Machine-Level Programming I: Basics Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com
CSCI-UA.0201-003 Computer Systems Organization Lecture 7: Machine-Level Programming I: Basics Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com Some slides adapted (and slightly modified)
More informationClassification of Security Issues
Classification of Security Issues By Mark J Cox Abstract Red Hat has implemented a scheme from Red Hat Enterprise Linux 4 to publicly classify the impact of security issues found in our products and services..customers
More informationFrom SQL Injection to MIPS Overflows
From SQL Injection to MIPS Overflows Rooting SOHO Routers Zachary Cutlip Black Hat USA 2012 Acknowledgements Tactical Network Solutions Craig Heffner What I m going to talk about Novel uses of SQL injection
More informationhttp://www.nologin.org Bypassing Windows Hardware-enforced Data Execution Prevention
http://www.nologin.org Bypassing Windows Hardware-enforced Data Execution Prevention Oct 2, 2005 skape mmiller@hick.org Skywing Skywing@valhallalegends.com One of the big changes that Microsoft introduced
More informationRecon 2011 - Montreal
How to develop a rootkit for Broadcom NetExtreme network cards Guillaume Delugré Sogeti / ESEC R&D guillaume(at)security-labs.org Recon 2011 - Montreal . Delugré How to develop a rootkit for Broadcom NetExtreme
More informationPainless Web Proxying with Apache mod_proxy
Painless Web Proxying with Apache mod_proxy Justin R. Erenkrantz University of California, Irvine and Google, Inc. http://www.erenkrantz.com/oscon/ justin@erenkrantz.com Why should I pay attention? Apache
More informationA Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge
A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge Antonio Bianchi antoniob@cs.ucsb.edu University of California, Santa Barbara HITCON Enterprise August 27th, 2015 Agenda Shellphish The
More informationTesting for Security
Testing for Security Kenneth Ingham September 29, 2009 1 Course overview The threat that security breaches present to your products and ultimately your customer base can be significant. This course is
More informationLearn Ethical Hacking, Become a Pentester
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
More informationAttacking Hypervisors via Firmware and Hardware
Attacking Hypervisors via Firmware and Hardware Alex Matrosov (@matrosov), Mikhail Gorobets, Oleksandr Bazhaniuk (@ABazhaniuk), Andrew Furtak, Yuriy Bulygin (@c7zero) Advanced Threat Research Agenda Hypervisor
More informationWHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
More informationHOW I MET YOUR MODEM EXPLOIT & TROJAN DEV FOR CONSUMER DSL DEVICES HACK IN THE BOX 2013 AMSTERDAM - PETER GEISSLER & STEVEN KETELAAR
HOW I MET YOUR MODEM EXPLOIT & TROJAN DEV FOR CONSUMER DSL DEVICES HACK IN THE BOX 2013 AMSTERDAM - PETER GEISSLER & STEVEN KETELAAR WHO ARE WE? STEVEN Software developer Security fanatic Produces dance
More informationSoftware Vulnerabilities
Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in
More informationServing Media with NGINX Plus
Serving Media with NGINX Plus Published June 11, 2015 NGINX, Inc. Table of Contents 3 About NGINX Plus 3 Using this Guide 4 Prerequisites and System Requirements 5 Serving Media with NGINX Plus 9 NGINX
More informationExtending Tizen Native Framework with Node.js
Extending Tizen Native Framework with Node.js Nishant Deshpande Hyunju Shin Ph.D. Samsung Electronics Contents Native or Web? Why JavaScript, Node.js? Proposed Architecture Sample Applications Going Forward
More informationReturn-oriented programming without returns
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Return-oriented programming without urns S. Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, M. Winandy
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationCommon Server Setups For Your Web Application - Part II
Common Server Setups For Your Web Application - Part II Introduction When deciding which server architecture to use for your environment, there are many factors to consider, such as performance, scalability,
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationPHP on IBM i: What s New with Zend Server 5 for IBM i
PHP on IBM i: What s New with Zend Server 5 for IBM i Mike Pavlak Solutions Consultant mike.p@zend.com (815) 722 3454 Function Junction Audience Used PHP in Zend Core/Platform New to Zend PHP Looking to
More informationIERG 4080 Building Scalable Internet-based Services
Department of Information Engineering, CUHK Term 1, 2015/16 IERG 4080 Building Scalable Internet-based Services Lecture 4 Load Balancing Lecturer: Albert C. M. Au Yeung 30 th September, 2015 Web Server
More informationWebLogic Server Admin
Course Duration: 1 Month Working days excluding weekends Overview of Architectures Installation and Configuration Creation and working using Domain Weblogic Server Directory Structure Managing and Monitoring
More informationAttacking Obfuscated Code with IDA Pro. Chris Eagle
Attacking Obfuscated Code with IDA Pro Chris Eagle Outline Introduction Operation Demos Summary 2 First Order Of Business MOVE UP AND IN! There is plenty of room up front I can't increase the font size
More informationWhere s the FEEB? The Effectiveness of Instruction Set Randomization
Where s the FEEB? The Effectiveness of Instruction Set Randomization Ana Nora Sovarel David Evans Nathanael Paul University of Virginia, Department of Computer Science http://www.cs.virginia.edu/feeb Abstract
More informationAttacking Host Intrusion Prevention Systems. Eugene Tsyrklevich eugene@securityarchitects.com
Attacking Host Intrusion Prevention Systems Eugene Tsyrklevich eugene@securityarchitects.com Agenda Introduction to HIPS Buffer Overflow Protection Operating System Protection Conclusions Demonstration
More informationVarnish the Drupal way
Varnish the Drupal way About me Boyan Borisov Team Leader @ Propeople boyanb@propeople.dk @boyan_borisov Skype: boian.borisov hap://linkedin.com/in/ boyanborisov What is Varnish? Reverse proxy cache server...
More informationCS 161 Computer Security
Paxson Spring 2013 CS 161 Computer Security Homework 1 Due: Friday, February 15, at 10PM Instructions. You must submit this homework electronically. To submit, put a single solution file hw1.pdf in a directory
More informationUnix Security Technologies: Host Security Tools. Peter Markowsky <peterm[at]ccs.neu.edu>
Unix Security Technologies: Host Security Tools Peter Markowsky Syllabus An Answer to last week s assignment Four tools SSP W^X PaX Systrace Last time You were assigned to get a
More informationLecture 10: Dynamic Memory Allocation 1: Into the jaws of malloc()
CS61: Systems Programming and Machine Organization Harvard University, Fall 2009 Lecture 10: Dynamic Memory Allocation 1: Into the jaws of malloc() Prof. Matt Welsh October 6, 2009 Topics for today Dynamic
More informationAn introduction to the Return Oriented Programming. Why and How
An introduction to the Return Oriented Programming Why and How Course lecture at the Bordeaux university for the CSI Master Jonathan Salwan Keywords: ROP Intel / ARM, Tools, ROP chain generation, gadgets'
More informationIntroducing the Microsoft IIS deployment guide
Deployment Guide Deploying Microsoft Internet Information Services with the BIG-IP System Introducing the Microsoft IIS deployment guide F5 s BIG-IP system can increase the existing benefits of deploying
More informationLeak Check Version 2.1 for Linux TM
Leak Check Version 2.1 for Linux TM User s Guide Including Leak Analyzer For x86 Servers Document Number DLC20-L-021-1 Copyright 2003-2009 Dynamic Memory Solutions LLC www.dynamic-memory.com Notices Information
More informationSecurity Products Development. Leon Juranic leon@defensecode.com
Security Products Development Leon Juranic leon@defensecode.com Security Products Development Q: Why I picked this boring topic at all? A: Avoidance of any hackingrelated topics for fsec (khm.) :) Security
More informationF-Secure Internet Security 2014 Data Transfer Declaration
F-Secure Internet Security 2014 Data Transfer Declaration The product s impact on privacy and bandwidth usage F-Secure Corporation April 15 th 2014 Table of Contents Version history... 3 Abstract... 3
More informationZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
More informationMAGENTO HOSTING Progressive Server Performance Improvements
MAGENTO HOSTING Progressive Server Performance Improvements Simple Helix, LLC 4092 Memorial Parkway Ste 202 Huntsville, AL 35802 sales@simplehelix.com 1.866.963.0424 www.simplehelix.com 2 Table of Contents
More informationThe best reverse proxy around. Kristian Lyngstøl PRODUCTS CONSULTING APPLICATION MANAGEMENT IT OPERATIONS SUPPORT TRAINING
The best reverse proxy around Kristian Lyngstøl Who we are Redpill Linpro is a Scandinavian free software company offering development services, operations, support, training and more. Varnish Software
More informationJava Troubleshooting and Performance
Java Troubleshooting and Performance Margus Pala Java Fundamentals 08.12.2014 Agenda Debugger Thread dumps Memory dumps Crash dumps Tools/profilers Rules of (performance) optimization 1. Don't optimize
More informationFirefox, Opera, Safari for Windows BMP file handling information leak. September 2008. Discovered by: Mateusz j00ru Jurczyk, Hispasec Labs
Firefox, Opera, Safari for Windows BMP file handling information leak September 2008 Discovered by: Mateusz j00ru Jurczyk, Hispasec Labs 1. Introduction The bitmap format implementations in Mozilla Firefox
More informationPwning Intranets with HTML5
Javier Marcos de Prado Juan Galiana Lara Pwning Intranets with HTML5 2009 IBM Corporation Agenda How our attack works? How we discover what is in your network? What does your infrastructure tell us for
More informationEncrypting MySQL data at Google. Jonas Oreland and Jeremy Cole
Encrypting MySQL data at Google Jonas Oreland and Jeremy Cole bit.ly/google_innodb_encryption Jonas Oreland!! Software Engineer at Google Has worked on/with MySQL since 2003 Has a current crush on Taylor
More informationSafety measures in Linux
S a f e t y m e a s u r e s i n L i n u x Safety measures in Linux Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Standard Unix security measures: permissions, capabilities, ACLs, chroot Linux kernel
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationOne Server Per City: C Using TCP for Very Large SIP Servers. Kumiko Ono Henning Schulzrinne {kumiko, hgs}@cs.columbia.edu
One Server Per City: C Using TCP for Very Large SIP Servers Kumiko Ono Henning Schulzrinne {kumiko, hgs}@cs.columbia.edu Goal Answer the following question: How does using TCP affect the scalability and
More informationeggon SDK for ios 7 Integration Instructions
eggon SDK for ios 7 Integration Instructions The eggon SDK requires a few simple steps in order to be used within your ios 7 application. Environment This guide assumes that a standard ios Development
More informationSoK: Eternal War in Memory
SoK: Eternal War in Memory László Szekeres, Mathias Payer, Tao Wei, Dawn Song Stony Brook University University of California, Berkeley Peking University Abstract Memory corruption bugs in software written
More informationEugene Tsyrklevich. Ozone HIPS: Unbreakable Windows
Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military
More informationA perspective to incident response or another set of recommendations for malware authors
A perspective to incident response or another set of recommendations for malware authors Alexandre Dulaunoy - TLP:WHITE alexandre.dulaunoy@circl.lu June 7, 2013 CIRCL, national CERT of Luxembourg CIRCL
More informationApache Tomcat. Load-balancing and Clustering. Mark Thomas, 20 November 2014. 2014 Pivotal Software, Inc. All rights reserved.
2 Apache Tomcat Load-balancing and Clustering Mark Thomas, 20 November 2014 Introduction Apache Tomcat committer since December 2003 markt@apache.org Tomcat 8 release manager Member of the Servlet, WebSocket
More informationIntroduction to Information Security
Introduction to Information Security 0368-3065, Spring 2015 Lecture 1: Introduction, Control Hijacking (1/2) Eran Tromer Slides credit: Avishai Wool, Tel Aviv University 1 Administration Lecturer: Eran
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationIPMI: Understanding Your Server s Remote Backdoor
IPMI: Understanding Your Server s Remote Backdoor Anthony J. Bonkoski abonkosk@umich.edu SUMIT 2013 What is IPMI? Need to manage a massive cluster of servers? Operating system installs Monitoring Power
More informationJava Program Vulnerabilities
Java Program Vulnerabilities Sheetal Thakare, Dr.B.B.Meshram Abstract The Java programming language provides a lot of security features, build directly into the language and also supplied by security relevant
More informationClient vs. Server Implementations of Mitigating XSS Security Threats on Web Applications
Journal of Basic and Applied Engineering Research pp. 50-54 Krishi Sanskriti Publications http://www.krishisanskriti.org/jbaer.html Client vs. Server Implementations of Mitigating XSS Security Threats
More informationHow To Protect Your Computer From Being Hacked By A Hacker (For A Fee)
Illuminating the Security Issues with Lights-Out Server Management Anthony J. Bonkoski J. Alex Halderman University of Michigan What is IPMI? Need to manage a massive cluster of servers? OS installs, monitoring,
More informationHow To Use Powerhell For Security Research
PowerShell David Kennedy (ReL1K) Josh Kelley (Winfang) http://www.secmaniac.com Twitter: dave_rel1k winfang98 About Josh Security Analyst with a Fortune 1000 --- Works with Dave Heavy experience in penetration
More information