What Happens In Windows 7 Stays In Windows 7
|
|
|
- Alexandrina Flynn
- 10 years ago
- Views:
Transcription
1 What Happens In Windows 7 Stays In Windows 7 Moti Joseph & Marion Marschalek Troopers Conference 2014
2 About Us Joseph Moti Security Researcher Marion Marschalek Malware Analyst
3 Agenda Vulnerabilities Automated Vulnerability Search An Approach A Solution as Proof of Concept Demo ;) Whats next? TROOPERS 2014
4 Intro
5 Can I haz it?? Got a bug in your software?
6 Chuck Norris On Security. Vulnerabilities are software mistakes in specification and design, but mostly mistakes in programming. Any large software package will have thousands of mistakes. Once discovered, they can be used to attack systems. This is the point of security patching: eliminating known vulnerabilities. But many systems don't get patched, so the Internet is filled with known, exploitable vulnerabilities. TROOPERS 2014
7
8 How to find vulnerabilities? Application Penetration Testing Fuzzing Reverse Engineering Source Code Review Or.. Being more advanced: Tracking software bugs, introducing bugs into software, reversing security patches TROOPERS 2014
9 Who is interested in finding them? Hackers Software Companies Criminals Governments Media
10 How much does a 0-day vulnerability cost? TROOPERS 2014
11 White Market When or why to sell to white market? TROOPERS 2014
12 BlackMarket Broker? Money? Trust? TROOPERS 2014
13 What happens when you sell to the black market? TROOPERS 2014
14
15 And why automate it? It s faster!! The hacker can break more The software company can fix faster Criminals can make more money Governments can... [SECRET] Media has more to write about TROOPERS 2014
16 The Approach
17 What happens in Windows7 stays in Windows7... Win7 Win8 quartz.dll xor eax, eax inc eax shl eax, cl... shl eax, 2 push eax ; cb call ds: imp CoTaskMemAlloc@4 Patch it! quartz.dll lea ecx, [ebp+cb] push ecx push 4 push eax mov [esi], eax call?ulongmult@@ygjkkpak@z test eax, eax... push [ebp+cb] ; cb call ds: imp CoTaskMemAlloc@4 TROOPERS 2014
18 Counting Function Calls Win7 quartz.lib Win8 quartz.lib
19 Spot The Patch Win7 quartz.lib Win8 quartz.lib TROOPERS 2014
20 Intsafe.h & Strsafe.h Searching for security patches: Type Conversion Safe Math Functions Buffer Boundary Checks on Strings Set of 130 Signatures of Safe Functions TROOPERS 2014
21 Safe Functions UInt8ToInt8 UInt8ToChar ByteToInt8 ByteToChar ShortToInt8 ShortToUChar ShortToChar UShortToUInt8 UShortToShort IntToInt8 IntToUChar IntToChar UInt8Add UShortAdd UIntAdd ULongAdd SizeTAdd ULongLongAdd UInt8Sub UShortSub UIntSub ULongSub SizeTSub ULongLongSub StringCbGets StringCbGetsEx StringCbLength StringCbPrintf StringCbPrintfEx StringCbVPrintf StringCbVPrintfEx StringCchCat StringCchCatEx StringCchCatN StringCchCatNEx StringCchCopy... and many many more... TROOPERS 2014
22 The Approach Windows Library Decompilation or Disassembly Flexible. Extendible. Awesome. Parsing to DB Diffing Library with New Version Checking for Vulnerability TROOPERS 2014
23 The Solution
24 Pretty, eh??
25 Getting the.c Library Conversion using IDA Pro means:.dll ->.idb ->.c TROOPERS 2014
26 Library Parsing DiffRay on Parses a library / directory of libraries Manages libraries, functions and signature hits Diff libraries functionwise Based on library ID or library name pattern TROOPERS 2014
27 The Database MSSql or SQLite TROOPERS 2014
28 Diff it! Compare libraries on a function basis Extract hits per function per signature TROOPERS 2014
29 DiffRay HowTo: Configuration signatures.conf whatever symbols you re searching for sig_mappings.conf mappings for signatures logger.conf logging output and formatting, details to be found at mssql.conf MSSql access credentials TROOPERS 2014
30 DiffRay HowTo: CMD Parsing Maintenance: python [dir]\src\main.py --create-scheme --update-sigs python [dir]\src\main.py --parse [library_path] --os [Win7 Win8] --type [C LST] python [dir]\src\main.py --dirparse [directory_path] --os [Win7 Win8] --type [C LST] python [dir]\src\main.py --flushall Switches: --backend [mssql sqlite] --no-flush TROOPERS 2014
31 DiffRay HowTo: CMD Diffing Info Output & Diffing: python [dir]\src\main.py -search_libs [libname_pattern] python [dir]\src\main.py -lib_all_info [lib_id] python [dir]\src\main.py -diff --lib_1 [win7lib] --lib_2 [win8lib] python [dir]\src\main.py -diff_byname [libname_pattern] TROOPERS 2014
32 WELCO ME to ze FUTURE
33 DEMO TIME
34 Findings
35 Windows 7 (ULongAdd) bcrypt.dll!convertrsaprivateblobtofullrsa
36 Windows 8 bcrypt.dll!convertrsaprivateblobtofullrsa
37 Windows 8 (ULongAdd) netlogon.dll! NlpAddResourceGroupsToSamInfo
38 Windows 7 netlogon.dll! NlpAddResourceGroupsToSamInfo
39 Windows 8 /ULongLongToUint twext.dll! EscapeField
40 Windows 7 Integer overflow twext.dll! EscapeField
41 Drrrivers...
42 Windows 8 cng.dll! ConvertRsaPrivateBlogToFullRsa
43 Windows 7 cng.dll! ConvertRsaPrivateBlogToFullRsa
44 Windows 8 ksecdd.dll! SspiCopyAuthIdentity
45 Windows 7 ksecdd.dll! SspiCopyAuthIdentity
46 Windows 8 srvnet.dll! SrvNetAllocatePoolWithTagPriority
47 Windows 7 srvnet.dll! SrvNetAllocatePoolWithTagPriority
48 Triggerable? Or not triggerable?
49 Windows 7 cryptdlg!decodeattrsequence
50 Windows 8 cryptdlg!decodeattrsequence
51 What s CryptDll.dll?? TROOPERS 2014
52 StringCchLength TROOPERS 2014
53 CryptDecodeObject API TROOPERS 2014
54 Certificate DialogBox TROOPERS 2014
55 What s Next
56 Whats Next Possible Extensions Win8, we re coming!! Extended signatures Symbolic Execution FTW Improvements Transparent DB library Known issues Duplicate hits, false positives, slooow, output is not handy TROOPERS 2014
57 Happy Diffing.
Introduction. Figure 1 Schema of DarunGrim2
Reversing Microsoft patches to reveal vulnerable code Harsimran Walia Computer Security Enthusiast 2011 Abstract The paper would try to reveal the vulnerable code for a particular disclosed vulnerability,
Format string exploitation on windows Using Immunity Debugger / Python. By Abysssec Inc WwW.Abysssec.Com
Format string exploitation on windows Using Immunity Debugger / Python By Abysssec Inc WwW.Abysssec.Com For real beneficiary this post you should have few assembly knowledge and you should know about classic
Bug hunting. Vulnerability finding methods in Windows 32 environments compared. FX of Phenoelit
Bug hunting Vulnerability finding methods in Windows 32 environments compared FX of Phenoelit The goal: 0day What we are looking for: Handles network side input Runs on a remote system Is complex enough
Abysssec Research. 1) Advisory information. 2) Vulnerable version
Abysssec Research 1) Advisory information Title Version Discovery Vendor Impact Contact Twitter CVE : Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability : QuickTime player 7.6.5
esrever gnireenigne tfosorcim seiranib
esrever gnireenigne tfosorcim seiranib Alexander Sotirov [email protected] CanSecWest / core06 Reverse Engineering Microsoft Binaries Alexander Sotirov [email protected] CanSecWest / core06 Overview
Skeletons in Microsoft s Closet - Silently Fixed Vulnerabilities. Andre Protas Steve Manzuik
Skeletons in Microsoft s Closet - Silently Fixed Vulnerabilities Andre Protas Steve Manzuik Presentation Outline - Introductions / Outline - That s this slide so we are done with that. - Non-Disclosure
Reverse Engineering and Computer Security
Reverse Engineering and Computer Security Alexander Sotirov [email protected] Introduction Security researcher at Determina, working on our LiveShield product Responsible for vulnerability analysis and
Software Fingerprinting for Automated Malicious Code Analysis
Software Fingerprinting for Automated Malicious Code Analysis Philippe Charland Mission Critical Cyber Security Section October 25, 2012 Terms of Release: This document is approved for release to Defence
Microsoft Patch Analysis
Microsoft Patch Analysis Patch Tuesday - Exploit Wednesday Yaniv Miron aka Lament 1 / About Me Yaniv Miron aka Lament Security Researcher and Consultant Found security vulnerabilities in IBM, Oracle, Microsoft
(General purpose) Program security. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.
(General purpose) Program security These ideas apply also to OS and DB. Read Chapter 3. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.
A Simpler Way of Finding 0day
A Simpler Way of Finding 0day Robert Graham David Maynor Errata Security Abstract: Instead of reverse engineering vulnerabilities to find 0day, hackers can now reverse security products. More and more
Introduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code
Introduction Application Security Tom Chothia Computer Security, Lecture 16 Compiled code is really just data which can be edit and inspected. By examining low level code protections can be removed and
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
ASL IT SECURITY XTREME XPLOIT DEVELOPMENT
ASL IT SECURITY XTREME XPLOIT DEVELOPMENT V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: The most dangerous threat is the one which do not have a CVE. Until now developing reliable exploits
Attacking the Traveling Salesman Point-of-sale attacks on airline travelers DEFCON 2014
Attacking the Traveling Salesman Point-of-sale attacks on airline travelers DEFCON 2014 Alex Zacharis Nikos Tsagkarakis [email protected] Census S.A. http://census-labs.com/ Contents Why target travelers?
Hotpatching and the Rise of Third-Party Patches
Hotpatching and the Rise of Third-Party Patches Alexander Sotirov [email protected] BlackHat USA 2006 Overview In the next one hour, we will cover: Third-party security patches _ recent developments
Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus
Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques
PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP
PKF Avant Edge Penetration Testing Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP What is Penetration Testing (PenTest)? A way to identify vulnerabilities that exists in a system/network that has existing
PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES
PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES Ira Winkler Codenomicon Session ID: MBS-W05 Session Classification: Intermediate Zero Day Attacks Zero day attacks are rising in prominence They tend to be
AppUse - Android Pentest Platform Unified
AppUse - Android Pentest Platform Unified Standalone Environment AppUse is designed to be a weaponized environment for Android application penetration testing. It is a unique, free, and rich platform aimed
Custom Penetration Testing
Custom Penetration Testing Compromising a Vulnerability through Discovery and Custom Exploitation Stephen Sims Advanced Penetration Testing - 2009 SANS 1 Objectives Penetration Testing Precompiled Tools
Peach Fuzzer Platform
Fuzzing is a software testing technique that introduces invalid, malformed, or random data to parts of a computer system, such as files, network packets, environment variables, or memory. How the tested
NWEN405: Security Engineering
NWEN405: Security Engineering Lecture 15 Secure Software Engineering: Security Evaluation Engineering & Computer Science Victoria University of Wellington Dr Ian Welch ([email protected]) Waterfall Secure
Off-by-One exploitation tutorial
Off-by-One exploitation tutorial By Saif El-Sherei www.elsherei.com Introduction: I decided to get a bit more into Linux exploitation, so I thought it would be nice if I document this as a good friend
Introduction to Reverse Engineering
Introduction to Reverse Engineering Inbar Raz Malware Research Lab Manager December 2011 What is Reverse Engineering? Reverse engineering is the process of discovering the technological principles of a
The Hacker Strategy. Dave Aitel [email protected]. Security Research
1 The Hacker Strategy Dave Aitel [email protected] Security Research Who am I? CTO, Immunity Inc. History: NSA->@stake -> Immunity Responsible for new product development Vulnerability Sharing Club
Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) [email protected] Open Web Application Security Project http://www.owasp.org
Turning your managed Anti-Virus
Turning your managed Anti-Virus into my Botnet Jérôme NOKIN http://funoverip.net About me # id Jérôme Nokin http://funoverip.net [email protected] # job Penetration Tester Verizon Enterprise Solutions
A Test Suite for Basic CWE Effectiveness. Paul E. Black. [email protected]. http://samate.nist.gov/
A Test Suite for Basic CWE Effectiveness Paul E. Black [email protected] http://samate.nist.gov/ Static Analysis Tool Exposition (SATE V) News l We choose test cases by end of May l Tool output uploaded
Windows XP SP3 Registry Handling Buffer Overflow
Windows XP SP3 Registry Handling Buffer Overflow by Matthew j00ru Jurczyk and Gynvael Coldwind Hispasec 1. Basic Information Name Windows XP SP3 Registry Handling Buffer Overflow Class Design Error Impact
Testing for Security
Testing for Security Kenneth Ingham September 29, 2009 1 Course overview The threat that security breaches present to your products and ultimately your customer base can be significant. This course is
Top 10 most interesting SAP vulnerabilities and attacks Alexander Polyakov
Invest in security to secure investments Top 10 most interesting SAP vulnerabilities and attacks Alexander Polyakov CTO at ERPScan May 9, 2012 Me Business application security expert What is SAP? Shut
Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD
Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD whoami? Senior Director of a Red Team PSIRT Case Manager Data Analyst Internet Crime Investigator Security Evangelist
Source Code Review Using Static Analysis Tools
Source Code Review Using Static Analysis Tools July-August 05 Author: Stavros Moiras Supervisor(s): Stefan Lüders Aimilios Tsouvelekakis CERN openlab Summer Student Report 05 Abstract Many teams at CERN,
ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications
Reverse Engineering ios Applications Drew Branch, Independent Security Evaluators, Associate Security Analyst ABSTRACT' Mobile applications are a part of nearly everyone s life, and most use multiple mobile
Mobile Security Framework
Automated Mobile Application Security Testing with Mobile Security Framework Ajin Abraham About Me! Security Consultant @ Yodlee! Security Engineering @ IMMUNIO! Next Gen Runtime Application Self Protection
Web Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
CVE-2012-1535 Adobe Flash Player Integer Overflow Vulnerability Analysis
Your texte here. CVE-2012-1535 Adobe Flash Player Integer Overflow Vulnerability Analysis October 11 th, 2012 Brian MARIANI & Frédéric BOURLA A FEW WORDS ABOUT FLASH PLAYER Your Adobe texte Flash here
Automating Security Testing. Mark Fallon Senior Release Manager Oracle
Automating Security Testing Mark Fallon Senior Release Manager Oracle Some Ground Rules There are no silver bullets You can not test security into a product Testing however, can help discover a large percentage
Course Title: Penetration Testing: Network & Perimeter Testing
Course Title: Penetration Testing: Network & Perimeter Testing Page 1 of 7 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics
For a 64-bit system. I - Presentation Of The Shellcode
#How To Create Your Own Shellcode On Arch Linux? #Author : N3td3v!l #Contact-mail : [email protected] #Website : Nopotm.ir #Spcial tnx to : C0nn3ct0r And All Honest Hackerz and Security Managers I - Presentation
0days: How hacking really works. V 1.0 Jan 29, 2005 Dave Aitel [email protected]
0days: How hacking really works V 1.0 Jan 29, 2005 Dave Aitel [email protected] Who am I? NSA->@stake->Immunity CEO of Immunity, Inc. Consulting (product assessments) Immunity CANVAS Immunity Partner's
SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules
Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification
APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING
APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING Katie Moussouris Senior Security Strategist Microsoft Security Response Center http://twitter.com/k8em0 (that s a zero) Session ID: ASEC-T18
Leveraging SANS and NIST to Evaluate New Security Tools
Leveraging SANS and NIST to Evaluate New Security Tools Agenda About TaaSera A Problem to Solve Overview of NIST Cybersecurity Framework Overview of SANS CSC-20 Call to Action Conclusion Q&A Company Founded
Security within a development lifecycle. Enhancing product security through development process improvement
Security within a development lifecycle Enhancing product security through development process improvement Who I am Working within a QA environment, with a focus on security for 10 years Primarily web
Secure in 2010? Broken in 2011! Matias Madou, PhD Principal Security Researcher
Secure in 2010? Broken in 2011! Matias Madou, PhD Principal Security Researcher Matias Madou Principal Security Researcher, Fortify an HP Company Static Analysis Rules Insider Threat Research Runtime products:
Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure
Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences
Penetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014
Security Testing Vulnerability Assessment vs Penetration Testing Gabriel Mihai Tanase, Director KPMG Romania 29 October 2014 Agenda What is? Vulnerability Assessment Penetration Testing Acting as Conclusion
ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
Using Web Security Scanners to Detect Vulnerabilities in Web Services
DSN 2009 Using Web Security Scanners to Detect Vulnerabilities in Web Services Marco Vieira,, Henrique Madeira {mvieira, nmsa, henrique}@dei.uc.pt CISUC Department of Informatics Engineering University
Reversing Android Malware
Reversing Android Malware The Honeynet Project 10 th Annual Workshop ESIEA PARIS.FR 2011-03-21 MAHMUD AB RAHMAN (MyCERT, CyberSecurity Malaysia) Copyright 2011 CyberSecurity Malaysia MYSELF Mahmud Ab Rahman
5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
Securing OS Legacy Systems Alexander Rau
Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems
Practical Mac OS X Insecurity. Security Concepts, Problems and Exploits on your Mac
Practical Mac OS X Insecurity Security Concepts, Problems and Exploits on your Mac Who am I? Student of physics, mathematics and astronomy in Bonn Mac user since 1995 I love Macs Mac evangelist Intentions
Persist It Using and Abusing Microsoft s Fix It Patches
Persist It Using and Abusing Microsoft s Fix It Patches Jon Erickson : isight Partners : [email protected] Abstract: Microsoft has often used Fix it patches, which are a subset of Application
The Security Development Lifecycle. Steven B. Lipner, CISSP [email protected] Senior Director Security Engineering Strategy Microsoft Corp.
The Security Development Lifecycle Steven B. Lipner, CISSP [email protected] Senior Director Security Engineering Strategy Microsoft Corp. 2 Overview Introduction A look back Trustworthy Computing
INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA
INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
Vulnerability Assessment for Middleware
Vulnerability Assessment for Middleware Elisa Heymann, Eduardo Cesar Universitat Autònoma de Barcelona, Spain Jim Kupsch, Barton Miller University of Wisconsin-Madison Barcelona, September 21st 2009 Key
Android Security Evaluation Framework
INTRODUCING... A S E F Android Security Evaluation Framework - Parth Patel $ whoami_ Agenda Manual Research Automation - A S E F Let s solve problems Conclusion Android OS Open Source Security Evaluation
Bruh! Do you even diff? Diffing Microsoft Patches to Find Vulnerabilities
SESSION ID: HT-T10 Bruh! Do you even diff? Diffing Microsoft Patches to Find Vulnerabilities Stephen Sims Security Researcher SANS Institute @Steph3nSims Part I Binary Diffing Binary Diffing Security patches
WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
Will Dormann: Sure. Fuzz testing is a way of testing an application in a way that you want to actually break the program.
The Power of Fuzz Testing to Reduce Security Vulnerabilities Transcript Part 1: Why Fuzz Testing? Julia Allen: Welcome to CERT's podcast series: Security for Business Leaders. The CERT program is part
Top Ten Web Attacks. Saumil Shah Net-Square. BlackHat Asia 2002, Singapore
Top Ten Web Attacks Saumil Shah Net-Square BlackHat Asia 2002, Singapore TodayÕs battleground Ð the Web Web sites and web applications rapidly growing. Complex business applications are now delivered over
Business Objects. Release Notes. Version: 2.0.0 Publication: 07/2014. Automic Software GmbH
Business Objects Release Notes Version: 2.0.0 Publication: 07/2014 Automic Software GmbH ii Copyright Copyright Automic and the Automic logo are trademarks owned by Automic Software GmbH (Automic). All
ArcGIS for Server: Administrative Scripting and Automation
ArcGIS for Server: Administrative Scripting and Automation Shreyas Shinde Ranjit Iyer Esri UC 2014 Technical Workshop Agenda Introduction to server administration Command line tools ArcGIS Server Manager
A CISO s Guide to Ethical Hacking
Version 2009-02 See http://resources.mavensecurity.com for the most recent version A CISO s Guide to Ethical Hacking Maven Security Consulting Inc. +1-877-MAVEN-HQ (+1-877-628-3647) www.mavensecurity.com
CS 1133, LAB 2: FUNCTIONS AND TESTING http://www.cs.cornell.edu/courses/cs1133/2015fa/labs/lab02.pdf
CS 1133, LAB 2: FUNCTIONS AND TESTING http://www.cs.cornell.edu/courses/cs1133/2015fa/labs/lab02.pdf First Name: Last Name: NetID: The purpose of this lab is to help you to better understand functions:
DISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES
DISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES By Michael Crouse Dr. Errin W. Fulp, Ph.D., Advisor Abstract The increasingly high volume of users on the web and their use of web
REpsych. : psycholigical warfare in reverse engineering. def con 2015 // domas
REpsych : psycholigical warfare in reverse engineering { def con 2015 // domas Warning This serves no purpose Taking something apart to figure out how it works With software Interfacing Documentation Obsolescence
Application Intrusion Detection
Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction
NEW AND IMPROVED: HACKING ORACLE FROM WEB. Sumit sid Siddharth 7Safe Limited UK
NEW AND IMPROVED: HACKING ORACLE FROM WEB Sumit sid Siddharth 7Safe Limited UK About 7Safe Part of PA Consulting Group Security Services Penetration testing PCI-DSS Forensics Training E-discovery About
Passing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
Security Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
From Rivals to BFF: WAF & VA Unite OWASP 07.23.2009. The OWASP Foundation http://www.owasp.org
From Rivals to BFF: WAF & VA Unite 07.23.2009 Brian Contos, Chief Security Strategist Imperva Inc. [email protected] +1 (650) 832.6054 Copyright The Foundation Permission is granted to copy, distribute
ios Testing Tools David Lindner Director of Mobile and IoT Security
ios Testing Tools David Lindner Director of Mobile and IoT Security Who is this guy? David Lindner @golfhackerdave [email protected] 15+ years consulting experience I hack and golf, sometimes at
Active Response: Automated Risk Reduction or Manual Action?
SESSION ID: CRWD-01 Active Response: Automated Risk Reduction or Manual Action? sec ops dream Monzy Merza Chief Security Evangelist Splunk @monzymerza Agenda Active Response Drivers Facets of Active Response
Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow
Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned
Cyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
Chapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
Chapter 1 Web Application (In)security 1
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is
Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited
Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall
Trend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox
Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...
Information and Communication Technology. Patch Management Policy
BELA-BELA LOCAL MUNICIPALITY - - Chris Hani Drive, Bela- Bela, Limpopo. Private Bag x 1609 - BELA-BELA 0480 - Tel: 014 736 8000 Fax: 014 736 3288 - Website: www.belabela.gov.za - - OFFICE OF THE MUNICIPAL
Web security. Live hacking demo. Rick van Tol Arthur Donkers Paul van Maaren Eilko Bos. http://www.reseau.nl/
Web security Live hacking demo Rick van Tol Arthur Donkers Paul van Maaren Eilko Bos 1 http://www.reseau.nl/ Overview Introduction Disclaimer (cover our...) Hackers (what are we up against?) Shift of emphasis
Fuzzing in Microsoft and FuzzGuru framework
Fuzzing in Microsoft and FuzzGuru framework OWASP-IL May-2007 John Neystadt [email protected] Lead Program Manager Forefront Edge, Microsoft Agenda Overview Introduction to Fuzzing FuzzGuru Architecture
EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
WLSI Windows Local Shellcode Injection. Cesar Cerrudo Argeniss (www.argeniss.com)
WLSI Windows Local Shellcode Injection Cesar Cerrudo Argeniss (www.argeniss.com) Overview _ Introduction _ Establishing a LPC connection _ Creating a shared section _ The technique _ Building an exploit
Harnessing Intelligence from Malware Repositories
Harnessing Intelligence from Malware Repositories Arun Lakhotia and Vivek Notani Software Research Lab University of Louisiana at Lafayette [email protected], [email protected] 7/22/2015 (C) 2015
Enterprise Historian 3BUF 001 152 D1 Version 3.2/1 Hot Fix 1 for Patch 4 Release Notes
Industrial IT Inform IT Enterprise Historian Enterprise Historian 3BUF 001 152 D1 Version 3.2/1 Hot Fix 1 for Patch 4 Release Notes Introduction This document provides release information for hot fix 1