SlideShare a Scribd company logo
1 of 84
Download to read offline
Armorizing
Applications
Iftach Ian Amit
Director of Services
Friday, October 11, 13
Hi!
Friday, October 11, 13
I’m not an application guy :-|
Friday, October 11, 13
I’m a security guy
Who actually used to do some application stuff
Friday, October 11, 13
whoami?
$ id
uid=501(iamit) gid=20(ioactive) groups=12(hack),
33(research),61(dev),79(red_team),80(sexy_defense),
81(exil),98(idf),100(dc9723),204(/dev/null)
Friday, October 11, 13
Attack?
Defense!
Friday, October 11, 13
So, I’ve been dealing with defense a lot
Friday, October 11, 13
As in - helping defenders get a head start
Friday, October 11, 13
Guess what? We are still failing on the basics...
Friday, October 11, 13
Logs...
Friday, October 11, 13
Logs...
Firewall
Friday, October 11, 13
Logs...
Firewall
IDS
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
HTTPD
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
HTTPD
DBMS
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
HTTPD
DBMS DNS
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
HTTPD
DBMS DNS
Application?
Friday, October 11, 13
We still have sucky application logs :-(
Friday, October 11, 13
Friday, October 11, 13
I mean, we came a long way since web-app coding in the
90’s
I know. I’ve lived through it :-(
Friday, October 11, 13
Example:
Friday, October 11, 13
Example:
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Good start.At least
we can haz data.
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Good start.At least
we can haz data.
This is pretty
much useless*
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Good start.At least
we can haz data.
This is pretty
much useless*
* from a security perspective.
no doubt that when this breaks you’ll need it
Friday, October 11, 13
Let’s get back to basics for a sec here
Friday, October 11, 13
time=2013-03-02 23:59:57
action=drop
orig=192.168.1.103 i/
f_dir=inbound i/
f_name=eth1c0
has_accounting=0
product=VPN-1 & FireWall-1
policy_name=INTERNET
src=1.2.3.4 s_port=37586
dst=3.4.5.6 service=80
proto=tcp rule=16
xlatesrc=8.9.10.11
xlatesport=57517
xlatedport=0 NAT_rulenum=4
NAT_addtnl_rulenum=internal
Friday, October 11, 13
Friday, October 11, 13
but wait,
how about them HTTPD?
Friday, October 11, 13
193.205.210.42 - - [09/Oct/2013:00:57:17 -0700] "GET /blog/2013/07/mail-encryption-for-android/ HTTP/1.1" 200 32064 "https://
www.google.it/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/
537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-includes/js/comment-reply.min.js?ver=3.6.1 HTTP/1.1" 200 1068 "http://
www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-content/plugins/podpress/js/podpress.js?ver=3.6.1 HTTP/1.1" 200 40786
"http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=2.5 HTTP/
1.1" 200 11641 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-content/plugins/lightbox-2/lightbox.js?ver=1.8 HTTP/1.1" 200 21623
"http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1" 200 7484
"http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:20 -0700] "GET /blog/wp-content/plugins/podpress/players/1pixelout/1pixelout_audio-player.js
HTTP/1.1" 200 12305 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:20 -0700] "GET /blog/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.6.1 HTTP/1.1" 200
1212 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/
537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:20 -0700] "GET /blog/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=20121205
HTTP/1.1" 200 39040 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:21 -0700] "GET /blog/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.5.2 HTTP/1.1"
200 8610 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/
537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:21 -0700] "GET /blog/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?
ver=3.40.0-2013.08.13 HTTP/1.1" 200 14910 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:23 -0700] "GET /favicon.ico HTTP/1.1" 200 1351 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:23 -0700] "GET /blog/wp-includes/js/jquery/jquery.js?ver=1.10.2 HTTP/1.1" 200 93371 "http://
www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36Friday, October 11, 13
Don’t get me started...
Friday, October 11, 13
And that’s AFTER taking into account “log analyzers”
Friday, October 11, 13
“But you security guys have all these fancy SIEM stuff,
right?”
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Yes, we have fancy dashboards
and graphs
and sometimes synchronized logs from multiple sources
But it’s still a pain in the tuches
Friday, October 11, 13
WHY?
Friday, October 11, 13
Friday, October 11, 13
The application has ALL THE CONTEXT
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Yet you keep it to yourself
Friday, October 11, 13
This made me cry in joy:
Friday, October 11, 13
Friday, October 11, 13
Firewall Web Server
Client X
Client X
ClientY
Client X
ClientY
ClientY
Client X
Client X
Client X
ClientY
ClientY
index
items
index
items+a
items
items+c
checkout
login
confirm
checkout
confirm
Friday, October 11, 13
Firewall Web ServerApplication
Client X
Client X
ClientY
Client X
ClientY
ClientY
Client X
Client X
Client X
ClientY
ClientY
index
items
index
items+a
items
items+c
checkout
login
confirm
checkout
confirm
- John, from X, just
bought A and shipped
it paying with CC
- Client fromY tried to
bypass app logic and avoid
payment/auth
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Rinse,
Lather,
Repeat
Friday, October 11, 13
Everywhere!
DB Access
Session Management
State Management
User Management
...
Friday, October 11, 13
Be a dot connector!
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
>1yr dormant
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
>1yr dormant
laundering
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
>1yr dormant
laundering
Intl. transfers
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
>1yr dormant
laundering
Intl. transfersInternal/
External???
Friday, October 11, 13
Account
Friday, October 11, 13
AccountAccountAccountAccountAccount
Friday, October 11, 13
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Internal
user
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Internal
user
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Internal
user
Friday, October 11, 13
Internal
user
Friday, October 11, 13
Internal
user
PC
Friday, October 11, 13
Internal
user
PC
Friday, October 11, 13
Internal
user
PC Trojan
Friday, October 11, 13
Internal
user
PC Trojan
Friday, October 11, 13
Internal
user
PC Trojan
Friday, October 11, 13
Internal
user
PC Trojan
C&C
Friday, October 11, 13
Internal
user
PC Trojan
C&C
Bad Guys(tm)
Friday, October 11, 13
Log on context
Weird state changes
Repeatable expectable actions
Who, what, why
Help me get the story right!
Friday, October 11, 13
Questions? Comments!
Ian Amit
@iiamit
ian.amit@ioactive.com
Friday, October 11, 13

More Related Content

Viewers also liked

Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2Iftach Ian Amit
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?Iftach Ian Amit
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?Iftach Ian Amit
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and BackIftach Ian Amit
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and BlueIftach Ian Amit
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk MetricsIftach Ian Amit
 
Creación de tablas y relaciones en MySQL y wamp server
Creación de tablas y relaciones en MySQL y  wamp serverCreación de tablas y relaciones en MySQL y  wamp server
Creación de tablas y relaciones en MySQL y wamp serverJair Ospino Ardila
 

Viewers also liked (9)

Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
 
ISTS12 Keynote
ISTS12 KeynoteISTS12 Keynote
ISTS12 Keynote
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and Back
 
Hacking cyber-iamit
Hacking cyber-iamitHacking cyber-iamit
Hacking cyber-iamit
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and Blue
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk Metrics
 
Creación de tablas y relaciones en MySQL y wamp server
Creación de tablas y relaciones en MySQL y  wamp serverCreación de tablas y relaciones en MySQL y  wamp server
Creación de tablas y relaciones en MySQL y wamp server
 

Similar to Armorizing applications

Tulsa techfest2010 security
Tulsa techfest2010   securityTulsa techfest2010   security
Tulsa techfest2010 securityJason Ragsdale
 
Running At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSRunning At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSryan_huber
 
[jqconatx] Adaptive Images for Responsive Web Design
[jqconatx] Adaptive Images for Responsive Web Design[jqconatx] Adaptive Images for Responsive Web Design
[jqconatx] Adaptive Images for Responsive Web DesignChristopher Schmitt
 
Repsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application SecurityRepsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application SecurityAaron Bedra
 
OWASP Top 10 2013
OWASP Top 10 2013OWASP Top 10 2013
OWASP Top 10 2013markstory
 
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War StoriesOSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War StoriesNETWAYS
 
Macruby - RubyConf Presentation 2010
Macruby - RubyConf Presentation 2010Macruby - RubyConf Presentation 2010
Macruby - RubyConf Presentation 2010Matt Aimonetti
 
Vinted life embetterment
Vinted life embettermentVinted life embetterment
Vinted life embettermentAgile Lietuva
 
Provisioning profiles like a Pro
Provisioning profiles like a ProProvisioning profiles like a Pro
Provisioning profiles like a ProJay Graves
 
In Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect ExfiltrationIn Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect ExfiltrationItzik Kotler
 
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...Amazon Web Services
 
Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTCTim Panton
 
Troubleshooting Live Java Web Applications
Troubleshooting Live Java Web ApplicationsTroubleshooting Live Java Web Applications
Troubleshooting Live Java Web Applicationsashleypuls
 
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeLogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeJames Turnbull
 
112 portfpres.pdf
112 portfpres.pdf112 portfpres.pdf
112 portfpres.pdfsash236
 
Petr Dvořák: Mobilní webové služby pohledem iPhone developera
Petr Dvořák: Mobilní webové služby pohledem iPhone developeraPetr Dvořák: Mobilní webové služby pohledem iPhone developera
Petr Dvořák: Mobilní webové služby pohledem iPhone developeraWebExpo
 
AppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App PerformanceAppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App Performancerobgalvinjr
 

Similar to Armorizing applications (20)

Tulsa techfest2010 security
Tulsa techfest2010   securityTulsa techfest2010   security
Tulsa techfest2010 security
 
Running At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSRunning At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoS
 
Ilugc curl
Ilugc curlIlugc curl
Ilugc curl
 
[jqconatx] Adaptive Images for Responsive Web Design
[jqconatx] Adaptive Images for Responsive Web Design[jqconatx] Adaptive Images for Responsive Web Design
[jqconatx] Adaptive Images for Responsive Web Design
 
Repsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application SecurityRepsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application Security
 
OWASP Top 10 2013
OWASP Top 10 2013OWASP Top 10 2013
OWASP Top 10 2013
 
2013 - Mark story - Avoiding the Owasp
2013 - Mark story - Avoiding the Owasp2013 - Mark story - Avoiding the Owasp
2013 - Mark story - Avoiding the Owasp
 
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War StoriesOSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
 
Macruby - RubyConf Presentation 2010
Macruby - RubyConf Presentation 2010Macruby - RubyConf Presentation 2010
Macruby - RubyConf Presentation 2010
 
Vinted life embetterment
Vinted life embettermentVinted life embetterment
Vinted life embetterment
 
Provisioning profiles like a Pro
Provisioning profiles like a ProProvisioning profiles like a Pro
Provisioning profiles like a Pro
 
In Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect ExfiltrationIn Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect Exfiltration
 
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
 
Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTC
 
Troubleshooting Live Java Web Applications
Troubleshooting Live Java Web ApplicationsTroubleshooting Live Java Web Applications
Troubleshooting Live Java Web Applications
 
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeLogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
 
112 portfpres.pdf
112 portfpres.pdf112 portfpres.pdf
112 portfpres.pdf
 
Petr Dvořák: Mobilní webové služby pohledem iPhone developera
Petr Dvořák: Mobilní webové služby pohledem iPhone developeraPetr Dvořák: Mobilní webové služby pohledem iPhone developera
Petr Dvořák: Mobilní webové služby pohledem iPhone developera
 
- Webexpo 2010
- Webexpo 2010- Webexpo 2010
- Webexpo 2010
 
AppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App PerformanceAppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App Performance
 

More from Iftach Ian Amit

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVIftach Ian Amit
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing KeynoteIftach Ian Amit
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itIftach Ian Amit
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python BytecodeIftach Ian Amit
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer GamesIftach Ian Amit
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723Iftach Ian Amit
 
Stuxnet - the worm and you
Stuxnet - the worm and youStuxnet - the worm and you
Stuxnet - the worm and youIftach Ian Amit
 
Pushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingPushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingIftach Ian Amit
 
Mesh network presentation
Mesh network presentationMesh network presentation
Mesh network presentationIftach Ian Amit
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data ExfiltrationIftach Ian Amit
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723Iftach Ian Amit
 
An intoroduction to the IS-IS IGP routing protocol
An intoroduction to the IS-IS IGP routing protocolAn intoroduction to the IS-IS IGP routing protocol
An intoroduction to the IS-IS IGP routing protocolIftach Ian Amit
 

More from Iftach Ian Amit (20)

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLV
 
Devsecops at Cimpress
Devsecops at CimpressDevsecops at Cimpress
Devsecops at Cimpress
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing Keynote
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Sexy defense
Sexy defenseSexy defense
Sexy defense
 
Cyber state
Cyber stateCyber state
Cyber state
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python Bytecode
 
Exploiting Second life
Exploiting Second lifeExploiting Second life
Exploiting Second life
 
Dtmf phreaking
Dtmf phreakingDtmf phreaking
Dtmf phreaking
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer Games
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723
 
Stuxnet - the worm and you
Stuxnet - the worm and youStuxnet - the worm and you
Stuxnet - the worm and you
 
Pushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingPushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticing
 
Mesh network presentation
Mesh network presentationMesh network presentation
Mesh network presentation
 
Html5 hacking
Html5 hackingHtml5 hacking
Html5 hacking
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data Exfiltration
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723
 
An intoroduction to the IS-IS IGP routing protocol
An intoroduction to the IS-IS IGP routing protocolAn intoroduction to the IS-IS IGP routing protocol
An intoroduction to the IS-IS IGP routing protocol
 
Turtles dc9723
Turtles dc9723Turtles dc9723
Turtles dc9723
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Armorizing applications