We will cover pre-infection, post-infection and advanced persistency techniques on aws that allows an attacker to access staging and production environments, as well as read and write data and even reverse its way from the cloud to the the corporate datacenter. This session will cover several methods of infection including a new concept - "account jumping" for taking over both paas (e.g. ElasticBeans) and iaas (EC2, ec2 Containers) resources, discussing poisoned amis, dirty account transfer, as well as leveraging S3 and CloudFront for performing aws specific credentials thefts that can easily lead to full account access. We will then discuss the post-infection phase and how attackers can manipulate aws resources (public endpoints like ec2 ips, elastic ips, load balancers and more) for complete mitm attacks on services. We will demonstrate how attackers code can be well hidden via lambda functions, some cross zone replication configuration and the problem with storage affinity to a specific account. We'll examine hybrid deployments from the cloud and compromising the on premise datacenter by leveraging and modifying connectivity methods (HW/sw vpn, direct connect or cloud hub).
Black hat usa 2016 Briefings
As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (sri content Security policy (csp and http public key pinning (hpkp) carry larger implementation risks than others such as http strict Transport Security (hsts). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose. In this talk, we'll strictly explore the risks posed by sri, csp, and hpkp; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as hpkp. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day). Presented by Bryant Zadegan ryan Lester aws users, whether they are devops in a startup or system administrators tasked with migrating an enterprise service into the cloud, interact on a daily basis with the aws apis, using either the web console or tools such. When working with the latter, authentication is done using long-lived access keys personal that are often stored in plaintext files, shared between developers, and sometimes publicly exposed. This creates a significant security risk as possession of such credentials provides unconditional and permanent access to the aws api, which may yield catastrophic events in case of credentials compromise. This talk will detail how mfa may be consistently required for all users, regardless of the authentication method. Furthermore, this talk will introduce several open-source plan tools, including the release of one new tool, that may be used to allow painless work when mfa-protected api access is enforced in an aws account. Presented by loic Simon The widespread adoption of aws as an enterprise platform for storage, computing and services makes it a lucrative opportunity for the development of aws focused apts.
This talk concentrates on examples of advanced techniques used in attacking iot/embedded hardware devices. Presented by colin o'flynn tls has experienced three major vulnerabilities stemming from "export-grade" cryptography in the last year-freak, logajm, and Drown. Although regulations limiting the strength of cryptography that could be exported from the United States were lifted in 1999, and export ciphers were subsequently deprecated in tls.1, Internet-wide scanning showed that support for various forms of export cryptography remained widespread, and that attacks exploiting. In this talk, i'll examine the technical details and historical background for all three export-related vulnerabilities, and provide recent vulnerability measurement data gathered from over a year Internet-wide scans, finding that 2 of browser-trusted write ipv4 servers remain vulnerable to freak, 1 to logjam, and. I'll examine why these vulnerabilities happened, how the inclusion of weakened cryptography in a protocol impacts security, and how to better design and implement cryptographic protocols in the future. Having been involved in the discovery of all three export vulnerabilities, i'll distill some lessons learned from measuring and analyzing export cryptography into recommendations for technologists and policymakers alike, and provide a historical context for the current "going dark and Apple. Presented by david Adrian Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats.
The talk will first present the basics of presentation this new vulnerability including the underlying technology, and write will then explain in depth the different ways an attacker can exploit it using different vectors and services. We will focus on exploiting rmi, ldap and corba services as these are present in almost every Enterprise application. Ldap offers an alternative attack vector where attackers not able to influence the address of an ldap lookup operation may still be able to modify the ldap directory in order to store objects that will execute arbitrary code upon retrieval by the application lookup operation. This may be exploited through ldap manipulation or simply by modifying ldap entries as some Enterprise directories allow. Presented by, alvaro munoz oleksandr Mirosh, could a worm spread through a smart light network? This talk explores the idea, and in particular dives into the internals of the Philips hue smart light system, and details what security has been deployed to prevent this. Examples of hacking various aspects of the system are presented, including how to bypass encrypted bootloaders to read sensitive information. Details on the firmware in multiple versions of the Philips hue smart lamps and bridges are discussed.
Our findings have been communicated to vendors of the vulnerable applications. Most vendors positively confirmed the issues, and some have applied fixes. We summarize lessons learned from the study, hoping to provoke further thoughts about clear guidelines for oauth usage in mobile applications presented by, yuan tian eric Chen shuo chen yutong pei robert Kotcher patrick tague. Jndi (java naming and Directory Interface) is a java api that allows clients to discover and look up data and objects via a name. These objects can be stored in different naming or directory services such as rmi, corba, ldap, or dns. This talk will present a new type of vulnerability named "jndi reference Injection" found on malware samples attacking java applets (cve ). The same principles can be applied to attack web applications running jndi lookups on names controlled by attackers. As we will demo during the talk, attackers will be able to use different techniques to run arbitrary code on the server performing jndi lookups.
Walmart, car Battery Prices - 24v battery disconnect
If you're like us, you can't get enough of it; it's shell on earth. Presented by, matt Molinyawe jasiel Spelman abdul-aziz hariri joshua smith, oauth has become a highly influential protocol due to its swift and wide adoption in the industry. The initial objective of the protocol was specific: it serves the authorization needs for websites. However, the protocol has been significantly repurposed and re-targeted over the years: (1) all major past identity providers,. G., facebook, google and Microsoft, have re-purposed oauth for user authentication; (2) developers have re-targeted oauth to the mobile platforms, in addition to the traditional web platform.
Therefore, we believe that it is necessary and timely to conduct an in-depth study to demystify oauth for mobile application developers. Our work consists of two pillars: (1) an in-house study of the oauth protocol documentation that aims to identify what might be ambiguous or unspecified for mobile developers; (2) a field-study of over 600 popular mobile applications that highlights how well developers fulfill the authentication. The result is really worrisome: among the 149 applications that use oauth, 89 of them (59.7) were incorrectly implemented and thus vulnerable. In the paper, we pinpoint the key portions in each oauth protocol flow that are security critical, but are confusing or unspecified for mobile application developers. We then show several representative cases to concretely explain how real implementations fell into these pitfalls.
Let's talk about how it really works, so we can discuss how we can do it better. Presented by, dan Kaminsky presented by, jeff Moss. Briefings, the winning submissions to Pwn2Own 2016 provided unprecedented insight into the state of the art in software exploitation. Every successful submission provided remote code execution as the super user (system/root) via the browser or a default browser plugin. In most cases, these privileges were attained by exploiting the microsoft Windows or Apple os x kernel.
Kernel exploitation using the browser as an initial vector was a rare sight in previous contests. This presentation will detail the eight winning browser to super user exploitation chains (21 total vulnerabilities) demonstrated at this year's Pwn2Own contest. We will cover topics such as modern browser exploitation, the complexity of kernel Use-After-Free exploitation, and the simplicity of exploiting logic errors and directory traversals in the kernel. We will analyze all attack vectors, root causes, exploitation techniques, and possible remediations for the vulnerabilities presented. Reducing attack surfaces with application sandboxing is a step in the right direction, but the attack surface remains expansive and sandboxes are clearly still just a speed bump on the road to complete compromise. Kernel exploitation is clearly a problem which has not disappeared and is possibly on the rise.
Mice, computer, mice, mac
It's increasingly likely that there will be attempts to *change* the principles of the net, and the reality is biography that widespread hacking is the exact sort of force that brought us this working-ish system in the first place. We need to talk about the values of cryptography, of open software and networks, of hackers being a force for measurable good. We need to talk about how infrastructure like dns - it was there 25 revelation years ago, we can imagine it will be there 25 years from now - acts as foundation for future development in a way that the api of the hour doesn't. Things do need to be better, and we need to talk about the role of government in that. The things that need to be better are technical in nature, and guide research priorities that are outright not being addressed at present. Essentially, i'd like to provide a model for comprehending the Internet as it stands, that prevents harm to it (how much could we have used EC2 if ssh was illegal) while providing the useful resources to promote its continued operation. We can't keep screwing this up forever. Ntia has noted half (!) of the population warily backing away.
The teen knew what he was doing because he worked for Walmart back in Oklahoma city but was fired for stealing money. After he was fired he put on his uniform and went to an Edmond store he was not employed at and he was assigned to work at the register. He pocketed more than 3,000 that day. Finally when the teen tried to pretend to be an employee at the norman Walmart, his game was over. The Cleveland county ditrsict Attorney is working on the boy's case butwhteher or not he will be tried as an adult in still being decided. The con artist knew about Walmart policies undergraduate because he was employed at a walmart prior to his crime. White paper presentation source, keynote, what we call the Internet, was not our first attempt at making a global data network that spanned the globe. It was just the first one that worked. In this talk, i'll lay out what I see as how the Internet actually works.
is a minor, dressed up like an employee and tricked the walmart managers at all three locations back in December. Norman police caught the boy and arrested him on January. The teen pretended to be an employee at three different Walmarts and stole a total of 30,000. The police report states that the boy 'acted as a if he was a general manager from another store.' It also states that he was wearing the company's name tag. Kfor reports that the boy said 'he was doing an inventory of the store before general managers came to inspect them after the holidays.'. Surveillance cameras contained footage of the sly perpetrator. According to the police report, the boy was alone in the cash room and took multiple bundles of cash which he stuffed into his pockets. Jeremy lewis was impressed by the teens ability to fool each and every walmart.
Sort by, newest, most Popular, price: High to low, price: Low to high. Compare, compare, pdf compare, compare, compare, compare, compare, compare, compare, compare, compare, compare, compare, compare, compare, compare, compare, compare compare compare no results found Compare. Con artist, 17, dressed like an employee to steal 30,000 from three walmarts - and even hugged a manager on the way out 17-year-old pretended to be a manager so he could pocket cash. He claimed to be doing an inventory of the stores before the holidays. The teen was a former Walmart employee who kept his uniform after being fired for stealing money. Cops caught him from surveillance footage. Published: 16:45 bst, 7 February 2014 Updated: 16:58 bst, 7 February 2014.
Informationweek, serving the information needs of the
IE8/IE9/IE10 is no longer a supported browser. Please use a more current browser to view our site. Filter by, type, wireless:.4ghz, wireless: Bluetooth, wireless: Unifying. Corded, laser, optical, rechargeable, smartshift, wireless dual Connectivity, s Hand size writing or Travel. M hand size, l Hand size, feature, ambidextrous, battery indicator (LED). Darkfield Laser Tracking, easy-Switch Technology, hyper-Fast Scrolling, silent. Flow, platform, windows, chrome os, linux, mac.