SlideShare uma empresa Scribd logo

Enfilade: Tool to Detect Infections in MongoDB Instances

Aditya K Sood
Aditya K Sood

Attackers are targeting MongoDB instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MongoDB instances and trigger infections at scale to exfiltrate data, destruct data, and extort money via ransom.

Tecnologia
1 de 17
Baixar para ler offline
Enfilade: A Tool to Detect Infections in MongoDB Instances
About Tool Disclaimer https://github.com/adityaks/strafer Tool presented in this talk is for sharing research with security community to strengthen the intelligence efforts for enhancing the security of critical services on the internet. Note: Due to Covid-19 Delta variant challenge and travel restrictions, we were not able to present in-person at the BlackHat USA Arsenal 2021.
About Tool Development This is the first release of the tool and we expect to add more modules in the nearby future. This work is done in collaboration with the Research Team at the Office of the CTO, F5 (https://www.f5.com/company/octo)
BlackHat Arsenal USA 2021
About Tool Enfilade Project Team https://github.com/adityaks/strafer • Dr. Aditya K Sood o Security Practitioner and Researcher o Working in the security field for more than 13 years o Regular speaker at industry leading security conferences o Author of “Targeted Cyber Attacks” and “Empirical Cloud Security” Books o W: https://www.adityaksood.com o T: @adityaksood o LinkedIn: https://www.linkedin.com/adityaks • Rohit Bansal o Principal Researcher, SecNiche Security Labs o https://secniche.org/ MongoDB Threats Research. And Intelligence Collection MongoDB Threats Research and Tool Development
About Tool Mongodb threats and attacks landscape
About Tool • Enfilade: A tool to detect potential infections in MongoDB instances • In this version of the tool, the following modules are supported: o MongoDB instances information gathering and reconnaissance (inline) o MongoDB instances exposure on the Internet (authentication checks) o MongoDB instances admin privileges assessment o Detecting potential ransomware infections in the MongoDB instances o Basic o Intrusive o Detecting potential botnet infections such as meow botnet o Basic o Intrusive Introducing Enfilade
About Tool Introducing Enfilade
About Tool Detecting unauthenticated mongodb instances
About Tool Privilege abuse: admin access (user creation)
About Tool Detecting Ransomware Infections (Basic)
About Tool Detecting Ransomware Infections (Intrusive)
About Tool Detecting MEOW Botnet Infections (Basic)
About Tool Detecting MEOW Botnet Infections (Intrusive)
About Tool Enfilade Tool: Demo
About Tool Enfilade Tool: Download https://github.com/adityaks/enfilade
About Tool Questions and Queries

Recomendados

Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomwarePrathan Phongthiproek
 
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchDetecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchAditya K Sood
 
Cracking the mobile application code
Cracking the mobile application codeCracking the mobile application code
Cracking the mobile application codeSreenarayan A
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber SecuritySatria Ady Pradana
 

Recomendados

Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomwarePrathan Phongthiproek
 
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchDetecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchAditya K Sood
 
Cracking the mobile application code
Cracking the mobile application codeCracking the mobile application code
Cracking the mobile application codeSreenarayan A
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber SecuritySatria Ady Pradana
 
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018Codemotion
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware AnalysisRamin Farajpour Cami
 
Reduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesReduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesProtecode
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?Ramin Farajpour Cami
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber SecuritySatria Ady Pradana
 
The difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamThe difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamNimrod Levy
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attacksecurityxploded
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea, Inc.
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attackYadnyawalkya Tale
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Invincea, Inc.
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Bug bounty
Bug bountyBug bounty
Bug bountyRamin Farajpour Cami
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityVodqaBLR
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile AppsSophos Benelux
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisAntonio Parata
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
 

Mais conteúdo relacionado

Mais procurados

N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018Codemotion
 
Reduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesReduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesProtecode
 
The difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamThe difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamNimrod Levy
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea, Inc.
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attackYadnyawalkya Tale
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Invincea, Inc.
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityVodqaBLR
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort
 

Mais procurados (20)

N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
Reduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security VulnerabilitiesReduce the Risk of Open Source Security Vulnerabilities
Reduce the Risk of Open Source Security Vulnerabilities
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber Security
 
The difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamThe difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red Team
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attack
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attack
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysis
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibility
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-mac
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 

Semelhante a Enfilade: Tool to Detect Infections in MongoDB Instances

HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisAntonio Parata
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysiswremes
 
Peerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetPeerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetAbhinav Mishra
 
Getting started with android
Getting started with androidGetting started with android
Getting started with androidVandana Verma
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant abnmi
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3IJERA Editor
 
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...CODE BLUE
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys
 
Barcamp: Open Source and Security
Barcamp: Open Source and SecurityBarcamp: Open Source and Security
Barcamp: Open Source and SecurityJoshua L. Davis
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
INTERFACE by apidays 2023 - Securing LLM and NLP APIs, Ads Dawson & Jared Kra...
INTERFACE by apidays 2023 - Securing LLM and NLP APIs, Ads Dawson & Jared Kra...INTERFACE by apidays 2023 - Securing LLM and NLP APIs, Ads Dawson & Jared Kra...
INTERFACE by apidays 2023 - Securing LLM and NLP APIs, Ads Dawson & Jared Kra...apidays
 
Construye tu stack de ciberseguridad con open source
Construye tu stack de ciberseguridad con open sourceConstruye tu stack de ciberseguridad con open source
Construye tu stack de ciberseguridad con open sourceSoftware Guru
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationMalachi Jones
 

Semelhante a Enfilade: Tool to Detect Infections in MongoDB Instances (20)

HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysis
 
Peerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter MeetPeerlyst Delhi NCR Chapter Meet
Peerlyst Delhi NCR Chapter Meet
 
Getting started with android
Getting started with androidGetting started with android
Getting started with android
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaper
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
 
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
 
Barcamp: Open Source and Security
Barcamp: Open Source and SecurityBarcamp: Open Source and Security
Barcamp: Open Source and Security
 
Android Secure Coding
Android Secure CodingAndroid Secure Coding
Android Secure Coding
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
INTERFACE by apidays 2023 - Securing LLM and NLP APIs, Ads Dawson & Jared Kra...
INTERFACE by apidays 2023 - Securing LLM and NLP APIs, Ads Dawson & Jared Kra...INTERFACE by apidays 2023 - Securing LLM and NLP APIs, Ads Dawson & Jared Kra...
INTERFACE by apidays 2023 - Securing LLM and NLP APIs, Ads Dawson & Jared Kra...
 
Construye tu stack de ciberseguridad con open source
Construye tu stack de ciberseguridad con open sourceConstruye tu stack de ciberseguridad con open source
Construye tu stack de ciberseguridad con open source
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_Exploitation
 

Mais de Aditya K Sood

Emerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareEmerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareAditya K Sood
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...Aditya K Sood
 
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K SoodNetwork Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K SoodAditya K Sood
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAbusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAditya K Sood
 
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineAditya K Sood
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...Aditya K Sood
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
DEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and OperatedDEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and OperatedAditya K Sood
 
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Aditya K Sood
 
NGR Bot Analysis Paper
NGR Bot Analysis PaperNGR Bot Analysis Paper
NGR Bot Analysis PaperAditya K Sood
 
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...Aditya K Sood
 
Commercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareCommercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareAditya K Sood
 
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...Aditya K Sood
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareAditya K Sood
 
Browser Malware Taxonomy
Browser Malware TaxonomyBrowser Malware Taxonomy
Browser Malware TaxonomyAditya K Sood
 
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...Aditya K Sood
 
PenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile HackingPenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile HackingAditya K Sood
 
Dissecting Java Server Faces for Penetration Testing
Dissecting Java Server Faces for Penetration Testing Dissecting Java Server Faces for Penetration Testing
Dissecting Java Server Faces for Penetration Testing Aditya K Sood
 

Mais de Aditya K Sood (20)

Emerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareEmerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks Malware
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
 
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K SoodNetwork Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAbusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and Defences
 
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
DEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and OperatedDEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and Operated
 
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
 
NGR Bot Analysis Paper
NGR Bot Analysis PaperNGR Bot Analysis Paper
NGR Bot Analysis Paper
 
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
 
Commercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareCommercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks Malware
 
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
 
Browser Malware Taxonomy
Browser Malware TaxonomyBrowser Malware Taxonomy
Browser Malware Taxonomy
 
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
 
PenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile HackingPenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile Hacking
 
Dissecting Java Server Faces for Penetration Testing
Dissecting Java Server Faces for Penetration Testing Dissecting Java Server Faces for Penetration Testing
Dissecting Java Server Faces for Penetration Testing
 

Último

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 

Último (20)

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 

Enfilade: Tool to Detect Infections in MongoDB Instances