SlideShare uma empresa Scribd logo

Mind the gap - Troopers 2016

C
Casey Smith

Exploit Free Application Whitelisting Evasion Techniques

Tecnologia
1 de 68
Baixar para ler offline
Mind The Gap Exploit Free Whitelisting Evasion Tactics Casey Smith @subTee
C:> whoami /all USER INFORMATION -------------------- Banker By Day Red Team Lead
This talk seeks to explore the gaps in Application Whitelisting.
Trusted Applications Can Circumvent Whitelisting Constraints
Architecture Path Rules .NET Scripting Emerging Strengths
Understand: How Your Defenses Work & Where They Fail
Why Exploit Free? Exploits can be patched… Architecture flaws cannot.
“…designed to protect against unauthorized and malicious programs executing on a computer.”
How is this implemented?
Kernel Mode Minifilter Drivers
Minifilter/Event Monitor Decision Support/Approval User Mode Kernel Mode
Trust Decisions Path Publisher (Certificate) Hash
Attacking Weak Path Rules
Vote For Your Favorite Path Rule C:Windows* C:WindowsTemp C:WindowsTasks
Vote For Your Favorite Path Rule C:WindowsSystem32* C:WindowsSystem32SpoolDriversColor
Test and Validate & Limit/Avoid Path Rules
J
Demonstration One: AppLocker Default Rules
.NET Utilities & Tactics
Installed by default All Signed Microsoft binaries trusted as a matter of convenience…
“…An attacker, on the other hand, is more interested in what an application can be made to do and operates on the principle that "any action not specifically denied, is allowed".” – OWASP Secure Coding Practices
See Also: Kernel-based monitoring on Windows (32/64 bit) – Florian Rienhardt http://www.bitnuts.de/KernelBasedMonitoring.pdf
Proof of Concept Driver “Soteria”
The guidance provided is simply NOT going to catch some .NET execution events.
Installed By Default •InstallUtil.exe •Regasm.exe Signed By Microsoft No Admin Rights Required To Execute
These Utilities Accept ANY Assembly as Input This is the designed behavior
Regasm.exe MyBad.dll
In order to raise awareness… I wrote some tools, Proof Of Concept
InstallUtil.exe
C:WindowsMicrosoft.NETFrameworkv2.0.50727 InstallUtil.exe /U katz.exe C:WindowsMicrosoft.NETFrameworkv2.0.50727 csc.exe /out:katz.exe /unsafe katz.cs
Demonstration Two: Mimikatz Inside InstallUtil.exe
InstallUtil Bypass in Metasploit J
RegAsm.exe
You need Admin rights to register an assembly If not? Unregister function works J
Demonstration Three: Shellcode Via Regasm.exe
Scripting Languages
Dllhost.exe
Admin Rights Required For This Blend in with the noise…
Poweliks Emulation: rundll32.exe javascript:"..mshtml,RunHTMLApplication ";o=new%20ActiveXObject("JS");o.Exec();
Whitelisting does NOT prevent exploitation of trusted applications
Examples: Browser Office Java PDF Readers
Consider Exploit Mitigation: Microsoft EMET Can Be Highly Effective Enhanced Mitigation Experience Toolkit
Demonstration Four – Part 1: EMET Protecting Excel Spreadsheet
MSHTA.EXE An HTA executes without the constraints of the browser security model; in fact, it executes as a "fully trusted" application.
MSHTA.exe Spawns Excel Executes Macro
Demonstration Four – Part 2: EMET 5.5 Evasion via HTA/VBA Custom Shellcode Thanks To: Josh Pitts @midnite_runr
EAF = Export Address Table Filtering I’m running a macro. I do not need to scan EAT to locate addresses for LoadLibraryA, GetProcAddress
Evasion Internals – If We Have Time.
Base Address GetProcAddress LoadLibraryA
Memory Base: 089a0000
GetProcAddress: 76d1cc94
LoadLibraryA: 76d1dc65
Just move lookups into VBA instead of ASM.
Conclusion – 7 Slides Remaining
Why Should We Consider Application Whitelisting at all? What does all this mean?
Whitelisting Works •Forces Adversaries to Re-Tool/ Burn Tradecraft •Increases visibility •Increases Noise/Tracks Attackers Generate •Removes an entire class of attacks Download and Execute For Example
New Directions – Emerging Strengths •Windows 10 Device Guard • Virtualization Based Security | Hypervisor Layer • Provides For User Mode Code Integrity (UMCI) • Caveat… Not Trivial To Configure/Deploy • PowerShell ConstrainedLanguage Mode
http://www.alex-ionescu.com/blackhat2015.pdf References: http://blogs.technet.com/b/ash/archive/2016/03/02/windows- 10-device-guard-and-credential-guard-demystified.aspx
Understand Where Gaps Exist: •Script Engines •“Living Off The Land” – • Misuse of trusted Applications Office, .NET, WMI, PowerShell etc… •Memory Residence/Injection
Common Arguments Against Whitelisting Defenses •Too difficult… • Take it in steps, start with your most static machines. •It does not stop everything… • No defense is perfect. None. • Run it in Log Mode if nothing else… • Get the visibility on Endpoint executions and new binaries.
Thank You!
References •https://github.com/subTee/Troopers2016 Special Thanks: •Florian Rienhardt http://bitnuts.de/
Questions? Feedback? Please don’t hesitate to contact me Casey Smith @subTee

Recomendados

Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...Beau Bullock
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionBeau Bullock
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanLior Rotkovitch
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingNetSPI
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defenseamiable_indian
 
Webscarab demo @ OWASP Belgium
Webscarab demo @ OWASP BelgiumWebscarab demo @ OWASP Belgium
Webscarab demo @ OWASP BelgiumPhilippe Bogaerts
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 
Automating Attacks Against Office365 - BsidesPDX 2016
Automating Attacks Against Office365 - BsidesPDX 2016Automating Attacks Against Office365 - BsidesPDX 2016
Automating Attacks Against Office365 - BsidesPDX 2016Karl Fosaaen
 

Recomendados

Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...Beau Bullock
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionBeau Bullock
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanLior Rotkovitch
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingNetSPI
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defenseamiable_indian
 
Webscarab demo @ OWASP Belgium
Webscarab demo @ OWASP BelgiumWebscarab demo @ OWASP Belgium
Webscarab demo @ OWASP BelgiumPhilippe Bogaerts
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 
Automating Attacks Against Office365 - BsidesPDX 2016
Automating Attacks Against Office365 - BsidesPDX 2016Automating Attacks Against Office365 - BsidesPDX 2016
Automating Attacks Against Office365 - BsidesPDX 2016Karl Fosaaen
 
Pentest Apocalypse
Pentest ApocalypsePentest Apocalypse
Pentest ApocalypseBeau Bullock
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From WindowsNetSPI
 
The WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchThe WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchLior Rotkovitch
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
CNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationCNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationSam Bowne
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingNetSPI
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Externally Testing Modern AD Domains - Arcticcon
Externally Testing Modern AD Domains - ArcticconExternally Testing Modern AD Domains - Arcticcon
Externally Testing Modern AD Domains - ArcticconKarl Fosaaen
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellBeau Bullock
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Beau Bullock
 
Novinky F5
Novinky F5Novinky F5
Novinky F5MarketingArrowECS_CZ
 
Getting started with fiddler
Getting started with fiddlerGetting started with fiddler
Getting started with fiddlerZhi Zhong
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
Getting started in app sec
Getting started in app secGetting started in app sec
Getting started in app secAmit Dubey
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
Is Your Mobile App Secure?
Is Your Mobile App Secure?Is Your Mobile App Secure?
Is Your Mobile App Secure?Sam Bowne
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINXWallarm
 
Production Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyProduction Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyBrian Lyttle
 
Isset Presentation @ EECI2009
Isset Presentation @ EECI2009Isset Presentation @ EECI2009
Isset Presentation @ EECI2009Isset Internet Professionals
 

Mais conteúdo relacionado

Mais procurados

Pentest Apocalypse
Pentest ApocalypsePentest Apocalypse
Pentest ApocalypseBeau Bullock
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From WindowsNetSPI
 
The WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchThe WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchLior Rotkovitch
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
CNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationCNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationSam Bowne
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingNetSPI
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Externally Testing Modern AD Domains - Arcticcon
Externally Testing Modern AD Domains - ArcticconExternally Testing Modern AD Domains - Arcticcon
Externally Testing Modern AD Domains - ArcticconKarl Fosaaen
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellBeau Bullock
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Beau Bullock
 
Getting started with fiddler
Getting started with fiddlerGetting started with fiddler
Getting started with fiddlerZhi Zhong
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
Getting started in app sec
Getting started in app secGetting started in app sec
Getting started in app secAmit Dubey
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
Is Your Mobile App Secure?
Is Your Mobile App Secure?Is Your Mobile App Secure?
Is Your Mobile App Secure?Sam Bowne
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINXWallarm
 

Mais procurados (20)

Pentest Apocalypse
Pentest ApocalypsePentest Apocalypse
Pentest Apocalypse
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
 
The WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchThe WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitch
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
CNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationCNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the Application
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Externally Testing Modern AD Domains - Arcticcon
Externally Testing Modern AD Domains - ArcticconExternally Testing Modern AD Domains - Arcticcon
Externally Testing Modern AD Domains - Arcticcon
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShell
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
Covert Attack Mystery Box: A few novel techniques for exploiting Microsoft “f...
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
Getting started with fiddler
Getting started with fiddlerGetting started with fiddler
Getting started with fiddler
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Getting started in app sec
Getting started in app secGetting started in app sec
Getting started in app sec
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android Applications
 
Is Your Mobile App Secure?
Is Your Mobile App Secure?Is Your Mobile App Secure?
Is Your Mobile App Secure?
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINX
 

Semelhante a Mind the gap - Troopers 2016

Production Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyProduction Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyBrian Lyttle
 
systems_administrator test
systems_administrator testsystems_administrator test
systems_administrator testHunde Regasa
 
High Performance Mysql
High Performance MysqlHigh Performance Mysql
High Performance Mysqlliufabin 66688
 
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS FilterExamining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filterkuza55
 
Joomla! Day Chicago 2011 Presentation - Steven Pignataro
Joomla! Day Chicago 2011 Presentation - Steven PignataroJoomla! Day Chicago 2011 Presentation - Steven Pignataro
Joomla! Day Chicago 2011 Presentation - Steven PignataroSteven Pignataro
 
Architecture: Manual vs. Automation
Architecture: Manual vs. AutomationArchitecture: Manual vs. Automation
Architecture: Manual vs. AutomationAmazon Web Services
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3Diane Allen
 
LJC-Unconference-2023-Keynote.pdf
LJC-Unconference-2023-Keynote.pdfLJC-Unconference-2023-Keynote.pdf
LJC-Unconference-2023-Keynote.pdfEmilyJiang23
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and TechniquesBala Subra
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging TechniquesBala Subra
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Meetup DotNetCode Owasp
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp dotnetcode
 
Top 20 Asp.net interview Question and answers
Top 20 Asp.net interview Question and answersTop 20 Asp.net interview Question and answers
Top 20 Asp.net interview Question and answersw3asp dotnet
 
Research Assignment For Active Directory
Research Assignment For Active DirectoryResearch Assignment For Active Directory
Research Assignment For Active DirectoryJessica Myers
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTDevil's Cafe
 
ITARC15 Workshop - Architecting a Large Software Project - Lessons Learned
ITARC15 Workshop - Architecting a Large Software Project - Lessons LearnedITARC15 Workshop - Architecting a Large Software Project - Lessons Learned
ITARC15 Workshop - Architecting a Large Software Project - Lessons LearnedJoão Pedro Martins
 

Semelhante a Mind the gap - Troopers 2016 (20)

Production Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyProduction Debugging at Code Camp Philly
Production Debugging at Code Camp Philly
 
Isset Presentation @ EECI2009
Isset Presentation @ EECI2009Isset Presentation @ EECI2009
Isset Presentation @ EECI2009
 
systems_administrator test
systems_administrator testsystems_administrator test
systems_administrator test
 
High Performance Mysql
High Performance MysqlHigh Performance Mysql
High Performance Mysql
 
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS FilterExamining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
 
Why test with flex unit
Why test with flex unitWhy test with flex unit
Why test with flex unit
 
Joomla! Day Chicago 2011 Presentation - Steven Pignataro
Joomla! Day Chicago 2011 Presentation - Steven PignataroJoomla! Day Chicago 2011 Presentation - Steven Pignataro
Joomla! Day Chicago 2011 Presentation - Steven Pignataro
 
Architecture: Manual vs. Automation
Architecture: Manual vs. AutomationArchitecture: Manual vs. Automation
Architecture: Manual vs. Automation
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
 
LJC-Unconference-2023-Keynote.pdf
LJC-Unconference-2023-Keynote.pdfLJC-Unconference-2023-Keynote.pdf
LJC-Unconference-2023-Keynote.pdf
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Meetup DotNetCode Owasp
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp
 
Hot sos em12c_metric_extensions
Hot sos em12c_metric_extensionsHot sos em12c_metric_extensions
Hot sos em12c_metric_extensions
 
Top 20 Asp.net interview Question and answers
Top 20 Asp.net interview Question and answersTop 20 Asp.net interview Question and answers
Top 20 Asp.net interview Question and answers
 
Intro To AOP
Intro To AOPIntro To AOP
Intro To AOP
 
Research Assignment For Active Directory
Research Assignment For Active DirectoryResearch Assignment For Active Directory
Research Assignment For Active Directory
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENT
 
ITARC15 Workshop - Architecting a Large Software Project - Lessons Learned
ITARC15 Workshop - Architecting a Large Software Project - Lessons LearnedITARC15 Workshop - Architecting a Large Software Project - Lessons Learned
ITARC15 Workshop - Architecting a Large Software Project - Lessons Learned
 

Último

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Último (20)

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Mind the gap - Troopers 2016