Вивисекция: анатомия ботнета из маршрутизаторов

•

1 gostou•456 visualizações

Заполучить интернет-трафик, подготовить инфраструктуру для эксплойтов и dropzone, арендовать «пуленепробиваемый» хостинг, зашифровать вредоносный бинарный файл, чтобы его не смогло обнаружить большинство антивирусов, построить продвинутые протоколы управления, запустить C2 и постоянно прятаться за несколькими комбинированными слоями VPN, SSH и прокси, — и все ради того, чтобы обеспечить свою безопасность. Куча забот! Если вы хотите создать собственный ботнет, вам рано или поздно придется столкнуться со всем этим. Но что, если есть более простой способ?..

Tecnologia

Live dissection  
anatomy of router based botnet
Ilya Nesterov 
Maxim Goncharov

Ilya Nesterov Maxim Goncharov (c) 2017
Who we are?
Ilya Nesterov Max Goncharov

Ilya Nesterov Maxim Goncharov (c) 2017
We have presented on PHDays ‘13

Ilya Nesterov Maxim Goncharov (c) 2017
What do you need to build a botnet?

Ilya Nesterov Maxim Goncharov (c) 2017
What if?

Ilya Nesterov Maxim Goncharov (c) 2017
What if... 
you know weak point?

Ilya Nesterov Maxim Goncharov (c) 2017
Billions of http requests

Ilya Nesterov Maxim Goncharov (c) 2017
Looking into the trafﬁc

Ilya Nesterov Maxim Goncharov (c) 2017
ВТФ? All the same SSH keys?

Ilya Nesterov Maxim Goncharov (c) 2017
Apricot Botnet
37.252.[ ].[ ]

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot
The need of Honeypot!
Use the same key pair
Use similar geolocation
Find cheap VPS

Ilya Nesterov Maxim Goncharov (c) 2017
The device

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot: trafﬁc source

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot: trafﬁc destination

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot: traget IPs and ports

Ilya Nesterov Maxim Goncharov (c) 2017
Honey Pot

Ilya Nesterov Maxim Goncharov (c) 2017
Connections from MIRAI infrastructure

Ilya Nesterov Maxim Goncharov (c) 2017
How about more fun?

Ilya Nesterov Maxim Goncharov (c) 2017
More attacks

Ilya Nesterov Maxim Goncharov (c) 2017
Let’s ﬁnd out something
PSV-2016-0256: Command Injection in WNR2000v5 - N300 WiFi Router.

Ilya Nesterov Maxim Goncharov (c) 2017
Wait! But how did we missed this?
CVE-2016-10174, CVE-2016-10175, and CVE-2016-10176
Affect: WNR2000v5, WNR2000v4, WNR2000v3

Ilya Nesterov Maxim Goncharov (c) 2017
Wait! But how did we missed this?
Affect: R6250, R6400, R6700, R6900, R7000, R7100LG,
R7300DST, R7900, R8000, D6220, D6400

Ilya Nesterov Maxim Goncharov (c) 2017
So what?
This vulnerability occurs when an attacker has access to the internal network or when
remote management is enabled on the router. Remote management is turned off by default, so
a user must have affirmatively turned on remote management through advanced settings for the router to be vulnerable in this
manner.

Ilya Nesterov Maxim Goncharov (c) 2017
Just go to Shodan

Ilya Nesterov Maxim Goncharov (c) 2017
Netgear results

Ilya Nesterov Maxim Goncharov (c) 2017
Netgear results
131 uses (1.7%) latest FW, but default credentials

Ilya Nesterov Maxim Goncharov (c) 2017
MikroTik

Ilya Nesterov Maxim Goncharov (c) 2017
Vault 7: CIA Hacking Tools Revealed
March 7th, 2017

Ilya Nesterov Maxim Goncharov (c) 2017
MikroTik
UPDATE 2: v6.38.5 and 6.39rc49 has been released, this version ﬁxes the vulnerabilities outlined in
the above documents, and cleans any ﬁles installed by the tools described.
Statement on Vault 7 document release

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR R8XXX

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R8XXX

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R6XXX NETGEAR R8XXX

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX
MikroTik

Ilya Nesterov Maxim Goncharov (c) 2017
Why this is a problem?
NETGEAR WRN2000
NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX
MikroTik HACKED-ROUTER-HELP-SOS-
HAD-DUPE-PASSWORD

Ilya Nesterov Maxim Goncharov (c) 2017
an Apricot device
37.252.[ ].[ ]

Ilya Nesterov Maxim Goncharov (c) 2017
See! They are on a market!

Ilya Nesterov Maxim Goncharov (c) 2017
What can we do about it?
- Educate
- Make noise
- Find more vulnerabilities
- Make a map

Ilya Nesterov Maxim Goncharov (c) 2017
Questions?

Ilya Nesterov Maxim Goncharov (c) 2017
Thanks!

Mais conteúdo relacionado

Semelhante a Вивисекция: анатомия ботнета из маршрутизаторов

Riot Games is a high-paced dynamic environment with many groups striving to release new content, features, and tools. Riot runs League of Legends, one of the biggest online multiplayer games, and uses AWS to host many complex sites that service millions of players everyday. In this session, Riot Games talks about the evolution of their management practice on AWS over the past two years, some lessons learned the hard way, and where they hope to be in the future. Key topics include: SSO (Single-Sign On) integration with IAM roles High-level AWS architecture (How to make it easy on your organization) VPC design, centralization, and simplification DevOps tooling and automation How and why we use Auto Scaling

(GAM304) How Riot Games re:Invented Their AWS Model | AWS re:Invent 2014

Amazon Web Services

Making decisions today for tomorrow's technology—from DNS to AWS Direct Connect, ELBs to ENIs, VPCs to VPNs, the Cloud Network Engineering team at Netflix are resident subject matter experts for a myriad of AWS resources. Learn how a cross-functional team automates and manages an infrastructure that services over 125 million customers while evaluating new features that enable us to continue to grow through our next 100 million customers and beyond.

Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...

Amazon Web Services

MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月

VirtualTech Japan Inc.

Microservices sind im Wesentlichen ein paar hippe JavaScript Frameworks und eine schicke Single-Page-App mit AngularJS oder React, oder? Wenn du also absolut sicher sein willst, dass dein nächstes Microservice Projekt scheitert, dann komm in diesen Vortrag und lerne wie. Anhand echter Erfahrung aus mehreren Brownfield und Greenfield Projekten zeige ich: - wie du die notwendigen organisatorischen Einflüsse ignorierst - wie du Operations wahnsinnig machst, sowohl durch unreife Technologien als auch durch last-minute Monitoring - wie du auch ohne Continuous Delivery fehlerhafte Software rasch releasen kannst - wie du auch einfachste CRUD Anwendungen mit hyper-komplexen Architekturen zum Scheitern bringst - …und vieles mehr Wenn du diese Tipps beachtest, wird dein Chef nie wieder auf die Idee kommen, seine IT zu modernisieren und du kannst weiterhin deinen geliebten Monolithen pflegen.

10 Tips for failing at microservices - badly (BedCon 2017)

David Schmitz

Artem Melnytskyi "Friendly Сo-pilot as a Practical AI Application"

LogeekNightUkraine

Neo4j GraphSummit Copenhagen - The path to success with Graph Database and Gr...

Neo4j

March.2012.KinectForWindows

Reuben Ahmed

Adding IPv6 to the application layer

Koichi Taniguchi

Experiences with Power 9 at A*STAR CRC

Ganesan Narayanasamy

44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick. Hardware hacks tend to focus on low-speed (jtag, uart) and external (network, usb) interfaces, and PCI Express is typically neither. After a crash course in PCIe Architecture, we’ll demonstrate a handful of hacks showing how pull PCIe outside of your system case and add PCIe slots to systems without them, including embedded platforms. We’ll top it off with a demonstration of SLOTSCREAMER, an inexpensive device that’s part of the NSA Playset which we’ve configured to access memory and IO, cross-platform and transparent to the OS - all by design with no 0-day needed. The open hardware and software framework that we will release will expand your Playset with the ability to tinker with DMA attacks to read memory, bypass software and hardware security measures, and directly attack other hardware devices in the system.

44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick

44CON

IoT - the Next Wave of DDoS Threat Landscape

APNIC

Tech w22

SelectedPresentations

IBOSEC-3000-2.pdf

Andrew Benhase

Building application in a "Microfrontends" way - Matthias Lauf *XConf Manchester

Thoughtworks

Information security is ever evolving, and Android's security posture is no different. Android users faces threats from a variety of sources, from the mundane to the extraordinary. Lost and stolen devices, malware attacks, rooting vulnerabilities, malicious websites, and nation state attackers are all within the Android threat model, and something the Android Security Team deals with daily. In this talk, we will cover the threats facing Android users, using both specific examples from previous Black Hat conferences and published research, as well as previously unpublished threats. For the threats, we will go into the specific technical controls which contain the vulnerability, as well as newly added Android N security features which defend against future unknown vulnerabilities. Finally, we'll discuss where we could go from here to make Android, and the entire computer industry, safer. (Source: Black Hat USA 2016, Las Vegas)

The Art of defence: How vulnerabilites help shape security features and mitig...

Priyanka Aash

2019年3月30日、大阪府立国際会議場（グランキューブ大阪）にて行われた関西最大規模のゲーム業界勉強会「GAME CREATORS CONFERENCE '18」(ゲームクリエイターズカンファレンス) におけるマイクロソフトと、モノビットエンジンの2社の共同セッションの資料です。モノビットパートでは、講演数日前に、リリースされた『モノビットエンジンクラウド』の使い方や性能、特徴などの初出し情報も掲載しております。また、Azureパートでは、モノビットエンジンクラウドの基盤として採用されている、Microsoft Azure の IaaS に関する情報をお届けしています。

モノビットエンジンがついにクラウド化！しかし、インフラでまさかのAzureを利用！？本当に大丈夫なの？

Daisuke Masubuchi

Speaker: Paul Navrátil, Texas Advanced Computing Center (TACC) The design emphasis for supercomputing systems has moved from raw performance to performance-per-watt, and as a result, supercomputing architectures are converging on processors with wide vector units and many processing cores per chip. Such processors are capable of performant image rendering purely in software. This improved capability is fortuitous, since the prevailing homogeneous system designs lack dedicated, hardware-accelerated rendering subsystems for use in data visualization. Reliance on this “software-defined” rendering capability will grow in importance since, due to growing data sizes, visualizations must be performed on the same machine where the data is produced. Further, as data sizes outgrow disk I/O capacity, visualization will be increasingly incorporated into the simulation code itself (in situ visualization). This talk presents recent work in high-fidelity visualization using the OSPRay ray tracing framework on TACC’s local and remote visualization systems. We present work using OSPRay within ParaView Catalyst in situ framework from Kitware, including capitalizing on opportunities to reduce data costs migrating through VTK filters for visualization. We highlight the performance opportunities and advantages of Intel® Advanced Vector Extensions 512, the memory system improvements possible with Intel® Xeon Phi™ processor multi-channel DRAM (MCDRAM) and the Intel® Omni-Path Architecture interconnect.

SDVIs and In-Situ Visualization on TACC's Stampede

Intel® Software

Building application in a "Microfrontends" way - Prasanna N Venkatesen *XConf...

Thoughtworks

Nsd, il tuo compagno di viaggio quando Domino va in crash

Fabio Pignatti

Join this session for The Best of Windows Server 2016 — The New Foundation of your Datacenter. You’ll get an overview about the new, exciting improvements that are in Windows Server 2016 and how they’ll improve your day-to-day job. In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations including: •Hyper-V 2016 features •Nano Server •Storage Spaces Direct •Storage Replica •Windows Server Containers •And more!

The best of Windows Server 2016 - Thomas Maurer

ITCamp

Semelhante a Вивисекция: анатомия ботнета из маршрутизаторов (20)

(GAM304) How Riot Games re:Invented Their AWS Model | AWS re:Invent 2014

Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...

MidoNet Trouble Shooting – OpenStack最新情報セミナー 2015年4月

10 Tips for failing at microservices - badly (BedCon 2017)

Artem Melnytskyi "Friendly Сo-pilot as a Practical AI Application"

Neo4j GraphSummit Copenhagen - The path to success with Graph Database and Gr...

March.2012.KinectForWindows

Adding IPv6 to the application layer

Experiences with Power 9 at A*STAR CRC

44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick

IoT - the Next Wave of DDoS Threat Landscape

Tech w22

IBOSEC-3000-2.pdf

Building application in a "Microfrontends" way - Matthias Lauf *XConf Manchester

The Art of defence: How vulnerabilites help shape security features and mitig...

モノビットエンジンがついにクラウド化！しかし、インフラでまさかのAzureを利用！？本当に大丈夫なの？

SDVIs and In-Situ Visualization on TACC's Stampede

Building application in a "Microfrontends" way - Prasanna N Venkatesen *XConf...

Nsd, il tuo compagno di viaggio quando Domino va in crash

The best of Windows Server 2016 - Thomas Maurer

Mais de Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Positive Hack Days

Как мы собираем проекты в выделенном окружении в Windows Docker

Positive Hack Days

Типовая сборка и деплой продуктов в Positive Technologies

Positive Hack Days

1. Что такое BI. Зачем он нужен. 2. Что такое Qlik View / Sense 3. Способ интеграции. Как это работает. 4. Метрики, KPI, планирование ресурсов команд, ретроспектива релиза продукта, тренды. 5. Подключение внешних источников данных (Excel, БД СКУД, переговорные комнаты).

Аналитика в проектах: TFS + Qlik

Positive Hack Days

Использование анализатора кода SonarQube

Positive Hack Days

Развитие сообщества Open DevOps Community

Positive Hack Days

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Positive Hack Days

Approof — статический анализатор кода для проверки веб-приложений на наличие уязвимых компонентов. В своей работе анализатор основывается на правилах, хранящих сигнатуры искомых компонентов. В докладе рассматривается базовая структура правила для Approof и процесс автоматизации его создания.

Автоматизация построения правил для Approof

Positive Hack Days

Задумывались ли вы когда-нибудь о том, как устроены современные механизмы защиты приложений? Какая теория стоит за реализацией WAF и SAST? Каковы пределы их возможностей? Насколько их можно подвинуть за счет более широкого взгляда на проблематику безопасности приложений? На мастер-классе будут рассмотрены основные методы и алгоритмы двух основополагающих технологий защиты приложений — межсетевого экранирования уровня приложения и статического анализа кода. На примерах конкретных инструментов с открытым исходным кодом, разработанных специально для этого мастер-класса, будут рассмотрены проблемы, возникающие на пути у разработчиков средств защиты приложений, и возможные пути их решения, а также даны ответы на все упомянутые вопросы.

Мастер-класс «Трущобы Application Security»

Positive Hack Days

Формальные методы защиты приложений

Positive Hack Days

Эвристические методы защиты приложений

Positive Hack Days

Теоретические основы Application Security

Positive Hack Days

Разработка наукоемкого программного обеспечения отличается тем, что нет ни четкой постановки задачи, ни понимания, что получится в результате. Однако даже этом надо программировать то, что надо, и как надо. Докладчик расскажет о том, как ее команда успешно разработала и вывела в промышленную эксплуатацию несколько наукоемких продуктов, пройдя непростой путь от эксперимента, результатом которого был прототип, до промышленных версий, которые успешно продаются как на российском, так и на зарубежном рынках. Этот путь был насыщен сложностями и качественными управленческими решениями, которыми поделится докладчик

От экспериментального программирования к промышленному: путь длиной в 10 лет

Positive Hack Days

Немногие разработчики закладывают безопасность в архитектуру приложения на этапе проектирования. Часто для этого нет ни денег, ни времени. Еще меньше — понимания моделей нарушителя и моделей угроз. Защита приложения выходит на передний план, когда уязвимости начинают стоить денег. К этому времени приложение уже работает и внесение существенных изменений в код становится нелегкой задачей. К счастью, разработчики тоже люди, и в коде разных приложений можно встретить однотипные недостатки. В докладе речь пойдет об опасных ошибках, которые чаще всего допускают разработчики Android-приложений. Затрагиваются особенности ОС Android, приводятся примеры реальных приложений и уязвимостей в них, описываются способы устранения.

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Positive Hack Days

Разработка любого софта так или иначе базируется на требованиях. Полный перечень составляют бизнес-цели приложения, различные ограничения и ожидания по качеству (их еще называют NFR). Требования к безопасности ПО относятся к последнему пункту. В ходе доклада будут рассматриваться появление этих требований, управление ими и выбор наиболее важных. Отдельно будут освещены принципы построения архитектуры приложения, при наличии таких требований и без, и продемонстрировано, как современные (и хорошо известные) подходы к проектированию приложения помогают лучше строить архитектуру приложения для минимизации ландшафта угроз.

Требования по безопасности в архитектуре ПО

Positive Hack Days

Доклад посвящен разработке корректного программного обеспечения с применением одного из видов статического анализа кода. Будут освещены вопросы применения подобных методов, их слабые стороны и ограничения, а также рассмотрены результаты, которые они могут дать. На конкретных примерах будет продемонстрировано, как выглядят разработка спецификаций для кода на языке Си и доказательство соответствия кода спецификациям.

Формальная верификация кода на языке Си

Positive Hack Days

Механизмы предотвращения атак в ASP.NET Core

Positive Hack Days

SOC для КИИ: израильский опыт

Positive Hack Days

Honeywell Industrial Cyber Security Lab & Services Center

Positive Hack Days

Credential stuffing и брутфорс-атаки

Positive Hack Days

Mais de Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes

Как мы собираем проекты в выделенном окружении в Windows Docker

Типовая сборка и деплой продуктов в Positive Technologies

Аналитика в проектах: TFS + Qlik

Использование анализатора кода SonarQube

Развитие сообщества Open DevOps Community

Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...

Автоматизация построения правил для Approof

Мастер-класс «Трущобы Application Security»

Формальные методы защиты приложений

Эвристические методы защиты приложений

Теоретические основы Application Security

От экспериментального программирования к промышленному: путь длиной в 10 лет

Уязвимое Android-приложение: N проверенных способов наступить на грабли

Требования по безопасности в архитектуре ПО

Формальная верификация кода на языке Си

Механизмы предотвращения атак в ASP.NET Core

SOC для КИИ: израильский опыт

Honeywell Industrial Cyber Security Lab & Services Center

Credential stuffing и брутфорс-атаки

Último

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Jago de Vreede

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Architecting Cloud Native Applications

WSO2

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Вивисекция: анатомия ботнета из маршрутизаторов

1. Live dissection   anatomy of router based botnet Ilya Nesterov  Maxim Goncharov

26. Ilya Nesterov Maxim Goncharov (c) 2017 So what? This vulnerability occurs when an attacker has access to the internal network or when remote management is enabled on the router. Remote management is turned off by default, so a user must have affirmatively turned on remote management through advanced settings for the router to be vulnerable in this manner.

34. Ilya Nesterov Maxim Goncharov (c) 2017 MikroTik UPDATE 2: v6.38.5 and 6.39rc49 has been released, this version ﬁxes the vulnerabilities outlined in the above documents, and cleans any ﬁles installed by the tools described. Statement on Vault 7 document release

42. Ilya Nesterov Maxim Goncharov (c) 2017 Why this is a problem? NETGEAR WRN2000 NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX MikroTik HACKED-ROUTER-HELP-SOS- HAD-DUPE-PASSWORD Basic realm=" Default Name:admin Password:1234 "

43. Ilya Nesterov Maxim Goncharov (c) 2017 Why this is a problem? NETGEAR WRN2000 NETGEAR R6XXX NETGEAR R7XXXNETGEAR R8XXX MikroTik HACKED-ROUTER-HELP-SOS- HAD-DUPE-PASSWORD Basic realm=" Default Name:admin Password:1234 "

Вивисекция: анатомия ботнета из маршрутизаторов

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Вивисекция: анатомия ботнета из маршрутизаторов

Semelhante a Вивисекция: анатомия ботнета из маршрутизаторов (20)

Mais de Positive Hack Days

Mais de Positive Hack Days (20)

Último

Último (20)

Вивисекция: анатомия ботнета из маршрутизаторов