logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Gabriel Landau
2023-05-11

The Windows Protected Process Light (PPL) mechanism hardens anti-malware and critical Windows services against tampering, even by administrators. This special status is guarded by the Windows Code Integrity (CI) subsystem which ensures that PPL processes will only run code with special signatures from Microsoft or trusted vendors.PPL has a history of bypasses. The most notorious is PPLdump, a turnkey user mode tool that exploits a Windows vulnerability to achieve arbitrary PPL code execution and dump any PPL process. This can be used to dump the Windows credential store, LSASS, enabling lateral movement. PPLdump is open source, making it easy to alter the payload to perform other privileged actions such as disabling security software.PPL bypasses are particularly interesting because Microsoft considers PPL a defense-in-depth measure, not a formal security boundary, so these bugs do not qualify for patches. This can result in long-lived vulnerabilities with real-world impact and no patch in sight. The vulnerability underlying and predating PPLdump was publicly disclosed in 2018, but Microsoft didn't patch it until 2022, over a year after PPLdump's 2021 release.In this talk, we'll review PPL's design, as well as some historical exploits and their mitigations. Next, we'll describe a few new attacks against PPL, including a design flaw in CI that enables unsigned fully-privileged PPL code execution without kernel exploitation. We will demonstrate this flaw and release two tools that exploit it. The first is a pure-usermode PPL process dumper, similar to PPLdump. The second tool demonstrates how this vulnerability effectively grants full read-write access to physical memory. Finally, we will release code that anti-malware vendors can employ to mitigate this type of attack and discuss a few changes to Windows that could stop it entirely.
Authors: Arnaud Meukam, Davanum Srinivas
2023-04-21

tldr - powered by Generative AI

The presentation discusses the Kubernetes infrastructure project and its focus on cost optimization and multi-cloud approach to provide CI for the community.
  • The Kubernetes infrastructure project relies on donations from cloud providers such as GCP and AWS to bootstrap infrastructure.
  • The project is working on a multi-cloud approach to provide CI for the community and ensure compatibility and conformance with other projects in the CNCF landscape.
  • The project is also working with third parties such as Fastly to provide access to different services.
  • Contributor experience is handled by the SIG Contributor Experience, which has full ownership of moderation on different communication platforms.
  • The project is unable to directly talk to cloud providers and relies on the CNCF to interact with them.
Authors: Claudia Beresford
2023-04-19

tldr - powered by Generative AI

The presentation discusses the use of MicroVMs and the Liquid Metal project for a more performant and cost-effective CI model.
  • MicroVMs are smaller VMs that are tailored for a specific need, resulting in almost the same speed as containers with the security of regular VMs.
  • The Liquid Metal project is a set of tools to declaratively provision Kubernetes clusters on lightweight MicroVMs.
  • The project is comprised of four components: Flintlock, Firecracker, Ignite, and Cortex.
  • The use of MicroVMs and the Liquid Metal project can reduce overall cost, improve build times, and provide a more secure environment.
  • The presenter demoed the Liquid Metal project on a Raspberry Pi cluster.
  • The presenter faced network issues during the demo, but was able to resolve them with the help of AV staff.
Authors: Melanie Cebula
2022-10-27

tldr - powered by Generative AI

The presentation discusses the process of implementing multi-architectures in Airbnb's infrastructure to improve price and performance.
  • Focus on one or two workloads that have a business need for better price and performance
  • Form a small pilot group with subject matter experts
  • Upgrade and migrate operating system, languages, runtimes, and open source software
  • Automate the process of building, uploading, and signing packages
  • Invest in performance tooling and analysis
Authors: Stephen Giguere
2022-10-25

tldr - powered by Generative AI

The presentation discusses the security challenges faced by open source projects and GitOps workflows, particularly in relation to GitHub Actions workflows. The speaker demonstrates potential abuses and vulnerabilities in GitHub Actions workflows and highlights the importance of implementing best practices to protect against attacks.
  • Open source projects and GitOps workflows are vulnerable to security threats
  • GitHub Actions workflows can be abused by malicious actors to gain access to sensitive information
  • Best practices, such as implementing environmental protection and short-lived tokens, can help protect against attacks
Authors: Connor Gorman
2022-05-20

tldr - powered by Generative AI

Developers play a crucial role in scaling Kubernetes security by integrating security into development workflows and becoming security stakeholders.
  • The success of Kubernetes and its ecosystem has enabled developers to ship more code, build more deployments, and ship faster than ever before, but this also poses security challenges.
  • The number of developers is much larger than the number of security engineers, making it difficult for small security teams to support the ever-growing number of deployments.
  • Developers and security teams need to collaborate to mitigate security issues and prepare for the next vulnerability.
  • Integrating security deeply into development workflows empowers developers to be security stakeholders and scales the remediation of security issues.
  • Developers should be involved as early as possible in security and helped to solve their own issues.
  • Creating gates should focus on the why and make developers more proactive.
  • Mitigating security issues is like a race, and it takes a concerted effort by both developers and security operations to make it happen.
  • Building up muscle memory by practicing day-to-day workflows and processes is crucial to achieving smooth code shipping and treating every security-related commit equally.
Authors: Andrew Block, Paul Czarkowski, Karena Angell, Scott Rigby
2021-10-13

Have you ever wondered, how can I improve the processes and tooling around my Helm Chart development and distribution? Just like with a programming language, there are OSS projects in the Helmiverse, such as linters, testing tools, and automation you can use to help you with charts. In this session, you’ll learn about some of these tools and how you can use them to improve your workflow and CI automation. Along the way you’ll learn about supply chain security, GitHub actions, YAML validation, tools you can use in any CI system, and more. Charts are at the heart of using Helm, in this session you’ll learn how to have a healthier heart.