logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Xu Yuanzhen, Peter Mularien
2023-05-12

It is known to us that Java language has an integrated ecosystem. With the development of cloud computing, more and more cloud-native systems increasingly consist of Java applications. In the meanwhile, the potential new attack surface for Java applications exposes stealthily. Some cloud data platforms supply users with customized database management services, so the users are able to utilize the services flexibly. Java Database Connectivity (JDBC) is the fundamental component of the Java environment and is used to implement database connection and manipulation. I paid close attention to this scenario, and then I discovered the new attack surface. We took a long time to research the mainstream vendors and their JDBC drivers, like Google, IBM, etc. In our research, we will elaborate on both the static and dynamic source code analysis experience with the juicy techniques, like locating the accurate sinks and then we will demonstrate the new gadgets for SSRF and RCE vulnerabilities. We will render the real-world scenario attacking illustrations and detection evasions as well.
Authors: Pablo Galego
2022-05-19

tldr - powered by Generative AI

The presentation discusses the importance of vulnerability scanning in DevOps and provides tips for refining the output of vulnerability scanning tools.
  • Vulnerability scanning is important in DevOps
  • Refining the output of vulnerability scanning tools is necessary for efficient use
  • Tools like 3b have flags that can be used to filter results
  • Mitigating reported vulnerabilities is often an easy task
  • An anecdote is provided to illustrate the process of refining vulnerability scanning output
Authors: Eden Federman
2021-10-13

tldr - powered by Generative AI

Effortless Profiling on Kubernetes
  • Profiling is the act of analyzing the performance of applications in order to improve poorly performing sections of code
  • Flame graphs are a popular way to visualize a profile
  • The challenges of profiling include overhead and modifying code
  • Cuba City Flame is a tool that aims to make profiling effortless by removing the need to do code modifications and by doing profiling without having to do a deployment
  • The future of profiling includes ephemera containers, ebpf, and continuous profiling tools