logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Defcon 31
Authors: Katie Inns Security Consultant, WithSecure
2023-08-01

In recent years, the use of internet-connected devices has become more prevalent in the healthcare sector, particularly as a means to communicate patient data. Therefore, it is essential that security testing is carried out against these devices to identify misconfigurations that could cause a severe impact, such as the prescription of incorrect drugs. Modern healthcare protocols such as FHIR (Fast Healthcare Interoperability Resources) use the HTTP protocol to communicate, making security testing relatively straightforward. However, the use of older protocols such as HL7 (Health Level Seven) is more widespread across medical devices in the industry. These protocols are bespoke and difficult to read or intercept using current commercial and open-source security tooling, making testing of these devices challenging and cumbersome. To address this challenge, I have developed a tool (HL7Magic) to provide security testers with an easier method of intercepting and changing HL7 messages sent to and from medical devices. This tool was created for the purpose of being integrated into Burp Suite as an extension, although it can exist independently. After talking about how the HL7Magic was created, I will give a short demonstration using the tool for security research purpose or to identify existing CVE’s across your estate. HL7Magic will be open sourced and collaborations to improve it further will be welcomed.
Conference:  Black Hat Asia 2023
Authors: Neil Wyler, Bart Stump
2023-05-12

Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network.
Authors: Xing Yang, Melissa Logan, Alvaro Hernandez, Sergey Pronin
2023-04-20

To handle Day-2 operations for data workloads on Kubernetes, organizations rely heavily on operators, but they present a number of challenges – including lack of integration with existing tools; lack of interoperability with the rest of their stack; varying degrees of quality; and lack of standardization. And yet – a majority of people are using at least 20 operators according to the 2022 Data on Kubernetes Report. For those evaluating their options, the challenge is further complicated by choice; the number of operators continues to grow with Operator Hub currently listing 270+. Without operator standards, how can end users possibly evaluate each one to know whether it meets their needs? This panel unites the Data on Kubernetes Community Operator SIG and Kubernetes Storage SIG to discuss key features of Kubernetes database operators -- what works, what doesn’t, and where the industry is going. Panelists will also present a feature matrix to help end users compare a multitude of database operators.
Authors: Lukonde Mwila
2023-04-19

tldr - powered by Generative AI

The presentation discusses the importance of secure secret strategies in Kubernetes and highlights the vulnerabilities around the storage, sharing, and consumption of secrets in Kubernetes.
  • The best-kept secrets are the ones we've never heard of or told others about
  • A secure secret strategy in Kubernetes depends on addressing questions such as where the secret is kept, who needs to know about it, how it gets shared, and how to prevent it from being easily interpreted
  • The vulnerabilities around the storage, sharing, and consumption of secrets in Kubernetes are well known and more likely to be exploited
  • The presentation shares a real-world project's Kubernetes secret strategy in relation to these questions and how to develop a framework for a secure secret lifecycle in Kubernetes environments
  • The presentation includes a demo using ESO, ArgoCD, and OPA Gatekeeper
Authors: Anurag Gupta, Eduardo Silva
2023-04-19

tldr - powered by Generative AI

Controlling data flow is crucial for cost reduction and efficient use of resources in logging and metrics management. Fluent Bit offers processors for modifying data and labels to optimize indexing and querying.
  • Companies generate 20-30% more logs each year, making control of data flow important for cost reduction and efficient resource use
  • Fluent Bit offers processors for modifying data and labels to optimize indexing and querying
  • Lua scripting can be used for log processing
  • Labels can be added, updated, or deleted using Fluent Bit processors
  • Fluent Bit can be used for metrics management and data scraping
Authors: Liz Rice, Richard Hartmann, Andy Allred
2023-04-19

tldr - powered by Generative AI

Cilium is a high-performance networking and security solution for Kubernetes that uses eBPF and is becoming the CNI of choice in the industry. The presentation covers updates, news, roadmap, and real-world use cases of Cilium.
  • Cilium is a popular networking and security solution for Kubernetes that uses eBPF and is becoming the CNI of choice in the industry.
  • Cilium provides high-performance load balancing, network policy, transparent encryption, and the ability to integrate multiple Kubernetes clusters and external workloads.
  • Hubble is the observability platform that gives visibility into individual network flows, aggregated metrics, service maps, and the ability to export all this metric information to various destinations.
  • Tetragon is the security observability subproject in Cilium that uses eBPF to instrument the kernel and give insight into security-relevant events.
  • Cilium is being adopted by all major cloud providers, including AWS, Azure, and Google Cloud.
  • The presentation includes real-world use cases of Cilium from Isovalent, Grafana Labs, and Eficode.
  • Grafana Labs has developed a new Grafana app that allows users to get all the power of Hubble directly from within Grafana.
Authors: Derek Cavanaugh, Sara Moore
2023-04-19

tldr - powered by Generative AI

The presentation discusses the challenges of managing logs in a distributed system and how Loki, a log aggregation system, can help address these challenges.
  • Loki is a log aggregation system that can help manage logs in a distributed system
  • Managing logs in a distributed system can be challenging due to the large number of logs and the need to optimize chunk size
  • Query parallelization and horizontal scaling can help improve query performance and reduce costs
  • Monitoring and auditing cardinality is important to ensure system health
  • Tools like Prometheus and Tempo can also help address similar challenges in observability
Authors: Chuck Willis
2023-02-16

tldr - powered by Generative AI

The presentation discusses various techniques for encrypting data in databases, including deterministic encryption, searchable encryption, and homomorphic encryption.
  • Deterministic encryption allows for searches on equality while keeping data encrypted
  • Searchable encryption allows for searching for keywords in encrypted documents by encrypting the keywords and storing them in a database
  • Homomorphic encryption allows for performing operations on encrypted data in a way that is equivalent to performing the operations before encryption
  • Each technique has its limitations and trade-offs
  • Maintaining an index of keyword frequency can improve the security of searchable encryption
Authors: Izar Tarandach
2023-02-16

tldr - powered by Generative AI

The importance of documenting and using threat models in cybersecurity and DevOps
  • Threat models should be stored and available in places that people know where to find them and how to relate and change them
  • Threat models can be used to define security contracts and find commonalities for platforming
  • Templates are useful for making threat models consistent and easy to compare
  • Everyday tools can be used for automating boring parts of the system and dealing with low hanging fruit
  • Threat models are living documents that should be updated and stored for future use
Authors: Andrew Newdigate
2022-10-28

tldr - powered by Generative AI

The importance of retaining long-term metric data and using Python data analytics ecosystem with Prometheus data for capacity planning and other purposes
  • Tamland is a tool used for capacity planning that relies on long-term metric data retention and Python data analytics ecosystem with Prometheus data
  • Retaining long-term metric data is important for answering future questions and can be done with tools like Thanos, Cortex, Mamir, and Timescale DB
  • Python libraries like Prometheus pandas, Prophet, Neural Prophet, and Great Kite can be used for analyzing data and forecasting
  • Timeline, an open-source project available on GitLab, can be used for capacity planning and other purposes like Cloud cost forecasting, security and abuse monitoring, and network monitoring