logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Guangdong Bai, Qing Zhang, Guangshuai Xia
2023-05-11

In recent years, most countries and territories have put in place strict regulations for user privacy protection. Checking and monitoring the privacy policy compliance of mobile applications thus has become essential for users, app developers and device manufacturers. Nonetheless, this is a challenging task, as modern mobile operating systems like Android contain multiple channels through which third-party apps can obtain sensitive information. Besides the official APIs that are regulated by its permission system, the apps can exploit other channels such as native calls, Java reflection, Binder services, Webview and even vulnerabilities. Existing techniques based on static and dynamic analysis often fail to cover all possible channels. Network traffic analysis is also ineffective when the sensitive data are set over after encryption.In this session, we will address this challenging task using a low-level detection method. Our work is inspired by the fact that almost all sensitive information is encoded into a String before it is passed to application level. We thus hook the String constructor at the native level, where our approach is able to monitor and check all strings constructed on the mobile device. This strategy seems straightforward yet comprehensive, as any string that is constructed from sensitive information can be monitored regardless of the methods malicious apps obtained them. We implement this approach into a tool and use it to analyze pre-installed apps in some Android devices. Our tool finds that many of them collect user information in many scenarios, such as clipboard and wifi information. Some apps even use previously unknown channels to obtain sensitive user information. Our investigation finds that these channels are caused by OEM manufacturers' improper control over the permissions of their customized APIs. We have submitted these issues to relevant manufacturers, who have acknowledged our findings.
Authors: Filip Petkovski, Saswata Mukherjee
2023-04-21

tldr - powered by Generative AI

Thanos is an open-source solution for scaling Prometheus-based monitoring by providing a distributed highly-available metric system with long-term retention. It addresses challenges with scaling functionality like querying metrics across large time ranges via downsampling and ingesting metrics at scale.
  • Prometheus is a standalone monitoring system that scrapes metrics from applications and stores them locally, but it cannot handle a large multi-environment setup or retain data for a long period of time
  • Thanos fills the gaps in Prometheus by providing a global view, long-term retention, downsampling, and multi-tenancy features
  • Thanos achieves a global view by using a standalone service called PromQL and defining the store API, which allows the queryer to request time series data from any component
  • Thanos also provides global alerting and rule recording through the Thanos ruler, which executes alerting rules across the entire data set
  • Thanos sidecar can be configured to upload data from Prometheus into object storage, making it easier to store data on disk for longer periods of time and move disks around
Authors: Thomas Graf
2023-04-21

tldr - powered by Generative AI

The presentation discusses the importance of monitoring infrastructure using the Golden Signal Dashboard and Kubernetes Service Implementation.
  • The Golden Signal Dashboard is a standard way of monitoring infrastructure for publicly available services.
  • The four golden signals that matter are latency, traffic or throughput, errors, and saturation.
  • Kubernetes Service Implementation allows for multiple pod replicas to be exposed via a single IP and DNS name.
  • Network policies can cause problems that are hard to detect without proper observability tools.
  • Hubble UI and Hubble Observe CLI are useful tools for troubleshooting network issues.
Authors: Venkata Gunapati, Anusha Ragunathan
2023-04-21

As Platform Engineers & SREs, we love metrics from Kubernetes clusters to understand Platform Health. However, we dislike drowning in alerts on every metric & experiencing alert fatigue. The worst consequence of alert fatigue is not just on-call engineer burn out, but on-call snoozing alerts that could prevent incidents. At Intuit, we needed a smarter way to get alerted on a cluster’s Golden Signals, which are picked from an ocean of metrics. This would help reduce the MTTD during incidents. We wanted to achieve this without the burden of instrumenting cluster components. Observability vendors provide solutions using eBPF instrumentation and AI driven insights on prometheus data, but we wanted to explore open source solutions to achieve the same. In this talk, we explain how we explored numalogic, an open source AIOps anomaly detection engine for Kubernetes. You will learn how to use numalogic on Prometheus metrics to derive baseline behaviors and detect anomalies, without any prior AI/ML experience. We will show how we collect, process and analyze in-cluster data in real time and how numalogic computes anomaly scores for each component, which bubbles up a single anomaly score for the cluster. There will be a live demo of the AIOps based prometheus metrics pipeline in action.
Authors: David de Torres Huerta, Mirco De Zorzi
2023-04-20

tldr - powered by Generative AI

Defensive Monitoring in Kubernetes Clusters
  • Using metrics from Prometheus to detect anomalies in network traffic and CPU usage
  • Manipulating data from Kubernetes metrics to generate topology diagrams of the cluster
  • Using service-level metrics to create network topology diagrams
  • These techniques can be useful for detecting and investigating security breaches
Authors: Maciek Pytel
2023-04-20

tldr - powered by Generative AI

The presentation discusses the reliability of running Cluster Autoscaler in production and provides insights on monitoring and debugging tools.
  • Cluster Autoscaler's primary job is to ensure that all pods can schedule
  • Metrics such as pending pod metrics are useful for monitoring Cluster Autoscaler's performance
  • Cluster Autoscaler should be run on dedicated nodes or on the control plane VMs to prevent issues with scaling down
  • Testing configurations before using them in production is recommended
  • Ignoring certain flags can have significant side effects
  • Auto scaling can vary significantly at scale and should be tested
Authors: Brandon Smith, Howard Hao
2023-04-20

tldr - powered by Generative AI

The presentation discusses the challenges of bringing legacy applications into the modern cloud while reducing costs and the importance of effectively tuning and monitoring Windows containers for optimal performance.
  • Legacy applications need to be brought into the modern cloud to reduce costs and improve business value
  • Windows containers are more efficient than traditional Windows Server VMS
  • Effective tuning and monitoring of Windows containers is essential for optimal performance
  • Performance analysis should be easily accessible and updated guidance should be provided
  • Collaboration between businesses and Microsoft can help improve Windows performance
Authors: Pavol Loffay, Jonah Kowall
2023-04-19

tldr - powered by Generative AI

Jaeger is an open-source distributed tracing system that helps in monitoring and troubleshooting microservices-based distributed systems.
  • Jaeger is an open-source distributed tracing system that helps in monitoring and troubleshooting microservices-based distributed systems
  • Jaeger supports OpenTelemetry line protocol, Adaptive sampling, and flame graph views in the UI
  • Jaeger is working on supporting ClickHouse as a native data store and replacing the Jaeger collector with OpenTelemetry
Authors: Kemal Akkoyun, Bryan Boreham
2023-04-19

As the 2nd oldest project in the CNCF, you have probably heard about Prometheus before. Prometheus is the de facto standard in cloud-native metrics monitoring and beyond, mainly because Kubernetes is designing its custom metrics engine for Prometheus. Nevertheless, the project maintainers will introduce you from the very beginning, followed by a deep dive into its internal and a list of the exciting new features that have been released recently or are in the pipeline. You will learn about many opportunities to use Prometheus, and we will cover a mix of introduction content, a deeper dive into current developments, and open Q&A at the end. We can even tempt you to contribute to the project yourself.
Authors: Derek Cavanaugh, Sara Moore
2023-04-19

tldr - powered by Generative AI

The presentation discusses the challenges of managing logs in a distributed system and how Loki, a log aggregation system, can help address these challenges.
  • Loki is a log aggregation system that can help manage logs in a distributed system
  • Managing logs in a distributed system can be challenging due to the large number of logs and the need to optimize chunk size
  • Query parallelization and horizontal scaling can help improve query performance and reduce costs
  • Monitoring and auditing cardinality is important to ensure system health
  • Tools like Prometheus and Tempo can also help address similar challenges in observability