Sort by:  

Conference:  Defcon 31
Authors: Laurie Kirk Security Researcher at Microsoft

Android malware creators constantly struggle to devise innovative methods to obscure apps and impede reverse engineering. As numerous standard techniques have lost efficacy, I'll unveil the next frontier in Android obfuscation: runtime manipulation. Runtime manipulation alters standard application flow-of-control to bypass decompilers and emulators. In this talk, I'll reveal my strategy for pinpointing manipulation targets in Android's source code. I will describe how I craft manipulators in native C++ once a suitable target has been located. This is accomplished by hooking Java methods via the Java Native Interface (JNI) and typecasting the handle to a C-style pointer. Runtime manipulation can entirely remove traces of ClassLoader calls which are unavoidable for standard Dalvik Executable (DEX) packing, but are also easily discovered and hooked. This technique also effectively breaks cross-reference calculations within all Android decompilers. I will demonstrate and equip attendees with a custom Android library for devices running Android 13, providing a new tool that enables runtime manipulation experimentation. In addition, I'll demonstrate my methodology for pinpointing Java targets and modifying their underlying native data structures.
Authors: Mauricio Salatino, Adrian Cole

tldr - powered by Generative AI

The presentation discusses the use of webassembly in Dapper, a distributed application platform, and how it can be used to change the logical inside the deployed cells. The presentation also introduces the HTTP middleware component and the Wasm runtime that is embedded into the Dapper sidecar to run the filter.
  • Webassembly can be used to run third-party code inside the same process without launching another process
  • Dapper started exploring the use of webassembly in 2019
  • The zero dependency webassembly runtime for Go was used to embed webassembly virtual machine into a Go process
  • The HTTP middleware component was introduced to allow users to change requests or response
  • The Wasm runtime is embedded into the Dapper sidecar to run the filter
Authors: Ricardo Aravena, Nikhita Raghunath

tldr - powered by Generative AI

The presentation discusses the TAG Runtime and its working groups, as well as updates on various projects within the CNCF ecosystem.
  • TAG Runtime is a community of experts in AI, cybersecurity, and DevOps who work on projects within the CNCF ecosystem
  • The presentation highlights updates on various projects, including Flatcar, Keda, and IoT Edge
  • The TAG Runtime working groups include IoT Edge, WebAssembly, Kubernetes Tooling, and Llam
  • The group meets every first and third Thursday of the month and is considering expanding to a weekly cadence
  • The presentation also emphasizes the need for more contributions and involvement from interested parties
Authors: Christophe Jauffret

Internet is everywhere, everything is connected to the Internet ... this is clearly the default assumption of almost any cloud native products and we can see it in a large majority of their documentation. In the real world of business, it is often extremely different. The Internet is a resource that has to be earned and accessing it can sometimes become complicated. Firewall, Proxy, DMZ, ACL , limited bandwidth... are all constraints that will get in your way and prevent you from reaching your goal. During this session, we will go through the most typical infrastructure that can be found in companies, and we will see what it is possible to put in place in terms of tooling to simplify life to the maximum. Container Runtime, Registry, Policy Management can be configured and adapted to work best in these particular situations. Many precise examples will be given so that you can reproduce them on your own infrastructure.
Authors: Carlos Panato, Hendrik Brueckner, Melissa Kilby, Jason Dellaluce, Luca Guerra

tldr - powered by Generative AI

The presentation discusses the use of Falco, a behavioral tool for cybersecurity, and provides tips for improving its effectiveness and addressing false positives. It also addresses the possibility of updating the ruleset to catch new vulnerabilities and the use of user space drivers for data collection.
  • Falco is a behavioral tool for cybersecurity that detects actions that happen
  • Tips for improving Falco's effectiveness include being clear about what's important for the organization, tuning detection based on parent process lineages, and excluding values from fields in the check
  • The default Falco ruleset doesn't get updated for every new CVE, but it is possible to write rules to catch new vulnerabilities
  • User space drivers for data collection are possible but not currently in the roadmap for Falco maintainers
  • Collaboration with the community is encouraged for developing new projects
Authors: Jason Dellaluce, Luca Guerra

tldr - powered by Generative AI

Updates and improvements in the Hardcore ecosystem, including new integrations, easier deployment, and the use of Cloud SQL for package management.
  • Consistent results for clients who understand the system
  • New integrations with Golfer and Policy Report
  • Easier deployment with updated configurations and open database
  • Introduction of the body system and support for different flavors of integration
  • Use of Cloud SQL for package management and associated products
  • Review of the school developed over several months available for use
Authors: Ricardo Aravena, Alex Scammon, Zbynek Roubalik, Samuel Ortiz

Learn about the CNCF open source projects that allow users to run cloud native workloads! This session will cover: 1) Overview of the TAG-Runtime, how to join, and how to get involved. 2) Update of working groups (new, existing, and potential) within the scope of the TAG . 3) How the TAG provides advise to the CNCF TOC. 4) Future trends for cloud native runtime technologies in the TAG scope such as containers, Virtual Machines, Edge/MLOps and WebAssembly.Click here to view captioning/translation in the MeetingPlay platform!
Authors: Urvashi Mohnani, Peter Hunt, Mrunal Patel

Anyone who has followed CRI-O, the OCI compliant implementation of the Kubernetes Container Runtime Interface (CRI), knows that it aims to be secure, performant, and over-all boring. Implemented as exactly the CRI implementation Kubernetes needs, and nothing more, allows it to be optimized, secured, and version-locked for Kubernetes. In this talk, Sascha Grunert, Mrunal Patel, Urvashi Mohnani, and Peter Hunt will give an overview of CRI-O, as well as discuss some recent improvements that highlight these three key aspects of CRI-O. The talk will cover the ease with which it transitioned between CRI versions, optimizations in container exec probes with conmon-rs, security improvements regarding SELinux relabelling for container volumes, and general security enhancements by running seccomp by default. People who join us, whether seasoned end-users or budding community members, should learn what CRI-O has to offer as the container manager that loves Kubernetes the most.Click here to view captioning/translation in the MeetingPlay platform!
Authors: Vincent Sevel

Container orchestrators have become the de-facto standard to deploy a wide variety of workloads. As the number of deployments increases, so is the pressure on resource usage, and hardware costs. Container runtimes and Kubernetes come with a set of tools that help make the most out of your infrastructure such as cgroups with resource usage limitation and prioritization, requests and limits on cpu and memory, quality of services. Even with those tools, it can be challenging to understand how they work, and how to use them. In this talk, the speaker will offer a review of the available mechanisms, how they map at the orchestrator and runtime levels, and introduce the Vertical Pod Autoscaler as a mean to optimize resource tuning at scale. He will share some of the lessons the company learned since starting this effort. And finally he will describe where they are in the deployment phase, and give some perspective on the direction where they are headed.Click here to view captioning/translation in the MeetingPlay platform!
Authors: Urvashi Mohnani, Peter Hunt, Mrunal Patel, Sascha Grunert

CRI-O is a lightweight container runtime written exclusively for Kubernetes. In addition to being a standard component for deploying secure and stable Kubernetes clusters, CRI-O has the unique advantage of being able to tailor its behavior to the needs of the Kubernetes ecosystem. In this talk, Mrunal Patel, Urvashi Mohnani, Sascha Grunert and Peter Hunt, the maintainers of CRI-O, will provide an update about the latest feature developments, as well as live demonstrating typical real world use cases around them. In addition to a review of the basics of setting up and using CRI-O with Kubernetes, the talk will cover improvements around the handling of CNI resources, the ability to tailor container resources with workload types, and updates to the collection and broadcasting of stats and metrics. Join the CRI-O maintainers to learn more about how CRI-O works in action and why it’s the perfect choice for your Kubernetes cluster!