logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Defcon 31
Authors: Dr. Bramwell Brizendine Assistant Professor at University of Alabama in Huntsville, Jake Hince, Max 'Libra' Kersten
2023-08-01

Shellcode is omnipresent, seen or unseen. Yet tooling to analyze shellcode is lacking. We present the cutting-edge SHAREM framework to analyze enigmatic shellcode. SHAREM can emulate shellcode, identifying 20,000 WinAPI functions and 99% of Windows syscalls. In some shellcode, some APIs may never be reached, due to the wrong environment, but SHAREM has a new solution: Complete code coverage preserves the CPU register context and memory at each change in control flow. Once the shellcode ends, it restarts, restoring memory and context, ensuring all functionality is reached and identifying all APIs. Encoded shellcode may be puzzling at times. SHAREM is a game-changer, as it presents emulated shellcode in its decoded form in a disassembler. IDA Pro and Ghidra can produce disassembly of shellcode that is of poor quality. However, SHAREM uniquely can ingest emulation data, resulting in virtually flawless disassembly. While SHAREM has its own custom disassembler, we are also releasing a Ghidra plugin, so SHAREM's enhanced disassembly can enhance what is in GHidra. Only SHAREM identifies APIs in disassembly, and this also can be brought to Ghidra. We will also see how SHAREM can be used by aspiring shellcode authors to enhance their own work, and we will examine advanced shellcode specimens in SHAREM. | Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations, for which he did his dissertation on Jump-Oriented Programming, a hitherto seldom-studied and poorly understood subset of code-reuse attacks.
Conference:  Black Hat Asia 2023
Authors: Neil Wyler, Bart Stump
2023-05-12

Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network.
Authors: Spyros Gasteratos
2023-02-15

tldr - powered by Generative AI

The presentation introduces a free and open source Application Security Toolchain Framework that unifies multiple security tools and allows for per-team configuration, conditional tool execution, and automated reporting. The framework is low to no code, platform-agnostic, and community-driven.
  • Automated security testing has brought an abundance of signal about codebases and infrastructure without much manual effort, but managing findings and triaging false positives is time-consuming and results in hiring more security experts.
  • The Application Security Toolchain Framework unifies multiple security tools and allows for per-team configuration, conditional tool execution, and automated reporting to different sinks based on code ownership.
  • The framework is low to no code, platform-agnostic, and community-driven, with integrations for several scanners both under the OWASP umbrella and not.
  • The framework allows for scheduling tool execution against both code and infrastructure, aggregating results from different tools, enriching them using several processors, and consuming them with a multitude of visualization platforms.
  • The framework is demonstrated through a tool called Dracon, which unifies security tool execution and results management.
  • The community-driven aspect of the framework allows for integration with a wide range of security tools and provides an idea of which tools are more popular based on their integrations.
Authors: Joshua Bregler, Corbin Moyer
2022-11-18

Make no mistake, secure development relies on automation. In a DevSecOps culture, having scalable, reliable tools and processes are the only way to make DevSecOps a reality. Creativity and technical chops are lauded for their ability to bring magic from the machines. However, is anyone in charge of making sure that your organization is automating the right things? How much attention is being paid towards supporting that automation across an Enterprise? The security is baked in, right? It may just be possible to focus so heavily on automation and tools that disparate teams lose sight of the bigger picture.This talk discusses the pitfall that many organizations trip into all too readily. By focusing forcefully or narrowly on automation, an organization can find itself creating technical debt, waste, and classically unsupportable support systems. We utilize two real-world case studies to clearly demonstrate classic automation problems and propose functional solutions. Audiences will come away with data-driven DevSecOps security management techniques as well as how to recognize and accept the trade-offs in a secure DevSecOps culture. This includes how to avoid creating new, unintended, invisible stove-pipe problems, drawing from our 25+ years of experience in the military and commercial spaces. Finally, we explore methods to find these opportunities, track meaningful metrics, and recognize when you’ve fallen over the edge.
Authors: John DiLeo
2022-11-17

The Open Web Application Security Project (OWASP) boasts around 130 active Projects, whose volunteers have developed tools and resources covering nearly every aspect of application security and software assurance. The challenge lies in knowing what they are, where to find them, and how they can help.I will present a brief overview of an array of interesting and useful OWASP Projects, including the current Flagship Projects, and provide insights into how each can be used to build and improve your AppSec program.
Authors: Ricardo Rocha
2022-10-27

tldr - powered by Generative AI

The presentation discusses the importance of having the right tools for cloud native deployments and introduces a set of tools and functionalities that can significantly improve the daily life of developers and operators.
  • The Swiss knife is a handy tool that has been around for over 100 years and has evolved to suit different types of individual users.
  • Cloud native deployments can be challenging, but having the right tools for each task can make all the difference.
  • Tools for logging and metrics, such as Kubernetes and Fluentd for logs and Prometheus for metrics, are essential for cloud native deployments.
  • Debugging tools are also important, and Kubernetes now has the ability to deploy ephemeral debug containers.
  • The ability to achieve reproducibility is one of the key things about Cloud native tools.
  • The speaker provides anecdotes and demos to illustrate the power and simplicity of these tools.
Authors: Tasha Drew, Fei Guo, Ryan Bezdicek, Adrian Ludwin
2022-10-27

Join the maintainers and leaders of the upstream Kubernetes working group for Multi-Tenancy for an overview of the tools, documentation, tests, and capabilities you can achieve to share Kubernetes clusters between teams and users. We'll also save time for audience questions, so bring your multi-tenancy hopes, dreams and woes!
Authors: Saravanan Balasubramanian, Savin Goyal
2022-10-27

tldr - powered by Generative AI

The presentation discusses the challenges of introducing machine learning into applications and the need for infrastructure that can provide end-to-end solutions for the entire life cycle of machine learning. It also covers the importance of workflow orchestration and reproducibility in machine learning.
  • Infrastructure that can provide end-to-end solutions for the entire life cycle of machine learning is necessary for successful implementation of machine learning into applications
  • Workflow orchestration is important for productionizing machine learning workflows
  • Reproducibility is important for ensuring trust in machine learning models
  • Model deployment can mean many different things depending on the business context
Authors: Le Tran
2022-10-26

tldr - powered by Generative AI

The speaker discusses the importance of open learning tools and platforms in growing the Kubernetes community, and shares her personal experience of becoming a member of the community.
  • Growing the Kubernetes community is essential for its future success
  • Open learning tools and platforms can eliminate barriers to entry and make the community more welcoming
  • The speaker personally relied on free and beginner-friendly resources to learn about Kubernetes
  • The speaker highlights a particular feature of a free site called learnitocasm.io, which offers engaging and high-quality hands-on labs
  • The site was created for the community by the community, and continues to feature projects from the community
  • The site is being transformed into kubecon.io, and will involve learning partners to create an even bigger ecosystem of learning materials
Authors: Bhakti Radharapu
2022-06-23

How do I measure fairness? Is my ML model biased? How do I remediate bias in my model? This talk presents an overview of the main concepts of identifying, measuring and remediating bias in ML systems at scale. We begin by discussing how to measure fairness in production models and causes of algorithmic bias in systems. We then deep-dive into performing bias remediation at all steps of the ML life-cycle: data collection, pre-processing, in-training, and post-processing. We will focus on a gamut of open source tools and techniques in the ecosystem that can be used to create comprehensive fairness workflows. These have not only been vetted by the academic ML community but have also scaled very well for industry-level challenges. We hope that by the end of this talk, ML developers will not only be able to "flag" fairness issues in ML but also "fix" them by incorporating these tools and techniques in their ML workflows.