logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Guangdong Bai, Qing Zhang, Guangshuai Xia
2023-05-11

In recent years, most countries and territories have put in place strict regulations for user privacy protection. Checking and monitoring the privacy policy compliance of mobile applications thus has become essential for users, app developers and device manufacturers. Nonetheless, this is a challenging task, as modern mobile operating systems like Android contain multiple channels through which third-party apps can obtain sensitive information. Besides the official APIs that are regulated by its permission system, the apps can exploit other channels such as native calls, Java reflection, Binder services, Webview and even vulnerabilities. Existing techniques based on static and dynamic analysis often fail to cover all possible channels. Network traffic analysis is also ineffective when the sensitive data are set over after encryption.In this session, we will address this challenging task using a low-level detection method. Our work is inspired by the fact that almost all sensitive information is encoded into a String before it is passed to application level. We thus hook the String constructor at the native level, where our approach is able to monitor and check all strings constructed on the mobile device. This strategy seems straightforward yet comprehensive, as any string that is constructed from sensitive information can be monitored regardless of the methods malicious apps obtained them. We implement this approach into a tool and use it to analyze pre-installed apps in some Android devices. Our tool finds that many of them collect user information in many scenarios, such as clipboard and wifi information. Some apps even use previously unknown channels to obtain sensitive user information. Our investigation finds that these channels are caused by OEM manufacturers' improper control over the permissions of their customized APIs. We have submitted these issues to relevant manufacturers, who have acknowledged our findings.
Authors: Adam Berman
2023-02-16

The growth in security threats has overwhelmed organizations. All too frequently, security teams are forced to prioritize compliance-related checkboxes, as opposed to work that makes a real dent in their organization’s security. Since few teams can afford to simply expand their teams to keep up — they must take a new approach to evaluating and prioritizing threats. This talk presents a counterintuitive approach to strengthening security: one that ignores over 90% of security vulnerability alerts. Using specific examples, it illustrates how organizations can ignore alerts with high confidence, and how this enables a marked shift in security workflows and behavior, thus significantly improving security posture.
Authors: Ben Hirschberg
2023-02-16

tldr - powered by Generative AI

The presentation discusses the state of Kubernetes risk, compliance, and security vulnerabilities based on the analysis of telemetry data from Kubescape, an open source tool that has scanned over 10K+ unique Kubernetes clusters. The talk sheds light on the most common misconfigurations, known software vulnerabilities, and RBAC violations in Kubernetes deployments, and provides insights on why and where Kubernetes deployments mostly commonly fail and statistics on which controls fail most. The presentation also offers simple measures to work towards eliminating these risks and improving overall cloud native security posture.
  • Telemetry data from Kubescape reveals a high number of misconfigurations, unpatched vulnerabilities, and overly-privileged users in Kubernetes systems
  • The talk highlights the most common misconfigurations across Kubernetes deployments according to multiple frameworks, known software vulnerabilities, and RBAC violations at early stages of the CI/CD pipeline
  • The presentation provides insights on why and where Kubernetes deployments mostly commonly fail and statistics on which controls fail most
  • Simple measures are offered to work towards eliminating these risks and improving overall cloud native security posture
Authors: Steve Wade
2022-10-25

tldr - powered by Generative AI

The presentation discusses the importance of asset inventory in Kubernetes clusters and highlights the need to stay updated with CVEs and API specifications. It also emphasizes the significance of networking and security in managed providers like EKS, GKE, and AKS.
  • Asset inventory is crucial in Kubernetes clusters to identify running applications and stay updated with CVEs and API specifications.
  • Managed providers like EKS, GKE, and AKS have limits and boundaries that need to be considered, especially in terms of networking and security.
  • Staying ahead of the curve of application developers is important for platform engineers responsible for Kubernetes clusters.
  • Links to official Kubernetes CVE streams are provided for reference.
Authors: Asaf Cohen
2022-10-25

tldr - powered by Generative AI

The presentation discusses best practices for managing policy in DevOps and cybersecurity, including decoupling policy from code, using GitOps for policy, and planning ahead for future demands.
  • Decoupling policy from code is important for flexibility and scalability
  • GitOps for policy allows for auditable and testable policy management
  • Planning ahead for future demands ensures that the system can grow without needing to be rewritten from scratch
Authors: Bill Bensing
2022-06-22

tldr - powered by Generative AI

The presentation discusses the implementation of modern governance and automated governance in software delivery capabilities. It highlights the importance of establishing open visibility within the organization to drive trust and reshape the socio-technical construct. The main thesis is to automate control gates and remove the cognitive load of understanding tools in depth to allow for a standard centralized understandable way for the organization.
  • The need for a next generation of software delivery capabilities beyond automation to autonomous and industrial scales
  • The concept of software factories to remind us of the importance of delivery
  • The importance of establishing open visibility within the organization to drive trust
  • The implementation of modern governance and automated governance in software delivery capabilities
  • The automation of control gates to remove the cognitive load of understanding tools in depth
  • The externalization of policy application from the tools themselves to other centralized systems