SecurIMAG... for a SAFEr world?
|
|
- Constance Richards
- 5 years ago
- Views:
Transcription
1 Fabien Duchene 1 Karim Hossen 1 1 Laboratoire d Informatique de Grenoble, VASCO team Grenoble Institute of Technology - Ensimag firstname.name@imag.fr
2 Outline SecurIMAG? 1 SecurIMAG? What SecurIMAG IS NOT What SecurIMAG is 2 Advices, internships - jobs Some members 3 Chosen talks Contact us Next thursday on your screens ;)
3 What SecurIMAG IS NOT What SecurIMAG is SecurIMAG will NOT permit you to..... unless programming a payload in a fake USB stick for exploiting the Windows kernel fits your definition of life... unless you meet one who will laugh when you will tell her about your recent pop-pop-ret adventures
4 What SecurIMAG IS NOT What SecurIMAG is FUN talks, projects, challenges infosec career additions pentests trainings hacking contest team real-time video streaming, webcasts Grenoble security days
5 SecurIMAG? What SecurIMAG IS NOT What SecurIMAG is Some of us were there! Figure: Nuit du Hack 2k11 Figure: Hack in Paris 2k11 One project on which we plan to work t Teensy++: reprogrammable USB micro-controller (eg: simulation of storage(usb stick, external HDD), input(mouse, keyboard), fingerprint reader..)
6 Advices, internships - jobs Some members Advices and helps with your infosec career Internship - job: resume, contacts, interviews Career path Ensiwiki A career in Information Security SecurIMAG
7 Some members SecurIMAG? Advices, internships - jobs Some members intern at ANSSI intern at Evidian (Identity) intern at Mancala Networks (IDS) intern at NVIDIA
8 Chosen talks Contact us Next thursday on your screens ;) Pedro Paganela, VoIP threats, vulnerabilities and attacks ( ) Keywords: phone VoIP, SIP, fuzzing, Cisco Damien Leone, Hackers, boost your bruteforcers ( ) Keywords: parallel computations, bruteforce, encryption
9 SecurIMAG? Chosen talks Contact us Next thursday on your screens ;) Guillaume Touron & Karim Hossen, Smashing the stack for fun and fun - Memory protections and bypass methods ( ) Keywords: SEH, RoP DEP, ASLR, SEH, Safe- Fabien Duchene, On a nudist beach, everyone has the same privacy ( ) Keywords: law, ethics privacy, numeric identity,
10 Chosen talks Contact us Next thursday on your screens ;) Every Thursday Ensimag, Amphi E [start: ] How to reach that crazy team?
11 Chosen talks Contact us Next thursday on your screens ;) Thursday, Sept. 22th Ensimag, Amphi E Arnaud: Defeat exploits on Linux User protections: Stack protections, Heap protections, Execshield, Fortify source Kernel land side: Grsecurity Camille, Julien: XSS reflected stored DoM Fabien, Nicolas : Android security mechanisms access control sandboxing kernel signature Eg: rooting a Sony XPeria.
12 SecurIMAG? Chosen talks Contact us Next thursday on your screens ;) Hope to see you soon! Potential future talks GSM attacks Hacker profiling Cloud security in two nuts-shells.net internals Windows forensics emerging trends in fuzzing
Hackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationINFORMATION SECURITY - PRACTICAL ASSESSMENT - TP3 - CRYPTOGRAPHY AND APPLICATIONS. GRENOBLE INP ENSIMAG
INFORMATION SECURITY - PRACTICAL ASSESSMENT - TP3 - CRYPTOGRAPHY AND APPLICATIONS GRENOBLE INP ENSIMAG http://www.ensimag.fr COMPUTER SCIENCE 3RD YEAR SIF-LOAD - 1ST SEMESTER, 2011 Lecturers: Fabien Duchene
More informationINFORMATION SECURITY - PRACTICAL ASSESSMENT - BASICS IN BUFFER EXPLOITATION
INFORMATION SECURITY - PRACTICAL ASSESSMENT - BASICS IN BUFFER EXPLOITATION GRENOBLE INP ENSIMAG http://www.ensimag.fr COMPUTER SCIENCE 3RD YEAR IF-MMIS - 1ST SEMESTER, 2011 Lecturers: Fabien Duchene -
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationKCon. Breaking ios Mitigation Jails to Achieve Your Own Private Jailbreak. Min(Spark) Alibaba Mobile Security
KCon Breaking ios Mitigation Jails to Achieve Your Own Private Jailbreak Min(Spark) Zheng @ Alibaba Mobile Security ONLY AVAILABLE AT THE SCENE ios status Apple sold more than 1 billion ios devices. More
More informationLet's cyber: hacking, 0days and vulnerability research. PATROKLOS ARGYROUDIS CENSUS S.A.
Let's cyber: hacking, 0days and vulnerability research PATROKLOS ARGYROUDIS CENSUS S.A. argp@census-labs.com www.census-labs.com Who am I Researcher at CENSUS S.A. - Vulnerability research, reverse engineering,
More informationBeyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS)
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus(MSR) and Brandon Baker (MS) Buffer Overflows and How they Occur Buffer is a contiguous segment of memory of a fixed
More informationI run a Linux server, so we re secure
Silent Signal vsza@silentsignal.hu 18 September 2010 Linux from a security viewpoint we re talking about the kernel, not GNU/Linux distributions Linux from a security viewpoint we re talking about the
More informationDeliver Strong Mobile App Security and the Ultimate User Experience
Deliver Strong Mobile App Security and the Ultimate User Experience The Presenters Will LaSala, Director of Services @ VASCO Will has been with VASCO since 2001 and over the years has been involved in
More informationEthical Hacking CERTIFIED ETHICAL HACKER. Xpert Infotech is the registered trademark of Xperia Technologies Pvt. Ltd.
Ethical Hacking CERTIFIED ETHICAL HACKER 1 What is Ethical Hacking? Ethical Hacking and Ethical Hacker are terms used to describe hacking performed by a company or individual to help identify potential
More informationLecture 10 Code Reuse
Lecture 10 Code Reuse Computer and Network Security 4th of December 2017 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 10, Code Reuse 1/23 Defense Mechanisms static & dynamic analysis
More informationVulnerability Analysis I:
Vulnerability Analysis I: Exploit Hardening Made Easy Surgically Returning to Randomized Lib(c) Mitchell Adair September 9 th, 2011 Outline 1 Background 2 Surgically Returning to Randomized lib(c) 3 Exploit
More informationSoftware Security: Buffer Overflow Defenses
CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Defenses Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More informationHacking the Industry S. Malone & N. Beddome. Page 1
Hacking the Industry 2012 S. Malone & N. Beddome Page 1 Step 1: Build Your Tool Kit Page 2 What Your Tool Kit Should Contain To be successful in the industry just like in a penetration test you need a
More informationSmartphone Security Overview
Smartphone Security Overview Jagdish Prasad Achara Speaker, Claude Castelluccia ENSIMAG, Grenoble 11 décembre 2013 J. P. Achara, C. Castelluccia (ENSIMAG, Grenoble) Smartphone Security Overview 11 décembre
More informationApplications. Cloud. See voting example (DC Internet voting pilot) Select * from userinfo WHERE id = %%% (variable)
Software Security Requirements General Methodologies Hardware Firmware Software Protocols Procedure s Applications OS Cloud Attack Trees is one of the inside requirement 1. Attacks 2. Evaluation 3. Mitigation
More informationDescriptions for CIS Classes (Fall 2017)
Descriptions for CIS Classes (Fall 2017) Major Core Courses 1. CIS 1015. INTRODUCTION TO COMPUTER INFORMATION SYSTEMS. (3-3-0). This course provides students an introductory overview to basic computer
More informationRobust Shell Code Return Oriented Programming and HeapSpray. Zhiqiang Lin
CS 6V81-05: System Security and Malicious Code Analysis Robust Shell Code Return Oriented Programming and HeapSpray Zhiqiang Lin Department of Computer Science University of Texas at Dallas April 16 th,
More information5MMSSI - Information Systems Security 1 - vulnerabilities and attacks
5MMSSI - Information Systems Security 1 - vulnerabilities and attacks Fabien Duchene 1 Karim Hossen 1 1 Laboratoire d Informatique de Grenoble, VASCO team Grenoble Institute of Technology - Grenoble INP
More informationDefeat Exploit Mitigation Heap Attacks. compass-security.com 1
Defeat Exploit Mitigation Heap Attacks compass-security.com 1 ASCII Armor Arbitrary Write Overflow Local Vars Exploit Mitigations Stack Canary ASLR PIE Heap Overflows Brute Force Partial RIP Overwrite
More informationSO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY
SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY www.securelink.net BACKGROUND Macro trends like cloud and mobility change the requirements for endpoint security. Data can
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationCHCSS. Certified Hands-on Cyber Security Specialist (510)
CHCSS Certified Hands-on Cyber Security Specialist () SYLLABUS 2018 Certified Hands-on Cyber Security Specialist () 2 Course Description Entry level cyber security course intended for an audience looking
More informationBlack Hat Webcast Series. C/C++ AppSec in 2014
Black Hat Webcast Series C/C++ AppSec in 2014 Who Am I Chris Rohlf Leaf SR (Security Research) - Founder / Consultant BlackHat Speaker { 2009, 2011, 2012 } BlackHat Review Board Member http://leafsr.com
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationSmashing the Buffer. Miroslav Štampar
Smashing the Buffer Miroslav Štampar (mstampar@zsis.hr) Summary BSidesVienna 2014, Vienna (Austria) November 22nd, 2014 2 Buffer overflow (a.k.a.) Buffer overrun An anomaly where a program, while writing
More informationHacking from ios 8 to ios 9 TEAM PANGU
Hacking from ios 8 to ios 9 TEAM PANGU POC 2015 Agenda ios Security Overview Security Changes from ios 8 to ios 9 Kernel Vulnerability Exploited in Pangu 9 Kernel Exploit Chain Conclusion Who We Are Team
More informationFederal Virtual Training Environment (FedVTE) Pre-Approved for CompTIA CEUs
Federal Virtual Training Environment (FedVTE) Pre-Approved for CompTIA CEUs You can earn 1 CEU for each hour of training. Follow these requirements to earn and receive CEUs. All training must be at least
More informationSoftware Security: Buffer Overflow Attacks (continued)
CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationHacker Academy UK. Black Suits, White Hats!
Hacker Academy UK Black Suits, White Hats! Cyber Security Training and Services Do your devices Protect you against Cyber-attacks? Chinese hackers have allegedly stolen 50 terabytes of data on F-35 aircraft,
More informationBLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS
Use one form per registrant. BLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS This form is for those who have existing USA 2013 Training Registration and have an existing Confirmation Number. If
More informationPlay with FILE Structure Yet Another Binary Exploitation Technique. Abstract
Play with FILE Structure Yet Another Binary Exploitation Technique An-Jie Yang (Angelboy) angelboy@chroot.org Abstract To fight against prevalent cyber threat, more mechanisms to protect operating systems
More informationegambit Your defensive cyber-weapon system. You have the players. We have the game. TEHTRIS
egambit Your defensive cyber-weapon system. You have the players. We have the game. 2010-2017 1 NIDS egambit is the awarded product that can monitor and improve your IT Security against complex threats
More informationLecture 08 Control-flow Hijacking Defenses
Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation
More informationSoftware Security: Buffer Overflow Attacks
CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationCS 33 (Week 4) Section 1G, Spring 2015 Professor Eggert (TA: Eric Kim) v1.0
CS 33 (Week 4) Section 1G, Spring 2015 Professor Eggert (TA: Eric Kim) v1.0 Announcements Midterm 1 was yesterday. It's over! Don't stress out too much. We'll go over the midterm next week Homework 3 due
More informationCyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security
CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships About SANS The SANS (SysAdmin, Audit, Network, Security) Institute Established in 1989 Cooperative research
More informationEthical Hacker Foundation and Security Analysts Course Semester 2
Brochure Software Education Ethical Hacker Foundation and Security Analysts Course Semester 2 The Security Management Course is a graduate-level foundation course in the Information Security space. Brochure
More informationOne Ring to Rule them All
One Ring to Rule them All A primer on virtualization enhanced security @SimonCrosby Co-founder & CTO Introduction We use micro-virtualization to secure endpoints We serve enterprises and government agencies
More informationOffice Hours and Locations. Vyas: Th 15:30--17:00 or by appointment, CIC 2122 Zach: Mon 17:00--18:00, CIC 2214 Tiffany: Tu 16:00--17:00, CIC 2214
18-487 Introduction to Computer Security This course will introduce students to the fundamentals of computer security. We will focus on software security, applied cryptography, network security, OS security,
More informationCSE 127: Computer Security. Memory Integrity. Kirill Levchenko
CSE 127: Computer Security Memory Integrity Kirill Levchenko November 18, 2014 Stack Buffer Overflow Stack buffer overflow: writing past end of a stackallocated buffer Also called stack smashing One of
More informationEthical Hacking Foundation Exam Syllabus
1 Table of contents Table of contents... 2 Exam Syllabus: Ethical Hacking Foundation... 3 Context... 3 Course objectives... 3 Target audience... 3 Prerequisites... 4 Exam information... 4 Examination details...
More informationInject malicious code Call any library functions Modify the original code
Inject malicious code Call any library functions Modify the original code 2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks 2 3 Sadeghi, Davi TU Darmstadt
More informationPostScript: Danger Ahead?!
PostScript: Danger Ahead?! Andrei Costin Affiliation - PhD student whoami: in-between SW/HW hacker Mifare Classic MFCUK Hacking MFPs (for fun & profit) Holistic Security Interest
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationJournal Online. Buffer Overflows Seven Points IS Auditors Must Know. Holder John Doe
Journal Online Markus Pfister, CISA, works as an IT auditor and security consultant and is a guest teacher at the Lucerne University of Applied Sciences (Lucerne, Switzerland) for virtualization topics,
More informationSecurity Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE
Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real
More informationSoftware security, secure programming
Software security, secure programming Lecture 4: Protecting your code against software vulnerabilities? (overview) Master on Cybersecurity Master MoSiG Academic Year 2017-2018 Preamble Bad news several
More informationCisco Advanced Malware Protection. May 2016
Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier
More informationAdvanced Security for Systems Engineering VO 05: Advanced Attacks on Applications 2
Advanced Security for Systems Engineering VO 05: Advanced Attacks on Applications 2 Clemens Hlauschek, Christian Schanes INSO Industrial Software Institute of Information Systems Engineering Faculty of
More informationModule: Return-oriented Programming. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Return-oriented Programming Professor Trent Jaeger 1 1 Anatomy of Control-Flow Exploits Two steps in control-flow exploitation First -- attacker
More informationBuffer Overflow and Protection Technology. Department of Computer Science,
Buffer Overflow and Protection Technology Department of Computer Science, Lorenzo Cavallaro Andrea Lanzi Table of Contents Introduction
More informationIs Exploitation Over? Bypassing Memory Protections in Windows 7
Is Exploitation Over? Bypassing Memory Protections in Windows 7 Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Published research into reliable exploitation techniques: Heap
More informationISDP 2018 Industry Skill Development Program In association with
ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the
More informationPostScript: Danger Ahead?!
PostScript: Danger Ahead?! Andrei Costin Affiliation - PhD student whoami: in-between SW/HW hacker Mifare Classic MFCUK Hacking MFPs (for fun & profit) Holistic Security Interest
More informationScanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.
I Introduction to Hacking Important Terminology Ethical Hacking vs. Hacking Effects of Hacking on Business Why Ethical Hacking Is Necessary Skills of an Ethical Hacker What Is Penetration Testing? Networking
More informationCALENDAR FOR THE YEAR 2018
27 Dubai 08-12 Jan 1 Advance Budgeting Workshop 386 Istanbul 11-1 Mar 396 London 13-17 May 2 Advance Business Writing 296 Abu Dhabi 1-19 Jan 3 Contract Management 396 London 22-26 Jan 27 Dubai 18-22 Mar
More informationOutline. Memory Exploit
Outline CS 6V81-05: System Security and Malicious Code Analysis Robust Shell Code Return Oriented Programming and HeapSpray Zhiqiang Lin Department of Computer Science University of Texas at Dallas April
More informationString Oriented Programming Exploring Format String Attacks. Mathias Payer
String Oriented Programming Exploring Format String Attacks Mathias Payer Motivation Additional protection mechanisms prevent many existing attack vectors Format string exploits are often overlooked Drawback:
More informationUNIT ONE. Introduction to CyberPatriot and Cybersecurity. AIR FORCE ASSOCIATION S CYBERPATRIOT
AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT ONE Introduction to CyberPatriot and Cybersecurity www.uscyberpatriot.org Learning Objectives Participants will gain an
More informationAny conversation about virtualization for small- and medium-sized businesses (SMBs) usually starts around
E-NEWS www.e-safetech.om 1-412-944-2402 2018 E-Safe Technologies All rights reserved. September 2018 In this issue Choose from 5 Virtualization Options 5 Cyber Security Measures Barracuda and E-Safe Top
More informationModule: Return-oriented Programming. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Return-oriented Programming Professor Trent Jaeger 1 Anatomy of Control-Flow Exploits 2 Anatomy of Control-Flow Exploits Two steps in control-flow
More informationApprenticeships CYBER SECURITY HIGHER APPRENTICESHIP FROM IT TECHNICIAN TO SKILLED INFORMATION SECURITY PROFESSIONAL
Apprenticeships CYBER SECURITY HIGHER APPRENTICESHIP FROM IT TECHNICIAN TO SKILLED INFORMATION SECURITY PROFESSIONAL WHY CHOOSE QA? There are lots of apprenticeship providers out there but we think we
More informationDigital Forensics Lecture 02 PDF Structure
Digital Forensics Lecture 02 PDF Structure PDF Files Structure Akbar S. Namin Texas Tech University Spring 2017 PDF Format and Structure Tools used Text editor (e.g., vi) ClamAV antivirus (http://www.clamav.net/lang/en/download/
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationBypassing SEHOP. Stéfan Le Berre Damien Cauquil
Bypassing SEHOP Stéfan Le Berre s.leberre@sysdream.com Damien Cauquil d.cauquil@sysdream.com Table of contents 0. Introduction...3 1. SEHOP specifications (short version)...3 2. Dealing with SEHOP when
More informationInternet infrastructure
Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 04/03/2014 1 Topic Vulnerability and patch management (c) A. Mariën 04/03/2014 2 Requirements Security principle: Everything can and will
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationData Security and Privacy at Handshake
Data Security and Privacy at Handshake Introduction 3 A Culture of Security 3 Employee Background Checks 3 Dedicated Security and Privacy Teams 3 Ongoing Team Training 4 Compliance 4 FERPA 4 GDPR 4 Security
More informationIoT The gift that keeps on giving
IoT The gift that keeps on giving Contributors labs@bitdefender.com Radu Alexandru Basaraba - rbasaraba@bitdefender.com Alexandru Lazar allazar@bitdefender.com Mihai Moldovan - mimoldovan@bitdefender.com
More informationRANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise
RANSOMWARE PROTECTION A Best Practices Approach to Securing Your Enterprise TABLE OF CONTENTS Introduction...3 What is Ransomware?...4 Employee Education...5 Vulnerability Patch Management...6 System Backups...7
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationCSE 544 Advanced Systems Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems
More informationEthical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition
Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,
More informationCS 161 Computer Security
Wagner Spring 2014 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be reported
More informationIntroducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.
Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationNEW JERSEY INSTITUTE OF TECHNOLOGY. Initiation of Cyber Defense Option. for the Master of Science in
NEW JERSEY INSTITUTE OF TECHNOLOGY Initiation of Cyber Defense Option for the Master of Science in Cyber Security and Privacy (MS CSP) Degree Program With the approval of the Faculty Senate (and its Committee
More informationSoftware Security II: Memory Errors - Attacks & Defenses
1 Software Security II: Memory Errors - Attacks & Defenses Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab1 Writeup 3 Buffer overflow Out-of-bound memory writes (mostly sequential) Allow
More information200 IT Security Job Interview Questions The Questions IT Leaders Ask
200 IT Security Job Interview Questions The Questions IT Leaders Ask IT security professionals with the right skills are in high demand. In 2015, the unemployment rate for information security managers
More informationFundamentals of Linux Platform Security
Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security Module 8 Arbitrary Code Execution: Threats & Countermeasures
More informationWeb Application with AJAX. Kateb, Faris; Ahmed, Mohammed; Alzahrani, Omar. University of Colorado, Colorado Springs
Web Application with AJAX Kateb, Faris; Ahmed, Mohammed; Alzahrani, Omar University of Colorado, Colorado Springs CS 526 Advanced Internet and Web Systems Abstract Asynchronous JavaScript and XML or Ajax
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationPangu 9 Internals. Tielei Wang and Hao Xu
Pangu 9 Internals Tielei Wang and Hao Xu Team Pangu Agenda ios Security Overview Pangu 9 Overview Userland Exploits Kernel Patching in Kernel Patch Protections Persistent Code Signing Bypass Conclusion
More informationSecurity and Privacy in Computer Systems. Lecture 5: Application Program Security
CS 645 Security and Privacy in Computer Systems Lecture 5: Application Program Security Buffer overflow exploits More effective buffer overflow attacks Preventing buffer overflow attacks Announcement Project
More informationPlaying God With Format String Attacks. Bsides Jax 2016 Travis Phillips 10/22/2016
Playing God With Format String Attacks Bsides Jax 2016 Travis Phillips 10/22/2016 So Why This Talk? Been experimenting with them over the last year Found them simple in theory; difficult in practice. Found
More informationGAQM Exam CEH-001 Certified Ethical Hacker (CEH) Version: 6.0 [ Total Questions: 878 ]
s@lm@n GAQM Exam CEH-001 Certified Ethical Hacker (CEH) Version: 6.0 [ Total Questions: 878 ] Topic 1, Volume A GAQM CEH-001 : Practice Test Question No : 1 - (Topic 1) Which of the following countermeasure
More informationEffectively Meeting the Cyber Security Challenge: Strategies, Tips and Tactics
Effectively Meeting the Cyber Security Challenge: Strategies, Tips and Tactics Tom Stafford, Vice President & CIO Education: Bachelors of Science Aerospace Engineering Masters of Science Mechanical Engineering
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationApplication security. Not so obvious vulnerabilities. Nicolas Grégoire / Agarri CERN
Application security Not so obvious vulnerabilities Nicolas Grégoire / Agarri CERN Outline PHP Laxism XML Risks Blacklist Evasion XSLT Madness $ Whoami Nicolas Grégoire / Agarri Founder 13 years of Infosec
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationEthical Hacking and Countermeasures V7
EC-Council EC1-350 Ethical Hacking and Countermeasures V7 Version: 4.4 Topic 1, Volume A QUESTION NO: 1 Which of the following countermeasure can specifically protect against both the MAC Flood and MAC
More informationIntroduction into browser hacking. Andrey Kovalev
Introduction into browser hacking Andrey Kovalev (@L1kvID) Who am I Security Engineer at Yandex Browser security enthusiast Public speaker (every ZeroNights since 2015) Author of @br0wsec channel (https://t.me/br0wsec)!3
More informationIntroducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security
Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS Bachelor of Science in Cyber Security & Master of Science in Cyber Security The cyber security industry is calling for more experts. And
More informationSANS Institute 2003, All Rights Reserved.
INCIDENT FORM CHECKLIST Form Completed Date Completed Initials 1. Incident Contact List YES NO -Intellectual Property Owner Contacts YES NO -Intellectual Property Owner Local Contacts YES NO -Suspect Local
More informationVirtually Pwned Pentesting VMware. Claudio
Virtually Pwned Pentesting VMware Claudio Criscione @paradoxengine c.criscione@securenetwork.it /me Claudio Criscione The need for security Breaking virtualization means hacking the underlying layer accessing
More informationHow To Remove A Virus Manually Windows 7 Without Antivirus Security Pro
How To Remove A Virus Manually Windows 7 Without Antivirus Security Pro Security Defender is a fake antivirus program, it should not be trusted, since it is a The program usually installs on PCs without
More informationVirtually Pwned Pentesting Virtualization. Claudio
Virtually Pwned Pentesting Virtualization Claudio Criscione @paradoxengine c.criscione@securenetwork.it Claudio Criscione /me The need for security Breaking virtualization means hacking the underlying
More information