SlideShare a Scribd company logo
1 of 84
Download to read offline
Armorizing
Applications
Iftach Ian Amit
Director of Services
Friday, October 11, 13
Hi!
Friday, October 11, 13
I’m not an application guy :-|
Friday, October 11, 13
I’m a security guy
Who actually used to do some application stuff
Friday, October 11, 13
whoami?
$ id
uid=501(iamit) gid=20(ioactive) groups=12(hack),
33(research),61(dev),79(red_team),80(sexy_defense),
81(exil),98(idf),100(dc9723),204(/dev/null)
Friday, October 11, 13
Attack?
Defense!
Friday, October 11, 13
So, I’ve been dealing with defense a lot
Friday, October 11, 13
As in - helping defenders get a head start
Friday, October 11, 13
Guess what? We are still failing on the basics...
Friday, October 11, 13
Logs...
Friday, October 11, 13
Logs...
Firewall
Friday, October 11, 13
Logs...
Firewall
IDS
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
HTTPD
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
HTTPD
DBMS
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
HTTPD
DBMS DNS
Friday, October 11, 13
Logs...
Firewall
IDS
IPS
Network
HTTPD
DBMS DNS
Application?
Friday, October 11, 13
We still have sucky application logs :-(
Friday, October 11, 13
Friday, October 11, 13
I mean, we came a long way since web-app coding in the
90’s
I know. I’ve lived through it :-(
Friday, October 11, 13
Example:
Friday, October 11, 13
Example:
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Good start.At least
we can haz data.
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Good start.At least
we can haz data.
This is pretty
much useless*
Friday, October 11, 13
Example:
Uses MVC.
Actually very nicely
architected...
Good start.At least
we can haz data.
This is pretty
much useless*
* from a security perspective.
no doubt that when this breaks you’ll need it
Friday, October 11, 13
Let’s get back to basics for a sec here
Friday, October 11, 13
time=2013-03-02 23:59:57
action=drop
orig=192.168.1.103 i/
f_dir=inbound i/
f_name=eth1c0
has_accounting=0
product=VPN-1 & FireWall-1
policy_name=INTERNET
src=1.2.3.4 s_port=37586
dst=3.4.5.6 service=80
proto=tcp rule=16
xlatesrc=8.9.10.11
xlatesport=57517
xlatedport=0 NAT_rulenum=4
NAT_addtnl_rulenum=internal
Friday, October 11, 13
Friday, October 11, 13
but wait,
how about them HTTPD?
Friday, October 11, 13
193.205.210.42 - - [09/Oct/2013:00:57:17 -0700] "GET /blog/2013/07/mail-encryption-for-android/ HTTP/1.1" 200 32064 "https://
www.google.it/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/
537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-includes/js/comment-reply.min.js?ver=3.6.1 HTTP/1.1" 200 1068 "http://
www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-content/plugins/podpress/js/podpress.js?ver=3.6.1 HTTP/1.1" 200 40786
"http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=2.5 HTTP/
1.1" 200 11641 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-content/plugins/lightbox-2/lightbox.js?ver=1.8 HTTP/1.1" 200 21623
"http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:19 -0700] "GET /blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1" 200 7484
"http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:20 -0700] "GET /blog/wp-content/plugins/podpress/players/1pixelout/1pixelout_audio-player.js
HTTP/1.1" 200 12305 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:20 -0700] "GET /blog/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.6.1 HTTP/1.1" 200
1212 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/
537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:20 -0700] "GET /blog/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=20121205
HTTP/1.1" 200 39040 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:21 -0700] "GET /blog/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.5.2 HTTP/1.1"
200 8610 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/
537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:21 -0700] "GET /blog/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?
ver=3.40.0-2013.08.13 HTTP/1.1" 200 14910 "http://www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:23 -0700] "GET /favicon.ico HTTP/1.1" 200 1351 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36"
193.205.210.42 - - [09/Oct/2013:00:57:23 -0700] "GET /blog/wp-includes/js/jquery/jquery.js?ver=1.10.2 HTTP/1.1" 200 93371 "http://
www.iamit.org/blog/2013/07/mail-encryption-for-android/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36Friday, October 11, 13
Don’t get me started...
Friday, October 11, 13
And that’s AFTER taking into account “log analyzers”
Friday, October 11, 13
“But you security guys have all these fancy SIEM stuff,
right?”
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Yes, we have fancy dashboards
and graphs
and sometimes synchronized logs from multiple sources
But it’s still a pain in the tuches
Friday, October 11, 13
WHY?
Friday, October 11, 13
Friday, October 11, 13
The application has ALL THE CONTEXT
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Yet you keep it to yourself
Friday, October 11, 13
This made me cry in joy:
Friday, October 11, 13
Friday, October 11, 13
Firewall Web Server
Client X
Client X
ClientY
Client X
ClientY
ClientY
Client X
Client X
Client X
ClientY
ClientY
index
items
index
items+a
items
items+c
checkout
login
confirm
checkout
confirm
Friday, October 11, 13
Firewall Web ServerApplication
Client X
Client X
ClientY
Client X
ClientY
ClientY
Client X
Client X
Client X
ClientY
ClientY
index
items
index
items+a
items
items+c
checkout
login
confirm
checkout
confirm
- John, from X, just
bought A and shipped
it paying with CC
- Client fromY tried to
bypass app logic and avoid
payment/auth
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Friday, October 11, 13
Rinse,
Lather,
Repeat
Friday, October 11, 13
Everywhere!
DB Access
Session Management
State Management
User Management
...
Friday, October 11, 13
Be a dot connector!
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
>1yr dormant
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
>1yr dormant
laundering
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
>1yr dormant
laundering
Intl. transfers
Friday, October 11, 13
Counter Intelligence
use-case
Problem
dormant accounts used
for fraud (and/or
money laundering)
Account
>1yr dormant
laundering
Intl. transfersInternal/
External???
Friday, October 11, 13
Account
Friday, October 11, 13
AccountAccountAccountAccountAccount
Friday, October 11, 13
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Internal
user
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Internal
user
Friday, October 11, 13
Marketing
Accounting
Branch mgmt.
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
List
AccountAccountAccountAccountAccount
Internal
user
Friday, October 11, 13
Internal
user
Friday, October 11, 13
Internal
user
PC
Friday, October 11, 13
Internal
user
PC
Friday, October 11, 13
Internal
user
PC Trojan
Friday, October 11, 13
Internal
user
PC Trojan
Friday, October 11, 13
Internal
user
PC Trojan
Friday, October 11, 13
Internal
user
PC Trojan
C&C
Friday, October 11, 13
Internal
user
PC Trojan
C&C
Bad Guys(tm)
Friday, October 11, 13
Log on context
Weird state changes
Repeatable expectable actions
Who, what, why
Help me get the story right!
Friday, October 11, 13
Questions? Comments!
Ian Amit
@iiamit
ian.amit@ioactive.com
Friday, October 11, 13

More Related Content

Viewers also liked

Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2Iftach Ian Amit
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?Iftach Ian Amit
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?Iftach Ian Amit
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and BackIftach Ian Amit
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and BlueIftach Ian Amit
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk MetricsIftach Ian Amit
 
Creación de tablas y relaciones en MySQL y wamp server
Creación de tablas y relaciones en MySQL y  wamp serverCreación de tablas y relaciones en MySQL y  wamp server
Creación de tablas y relaciones en MySQL y wamp serverJair Ospino Ardila
 

Viewers also liked (9)

Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
 
ISTS12 Keynote
ISTS12 KeynoteISTS12 Keynote
ISTS12 Keynote
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and Back
 
Hacking cyber-iamit
Hacking cyber-iamitHacking cyber-iamit
Hacking cyber-iamit
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and Blue
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk Metrics
 
Creación de tablas y relaciones en MySQL y wamp server
Creación de tablas y relaciones en MySQL y  wamp serverCreación de tablas y relaciones en MySQL y  wamp server
Creación de tablas y relaciones en MySQL y wamp server
 

Similar to Armorizing applications

Tulsa techfest2010 security
Tulsa techfest2010   securityTulsa techfest2010   security
Tulsa techfest2010 securityJason Ragsdale
 
Running At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSRunning At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSryan_huber
 
[jqconatx] Adaptive Images for Responsive Web Design
[jqconatx] Adaptive Images for Responsive Web Design[jqconatx] Adaptive Images for Responsive Web Design
[jqconatx] Adaptive Images for Responsive Web DesignChristopher Schmitt
 
Repsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application SecurityRepsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application SecurityAaron Bedra
 
OWASP Top 10 2013
OWASP Top 10 2013OWASP Top 10 2013
OWASP Top 10 2013markstory
 
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War StoriesOSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War StoriesNETWAYS
 
Macruby - RubyConf Presentation 2010
Macruby - RubyConf Presentation 2010Macruby - RubyConf Presentation 2010
Macruby - RubyConf Presentation 2010Matt Aimonetti
 
Vinted life embetterment
Vinted life embettermentVinted life embetterment
Vinted life embettermentAgile Lietuva
 
Provisioning profiles like a Pro
Provisioning profiles like a ProProvisioning profiles like a Pro
Provisioning profiles like a ProJay Graves
 
In Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect ExfiltrationIn Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect ExfiltrationItzik Kotler
 
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...Amazon Web Services
 
Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTCTim Panton
 
Troubleshooting Live Java Web Applications
Troubleshooting Live Java Web ApplicationsTroubleshooting Live Java Web Applications
Troubleshooting Live Java Web Applicationsashleypuls
 
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeLogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeJames Turnbull
 
112 portfpres.pdf
112 portfpres.pdf112 portfpres.pdf
112 portfpres.pdfsash236
 
Petr Dvořák: Mobilní webové služby pohledem iPhone developera
Petr Dvořák: Mobilní webové služby pohledem iPhone developeraPetr Dvořák: Mobilní webové služby pohledem iPhone developera
Petr Dvořák: Mobilní webové služby pohledem iPhone developeraWebExpo
 
AppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App PerformanceAppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App Performancerobgalvinjr
 

Similar to Armorizing applications (20)

Tulsa techfest2010 security
Tulsa techfest2010   securityTulsa techfest2010   security
Tulsa techfest2010 security
 
Running At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoSRunning At 99%: Mitigating App DoS
Running At 99%: Mitigating App DoS
 
Ilugc curl
Ilugc curlIlugc curl
Ilugc curl
 
[jqconatx] Adaptive Images for Responsive Web Design
[jqconatx] Adaptive Images for Responsive Web Design[jqconatx] Adaptive Images for Responsive Web Design
[jqconatx] Adaptive Images for Responsive Web Design
 
Repsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application SecurityRepsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application Security
 
OWASP Top 10 2013
OWASP Top 10 2013OWASP Top 10 2013
OWASP Top 10 2013
 
2013 - Mark story - Avoiding the Owasp
2013 - Mark story - Avoiding the Owasp2013 - Mark story - Avoiding the Owasp
2013 - Mark story - Avoiding the Owasp
 
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War StoriesOSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
OSDC 2015: Pere Urbon | Scaling Logstash: A Collection of War Stories
 
Macruby - RubyConf Presentation 2010
Macruby - RubyConf Presentation 2010Macruby - RubyConf Presentation 2010
Macruby - RubyConf Presentation 2010
 
Vinted life embetterment
Vinted life embettermentVinted life embetterment
Vinted life embetterment
 
Provisioning profiles like a Pro
Provisioning profiles like a ProProvisioning profiles like a Pro
Provisioning profiles like a Pro
 
In Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect ExfiltrationIn Plain Sight: The Perfect Exfiltration
In Plain Sight: The Perfect Exfiltration
 
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
2nd Annual Start-up Launches with Dr. Werner Vogels (SPOT101) | AWS re:Invent...
 
Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTC
 
Troubleshooting Live Java Web Applications
Troubleshooting Live Java Web ApplicationsTroubleshooting Live Java Web Applications
Troubleshooting Live Java Web Applications
 
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeLogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
 
112 portfpres.pdf
112 portfpres.pdf112 portfpres.pdf
112 portfpres.pdf
 
Petr Dvořák: Mobilní webové služby pohledem iPhone developera
Petr Dvořák: Mobilní webové služby pohledem iPhone developeraPetr Dvořák: Mobilní webové služby pohledem iPhone developera
Petr Dvořák: Mobilní webové služby pohledem iPhone developera
 
- Webexpo 2010
- Webexpo 2010- Webexpo 2010
- Webexpo 2010
 
AppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App PerformanceAppForum 2014 Boost Hybrid App Performance
AppForum 2014 Boost Hybrid App Performance
 

More from Iftach Ian Amit

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVIftach Ian Amit
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing KeynoteIftach Ian Amit
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itIftach Ian Amit
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python BytecodeIftach Ian Amit
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer GamesIftach Ian Amit
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723Iftach Ian Amit
 
Stuxnet - the worm and you
Stuxnet - the worm and youStuxnet - the worm and you
Stuxnet - the worm and youIftach Ian Amit
 
Pushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingPushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingIftach Ian Amit
 
Mesh network presentation
Mesh network presentationMesh network presentation
Mesh network presentationIftach Ian Amit
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data ExfiltrationIftach Ian Amit
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723Iftach Ian Amit
 
An intoroduction to the IS-IS IGP routing protocol
An intoroduction to the IS-IS IGP routing protocolAn intoroduction to the IS-IS IGP routing protocol
An intoroduction to the IS-IS IGP routing protocolIftach Ian Amit
 

More from Iftach Ian Amit (20)

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLV
 
Devsecops at Cimpress
Devsecops at CimpressDevsecops at Cimpress
Devsecops at Cimpress
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing Keynote
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Sexy defense
Sexy defenseSexy defense
Sexy defense
 
Cyber state
Cyber stateCyber state
Cyber state
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python Bytecode
 
Exploiting Second life
Exploiting Second lifeExploiting Second life
Exploiting Second life
 
Dtmf phreaking
Dtmf phreakingDtmf phreaking
Dtmf phreaking
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer Games
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723
 
Stuxnet - the worm and you
Stuxnet - the worm and youStuxnet - the worm and you
Stuxnet - the worm and you
 
Pushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingPushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticing
 
Mesh network presentation
Mesh network presentationMesh network presentation
Mesh network presentation
 
Html5 hacking
Html5 hackingHtml5 hacking
Html5 hacking
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data Exfiltration
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723
 
An intoroduction to the IS-IS IGP routing protocol
An intoroduction to the IS-IS IGP routing protocolAn intoroduction to the IS-IS IGP routing protocol
An intoroduction to the IS-IS IGP routing protocol
 
Turtles dc9723
Turtles dc9723Turtles dc9723
Turtles dc9723
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Armorizing applications