SD-WAN Internet Census, Zeronighst 2018

•

1 recomendación•622 vistas

The goal of this talk is to provide the results of passive and active fingerprinting for SD-WAN systems using a common threat intelligence approach. We explore Internet-based and cloud-based publicly available SD-WAN systems using the well-known «Shodan» and «Censys» search engines and custom developed automation tools and show that most of the SD-WAN systems have known vulnerabilities related to outdated software and insecure configuration. Anton Nikolaev, Denis Kolegov, Oleg Broslavsky

Tecnología

or
How to Find SD-WANs and not to Lose
Yourself
Denis Kolegov
Oleg Broslavsky
Anton Nikolaev

Not (really) so long time ago,
we decide to start a big SD-WAN
journey
SD-WAN
NewHope

“SD-WAN is perfectly safe for implementing wide-
area networks affordably, efficiently and securely.”

Client-side Authentication
?
! // TODO: fix in prod ?

Unfortunately, this talk is not about sophisticated hacking
techniques (cause you do not need them to hack SD-WAN)
This talk about how to find those
low-hanging fruits on the Internet?

The Main Questions
• How many SD-WAN nodes on the Internet?
• Do we need new techniques to scan
and fingerprint them?
• How to find vulnerable SD-WAN nodes?

Approach
Best EffortWhen you have to underline the best effort approach but
you don’t know exactly how to

SD-WAN Essence
or
That Boring Part of Slides Again

Just kidding.
We need it for understanding.

Query Correction
html:Sonus
+ title:
"SBC Management
Application"

More Query Correction!
We can use
corrections to
build full
product map!
https://github.com/sdnewhop/sdwannewhope/issues/7

What About Really Hard
Cases?
Easy Peasy Lemon Squeezy?
Difficult Difficult Lemon Difficult!

SSH Fingerprinting
SD-WAN version in
/etc/issue message
masscan
our
banner
zgrab
/sdnewhop/zgrab2
/nmap/nmap/issues/1389

Websocket
• Nmap can’t scan Websocket
• No standard NSE Websocket
libraries
• Weird behavior in custom
NSE Websocket libraries

You should scan
all Internet using
masscan

-Johny, Johny?
-Yes, papa
-Scanning Internet?
-No, papa
-Telling lies?
-No, papa

> well you kinda killed the entire Tomtech network..
> literally everything is down.
> so looks like I can’t help you with servers anymore, sorry.

SD-WAN Harvester
Workflow
Find
SD-WANs
Grab
versions
Run NSE Frontend
Get
results

Harvester Charts
But seriously, harvester can
build next pie charts by:
• vulnerabilities
• vendors
• products
• countries
• continents
https://github.com/sdnewhop/sdwan-
harvester/tree/master/samples

Conclusions
• Many different vendors
and related products
have been found
• Most products are
susceptible to version
leakage
• More often products are
leaky and vulnerable

SD-WAN New Hope
https://github.com/sdnewhop/
• Sergey Gordeychik
• Denis Kolegov
• Oleg Broslavsky
• Max Gorbunov
• Nikita Oleksov
• Nikolay Tkachenko
• Anton Nikolaev
• SD-WAN Internet Census
• SD-WAN Harvester
• SD-WAN Infiltrator
• SD-WAN Threat Landscape

THANKS FOR ATTENTION
@dnkolegov
@yalegko
@manmoleculo

Más contenido relacionado

La actualidad más candente

In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation. I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...

Zoltan Balazs

Ransomware - what is it, how to protect against it

Zoltan Balazs

Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli

Priyanka Aash

Cloud security, sounds like a myth does it not? Many organizations still cling to the belief that cloud services can not be used in a secure infrastructure in this session I'll cover emerging and available technologies which can help abate some of these concerns. Threat models - What's a side channel attack? - What's a co-residency attack? Amazon - Available amazon AWS compliance documentation and how it is relevant to secure infrastructure - Available amazon AWS services such as KSM and how they may be used to secure your deployments, VPC and netowrk isolation, IAM. Openstack - What's openstack bandit and why should I care? - What options do I have in my openstack deployment to secure my infrastructure and how are they relevant to my needs? Federated cloud infrastructure - What is it? - Why you need one - Ensuring secure "chain of custody" through to deployment Docker / LXC - What is container virtualization and how does it differ to regular virtualization? - How does this affect my attack surface? - Should I have this in production ? Security CI - How can security be part of your CI process? Emerging technologies - pki.oio - vaultproject.io - haka Telemetry processing - Why your logs are your most important data source - Handling thousands, millions or more lines per second - Using the right components Building the castle - Thoughts in putting this all together to produce infrastructure hardened from developer though to production.

Cumulonimbus fortification-secure-your-data-in-the-cloud

David Busby, CISSP

MIPS-X

Zoltan Balazs

When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all. We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.

BSides London 2015 - Proprietary network protocols - risky business on the wire.

Jakub Kałużny

When it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.

Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014

Jakub Kałużny

Did "cloud computing" and "big data" buzzwords bring new challenges for security testers? Apart from complexity of Hadoop installations and number of interfaces, standard techniques can be applied to test for: web application vulnerabilities, SSL security and encryption at rest. We tested popular Hadoop environments and found a few critical vulnerabilities, which for sure cast a shadow on big data security.

Zeronights 2015 - Big problems with big data - Hadoop interfaces security

Jakub Kałużny

Denis Baranov: Root via XSS

qqlan

PLMCE - Security and why you need to review yours

David Busby, CISSP

Defcon 22-jesus-molina-learn-how-to-control-every-room

Priyanka Aash

How to hide your browser 0-day @ Disobey

Zoltan Balazs

CSW2017 Enrico branca What if encrypted communications are not as secure as w...

CanSecWest

Security isn’t deploying some overbearing big brother of a hardware or software solution; it’s not running scanning software which tells you you’re safe; because in reality in these type of setups you’re not. Security is akin to high availability you deploying multiple redundancies to ensure you can still operate, the same can and should be applied to security; identify the potential areas of attack, reduces this attack surface and deploy multiple redundancies to secure your deployments.

Security its-more-than-just-your-database-you-should-worry-about

David Busby, CISSP

Challenges Building Secure Mobile Applications

Masabi

BalCCon2k18 - Towards the perfect cryptocurrency wallet

Nemanja Nikodijević

CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT

CanSecWest

Threat Con 2021: What's Hitting my Honeypots

APNIC

GSM networks are compromised for over five years. Starting from passive sniffing of unencrypted traffic, moving to a fully compromised A5/1 encryption and then even to your own base station, we have different tools and opportunities. A Motorola phone retails for only $5 gives you the opportunity to peep into your girlfriend's calls. RTL-SDR retails for $20 which allows you to intercept all two-factor authentication in a medium-sized office building. Lastly, USRP retails for $700 and can intercept almost everything that you can see in 2G. But who cares about 2G? Those who are concerned switched off of 2G. AT&T is preparing to switch off all its 2G networks by the end of 2016. Even GSMA (GSM Alliance) admitted that security through obscurity is a bad idea (referring to COMP128, A5/*, GEA algorithms and other things). 3G and LTE networks have mandatory cryptographical integrity checks for all communications, mutual authentication both for mobile devices and base station. The opportunity to analyze all protocols and cryptographical primitives due to their public availability is important. However, the main problem is that we do not have calypso phones for 3G. We do not have cheap and ready to use devices to fuzz 3G devices over the air. Or do we? What about femtocells? Perhaps telecoms are to fast to take their guard down with security considerations embedded in 3G/4G? Users can connect to femocells. and have access the Internet on high speeds, make calls, ect.. Why don't we abuse it? Yes, there is already research that allows you to gain control over femtocell. There is also research that allows sniffing calls and messages after gaining control. But all such solutions are not scalable. You are still bound to the telecom provider. You still have to connect to a VPN - to a core network. You have to bypass location binding and so on. Perhaps there is an easier solution? Parhaps we can create UMTS-in-a-box from readily available femtocell and have them available in large quantities without telecom-branding? We already know. We will tell the whole story from unboxing to proof-of-concept data intercept and vulnerabilities in UMTS networks with all your favorite acronyms: HNB, SeGW, HMS, RANAP, SCTP, TR-069.

Adventures in Femtoland: 350 Yuan for Invaluable Fun

arbitrarycode

A hacker likes computers for the same reason that a child likes legos: both allow the creation of something new. However the growing trend has been to 'close up' general purpose computing into devices that serve a narrow purpose. It's been happening with games consoles, routers, smartphones, smart TV's and more recently, smartwatches. A hacker will face this trend as an additional challenge and will be even more motivated to gain control over the device. This talk is a journey to the world of 'reverse engineering' of a device of the "Internet of Things", in this case a Tomtom Runner sports watch. The author has little previous experience in reverse engineering of embedded systems, so the talk aims to serve as an introduction to this topic, what motivations and what kind of approaches may be tried. Presented in September 2015 at "Confraria de Segurança da Informação" in Lisbon

Reverse Engineering the TomTom Runner pt. 1

Luis Grangeia

La actualidad más candente (20)

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...

Ransomware - what is it, how to protect against it

Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli

Cumulonimbus fortification-secure-your-data-in-the-cloud

MIPS-X

BSides London 2015 - Proprietary network protocols - risky business on the wire.

Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014

Zeronights 2015 - Big problems with big data - Hadoop interfaces security

Denis Baranov: Root via XSS

PLMCE - Security and why you need to review yours

Defcon 22-jesus-molina-learn-how-to-control-every-room

How to hide your browser 0-day @ Disobey

CSW2017 Enrico branca What if encrypted communications are not as secure as w...

Security its-more-than-just-your-database-you-should-worry-about

Challenges Building Secure Mobile Applications

BalCCon2k18 - Towards the perfect cryptocurrency wallet

CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT

Threat Con 2021: What's Hitting my Honeypots

Adventures in Femtoland: 350 Yuan for Invaluable Fun

Reverse Engineering the TomTom Runner pt. 1

Similar a SD-WAN Internet Census, Zeronighst 2018

Securing Rails

Alex Payne

Going mobile - tip, tricks and tools for building mobile web-apps

Joshua May

Streaming Media Player

Goldensun1

Sensepost assessment automation

SensePost

JavaScript is finding its way further and further out of the browser. Only a couple of years ago, if someone had said they wanted to build robots only using JS you'd think they were crazy. Having tried it at the time those naysayers were correct - it was a disaster. Recently, particularly as a result of the nodebots project, JS Robotics has started to come of age and it's now possible to build simple robots using JavaScript for the majority of the stack - everything from control and sensing to motors to lights, AI and computer vision. This talk will give an overview of what's currently possible, where the current gotchas are, how to get started and have some interactive elements that can be played with during or after the session. Andrew is a creator & destroyer of things that combine mobile web, ubicomp and lots of data. Sometime programmer, interaction researcher & CTO @ JBA. Be Responsive meetup / Melbourne Geek Night Crossover night September 2014

Building Droids with JavaScript

Andrew Fisher

Hacklu2011 tricaud

stricaud

Beyond The Padlock: New Ideas in Browser Security UI

mozilla.presentations

Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...

Dakiry

Cracking Wep And Wpa Wireless Networks

guestf2e41

Crazy Like A Fox - #Infosec Ideas That Just Might Work

Jan Schaumann

Ultimate Guide to Setup DarkComet with NoIP

Pich Pra Tna

Step by Step on How to Setup DarkComet

Pich Pra Tna

Atlassian - Software For Every Team

Sven Peters

Most Java software problems come from the little “broken windows” – a null pointer here or there. Sometimes, however, you find yourself in a nasty section of town, with the heap, stack, and permgen brutally fighting for memory. Threads in nasty knife fights over resources. Sometimes just plain freaky things – how did I wind up with 1.5GB of HashSet allocations? In this edition of CSI: Seattle Java Edition, we’ll look at the tools available to combat these nasty foes and even see some of them in action – we will blow up a lot of application servers and JVMs in the process, with graphic results.

Java Tools and Techniques for Solving Tricky Problem

Will Iverson

Puppet for SysAdmins

Puppet

Dmk blackops2006 ccc

Dan Kaminsky

Puppet@Citygrid - Julien Rottenberg - PuppetCamp LA '12

Puppet

Web Application Hacking

SensePost

7 New Tools Java Developers Should Know

Takipi

Os Nightingale

oscon2007

Similar a SD-WAN Internet Census, Zeronighst 2018 (20)

Securing Rails

Going mobile - tip, tricks and tools for building mobile web-apps

Streaming Media Player

Sensepost assessment automation

Building Droids with JavaScript

Hacklu2011 tricaud

Beyond The Padlock: New Ideas in Browser Security UI

Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...

Cracking Wep And Wpa Wireless Networks

Crazy Like A Fox - #Infosec Ideas That Just Might Work

Ultimate Guide to Setup DarkComet with NoIP

Step by Step on How to Setup DarkComet

Atlassian - Software For Every Team

Java Tools and Techniques for Solving Tricky Problem

Puppet for SysAdmins

Dmk blackops2006 ccc

Puppet@Citygrid - Julien Rottenberg - PuppetCamp LA '12

Web Application Hacking

7 New Tools Java Developers Should Know

Os Nightingale

Más de Sergey Gordeychik

The boom of artificial intelligence brought to the market a set of impressive solutions both on hardware and software sides. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. The speaker will present results of hands-on vulnerability research of different components of AI infrastructure, including NVIDIA DGX GPU servers, ML frameworks, such as PyTorch, Keras, and TensorFlow, data processing pipelines and specific applications, including medical imaging and face recognition–powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.

Vulnerabilities of machine learning infrastructure

Sergey Gordeychik

MALIGN MACHINE LEARNING MODELS

Sergey Gordeychik

Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust. Do we trust AI? I don’t, personally. What is “state of the art” in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don’t touch it. And tomorrow is too late. But what we can do for Trustworthy AI? There are just no simple answers. You can’t install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?.. To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?

AI for security or security for AI - Sergey Gordeychik

Sergey Gordeychik

Practical analysis of the cybersecurity of European smart grids

Sergey Gordeychik

The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020. The SD-WAN can have firewalls and other perimeter security features on board which makes them attractive targets for attackers. Vendors promise "on-the-fly agility, security" and many other benefits. But what does "security" really mean from a hand-on perspective? Most of SD-WAN solutions are distributed as Linux-based Virtual Appliances or a Cloud-centric service which can make them low-hanging fruit even for script kiddie. This presentation will introduce practical analysis of different SD-WAN solutions from the attacker perspective. Attack surface, threat model and real-world vulnerabilities in SD-WAN solutions will be presented.

Too soft[ware defined] networks SD-Wan vulnerability assessment

Sergey Gordeychik

Recon 2017: By Kirill Nesterov, Alexander Tlyapov Digital Substation is an essential part of every electrical network. It is also a base ground for modern Smart Grid technologies. More than 4000 of IEC 61850 compatible substations operated in Europe, 20 000+ worldwide, each of the comprising communication and flow of gigawatts of electrical current between large power plants (thermoelectrical, hydroelectrical or even nuclear) and their respective consumers. Such consumers include cities, industrial objects and power plants themselves. During this talk we will focus on security analysis results of key Digital Substation component - Relay Protection Terminals. Protective relays are devices for detection of electrical faults. When such fault is detected relay device designed to trip a circuit breaker. Without them problems like over-current, over-voltage, reverse power flow, over-frequency, and under-frequency can lead to colorful and impressive pictures of giant electric arcs accompanied by bunch of sparks with total blackouts as a result. Nowadays protective relays became digital devices with network access through which operators can access different services like self-testing, statistics, logs and others. More of it, electrical lines are also combined with fiber-optic lines for communications. Electrical part of such lines need minimal traffic, but protection against surges. So such lines can be leased to different organizations, exposing great target for attacker. All of services inside such networks are available through different industrial protocols like IEC 61850 (MMS, GOOSE), IEC104 and Modbus, a not very industrial protocols HTTP, FTP, SSH and everybody’s favorite proprietary protocols. We will show how to dig very deep inside Relay Protection Terminal and how to abuse numerous weaknesses and vulnerabilities inside.

Recon: Hopeless relay protection for substation automation

Sergey Gordeychik

The Great Train Robbery: Fast and Furious

Sergey Gordeychik

Recently published information on the cybersecurity assessment of railway computer and communication-based control systems (CBCS) identified several weaknesses and vulnerabilities, which allow threat agents to not only degrade system reliability and bypass safety mechanisms, but to carry out attacks which directly affect the rail traffic safety 1. Despite these findings, remarkably these systems meet all relevant IT security and functional safety requirements and have the required international, national and industrial certificates. To reduce the risks associated with cyberattacks against CBCS and their components, we recommend that system certification procedures be designed to include elements of security assessment and penetration testing.

Cybersecurity Assessment of Communication-Based Train Control systems

Sergey Gordeychik

Greater China Cyber Threat Landscape - ISC 2016

Sergey Gordeychik

スマートグリッドのサイバーセキュリティ電力系統は人類がこれまで構築した洗練されたシステムの１つである。IEC 61850のような新技術および欧州全体の取り組みは、大陸全体のスマートグリッドシステムの創造をより複雑にさせている。私たちの最新研究は、継電器保護や風力・太陽光発電を含めた、脅威の展望やアーキテクチャと現代的なスマートグリッド要素の実装の分析に注力していた。驚くべきこと（ではない）かもしれないが、巨大なタービンタワーや家庭用の太陽光発電機を管理するシステムはインターネットに接続されているだけでなく、多くの既知の脆弱性や容易にゼロデイになりやすい。たとえこれらのシステムがShodanで見つからなかったとしても、派手なクラウド技術はセキュリティのためにならない。この講演では、ハウスキーピングと屋上太陽光発電システムからデジタル変電所までの、欧州のスマートグリッド技術の様々な要素の安全性評価における実際の経験を述べる。スマートグリッド要素における新たな（しかし、責任を持って開示する）脆弱性やクラウドSCADA技術だけでなくスマートグリッド産業プロトコルの安全性評価のための新しいツールも公開する。

SCADA StrangeLove Practical security assessment of European Smartgrid

Sergey Gordeychik

Más de Sergey Gordeychik (10)

Vulnerabilities of machine learning infrastructure

MALIGN MACHINE LEARNING MODELS

AI for security or security for AI - Sergey Gordeychik

Practical analysis of the cybersecurity of European smart grids

Too soft[ware defined] networks SD-Wan vulnerability assessment

Recon: Hopeless relay protection for substation automation

The Great Train Robbery: Fast and Furious

Cybersecurity Assessment of Communication-Based Train Control systems

Greater China Cyber Threat Landscape - ISC 2016

SCADA StrangeLove Practical security assessment of European Smartgrid

Último

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Scaling API-first – The story of a global engineering organization

Radu Cotescu

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

MINDCTI Revenue Release Quarter One 2024

MIND CTI

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

SD-WAN Internet Census, Zeronighst 2018

1. or How to Find SD-WANs and not to Lose Yourself Denis Kolegov Oleg Broslavsky Anton Nikolaev

3. Not (really) so long time ago, we decide to start a big SD-WAN journey SD-WAN NewHope

5. “SD-WAN is perfectly safe for implementing wide- area networks affordably, efficiently and securely.”

6. Perfectly safe? Not exactly...

7. XSS

8. Client-side Authentication ? ! // TODO: fix in prod ?

9. OS Command Injection

10. OS Command Injection

11. Unfortunately, this talk is not about sophisticated hacking techniques (cause you do not need them to hack SD-WAN) This talk about how to find those low-hanging fruits on the Internet?

12. The Main Questions • How many SD-WAN nodes on the Internet? • Do we need new techniques to scan and fingerprint them? • How to find vulnerable SD-WAN nodes?

13. Approach Best EffortWhen you have to underline the best effort approach but you don’t know exactly how to

14. But nevertheless, let’s start!

15. SD-WAN Essence or That Boring Part of Slides Again

16.

17. F*ck that shit! We are hackers!

18. Just kidding. We need it for understanding.

19. Traditional WAN vs Software-defined WAN

20.

21. Search Engines

22. Straightforward Examples

23. More Sophisticated Examples

24. Query Correction html:Sonus + title: "SBC Management Application"

25. More Query Correction! We can use corrections to build full product map! https://github.com/sdnewhop/sdwannewhope/issues/7

26. Query Confidence Firm CertainTentative

27.

28. Version Leakage

29. Version Leakage Patterns

30. How to Find Them All? Let’s help Dora!

31. We have a leakage!

32. We have a NMAP!

33. Pen Pineapple Apple SD-WAN Infiltrator!

34. SD-WAN Infiltrator

35.

36. What About Really Hard Cases? Easy Peasy Lemon Squeezy? Difficult Difficult Lemon Difficult!

37. SSH Fingerprinting SD-WAN version in /etc/issue message masscan our banner zgrab /sdnewhop/zgrab2 /nmap/nmap/issues/1389

38. Websocket • Nmap can’t scan Websocket • No standard NSE Websocket libraries • Weird behavior in custom NSE Websocket libraries

39. Indirect Version Leakage

40. Stop! What about Internet scanning?

41.

42. You should scan all Internet using masscan

43. -Johny, Johny? -Yes, papa -Scanning Internet? -No, papa -Telling lies? -No, papa

44. > well you kinda killed the entire Tomtech network.. > literally everything is down. > so looks like I can’t help you with servers anymore, sorry.

45.

46. SD-WAN Harvester

47. SD-WAN Harvester Workflow Find SD-WANs Grab versions Run NSE Frontend Get results

48. Results

49. SD-WAN Map

50. Top of founded SD-WAN Vendors

51. Top of founded SD-WAN Solutions

52. Top SD-WAN Vulnerabilities

53. Harvester Charts But seriously, harvester can build next pie charts by: • vulnerabilities • vendors • products • countries • continents https://github.com/sdnewhop/sdwan- harvester/tree/master/samples

54.

55. Conclusions • Many different vendors and related products have been found • Most products are susceptible to version leakage • More often products are leaky and vulnerable

56. SD-WAN New Hope https://github.com/sdnewhop/ • Sergey Gordeychik • Denis Kolegov • Oleg Broslavsky • Max Gorbunov • Nikita Oleksov • Nikolay Tkachenko • Anton Nikolaev • SD-WAN Internet Census • SD-WAN Harvester • SD-WAN Infiltrator • SD-WAN Threat Landscape

57. THANKS FOR ATTENTION @dnkolegov @yalegko @manmoleculo

SD-WAN Internet Census, Zeronighst 2018

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a SD-WAN Internet Census, Zeronighst 2018

Similar a SD-WAN Internet Census, Zeronighst 2018 (20)

Más de Sergey Gordeychik

Más de Sergey Gordeychik (10)

Último

Último (20)

SD-WAN Internet Census, Zeronighst 2018