SlideShare una empresa de Scribd logo

Bir macOS APT Senaryosu

BGA Cyber Security
BGA Cyber Security

Onur Alanbel #İSTSEC'19 Picus Security // Bir macOS APT Senaryosu

Tecnología
1 de 18
Bir macOS APT Senaryosu Onur ALANBEL
$id -un • Product Manager - Picus Security • Bilgisayar Mühendisliği – İYTE • Twitter - @onuralanbel • Github - onura
Ajanda Hedef olarak macOS İlk erişim Yetki yükseltme Kalıcılık Veri toplama Veri kaçırma
Hedef olarak macOS Üst düzey hedeflerde yaygın kullanım Düşük güvenlik önlemleri (gözden uzak) Gerçek hayat örnekleri • Lazarus • Windtail • Diğerleri
İlk erişim Exploit (0 to 2-3 days) • Safari • MS Office for Mac • Preview Keynote, Numbers vb. Zafiyet değil özellik • URL Scheme Handlers Diğerleri
URL Schemes • Document Handlers • URL schemes • URL scheme kaydeden bir paket oluşturma • Download + forward ile istismar
URL Schemes • Document Handlers CFBundleTypeExtensions = ( rtf ); CFBundleTypeName = "Rich Text Document"; CFBundleTypeRole = Editor; LSItemContentTypes = ( /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/l sregister -dump |grep -a5 -b5 TypeExtension Bundle • Info.plist • CFBundleTypeExtension Dosya Diske Yazılır macOS Document Handler kaydeder
URL Schemes • URL Schemes /System/Library/Frameworks/CoreServices.framework/Frameworks/Launc hServices.framework/Support/lsregister -dump |grep -a5 -b5 -i CFBundleURLSchemessssh:// CFBundleURLTypes = ( { CFBundleURLName = "ssh URL"; CFBundleURLSchemes = ( ssh ); }, { CFBundleURLName = "x-man-page URL"; ssh ); } );
URL Schemes • URL Schemes videoconf:// Info.plist
Implant Seçimi SSH Backdoor • Basit ve etkili Mettle • Stabil • Post exploitation kolay Empire • Stabil • Güçlü C2 iletişimi • Post exploitation kolay EvilOSXs • macOS'e özel bir çok post exploitation modülü
Empire stager ile paket oluşturma Http listener osx/macho stager stager > macosapt.app
İstismar Sayfası
Gatekeeper İmzalı app kullanmak • Windtail kullanıyor Gatekeeper bypass (0 or 2-3 days) • Hemen her versiyonda bulunabiliyor İlk erişimden sonra curl + exec • Bir çok macOS zararlısı kullanıyor Homograph • Genelde GK bypass ile beraber ikna edici dosya isimleri oluşturmakta kullanılır
Yetki Yükseltme • Local Privilege Escalation Exploit (CVE-2019-8513) • macOS 10.14.3 • Password Phishing • macOS 10.14.4
Kalıcılık • Mail <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0"> <plist version="1.0"> <dict> <key>Label</key> <string>com.proxy.initialize</string> <key>ProgramArguments</key> <array> <string>/usr/local/macosapt</string> </array> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> </dict> </plist> <dict> <key>AllCriteriaMustBeSatisfied</key> <string>NO</string> <key>AppleScript</key> <string>persist.scpt</string> <key>AutoResponseType</key> <integer>0</integer> <key>Criteria</key> <array> <dict> ----- <key>Expression</key> <string>macosAPT</string> <key>Header</key> ------ • Launch Daemon
Veri Toplama ve Kaçırma Dump keychain without root • CVE-2019-8526 • Keychain Stealer App Keychain masterkey in memory • Keychaindump • Keychaindump chainbreaker macOS’e özel olmayan diğerleri • Dump Chrome passwords • Browser history • Keylogging • Screenshots • Mic recording
Sorular info@picussecurity.com
Referanslar • https://www.sentinelone.com/blog/how-malware-bypass-macos-gatekeeper/ • https://digitasecurity.com/blog/2018/08/30/windshift/ • https://www.n00py.io/2016/10/using-email-for-persistence-on-os-x/ • https://null-byte.wonderhowto.com/how-to/hacking-macos-perform-privilege-escalation-part-2-password-phishing-0186332/ • https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43?sk=3970823f97714fac1d04d75325e3cbac • https://www.willmaster.com/library/features/download-and-redirect-with-one-click.php

Recomendados

8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Хакеро-машинный интерфейс
Хакеро-машинный интерфейсХакеро-машинный интерфейс
Хакеро-машинный интерфейсPositive Hack Days
 
Cloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsCloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsIndicThreads
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 

Recomendados

8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Хакеро-машинный интерфейс
Хакеро-машинный интерфейсХакеро-машинный интерфейс
Хакеро-машинный интерфейсPositive Hack Days
 
Cloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsCloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsIndicThreads
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossecJeronimo Zucco
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
Mod security
Mod securityMod security
Mod securityShruthi Kamath
 
Online Authentication
Online AuthenticationOnline Authentication
Online AuthenticationMarc-Andre Heroux
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionBlue Coat
 
L27
L27L27
L27NathannyabvureMapisa
 
Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?S&T Consulting Hungary
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best PracticesHeather Axworthy
 
McAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint SecurityMcAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint Securitynetlogix
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENVladyslav Radetsky
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS OverviewGuardEra Access Solutions, Inc.
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMPCisco Canada
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Archiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan Volz
Archiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan VolzArchiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan Volz
Archiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan VolzDatabricks
 
Low latency scalable web crawling on Apache Storm
Low latency scalable web crawling on Apache StormLow latency scalable web crawling on Apache Storm
Low latency scalable web crawling on Apache StormJulien Nioche
 

Más contenido relacionado

La actualidad más candente

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionBlue Coat
 
Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?S&T Consulting Hungary
 
McAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint SecurityMcAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint Securitynetlogix
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENVladyslav Radetsky
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 

La actualidad más candente (20)

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
Mod security
Mod securityMod security
Mod security
 
Online Authentication
Online AuthenticationOnline Authentication
Online Authentication
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
 
L27
L27L27
L27
 
Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best Practices
 
McAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint SecurityMcAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint Security
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_EN
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS Overview
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 

Similar a Bir macOS APT Senaryosu

Archiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan Volz
Archiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan VolzArchiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan Volz
Archiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan VolzDatabricks
 
Low latency scalable web crawling on Apache Storm
Low latency scalable web crawling on Apache StormLow latency scalable web crawling on Apache Storm
Low latency scalable web crawling on Apache StormJulien Nioche
 
Large Scale Crawling with Apache Nutch and Friends
Large Scale Crawling with Apache Nutch and FriendsLarge Scale Crawling with Apache Nutch and Friends
Large Scale Crawling with Apache Nutch and Friendslucenerevolution
 
Large Scale Crawling with Apache Nutch and Friends
Large Scale Crawling with Apache Nutch and FriendsLarge Scale Crawling with Apache Nutch and Friends
Large Scale Crawling with Apache Nutch and FriendsJulien Nioche
 
Big Data Introduction - Solix empower
Big Data Introduction - Solix empowerBig Data Introduction - Solix empower
Big Data Introduction - Solix empowerDurga Gadiraju
 
Introduction to Kafka and Zookeeper
Introduction to Kafka and ZookeeperIntroduction to Kafka and Zookeeper
Introduction to Kafka and ZookeeperRahul Jain
 
Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures Stenio Ferreira
 
Unleash the Power of Redis with Amazon ElastiCache
Unleash the Power of Redis with Amazon ElastiCache Unleash the Power of Redis with Amazon ElastiCache
Unleash the Power of Redis with Amazon ElastiCache Amazon Web Services
 
Unleash the Power of Redis with Amazon ElastiCache
Unleash the Power of Redis with Amazon ElastiCacheUnleash the Power of Redis with Amazon ElastiCache
Unleash the Power of Redis with Amazon ElastiCacheAmazon Web Services
 
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn ContainerDay Security 2023
 
Providence: rapid vulnerability prevention
Providence: rapid vulnerability preventionProvidence: rapid vulnerability prevention
Providence: rapid vulnerability preventionSalesforce Engineering
 
Introduction to firebidSQL 3.x
Introduction to firebidSQL 3.xIntroduction to firebidSQL 3.x
Introduction to firebidSQL 3.xFabio Codebue
 
Managing Applications in CodeIgniter
Managing Applications in CodeIgniterManaging Applications in CodeIgniter
Managing Applications in CodeIgniterJamshid Hashimi
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Toni de la Fuente
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...RootedCON
 
Building Machine Learning Inference Pipelines at Scale (July 2019)
Building Machine Learning Inference Pipelines at Scale (July 2019)Building Machine Learning Inference Pipelines at Scale (July 2019)
Building Machine Learning Inference Pipelines at Scale (July 2019)Julien SIMON
 

Similar a Bir macOS APT Senaryosu (20)

Archiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan Volz
Archiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan VolzArchiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan Volz
Archiving, E-Discovery, and Supervision with Spark and Hadoop with Jordan Volz
 
Low latency scalable web crawling on Apache Storm
Low latency scalable web crawling on Apache StormLow latency scalable web crawling on Apache Storm
Low latency scalable web crawling on Apache Storm
 
Large Scale Crawling with Apache Nutch and Friends
Large Scale Crawling with Apache Nutch and FriendsLarge Scale Crawling with Apache Nutch and Friends
Large Scale Crawling with Apache Nutch and Friends
 
Large Scale Crawling with Apache Nutch and Friends
Large Scale Crawling with Apache Nutch and FriendsLarge Scale Crawling with Apache Nutch and Friends
Large Scale Crawling with Apache Nutch and Friends
 
Big Data Introduction - Solix empower
Big Data Introduction - Solix empowerBig Data Introduction - Solix empower
Big Data Introduction - Solix empower
 
SolrCloud on Hadoop
SolrCloud on HadoopSolrCloud on Hadoop
SolrCloud on Hadoop
 
Introduction to Kafka and Zookeeper
Introduction to Kafka and ZookeeperIntroduction to Kafka and Zookeeper
Introduction to Kafka and Zookeeper
 
Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures
 
Unleash the Power of Redis with Amazon ElastiCache
Unleash the Power of Redis with Amazon ElastiCache Unleash the Power of Redis with Amazon ElastiCache
Unleash the Power of Redis with Amazon ElastiCache
 
Unleash the Power of Redis with Amazon ElastiCache
Unleash the Power of Redis with Amazon ElastiCacheUnleash the Power of Redis with Amazon ElastiCache
Unleash the Power of Redis with Amazon ElastiCache
 
Using Data Lakes
Using Data LakesUsing Data Lakes
Using Data Lakes
 
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
Container Security - Let's see Falco and Sysdig in Action by Stefan Trimborn
 
Providence: rapid vulnerability prevention
Providence: rapid vulnerability preventionProvidence: rapid vulnerability prevention
Providence: rapid vulnerability prevention
 
Using Data Lakes
Using Data LakesUsing Data Lakes
Using Data Lakes
 
Introduction to firebidSQL 3.x
Introduction to firebidSQL 3.xIntroduction to firebidSQL 3.x
Introduction to firebidSQL 3.x
 
Managing Applications in CodeIgniter
Managing Applications in CodeIgniterManaging Applications in CodeIgniter
Managing Applications in CodeIgniter
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
 
Using Data Lakes
Using Data LakesUsing Data Lakes
Using Data Lakes
 
Building Machine Learning Inference Pipelines at Scale (July 2019)
Building Machine Learning Inference Pipelines at Scale (July 2019)Building Machine Learning Inference Pipelines at Scale (July 2019)
Building Machine Learning Inference Pipelines at Scale (July 2019)
 

Más de BGA Cyber Security

WEBSOCKET Protokolünün Derinlemesine İncelenmesi
WEBSOCKET Protokolünün Derinlemesine İncelenmesiWEBSOCKET Protokolünün Derinlemesine İncelenmesi
WEBSOCKET Protokolünün Derinlemesine İncelenmesiBGA Cyber Security
 
Tatil Öncesi Güvenlik Kontrol Listesi.pdf
Tatil Öncesi Güvenlik Kontrol Listesi.pdfTatil Öncesi Güvenlik Kontrol Listesi.pdf
Tatil Öncesi Güvenlik Kontrol Listesi.pdfBGA Cyber Security
 
Ücretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık EğitimiÜcretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık EğitimiBGA Cyber Security
 
3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?BGA Cyber Security
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBGA Cyber Security
 
Webinar: Popüler black marketler
Webinar: Popüler black marketlerWebinar: Popüler black marketler
Webinar: Popüler black marketlerBGA Cyber Security
 
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım SenaryolarıWebinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım SenaryolarıBGA Cyber Security
 
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020BGA Cyber Security
 
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm ÖnerileriDNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm ÖnerileriBGA Cyber Security
 
Webinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
Webinar: Siber Güvenlikte Olgunluk Seviyesini ArttırmakWebinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
Webinar: Siber Güvenlikte Olgunluk Seviyesini ArttırmakBGA Cyber Security
 
Open Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-IIOpen Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-IIBGA Cyber Security
 
Webinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner Güvenliği
Webinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner GüvenliğiWebinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner Güvenliği
Webinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner GüvenliğiBGA Cyber Security
 
Hacklenmiş Windows Sistem Analizi
Hacklenmiş Windows Sistem AnaliziHacklenmiş Windows Sistem Analizi
Hacklenmiş Windows Sistem AnaliziBGA Cyber Security
 
RAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİ
RAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİRAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİ
RAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİBGA Cyber Security
 
BGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing Raporu
BGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing RaporuBGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing Raporu
BGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing RaporuBGA Cyber Security
 
SOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu Çözümler
SOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu ÇözümlerSOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu Çözümler
SOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu ÇözümlerBGA Cyber Security
 
Veri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of Secrets
Veri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of SecretsVeri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of Secrets
Veri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of SecretsBGA Cyber Security
 
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi ToplamaAktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi ToplamaBGA Cyber Security
 

Más de BGA Cyber Security (20)

WEBSOCKET Protokolünün Derinlemesine İncelenmesi
WEBSOCKET Protokolünün Derinlemesine İncelenmesiWEBSOCKET Protokolünün Derinlemesine İncelenmesi
WEBSOCKET Protokolünün Derinlemesine İncelenmesi
 
Tatil Öncesi Güvenlik Kontrol Listesi.pdf
Tatil Öncesi Güvenlik Kontrol Listesi.pdfTatil Öncesi Güvenlik Kontrol Listesi.pdf
Tatil Öncesi Güvenlik Kontrol Listesi.pdf
 
Ücretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık EğitimiÜcretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık Eğitimi
 
3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
 
Webinar: Popüler black marketler
Webinar: Popüler black marketlerWebinar: Popüler black marketler
Webinar: Popüler black marketler
 
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım SenaryolarıWebinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
 
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
 
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm ÖnerileriDNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
 
Webinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
Webinar: Siber Güvenlikte Olgunluk Seviyesini ArttırmakWebinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
Webinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
 
Open Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-IIOpen Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-II
 
Webinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner Güvenliği
Webinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner GüvenliğiWebinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner Güvenliği
Webinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner Güvenliği
 
Hacklenmiş Windows Sistem Analizi
Hacklenmiş Windows Sistem AnaliziHacklenmiş Windows Sistem Analizi
Hacklenmiş Windows Sistem Analizi
 
Open Source SOC Kurulumu
Open Source SOC KurulumuOpen Source SOC Kurulumu
Open Source SOC Kurulumu
 
RAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİ
RAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİRAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİ
RAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİ
 
Siber Fidye 2020 Raporu
Siber Fidye 2020 RaporuSiber Fidye 2020 Raporu
Siber Fidye 2020 Raporu
 
BGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing Raporu
BGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing RaporuBGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing Raporu
BGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing Raporu
 
SOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu Çözümler
SOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu ÇözümlerSOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu Çözümler
SOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu Çözümler
 
Veri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of Secrets
Veri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of SecretsVeri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of Secrets
Veri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of Secrets
 
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi ToplamaAktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
 

Último

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 

Último (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 

Bir macOS APT Senaryosu

  • 1. Bir macOS APT Senaryosu Onur ALANBEL
  • 2. $id -un • Product Manager - Picus Security • Bilgisayar Mühendisliği – İYTE • Twitter - @onuralanbel • Github - onura
  • 4. Hedef olarak macOS Üst düzey hedeflerde yaygın kullanım Düşük güvenlik önlemleri (gözden uzak) Gerçek hayat örnekleri • Lazarus • Windtail • Diğerleri
  • 5. İlk erişim Exploit (0 to 2-3 days) • Safari • MS Office for Mac • Preview Keynote, Numbers vb. Zafiyet değil özellik • URL Scheme Handlers Diğerleri
  • 6. URL Schemes • Document Handlers • URL schemes • URL scheme kaydeden bir paket oluşturma • Download + forward ile istismar
  • 7. URL Schemes • Document Handlers CFBundleTypeExtensions = ( rtf ); CFBundleTypeName = "Rich Text Document"; CFBundleTypeRole = Editor; LSItemContentTypes = ( /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/l sregister -dump |grep -a5 -b5 TypeExtension Bundle • Info.plist • CFBundleTypeExtension Dosya Diske Yazılır macOS Document Handler kaydeder
  • 8. URL Schemes • URL Schemes /System/Library/Frameworks/CoreServices.framework/Frameworks/Launc hServices.framework/Support/lsregister -dump |grep -a5 -b5 -i CFBundleURLSchemessssh:// CFBundleURLTypes = ( { CFBundleURLName = "ssh URL"; CFBundleURLSchemes = ( ssh ); }, { CFBundleURLName = "x-man-page URL"; ssh ); } );
  • 9. URL Schemes • URL Schemes videoconf:// Info.plist
  • 10. Implant Seçimi SSH Backdoor • Basit ve etkili Mettle • Stabil • Post exploitation kolay Empire • Stabil • Güçlü C2 iletişimi • Post exploitation kolay EvilOSXs • macOS'e özel bir çok post exploitation modülü
  • 11. Empire stager ile paket oluşturma Http listener osx/macho stager stager > macosapt.app
  • 13. Gatekeeper İmzalı app kullanmak • Windtail kullanıyor Gatekeeper bypass (0 or 2-3 days) • Hemen her versiyonda bulunabiliyor İlk erişimden sonra curl + exec • Bir çok macOS zararlısı kullanıyor Homograph • Genelde GK bypass ile beraber ikna edici dosya isimleri oluşturmakta kullanılır
  • 14. Yetki Yükseltme • Local Privilege Escalation Exploit (CVE-2019-8513) • macOS 10.14.3 • Password Phishing • macOS 10.14.4
  • 15. Kalıcılık • Mail <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0"> <plist version="1.0"> <dict> <key>Label</key> <string>com.proxy.initialize</string> <key>ProgramArguments</key> <array> <string>/usr/local/macosapt</string> </array> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> </dict> </plist> <dict> <key>AllCriteriaMustBeSatisfied</key> <string>NO</string> <key>AppleScript</key> <string>persist.scpt</string> <key>AutoResponseType</key> <integer>0</integer> <key>Criteria</key> <array> <dict> ----- <key>Expression</key> <string>macosAPT</string> <key>Header</key> ------ • Launch Daemon
  • 16. Veri Toplama ve Kaçırma Dump keychain without root • CVE-2019-8526 • Keychain Stealer App Keychain masterkey in memory • Keychaindump • Keychaindump chainbreaker macOS’e özel olmayan diğerleri • Dump Chrome passwords • Browser history • Keylogging • Screenshots • Mic recording
  • 18. Referanslar • https://www.sentinelone.com/blog/how-malware-bypass-macos-gatekeeper/ • https://digitasecurity.com/blog/2018/08/30/windshift/ • https://www.n00py.io/2016/10/using-email-for-persistence-on-os-x/ • https://null-byte.wonderhowto.com/how-to/hacking-macos-perform-privilege-escalation-part-2-password-phishing-0186332/ • https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43?sk=3970823f97714fac1d04d75325e3cbac • https://www.willmaster.com/library/features/download-and-redirect-with-one-click.php