Laura Lindeman
We’ve had a great year on the conference circuit, with close to 100 Salesforce employees highlighting their work externally in a talk! We’re sharing a roundup of some of the talks that were captured on tape in a series of three posts, organized by category. Feel free to bookmark the posts and come back later when you need a little break from holiday craziness to spend some time learning.
Up first: Security and DevOps.
Photo by Kane Reinholdtsen on Unsplash Security Fingerprinting Encrypted Channels for Detection JohnAlthouse
Talk by John Althouse at DerbyCon
Last year we open sourced JA3, a method for fingerprinting client applications over TLS, and we saw that it was good. This year we tried fingerprinting the server side of the encrypted communication, and it’s even better. Fingerprinting both ends of the channel creates a unique TLS communication fingerprint between client and server making detection of TLS C2 channels exceedingly easy. I’ll explain how in this talk. What about non-TLS encrypted channels? The same principal can be applied. I’ll talk about fingerprinting SSH clients and servers and what we’ve observed in our research. Are those SSH clients what they say they are? Maybe not.
Tweet about it:
@ DerbyCon
@ 4A4133
#Security
Compromising Online Accounts by Cracking Voicemail SystemsTalk by Martin Vigo at DEFCON 2018
Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these? In this talk I will cover voicemail systems, it’s security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.
Tweet about it:
@ defcon
@ martin_vigo
#Security
Get the Right Security Tools into your EnterpriseTalk by Sam Harwin at ACoD
Security professionals often struggle with getting buy-in, influencing their organizations and helping define the value of security tools. Further, we often focus on the technical aspects to the detriment of the ‘people’ and ‘process’ resulting in solutions that don’t get implemented to support the organization’s purpose or for security.
Also onour blog!
Fuzzing Malware For Fun andProfitTalk by Maksim Shudrak at DEFCON
Practice shows that even the most secure software written by the best engineers contain bugs. Malware is not an exception. In most cases their authors do not follow the best secure software development practices thereby introducing an interesting attack scenario which can be used to stop or slow-down malware spreading, defend against DDoS attacks and take control over C&Cs and botnets. Several previous researches have demonstrated that such bugs exist and can be exploited. To find those bugs it would be reasonable to use coverage-guided fuzzing. This talk aims to answer the following two questions: ___ we defend against malware by exploiting bugs in them? How can we use fuzzing to find those bugs automatically? The author will show how we can apply coverage-guided fuzzing to automatically find bugs in sophisticated malicious samples such as botnet Mirai which was used to conduct one of the most destructive DDoS in history and various banking trojans. A new cross-platform tool implemented on top of WinAFL will be released and a set of 0day vulnerabilities will be presented. Do you want to see how a small addition to HTTP-response can stop a large-scale DDoS attack or how a smart bitflipping can cause RCE in a sophisticated banking trojan? If the answer is yes, this is definitely your talk.
Tweet about it:
@ defcon
@ MShudrak
#Security
DevOps Distributed Tracing: From theory topracticeStella Cotton | Distributed tracing: From theory to practice
Traditional application performance monitoring is great for debugging a single app but how do you debug a system with… slideslive.com
Traditional application performance monitoring is great for debugging a single app but how do you debug a system with multiple services? Distributed tracing can help! You’ll learn the theory behind how distributed tracing works. But we’ll also dive into other practical considerations you won’t get from a README, like choosing libraries for your polyglot systems, infrastructure considerations, and security.
Tweet about it:
@ WebExpo
@ practice_cactus
#Monitoring
Performance anomaly detection atscaleWatch the talk by Tuli Nivas at Velocity Conference(O’Reilly login required)
Automated anomaly detection in production using simple data science techniques enables you to more quickly identify an issue and reduce the time it takes to get customers out of an outage. Tuli Nivas shows how to apply simple statistics to change how performance data is viewed and how to easily and effectively identify issues in production.
Tweet about it:
@ VelocityConf
@ TuliNivas
#DevOps
Check back next week for another roundup post, featuring talks on Machine Learning, AI, and Big Data.
