Evrone is an engineering company successfully delivering high-quality digital products for more than nine years. With extensive experience in a wide range of modern software technologies, we are here to help you to design unique complex web projects and startups. Our websites: https://evrone.com/ https://evrone.ru
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and ...
…
continue reading
Доклад посвящен одной из злободневной теме, мы постараемся ответить на вопрос, как защитить мобильное приложение от удаления из сторов? В рамках доклада мы рассмотрим подход при котором мобильное приложение на Flutter без проблем можно запустить в вебе в режиме PWAPor From Evrone with love
…
continue reading
Dart — однопоточный а Flutter использует Dart. Тяжелые синхронные операции, работа с сетевыми запросами, конвертация данных. Все это отнимает драгоценное время на отрисовку интерфейса и следовательно влияет на производительность и частоту кадров. В докладе будет изложены основные принципы разделения сложных вычислений и вынесение их из главного пот…
…
continue reading
1
Александр Шерман [Самокат] / Ruby под нагрузкой, или меняем Puma на Falcon за неделю до релиза
14:27
Про Ruby редко говорят в контексте высоких нагрузок. C приходом всинхронных файберов в 3-й версии языка все поменялось, и самые смелые разработчики уже пробуют повторить успех FastAPI и Go в построении асинхронных систем с высоким RPS. Александр из "Самоката" расскажет про их смелые эксперименты, поделится цифрами и результатами.…
…
continue reading
Hotwire было представлено вместе с 7-ми рельсами менее года назад, и мало кто уже попробовал технологию в проде. В UScreen - попробовали! Марсель расскажет, как много лет в компании искали устраивающий их стек фронтенд технологий, чем не утраивали существующие и почему так "зашел" Hotwire.Por From Evrone with love
…
continue reading
Есть легенда, что рубисты - фуллстеки и любой рубист может писать на JavaScript не только фронтенд, но и бэкенд. Подключайтесь к докладу Дмитрия Матвеева, который расскажет как это бывает: когда рубистам достается код на Node.js и надо что-то делать.Por From Evrone with love
…
continue reading
1
Александр Панасюк [СберМаркет] / Чиним отставание реплик, не меняя архитектуру ruby монолита
15:38
Хайлоад чаще всего приходит к нам, чтобы полакомиться базой данных. Но у нас есть ответы! Кеширование, денормализация, шардирование, реплици - каждый со своими достоинствами и недостатками. Александр из СберМаркета расскажет об одном из недостатков репликации: реплики могут отставать, и это не всегда можно игнорировать. Про некоторые способы борьбы…
…
continue reading
1
Анвар Туйкин и Михаил Поспелов [Toptal] / Сказ о неработающих гайдлайнах: Toptal, GraphQL и линтеры
16:22
Toptal это огромный монолит на Ruby: сотни разработчиков и миллионы написанных строк кода. Мы используем GraphQL, которого при таких масштабах тоже немало: больше 20 схем. Чтобы раз за разом не повторять типовых ошибок и писать похожий код, мы разработали правила "готовки" для GraphQL внутри компании. Но правила не работают сами по себе, поэтому в …
…
continue reading
Однажды Евгению из Toptal надоело находить ошибки неконсистентности между ActiveRecord и базой данных. Он сделал линтер, натравил его на всю кодовую базу и... Что было дальше он расскажет в новом эпизоде нашего подкаста.Por From Evrone with love
…
continue reading
Генерация API клиентов - отдельное искусство. Множество подходов и решений без явного лучшего способа для всех. Сергей из Домлик расскажет про их собственный генератор, который разделяет код гемов на "сгенерированный", "общий для всех" и "написанный вручную для конкретного сервиса".Por From Evrone with love
…
continue reading
Elixir для рубистов - возможность создавать быстрые микросервисы "почти на руби". Но так ли легко освоить стек, уходящий своими корнями в не самый дружественный для программиста Erlang? Дмитрий из Evrone расскажет про свой путь в мир эликсира и что поджидает всех тех, кто хочет запилить очередной микросервис не на гошечке, а на чем-то более удобном…
…
continue reading
Каждый год на RubyRussia собирается больше тысячи рубистов. Зачем? Чтобы поговорить про разработку! Спикеры помогают направить обсуждение в выбранные темы, одна из которых - dry-rb. Егор из Level Travel расскажет, что лично ему нравится и не нравится в этом "швейцарском ноже паттернов" и вместе с вами обсудит границы применимости dry в наших проект…
…
continue reading
1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons
1:13:39
1:13:39
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:13:39
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …
…
continue reading
1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons
1:13:39
1:13:39
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:13:39
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 2
1:12:12
1:12:12
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:12:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 2
1:12:12
1:12:12
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:12:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
Traffic analysis is gathering information about parties not by analyzing the content of their communications, but through the metadata of those communications. It is not a single technique, but a family of techniques that are powerful and hard to defend against. Traffic analysis is also one of the least studied and least well understood techniques …
…
continue reading
Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks Wit…
…
continue reading
1
Krishna Kurapati: Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones
1:10:32
1:10:32
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:10:32
Dual-mode phones are used to automatically switch between WiFi and cellular networks thus providing lower costs, improved connectivity and a rich set of converged services utilizing protocols like SIP. Among several other VoIP products and services, Sipera VIPER Lab conducted vulnerability assessment on a sample group of dual-mode/Wi-Fi phones and …
…
continue reading
1
Mikko Hypponen: Status of Cell Phone Malware in 2007
1:08:35
1:08:35
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:08:35
First real viruses infecting mobile phones were found during late 2004. Since then, hundreds of different viruses have been found, most of them targeting smartphones running the Symbian operating system. Mobile phone viruses use new spreading vectors such as Multimedia messages and Bluetooth. Why is this mostly a Symbian problem? Why hasn't Windows…
…
continue reading
1
Greg Hoglund: Active Reversing: The Next Generation of Reverse Engineering
1:06:23
1:06:23
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:06:23
Most people think of reverse engineering as a tedious process of reading disassembled CPU instructions and attempting to predict or deduce what the original 'c' code was supposed to look like. This process is difficult, time consuming, and expensive, but it doesn't need to be. Software programs can be made to reverse engineer themselves. Software, …
…
continue reading
Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is showing something real? Is it compute…
…
continue reading
1
Adam Laurie: RFIDIOts!!!- Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)
1:13:07
1:13:07
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:13:07
RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them...Por feedback@blackhat.com (Black Hat RSS Feed)
…
continue reading
1
Dr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online
1:02:26
1:02:26
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:02:26
Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this pres…
…
continue reading
1
David Litchfield: Database Forensics
1:03:44
1:03:44
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:03:44
Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow. In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen - the largest known breach so far. In 2006 there were…
…
continue reading
Macs use an ultra-modern industry standard technology called EFI to handle booting. Sadly, Windows XP, and even Vista, are stuck in the 1980s with old-fashioned BIOS. But with Boot Camp, the Mac can operate smoothly in both centuries." - Quote taken from http://www.apple.com/macosx/bootcamp/ The Extensible Firmware Interface (EFI) has long been tou…
…
continue reading
1
David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know .
50:31
Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a lesson from your adversary... Hackers are famous for being lazy -- that?s why they?re hackers instead of productive members of society. They want to fin…
…
continue reading
1
Haroon Meer & Marco Slaviero: It's all about the timing
1:13:22
1:13:22
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:13:22
It's all about the timing... Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are …
…
continue reading
1
Luis Miras: Other Wireless: New ways of being Pwned
1:02:59
1:02:59
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:02:59
There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as…
…
continue reading
1
Ben Feinstein & Daniel Peck: CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript
1:00:18
1:00:18
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:00:18
The web browser is ever increasing in its importance to many organizations. Far from its origin as an application for fetching and rendering HTML, today?s web browser offers an expansive attack surface to exploit. All the major browsers now include full-featured runtime engines for a variety of interpreted scripting languages, including the popular…
…
continue reading
1
Jim Christy: Meet the Feds
1:13:48
1:13:48
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:13:48
Discussion of the power of Digital Forensics today and the real-world challenges. Also discuss the Defense Cyber Crime Center (DC3) and the triad of organizations that comprise DC3; The Defense Computer Forensics Lab, the Defense Cyber Crime Institute, and the Defense Cyber Investigations Training Academy. The evolving discipline of cyber crime inv…
…
continue reading
1
Tony Sager: KEYNOTE: The NSA Information Assurance Directorate and the National Security Community
46:15
The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Depart…
…
continue reading
Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why s…
…
continue reading
1
Pedram Amini & Aaron Portnoy: Fuzzing Sucks! (or Fuzz it Like you Mean it!)
1:13:03
1:13:03
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:13:03
Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be desired by way of automation. Perhaps the reason for this is that even the most rudimentary fuzzers are surprisingly effective. None the less, if you are serious about fuzz testing in as much a scientific process as possible than you have no doubt been disapp…
…
continue reading
Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server Virtualization, a component of Windows Server 2008, will introduce new virtualization capabilities to the Windows operating system. This talk will focus on security model of the system, with emphasis on design choices and deployment con…
…
continue reading
1
Rohyt Belani & Keith Jones: Smoke 'em Out!
1:20:42
1:20:42
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:20:42
Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we will discuss the challenges faced by digital investigators in solving electronic crime committed by knowledgeable insiders. These challenges will be presented in light of three real world investigations conducted by the presenters. The focus of this talk will on …
…
continue reading
1
Yoriy Bolygin: Remote and Local Exploitation of Network Drivers
1:14:40
1:14:40
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:14:40
During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop of entire enterprise without any "visible" connection with those laptops and execute a malicious code in kernel. This work describes the process behi…
…
continue reading
1
Jamie Butler & Kris Kendall: Blackout: What Really Happened...
1:10:25
1:10:25
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:10:25
Malicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart the efforts of human analysts, and make traditional memory forensics ineffective. Often a forensic examiner or incident response analyst may not know the weaknesses of the tools they are using or the advantage the attacker has ov…
…
continue reading
Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new threat that, while not well understood by most security professionals, is far from theoretical. This presentation will focus on a live demonstration of an…
…
continue reading
In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" That presentation introduced a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allowed an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities w…
…
continue reading
Get ready for the code to fly as two masters compete to discover as many security vulnerabilities in a single application as possible. In the spirit of the Food Network?s cult favorite show, Iron Chef, our Chairman will reveal the surprise ingredient (the code), and then let the challenger and the ?Iron Hacker? face off in a frenetic security battl…
…
continue reading
1
Jennifer Granick: Disclosure and Intellectual Property Law: Case Studies
1:13:44
1:13:44
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:13:44
The simple decision by a researcher to tell what he or she has discovered about a software product or website can be very complicated both legally and ethically. The applicable legal rules are complicated, there isn?t necessarily any precedent, and what rules there are may be in flux. In this presentation, I will use Cisco and ISS's lawsuit against…
…
continue reading
1
David Coffey & John Viega: Building an Effective Application Security Practice on a Shoestring Budget
1:07:57
1:07:57
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:07:57
Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business d…
…
continue reading
1
Job De Haas: Side Channel Attacks (DPA) and Countermeasures for Embedded Systems
1:19:23
1:19:23
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:19:23
For 10 years Side Channel Analysis and its related attacks have been the primary focus in the field of smart cards. These cryptographic devices are built with the primary objective to resist tampering and guard secrets. Embedded systems in general have a much lower security profile. This talk explores the use and impact of Side Channel Analysis on …
…
continue reading
1
Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch: Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing
40:05
Runtime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pools of sessions to actively learn the interface protocol. We call this activity grey-box fuzzing. We intend to show that, when applicable, grey-box fuzzing…
…
continue reading
As VoIP products and services increase in popularity and as the "convergence" buzzword is used as the major selling point, it's time that the impact of such convergence and other VoIP security issues underwent a thorough security review. This presentation will discuss the current issues in VoIP security, explain why the current focus is slightly wr…
…
continue reading
1
Roger Dingledine: TOR
1:10:32
1:10:32
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:10:32
Tor project, an anonymous communication system for the Internet that has been funded by both the US Navy and the Electronic Frontier Foundation.Por feedback@blackhat.com (Black Hat RSS Feed)
…
continue reading
1
Mark Dowd, John Mcdonald & Neel Mehta: Breaking C++ Applications
1:15:15
1:15:15
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:15:15
This presentation addresses the stated problem by focusing specifically on C++-based security, and outlines types of vulnerabilities that can exist in C++ applications. It will examine not only the base language, but also covers APIs and auxillary functionality provided by common platforms, primarily the contemporary Windows OSs. The topics that wi…
…
continue reading
1
Joel Eriksson & Panel: Kernel Wars
1:13:34
1:13:34
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:13:34
Kernel vulnerabilities are often deemed unexploitable or at least unlikely to be exploited reliably. Although it's true that kernel-mode exploitation often presents some new challenges for exploit developers, it still all boils down to ""creative debugging"" and knowledge about the target in question. This talk intends to demystify kernel-mode expl…
…
continue reading
1
Justin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques
47:13
Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. This presentation examines a flaw that was found in several popular open-source applications including mod_auth_kerb (Apache Kerberos Authentication), Sam…
…
continue reading
1
Kevvie Fowler: SQL Server Database Forensics
1:04:22
1:04:22
Reproducir más Tarde
Reproducir más Tarde
Listas
Me gusta
Me gusta
1:04:22
Databases are the single most valuable asset a business owns. Databases store and process critical healthcare, financial and corporate data, yet businesses place very little focus on securing and logging the underlying database transactions. As well, in an effort to trim costs, many organizations are consolidating several databases on to single mis…
…
continue reading