← Older revision
Revision as of 03:09, 11 November 2014
Line 26:
Line 26:
==Upcoming Events==
==Upcoming Events==
−
===
Cloud Computing – Security
and
Interoperability Perspectives
===
+
===
ROP It Like It's Hot: A 101 on BOFs, ROPs,
and
Shellcode Development on Linux
===
'''Who'''
'''Who'''
−
Steven Woodward, CEO, Cloud Perspectives
+
Nadeem Douba
−
Steven Woodward is CEO and founder of Cloud Perspectives and is the leader of the NIST (National Institute of Standards for Technology) Cloud Carrier and Cloud Auditor Sub-Groups within the Cloud Computing Reference Architecture. He is a leading contributor to NIST, TM Forum, Object Management Group Cloud Standards Customer Council, Canadian Cloud Council, IEEE and the International Telecommunication Union (ITU) Joint Collaboration Activity working groups.
+
'''What'''
−
Steven represents the Canadian Advanced Technology Alliance at the Shared Services Canada Architecture Advisory Committee
and
is influencing the Canadian Federal Government Cloud Computing Strategy
.
Steven is also one of
the
founding directors at the Canadian Chapter
of
the Cloud Security Alliance (CSA)
.
In addition
to
cloud standards and best practices guides, he authored
the
“Cloud Computing Solution Measurement” chapter
in the
2012 CRC Press published book, “The IFPUG Guide
to
IT and Software Measurement.”
+
To a normal human, hacking things like browsers
and
software seems like black voodoo magic
.
Even people in IT security struggle with
the
basic understanding
of
how a buffer overflow works
.
This workshop aims
to
demystify
the
art of exploiting vulnerabilities
in
binary software and equips you with
the
tools
to
pwn software on your own! We'll cover the following topics:
−
A frequent international instructor, keynote presenter and leader, he continues to help establish realistic roadmaps, plans, contracts, SLAs and governance practices for cloud computing. Recent and planned speaking engagements includes: National Science Foundation – Arlington Virginia, AFEI – Washington, ISMA - Rio de Janeiro, IEEE – Cyprus, Florida International University, Florida Atlantic University, itSMF – Ottawa, ISACA CACS – Las Vegas, TM Forum – Nice, BFPUG – Brasilia and OWASP in Ottawa and Los Angeles.
−
'''What'''
+
1. A brief introduction to Assembly
−
Many organizations are evaluating and migrating toward cloud computing solutions
.
In 2013, some
the
key challenges pertain to security and interoperability. Open cloud standards can help manage risks, while fostering efficient solution delivery.
+
2
.
A brief overview of
the
Linux Stack
−
Steven Woodward shares updates from numerous international cloud standards related organizations. In Canada, he leads several of the cloud computing initiatives in both the private and public sectors. This includes being one of the founding board members of the Cloud Security Alliance Canadian Chapter
.
+
3
.
Our Toolkit for Exploit Development
−
Steven describes key cloud ecosystems models; highlighting where security considerations fit, along with different perspectives on interoperability
.
Several real-life scenarios will be used, highlighting cloud concepts, security, interoperability and
the
impacts these can have
on
commitments
(
functionality, costs, time
-
to
-
value and quality
).
Service Agreements and Service Level Agreements will also be addressed to identify where you may find security and interoperability considerations specified in the contracts
.
+
4
.
Controlling the Instruction Pointer
+
*Classic BOF (no strings attached)
+
*ROP till' you drop (Defeating NX)
+
*Where am I? (Defeating ASLR)
+
*Silence
the
Canary (Defeating Stack Canaries)
+
+
5. Advanced Topics to Research
+
+
Students are expected to bring a laptop as this workshop is hands-
on
. The following tools/software is required:
+
+
*A VMWare image of 32-bit Kali Linux
(
download: http://cdimage.kali.org/kali
-
1.0.9a/kali
-
linux-1.0.9a-i386.iso
)
+
*PEDA (https://github
.
com/longld/peda)- Metasploit (apt-get install metasploit)- Shelln00b (apt-get install shellnoob)- ROPGadget (git clone
https://github
.
com/0vercl0k/rp)
+
*IDA Demo 6.6 for Linux (http://out7.hex-rays.com/files/idademo66_linux.tgz)
−
The presentation is designed
to
be interactive and will include some group activities
to
generate discussions and identify practical solutions.
+
Students are encouraged
to
work in groups so encourage your friends
to
come along!
−
Attendees of
the
presentation will leave with a better understanding of cloud security and interoperability considerations, plus be aware
of
reference material and models that help address those challenges
.
+
WARNING: We are in no way responsible for any hair loss during
the
course
of
this workshop. Successfully exploiting software may result in unusual happy dance behaviour
.
'''Where'''
'''Where'''
Line 60:
Line 71:
'''When'''
'''When'''
−
Tuesday,
September 23
, 2014 from 5:30PM to 7:30PM
+
Tuesday,
November 25
, 2014 from 5:30PM to 7:30PM
'''Registration'''
'''Registration'''
−
Register for free: [http://www.meetup.com/OWASP-Ottawa-Meetup-Web-Application-Security/events/
188223732
/ here]
+
Register for free: [http://www.meetup.com/OWASP-Ottawa-Meetup-Web-Application-Security/events/
188223862
/ here]
<br>
<br>
Line 90:
Line 101:
= Past Meetings =
= Past Meetings =
+
+
==== September 2014 ====
+
+
'''Title: ''' Cloud Computing – Security and Interoperability Perspectives
+
+
'''What''' Many organizations are evaluating and migrating toward cloud computing solutions. In 2013, some the key challenges pertain to security and interoperability. Open cloud standards can help manage risks, while fostering efficient solution delivery.
+
+
Steven Woodward shares updates from numerous international cloud standards related organizations. In Canada, he leads several of the cloud computing initiatives in both the private and public sectors. This includes being one of the founding board members of the Cloud Security Alliance Canadian Chapter.
+
+
Steven describes key cloud ecosystems models; highlighting where security considerations fit, along with different perspectives on interoperability. Several real-life scenarios will be used, highlighting cloud concepts, security, interoperability and the impacts these can have on commitments (functionality, costs, time-to-value and quality). Service Agreements and Service Level Agreements will also be addressed to identify where you may find security and interoperability considerations specified in the contracts.
+
+
'''Who''' Steven Woodward, CEO, Cloud Perspectives
==== August 2014 ====
==== August 2014 ====