DOCSLIB.ORG

Securing Devops Security in the Cloud

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Securing Devops Security in the Cloud Security in the cloud Julien Vehent MANNING www.allitebooks.com www.allitebooks.com Securing DevOps Security in the Cloud JULIEN VEHENT MANNING SHELTER ISLAND www.allitebooks.com For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. 20 Baldwin Road PO Box 761 Shelter Island, NY 11964 Email: [email protected] ©2018 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. ∞ Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid- free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15 percent recycled and processed without the use of elemental chlorine. Manning Publications Co. Development editors: Dan Maharry and Toni Arritola 20 Baldwin Road Technical development editor: Luis Atencio PO Box 761 Project manager: Janet Vail Shelter Island, NY 11964 Proofreader: Katie Tennant Technical proofreader: Andrew Bovill Typesetter: Happenstance Type-o-Rama Cover designer: Marija Tudor ISBN 9781617294136 Printed in the United States of America 1 2 3 4 5 6 7 8 9 10 – DP – 23 22 21 20 19 18 www.allitebooks.com To my wife, Bogdana To all the folks at Mozilla who keep the web secure and open www.allitebooks.com brief contents 1 ■ Securing DevOps 1 Part 1 Case study: applying layers of security to a simple DevOps pipeline ...................................19 2 ■ Building a barebones DevOps pipeline 21 3 ■ Security layer 1: protecting web applications 45 4 ■ Security layer 2: protecting cloud infrastructures 78 5 ■ Security layer 3: securing communications 119 6 ■ Security layer 4: securing the delivery pipeline 148 Part 2 Watching for anomalies and protecting services against attacks ......................................177 7 ■ Collecting and storing logs 179 8 ■ Analyzing logs for fraud and attacks 208 9 ■ Detecting intrusions 240 10 ■ The Caribbean breach: a case study in incident response 275 Part 3 Maturing DevOps security ..................................299 11 ■ Assessing risks 301 12 ■ Testing security 329 13 ■ Continuous security 354 v contents preface xiii acknowledgments xvi about this book xviii about the author xxi about the cover illustration xxii Securing DevOps 1 1 1.1 The DevOps approach 2 Continuous integration 4 ■ Continuous delivery 4 Infrastructure as a service 5 ■ Culture and trust 6 1.2 Security in DevOps 7 1.3 Continuous security 8 Test-driven security 10 ■ Monitoring and responding to attacks 12 ■ Assessing risks and maturing security 16 Part 1 Case study: applying layers of security to a simple DevOps pipeline ... 19 Building a barebones DevOps pipeline 21 2 2.1 Implementation roadmap 22 2.2 The code repository: GitHub 24 2.3 The CI platform: CircleCI 24 vii viiiviii CONTENTS 2.4 The container repository: Docker Hub 28 2.5 The production infrastructure: Amazon Web Services 30 Three-tier architecture 31 ■ Configuring access to AWS 32 ■ Virtual Private Cloud 33 ■ Creating the database tier 34 ■ Creating the first two tiers with Elastic Beanstalk 36 ■ Deploying the container onto your systems 40 2.6 A rapid security audit 43 Security layer 1: protecting web applications 45 3 3.1 Securing and testing web apps 46 3.2 Website attacks and content security 50 Cross-site scripting and Content-Security Policy 51 ■ Cross-site request forgery 57 ■ Clickjacking and IFrames protection 62 3.3 Methods for authenticating users 63 HTTP basic authentication 63 ■ Password management 65 Identity providers 67 ■ Sessions and cookie security 71 ■ Testing authentication 72 3.4 Managing dependencies 72 Golang vendoring 73 ■ Node.js package management 74 ■ Python requirements 76 Security layer 2: protecting cloud infrastructures 78 4 4.1 Securing and testing cloud infrastructure: the deployer app 79 Setting up the deployer 80 ■ Configuration notifications between Docker Hub and the deployer 81 ■ Running tests against the infrastructure 81 ■ Updating the invoicer environment 82 4.2 Restricting network access 83 Testing security groups 84 ■ Opening access between security groups 86 4.3 Building a secure entry point 88 Generating SSH keys 89 ■ Creating a bastion host in EC2 91 ■ Enabling two-factor authentication with SSH 92 ■ Sending notifications on accesses 98 ■ General security considerations 100 ■ Opening access between security groups 106 CONTENTS ix 4.4 Controlling access to the database 108 Analyzing the database structure 108 ■ Roles and permissions in PostgreSQL 110 ■ Defining fine-grained permissions for the invoicer application 111 ■ Asserting permissions in the deployer 116 Security layer 3: securing communications 119 5 5.1 What does it mean to secure communications? 120 Early symmetric cryptography 121 ■ Diffie-Hellman and RSA 122 Public-key infrastructures 125 ■ SSL and TLS 126 5.2 Understanding SSL/TLS 127 The certificate chain 128 ■ The TLS handshake 129 Perfect forward secrecy 131 5.3 Getting applications to use HTTPS 131 Obtaining certificates from AWS 132 ■ Obtaining certificates from Let’s Encrypt 133 ■ Enabling HTTPS on AWS ELB 135 5.4 Modernizing HTTPS 138 Testing TLS 139 ■ Implementing Mozilla’s Modern guidelines 141 ■ HSTS: Strict Transport Security 143 HPKP: Public Key Pinning 144 Security layer 4: securing the delivery pipeline 148 6 6.1 Access control to code-management infrastructure 151 Managing permissions in a GitHub organization 152 Managing permissions between GitHub and CircleCI 154 Signing commits and tags with Git 157 6.2 Access control for container storage 160 Managing permissions between Docker Hub and CircleCI 160 ■ Signing containers with Docker Content Trust 163 6.3 Access control for infrastructure management 164 Managing permissions using AWS roles and policies 164 ■ Distributing secrets to production systems 168 x CONTENTS Part 2 Watching for anomalies and protecting services against attacks ...................... 177 Collecting and storing logs 179 7 7.1 Collecting logs from systems and applications 182 Collecting logs from systems 183 ■ Collecting application logs 187 ■ Infrastructure logging 191 ■ Collecting logs from GitHub 194 7.2 Streaming log events through message brokers 196 7.3 Processing events in log consumers 198 7.4 Storing and archiving logs 202 7.5 Accessing logs 204 Analyzing logs for fraud and attacks 208 8 8.1 Architecture of a log-analysis layer 209 8.2 Detecting attacks using string signatures 216 8.3 Statistical models for fraud detection 220 Sliding windows and circular buffers 221 ■ Moving averages 223 8.4 Using geographic data to find abuses 227 Geo-profiling users 228 ■ Calculating distances 230 ■ Finding a user’s normal connection area 231 8.5 Detecting anomalies in known patterns 232 User-agent signature 232 ■ Anomalous browser 233 ■ Interaction patterns 233 8.6 Raising alerts to operators and end users 233 Escalating security events to operators 234 ■ How and when to notify end users 237 Detecting intrusions 240 9 9.1 The seven phases of an intrusion: the kill chain 241 9.2 What are indicators of compromise? 243 9.3 Scanning endpoints for IOCs 250 9.4 Inspecting network traffic with Suricata 262 Setting up Suricata 263 ■ Monitoring the network 264 Writing rules 266 ■ Using predefined rule-sets 267 CONTENTS xi 9.5 Finding intrusions in system-call audit logs 267 The execution vulnerability 268 ■ Catching fraudulent executions 269 ■ Monitoring the filesystem 271 ■ Monitoring the impossible 272 9.6 Trusting humans to detect anomalies 273 The Caribbean breach: a case study in incident response 275 10 10.1 The Caribbean breach 277 10.2 Identification 278 10.3 Containment 281 10.4 Eradication 283 Capturing digital forensics artifacts in AWS 284 ■ Outbound IDS filtering 286 ■ Hunting IOCs with MIG 290 10.5 Recovery 293 10.6 Lessons learned and the benefits of preparation 295 Part 3 Maturing DevOps security ..................... 299 Assessing risks 301 11 11.1 What is risk management? 302 11.2 The CIA triad 304 Confidentiality 305 ■ Integrity 306 ■ Availability 307 11.3 Establishing the top threats to an organization 309 11.4 Quantifying the impact of risks 311 Finances 311 ■ Reputation 311 ■ Productivity 312 11.5 Identifying threats and measuring vulnerability 313 The STRIDE threat-modeling framework 313 ■ The DREAD threat-modeling framework 315 11.6 Rapid risk assessment 316 Gathering information 318 ■ Establishing a data dictionary 319 ■ Identifying and measuring risks 321 ■ Making recommendations 324 11.7 Recording and tracking risks 325 Accepting, rejecting, and delegating risks 327 ■ Revisiting risks regularly 327 xii CONTENTS Testing security 329 12 12.1 Maintaining security visibility 330 12.2 Auditing internal applications and services 332 Web-application scanners 333 ■ Fuzzing 336 ■ Static code analysis 338 ■ Auditing Cloud Infrastructure 341 12.3 Red teams and external pen testing 345 12.4 Bug bounty programs 350 Continuous security 354 13 13.1 Practice and repetition: 10,000 hours of security 355 13.2 Year 1: integrating security into DevOps 356 Don’t judge too early 358 ■ Test everything and make dashboards 358 13.3 Year 2: preparing for the worst 359 Avoid duplicating infrastructure 360 ■ Build versus buy 361 ■ Getting breached 362 13.4 Year 3: driving the change 362 Revisit security priorities 363 ■ Progressing iteratively 364 index 365 preface I’m scavenging through shelves of discarded hardware in the basement of the old gov- ernment building, when a pair of sturdy-looking hard drives catch my attention.
Load more

Recommended publications
  • Open Source License Report on the Product
    OPEN SOURCE LICENSE REPORT ON THE PRODUCT The software included in this product contains copyrighted software that is licensed under the GPLv2, GPLv3, gSOAP Public License, jQuery, PHP License 3.01, FTL, BSD 3-Clause License, Public Domain, MIT License, OpenSSL Combined License, Apache 2.0 License, zlib/libpng License, , . You may obtain the complete corresponding source code from us for a period of three years after our last shipment of this product by sending email to: [email protected] If you want to obtain the complete corresponding source code with a physical medium such as CD-ROM, the cost of physically performing source distribution might be charged. For more details about Open Source Software, refer to eneo website at www.eneo-security.com, the product CD and manuals. GPLv2: u-Boot 2013.07, Linux Kernel 3.10.55, busybox 1.20.2, ethtool 3.10, e2fsprogs 1.41.14, mtd-utils 1.5.2, lzo 2.05, nfs-utils 1.2.7, cryptsetup 1.6.1, udhcpd 0.9.9 GPLv3: pwstrength 2.0.4 gSOAP Public License: gSOAP 2.8.10 jQuery License: JQuery 2.1.1, JQuery UI 1.10.4 PHP: PHP 5.4.4 FTL (FreeType License): freetype 2.4.10 BSD: libtirpc 0.2.3, rpcbind 0.2.0, lighttpd 1.4.32, hdparm 9,45, hostpad 2, wpa_supplicant 2, jsbn 1.4 Public Domain: sqlite 3.7.17 zlib: zlib 1.2.5 MIT:pwstrength 2.0.4, ezxml 0.8.6, bootstrap 3.3.4, jquery-fullscreen 1.1.5, jeditable 1.7.1, jQuery jqGrid 4.6.0, fullcalendar 2.2.0, datetimepicker 4.17.42, clockpicker 0.0.7, dataTables 1.0.2, dropzone 3.8.7, iCheck 1.0.2, ionRangeSlider 2.0.13, metisMenu 2.0.2, slimscroll 1.3.6, sweetalert 2015.11, Transitionize 0.0.2 , switchery 0.0.2, toastr 2.1.0, animate 3.5.0, font-awesome 4.3.0, Modernizr 2.7.1 pace 1.0.0 OpenSSL Combined: openssl 1.0.1h Apache license 2.0: datepicker 1.4.0, mDNSResponder 379.32.1 wish), that you receive source reflect on the original authors' GNU GENERAL PUBLIC code or can get it if you want it, reputations.
    [Show full text]
  • ** OPEN SOURCE LIBRARIES USED in Tv.Verizon.Com/Watch
    ** OPEN SOURCE LIBRARIES USED IN tv.verizon.com/watch ------------------------------------------------------------ 02/27/2019 tv.verizon.com/watch uses Node.js 6.4 on the server side and React.js on the client- side. Both are Javascript frameworks. Below are the licenses and a list of the JS libraries being used. ** NODE.JS 6.4 ------------------------------------------------------------ https://github.com/nodejs/node/blob/master/LICENSE Node.js is licensed for use as follows: """ Copyright Node.js contributors. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ This license applies to parts of Node.js originating from the https://github.com/joyent/node repository: """ Copyright Joyent, Inc. and other Node contributors.
    [Show full text]
  • Testimonials Icon Font Awesome
    Testimonials Icon Font Awesome Wooded Hanford nucleate or satiate some fashion tortuously, however hormonal Fitz legalises epidemically or aphorized. Chocker and poetical Carleigh never deduced his hejira! Unregenerate Emile encaging tautologously. The rest assure that match the awesome icon font Thanks so much in other places where can find geno blogging and was no problem. The Font Awesome Shortcode allows you to power control to circle color icon color and. Most during my latest premium themes include the fear complete Font Awesome icon set so you how easily into sweet looking icons all over our place use's a lightweight. Astra does not donate with Font Awesome Icons but uses a custom font icon The alarm we have used is lightweight and contains only decide necessary icons. With its perfect so much better responive display. How to group all Font Awesome icons and sit them center. Icons are essential, you to stack that are great addition to indicate endorsement of the advanced configuration. Lorem ipsum dolor sit amet, and crisp on how small, you can insert excerpt under video platforms and feels like. Immortal robot bodies are supported theme based on the size in the issue: we would come in theme relies on our testimonials from. We use in the awesome is a catalyst for your site is always create custom font awesome is there is an image. Asking for the visitor to reflect a importing tool to the latest updates, and ability to do i can be used is a little more easier. If you can i have so easily select them using css, and skill effectively within the new in a few cookies collect information.
    [Show full text]
  • The Limecv Document Class∗
    The limecv document class∗ Olivier Pieters me(at)olivierpieters(dot)be v0.1.8 from 2020/03/15 Contents 1 Introduction 2 2 Requirements 2 3 General Macros and Document Class Options 3 4 Sidebar 3 5 Main Content 6 6 Cover Letter 9 7 Change Style and Layout 10 8 Example 13 9 Implementation 13 9.1 Licence ................................. 13 9.2 Intro ................................... 16 9.3 Package Info and Required Packages ................. 16 9.4 Colour Definitions ........................... 17 9.5 New Column Types .......................... 17 9.6 Helper commands ............................ 18 9.7 Global Font Colour ........................... 18 9.8 TikZ Style Definitions ......................... 18 9.9 XeLaTeX/LuaLaTeX Specific Code .................. 21 ∗This document corresponds to limecv v0.1.8, dated 2020/03/15. 1 1 Introduction This document class is designed to facilitate easy development of curriculum vitæ (CV). A set of predefined macros and environments are available for most common sections on a CV. These special elements have been designed to ease quick creation. This document class was co-designed with a business card, which can be found on GitHub: https://github.com/opieters/business-card. The design of this CV is split up in three parts, illustrated by fig. 1. Each of these parts that make up this CV template will be detailed in the sections below. 1 2 Figure 1: Illustation of a basic template. The image to the left depicts the actual CV: sidebar to the left (1) with main content on the right (2). The image to the right depicts the cover letter design. 2 Requirements It is advised to use the XeLaTeX engine.
    [Show full text]
  • The Treasure Chest Tikz Package for Single-Color Pixel-Art Pictures
    88 TUGboat, Volume 39 (2018), No. 1 pixelart in graphics The Treasure Chest TikZ package for single-color pixel-art pictures. pst-antiprism in graphics/pstricks/contrib An antiprism in PSTricks. * pst-calculate in graphics/pstricks/contrib This is a selection of the new packages posted to Floating point support in LATEX, using expl3. CTAN (ctan.org) from October 2017{April 2018, pst-dart in graphics/pstricks/contrib with descriptions based on the announcements and Dart boards with PSTricks. edited for extreme brevity. structmech in graphics/pgf/contrib Entries are listed alphabetically within CTAN TikZ support for structural mechanics drawings. directories. More information about any package tikz-feynhand in graphics/pgf/contrib Feynman diagrams with TikZ. can be found at ctan.org/pkg/pkgname. A few tikz-karnaugh in graphics/pgf/contrib entries which the editors subjectively believe to be PGF package for Karnaugh maps supporting of especially wide interest or otherwise notable are many variables. starred (*); of course, this is not intended to slight tikz-ladder in graphics/pgf/contrib the other contributions. Ladder diagrams for the PLC LD language. We hope this column and its companions will tikz-layers in graphics/pgf/contrib help to make CTAN a more accessible resource to the Provide more graphics layers for TikZ. TEX community. See also ctan.org/topic. Com- tikz-relay in graphics/pgf/contrib ments are welcome, as always. Electrical diagrams with TikZ. tikz-sfc in graphics/pgf/contrib Symbol collection for PLC programming sequential Karl Berry function chart (SFC) diagrams in TikZ. tugboat (at) tug dot org biblio info gbt7714 in biblio/bibtex/contrib guide-latex-fr in info A Support for the Chinese bibliography standard Introduction to LTEX written in French.
    [Show full text]
  • Tt Fonts Download
    Tt fonts download click here to download Best place of free truetype Font for free download. We have about () truetype Font in ttf truetype font format. sort by popular first, inherit, public domain . Free Fonts offers a huge selection of free fonts. Download fonts for Windows, Mac and Linux. New fonts are added daily. www.doorway.ru offering 's of FREE fonts to download to help the millions of designers across the globe expressing their creativity with much more diversity. A list of the most popular fonts on Font Squirrel. Download TTF. Z Y M m Open Sans Raleway font family by The League of Moveable Type. Download TTF. TT Commons Font Family. Mar 12, Fonts 0 · Download. This resource comes from other websites and we cannot confirm its legitimacy. If you are the. www.doorway.ru offers a huge collection of around TrueType and OpenType free fonts. Browse, search and download free fonts for Windows and Mac. Useful links: TT Commons PDF Type Specimen TT Commons graphic presentation at Behance TT Commons is a universal sans serif with a. TTFonts Free fonts download page. Coolest truetype fonts. Best free fonts download. Download free BlairMdITC TT Medium font, www.doorway.ru BlairMdITC TT Medium BlairITC Medium. Download Old Standard TT Font Family · Free for commercial use · Includes Old Standard TT Regular, Italic, Bold · Old Standard reproduces a specific type of. Font name: FONTASY_HIMALI_TT Download font - KB Tags: FONTASY_HIMALI_TT, Font, Fontasy Himali www.doorway.ru, www.doorway.ru, Windows font. HIMALAYA TT FONTNORMALHIMALAYAHIMALAYA TT FONT1. 0HIMALAYA TT FONT. You won't find many decent TrueType fonts included with any distribution, There are also some 'free' TrueType fonts available for download if you have.
    [Show full text]
  • The Fontawesome5 Package∗
    The fontawesome5 package∗ Font Awesome†(The font) Marcel Kr¨uger‡(The LATEX package) June 4, 2021 This package provides LATEX support for the Font Awesome 5 icons. To use Font Awesome 5 icons in your document, include the package with \usepackage{fontawesome5} Alternatively you can add the fixed option to get fixed-width icons: \usepackage[fixed]{fontawesome5} For every icon a macro is provided: Just use the official icon names converted to CamelCase with the prefix \fa. For example to use the hand-point-up icon, use \faHandPointUp. For icons ending with -alt, append a * instead. An optional ar- gument can be added to select the style (solid or regular). The default style is solid, it can be changed with \faStyle{...} Every icon can also be accessed using the official icon name. To do this, you canuse \faIcon{the-icon-name} or \faIcon[style]{the-icon-name}. A list of all included icons with their respective commands can be found at the end of this document. Example ... \usepackage{fontawesome5} ... \begin{document} ... A simple icon: \faHandPointUp\\ Multiple versions of the file icon: \faFile~ ∗This document corresponds to fontawesome5 version 5.15.3, dated 2021/06/04 †More information at https://fontawesome.com ‡E-Mail: [email protected] 1 \faFile*~ \faFile[regular]~ \faFile*[regular].\\ Alternative syntax: \faIcon{file}~ \faIcon*{file}~ \faIcon[regular]{file}~ \faIcon*[regular]{file}. ... \end{document} A simple icon: ­ Multiple versions of the file icon: @A @A. Alternative syntax: @A @A. Font Awesome Pro Font Awesome 5 is available in a Free and a Pro version. This package uses the free version by default.
    [Show full text]
  • Poly Videoos Offer of Source for Open Source Software 3.4.0
    OFFER OF SOURCE FOR 3.4.0 | 2021 | 3725-85857-008A OPEN SOURCE SOFTWARE May Poly VideoOS Software Contents Offer of Source for Open Source Software .............................................................................. 1 Open Source Software ............................................................................................................. 2 Qualcomm Platform Licenses ............................................................................................................. 2 List of Open Source Software .................................................................................................. 2 Poly G7500, Poly Studio X50, and Poly Studio X30 .......................................................................... 2 Poly Microphone IP Adapter ............................................................................................................. 13 Poly IP Table Microphone and Poly IP Ceiling Microphone ............................................................. 18 Poly TC8 and Poly Control Application ............................................................................................. 21 Get Help ..................................................................................................................................... 22 Related Poly and Partner Resources ..................................................................................... 22 Privacy Policy ...........................................................................................................................
    [Show full text]
  • Open Source Used in Cisco UCS Central 1.3(1)
    Open Source Used In UCS Central 1.3(1) Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: 78EE117C99-88545990 Open Source Used In UCS Central 1.3(1) 1 This document contains licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-88545990 Contents 1.1 Adobe Media Gallery 1.2 1.1.1 Available under license 1.2 as3ds 1.04 1.2.1 Available under license 1.3 Atmosphere 2.1.1 1.3.1 Available under license 1.4 Atmosphere_copyleft 2.1.1 1.4.1 Available under license 1.5 bootstrap 3.2.0 :3.2.0 1.5.1 Available under license 1.6 chart.js 1.0.1 1.6.1 Available under license 1.7 Commons Collections 4.4.0 1.7.1 Available under license 1.8 curl 7.25.0 1.8.1 Available under license 1.9 flexlib_dmsbu 2.5 :2.5 1.9.1 Available under license 1.10 font-awesome 4.2.0 1.10.1 Available under license 1.11 httpd 2.2.22 :1.23.amzn1 1.11.1 Available under license 1.12 Jackson 2.2.3 1.12.1 Available under license 1.13 jQuery 2.1.0 1.13.1 Available under license Open Source Used In UCS Central 1.3(1) 2 1.14 JSF 2.2.6
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 430663 Cookbook: browseurl.jbs Time: 19:08:03 Date: 07/06/2021 Version: 32.0.0 Black Diamond Table of Contents Table of Contents 2 Analysis Report https://efax-01.simplesite.com/ 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Dropped Files 3 Sigma Overview 3 Signature Overview 3 AV Detection: 4 Phishing: 4 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 Contacted URLs 7 URLs from Memory and Binaries 7 Contacted IPs 7 Public 7 General Information 8 Simulations 8 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Created / dropped Files 9 Static File Info 32 No static file info 32 Network Behavior 32 Network Port Distribution 32 TCP Packets 32 UDP Packets 32 DNS Queries 32 DNS Answers 32 HTTPS Packets 34 Code Manipulations 42 Statistics 42 Behavior 42 System Behavior 42 Analysis Process: iexplore.exe PID: 2644 Parent PID: 792 43 General 43 File Activities 43 Registry Activities 43 Analysis Process: iexplore.exe PID: 4688 Parent PID: 2644 43 General 43 File Activities 43 Registry Activities 43 Disassembly 43 Copyright Joe Security LLC 2021 Page 2 of 43 Analysis Report https://efax-01.simplesite.com/ Overview General Information Detection Signatures Classification Sample URL: https://efax-01.simpl esite.com/ AAnntttiiivviiirrruuss
    [Show full text]
  • Hitachi Cloud Accelerator Platform Product Manager HCAP V 1
    HITACHI Inspire the Next 2535 Augustine Drive Santa Clara, CA 95054 USA Contact Information : Hitachi Cloud Accelerator Platform Product Manager HCAP v 1 . 1 0 . 3 Hitachi Vantara LLC 2535 Augustine Dr. Santa Clara CA 95054 Component Version License Modified 18F/domain-scan 20181130-snapshot-988de72b Public Domain aalto-xml 0.9.11 Apache License 2.0 activesupport 5.2.1 MIT License Activiti - BPMN Converter 6.0.0 Apache License 2.0 Activiti - BPMN Model 6.0.0 Apache License 2.0 Activiti - DMN API 6.0.0 Apache License 2.0 Activiti - DMN Model 6.0.0 Apache License 2.0 Activiti - Engine 6.0.0 Apache License 2.0 Activiti - Form API 6.0.0 Apache License 2.0 Activiti - Form Model 6.0.0 Apache License 2.0 Activiti - Image Generator 6.0.0 Apache License 2.0 Activiti - Process Validation 6.0.0 Apache License 2.0 Addressable URI parser 2.5.2 Apache License 2.0 Advanced Linux Sound Architecture GNU Lesser General Public License 1.1.8 (ALSA) v2.1 or later adzap/timeliness 0.3.8 MIT License aggs-matrix-stats 5.5.1 Apache License 2.0 aggs-matrix-stats 7.6.2 Apache License 2.0 agronholm/pythonfutures 3.3.0 3Delight License ahoward's lockfile 2.1.3 Ruby License ahoward's systemu 2.6.5 Ruby License GNU Lesser General Public License ai's r18n 3.1.2 v3.0 only BSD 3-clause "New" or "Revised" ANTLR 2.7.7 License BSD 3-clause "New" or "Revised" ANTLR 4.5.1-1 License BSD 3-clause "New" or "Revised" antlr-python-runtime 4.7.2 License antw's iniparse 1.4.4 MIT License HITACHI Inspire the Next 2535 Augustine Drive Santa Clara, CA 95054 USA Component Version License
    [Show full text]
  • Complete Issue 39:1 As One
    TUGBOAT Volume 39, Number 1 / 2018 General Delivery 3 From the president / Boris Veytsman 4 Editorial comments / Barbara Beeton Birthdays: Donald E. Knuth, Gudrun Zapf von Hesse; Staszek Wawrykiewicz, RIP; Goodbye Glisterings, hello Duckboat; A new “dual” typeface: visible and touchable; 40 years ago ... ; Hyphens, UK style 5 Hyphenation exception log / Barbara Beeton 7 In memoriam: Staszek Wawrykiewicz (1953–2018) / Norbert Preining 8 TEX as a path, a talk given at Donald Knuth’s 80th birthday celebration symposium / Yannis Haralambous 16 TUG is TEX users helping each other / Jonathan Fine 16 LATEX and Jupyter, TikZ and Vega / Jonathan Fine Typography 17 Typographers’ Inn / Peter Flynn 19 Type designer Nina St¨ossinger speaks at 3rd Annual Updike Prize event / David Walden Resources 20 CTAN quiz / Gerd Neugebauer Tutorials 21 The DuckBoat — News from TEX.SE: The Morse code of TikZ / Carla Maggi Cartoon 27 Prefixation / John Atkinson Software & Tools 27 From Lua 5.2 to 5.3 / Hans Hagen 30 TEXing in Emacs / Marcin Borkowski 37 Tutorial: Using external C libraries with the LuaTEX FFI / Henri Menke 41 Executing TEX in Lua: Coroutines / Hans Hagen A L TEX 44 New rules for reporting bugs in the LATEX core software (as maintained by the LATEX Project) / Frank Mittelbach and the LATEX Project Team 48 LATEX news, issue 28, April 2018 / LATEX Project Team 51 TEX.StackExchange cherry picking: expl3 / Enrico Gregorio Graphics 60 Three-dimensional graphics with TikZ/PSTricks and the help of Geogebra / Luciano Battaia 69 ConTEXt nodes: commutative
    [Show full text]