## The fuzzy tale of an x/crypto vulnerability Michael McLoughlin Gophercon 2019 Lightning Talks Uber Advanced Technologies Group ## 8 ,140 lines of amd64 assembly in crypto ## 10 ,474 lines of amd64 amd64 assembly in golang.org/x/crypto   ## Fuzzing 0 ✓ crypto/aes (GCM mode) ✓ crypto/elliptic (P256) ✓ crypto/sha1 ✓ crypto/sha256 ✓ crypto/sha512 ✓ x/crypto/chacha20poly1305 ✓ x/crypto/sha3 ✓ x/crypto/blake2b ✓ x/crypto/blake2s ✓ x/crypto/argon2

## The Tale of Smokey and the Crypto Bandits How Okteto uses Falco to keep users happy and our platform healthy eBPF Summit Ramiro Berrelleza ## Hey everyone! • Co-founder of Okteto ● Former architect Cloud Support Hi Ramiro, Open Source to the rescue! ## X Falco Attempt #1 - We were young and naive • Installed Falco in the clusters - Configured it with Automatically respond to malicious actions without requiring human intervention ## The Tale of Smokey and the Crypto Bandits eBPF Summit Ramiro Berrelleza

常见的未授权访问漏洞： Redis 未授权访问漏洞 MongoDB 未授权访问漏洞 Jenkins 未授权访问漏洞 Memcached 未授权访问漏洞 JBOSS 未授权访问漏洞 VNC 未授权访问漏洞 Docker 未授权访问漏洞 ZooKeeper 未授权访问漏洞 Rsync 未授权访问漏洞 Atlassian Crowd 未授权访问漏洞 CouchDB 未授权访问漏洞 Elasticsearch Elasticsearch 未授权访问漏洞 Hadoop 未授权访问漏洞 Jupyter Notebook 未授权访问漏洞 ## Redis未授权访问漏洞 ## 漏洞简介以及危害 Redis 默认情况下，会绑定在 0.0.0.0:6379，如果没有进行采用相关的策略，比如添加防火墙规则避免其他非信任来源 ip 访问等，这样将会将 Redis 服务暴露到公网上，如果在没有设置密码认证（一般为空） 公钥写入目标服务器的 /root/.ssh 文件夹的 authotrized_keys 文件中，进而可以使用对应私钥直接使用 ssh 服务登录目标服务器、添加计划任务、写入 Webshell 等操作。 ## 漏洞利用 环境介绍 攻击机：windows10 目标靶机：Centos7 ip地址：192.168.18.138 连接工具:xshell ## 环境搭建 wget http://download

## Typescript SDK Version 1.x.x ## Table of contents 1. Overview.....3 a. Environmental Setup 2. Configurations.....4 3. Token Persistence.....7 a. Implementing OAuth Persistence

Template • Update Validation Rules for Articles • Add Delete Action • 3.x Migration Guide • 3.10 Migration Guide • 3.10 Migration Guide • 3.9 Migration Definition Constants • Chronos • Debug Kit • Migrations • ElasticSearch • Appendices 3.x Migration Guide ■ 3.x Migration Guide o Forwards Compatibility Shimming General Information ■ CakePHP Development ### 3. x Migration Guide Migration guides contain information regarding the new features introduced in each version and the migration path between 2.x and 3.x. If you are currently using 1.x you should

Tutorial CMS Tutorial - Creating the Database CMS Tutorial - Creating the Articles Controller 3 3.x Migration Guide 3.10 Migration Guide 3.9 Migration Guide 3.8 Migration Guide 3.7 Migration Guide 937 44 Migrations ..... 939 45 ElasticSearch ..... 941 46 Appendices ..... 943 3.x Migration Guide ..... 943 Forwards Compatibility Shimming ..... 943 General Information ..... 943 tables. # 3.x Migration Guide Migration guides contain information regarding the new features introduced in each version and the migration path between 2.x and 3.x. If you are currently using 1.x you should

Functions - d(). - dn(). - dx(). - dxn(). - n(). - x(). ___xn(.). collection(). debug(). dd(). ■ pr(.) - pj(.). - env(.). - h(.). - pluginSplit( WEEK - MONTH - YEAR • Chronos • Debug Kit • Migrations • ElasticSearch • Appendices o 4.x Migration Guide ■ 4.0 Migration Guide ■ 4.1 Migration Guide ■ 4.2 Migration Guide ■ 4.3 Migration information regarding the new features introduced in each version and the migration path between 3.x and 4.x. • 4.0 Upgrade Guide • 4.0 Migration Guide • 4.1 Migration Guide • 4.2 Migration Guide • 4

Python is installed by typing `python` from your shell; you should see something like: Python 3.x.y [GCC 4.x] on linux Type "help", "copyright", "credits" or "license" for 200 >>> response.content b'\n

\n \n
• What&\#x27;s up
\n' (continues on next page)

(continued from previous page) >>> response you click on it, a new slot will be added. If you want to remove the added slot, you can click on the X to the top right of the added slot. This image shows an added slot: ![Image](/uploads/documents/6/8

and the View the "template". How come you don't use the standard names? ■ x=""> does – why doesn’t Django? Why did you write all of Django from scratch, instead fields? How do I make a variable available to all my templates? ## • FAQ: Getting Help How do I do X? Why doesn’t Y work? Where can I go to get help? Why hasn’t my message appeared on Django-users? ■ Python is installed by typing `python` from your shell; you should see something like: Python 3.x.y [GCC 4.x] on linux Type "help", "copyright", "credits" or "license" for

Controller the “view”, and the View the “template”. How come you don’t use the standard names? X> does – why doesn’t Django? Why did you write all of Django from scratch, instead of using file fields? How do I make a variable available to all my templates? FAQ: Getting Help How do I do X? Why doesn’t Y work? Where can I go to get help? Why hasn’t my message appeared on django-users? Nobody Python is installed by typing python from your shell; you should see something like: Python 3.x.y [GCC 4.x] on linux Type "help", "copyright", "credits" or "license" for more information. >>> Set up