�ݺ�ߣshows by User: PatriciaAas

�ݺ�ߣshows by User: PatriciaAas / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: PatriciaAas / Wed, 11 Oct 2023 15:42:09 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: PatriciaAas NDC TechTown 2023_ Return Oriented Programming an introduction.pdf /slideshow/ndc-techtown-2023-return-oriented-programming-an-introductionpdf/262055361 ndctechtown2023returnorientedprogramminganintroduction-231011154209-04518744
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through some examples to show how it can be used to execute code in contexts where the stack is not executable.]]>
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through some examples to show how it can be used to execute code in contexts where the stack is not executable.]]> Wed, 11 Oct 2023 15:42:09 GMT /slideshow/ndc-techtown-2023-return-oriented-programming-an-introductionpdf/262055361 PatriciaAas@slideshare.net(PatriciaAas) NDC TechTown 2023_ Return Oriented Programming an introduction.pdf PatriciaAas Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through some examples to show how it can be used to execute code in contexts where the stack is not executable. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/ndctechtown2023returnorientedprogramminganintroduction-231011154209-04518744-thumbnail.jpg?width=120&height=120&fit=bounds" /> Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through some examples to show how it can be used to execute code in contexts where the stack is not executable.

NDC TechTown 2023_ Return Oriented Programming an introduction.pdf from Patricia Aas

]]> 32 0 https://cdn.slidesharecdn.com/ss_thumbnails/ndctechtown2023returnorientedprogramminganintroduction-231011154209-04518744-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Telling a story /slideshow/telling-a-story-260979813/260979813 tellingastory-230915090618-a3ef2f8d
Meeting C++ "Patricia tells us how to engage with the audience by telling a story." Video: https://youtu.be/gxOFKAMbu1I?si=SmvN4CaDH1zKPOpN ]]>
Meeting C++ "Patricia tells us how to engage with the audience by telling a story." Video: https://youtu.be/gxOFKAMbu1I?si=SmvN4CaDH1zKPOpN ]]> Fri, 15 Sep 2023 09:06:18 GMT /slideshow/telling-a-story-260979813/260979813 PatriciaAas@slideshare.net(PatriciaAas) Telling a story PatriciaAas Meeting C++ "Patricia tells us how to engage with the audience by telling a story." Video: https://youtu.be/gxOFKAMbu1I?si=SmvN4CaDH1zKPOpN <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/tellingastory-230915090618-a3ef2f8d-thumbnail.jpg?width=120&height=120&fit=bounds" /> Meeting C++ "Patricia tells us how to engage with the audience by telling a story." Video: https://youtu.be/gxOFKAMbu1I?si=SmvN4CaDH1zKPOpN

Telling a story from Patricia Aas

]]> 14 0 https://cdn.slidesharecdn.com/ss_thumbnails/tellingastory-230915090618-a3ef2f8d-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Return Oriented Programming, an introduction /slideshow/return-oriented-programming-an-introduction/255395813 returnorientedprogramming-230118192622-1ac314fe
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through how it can be used to execute code in contexts where the stack is not executable.]]>
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through how it can be used to execute code in contexts where the stack is not executable.]]> Wed, 18 Jan 2023 19:26:22 GMT /slideshow/return-oriented-programming-an-introduction/255395813 PatriciaAas@slideshare.net(PatriciaAas) Return Oriented Programming, an introduction PatriciaAas Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through how it can be used to execute code in contexts where the stack is not executable. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/returnorientedprogramming-230118192622-1ac314fe-thumbnail.jpg?width=120&height=120&fit=bounds" /> Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through how it can be used to execute code in contexts where the stack is not executable.

Return Oriented Programming, an introduction from Patricia Aas

]]> 140 0 https://cdn.slidesharecdn.com/ss_thumbnails/returnorientedprogramming-230118192622-1ac314fe-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 I can't work like this (KDE Academy Keynote 2021) /slideshow/i-cant-work-like-this-kde-academy-keynote-2021/252095550 kdeacademykeynote2021-220630140244-d240af39
Making software products can be fraught with conflicts, where people in different roles may feel sabotaged by others. In this talk I present a model for thinking about the problems we solve and how we solve them, and using that I hope to convince you that team excellence comes from our differences, rather than in spite of them. Hopefully you'll walk away with a deeper understanding of that colleague that never writes tests, or the one that constantly complains that all you do is "make bugs".]]>
Making software products can be fraught with conflicts, where people in different roles may feel sabotaged by others. In this talk I present a model for thinking about the problems we solve and how we solve them, and using that I hope to convince you that team excellence comes from our differences, rather than in spite of them. Hopefully you'll walk away with a deeper understanding of that colleague that never writes tests, or the one that constantly complains that all you do is "make bugs".]]> Thu, 30 Jun 2022 14:02:44 GMT /slideshow/i-cant-work-like-this-kde-academy-keynote-2021/252095550 PatriciaAas@slideshare.net(PatriciaAas) I can't work like this (KDE Academy Keynote 2021) PatriciaAas Making software products can be fraught with conflicts, where people in different roles may feel sabotaged by others. In this talk I present a model for thinking about the problems we solve and how we solve them, and using that I hope to convince you that team excellence comes from our differences, rather than in spite of them. Hopefully you'll walk away with a deeper understanding of that colleague that never writes tests, or the one that constantly complains that all you do is "make bugs". <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/kdeacademykeynote2021-220630140244-d240af39-thumbnail.jpg?width=120&height=120&fit=bounds" /> Making software products can be fraught with conflicts, where people in different roles may feel sabotaged by others. In this talk I present a model for thinking about the problems we solve and how we solve them, and using that I hope to convince you that team excellence comes from our differences, rather than in spite of them. Hopefully you'll walk away with a deeper understanding of that colleague that never writes tests, or the one that constantly complains that all you do is "make bugs".

I can't work like this (KDE Academy Keynote 2021) from Patricia Aas

]]> 31 0 https://cdn.slidesharecdn.com/ss_thumbnails/kdeacademykeynote2021-220630140244-d240af39-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Dependency Management in C++ (NDC TechTown 2021) /slideshow/dependency-management-in-c-ndc-security-2021/252095541 dependencymanagementinc-220630135909-ff8a2efc
C++ has been slow to settle on standardized tools for building and dependency management. In recent years CMake has emerged as the de facto standard for builds, but dependency management still has no clear winner. In this talk I will look into what dependency management might look like in modern C++ projects and how that relates to security.]]>
C++ has been slow to settle on standardized tools for building and dependency management. In recent years CMake has emerged as the de facto standard for builds, but dependency management still has no clear winner. In this talk I will look into what dependency management might look like in modern C++ projects and how that relates to security.]]> Thu, 30 Jun 2022 13:59:09 GMT /slideshow/dependency-management-in-c-ndc-security-2021/252095541 PatriciaAas@slideshare.net(PatriciaAas) Dependency Management in C++ (NDC TechTown 2021) PatriciaAas C++ has been slow to settle on standardized tools for building and dependency management. In recent years CMake has emerged as the de facto standard for builds, but dependency management still has no clear winner. In this talk I will look into what dependency management might look like in modern C++ projects and how that relates to security. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/dependencymanagementinc-220630135909-ff8a2efc-thumbnail.jpg?width=120&height=120&fit=bounds" /> C++ has been slow to settle on standardized tools for building and dependency management. In recent years CMake has emerged as the de facto standard for builds, but dependency management still has no clear winner. In this talk I will look into what dependency management might look like in modern C++ projects and how that relates to security.

Dependency Management in C++ (NDC TechTown 2021) from Patricia Aas

]]> 42 0 https://cdn.slidesharecdn.com/ss_thumbnails/dependencymanagementinc-220630135909-ff8a2efc-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Introduction to Memory Exploitation (Meeting C++ 2021) /slideshow/introduction-to-memory-exploitation-meeting-c-2021/252095367 introductiontomemoryexploitationmeetingc2021-220630133703-7d121134
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.]]>
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.]]> Thu, 30 Jun 2022 13:37:03 GMT /slideshow/introduction-to-memory-exploitation-meeting-c-2021/252095367 PatriciaAas@slideshare.net(PatriciaAas) Introduction to Memory Exploitation (Meeting C++ 2021) PatriciaAas Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/introductiontomemoryexploitationmeetingc2021-220630133703-7d121134-thumbnail.jpg?width=120&height=120&fit=bounds" /> Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.

Introduction to Memory Exploitation (Meeting C++ 2021) from Patricia Aas

]]> 268 0 https://cdn.slidesharecdn.com/ss_thumbnails/introductiontomemoryexploitationmeetingc2021-220630133703-7d121134-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Classic Vulnerabilities (MUCplusplus2022).pdf /slideshow/classic-vulnerabilities-mucplusplus2022pdf/251985665 classicvulnerabilitiesmucplusplus2022-220614195147-4c2c4071
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.]]>
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.]]> Tue, 14 Jun 2022 19:51:47 GMT /slideshow/classic-vulnerabilities-mucplusplus2022pdf/251985665 PatriciaAas@slideshare.net(PatriciaAas) Classic Vulnerabilities (MUCplusplus2022).pdf PatriciaAas We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/classicvulnerabilitiesmucplusplus2022-220614195147-4c2c4071-thumbnail.jpg?width=120&height=120&fit=bounds" /> We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.

Classic Vulnerabilities (MUCplusplus2022).pdf from Patricia Aas

]]> 923 0 https://cdn.slidesharecdn.com/ss_thumbnails/classicvulnerabilitiesmucplusplus2022-220614195147-4c2c4071-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Classic Vulnerabilities (ACCU Keynote 2022) /slideshow/classic-vulnerabilities-accu-keynote-2022-251544384/251544384 classicvulnerabilitiesaccukeynote20221-220408111204
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.]]>
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.]]> Fri, 08 Apr 2022 11:12:04 GMT /slideshow/classic-vulnerabilities-accu-keynote-2022-251544384/251544384 PatriciaAas@slideshare.net(PatriciaAas) Classic Vulnerabilities (ACCU Keynote 2022) PatriciaAas We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/classicvulnerabilitiesaccukeynote20221-220408111204-thumbnail.jpg?width=120&height=120&fit=bounds" /> We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.

Classic Vulnerabilities (ACCU Keynote 2022) from Patricia Aas

]]> 706 0 https://cdn.slidesharecdn.com/ss_thumbnails/classicvulnerabilitiesaccukeynote20221-220408111204-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Introduction to Memory Exploitation (CppEurope 2021) /slideshow/introduction-to-memory-exploitation-cppeurope-2021/243268771 introductiontomemoryexploitation-210223093728
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.]]>
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.]]> Tue, 23 Feb 2021 09:37:28 GMT /slideshow/introduction-to-memory-exploitation-cppeurope-2021/243268771 PatriciaAas@slideshare.net(PatriciaAas) Introduction to Memory Exploitation (CppEurope 2021) PatriciaAas Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/introductiontomemoryexploitation-210223093728-thumbnail.jpg?width=120&height=120&fit=bounds" /> Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.

Introduction to Memory Exploitation (CppEurope 2021) from Patricia Aas

]]> 508 0 https://cdn.slidesharecdn.com/ss_thumbnails/introductiontomemoryexploitation-210223093728-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Thoughts On Learning A New Programming Language /slideshow/thoughts-on-learning-a-new-programming-language/238845400 learninganewprogramminglanguage-201012175112
How should we teach a new language to folks that already know how to program? How do we use what we already know to leapfrog the learning process? Based on my personal experience and snippets of natural language theory, we will try to explore the cheats and pitfalls when learning a new programming language, but also dig into how we can make it easier.]]>
How should we teach a new language to folks that already know how to program? How do we use what we already know to leapfrog the learning process? Based on my personal experience and snippets of natural language theory, we will try to explore the cheats and pitfalls when learning a new programming language, but also dig into how we can make it easier.]]> Mon, 12 Oct 2020 17:51:12 GMT /slideshow/thoughts-on-learning-a-new-programming-language/238845400 PatriciaAas@slideshare.net(PatriciaAas) Thoughts On Learning A New Programming Language PatriciaAas How should we teach a new language to folks that already know how to program? How do we use what we already know to leapfrog the learning process? Based on my personal experience and snippets of natural language theory, we will try to explore the cheats and pitfalls when learning a new programming language, but also dig into how we can make it easier. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/learninganewprogramminglanguage-201012175112-thumbnail.jpg?width=120&height=120&fit=bounds" /> How should we teach a new language to folks that already know how to program? How do we use what we already know to leapfrog the learning process? Based on my personal experience and snippets of natural language theory, we will try to explore the cheats and pitfalls when learning a new programming language, but also dig into how we can make it easier.

Thoughts On Learning A New Programming Language from Patricia Aas

]]> 1066 0 https://cdn.slidesharecdn.com/ss_thumbnails/learninganewprogramminglanguage-201012175112-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Trying to build an Open Source browser in 2020 /slideshow/trying-to-build-an-open-source-browser-in-2020-238635404/238635404 tryingtobuildanopensourcebrowserin2020meetingc-200924135334
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020. We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.]]>
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020. We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.]]> Thu, 24 Sep 2020 13:53:34 GMT /slideshow/trying-to-build-an-open-source-browser-in-2020-238635404/238635404 PatriciaAas@slideshare.net(PatriciaAas) Trying to build an Open Source browser in 2020 PatriciaAas A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020. We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/tryingtobuildanopensourcebrowserin2020meetingc-200924135334-thumbnail.jpg?width=120&height=120&fit=bounds" /> A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020. We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.

Trying to build an Open Source browser in 2020 from Patricia Aas

]]> 1362 0 https://cdn.slidesharecdn.com/ss_thumbnails/tryingtobuildanopensourcebrowserin2020meetingc-200924135334-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Trying to build an Open Source browser in 2020 /slideshow/trying-to-build-an-open-source-browser-in-2020/238394008 tryingtobuildanopensourcebrowserin2020-200904123455
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020. We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.]]>
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020. We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.]]> Fri, 04 Sep 2020 12:34:55 GMT /slideshow/trying-to-build-an-open-source-browser-in-2020/238394008 PatriciaAas@slideshare.net(PatriciaAas) Trying to build an Open Source browser in 2020 PatriciaAas A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020. We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/tryingtobuildanopensourcebrowserin2020-200904123455-thumbnail.jpg?width=120&height=120&fit=bounds" /> A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020. We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.

Trying to build an Open Source browser in 2020 from Patricia Aas

]]> 266 0 https://cdn.slidesharecdn.com/ss_thumbnails/tryingtobuildanopensourcebrowserin2020-200904123455-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 DevSecOps for Developers, How To Start (ETC 2020) /slideshow/devsecops-for-developers-how-to-start-etc-2020/227247171 devsecopsfordevelopershowtostartetc2020-200207090834
How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture? Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring.]]>
How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture? Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring.]]> Fri, 07 Feb 2020 09:08:34 GMT /slideshow/devsecops-for-developers-how-to-start-etc-2020/227247171 PatriciaAas@slideshare.net(PatriciaAas) DevSecOps for Developers, How To Start (ETC 2020) PatriciaAas How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture? Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/devsecopsfordevelopershowtostartetc2020-200207090834-thumbnail.jpg?width=120&height=120&fit=bounds" /> How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture? Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring.

DevSecOps for Developers, How To Start (ETC 2020) from Patricia Aas

]]> 419 0 https://cdn.slidesharecdn.com/ss_thumbnails/devsecopsfordevelopershowtostartetc2020-200207090834-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 The Anatomy of an Exploit (NDC TechTown 2019) /slideshow/the-anatomy-of-an-exploit-ndc-techtown-2019-225063690/225063690 theanatomyofanexploitndctechtown2019-200127131229
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.]]>
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.]]> Mon, 27 Jan 2020 13:12:29 GMT /slideshow/the-anatomy-of-an-exploit-ndc-techtown-2019-225063690/225063690 PatriciaAas@slideshare.net(PatriciaAas) The Anatomy of an Exploit (NDC TechTown 2019) PatriciaAas Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/theanatomyofanexploitndctechtown2019-200127131229-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.

The Anatomy of an Exploit (NDC TechTown 2019) from Patricia Aas

]]> 670 0 https://cdn.slidesharecdn.com/ss_thumbnails/theanatomyofanexploitndctechtown2019-200127131229-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Elections: Trust and Critical Infrastructure (NDC TechTown 2019) /PatriciaAas/elections-trust-and-critical-infrastructure-ndc-techtown-2019 electionstrustandcriticalinfrastructurendctechtown2019-200127131001
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society. We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?]]>
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society. We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?]]> Mon, 27 Jan 2020 13:10:01 GMT /PatriciaAas/elections-trust-and-critical-infrastructure-ndc-techtown-2019 PatriciaAas@slideshare.net(PatriciaAas) Elections: Trust and Critical Infrastructure (NDC TechTown 2019) PatriciaAas Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society. We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today? <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/electionstrustandcriticalinfrastructurendctechtown2019-200127131001-thumbnail.jpg?width=120&height=120&fit=bounds" /> Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society. We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?

Elections: Trust and Critical Infrastructure (NDC TechTown 2019) from Patricia Aas

]]> 281 0 https://cdn.slidesharecdn.com/ss_thumbnails/electionstrustandcriticalinfrastructurendctechtown2019-200127131001-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 The Anatomy of an Exploit (NDC TechTown 2019)) /slideshow/the-anatomy-of-an-exploit-ndc-techtown-2019/174576306 theanatomyofanexploitndctechtown2019-190921162418
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.]]>
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.]]> Sat, 21 Sep 2019 16:24:18 GMT /slideshow/the-anatomy-of-an-exploit-ndc-techtown-2019/174576306 PatriciaAas@slideshare.net(PatriciaAas) The Anatomy of an Exploit (NDC TechTown 2019)) PatriciaAas Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/theanatomyofanexploitndctechtown2019-190921162418-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.

The Anatomy of an Exploit (NDC TechTown 2019)) from Patricia Aas

]]> 218 0 https://cdn.slidesharecdn.com/ss_thumbnails/theanatomyofanexploitndctechtown2019-190921162418-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Elections, Trust and Critical Infrastructure (NDC TechTown) /slideshow/elections-trust-and-critical-infrastructure-ndc-techtown/174574762 electionstrustandcriticalinfrastructure-190921160929
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society. We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?]]>
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society. We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?]]> Sat, 21 Sep 2019 16:09:29 GMT /slideshow/elections-trust-and-critical-infrastructure-ndc-techtown/174574762 PatriciaAas@slideshare.net(PatriciaAas) Elections, Trust and Critical Infrastructure (NDC TechTown) PatriciaAas Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society. We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today? <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/electionstrustandcriticalinfrastructure-190921160929-thumbnail.jpg?width=120&height=120&fit=bounds" /> Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society. We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?

Elections, Trust and Critical Infrastructure (NDC TechTown) from Patricia Aas

]]> 424 2 https://cdn.slidesharecdn.com/ss_thumbnails/electionstrustandcriticalinfrastructure-190921160929-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Survival Tips for Women in Tech (JavaZone 2019) /PatriciaAas/survival-tips-for-women-in-tech-javazone-2019 survivaltipsjavazone2019-190921155425
Being the only woman on your team can be hard. Many times it’s difficult to know what is only your experience and what is common. In this talk we’ll go through 24 tips (and a few bonus tips) based on well over a decade of experience being the only woman in several teams. If you’re a woman hopefully you’ll walk out with some ideas you can put to work right away, if you’re a man hopefully you’ll walk out with a new perspective and start noticing things in your day-to-day that you didn’t notice before. https://patricia.no/2018/09/06/survival_tips_for_women_in_tech.html]]>
Being the only woman on your team can be hard. Many times it’s difficult to know what is only your experience and what is common. In this talk we’ll go through 24 tips (and a few bonus tips) based on well over a decade of experience being the only woman in several teams. If you’re a woman hopefully you’ll walk out with some ideas you can put to work right away, if you’re a man hopefully you’ll walk out with a new perspective and start noticing things in your day-to-day that you didn’t notice before. https://patricia.no/2018/09/06/survival_tips_for_women_in_tech.html]]> Sat, 21 Sep 2019 15:54:25 GMT /PatriciaAas/survival-tips-for-women-in-tech-javazone-2019 PatriciaAas@slideshare.net(PatriciaAas) Survival Tips for Women in Tech (JavaZone 2019) PatriciaAas Being the only woman on your team can be hard. Many times it’s difficult to know what is only your experience and what is common. In this talk we’ll go through 24 tips (and a few bonus tips) based on well over a decade of experience being the only woman in several teams. If you’re a woman hopefully you’ll walk out with some ideas you can put to work right away, if you’re a man hopefully you’ll walk out with a new perspective and start noticing things in your day-to-day that you didn’t notice before. https://patricia.no/2018/09/06/survival_tips_for_women_in_tech.html <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/survivaltipsjavazone2019-190921155425-thumbnail.jpg?width=120&height=120&fit=bounds" /> Being the only woman on your team can be hard. Many times it’s difficult to know what is only your experience and what is common. In this talk we’ll go through 24 tips (and a few bonus tips) based on well over a decade of experience being the only woman in several teams. If you’re a woman hopefully you’ll walk out with some ideas you can put to work right away, if you’re a man hopefully you’ll walk out with a new perspective and start noticing things in your day-to-day that you didn’t notice before. https://patricia.no/2018/09/06/survival_tips_for_women_in_tech.html

Survival Tips for Women in Tech (JavaZone 2019) from Patricia Aas

]]> 2964 1 https://cdn.slidesharecdn.com/ss_thumbnails/survivaltipsjavazone2019-190921155425-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Embedded Ethics (EuroBSDcon 2019) /slideshow/embedded-ethics-eurobsdcon-2019/174570980 embeddedethics-190921153414
More and more we see technology, both hardware and software, intersect with fundamental issues like privacy, democracy and human rights. The opaqueness of tech makes it a handy instrument of oppression and manipulation. We have taught the population to trust us. We have constructed a world in which they have to exist, with little to no oversight or transparency. We build critical infrastructure on hardware and software that even we cannot audit. How can we wield that responsibility? How do we protect those that speak up? How do we protect the population?]]>
More and more we see technology, both hardware and software, intersect with fundamental issues like privacy, democracy and human rights. The opaqueness of tech makes it a handy instrument of oppression and manipulation. We have taught the population to trust us. We have constructed a world in which they have to exist, with little to no oversight or transparency. We build critical infrastructure on hardware and software that even we cannot audit. How can we wield that responsibility? How do we protect those that speak up? How do we protect the population?]]> Sat, 21 Sep 2019 15:34:14 GMT /slideshow/embedded-ethics-eurobsdcon-2019/174570980 PatriciaAas@slideshare.net(PatriciaAas) Embedded Ethics (EuroBSDcon 2019) PatriciaAas More and more we see technology, both hardware and software, intersect with fundamental issues like privacy, democracy and human rights. The opaqueness of tech makes it a handy instrument of oppression and manipulation. We have taught the population to trust us. We have constructed a world in which they have to exist, with little to no oversight or transparency. We build critical infrastructure on hardware and software that even we cannot audit. How can we wield that responsibility? How do we protect those that speak up? How do we protect the population? <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/embeddedethics-190921153414-thumbnail.jpg?width=120&height=120&fit=bounds" /> More and more we see technology, both hardware and software, intersect with fundamental issues like privacy, democracy and human rights. The opaqueness of tech makes it a handy instrument of oppression and manipulation. We have taught the population to trust us. We have constructed a world in which they have to exist, with little to no oversight or transparency. We build critical infrastructure on hardware and software that even we cannot audit. How can we wield that responsibility? How do we protect those that speak up? How do we protect the population?

Embedded Ethics (EuroBSDcon 2019) from Patricia Aas

]]> 1503 4 https://cdn.slidesharecdn.com/ss_thumbnails/embeddedethics-190921153414-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Chromium Sandbox on Linux (NDC Security 2019) /slideshow/chromium-sandbox-on-linux-ndc-security-2019/151504012 chromiumsandboxonlinuxndcsecurity2019-190624104937
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.]]>
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.]]> Mon, 24 Jun 2019 10:49:37 GMT /slideshow/chromium-sandbox-on-linux-ndc-security-2019/151504012 PatriciaAas@slideshare.net(PatriciaAas) Chromium Sandbox on Linux (NDC Security 2019) PatriciaAas The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/chromiumsandboxonlinuxndcsecurity2019-190624104937-thumbnail.jpg?width=120&height=120&fit=bounds" /> The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.

Chromium Sandbox on Linux (NDC Security 2019) from Patricia Aas

]]> 662 2 https://cdn.slidesharecdn.com/ss_thumbnails/chromiumsandboxonlinuxndcsecurity2019-190624104937-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-PatriciaAas-48x48.jpg?cb=1694769584 Patricia is a programmer who has worked mostly in C++ and Java. She has spent her career continuously delivering from the same code-base to a large user base, from working on two browsers (Opera and Vivaldi), to working on embedded telepresence endpoints for Cisco. She is focused on the maintainability and flexibility of software architecture, and how to extend it to provide cutting edge user experiences. Her focus on the end users has led her work more and more toward privacy and security, and she co-founded her own company, TurtleSec, hoping to contribute positively to the infosec and developer communities. patricia.no/ https://cdn.slidesharecdn.com/ss_thumbnails/ndctechtown2023returnorientedprogramminganintroduction-231011154209-04518744-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/ndc-techtown-2023-return-oriented-programming-an-introductionpdf/262055361 NDC TechTown 2023_ Ret... https://cdn.slidesharecdn.com/ss_thumbnails/tellingastory-230915090618-a3ef2f8d-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/telling-a-story-260979813/260979813 Telling a story https://cdn.slidesharecdn.com/ss_thumbnails/returnorientedprogramming-230118192622-1ac314fe-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/return-oriented-programming-an-introduction/255395813 Return Oriented Progra...