Graham Calladine, David Hoyle Security Center of Excellence Microsoft Session Code: SIA313 Session Objectives & Takeaways To learn and understand: Current Attack Trends that Microsoft.

Transcript Graham Calladine, David Hoyle Security Center of Excellence Microsoft Session Code: SIA313 Session Objectives & Takeaways To learn and understand: Current Attack Trends that Microsoft.

Graham Calladine, David Hoyle Security Center of Excellence Microsoft Session Code: SIA313

Session Objectives & Takeaways

To learn and understand: Current Attack Trends that Microsoft is seeing Attack Vectors Mitigation Strategies with Windows Products

10 Years…

We have come a long way since Melissa 2003-2004 difficult times Blaster/Slammer – Was horrible – Hit Home Users hard Conficker emerged in a different s/w industry – Did not hit home users hard Partnerships MS Response Alliance & Internet Consortium for Advanced Security on the Internet & CWG

WW Threat Trends

Not a simple trend – Geographically Diverse Miscellaneous Trojans (inc rouge s/w) most prevalent WORMS 2 nd most prevalent Password Stealers & Monitoring tools Breaches – Data Scarce – (datalossdb.org) Top is stolen equipment, twice as many incidents as intrusion But equipment loss is easily reported!

Data: Microsoft SIR v7 Report

Geographical Trends

8 Locations with most infected machines USA,UK,France,Italy – Trojans China, language specific browser threats Brazil, malware targeting online banking Spain, Korea, WORMS targeting online gamers Data Source: SIR V7 Report Pg 40

Threat Landscape is getting better?

Improvement in Software Development Practice Software Development Lifecycle (SDL) Geoff 1min Video Increased Availability of Automatic Patch Update Process Patch Tuesday and Auto Updates However, unpatched client is primary initial infection vector Social engineering techniques to mislead Victims Attacker still finds success with a variety of techniques for manipulating people

SANS Analysis

The Top Cyber Security Risks” 2009 September Application Vulnerabilities Exceed OS Vulnerabilities Web Application Attacks Cross Site Scripting, PHP File Include, and SQL Injection Windows: Conficker/Downadup Cited from SANS “The Top Cyber Security Risks” 2009 September, http://www.sans.org/top-cyber-security-risks/

Attackers use social engineering techniques – Human Emotion FEAR Desire

: Protection I got: Rogue Software

Trust

I got : fake contents, etc.

malicious downloads, etc I got : Banking Malware, Phishing, Spam, and File Format Infections, etc.

Microsoft Security Intelligence Report, 2008 July through December 2008

Attack Vectors and Trends

Current attacks in the wild Rogue Security Software and Worm Browser Based Attacks Phishing Cross Site Scripting Clickjacking File Format Attacks

Attack Vectors and Trends Rogue Security Software and Worms

Browser Based Attacks File Format Attack

Rogue Unwanted Software

3 4 1 2 5 6 7 8 9 10

Rank Family

Win32/Zlob Win32/Vundo Win32/ZangoSearchAssistant Win32/Taterf Win32/ZangoShoppingreports

Most Significant Category

Trojan Downloaders & Droppers Trojan Downloaders & Droppers

Infected Machines

4,371,508 3,772,217 Miscellaneous Trojans Adware Worms Adware Miscellaneous Trojans 3,635,207 3,326,275 1,916,446 1,752,252 1,691,393 Win32/FakeSecSen Win32/Hotbar Win32/Agent Miscellaneous Trojans Adware Miscellaneous Trojans 1,575,648 1,477,886 1,289,178

Rogue Security Software 1

Use Fear to convince victims Win32/Renos Family

Rogue Security Software 2

Use the same logic Win32/FakeXPA Family

A Rogue Software Real Sample

http://blogs.technet.com/mmpc/archive/2009/08/20/winwebsec-on-youtube.aspx

Use your Desire There is no security issue or vulnerability in YouTube.com.

Rogue Software

Win32/FakeVimes have become more prevalent in the last 2 months and Win32/PrivacyCenter Distributed via fake online scanners

Worms: Win32/Conficker.A to E

Win32/Conficker is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE) On October 23, 2008 , Microsoft released critical security update

MS08-067

Allow remote code execution if an affected system received a specially crafted Remote Procedure Call ( RPC ) request On November 21, 2008 , the first significant worm that exploits MS08-067 was discovered The first variant discovered, Worm:Win32/Conficker.A, only uses MS08-067 exploits to propagate On December 29 2008 , a significantly more dangerous variant, Win32/Conficker.B, was discovered Exploits the MS08-067 vulnerability but uses additional methods to propagate.

It attempts to spread itself to other computers on the network Combining the vulnerability with social engineering to introduce and spread the worm in an organization Continues… http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fConficker

Social Engineering

by e-mailing infected files with official-sounding names to people at a company like “Corporate Policy.PDF”

Worms: Win32/Conficker.A to E

Release D, monitors 500/50,000 domain names/day for payloads… Still is Conficker Working Group (CWG) formed Jan09 Many people from well know sec groups/researchers Implemented defense DNS strategy Kaspersky & OpenDNS – calc’ed 1Y of names All 110 TLDs involved & signed up Rapid, effective collaboration – keeps Conficker constrained

Published Articles for Conficker

Knowledge Base article KB962007 MMPC blog (http://blogs.technet.com/mmpc) Get Protected, Now! (October 23, 2008) A Quick Update About MS08-067 Exploits (November 17, 2008) Just in Time for New Year’s… Banload (January 13, 2009) (January 22, 2009) (December 31, 2008) MSRA Released Today Addressing Conficker and Centralized Information About the Conficker Worm Information about Worm:Win32/Conficker.D

(March 27, 2009)

Mitigations

Get the latest computer updates Install and update anti-malware signatures Run an up-to-date scanning and removal tool Use caution with attachments and file transfers Use caution when clicking on links to web pages Standard user rights Protect yourself from social engineering attacks User Security Best Practices such as strong Password Policy Keep eye on vulnerabilities and follow the guideline from the trusted source Use recent technologies and systems that can reduce the risk on exploiting

Attack Vectors and Trends

Rogue Security Software and worms

Browser Based Attacks

File Format Attack

Browser Based Attacks

Phishing Cross Site Scripting ClickJacking

Browser Based Attacks Phishing

Cross Site Scripting ClickJacking

Phishing: Overview

Phishing is a method of identity theft that tricks Internet users into revealing personal or financial information online.

Phishing Scam Samples

Social engineering techniques “Verify your account” “If you don't respond within 48 hours, your account will be closed” “Dear Valued Customer” “Click the link below to gain access to your account”

Spear Phishing and Whaling

Spear phishing - highly targeted phishing Send email messages that appear genuine to all employees and members within a community Whaling - involves targeted attacks on senior executives and other high ranking people

Phishing Trends in Industry

APWG: Anti Phishing Working Group Report, 2009 1H http://www.antiphishing.org/reports/apwg_report_h1_2009.pdf

Phish Tank: Current Phish Sites

Live Phish site can be found http://www.phishtank.com/

Phishing with Hotmail

Illegally acquired by a phishing scheme and exposed to a website Microsoft Recommends: Renew their passwords for Windows Live IDs every 90 days For administrators, make sure you approve and authenticate only users that you know and can verify credentials As phishing sites can also pose additional threats, install and keep anti-virus software up to date

Techniques

Man-in-the-middle attacks Proxies, DNS Cache Poisoning, etc URL Obfuscation attacks Bad Domain Name, Friendly Login URL’s, Host Name/URL Obfuscation, etc Etc…

Anti-Phishing

IE 8 SmartScreen

Mitigations

Use an up-to-date anti-malware product from a known, trusted source, and keep it updated.

Use the most recent version of your Web browser, and keep it up to date by applying security updates and service packs in a timely fashion.

Use a robust spam filter to guard against fraudulent and dangerous e-mail.

You can add sites you trust to the Trusted Sites zone with more than middle security level. Follow the guidance to take actions http://www.microsoft.com/mscorp/safety/technologie s/antiphishing/guidance.mspx

Browser Based Attacks

Phishing

Cross Site Scripting

ClickJacking

Cross Site Scripting: Overview

Cross-Site Scripting (XSS): Occurs whenever an application reads user data, and embeds that user data in Web responses without encoding or validating the user data Common vulnerabilities that make Web-based applications susceptible to cross-site scripting attacks: Improper input validation Failing to encode output Trusting data from shared resources

Cross Site Scripting in News

October 2005 February 2006 June 2008 December 2008 April 2009 MySpace “Samy” worm Facebook Yahoo Mail American Express Twitter http://twittercism.com/remove-stalkdaily/

http://xssed.com/ - live XSSed

Types of Cross-Site Scripting

Two major types of cross-site scripting attacks: Type 1: Non-Persistent Often referred to as reflected cross-site scripting Requires some level of social engineering Type 2: Persistent Stored cross-site scripting One attack can affect multiple users Type 0: DOM-Based 38

Type 1: Non-Persistent Cross-Site Scripting

Web Server Congratulations! You won a prize, please click here to claim your prize!

Hello http://www.contoso.com?

id=

[malicious code]

… User Malicious User 39

Type 2: Persistent Cross-Site Scripting

Malicious User Web Server

Blog Comment:

Hello, this article was helpful!

[malicious code]

Thanks, Kevin Database

Blog Comment:

Hello, this article was helpful!

[malicious code]

Thanks, Kevin User User User 40

Mitigation Strategies

Server Sides Validate all untrusted input Encode any Web response data that could contain user or other untrusted input Use built-in ASP.NET protection via the ValidateRequest option Use the System.Web.HttpCookie.HttpOnly property Use the , IE6 and above security attribute Use the Microsoft Anti-Cross Site Scripting Library (AntiXSS)</p> <a id="p42"></a> <h3>Microsoft Anti-Cross Site Scripting Library V3.1</h3> <p>New features An expanded white list that supports more languages Performance improvements Performance data sheets (in the online help) Support for Shift_JIS encoding for mobile browsers A sample application Security Runtime Engine (SRE) HTTP module </p> <a id="p43"></a> <p>Security Runtime Engine (SRE) HTTP module</p> <p><i>Ideally, you do not need to change your code!</i></p> <p>In your your web.config, <httpModules> < add name=" AntiXssModule " type=" Microsoft.Security.Application.</p> <p>SecurityRuntimeEngine.AntiXssModule</p> <p>"/> </httpModules> In antixssmodule.config, <ControlEncodingContexts> <ControlEncodingContext PropertyName= "Title" FullClassName= "System.Web.UI.Page" EncodingContext= "Html" /> <ControlEncodingContext FullClassName= "System.Web.UI.WebControls.Label" PropertyName= "Text" EncodingContext= "Html" /> <ControlEncodingContext FullClassName= "System.Web.UI.WebControls.CheckBox" PropertyName= "Text" EncodingContext= "Html" /> </ControlEncodingContexts></p> <a id="p44"></a> <h3>Anti-Cross Site Scripting in Action</h3> <p>Microsoft Anti-Cross Site Scripting Library V3.1</p> <a id="p45"></a> <h3>Mitigation Strategies</h3> <p>Client Sides IE8 XSS Filter</p> <a id="p46"></a> <h3>Anti-Cross Site Scripting in Action</h3> <p>IE8 XSS Filter with Microsoft Application Compatibility Tool Kit</p> <a id="p47"></a> <h3>Browser Based Attacks</h3> <p>Phishing Cross Site Scripting</p> <h3>ClickJacking</h3> <a id="p48"></a> <h3>ClickJacking: Overview</h3> <p>Clickjacking is : an attack that tricks the victim into initiating commands on a website that they did not intend. Use iframes and web page layers in DHTML such that you overlay a potentially malicious button (for example) on top of an existing legitimate web page.</p> <a id="p49"></a> <h3>A ClickJacking Example</h3> <p>Suppose that a hacker site has the following source code… </p> <a id="p50"></a> <h3>Mitigation</h3> <p>Use FrameBreaker Script <script>if (top!=self) top.location.href=self.location.href</script> Use X-Frame-Options Header for IE8 HTTP response header named </p> <p><b>X-FRAME-OPTIONS</b></p> <p>The OPTIONS value contains the token within a frame IIS Manager, content="DENY" /> in <head> section, or Options", "Deny”).</p> <p><b>DENY</b></p> <p>In html, insert <meta http-equiv="X-FRAME-OPTIONS" with HTML pages to restrict how the page may be framed , IE8 will prevent the page from rendering if it will be contained Add X-FRAME-OPTIONS and Deny to HTTP Response Headers using Using ASP.Net, you can insert Response.AddHeader("X-Frame-</p> <a id="p51"></a> <h3>ClickJacking: </h3> <p>FrameBreaker and IE8 Defense</p> <a id="p52"></a> <h3>Attack Vectors and Trends</h3> <p>Rogue Unwanted Software Browser Based Attacks</p> <h3>File Format Attack - Office</h3> <a id="p53"></a> <h3>File Format Attack: Overview</h3> <p>This class of vulnerability is described as <i>parser </i></p> <p><i>vulnerabilities.</i></p> <p>Attacker creates a specially crafted document that takes advantage of an error in how the code processes or parses the file format.</p> <p>Increasingly, attackers are using common file formats as transmission vectors for exploits.</p> <p>Office format and PDF format </p> <a id="p54"></a> <h3>File Format Attack Trend</h3> <p>Recent (2H08) saw a sharp increase in the number of file format–based attacks, Often in the form of spear phishing and whaling attacks, the victim opens the attachment Or at a malicious / compromised web site, and the malicious code forces browsers to a malicious document, which is opened by victim</p> <a id="p55"></a> <h3>Binary Office File Format vs. Open XML format</h3> <p>Office 2003 (and lower) Binary Format OLE Structured Storage outer format File system within a file!</p> <p>Complex file format complete with FAT Table Sectors Streams (like files) Another application specific inner format within a stream!</p> <p>Header STRM1 STRM3 STRM2 STRM4</p> <a id="p56"></a> <h3>Examining The File</h3> <p>Requires a hex editor + expert knowledge Interesting strings in a stream near the beginning of the malicious files!</p> <p>What could possibly go wrong?</p> <a id="p57"></a> <h3>Office 2007 Open XML File Format</h3> <p>Safety was a design goal from the beginning Designed under the SDL ZIP file container with ‘XML parts’ Also non-XML parts (typically binary data like embedded images or OLE objects) Non-XML parts can be disabled by policy Rename to .zip and open with zip file viewer!</p> <a id="p58"></a> <h3>Historical Data</h3> <p><b>Office Security Bulletin Trend (by quarter)</b></p> <p>30 25 20 15 10 5 0</p> <p><b>Newer is Better % of vulns affecting Office 2007 since Jan 2007 28% Vulnerable</b></p> <p>1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 2004 2005 2006 2007 2008</p> <p><b>72% Not Vulnerable</b></p> <a id="p59"></a> <h3>Layered Defenses</h3> <a id="p60"></a> <h3>Harden the Attack Surface</h3> <p>Security Engineering Security Development Lifecycle Foundation Intensive Distributed Fuzzing Integrate OS Advances Support for DEP/NX Leverage WIC Image Parsers Robust & Agile Cryptography</p> <a id="p61"></a> <h3>Reduce the Attack Surface</h3> <p>File Block Block unused or legacy file formats Easy policy enforcement View allows read-only access Tied in with Protected View for formats between block and allow Office File Validation Binary files Runs automatically on open Evaluates file for ‘correctness’ Protects against unknown exploits Faster updates for changes to rules</p> <a id="p62"></a> <h3>Gatekeeper vs MSRC cases</h3> <a id="p63"></a> <h3>Protected Viewer ‘Sandbox’</h3> <p>Word, Excel, PPT files can run in the ‘sandbox’ Prevents harmful documents from damaging user data and OS Help users make better trust decisions</p> <a id="p64"></a> <h3>Protected Viewer</h3> <a id="p65"></a> <h3>Office - FileFormats</h3> <a id="p66"></a> <h3>Observations on XP</h3> <p>Malicious PPT drops an EXE and a clean PPT on users desktop The EXE creates a ‘.log’ file in users temp folder and executes it.</p> <p>The malware creates 2 binaries in system32 and modifies HKLM registry keys The binaries are injected into SYSTEM processes like winlogon.exe</p> <p>Requires regular user rights Requires regular user rights Requires admin rights Requires admin rights</p> <a id="p67"></a> <h3>Observations on Vista</h3> <p>Malicious PPT drops an EXE and a clean PPT on users desktop The EXE creates a ‘.log’ file in users temp folder and executes it.</p> <p>The malware creates 2 binaries in system32 and modifies HKLM registry keys The binaries are injected into SYSTEM processes like winlogon.exe</p> <p>Requires regular user rights Requires regular user rights Requires admin rights Requires admin rights</p> <a id="p68"></a> <h3>Better Together</h3> <p>File Block GateKeeper Standard User / UAC UAC “Dark Roast”</p> <a id="p69"></a> <h3>Mitigations</h3> <p>Configure your computer to use Microsoft Update Ensure that Microsoft security update MS06-027 has been applied to any affected software in your environment: http://www.microsoft.com/technet/security/bulletin/ MS06-027.mspx.</p> <p>Keep your third-party software up to date. Updates for Adobe products can be downloaded from http://www.adobe.com/downloads/updates/ . If possible, upgrade your software applications to the most recent versions, since these demonstrate lower rates of attack.</p> <p>Avoid opening attachments or clicking links to documents in e-mail or instant messages that are received unexpectedly or from an unknown source.</p> <p>Use up-to-date antivirus software from a known, trusted source that offers real-time protection and continually updated definition files to detect and block exploits.</p> <a id="p70"></a> <h3>Summary</h3> <p>Trends are WORMS, Rogue, FileFormat Varies world wide Security Community effort in industry to keep on top Technology evolving fast to solve root cause (GateKeeper) Updates, Virus Checkers, Good Risk Management are key, Security Standards Lockdowns go a long way</p> <a id="p71"></a> <h3>Quick Case Study</h3> <p>AppLocker + Windows only rules + App rules No execute for standard users for writable areas Bitlocker Lockdown to reduce attack surface Virus checker/Updates etc… Gives a solid defense in-depth client build!</p> <a id="p72"></a> <h3>Summary</h3> <p>Both security vendors and IT professionals should Adjust their risk management processes appropriately to help ensure that all operating systems and applications are protected (ISO 27000, COBIT, MS Sec Risk Guide) Keep updating wide range of potential security issues Take appropriate actions based on your risk assessment As individual to protect against malicious code Keep update the security patches and anti-virus signatures, and if possible upgrade to newer software Educate themselves for potential security risks IT professionals and consumers should take advantage of the defense-in-depth technologies, such as firewalls, antivirus programs, and antispyware programs available from trusted sources… </p> <a id="p73"></a> <h3>Summary</h3> <p>Most important of all… Stay informed & up to date Microsoft Malware Protection Center Microsoft Security Update Guide Microsoft Security Engineering Center Microsoft Security Response Center Microsoft SIR v7 Report Microsoft AV Security Essentials End to End trust Microsoft Security Development Lifecycle Common Vulnerabilities and Exposures : http://cve.mitre.org</p> <a id="p75"></a> <h3>Track Resources</h3> <p>Common Vulnerabilities and Exposures : http://cve.mitre.org</p> <p>Nation Vulnerability Database : http://nvdnist.gov</p> <p>www.securityfocus.com</p> <p>, www.secunia.com</p> <p>, www.securitytracker.com</p> <p>Microsoft Malware Protection Center , Microsoft Security Update Guide , Microsoft Security Engineering Center , Microsoft Security Response Center , Microsoft SIR v7 Report , Microsoft AV , Security Essentials , End to End trust, Microsoft Security Development Lifecycle</p> <a id="p76"></a> <h3>Resources</h3> <p>www.microsoft.com/teched Sessions On-Demand & Community www.microsoft.com/learning Microsoft Certification & Training Resources http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers</p> <a id="p77"></a> <h3>Related Content</h3> <p>SIA-205: SDL-Agile: Microsoft’s Approach to Security for Agile Projects</p> <a id="p78"></a> <p>Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!</p> <a id="p79"></a> <p>© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.</p> <p>The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.</p> </div> </section> </div> </div> </div> </main> <footer> <div class="container mt-3"> <div class="row justify-content-between"> <div class="col"> <a href="/"> <img src="/theme/studyslide/static/logo-slideum.png" /> </a> </div> </div> <div class="row mt-3"> <ul class="col-sm-6 list-unstyled"> <li> <h6 class="mb-3">Company</h6> <li> <i class="fa fa-location-arrow"></i> Nicosia Constantinou Palaiologou 16, Palouriotissa, 1040 <li> <i class="fa fa-phone"></i> +357 64-733-402 <li> <i class="fa fa-envelope"></i> info@slideum.com </ul> <ul class="col-6 col-sm-3 list-unstyled"> <li> <h6 class="mb-3">Links</h6> <li> <a href="/about">About</a> <li> <a href="/contacts">Contact</a> <li> <a href="/faq">Help / FAQ</a> </ul> <ul class="col-6 col-sm-3 list-unstyled"> <li> <h6 class="mb-3">Legal</h6> <li> <a href="/terms">Terms of Service</a> <li> <a href="/privacy">Privacy policy</a> <li> <a href="/page.html?code=public.usefull.cookie">Cookie policy</a> <li> <a href="/page.html?code=public.usefull.disclaimer">Disclaimer</a> </ul> </div> <hr> <p>slideum.com © 2024, Inc. All rights reserved.</p> </div> </footer> <div class="modal directory" id="directory-modal"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <h5 class="modal-title">Directory</h5> <button class="close" type="button" data-dismiss="modal">×</button> </div> <div class="modal-body"></div> </div> </div> </div> <script src="/theme/common/static/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/theme/common/static/jquery_extra/dist/jquery-extra.js"></script> <script src="/theme/common/static/popper.js@1.16.1/dist/umd/popper.min.js"></script> <script src="/theme/common/static/bootstrap@4.6.0/dist/js/bootstrap.min.js"></script> <script> var __path_directory = [ ] !function __draw_directory(data, root, uuid) { var ul = $('<ul>', uuid && { id: 'category' + uuid, class: !__path_directory.includes(uuid) ? 'collapse' : null }); for (var item in data) { var li = $('<li>').appendTo(ul); if (item = data[item], item.children) { li.append('<a href=#category' + item.id + ' data-toggle=collapse>') __draw_directory(item.children, li, item.id); } else { li.append('<a href=' + item.url + '>'); } var a = $('> a', li).addClass('item').text(item.name) .append($('<a class="link fa fa-external-link" href=' + item.url + '>')); if (item.id === +__path_directory.slice(-1)) { a.addClass('active'); } /* if (item.id !== __path_directory[0]) { a.addClass('collapsed'); } */ } root.append(ul); } ([{"id":1,"name":"Food and cooking","url":"/catalog/Food+and+cooking","children":null},{"id":2,"name":"Education","url":"/catalog/Education","children":null},{"id":3,"name":"Healthcare","url":"/catalog/Healthcare","children":null},{"id":4,"name":"Real estate","url":"/catalog/Real+estate","children":null},{"id":5,"name":"Religion ","url":"/catalog/Religion+","children":null},{"id":6,"name":"Science and nature","url":"/catalog/Science+and+nature","children":null},{"id":7,"name":"Internet","url":"/catalog/Internet","children":null},{"id":8,"name":"Sport","url":"/catalog/Sport","children":null},{"id":9,"name":"Technical documentation","url":"/catalog/Technical+documentation","children":null},{"id":10,"name":"Travel","url":"/catalog/Travel","children":null},{"id":11,"name":"Art and Design","url":"/catalog/Art+and+Design","children":null},{"id":12,"name":"Automotive","url":"/catalog/Automotive","children":null},{"id":13,"name":"Business","url":"/catalog/Business","children":null},{"id":14,"name":"Government","url":"/catalog/Government","children":null}], $('#directory-aside')); var __root_directory = $('#directory-aside > ul'); $('#directory-aside') .on('show.bs.collapse', function() { //console.log('show.collapse') }) .on('hide.bs.collapse', function() { //console.log('hide.collapse') }); $('#directory-modal') .on('show.bs.modal', function() { $('[class$="body"]', this).prepend(__root_directory); }) .on('hide.bs.modal', function() { $('#directory-aside').prepend(__root_directory); }); $('.directory-mobile').on('click', function(e) { e.preventDefault(); }); $('.directory .link').on('click', function(e) { e.stopPropagation(); }); </script> <script> function scrollToViewport() { $('html, body').stop().animate( { scrollTop: $('.navbar').outerHeight() }, 1000); } setTimeout(scrollToViewport, 1000); $(window).on('orientationchange', scrollToViewport); $('[data-toggle="tooltip"]').tooltip(); </script> <script async src="//s7.addthis.com/js/300/addthis_widget.js#pubid=#sp('addthis_pub_id')"></script>  <script type="text/javascript"> (function (d, w, c) { (w[c] = w[c] || []).push(function() { try { w.yaCounter28397281 = new Ya.Metrika({ id:28397281 }); } catch(e) { } }); var n = d.getElementsByTagName("script")[0], s = d.createElement("script"), f = function () { n.parentNode.insertBefore(s, n); }; s.type = "text/javascript"; s.async = true; s.src = (d.location.protocol == "https:" ? "https:" : "http:") + "//mc.yandex.ru/metrika/watch.js"; if (w.opera == "[object Opera]") { d.addEventListener("DOMContentLoaded", f, false); } else { f(); } })(document, window, "yandex_metrika_callbacks"); </script> <noscript><div><img src="//mc.yandex.ru/watch/28397281" style="position:absolute; left:-9999px;" alt="" /></div></noscript>  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css" /> <style> @media screen and (max-width: 768px) { .cc-revoke { display: none; }} </style> <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> <script> window.addEventListener("load", function() { window.cookieconsent.initialise( { content: { href: "https://slideum.com/dmca" }, location: true, palette: { button: { background: "#fff", text: "#237afc" }, popup: { background: "#007bff" }, }, position: "bottom-right", revokable: true, theme: "classic", type: "opt-in" })}); </script> </body> </html>