Smart Megalopolises. How Safe and Reliable Is Your Data?

•

1 like•327 views

Road sensors which collect raw data for intelligent transport systems are hugely important, with key decisions around road improvement, traffic jam management and traffic light patterns based on the information they collect. Radars transmit this data to an operation center for detailed analysis, but can governments truly trust and rely on the data? (Source: RSA USA 2016-San Francisco)

Technology

SESSION ID:
RSAC
Denis Legezo
Smart Megalopolises.
How Safe and Reliable Is
Your Data?
TECH-T09
Global Research and Analytics
Team, Kaspersky Lab
@Legezo

#RSAC
The plan for today
3
 Smart cities: Sensors' role
 Reconnaissance: Vendors, locations, etc.
 Sensors' functionality: Interfaces and data
 Firmware: The Holy Grail of embedded
 Automation: Let's send some bytes
 Smart cities: Outside sensors

#RSAC
Why cities need all this stuff?
4
 Smart cities: Sensors' role
 Reconnaissance: Vendors, locations, etc.
 Sensors' functionality: Interfaces and data
 Firmware: The Holy Grail of embedded
 Automation: Let's send some bytes
 Smart cities: Outside sensors

#RSAC
Why do cities have be smart?
5
 Investments
 Staff
 Infrastructure
 Data centers
 Operation center

#RSAC
…And for traffic management
7
 Possible to use for the
traffic lights
 Counting vehicles
number and change
timings
 Counting pedestrians
as well

#RSAC
Radars are the source of such data
8

#RSAC
The first phase
9
 Smart cities: Sensors' role
 Reconnaissance: Vendors, locations, etc.
 Sensors' functionality: Interfaces and data
 Firmware: The Holy Grail of embedded
 Automation: Let's send some bytes
 Smart cities: Outside sensors

#RSAC
..Any IDs you can get are also
11
 MACs
 Names
 Any IDs

#RSAC
What we are gathering?
12
 Smart cities: Sensors' role
 Reconnaissance: Vendors, locations, etc.
 Sensors' functionality: Interfaces and data
 Firmware: The Holy Grail of embedded
 Automation: Let's send some bytes
 Smart cities: Outside sensors

#RSAC
What's inside the data?
15
 Vehicle type
 Number of vehicles
 Median speed
 Station occupancy

#RSAC
The Holy Grail
16
 Smart cities: Sensors' role
 Reconnaissance: Vendors, locations, etc.
 Sensors' functionality: Interfaces and data
 Firmware: The Holy Grail of embedded
 Automation: Let's send some bytes
 Smart cities: Outside sensors

#RSAC
Can we add some functions?
17
 Through interface
 Debugger?
 Commands?
 What is format?

#RSAC
But for which controller is it?
19

#RSAC
..but it happens anyway
21
 For me in a blackbox mode it looks like dead end
 But does it means dead end at all?
 Of course not!

#RSAC
Even with the stock firmware..
22
 Smart cities: Sensors' role
 Reconnaissance: Vendors, locations, etc.
 Sensors' functionality: Interfaces and data
 Firmware: The Holy Grail of embedded
 Automation: Let's send some bytes
 Smart cities: Outside sensors

#RSAC
Reconnaissance first
23
 I started with script + C
 Bluetooth tools
 adb to get GPS from phone
 C code for sending
 What to send?

#RSAC
What about the small DDoS?
27
 Driving by, changing settings
 Time: all traffic at night
 Types: all traffic trucks

#RSAC
Python + PostgreSQL seems better
28

#RSAC
Resolve vendor and address offline
29

#RSAC
What to do further and else?
30
 Smart cities: Sensors' role
 Reconnaissance: Vendors, locations, etc.
 Sensors' functionality: Interfaces and data
 Firmware: The Holy Grail of embedded
 Automation: Let's send some bytes
 Smart cities: Outside sensors

#RSAC
Side effects
31
 Gather Wi-Fi data and filter it with Postgres views
 MACs can be anonymous
 WEP is still alive

#RSAC
Where is always place for fuzzing
32
 Where are undocumented commands

#RSAC
...even speeding penalties
34
 Smart cities security
perimeter if huge
 So is the surface of attacks
 Different authorities are in
charge of the infrastructure

#RSAC
What to apply?
36
Change appearance and default names
Don't rely only on standard authentication
Cooperate with third-party researches
Think a little bit like malefactor or hire someone who can
I know embedded devices vendors with generous bug bounty
program. Respect
Cities also could participate

#RSAC
Summary
37
Smart city infrastructure is visible due to ID
Kudos to vendor, firmware is strong
Automation is possible with change of any settings
Interesting side effects with wireless protocols
Go further!

#RSAC
Denis.Legezo@kaspersky.com
Denis Legezo

What's hot

With the advent of virtualization and software-defined networking (SDN), the nature and design of today’s networks are changing rapidly. Network security models need to adapt to the virtual data center, and there are a plethora of new technologies that can help security and operations teams design scalable network security architectures that work in highly virtualized environments. (Source: RSA USA 2016-San Francisco)

Designing Virtual Network Security Architectures

Priyanka Aash

Your next breach or insider attack will most likely have you digging for evidence in the cloud. Are you prepared? The old styles of imaging disks and tapping networks won't work! It won’t scale! This session will discuss response scenarios for cloud-enabled and cloud-dependent enterprises, a model for preparing for cloud response, and will show examples of cloud breach investigations. (Source: RSA USA 2016-San Francisco)

Cloud Breach – Preparation and Response

Priyanka Aash

Want to detect threats in your organization? Stop reading every feed and curate your threat intel and content so they actually work for your security architecture. By managing meaningful threat intelligence so the external intel maps to internal threat models and curating your content sensibly, you can create a high-functioning SOC that both detects and defends against cyberattacks. (Source: RSA Conference USA 2018)

Threat intel- -content-curation-organizing-the-path-to-successful-detection

Priyanka Aash

Vodafone is one of the world’s largest telecommunications companies, enabling connectivity by providing mobile, fixed and IoT networks to customers around the world. Vodafone is redefining the boundary of the SOC and sees the balance between prevention, detection and response for both Vodafone’s organization and customers as vital. This session will describe the journey from reactive SOC to proactive cyber-defense. (Source: RSA Conference USA 2018)

Pulling our-socs-up

Priyanka Aash

Security is overdue for actionable forecasts. Like predicting the weather, similar models should work for vulnerabilities. With some open source data and a clever machine learning model, Kenna Securities can predict which vulnerabilities attackers are likely to write exploits for. Their model has 90 percent accuracy, one the day a vulnerability is released. The speaker will issue some forecasts live. (Source: RSA Conference USA 2018)

Predicting exploitability-forecasts-for-vulnerability-management

Priyanka Aash

Making Threat Intelligence Actionable Final

Priyanka Aash

Graph analysis is a powerful tool for modeling malicious group behavior and detecting anomalies in domains ranging from traffic analysis to fraud detection. This talk will cover techniques and open-source tools for graph analytics, including an end-to-end analysis of a novel application of graph analytics to malware detection: from real data collection to the visualization of results. Learning Objectives: 1: Receive an introduction to graph analytics. 2: Understand the complete work-flow of a realistic application of graph analytics. 3: Understand limitations and pitfalls of applying graph analytics to a real problem. (Source: RSA Conference USA 2018)

Fighting Malware with Graph Analytics: An End-to-End Case Study

Priyanka Aash

Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain

Priyanka Aash

We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started! (Source: RSA Conference USA 2018)

Incident response-in-the-cloud

Priyanka Aash

Achieving Defendable Architectures Via Threat Driven Methodologies

Priyanka Aash

Cyberthreats are assymetric risks: corporate defenders must secure and detect everything, but the attacker needs to exploit only once. As petabytes of data traverse the ecosystem, legacy data protection methods leave many gaps. By looking through the adversary’s eyes, you can create subterfuges, delay attack progress or reduce the value of any data ultimately accessed—and shift the risk equation. (Source : RSA Conference USA 2017)

Confusion and deception new tools for data protection

Priyanka Aash

Arshan Dabirsiaghi, Contrast Security Matt Austin, Contrast Security Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR. The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself. Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application? In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.

BlueHat v18 || Dep for the app layer - time for app sec to grow up

BlueHat Security Conference

The increasing mobility of professional users has brought an end to the traditional corporate security perimeter. Google has reinvented its security perimeter around devices through its groundbreaking "BeyondCorp" initiative. In this talk, two Google security leaders will share how this transformation took place, where it's headed and how you can apply this approach to your organization. (Source: RSA Conference USA 2017)

How Google Protects Its Corporate Security Perimeter without Firewalls

Priyanka Aash

The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT. (Source: RSA Conference USA 2018)

Identity-Based Security and Privacy for the Internet of Things

Priyanka Aash

Security incidents are increasing dramatically and becoming more sophisticated, making it almost impossible for security analysts to keep up. A cognitive solution that can learn about security from structured and unstructured information sources is essential. It can be applied to empower security analysts with insights to qualify incidents and investigate risks quickly and accurately. (Source : RSA Conference 2017)

Applied cognitive security complementing the security analyst

Priyanka Aash

Picking an attacker’s signals out of billions of log events in near real time from petabyte scale storage is a daunting task, but Microsoft has been using security data science at cloud scale to successfully disrupt attackers. This session will present the latest frameworks, techniques and the unconventional machine-learning algorithms that Microsoft uses to protect its infrastructure and customers. (Source : RSA Conference USA 2017)

Advances in cloud scale machine learning for cyber-defense

Priyanka Aash

Cloud attack vectors and security controls are different. Many companies breached on AWS moved sensitive data to AWS following best practices or implementing cloud security controls correctly. Reports indicate that hybrid cloud implementations have weaknesses and research finds that devs are the new security target. See Kolby Allen and Teri Radichel duke it out as Teri attacks an AWS account and Kolby defends it. (Source: RSA Conference USA 2018)

Red Team vs. Blue Team on AWS

Priyanka Aash

SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs

Rod Soto

PayPal delivers secure payment solutions across the world. Managing the security of customer data is expected across the financial services industry. This talk will focus on real-world strategies that PayPal has employed within our data environment, all while supporting multiple “As a Service,” “World-wide Scale,” “NoSQL” and “Cloud” technologies within a 10+-year-old company. (Source: RSA USA 2016-San Francisco)

Realities of Data Security

Priyanka Aash

What's hot (19)

Designing Virtual Network Security Architectures

Cloud Breach – Preparation and Response

Threat intel- -content-curation-organizing-the-path-to-successful-detection

Pulling our-socs-up

Predicting exploitability-forecasts-for-vulnerability-management

Making Threat Intelligence Actionable Final

Fighting Malware with Graph Analytics: An End-to-End Case Study

Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain

Incident response-in-the-cloud

Achieving Defendable Architectures Via Threat Driven Methodologies

Confusion and deception new tools for data protection

BlueHat v18 || Dep for the app layer - time for app sec to grow up

How Google Protects Its Corporate Security Perimeter without Firewalls

Identity-Based Security and Privacy for the Internet of Things

Applied cognitive security complementing the security analyst

Advances in cloud scale machine learning for cyber-defense

Red Team vs. Blue Team on AWS

SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs

Realities of Data Security

Viewers also liked

VMworld 2013: Changing the Economics of Firewall Services in the Software-Def...

VMworld

Ronen Shtayer,Director of ASG Operations & PMO, NXP Semiconductor

chiportal

Cars these days are 90% controlled by electronics and 10% using mechanics. The average new car already contains around 20 individual processors to monitor and control various functions — everything from the transmission’s shift points to the operation of the defroster — with about 60 megabytes of software code. Many new cars are as “wired” as a home office — with onboard GPS navigation and wireless communications networks including Bluetooth, Wi-Fi or Internet run on Embedded OS's which run on converged Electronics to control these actions. What if modern car’s onboard electronics be “hacked” or infected by a computer virus introduced through a wireless device that might corrupt or disable or controlled by a Hacker sitting at home? The software does come with built in security but this is not enough and there is a need to offer a full Security package along with Car to guarantee Car's security. Life of people is more important than a gadget and people will pay and buy this package with a new car or upgrade to ensure that their car is not hacked by Hackers to malfunction or be used for other pervert interests.

Hacking your Connected Car: What you need to know NOW

Kapil Kanugo

1.Car Security Understanding the Car Onboard Communication / Connection and inherent Security Weakness 2.Addressing the Security Concerns : System’s Viewpoint Hardware Security Module & Secure Hardware Extension Look at Software Principle of MAC and Associated Hardware 3.Achieving Security implementation checks via Software and Addressing the Hardware Safety aspect. Closing the Loop for Security Safeness: Complete Solution to Ensure Security/Safety Compliance with Software

Managing securityforautomotivesoc

Pankaj Singh

Java EE 7 - Overview and Status

Java Usergroup Berlin-Brandenburg

Cyber Security for the Connected Car

Real-Time Innovations (RTI)

This session will provide an overview of the new Qualcomm® Snapdragon™ Automotive Development Platform (ADP), which offers the multiple, integrated capabilities of optimized Qualcomm Technologies, Inc., production-grade solutions in a single-board platform. The ADP enables rapid development, testing and deployment of next-generation infotainment apps and experiences for the emerging connected car opportunity. Qualcomm Snapdragon is a product of Qualcomm Technologies, Inc. Watch this presentation on YouTube: https://www.youtube.com/watch?v=RMF3AQon3NU

Developing for the Connected Car

Qualcomm Developer Network

AWS Security

Amazon Web Services

Viewers also liked (8)

VMworld 2013: Changing the Economics of Firewall Services in the Software-Def...

Ronen Shtayer,Director of ASG Operations & PMO, NXP Semiconductor

Hacking your Connected Car: What you need to know NOW

Managing securityforautomotivesoc

Java EE 7 - Overview and Status

Cyber Security for the Connected Car

Developing for the Connected Car

AWS Security

Similar to Smart Megalopolises. How Safe and Reliable Is Your Data?

The Next Generation of Microservices — YOW 2017 Brisbane

Phil Calçado

Living BeyondCorp comes with its own challenges. This talk will dive into how Duo gets our hands around difficult problems regarding the security and management of cloud services and endpoints internally. This session will cover technical details of our security orchestration and automation approach, cloud service monitoring, and chatops-driven endpoint application whitelisting strategies. (Source: RSA Conference USA 2018)

Corpsec: “What Happened to Corpses A and B?”

Priyanka Aash

How to Analyze an Android Bot

Priyanka Aash

Serverless Security: Are you ready for the Future?

James Wickett

RSA 2016 Realities of Data Security

Scott Carlson

CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery

Priyanka Aash

Vulnerability analysis has largely been a process that requires substantial human expertise. However, very recently there has been a push for completely autonomous hacking systems, which can find flaws, exploit them and even provide patches, all without any human intervention. This talk presents recent advances in autonomous hacking and provides lessons learned from participating in the DARPA CGC. (Source: RSA USA 2016-San Francisco)

Autonomous Hacking: The New Frontiers of Attack and Defense

Priyanka Aash

Traditional techniques to detect malice in Android apps struggle to identify trigger-based changes to application logic. Unfortunately, such triggers are a key component of targeted malware, where the trigger is the mechanism that ensures that the code is only executed at the target. This talk will review how static analysis can be used to detect and leverage triggers for more robust detection. (Source: RSA USA 2016-San Francisco)

Finding Triggered Malice in Android Apps

Priyanka Aash

How are microservices in 2017 different from how we used to build them at the beginning of the decade? More traditional Service-Oriented Architectures were defined by protocols and standards published and curated by industry consortiums. Knowledge of the architectural style usually called "microservices", on the other hand, is often in the form of patterns, cautionary tales, and tools extracted from real-world reports and software made available by organisations that have adopted this style. Almost ten years since the first wave of such reports, the landscape has changed considerably. Many hard challenges from the past have been eased or completely solved, and a lot of the custom software created by the microservices pioneers have been made off-the-shelf open source software. In this talk, Phil Calçado will contrast what we first found in the first generation of microservices architectures against the current generation's landscape. Let's talk about which previous common knowledge and patterns are deprecated, which ones are still active, and introduce some of the ones that have been recently added to our toolbox.

The Next Generation of Microservices

Phil Calçado

“Infrastructure as Code” has changed not only how we think about configuring infrastructure, but about the infrastructure itself. AWS has been at the core of this movement, enabling your infrastructure teams to benefit from software engineering best practices such as CI/CD, automated testing, and repeatable deployments. Now that you have mastered the art of managing your infrastructure as code, it’s time to leverage these same lessons for monitoring and metrics. In this session, we dive into how you can leverage tooling such as AWS, Terraform, and Datadog to programmatically define your monitoring so that you that you can scale your organizational observability along with your infrastructure, and attain consistency from local development all the way through production. Session sponsored by Datadog, Inc.

Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...

Amazon Web Services

Cloud Security Essentials 2.0 at RSA

Shannon Lietz

Exploring the Real-World Application Security Top 10

Priyanka Aash

Meetup 4/2/2016 - Functionele en technische architectuur IoT

Digipolis Antwerpen

Serverless Attack Vectors

Teri Radichel

RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!

Mike Schwartz

Engineering the IoT at AWS - IOT402 - re:Invent 2017

Amazon Web Services

The large O’Reilly survey on serverless adoption indicated that the majority of enterprises have not yet adopted serverless. They have cited the following concerns as main factors: security, the steep learning curve, vendor lock-in, integration/debugging and observability of serverless applications. In this talk, I will share my views on these concerns and present how Waylay IO has addressed these challenges. Waylay IO’s mission is to finally unlock all promised benefits of serverless computation, with an intuitive and developer-friendly low-code platform.

Has serverless adoption hit a roadblock?

Veselin Pizurica

Real time analytics in Azure IoT

Sam Vanhoutte

Introduzione a Software Define Networking

festival ICT 2016

What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of big data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value. This was presented at SplunkLive! Stockholm October 2015, for more information visit http://live.splunk.com/stockholm

SplunkLive! Stockholm 2015 breakout - Getting started with Splunk Enterprise

Splunk

Similar to Smart Megalopolises. How Safe and Reliable Is Your Data? (20)

The Next Generation of Microservices — YOW 2017 Brisbane

Corpsec: “What Happened to Corpses A and B?”

How to Analyze an Android Bot

Serverless Security: Are you ready for the Future?

RSA 2016 Realities of Data Security

CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery

Autonomous Hacking: The New Frontiers of Attack and Defense

Finding Triggered Malice in Android Apps

The Next Generation of Microservices

Monitoring as Code: Getting to Monitoring-Driven Development - DEV314 - re:In...

Cloud Security Essentials 2.0 at RSA

Exploring the Real-World Application Security Top 10

Meetup 4/2/2016 - Functionele en technische architectuur IoT

Serverless Attack Vectors

RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!

Engineering the IoT at AWS - IOT402 - re:Invent 2017

Has serverless adoption hit a roadblock?

Real time analytics in Azure IoT

Introduzione a Software Define Networking

SplunkLive! Stockholm 2015 breakout - Getting started with Splunk Enterprise

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs

Priyanka Aash

Verizon Breach Investigation Report (VBIR).pdf

Priyanka Aash

Top 10 Security Risks .pptx.pdf

Priyanka Aash

Simplifying data privacy and protection.pdf

Priyanka Aash

Generative AI and Security (1).pptx.pdf

Priyanka Aash

EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf

Priyanka Aash

DPDP Act 2023.pdf

Priyanka Aash

Cyber Truths_Are you Prepared version 1.1.pptx.pdf

Priyanka Aash

Cyber Crisis Management.pdf

Priyanka Aash

CISOPlatform journey.pptx.pdf

Priyanka Aash

Chennai Chapter.pptx.pdf

Priyanka Aash

Cloud attack vectors_Moshe.pdf

Priyanka Aash

Stories From The Web 3 Battlefield

Priyanka Aash

Lessons Learned From Ransomware Attacks

Priyanka Aash

Emerging New Threats And Top CISO Priorities In 2022 (Chennai)

Priyanka Aash

Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)

Priyanka Aash

Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)

Priyanka Aash

Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud

Cloud Security: Limitations of Cloud Security Groups and Flow Logs

Priyanka Aash

Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.

Cyber Security Governance

Priyanka Aash

The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.

Ethical Hacking

Priyanka Aash

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs

Verizon Breach Investigation Report (VBIR).pdf

Top 10 Security Risks .pptx.pdf

Simplifying data privacy and protection.pdf

Generative AI and Security (1).pptx.pdf

EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf

DPDP Act 2023.pdf

Cyber Truths_Are you Prepared version 1.1.pptx.pdf

Cyber Crisis Management.pdf

CISOPlatform journey.pptx.pdf

Chennai Chapter.pptx.pdf

Cloud attack vectors_Moshe.pdf

Stories From The Web 3 Battlefield

Lessons Learned From Ransomware Attacks

Emerging New Threats And Top CISO Priorities In 2022 (Chennai)

Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)

Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)

Cloud Security: Limitations of Cloud Security Groups and Flow Logs

Cyber Security Governance

Ethical Hacking

Recently uploaded

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2

Exploring Multimodal Embeddings with Milvus

Zilliz

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Key topics covered: - Real-world examples of Choreo's comprehensive coverage from application design and deployment, security, scaling, and monitoring - Running different types of workloads, such as web applications, APIs, microservices, integrations, and tasks at scale, and wire them together to deliver seamless omnichannel digital experiences - How Choreo improves the developer experience by eliminating repetition, silos, and redundancy through enhanced discoverability and self-serviceability

Choreo: Empowering the Future of Enterprise Software Engineering

WSO2

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

rightmanforbloodline

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

DBX First Quarter 2024 Investor Presentation

Dropbox

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Recently uploaded (20)

Artificial Intelligence Chap.5 : Uncertainty

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Introduction to Multilingual Retrieval Augmented Generation (RAG)

MINDCTI Revenue Release Quarter One 2024

Vector Search -An Introduction in Oracle Database 23ai.pptx

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

Exploring Multimodal Embeddings with Milvus

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Choreo: Empowering the Future of Enterprise Software Engineering

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

Six Myths about Ontologies: The Basics of Formal Ontology

Platformless Horizons for Digital Adaptability

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DBX First Quarter 2024 Investor Presentation

Strategies for Landing an Oracle DBA Job as a Fresher

Smart Megalopolises. How Safe and Reliable Is Your Data?

1. SESSION ID: RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and Analytics Team, Kaspersky Lab @Legezo

2. #RSAC Megalopolises are changing fast 2

3. #RSAC The plan for today 3  Smart cities: Sensors' role  Reconnaissance: Vendors, locations, etc.  Sensors' functionality: Interfaces and data  Firmware: The Holy Grail of embedded  Automation: Let's send some bytes  Smart cities: Outside sensors

4. #RSAC Why cities need all this stuff? 4  Smart cities: Sensors' role  Reconnaissance: Vendors, locations, etc.  Sensors' functionality: Interfaces and data  Firmware: The Holy Grail of embedded  Automation: Let's send some bytes  Smart cities: Outside sensors

5. #RSAC Why do cities have be smart? 5  Investments  Staff  Infrastructure  Data centers  Operation center

6. #RSAC Raw data for planning 6

7. #RSAC …And for traffic management 7  Possible to use for the traffic lights  Counting vehicles number and change timings  Counting pedestrians as well

8. #RSAC Radars are the source of such data 8

9. #RSAC The first phase 9  Smart cities: Sensors' role  Reconnaissance: Vendors, locations, etc.  Sensors' functionality: Interfaces and data  Firmware: The Holy Grail of embedded  Automation: Let's send some bytes  Smart cities: Outside sensors

10. #RSAC Appearance is a great help 10

11. #RSAC ..Any IDs you can get are also 11  MACs  Names  Any IDs

12. #RSAC What we are gathering? 12  Smart cities: Sensors' role  Reconnaissance: Vendors, locations, etc.  Sensors' functionality: Interfaces and data  Firmware: The Holy Grail of embedded  Automation: Let's send some bytes  Smart cities: Outside sensors

13. #RSAC Look, interfaces 13

14. #RSAC And a lots of data on-board 14

15. #RSAC What's inside the data? 15  Vehicle type  Number of vehicles  Median speed  Station occupancy

16. #RSAC The Holy Grail 16  Smart cities: Sensors' role  Reconnaissance: Vendors, locations, etc.  Sensors' functionality: Interfaces and data  Firmware: The Holy Grail of embedded  Automation: Let's send some bytes  Smart cities: Outside sensors

17. #RSAC Can we add some functions? 17  Through interface  Debugger?  Commands?  What is format?

18. #RSAC Format looks like iHex or SREC 18

19. #RSAC But for which controller is it? 19

20. #RSAC LinkedIn isn't only for HR 20

21. #RSAC ..but it happens anyway 21  For me in a blackbox mode it looks like dead end  But does it means dead end at all?  Of course not!

22. #RSAC Even with the stock firmware.. 22  Smart cities: Sensors' role  Reconnaissance: Vendors, locations, etc.  Sensors' functionality: Interfaces and data  Firmware: The Holy Grail of embedded  Automation: Let's send some bytes  Smart cities: Outside sensors

23. #RSAC Reconnaissance first 23  I started with script + C  Bluetooth tools  adb to get GPS from phone  C code for sending  What to send?

24. #RSAC Commands are partly known 24

25. #RSAC So we can automate 25

26. #RSAC Sensor will answer 26

27. #RSAC What about the small DDoS? 27  Driving by, changing settings  Time: all traffic at night  Types: all traffic trucks

28. #RSAC Python + PostgreSQL seems better 28

29. #RSAC Resolve vendor and address offline 29

30. #RSAC What to do further and else? 30  Smart cities: Sensors' role  Reconnaissance: Vendors, locations, etc.  Sensors' functionality: Interfaces and data  Firmware: The Holy Grail of embedded  Automation: Let's send some bytes  Smart cities: Outside sensors

31. #RSAC Side effects 31  Gather Wi-Fi data and filter it with Postgres views  MACs can be anonymous  WEP is still alive

32. #RSAC Where is always place for fuzzing 32  Where are undocumented commands

33. #RSAC So much other stuff 33

34. #RSAC ...even speeding penalties 34  Smart cities security perimeter if huge  So is the surface of attacks  Different authorities are in charge of the infrastructure

35. #RSAC ...And tools 35

36. #RSAC What to apply? 36 Change appearance and default names Don't rely only on standard authentication Cooperate with third-party researches Think a little bit like malefactor or hire someone who can I know embedded devices vendors with generous bug bounty program. Respect Cities also could participate

37. #RSAC Summary 37 Smart city infrastructure is visible due to ID Kudos to vendor, firmware is strong Automation is possible with change of any settings Interesting side effects with wireless protocols Go further!

38. #RSAC Denis.Legezo@kaspersky.com Denis Legezo

Smart Megalopolises. How Safe and Reliable Is Your Data?

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (8)

Similar to Smart Megalopolises. How Safe and Reliable Is Your Data?

Similar to Smart Megalopolises. How Safe and Reliable Is Your Data? (20)

More from Priyanka Aash

More from Priyanka Aash (20)

Recently uploaded

Recently uploaded (20)

Smart Megalopolises. How Safe and Reliable Is Your Data?