TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer

•Download as PPTX, PDF•

1 like•492 views

This document discusses the rise of malware as a service and the business models that cybercriminals use. It notes that cybercriminals are mirroring legitimate business models by offering malware creation, distribution, leadership, and resilience services. Customers can get custom or off-the-shelf malware, distribution networks, command and control resilience, and 24/7 support. This document warns that these criminal models pose serious threats and are difficult for defenders to detect and disrupt in a timely manner.

Technology Business

Technology Deathmatch
The arms race is on
Sean M. Bodmer, CEH, CISSP, NCIA
Chief Researcher
Counter-Exploitation Intelligence
CounterTack

Who is this tool?
 Sean M. Bodmer, CISSP, CEH, NCIA
 Arrested @16 years of age for hacking NASA and 3 other .gov networks
 Yes, it did put a damper on my life for a few years

 >50% of my time spent in non-gov’t based clandestine cyber operations
 2012 – Helped US Entities seize and recuperate > $6M USD
 Brief Bio
 Over 16 Years in IT Systems Security
 Over 10 Years in Intelligence and Counter-Intelligence Operations
 Lectured at numerous Industry Conferences
 Co-Authored 2 Books w/McGraw-Hill (writing 2 more)
 Quoted and Named in > 400
 Magazines, newspapers, radio, and tv-news
 CounterTack, Inc.
 Focused on in-progress detection and attribution of threats
 Develops and deploys custom high-interaction honeypots
 Provides customers tailored Threat Intelligence Services
 Knowledge Bridge Intelligence, Inc
 US IO Subject Matter Expert

There is more than one
Author(s)
• Original malware creator(s)
• Offer malware “off-the-rack”
or custom built
• May offer DIY construction kits
• Money-back guarantee if detected
• 24x7 support

Distribution/Delivery (MAS)
•
•
•
•
•

Specialized distribution network
Attracts and infects victims
Global & targeted content delivery
Delivery through Spam/drive-by/USB/etc.
Offers 24x7 support

Leader
• Individual or criminal team
• Maintains and controls order
• Holds admin credentials

Operator
• Operates a section
• Issues commands
• May be the leader

Resilience/Recovery (MAS)
•
•
•
•
•

Provides C&C resilience services
Anti-takedown network construction
Bullet-proof domain hosting
Fast-flux DNS services
Offers 24x7 Support

Cloud as a Service Model
• YES, criminals are mirroring our e-biz models

The Arbitrary Icon
THIS DOES NOT MEAN YOU ARE SAFE !!!

Today’s Problem Set
• Almost all discoveries are post-mortem
– Next day or countless days later
• Generally, through laborious manual analysis

• Easily detectable over time
– Static defenses can be identified by skilled adversaries

• Difficult to use
–
–
–
–

Heavily dependent on human expertise
Staging and maintaining honeynets
Manual reporting and analysis
Manual correlation between data sources

Let’s Look @ Something
• What can one find when p0wning bad-actors?

Carberp Source Code Leak

Questions??

sbodmer@countertack.com
Twitter @Spydurw3b
Skype @Crypt0k1d

What's hot

Ransomware has been widely touted as a highly-dangerous, sophisticated and destructive breed of malware – but according to recent research into the constraints, commonalities and advancements across 15 ransomware families – most ransomware today is actually more of a blunt instrument than a surgical tool in exploit kits. While certainly even simple programs can extort innocent people who aren’t able to separate real from fake cyber threats, the vast majority of the ransomware in the wild today is not necessarily as sophisticated or scary as it’s been made out to be. The real impact on victims who don't pay is typically still both reversible and preventable.

Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015

Lastline, Inc.

ETHICAL HACKING

Sweta Leena Panda

Intrusion in computing

Eduardo Cambinda

Symantec_2-4-5 nov 2010

Agora Group

Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017

FRSecure

DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!

Kevin Fisher

2014 saw an average of 28 DDoS attacks every hour, and 40% of those business who suffered a DDoS attack saw their Internet connectivity completely “saturated” (in other words, the attack didn’t just degrade performance, it took the organization completely offline). As network providers improve their ability to protect against these attacks, criminals are stepping up, too. Today 81% of DDoS attacks are multi-vector, combining volumetric, application-layer and state exhaustion techniques. This session will dive into the seven network layers in the Open System Interconnection (OSI) model, describe how DDoS attacks are perpetrated against each layer, and offer advice for how to mitigate against these complex intrusions.

Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...

North Texas Chapter of the ISSA

Prepared by Radware’s Emergency Response Team (ERT), 2012 Global Application and Network Security Report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. Most recently, these tactics were leveraged by perpetrators in the attacks against U.S. financial institutions that have been ongoing since September 2012.

2012 Global Application and Network Security Report

Radware

The revelations of the Snowden Leaks and other events in modern internet times have resulted in a need for developers and security professionals working on start-up companies to rethink not just security policies and procedures but overall architecture more broadly. Cryptographic systems in communications systems have seen the largest architectural changes. However, changes are also required in data storage architecture and even networking architecture. This talk will discuss means and methodologies for building secure, robust, and resilient start-up computing architectures. Common attacks that impact startups, data compromises, and DDoS attacks will be discussed. The impact of the required adaptations in infrastructure and software design on existing common business models, like AdRev, will be touched on.

"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...

HackIT Ukraine

Cybersecurity

UmairFirdous

Cyber warfare an architecture for deterrence

Bikrant Gautam

Putting Cyber Attackers on the Defensive

Fidelis Cybersecurity

Cyber warfare introduction

jagadeesh katla

In the wake of one of the most destructive cyber attack in the history of Ukraine, NotPetya / EternalPetya, we will analyze the factors that contributed to the rapid infection growth, and why security solutions, including antiviruses, could not stop the attack. We will consider the cyber attacks of the cryptolockers XData and WannaCry.NET, which preceded the attack on June 27 and were allegedly created by the same group of cybercriminals who were involved in TeleBots and BlackEnergy attacks.

"Using cryptolockers as a cyber weapon", Alexander Adamov

HackIT Ukraine

Is the world in the midst of a cyber-war? If so, what are the implications? In this presentation Carl Herberger, Radware's VP of Security Solutions, explores some of the most notable recent cyber-attacks and how many of the findings correlate with the tenets of warfare as defined in The Art of War by Sun Tzu, the ancient military general, strategist and tactician. How should organizations be preparing for an information security landscape that is shaped by ideologically motivated cyber warfare rather than just opportunistic cyber-crime? Learn the techniques being employed to safeguard IT operations in a theatre that is witnessing ever more sophisticated attacks. For more on how to help detect, mitigate and win this cyber war battle, visit here: http://www.radware.com/ert-report-2013/ to download the 2013 Global Application and Network Security Report.

The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre

Radware

A look at computer network defense techniques and strategies that actually work in a world of blinky light sales. Strait up defense served with a side of sarcasm. Should I buy product $x from $vendor_y or product $y from $vendor_x? Probably neither. Come hear how you can get back to security basics to keep your organization from getting owned and discover when you are owned with a lot of tools you already have. No sales, no magic, just real world security for people that want to defend their organization.

Break IT Down by Josh Smith

EC-Council

Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done

AlienVault

"Preventing Loss of Personal Data on a Mobile Network", Oleksii Lukin

HackIT Ukraine

Computer security chapter 2: About Hacking

Theko Moima

Effective Threat Hunting with Tactical Threat Intelligence

Dhruv Majumdar

What's hot (20)

Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015

ETHICAL HACKING

Intrusion in computing

Symantec_2-4-5 nov 2010

Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017

DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!

Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...

2012 Global Application and Network Security Report

"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...

Cybersecurity

Cyber warfare an architecture for deterrence

Putting Cyber Attackers on the Defensive

Cyber warfare introduction

"Using cryptolockers as a cyber weapon", Alexander Adamov

The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre

Break IT Down by Josh Smith

Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done

"Preventing Loss of Personal Data on a Mobile Network", Oleksii Lukin

Computer security chapter 2: About Hacking

Effective Threat Hunting with Tactical Threat Intelligence

Similar to TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer

In recent years, there has been a significant number of cyberattacks resulting in massive business disruptions. In this regard, many organizations are hiring ethical hacking groups to help prevent future attacks. Amongst others, the webinar covers: • 2021 Cyber-incidents • 2021 Black swans • Ransomware vNext • IoT - internet of things • Cyber security insurance evolution • Cyber best practices & frameworks • The 2022 black swans Presenter: Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Our second presenter is Erwin AM Geirnaert, Co-founder and Chief Application Security Architect at Shift Left Security, a Belgian cybersecurity start-up specialized in securing start-ups, scale ups and SMBs against malicious cybercriminals. Erwin is a specialist in mobile security, J2EE security .NET security, API Security and web services security. Erwin has more than 20 years’ experience in executing security tests aka penetration testing of web applications, mobile apps, APIs and thick client applications. He is also a recognized application security expert and speaker at international events like Javapolis, LSEC, OWASP, Eurostar, Infosecurity, etc. ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/ZHQQ1yJX2uU Website link: https://pecb.com/

Ethical Hacking and Cybersecurity – Key Trends in 2022

PECB

SOD-Presentation-Des-Moines-10.19.21-v2.pptx

TamaOlan1

Have you ever wondered why our web apps, and mobile web apps in particular, are hard to secure? Be sure to read the speakers notes in this presentation In this lengthy presentation, you will observe where researchers and hackers corrupt the developer's intentions...then, you will look at the Good, the Bad and the Ugly of Secure Software Development, WAF considerations, and Mobile Device Management...

Keeping Secrets on the Internet of Things - Mobile Web Application Security

Kelly Robertson

Nearly half of those businesses who suffered a DDoS attack in 2014 saw their organization taken completely offline. Why? Because over 80% of DDoS attacks are now multi-vector, striking the application layer and the network layer simultaneously, and often dragging on for days. During this webinar, Paul Mazzucco, TierPoint's Chief Security Officer, describes how these multi-vector DDoS attacks are being perpetrated and what you can do to mitigate against these complex intrusions.

Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016

TierPoint

Cyber security for business

Daniel Thomas

The Credit Union National Association (CUNA) issued a statement on Friday, April 26th, 2013 that a possible widespread Distributed Denial of Service (DDoS) attack may take place on Tuesday, May 7th, 2013. Despite the numerous warnings, CUNA has offered little advice on how to manage the situation and mitigate an attack. Realizing the severity of the situation, RedZone has put together 5 practical ways to mitigate against a DDoS happening to you that was presented via GoToWebinar on Wednesday, May 1st, 2013. The types of attacks we reviewed were: 1. Pure network attack against the credit union 2. Pure network attack against the ISP router 3. Content DDoS 4. DNS DDoS 5. Random Botnet attack We also answered the following questions: • What does it mean? • What are your Zero day protection options? • What to check on your security products? • How to enable Global IP protection? • How do I detect fraud communication in advance? • What are some vendor product options?

5 Ways To Fight A DDoS Attack

RedZone Technologies

Cyber Security Awareness Month 2017-Nugget 6

Chinatu Uzuegbu

MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...

MITRE - ATT&CKcon

Threat Modeling In 2021

Adam Shostack

Cybersecurity.pptx

John Donahue

Next-Generation SIEM: Delivered from the Cloud

Alert Logic

Trends in network security feinstein - informatica64

Chema Alonso

Keynote at the Cyber Security Summit Prague 2015

Claus Cramon Houmann

Keynote Information Security days Luxembourg 2015

Claus Cramon Houmann

Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.

Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!

Michele Chubirka

Brooks18

Chuck Brooks

Social Engineering Basics

Luke Rusten

Technologies and Policies for a Defensible Cyberspace

mark-smith

NetWitness

TechBiz Forense Digital

Lec 1- Intro to cyber security and recommendations

BilalMehmood44

Similar to TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer (20)

Ethical Hacking and Cybersecurity – Key Trends in 2022

SOD-Presentation-Des-Moines-10.19.21-v2.pptx

Keeping Secrets on the Internet of Things - Mobile Web Application Security

Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016

Cyber security for business

5 Ways To Fight A DDoS Attack

Cyber Security Awareness Month 2017-Nugget 6

MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...

Threat Modeling In 2021

Cybersecurity.pptx

Next-Generation SIEM: Delivered from the Cloud

Trends in network security feinstein - informatica64

Keynote at the Cyber Security Summit Prague 2015

Keynote Information Security days Luxembourg 2015

Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!

Brooks18

Social Engineering Basics

Technologies and Policies for a Defensible Cyberspace

NetWitness

Lec 1- Intro to cyber security and recommendations

More from EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World

EC-Council

Whether people admit or not, everyone is moving to the cloud and all future business will run somewhere on the internet. Moving to the cloud requires different set of architecture and mindset. Data is stored, accessed and processed on different platforms and devices. Employees are working anywhere from the world, corporate data is no more under company IT custody. CISOs and CIOs need to think differently and set new Cloud Security Architecture. This session will try to draw the main areas of concern from Security perspective while moving to the cloud.

Cloud Security Architecture - a different approach

EC-Council

Phases of Incident Response

EC-Council

Weaponizing OSINT – Hacker Halted 2019 – Michael James

EC-Council

Hacking Your Career – Hacker Halted 2019 – Keith Turpin

EC-Council

Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee

EC-Council

Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver

EC-Council

DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...

EC-Council

Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico

EC-Council

Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader

EC-Council

Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman

EC-Council

War Game: Ransomware – Global CISO Forum 2019

EC-Council

How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...

EC-Council

Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...

EC-Council

Alexa is a snitch! Hacker Halted 2019 - Wes Widner

EC-Council

Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement

EC-Council

Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...

EC-Council

Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...

EC-Council

Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...

EC-Council

Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...

EC-Council

More from EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World

Cloud Security Architecture - a different approach

Phases of Incident Response

Weaponizing OSINT – Hacker Halted 2019 – Michael James

Hacking Your Career – Hacker Halted 2019 – Keith Turpin

Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee

Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver

DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...

Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico

Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader

Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman

War Game: Ransomware – Global CISO Forum 2019

How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...

Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...

Alexa is a snitch! Hacker Halted 2019 - Wes Widner

Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement

Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...

Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...

Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...

Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...

Recently uploaded

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Histor y of HAM Radio presentation slide

vu2urc

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Slack Application Development 101 Slides

praypatel2

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Choosing the right accounts payable services provider is a strategic decision that can significantly impact your business's financial performance and operational efficiency. By considering factors such as expertise, range of services, technology infrastructure, scalability, cost, and reputation, businesses can make informed decisions and select a provider that aligns with their unique needs and objectives. Partnering with the right provider can streamline accounts payable processes, drive cost savings, and position your business for long-term success. https://katprotech.com/accounts-payable-and-purchase-order-automation/

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

Katpro Technologies

Explore 'The Codex of Business: Writing Software for Real-World Solutions,' a compelling SlideShare presentation that delves into digital transformation in healthcare. Discover through a detailed case study how Agile methodologies empower healthcare providers to develop, iterate, and refine digital solutions that address real-world challenges. Learn how strategic planning, user feedback, and continuous improvement drive success in deploying technologies that enhance patient care and operational efficiency. Ideal for healthcare professionals, IT specialists, and digital transformation advocates seeking actionable insights and practical examples of technology making a real difference.

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Malak Abu Hammad

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

CNv6 Instructor Chapter 6 Quality of Service

giselly40

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

A Year of the Servo Reboot: Where Are We Now?

Histor y of HAM Radio presentation slide

Powerful Google developer tools for immediate impact! (2023-24 C)

Slack Application Development 101 Slides

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptx

IAC 2024 - IA Fast Track to Search Focused AI Solutions

🐬 The future of MySQL is Postgres 🐘

Exploring the Future Potential of AI-Enabled Smartphone Processors

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

CNv6 Instructor Chapter 6 Quality of Service

08448380779 Call Girls In Civil Lines Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

Presentation on how to chat with PDF using ChatGPT code interpreter

TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer

1. Technology Deathmatch The arms race is on Sean M. Bodmer, CEH, CISSP, NCIA Chief Researcher Counter-Exploitation Intelligence CounterTack

2. Who is this tool?  Sean M. Bodmer, CISSP, CEH, NCIA  Arrested @16 years of age for hacking NASA and 3 other .gov networks  Yes, it did put a damper on my life for a few years  >50% of my time spent in non-gov’t based clandestine cyber operations  2012 – Helped US Entities seize and recuperate > $6M USD  Brief Bio  Over 16 Years in IT Systems Security  Over 10 Years in Intelligence and Counter-Intelligence Operations  Lectured at numerous Industry Conferences  Co-Authored 2 Books w/McGraw-Hill (writing 2 more)  Quoted and Named in > 400  Magazines, newspapers, radio, and tv-news  CounterTack, Inc.  Focused on in-progress detection and attribution of threats  Develops and deploys custom high-interaction honeypots  Provides customers tailored Threat Intelligence Services  Knowledge Bridge Intelligence, Inc  US IO Subject Matter Expert

3. 11/18/2013 3

4. There is more than one Author(s) • Original malware creator(s) • Offer malware “off-the-rack” or custom built • May offer DIY construction kits • Money-back guarantee if detected • 24x7 support Distribution/Delivery (MAS) • • • • • Specialized distribution network Attracts and infects victims Global & targeted content delivery Delivery through Spam/drive-by/USB/etc. Offers 24x7 support Leader • Individual or criminal team • Maintains and controls order • Holds admin credentials Operator • Operates a section • Issues commands • May be the leader Resilience/Recovery (MAS) • • • • • Provides C&C resilience services Anti-takedown network construction Bullet-proof domain hosting Fast-flux DNS services Offers 24x7 Support

7. Cloud as a Service Model • YES, criminals are mirroring our e-biz models

8. Malware As A Service

9. Malware As A Service

10. Malware As A Service

11. Malware As A Service

12. Boundary/ Perimeter

13. Host/End-point

14. Host/End-point

15. The Arbitrary Icon THIS DOES NOT MEAN YOU ARE SAFE !!!

16.

17. Today’s Problem Set • Almost all discoveries are post-mortem – Next day or countless days later • Generally, through laborious manual analysis • Easily detectable over time – Static defenses can be identified by skilled adversaries • Difficult to use – – – – Heavily dependent on human expertise Staging and maintaining honeynets Manual reporting and analysis Manual correlation between data sources

18.

19. Let’s Look @ Something • What can one find when p0wning bad-actors? Carberp Source Code Leak

20. Questions?? sbodmer@countertack.com Twitter @Spydurw3b Skype @Crypt0k1d

TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer

Similar to TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer (20)

More from EC-Council

More from EC-Council (20)

Recently uploaded

Recently uploaded (20)

TakeDownCon Rocket City: Technology Deathmatch, The arms race is on by Sean Bodmer