SlideShare a Scribd company logo

CSF18 - For Your Ears Only - Sasha Kranjac

NCCOMMS
NCCOMMS

Cybercrime Security Forum - Europe 2018 Session

Technology
1 of 69
Download to read offline
For your Ears Only Voice Recognition Security Secrets Unleashed! Andy Malone MVP Founder: Cybercrime Security Forum
Microsoft MVP (Enterprise Security) Microsoft Certified Trainer (20 years) Founder: Cybercrime Security Forum Worldwide Event Speaker Author: The Seventh Day Andy Malone (United Kingdom) Follow me on Twitter @AndyMalone
Session Outline • What is Voice Recognition • How Voice Recognition Works • Where Voice Recognition is Used • The Rise of the Intelligent Personal Assistant • Amazon Alexa Architecture Walkthrough • Voice Recognition & Cybersecurity • Where does my Data Go? • Voice Recognition & Digital Forensics • The Future …
What is Voice Recognition?
Voice or speech recognition is the ability of a machine or program to receive and interpret dictation, or to understand and carry out spoken commands
What is Voice Recognition? • Uses a Natural user interface: human speech • Provides a Convenient & Preferred Biometric Method for Consumers • Many applications, including the Provision of Improved services for the disabled • Technology easily Customizable, i.e. Language etc. • Used for both Identification, Authentication &
How Voice Recognition Works
How Animals Communicate!
How Humans Communicate 2 phonemes 1 Phones 3 Cognitive learning / Experience & Language Processing Articulation produces sound waves which the ear conveys to the brain for processing
How Computers Recognise Speech Digitization Acoustic analysis of the speech signal Linguistic interpretation
Potential Problems with VR? • Problem Separating Acoustic signal from background noise. I.e. Single voice in a Noisy Room • Voice Speed, Tone, Dialect, Language • Misheard or Misunderstood • Privacy Issues: Using a keyword to initiate session. I.e. ”Alexa” or “Hey Siri” • Liveness Detection: Can
Where Voice Recognition is Used
Where & How is Voice Recognition is Used Voice Recognition Text to Speech Basic Dictation Call Answering Systems Interactive Personal Assistant Identity & Authentication IoT Devices Robotics Artificial Intelligence The Apple Vision
Human Biometrics: Everything has a Pattern
Speech Recognition vs Speaker Verification The most important difference is that: • Speech recognition identifies what you are saying • Speaker verification verifies that you are who you say you are
Voice Biometrics • Speech recognition and speaker verification systems are combined to create voice biometric systems • Used to both Identify & Authenticate Users • Uses a measurable, physical characteristic, or personal behavioural trait to verify and authenticate an individual • It uses what you are as a way to identify yourself • Compares at least two two
Voice Biometric Acquisition Process
How it Works • Biometric systems must be able to distinguish between various people’s voices • Frequency and Intensity • Training our body’s nasal and oral passages, as well as our lips, teeth, tongue, and jaw muscles • Digitizing a person's speech to produce a “voice print” • Voices are nearly impossible to recreate
The Rise of the Intelligent Digital Assistant
Video 30 years Ago! March 1987
In a Nutshell - Apple: The Grand Vision • Touch screens and cinematic animation • Global network for info and collaboration • Awareness of temporal and social context • Continuous Speech in and out • Conversational Interface - assistant talks back • Delegation of tasks to the assistant • Assistant use of personal data
And the Reality … • Touch screens • Cinematic effects • Global network • Location and time awareness • Speech out, on demand • Isolated speech to text • Limited Siri Assistant
The Evolution of Siri Personal Assistant • Started at SRI (previously Stanford Research Institute) • Roots in the CALO (Cognitive Assistant that Learns and Organize) project in the early 2000s • Siri project started in 2007 , Spun off from SRI as a company in 2008 • App on iPhone then acquired by Apple in 2010 • Nuance (speech recognition) Spun off from SRI as a company in 1994
The Rise of the Intelligent Connected Devices Voice Controlled Cars Voice Controlled Door Lock Voice Controlled Banking Smart TV
The Rise of the Intelligent Personal Assistants Apple Siri Microsoft Cortana Google Home Amazon Dot / Echo (Alexa)
Combining Voice Recognition & Artificial Intelligence • Voice Recognition • Machine Learning • Artificial Intelligence (AI) • NLP (Neuro-Linguistic Programming) • Cloud Computing • IoT • Started life as a PDA (Personal Data Assistant) Device • Now evolving into an Ubiquitous Personal
Alexa Artificial Intelligence • Hands-free, voice-controlled device that uses Alexa to play music, control smart home devices, provide information, read the news, set alarms, and more. • Play music Various Sources inc Amazon Music, Spotify, Controls lights, fans, switches, thermostats, garage doors, sprinklers, and more • Hears you from across the room with 7 far-field microphones for hands-free control, even in noisy environments or while playing music • An assistant in the kitchen or anywhere you might want a voice-controlled computer
Alexa Architecture & Configuration
1: Register to link account to device / service 2 Authorise Alexa to use the resource. 3 Users Must Authenticate 4 authorised to access resources will get the confirmation screen 5 Congratulations, it’s done.
DemoMeeting & Securing Alexa
Voice Recognition & Cybersecurity
Personal Assistant Privacy Issues • Voice Assistants are constantly listening to everyone within microphone range for input by default • Uses 3 Keywords: Alexa, Amazon & Computer (Configurable) • Microphones are always listening unless physically muted • Voice assistants cannot differentiate between different people • Devices upload recordings and store them on cloud servers • Data collected from recordings are used to provide a customized experience and, AKA advertising
Personal Assistants Privacy Tips • Physically mute the Echo when not in use • Delete old recordings your Amazon account dashboard under "Manage my device” • Users can delete individual queries or wipe their entire search history all at once • Refrain from connecting important accounts to your Echo • In Alexa's configuration, set up an "end of request" tone that will make a sound to let you know the Echo has stopped listening • Stay alert of the LED lights that change color when Alexa is listening
Voice Recognition: The Privacy Dilemma • All Voice recognition technologies pierce the "veil of anonymity" • Where are voice patterns Stored? “function creep” • What is the Cloud Vendor Biometric Security Policy? • Big difference between storing something you have or know with Something you are! • How are these patterns Secured? • Who has Access to them? • How is your Privacy Maintained? • What Metadata is Produce? • What if your Voice Pattern could be duplicated?
Weeping Angel: Samsung Hack: • Key Features: • Turns on in Fake-Off mode • Collect unencrypted audio collection • Collects Streaming audio • Video capture / Video snapshots • Samsung offers remote support – An area of functionality to investigate? • Is the browser or any default apps vulnerability to MitM attacks? https://www.wikileaks.org/ciav7p1/cms/page_12353643.html
NSA: If you can say it, you can search it. • The NSA begins using speech recognition to isolate keywords when analysing recorded conversations • Searchable using X-Keyscore • PRISIM: Designed to analyze and “extract” the content of voice conversations, and even use sophisticated algorithms to flag conversations of interest • How long will it be before laws allow the police to activate a smart assistant and listen in on
Where does my data go? AlexaUser User User Alexa Alexa Router Amazon Cloud Law Enforcement
Digital Assistants & The Law • Landmark Case Feb 2017 • James Andrew Bates • Amazon resists efforts in a US murder case to obtain recordings from one of its Echo smart speakers • First formal legal response, Amazon said prosecutors had failed to establish it was necessary • ”Always on" Echo records audio if it hears from a fraction of a second before it detects a wake word - either Alexa or Amazon -
Video Using Alexa as a Witness!
Digital Assistants & The Law
Operation BugDrop Malware • State Sponsored by Russia • Infiltrates victim's computer, captures screen shots, documents, and passwords, and turn on microphone to capture all audio • Targets include: Ukraine, Russia, Saudi Arabia, Austria • Sophisticated malware backed by an organization with substantial resources,” • Operation requires a massive back- end infrastructure to store, decrypt, and analyse several GBs per day of unstructured data that is being captured from its targets
Gaining Backdoor to an Amazon Account
Gaining Backdoor to an Amazon Account 1: User buys Malicious Product or downloads malicious code from website 2: Webpage or even Product is infected 3: Credentials Stolen 4: Gains Access to account via stolen Credentials5: Access to voice logs
Voice Recognition & Digital Forensics
Digital Forensics? “Digital Forensics is the application of science to the identification, examination, collection, and analysis of data while preserving the information and maintaining a strict chain of custody for the data.”
Forensic Essentials Identify Evidence Collect or Acquire Evidence Examine or Analyze Evidence Present Findings
Alexa: Tell me your Secrets! HTTPS / SSDP HTTPS / SSDP HTTPS / SSDP Log File Wi-Fi Log File Amazon Cloud Simple Service Discovery Protocol (SSDP)
DemoRouter WiFi Log
DemoAlexa Network Analysis (Wireshark)
Alexa: Tell me your Secrets! • Take a Backup of ITunes • Locate the com.amazon.echo directory • Files include: references plist, binary cookies, and ‘LocalData.sqlite’. The SQLite • Locate SQLite DBs (SQLite viewer) • Displayed 4 tables: ZDATAITEM, Z_METADATA, Z_MODELCACHE, and Z_PRIMARYKEY
Alexa: Tell me your Secrets! • Review the ZDATAITEM table • Out of the 4 Rows 2 were of interest. • Key/value pairs, with ZKEY being ToDoCollection.TASK or ToDoCollection.SHOPPING_ITEM, and ZVALUE being a long JSON string
Alexa: Tell me your Secrets! • Now we know the DOT has created two todo-type lists • Now we can parse this by matching up the 2 rows in the ZDATAITEM table. Each ZVALUE is an array of JSON objects, with each object containing information about a specific task
Alexa: Tell me your Secrets! • Item Text • Date / Timestamp • Unique Item ID: CustomerId: A1C9VTA5F7ZW1N • itemId: A1C9VTA5F7ZW1N#6826a04d-b48e- 3128-a1cc-9037bd48ee6d • utteranceId: nulloriginalAudioId: AB72C63C86AW3:1.0/2016/03/05/23/B0F00 615549601C4/03:40::TNIH_2V.14c747fb- 52c0-4018-8908-4163f73cb865ZXV/0 • Status Item • complete: true • deleted: false • type: SHOPPING_ITEM • version: 2
DemoHow Forensics Tools Adapting
DemoGoogle Voice Assistant
Video Introducing Adobe VOCO!
And so it begins …
Personal Digital Assistant Conclusions • Consider using Multi factor Authentication (Esp with IoT devices) • Ensure Systems are muted when having private conversations • IoT is awesome, however consider against using digital Locks and other sensitive devices. • Most devices / Technologies Cannot differentiate between users, this could be a problem
Session Review • What is Voice Recognition • How Voice Recognition Works • Where Voice Recognition is Used • The Rise of the Intelligent Personal Assistant • Amazon Alexa Architecture Walkthrough • Voice Recognition & Cybersecurity • Where does my Data Go? • Voice Recognition & Digital Forensics • The Future …
Just before I go, Here’s one final thought …
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha Kranjac

Recommended

CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacNCCOMMS
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 

Recommended

CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacNCCOMMS
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstSatria Ady Pradana
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughMartin Opsahl
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfSetiya Nugroho
 
Malware
MalwareMalware
MalwareSetiya Nugroho
 
Hacking
HackingHacking
HackingVipinYadav257
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2016
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat ProtectionLan & Wan Solutions
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
Amy mania - Put Words In My Mouth - DC2711 2019
Amy mania - Put Words In My Mouth - DC2711 2019Amy mania - Put Words In My Mouth - DC2711 2019
Amy mania - Put Words In My Mouth - DC2711 2019DC2711 - DEF CON GROUP - Johannesburg
 
Internet security
Internet securityInternet security
Internet securityAntony Mathew
 

More Related Content

What's hot

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstSatria Ady Pradana
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughMartin Opsahl
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfSetiya Nugroho
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2016
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 

What's hot (20)

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enough
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdf
 
Malware
MalwareMalware
Malware
 
Hacking
HackingHacking
Hacking
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security Professional
 

Similar to CSF18 - For Your Ears Only - Sasha Kranjac

Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 
Using artificial intelligence to enhance your customer experience
Using artificial intelligence to enhance your customer experienceUsing artificial intelligence to enhance your customer experience
Using artificial intelligence to enhance your customer experienceAmazon Web Services
 
Speech recognizers & generators
Speech recognizers & generatorsSpeech recognizers & generators
Speech recognizers & generatorsPaul Kahoro
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Sourcehack33
 
Let's talk about voice
Let's talk about voiceLet's talk about voice
Let's talk about voiceDotkumo
 
Artificial intelligence for speech recognition
Artificial intelligence for speech recognitionArtificial intelligence for speech recognition
Artificial intelligence for speech recognitionsowmith chatlapally
 
Security Best Practices for Regular Users
Security Best Practices for Regular UsersSecurity Best Practices for Regular Users
Security Best Practices for Regular UsersSecurity Innovation
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
Innovative Technologies and Tech Trends
Innovative Technologies and Tech TrendsInnovative Technologies and Tech Trends
Innovative Technologies and Tech TrendsBrian Pichman
 
Bar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBarcamp Kerala
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
Cortana intelligence suite for projects & hacks
Cortana intelligence suite for projects & hacksCortana intelligence suite for projects & hacks
Cortana intelligence suite for projects & hacksLee Stott
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online PrivacyKazi Sarwar Hossain
 

Similar to CSF18 - For Your Ears Only - Sasha Kranjac (20)

Amy mania - Put Words In My Mouth - DC2711 2019
Amy mania - Put Words In My Mouth - DC2711 2019Amy mania - Put Words In My Mouth - DC2711 2019
Amy mania - Put Words In My Mouth - DC2711 2019
 
Internet security
Internet securityInternet security
Internet security
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
 
Using artificial intelligence to enhance your customer experience
Using artificial intelligence to enhance your customer experienceUsing artificial intelligence to enhance your customer experience
Using artificial intelligence to enhance your customer experience
 
datasheet-quickheal-total-securitypdf...
datasheet-quickheal-total-securitypdf...datasheet-quickheal-total-securitypdf...
datasheet-quickheal-total-securitypdf...
 
Speech recognizers & generators
Speech recognizers & generatorsSpeech recognizers & generators
Speech recognizers & generators
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
 
Let's talk about voice
Let's talk about voiceLet's talk about voice
Let's talk about voice
 
Artificial intelligence for speech recognition
Artificial intelligence for speech recognitionArtificial intelligence for speech recognition
Artificial intelligence for speech recognition
 
Security Best Practices for Regular Users
Security Best Practices for Regular UsersSecurity Best Practices for Regular Users
Security Best Practices for Regular Users
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular users
 
Innovative Technologies and Tech Trends
Innovative Technologies and Tech TrendsInnovative Technologies and Tech Trends
Innovative Technologies and Tech Trends
 
Bar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 Hacking
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Cortana intelligence suite for projects & hacks
Cortana intelligence suite for projects & hacksCortana intelligence suite for projects & hacks
Cortana intelligence suite for projects & hacks
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 

More from NCCOMMS

O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...NCCOMMS
 
O365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
O365Con19 - Model-driven Apps or Canvas Apps? - Rick BakkerO365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
O365Con19 - Model-driven Apps or Canvas Apps? - Rick BakkerNCCOMMS
 
O365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
O365Con19 - Office 365 Groups Surviving the Real World - Jasper OosterveldO365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
O365Con19 - Office 365 Groups Surviving the Real World - Jasper OosterveldNCCOMMS
 
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis JugoO365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis JugoNCCOMMS
 
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis JugoO365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis JugoNCCOMMS
 
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul HuntO365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul HuntNCCOMMS
 
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...NCCOMMS
 
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...NCCOMMS
 
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...NCCOMMS
 
O365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
O365Con19 - Lets Get Started with Azure Container Instances - Jussi RoineO365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
O365Con19 - Lets Get Started with Azure Container Instances - Jussi RoineNCCOMMS
 
O365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineO365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineNCCOMMS
 
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna LinsO365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna LinsNCCOMMS
 
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna LinsO365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna LinsNCCOMMS
 
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...NCCOMMS
 
O365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
O365Con19 - Sharing Code Efficiently in your Organisation - Elio StruyfO365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
O365Con19 - Sharing Code Efficiently in your Organisation - Elio StruyfNCCOMMS
 
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...NCCOMMS
 
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de JagerO365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de JagerNCCOMMS
 
O365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
O365Con19 - Kaizala a Dive Into the Unknown - Rick van RousseltO365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
O365Con19 - Kaizala a Dive Into the Unknown - Rick van RousseltNCCOMMS
 
O365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
O365Con19 - How to Inspire Users to Unstick from Email - Luise FreeseO365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
O365Con19 - How to Inspire Users to Unstick from Email - Luise FreeseNCCOMMS
 
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenO365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenNCCOMMS
 

More from NCCOMMS (20)

O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
 
O365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
O365Con19 - Model-driven Apps or Canvas Apps? - Rick BakkerO365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
O365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
 
O365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
O365Con19 - Office 365 Groups Surviving the Real World - Jasper OosterveldO365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
O365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
 
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis JugoO365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
 
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis JugoO365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
 
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul HuntO365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
 
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
 
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
 
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
 
O365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
O365Con19 - Lets Get Started with Azure Container Instances - Jussi RoineO365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
O365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
 
O365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineO365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi Roine
 
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna LinsO365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
 
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna LinsO365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
 
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
 
O365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
O365Con19 - Sharing Code Efficiently in your Organisation - Elio StruyfO365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
O365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
 
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
 
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de JagerO365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
 
O365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
O365Con19 - Kaizala a Dive Into the Unknown - Rick van RousseltO365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
O365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
 
O365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
O365Con19 - How to Inspire Users to Unstick from Email - Luise FreeseO365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
O365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
 
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenO365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
 

Recently uploaded

Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

CSF18 - For Your Ears Only - Sasha Kranjac

  • 1. For your Ears Only Voice Recognition Security Secrets Unleashed! Andy Malone MVP Founder: Cybercrime Security Forum
  • 2. Microsoft MVP (Enterprise Security) Microsoft Certified Trainer (20 years) Founder: Cybercrime Security Forum Worldwide Event Speaker Author: The Seventh Day Andy Malone (United Kingdom) Follow me on Twitter @AndyMalone
  • 3. Session Outline • What is Voice Recognition • How Voice Recognition Works • Where Voice Recognition is Used • The Rise of the Intelligent Personal Assistant • Amazon Alexa Architecture Walkthrough • Voice Recognition & Cybersecurity • Where does my Data Go? • Voice Recognition & Digital Forensics • The Future …
  • 5. Voice or speech recognition is the ability of a machine or program to receive and interpret dictation, or to understand and carry out spoken commands
  • 6. What is Voice Recognition? • Uses a Natural user interface: human speech • Provides a Convenient & Preferred Biometric Method for Consumers • Many applications, including the Provision of Improved services for the disabled • Technology easily Customizable, i.e. Language etc. • Used for both Identification, Authentication &
  • 9. How Humans Communicate 2 phonemes 1 Phones 3 Cognitive learning / Experience & Language Processing Articulation produces sound waves which the ear conveys to the brain for processing
  • 10. How Computers Recognise Speech Digitization Acoustic analysis of the speech signal Linguistic interpretation
  • 11. Potential Problems with VR? • Problem Separating Acoustic signal from background noise. I.e. Single voice in a Noisy Room • Voice Speed, Tone, Dialect, Language • Misheard or Misunderstood • Privacy Issues: Using a keyword to initiate session. I.e. ”Alexa” or “Hey Siri” • Liveness Detection: Can
  • 13. Where & How is Voice Recognition is Used Voice Recognition Text to Speech Basic Dictation Call Answering Systems Interactive Personal Assistant Identity & Authentication IoT Devices Robotics Artificial Intelligence The Apple Vision
  • 15. Speech Recognition vs Speaker Verification The most important difference is that: • Speech recognition identifies what you are saying • Speaker verification verifies that you are who you say you are
  • 16. Voice Biometrics • Speech recognition and speaker verification systems are combined to create voice biometric systems • Used to both Identify & Authenticate Users • Uses a measurable, physical characteristic, or personal behavioural trait to verify and authenticate an individual • It uses what you are as a way to identify yourself • Compares at least two two
  • 18. How it Works • Biometric systems must be able to distinguish between various people’s voices • Frequency and Intensity • Training our body’s nasal and oral passages, as well as our lips, teeth, tongue, and jaw muscles • Digitizing a person's speech to produce a “voice print” • Voices are nearly impossible to recreate
  • 20. Video 30 years Ago! March 1987
  • 21.
  • 22. In a Nutshell - Apple: The Grand Vision • Touch screens and cinematic animation • Global network for info and collaboration • Awareness of temporal and social context • Continuous Speech in and out • Conversational Interface - assistant talks back • Delegation of tasks to the assistant • Assistant use of personal data
  • 23. And the Reality … • Touch screens • Cinematic effects • Global network • Location and time awareness • Speech out, on demand • Isolated speech to text • Limited Siri Assistant
  • 24. The Evolution of Siri Personal Assistant • Started at SRI (previously Stanford Research Institute) • Roots in the CALO (Cognitive Assistant that Learns and Organize) project in the early 2000s • Siri project started in 2007 , Spun off from SRI as a company in 2008 • App on iPhone then acquired by Apple in 2010 • Nuance (speech recognition) Spun off from SRI as a company in 1994
  • 25. The Rise of the Intelligent Connected Devices Voice Controlled Cars Voice Controlled Door Lock Voice Controlled Banking Smart TV
  • 26. The Rise of the Intelligent Personal Assistants Apple Siri Microsoft Cortana Google Home Amazon Dot / Echo (Alexa)
  • 27. Combining Voice Recognition & Artificial Intelligence • Voice Recognition • Machine Learning • Artificial Intelligence (AI) • NLP (Neuro-Linguistic Programming) • Cloud Computing • IoT • Started life as a PDA (Personal Data Assistant) Device • Now evolving into an Ubiquitous Personal
  • 28. Alexa Artificial Intelligence • Hands-free, voice-controlled device that uses Alexa to play music, control smart home devices, provide information, read the news, set alarms, and more. • Play music Various Sources inc Amazon Music, Spotify, Controls lights, fans, switches, thermostats, garage doors, sprinklers, and more • Hears you from across the room with 7 far-field microphones for hands-free control, even in noisy environments or while playing music • An assistant in the kitchen or anywhere you might want a voice-controlled computer
  • 30. 1: Register to link account to device / service 2 Authorise Alexa to use the resource. 3 Users Must Authenticate 4 authorised to access resources will get the confirmation screen 5 Congratulations, it’s done.
  • 31.
  • 34. Personal Assistant Privacy Issues • Voice Assistants are constantly listening to everyone within microphone range for input by default • Uses 3 Keywords: Alexa, Amazon & Computer (Configurable) • Microphones are always listening unless physically muted • Voice assistants cannot differentiate between different people • Devices upload recordings and store them on cloud servers • Data collected from recordings are used to provide a customized experience and, AKA advertising
  • 35. Personal Assistants Privacy Tips • Physically mute the Echo when not in use • Delete old recordings your Amazon account dashboard under "Manage my device” • Users can delete individual queries or wipe their entire search history all at once • Refrain from connecting important accounts to your Echo • In Alexa's configuration, set up an "end of request" tone that will make a sound to let you know the Echo has stopped listening • Stay alert of the LED lights that change color when Alexa is listening
  • 36. Voice Recognition: The Privacy Dilemma • All Voice recognition technologies pierce the "veil of anonymity" • Where are voice patterns Stored? “function creep” • What is the Cloud Vendor Biometric Security Policy? • Big difference between storing something you have or know with Something you are! • How are these patterns Secured? • Who has Access to them? • How is your Privacy Maintained? • What Metadata is Produce? • What if your Voice Pattern could be duplicated?
  • 37. Weeping Angel: Samsung Hack: • Key Features: • Turns on in Fake-Off mode • Collect unencrypted audio collection • Collects Streaming audio • Video capture / Video snapshots • Samsung offers remote support – An area of functionality to investigate? • Is the browser or any default apps vulnerability to MitM attacks? https://www.wikileaks.org/ciav7p1/cms/page_12353643.html
  • 38. NSA: If you can say it, you can search it. • The NSA begins using speech recognition to isolate keywords when analysing recorded conversations • Searchable using X-Keyscore • PRISIM: Designed to analyze and “extract” the content of voice conversations, and even use sophisticated algorithms to flag conversations of interest • How long will it be before laws allow the police to activate a smart assistant and listen in on
  • 39. Where does my data go? AlexaUser User User Alexa Alexa Router Amazon Cloud Law Enforcement
  • 40. Digital Assistants & The Law • Landmark Case Feb 2017 • James Andrew Bates • Amazon resists efforts in a US murder case to obtain recordings from one of its Echo smart speakers • First formal legal response, Amazon said prosecutors had failed to establish it was necessary • ”Always on" Echo records audio if it hears from a fraction of a second before it detects a wake word - either Alexa or Amazon -
  • 41. Video Using Alexa as a Witness!
  • 42.
  • 44. Operation BugDrop Malware • State Sponsored by Russia • Infiltrates victim's computer, captures screen shots, documents, and passwords, and turn on microphone to capture all audio • Targets include: Ukraine, Russia, Saudi Arabia, Austria • Sophisticated malware backed by an organization with substantial resources,” • Operation requires a massive back- end infrastructure to store, decrypt, and analyse several GBs per day of unstructured data that is being captured from its targets
  • 45. Gaining Backdoor to an Amazon Account
  • 46. Gaining Backdoor to an Amazon Account 1: User buys Malicious Product or downloads malicious code from website 2: Webpage or even Product is infected 3: Credentials Stolen 4: Gains Access to account via stolen Credentials5: Access to voice logs
  • 48. Digital Forensics? “Digital Forensics is the application of science to the identification, examination, collection, and analysis of data while preserving the information and maintaining a strict chain of custody for the data.”
  • 50. Alexa: Tell me your Secrets! HTTPS / SSDP HTTPS / SSDP HTTPS / SSDP Log File Wi-Fi Log File Amazon Cloud Simple Service Discovery Protocol (SSDP)
  • 52.
  • 54. Alexa: Tell me your Secrets! • Take a Backup of ITunes • Locate the com.amazon.echo directory • Files include: references plist, binary cookies, and ‘LocalData.sqlite’. The SQLite • Locate SQLite DBs (SQLite viewer) • Displayed 4 tables: ZDATAITEM, Z_METADATA, Z_MODELCACHE, and Z_PRIMARYKEY
  • 55. Alexa: Tell me your Secrets! • Review the ZDATAITEM table • Out of the 4 Rows 2 were of interest. • Key/value pairs, with ZKEY being ToDoCollection.TASK or ToDoCollection.SHOPPING_ITEM, and ZVALUE being a long JSON string
  • 56. Alexa: Tell me your Secrets! • Now we know the DOT has created two todo-type lists • Now we can parse this by matching up the 2 rows in the ZDATAITEM table. Each ZVALUE is an array of JSON objects, with each object containing information about a specific task
  • 57. Alexa: Tell me your Secrets! • Item Text • Date / Timestamp • Unique Item ID: CustomerId: A1C9VTA5F7ZW1N • itemId: A1C9VTA5F7ZW1N#6826a04d-b48e- 3128-a1cc-9037bd48ee6d • utteranceId: nulloriginalAudioId: AB72C63C86AW3:1.0/2016/03/05/23/B0F00 615549601C4/03:40::TNIH_2V.14c747fb- 52c0-4018-8908-4163f73cb865ZXV/0 • Status Item • complete: true • deleted: false • type: SHOPPING_ITEM • version: 2
  • 60.
  • 62.
  • 63. And so it begins …
  • 64. Personal Digital Assistant Conclusions • Consider using Multi factor Authentication (Esp with IoT devices) • Ensure Systems are muted when having private conversations • IoT is awesome, however consider against using digital Locks and other sensitive devices. • Most devices / Technologies Cannot differentiate between users, this could be a problem
  • 65. Session Review • What is Voice Recognition • How Voice Recognition Works • Where Voice Recognition is Used • The Rise of the Intelligent Personal Assistant • Amazon Alexa Architecture Walkthrough • Voice Recognition & Cybersecurity • Where does my Data Go? • Voice Recognition & Digital Forensics • The Future …
  • 66. Just before I go, Here’s one final thought …