The document discusses a presentation given by Gohsuke Takama on November 4, 2011 about cybersecurity topics over the past two years. It covers major cyber attacks like Stuxnet and Operation Aurora, groups like Anonymous and their tactics. It also discusses emerging attack techniques, security defense approaches, and the relationship between online and real-world identities.
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. With evolution of social media and digital marketplaces a huge amount of information is constantly generated on the Internet (sometimes even without our conscious consent). This is of great concern for organizations and businesses as chances of confidential data floating in the public domain may seriously harm their business integrity. All recent hacks are related to internal source code disclosure, API keys leakage, known vulnerability in third party plugin, data dump leaks etc. Based on experience and robust research in this domain, for this talk the speakers have created a tool which will help all kind of organizations to monitor cyberspace effectively without much investment. This tool is simple but an effective solution which is capable of hearing digital whispers which are usually missed or ignored but shouldn’t be.
Microcontrollers as an emerging attack platform: Offense and Defense. Presentation was given at Philadelphia Region Electronic Crimes Task Force.
Presentation is intended to provide an overview of the new and emerging technologies that can be used to circumvent traditional anti-virus and malware detection software. Discussed techniques can also be used as a method for covert data exfiltration.
Everything you really need to know about IDS (Intrusion Detection Systems) Combining with HoneyPots. Deployment and usage techniques used in the past and today. How to setup and deploy onto any network including the cloud. Reasons why this should be used in all networks. How to bring BIG DATA down to Small Data that is easy to understand and monitor.
It’s all over the news that data breaches occur daily! I asked WHY these hackers can download terabytes of data in timespans of months without being noticed. What are these companies paying their SOC team millions of dollars for? How come all the money is going to devices to prevent breaches and little to none in detecting when they occur? Don’t people know there are only two types of companies “those that been hacked, and those that don’t know they been hacked”. What can I do to detect a breach within seconds on any network scale? I think I figured it out. In my talk you’ll learn how you and your clients can benefit by applying my exclusive techniques, which I’ve successfully deployed. So the next time you get hacked the hacker would not be able to steal all those credit cards and photos of that Halloween party.
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
Open Source Intelligence is the art of collecting information which is scattered on publicly available sources. With evolution of social media and digital marketplaces a huge amount of information is constantly generated on the Internet (sometimes even without our conscious consent). This is of great concern for organizations and businesses as chances of confidential data floating in the public domain may seriously harm their business integrity. All recent hacks are related to internal source code disclosure, API keys leakage, known vulnerability in third party plugin, data dump leaks etc. Based on experience and robust research in this domain, for this talk the speakers have created a tool which will help all kind of organizations to monitor cyberspace effectively without much investment. This tool is simple but an effective solution which is capable of hearing digital whispers which are usually missed or ignored but shouldn’t be.
Microcontrollers as an emerging attack platform: Offense and Defense. Presentation was given at Philadelphia Region Electronic Crimes Task Force.
Presentation is intended to provide an overview of the new and emerging technologies that can be used to circumvent traditional anti-virus and malware detection software. Discussed techniques can also be used as a method for covert data exfiltration.
Everything you really need to know about IDS (Intrusion Detection Systems) Combining with HoneyPots. Deployment and usage techniques used in the past and today. How to setup and deploy onto any network including the cloud. Reasons why this should be used in all networks. How to bring BIG DATA down to Small Data that is easy to understand and monitor.
It’s all over the news that data breaches occur daily! I asked WHY these hackers can download terabytes of data in timespans of months without being noticed. What are these companies paying their SOC team millions of dollars for? How come all the money is going to devices to prevent breaches and little to none in detecting when they occur? Don’t people know there are only two types of companies “those that been hacked, and those that don’t know they been hacked”. What can I do to detect a breach within seconds on any network scale? I think I figured it out. In my talk you’ll learn how you and your clients can benefit by applying my exclusive techniques, which I’ve successfully deployed. So the next time you get hacked the hacker would not be able to steal all those credit cards and photos of that Halloween party.
Data Privacy: Anonymization & Re-IdentificationMike Nowakowski
With the rise of the Internet of Things, Big Data and Open Data, data privacy is increasingly important to organizations. Data de-identification is a process to remove identifying information from a data set. This presentation will provide a gentle introduction to data de-identification, anonymization and the reverse process of re-identification.
The EU recently issued a decision of adequacy regarding the newly developed EU-U.S. Privacy Shield program. U.S. companies can sign up beginning August 1, 2016, and will receive certain advantages if they sign up before October 1. Should you join? What are the benefits? What are the downsides? This timely eLunch walked companies through the pros and cons of participating in the Privacy Shield program and provided step-by-step guidance on how to join.
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataarx-deidentifier
Website with further information: http://arx.deidentifier.org
Description of this talk:
Collaboration and data sharing have become core elements of biomedical research. Especially when sensitive data from distributed sources are linked, privacy threats have to be considered. Statistical disclosure control allows the protection of sensitive data by introducing fuzziness. Reduction of data quality, however, needs to be balanced against gains in protection. Therefore, tools are needed which provide a good overview of the anonymization process to those responsible for data sharing. These tools require graphical interfaces and the use of intuitive and replicable methods. In addition, extensive testing, documentation and openness to reviews by the community are important. Existing publicly available software is limited in functionality, and often active support is lacking. We present the data anonymization tool ARX, which has been developed in close cooperation between the Chair for Biomedical Informatics, the Chair for IT Security and the Chair for Database Systems at Technische Universität München (TUM), Germany. ARX enables the de-identification of structured data (i.e., tabular data) and implements a wide variety of privacy methods in a highly efficient manner. It is extensible, well documented and actively supported. ARX provides an intuitive cross-platform graphical interface and offers a public API for integration with other software systems.
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
Censorship detection techniques. Most of the credit goes to Jacob Appelbaum and this presentation was prepared last minute for the ESC2011 Italian hacker camp.
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
#2 Tech Talk on Security @ Refugees on Rails Berlin (Tue 8 Dec 2015)
A Cyber Security walk-through focused on current threats, trends and few predictions for 2016.
Data Privacy: Anonymization & Re-IdentificationMike Nowakowski
With the rise of the Internet of Things, Big Data and Open Data, data privacy is increasingly important to organizations. Data de-identification is a process to remove identifying information from a data set. This presentation will provide a gentle introduction to data de-identification, anonymization and the reverse process of re-identification.
The EU recently issued a decision of adequacy regarding the newly developed EU-U.S. Privacy Shield program. U.S. companies can sign up beginning August 1, 2016, and will receive certain advantages if they sign up before October 1. Should you join? What are the benefits? What are the downsides? This timely eLunch walked companies through the pros and cons of participating in the Privacy Shield program and provided step-by-step guidance on how to join.
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataarx-deidentifier
Website with further information: http://arx.deidentifier.org
Description of this talk:
Collaboration and data sharing have become core elements of biomedical research. Especially when sensitive data from distributed sources are linked, privacy threats have to be considered. Statistical disclosure control allows the protection of sensitive data by introducing fuzziness. Reduction of data quality, however, needs to be balanced against gains in protection. Therefore, tools are needed which provide a good overview of the anonymization process to those responsible for data sharing. These tools require graphical interfaces and the use of intuitive and replicable methods. In addition, extensive testing, documentation and openness to reviews by the community are important. Existing publicly available software is limited in functionality, and often active support is lacking. We present the data anonymization tool ARX, which has been developed in close cooperation between the Chair for Biomedical Informatics, the Chair for IT Security and the Chair for Database Systems at Technische Universität München (TUM), Germany. ARX enables the de-identification of structured data (i.e., tabular data) and implements a wide variety of privacy methods in a highly efficient manner. It is extensible, well documented and actively supported. ARX provides an intuitive cross-platform graphical interface and offers a public API for integration with other software systems.
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
Censorship detection techniques. Most of the credit goes to Jacob Appelbaum and this presentation was prepared last minute for the ESC2011 Italian hacker camp.
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
#2 Tech Talk on Security @ Refugees on Rails Berlin (Tue 8 Dec 2015)
A Cyber Security walk-through focused on current threats, trends and few predictions for 2016.
From Beer City Code Conference, Grand Rapids, MI - 2017
OWASP, SANS, Threat Modeling, Static Code Analysis, DevSkim, Burp Suite, WireShark, Fiddler, Agile, Use Cases, Code Review, Pull Request, Git, GitFlow, Red Team, Blue Team, Metasploit, NIST, TLS, Kali Linux,
Next Generation of Data Leakage & Loss Prevention Technologies.
GTB Technologies provides products for data loss prevention in corporate networks and endpoints, in motion and at rest. Its flagship product, the GTB Inspector is a winner of multiple awards and rave reviews in the press .
alon@gttb.com
Disrupt Hackers With Robust User AuthenticationIntel IT Center
Hacks are constantly in the headlines, and a clear-cut strategy is needed to proactively secure large enterprises from intrusions before they happen. This session reveals a new approach to user authentication. Attendees will learn how to 1) leverage hardware for authentication, 2) utilize existing network environments to better protect user credentials and authentication policies and 3) provide an intuitive experience for end users.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
43. "perspective for counter strategy"
set basic security measures:
✴ ,
= ,
✴ (APT )
✴ PET ( )
✴ prevention, detection, response
•
•
•
Friday, November 4, 2011
44. "perspective for counter strategy"
be creative:
✴ counter social engineering
•
•
✴ social intelligence
✴ soft power
•
• PR deflective PR
Friday, November 4, 2011
45. "perspective for counter strategy"
be creative: Counter Social Engineering
•
•
•
•
•
•
•
• (
)
Friday, November 4, 2011
46. "perspective for counter strategy"
be creative: Soft Power
• Soft Power = 1990 Joseph Nye
• Hard Power
•
• http://en.wikipedia.org/wiki/Soft_power
• /
•
Friday, November 4, 2011
48. references
• CEOs - the new corporate fraudstersds http://www.iol.co.za/
sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649
• PwC Survey Says: Telecoms Are Overconfident About Security http://
www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php
• Cyber attack led to IGI shutdown http://www.indianexpress.com/news/
cyber-attack-led-to-igi-shutdown/851365/
• Anonymous announces global plans http://www.digitaltrends.com/
computing/video-anonymous-announces-global-plans/
• ANONYMOUS - OPERATION PAYBACK - Sony Press Release http://
www.youtube.com/watch?v=2Tm7UKo4IBc
• Operation Payback - Anonymous Message About ACTA Laws, Internet
Censorship and Copyright http://www.youtube.com/watch?
v=kZNDV4hGUGw
• Anonymous: Message to Scientology http://www.youtube.com/watch?
v=JCbKv9yiLiQ
• Anonymous http://www.atmarkit.co.jp/
fsecurity/special/161dknight/dknight01.html
Friday, November 4, 2011
49. references
• 28 Nation States With Cyber Warfare Capabilities http://
jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html
• Far East
Research http://scan.netsecurity.ne.jp/archives/52017036.html
• CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability
http://www.youtube.com/watch?v=DP_rRf468_Y
• MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/
204792193/MYBIOS_Is_BIOS_infection_a_reality
• McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/
html/identity_theft/NAVirtualCriminologyReport07.pdf
• Google Zeitgeist http://blog.f-secure.jp/
archives/50630539.html
• "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V
http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959
Friday, November 4, 2011
50. references
• -- DEFCON CTF
http://scan.netsecurity.ne.jp/archives/52002536.html
• PET
http://www.soumu.go.jp/denshijiti/pdf/
jyumin_p_s3.pdf
• PIA
http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf
• http://
jp.reuters.com/article/topNews/idJPJAPAN-21406320110527
• GIE
http://d.hatena.ne.jp/ukky3/20110829/1314685819
• Diginotar Black.Spook
http://blog.f-secure.jp/archives/50626009.html
Friday, November 4, 2011
51. references
• Computer virus hits US Predator and Reaper drone fleet http://
arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits-
drone-fleet.ars
• F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case
R2D2") http://www.f-secure.com/weblog/archives/00002249.html
• State-sponsored spies collaborate with crimeware gang | The Unholy APT-
botnet union http://www.theregister.co.uk/2011/09/13/
apt_botnet_symbiosis/
• NISC 10 7 http://www.nisc.go.jp/
conference/seisaku/index.html#seisaku27
•
http://news.livedoor.com/article/detail/5685674/
Friday, November 4, 2011