This document discusses targeted cyber attacks in 2011 and beyond. It describes how attackers have invested in developing tools and techniques to infiltrate systems using exploits, malware, and social engineering. Specific examples from 2011 are provided, including exploits of Adobe Flash and Reader. The document also discusses how attacks may evolve in a post-Windows environment as mobile devices and tablets become more prominent targets. It suggests attackers may increasingly focus on platforms like Android and iOS, and looks at early research into exploiting HTML5 features.
Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.
Our researcher Aryeh Goretsky took a look at some of the more interesting pieces of malware and threats that have occurred over the first six months of the year 2014. And what a year it has been, with some serious new developments as well as persistence of numerous older threats.
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Santiago Bassett
Threat Intelligence has become increasingly important as the number and severity of threats is growing continuously. We live in an era where our prevention technologies are not enough anymore, antivirus products fail to detect new or sophisticated pieces of malware, our firewalls and perimeter defenses are easily bypassed and the attacker’s techniques are growing in complexity. In this new landscape, sharing threat intelligence has become a key component to mitigate cyber-attacks.
In this session we will define what Threat Intelligence is and discuss how to collect and integrate threat intelligence from public sources. In addition, we’ll demonstrate how to build your own Threat Intelligence data using Open Source tools such as sandboxes, honeypots, sinkholes and other publicly available tools.
The industry’s reticence to share information about attack vectors gives the adversary a huge advantage. Using Threat Intelligence we can reduce this advantage and enable preventative response. We will guide you through the different standards (OpenIOC, STIX, MAEC, OTX, IODEF…) to describe and share cyber intelligence, as well as Open Source Frameworks such as CIF (Collective Intelligence Framework) that allows you to combine different threat sources.
One of the biggest problems with Threat Intelligence is finding out how to take advantage of the data you have to actually improve the detection/prevention capabilities in your environment. We will describe how to leverage Threat Intelligence to detect threats and provide defenses, and we will focus on how to use Open Source Tools (Suricata, OSSIM, OSSEC, Bro, Yara…) to get the most of your Threat Intelligence.
Presenters: Jaime Blasco and Santiago Bassett
Cornerstones of Trust 2014:
https://www.cornerstonesoftrust.com
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCasey Ellis
This deck goes through what Log4j is from ground-level concepts up, explains how Log4j works, how it is vulnerable, how the Log4shell exploit works, how to mitigate the risk and defend against exploitation, and some current observations through the Bugcrowd platform and predictions about what happens next.
Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.
Our researcher Aryeh Goretsky took a look at some of the more interesting pieces of malware and threats that have occurred over the first six months of the year 2014. And what a year it has been, with some serious new developments as well as persistence of numerous older threats.
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Santiago Bassett
Threat Intelligence has become increasingly important as the number and severity of threats is growing continuously. We live in an era where our prevention technologies are not enough anymore, antivirus products fail to detect new or sophisticated pieces of malware, our firewalls and perimeter defenses are easily bypassed and the attacker’s techniques are growing in complexity. In this new landscape, sharing threat intelligence has become a key component to mitigate cyber-attacks.
In this session we will define what Threat Intelligence is and discuss how to collect and integrate threat intelligence from public sources. In addition, we’ll demonstrate how to build your own Threat Intelligence data using Open Source tools such as sandboxes, honeypots, sinkholes and other publicly available tools.
The industry’s reticence to share information about attack vectors gives the adversary a huge advantage. Using Threat Intelligence we can reduce this advantage and enable preventative response. We will guide you through the different standards (OpenIOC, STIX, MAEC, OTX, IODEF…) to describe and share cyber intelligence, as well as Open Source Frameworks such as CIF (Collective Intelligence Framework) that allows you to combine different threat sources.
One of the biggest problems with Threat Intelligence is finding out how to take advantage of the data you have to actually improve the detection/prevention capabilities in your environment. We will describe how to leverage Threat Intelligence to detect threats and provide defenses, and we will focus on how to use Open Source Tools (Suricata, OSSIM, OSSEC, Bro, Yara…) to get the most of your Threat Intelligence.
Presenters: Jaime Blasco and Santiago Bassett
Cornerstones of Trust 2014:
https://www.cornerstonesoftrust.com
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCasey Ellis
This deck goes through what Log4j is from ground-level concepts up, explains how Log4j works, how it is vulnerable, how the Log4shell exploit works, how to mitigate the risk and defend against exploitation, and some current observations through the Bugcrowd platform and predictions about what happens next.
Application Security-Understanding The HorizonLalit Kale
This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I tried to cover broader aspects of Application Security basics. This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
The EU Data Protection Regulation and what it means for your organizationSophos Benelux
Session on what the EU Data Protection Regulation actually means for EU organizations and how you can comply. Presented by Michael Heering at the Online Security Summit Belgium.
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
As presented by Patrick Carey in San Jose at a Lunch & Learn. Open source reduces development costs, frees internal developers to work on higher-order tasks, and accelerates time to market. Quite simply, open source is the way applications are developed today.
The web can be a dangerous place. Software that has code defects, also known as vulnerabilities, pose serious risks to users – from the most casual Internet surfers to business owners.
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
BlackHat USA 2015 got recently concluded and we head a bunch of news around how BlackHat brought to light various security vulnerabilities in day-to-day life like ZigBee protocol, Device for stealing keyless cars & ATM card skimmers. However the presenters, who are also ethical hackers, also gave a bunch of tools to help software community to detect & prevent security holes in the hardware & software while the product is ready for release. We have reviewed all the presentations from the conference and give you here a list of Top 10 tools/utilities that helps in security vulnerability detection & prevention.
Welcome & The State of Open Source SecurityJerika Phelps
Open Source software is the foundation for application development today. Open source use is growing rapidly worldwide because of the development cost reductions and innovation it enables. Black Duck discovers open source in nearly every application it analyzes and finds that 35% of the average commercial software application is open source. Home-grown applications typically contain 50% or more open source.
The dramatic growth in open source use has been accompanied by an array of security and management challenges related to a lack of visibility into and control of the open source in use. Leading organizations are aggressively pursuing ways to increase their use of open source and do so without compromising effective security or management.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
Application Security-Understanding The HorizonLalit Kale
This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I tried to cover broader aspects of Application Security basics. This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
The EU Data Protection Regulation and what it means for your organizationSophos Benelux
Session on what the EU Data Protection Regulation actually means for EU organizations and how you can comply. Presented by Michael Heering at the Online Security Summit Belgium.
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
As presented by Patrick Carey in San Jose at a Lunch & Learn. Open source reduces development costs, frees internal developers to work on higher-order tasks, and accelerates time to market. Quite simply, open source is the way applications are developed today.
The web can be a dangerous place. Software that has code defects, also known as vulnerabilities, pose serious risks to users – from the most casual Internet surfers to business owners.
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
BlackHat USA 2015 got recently concluded and we head a bunch of news around how BlackHat brought to light various security vulnerabilities in day-to-day life like ZigBee protocol, Device for stealing keyless cars & ATM card skimmers. However the presenters, who are also ethical hackers, also gave a bunch of tools to help software community to detect & prevent security holes in the hardware & software while the product is ready for release. We have reviewed all the presentations from the conference and give you here a list of Top 10 tools/utilities that helps in security vulnerability detection & prevention.
Welcome & The State of Open Source SecurityJerika Phelps
Open Source software is the foundation for application development today. Open source use is growing rapidly worldwide because of the development cost reductions and innovation it enables. Black Duck discovers open source in nearly every application it analyzes and finds that 35% of the average commercial software application is open source. Home-grown applications typically contain 50% or more open source.
The dramatic growth in open source use has been accompanied by an array of security and management challenges related to a lack of visibility into and control of the open source in use. Leading organizations are aggressively pursuing ways to increase their use of open source and do so without compromising effective security or management.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
Professor Jon Patrick
Health Information Technology Research Laboratory (HITRL - www.it.usyd.edu.au/~hitru)
School of Information Technologies
University of Sydney
(P39, 17/10/08, Systems & Methods stream, 1.50pm)
Posición competitiva de España El Barómetro de los Círculos Círculo de Empres...Círculo de Empresarios
El Barómetro de los Círculos 2017, promovido por el Círculo de Economía, el Círculo de Empresarios Vascos y el Círculo de Empresarios, realiza nuevamente en su cuarta edición el diagnóstico de la situación estructural de la economía española, del que se desprenden cuáles son las principales fortalezas y debilidades competitivas de nuestro entorno económico y …
Chatur Ideas Presents The Next Big Startup by Bloombox,Ecell, KJSCE at K. J. ...Chatur Ideas
Chatur Ideas will present The Next Big Startup by
Bloombox,Ecell, KJSCE at K. J. Somaiya College of
Engineering, Vidyanagar, Vidyavihar(E), Mumbai - 400 077, Maharashtra on
6 th October 2015. Our Founder Mr. Devesh Chawla and our esteemed mentor
Mr. Rajiv Indimath, Founder, Rain Bridge Ventures, Satish Kataria, Founder
Catapooolt will guide the entrepreneurs of K. J. Somaiya College of
Engineering on the essentials required to grow their startup.
Chatur Ideas is proud to bring The Next Big Startup by Bloom
Pensiones un sistema sostenible febrero 2017 Círculo de EmpresariosCírculo de Empresarios
En esta infografía os presentamos las principales conclusiones de la toma de posición de pensiones presentada recientemente por el Círculo de Empresarios. Para mas información: http://circulodeempresarios.org/sala-de-prensa/sistema-garantice-pensiones-dignas/
As threats are increasingly more sophisticated and targeted, traditional anti-virus detection is struggling to keep up. The traditional approach focuses on using fingerprint signatures of known malware to identify malware in the enterprise. This method of fingerprinting for detection is not only easily evaded, but it provides limited value to detecting targeted attacks against companies and emerging threats.
To combat this problem, Invincea developed a novel method for detecting and analyzing previously unknown malware and 0-day exploits. The advanced detection approach runs in conjunction with Invincea’s secure virtual container, which is used to isolate the operating system and user data from exploits against vulnerable applications. By running high-risk apps like web browsers in a secure container, no prior knowledge, including signatures and IOCs of threats is required in order to prevent their damage to the system and loss of data.
Web security – application security roads to software security nirvana iisf...Eoin Keary
Approaching Web Security, Secure application development and how to fix what matters. A useful talk for application developers and security experts alike.
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
The developer is an easy and valuable target for malicious minds. The reasons for that are numerous and hard to come by. This talk delivers examples, proof, discussion and awkward moments in a pretty special way.
Everybody hates developers – especially web developers. And why not? The cracks and crevices of their APIs and implementations are the reason that vulnerabilities in web applications are still a widespread issue – and will continue to be in the foreseeable future.
Bashing and blaming them for their wrongdoings is fun – boy, they are stupid in their mistakes! But has anyone ever dared to have an open on stage battle with an actual developer?
And who of the developers dares to face their collective nemesis – the attacker? Can there be life where matter and anti-matter collide? We will know about this soon – because this is what this talk is going to be about. Developer versus attacker – vulnerability versus defense. Be prepared for swearing, violence and people leaving the stage prematurely in tears.
This was the five minute pitch that David and group pulled together at the WG2 barcamp. This will be a start for a community developed document to help field questions about oss and security within the military.
Security in the age of open source - Myths and misperceptionsTim Mackey
As delivered at Interop ITX 2017.
The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.
Denial of Service Attacks: The Complete GuideImperva
Denial of service remains the most discussed topic on hacker forums. Hackers continue to develop tools to optimize this attack method. Why? DDoS attacks do not seek to breach data integrity or privacy. This report catalogs the latest denial of service trends, techniques, and technologies deployed by hackers and provides security professionals with specific steps to mitigate this threat.
Presentation by Saurabh Harit att he mobile security summit in johannesburg 2011.
This presentation is about security on the iPhone and Android platforms. The presentation begins with a discussion on decrypting iPhone apps and its implications. The Android security model is discussed. The presentation ends with a series of discussions on practical Android attacks.
A survey of Ferrie\’s Virus Bulletin series on anti-unpacking techniques and an examination of these techniques (or lack) in prevalent malware families.
Presented at Virus Bulletin 2009.
http://www.virusbtn.com
Virus Bulletin 2007 Vienna presentation on the "Storm worm" (even though it wasn’t really a "worm" in the classic sense). My reversing details of its kernel-level injection techniques were not publicly documented at the time.
Particularly proud of this one after some of the talented Avira guys gave some compliments on my slides’ details of the storm web pages’ javascript, exploit, and shellcode details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
1. 2011 Wintel Targeted Attacks and a Post-
Windows Environment APT Toolset
Extending the APT infiltration into new technologies
SAS 2012
Kurt Baumgartner, Senior Security Researcher
Global Research and Analysis Team
kurt.baumgartner@kaspersky.com
2. The Infiltration
2011 and Prior
Targeted attacks and subsets
“The APT” v “APT” v “APTs”? „It‟s a “who”, not a “how”‟
General targeted attack activity, the APT and targets
2011 attack details and IoC
Post windows world?
Attacks 2012 and beyond
3. The APT Infiltration
2011 and Prior
Timelines!
Corporate organizations are now defending themselves against nation
states?
Note – chart leaves out NGO‟s like Tibet‟s Government in Exile, the Falun
Gong, various political and non-profit orgs, etc
"State of the Hack: It‟s the End of the Year as We Know It 2011", Mandiant,
http://www.mandiant.com/presentations/state_of_the_hack_its_the_end_of_the_year_as_we_know_it_-_2011/
5. The Infiltration
2011 Offensive Security R&D Investment
Indications of Attack Investment
Flash – simple fuzzing, one bit adjustment (fairly low)
Mitsubishi Heavy Industries – low
RSA – medium (0day along with Poison Ivy?)
Lockheed Martin – medium (another 0day + RAT?)
Google – fairly low (IEPeers 0day)
Tibetans, Uyghurs – low
Undisclosed law firms – low
Beltway think tanks – low
Massive Fortune 50 Energy Firms – low
Various overseas political groups – low
Human rights groups – low
Setting up, rotating, maintaining thousands of C2 – fair effort
Email automation – low
Translators/social engineers and schemers – fair effort
6. Targeted Attacks and Infiltration
Email as a Vector of Attack – Schemes, Automation
• Phishing with better bait – themes of relevant geographical, timely
conference discussions, familiar interests, urgenct geopolitical
interests, shared financial interests
• Automated schemes and changing work hours to fit targets
7. Targeted Attacks - “Steal Everything”
Exploitation – Examining the attackers’ work
2011 Exploitation – Adobe Flash, Adobe Reader, Mozilla Firefox, Microsoft
Office documents and Windows system components
Let‟s discuss one of their favorites from this past year (CVE-2011-0611)
Malicious pdf
???
PdfStreamDumper
http://sandsprite.com/blogs/index.php?uid=7&pid=57
Flash Player Debugger (Flash Player Projector content debugger)
http://www.adobe.com/support/flashplayer/downloads.html
Fdb.exe Flex SDK
http://opensource.adobe.com/wiki/display/flexsdk/Downloads
SWFTools with SWFDump, although a Flash Decompiler might help
Olly and patience – there is no crash
Xvi32 or another hexeditor, .AS structures will be obfuscated and mangled
Note – Adobe code can be a lot like Microsoft code - unexpected structures
result in unexpected runtime behaviors
8. Targeted Attacks - “Steal Everything”
Exploitation – Examining the attackers’ work
Laying out the 2 Actionscripts with static and dynamic analysis
replaceString on obfuscated code strings
call hexToBin on the concatenated strings
8.swf/Mainline.as calls loadBytes on the *de-obfuscated* “ddd.swf” and loads it
to run, it is this badly mangled file that triggers the exploit for CVE-2011-0611
ddd.swf attacks authplay.dll with its own actionscript custom function called on
a confused object type
Object type confusion is the name of the game, failure in authplay flow
verification
Heap spray and a chunked multi-stage shellcode deobfuscation stub, kernel32
decomposed api call hash resolution and use (_lcreat, _lwrite, _lread, _lseek)
provides ROP with over 50 links, drops dll from pdf content to %temp%,
LoadLibrary(AdobeARM.dll) writes out rudll.dll, registers it as 6to4 Servicedll,
loads into svchost.exe
http://www.fortiguard.com/sites/default/files/CanSecWest2011_Flash_ActionScript.pdf
9. Targeted Attacks - “Steal Everything”
Post Exploitation - Data Collection, Lateral Movement, Exfiltration
365day and folks that don‟t update “anyone who has an interest in security
has already updated” Really?
Effective but stale exploitation vs
0day and “original research” or the “author”
RATs, backdoors, spyware
Data thievery
Communications - encrypted?
Comments Crew – Shady?
Low investment - Pass-the-Hash utils, WCE
New Active Directory vulnerability
Archivers (rar), 7z, available source
POSTs, FTP, outbound obfuscated communications
10. Targeted Attacks - “Steal Everything”
Post Exploitation – Why “these” tools?
2011 Backdoors – Poison Ivy, Agent, Agent, Agent2…
Why Poison Ivy? Where is it from?
ChaseNET хакер “forums” founded by previous Evil Eye Software Th3ChaS3r
Members included ksv, shapeless, Heike, Digerati (busted in Operation Bot
Roast II because of mistaken C2 config file update)…
ShapeLeSS joined ChaseNET as 18 year old Swedish kid in late October
2005, coded Poison Ivy
Codius assumes the project years later, continues to distribute it for free
SDK allows for new plugins and development, max size 7kb
Connections? No. Continued development today? No.
Stable, available, and FREE builder? Yes. Free SDK? Yes. Free crypters? Yes.
Quantifiable tool? Reliable? Yes. Low investment? Yes.
11. Targeted Attacks – Identifying Details
Indicators of Compromise
Indicators of Compromise – indicators? artifacts?
OpenIOC open source project
IoC Editor
IoC Finder
Isn‟t that what AV provides?
Only it is based on XML format without
the performance considerations?
http://openioc.org/
13. A Post Windows Environment Toolset
Tablets are everywhere
14. Targeted Attacks in a Post-Windows World
Abused Platforms
Android and iOS dominate the market
Smartphones and tablets
Blackberry(?)
Windows Phone(?)
Starting with the .mil space…
2011 – DISA STIG Android v2.2 Dell Mobile
Good Technology “Secure Browser” includes encryption capabilities with a
fallback to Safari
Webkit Dell Native Browser
Attacks start with .gov/.mil? Sign of the times…
15. Targeted Attacks in a Post-Windows World
Originating research
Offensive security and “original research”?
Increased investment…
HTML5 features and native support in browsers
Increased attack surface
Cache poisoning, clickjacking, data leakage
Attacking remote client-side BoF?
http://www.slideshare.net/seguridadapple/attacking-the-webkit-heap-or-how-to-
write-safari-exploits
Flash for mobile replaced with HTML5 and AIR
16. Thank You
Kurt Baumgartner, Senior Security Researcher
Global Research and Analysis Team
kurt.baumgartner@kaspersky.com
Editor's Notes
Slide #6Duration: 1.5 minOn this slide you can see common IT security policy mistakes. The biggest mistake is to ignore network shares access rights. There might be an open share on internal file server or on end-user work desktop. (Question to the audience): Does anybody of you ever shared file directory from you work computer (desktop or laptop)? I.e. to transfer files to your co-worker computer.(Next question): Did you open it for unlimited users or just for dedicated person? Did you disable it later or just forgot?Sooner or later this can be a great source of malware redistribution in your organization. Looks now that the slide, this mistake is responsible for about 35% of incidents!There was an interesting case in one of the School Districts in the USA. The customer has several thousand end-users connected to the CSD network. Most of them are school student computers, beginning from 3rd grade. The network included few file share servers with unlimited access to everyone. So, everyone got infected after malware infected this network resource. The students could not do their class work, tests and lab work at school for at least few weeks.Now about missing security patches. Modern malware takes advantage of existing vulnerabilities. The network with even a single patch can be faced a serious risk. This is a common issue that we see mostly in Small organization, where number of end-users is less than 500. They either do not have enough expertise or ignoring patching completely.Partially protected environment means that Antimalware solution is installed on part of the network, leaving other resource unprotected.We have got some incidents related to firmware vulnerabilities. There was a software vulnerability in some DSL Router device. The impact of it was huge – possible lawsuit.And the last mistake is to believe that tools and software downloaded from the Web are always good software.
Slide #6Duration: 1.5 minOn this slide you can see common IT security policy mistakes. The biggest mistake is to ignore network shares access rights. There might be an open share on internal file server or on end-user work desktop. (Question to the audience): Does anybody of you ever shared file directory from you work computer (desktop or laptop)? I.e. to transfer files to your co-worker computer.(Next question): Did you open it for unlimited users or just for dedicated person? Did you disable it later or just forgot?Sooner or later this can be a great source of malware redistribution in your organization. Looks now that the slide, this mistake is responsible for about 35% of incidents!There was an interesting case in one of the School Districts in the USA. The customer has several thousand end-users connected to the CSD network. Most of them are school student computers, beginning from 3rd grade. The network included few file share servers with unlimited access to everyone. So, everyone got infected after malware infected this network resource. The students could not do their class work, tests and lab work at school for at least few weeks.Now about missing security patches. Modern malware takes advantage of existing vulnerabilities. The network with even a single patch can be faced a serious risk. This is a common issue that we see mostly in Small organization, where number of end-users is less than 500. They either do not have enough expertise or ignoring patching completely.Partially protected environment means that Antimalware solution is installed on part of the network, leaving other resource unprotected.We have got some incidents related to firmware vulnerabilities. There was a software vulnerability in some DSL Router device. The impact of it was huge – possible lawsuit.And the last mistake is to believe that tools and software downloaded from the Web are always good software.
Slide #6Duration: 1.5 minOn this slide you can see common IT security policy mistakes. The biggest mistake is to ignore network shares access rights. There might be an open share on internal file server or on end-user work desktop. (Question to the audience): Does anybody of you ever shared file directory from you work computer (desktop or laptop)? I.e. to transfer files to your co-worker computer.(Next question): Did you open it for unlimited users or just for dedicated person? Did you disable it later or just forgot?Sooner or later this can be a great source of malware redistribution in your organization. Looks now that the slide, this mistake is responsible for about 35% of incidents!There was an interesting case in one of the School Districts in the USA. The customer has several thousand end-users connected to the CSD network. Most of them are school student computers, beginning from 3rd grade. The network included few file share servers with unlimited access to everyone. So, everyone got infected after malware infected this network resource. The students could not do their class work, tests and lab work at school for at least few weeks.Now about missing security patches. Modern malware takes advantage of existing vulnerabilities. The network with even a single patch can be faced a serious risk. This is a common issue that we see mostly in Small organization, where number of end-users is less than 500. They either do not have enough expertise or ignoring patching completely.Partially protected environment means that Antimalware solution is installed on part of the network, leaving other resource unprotected.We have got some incidents related to firmware vulnerabilities. There was a software vulnerability in some DSL Router device. The impact of it was huge – possible lawsuit.And the last mistake is to believe that tools and software downloaded from the Web are always good software.
Slide #6Duration: 1.5 minOn this slide you can see common IT security policy mistakes. The biggest mistake is to ignore network shares access rights. There might be an open share on internal file server or on end-user work desktop. (Question to the audience): Does anybody of you ever shared file directory from you work computer (desktop or laptop)? I.e. to transfer files to your co-worker computer.(Next question): Did you open it for unlimited users or just for dedicated person? Did you disable it later or just forgot?Sooner or later this can be a great source of malware redistribution in your organization. Looks now that the slide, this mistake is responsible for about 35% of incidents!There was an interesting case in one of the School Districts in the USA. The customer has several thousand end-users connected to the CSD network. Most of them are school student computers, beginning from 3rd grade. The network included few file share servers with unlimited access to everyone. So, everyone got infected after malware infected this network resource. The students could not do their class work, tests and lab work at school for at least few weeks.Now about missing security patches. Modern malware takes advantage of existing vulnerabilities. The network with even a single patch can be faced a serious risk. This is a common issue that we see mostly in Small organization, where number of end-users is less than 500. They either do not have enough expertise or ignoring patching completely.Partially protected environment means that Antimalware solution is installed on part of the network, leaving other resource unprotected.We have got some incidents related to firmware vulnerabilities. There was a software vulnerability in some DSL Router device. The impact of it was huge – possible lawsuit.And the last mistake is to believe that tools and software downloaded from the Web are always good software.
Slide #6Duration: 1.5 minOn this slide you can see common IT security policy mistakes. The biggest mistake is to ignore network shares access rights. There might be an open share on internal file server or on end-user work desktop. (Question to the audience): Does anybody of you ever shared file directory from you work computer (desktop or laptop)? I.e. to transfer files to your co-worker computer.(Next question): Did you open it for unlimited users or just for dedicated person? Did you disable it later or just forgot?Sooner or later this can be a great source of malware redistribution in your organization. Looks now that the slide, this mistake is responsible for about 35% of incidents!There was an interesting case in one of the School Districts in the USA. The customer has several thousand end-users connected to the CSD network. Most of them are school student computers, beginning from 3rd grade. The network included few file share servers with unlimited access to everyone. So, everyone got infected after malware infected this network resource. The students could not do their class work, tests and lab work at school for at least few weeks.Now about missing security patches. Modern malware takes advantage of existing vulnerabilities. The network with even a single patch can be faced a serious risk. This is a common issue that we see mostly in Small organization, where number of end-users is less than 500. They either do not have enough expertise or ignoring patching completely.Partially protected environment means that Antimalware solution is installed on part of the network, leaving other resource unprotected.We have got some incidents related to firmware vulnerabilities. There was a software vulnerability in some DSL Router device. The impact of it was huge – possible lawsuit.And the last mistake is to believe that tools and software downloaded from the Web are always good software.
Slide #6Duration: 1.5 minOn this slide you can see common IT security policy mistakes. The biggest mistake is to ignore network shares access rights. There might be an open share on internal file server or on end-user work desktop. (Question to the audience): Does anybody of you ever shared file directory from you work computer (desktop or laptop)? I.e. to transfer files to your co-worker computer.(Next question): Did you open it for unlimited users or just for dedicated person? Did you disable it later or just forgot?Sooner or later this can be a great source of malware redistribution in your organization. Looks now that the slide, this mistake is responsible for about 35% of incidents!There was an interesting case in one of the School Districts in the USA. The customer has several thousand end-users connected to the CSD network. Most of them are school student computers, beginning from 3rd grade. The network included few file share servers with unlimited access to everyone. So, everyone got infected after malware infected this network resource. The students could not do their class work, tests and lab work at school for at least few weeks.Now about missing security patches. Modern malware takes advantage of existing vulnerabilities. The network with even a single patch can be faced a serious risk. This is a common issue that we see mostly in Small organization, where number of end-users is less than 500. They either do not have enough expertise or ignoring patching completely.Partially protected environment means that Antimalware solution is installed on part of the network, leaving other resource unprotected.We have got some incidents related to firmware vulnerabilities. There was a software vulnerability in some DSL Router device. The impact of it was huge – possible lawsuit.And the last mistake is to believe that tools and software downloaded from the Web are always good software.
Slide #8Duration: 10 secThis was general information. Now,few practical examples. The first is Zbot outbreak: root cause, risk to the business, suggestions.
Slide #6Duration: 1.5 minOn this slide you can see common IT security policy mistakes. The biggest mistake is to ignore network shares access rights. There might be an open share on internal file server or on end-user work desktop. (Question to the audience): Does anybody of you ever shared file directory from you work computer (desktop or laptop)? I.e. to transfer files to your co-worker computer.(Next question): Did you open it for unlimited users or just for dedicated person? Did you disable it later or just forgot?Sooner or later this can be a great source of malware redistribution in your organization. Looks now that the slide, this mistake is responsible for about 35% of incidents!There was an interesting case in one of the School Districts in the USA. The customer has several thousand end-users connected to the CSD network. Most of them are school student computers, beginning from 3rd grade. The network included few file share servers with unlimited access to everyone. So, everyone got infected after malware infected this network resource. The students could not do their class work, tests and lab work at school for at least few weeks.Now about missing security patches. Modern malware takes advantage of existing vulnerabilities. The network with even a single patch can be faced a serious risk. This is a common issue that we see mostly in Small organization, where number of end-users is less than 500. They either do not have enough expertise or ignoring patching completely.Partially protected environment means that Antimalware solution is installed on part of the network, leaving other resource unprotected.We have got some incidents related to firmware vulnerabilities. There was a software vulnerability in some DSL Router device. The impact of it was huge – possible lawsuit.And the last mistake is to believe that tools and software downloaded from the Web are always good software.
Slide #6Duration: 1.5 minOn this slide you can see common IT security policy mistakes. The biggest mistake is to ignore network shares access rights. There might be an open share on internal file server or on end-user work desktop. (Question to the audience): Does anybody of you ever shared file directory from you work computer (desktop or laptop)? I.e. to transfer files to your co-worker computer.(Next question): Did you open it for unlimited users or just for dedicated person? Did you disable it later or just forgot?Sooner or later this can be a great source of malware redistribution in your organization. Looks now that the slide, this mistake is responsible for about 35% of incidents!There was an interesting case in one of the School Districts in the USA. The customer has several thousand end-users connected to the CSD network. Most of them are school student computers, beginning from 3rd grade. The network included few file share servers with unlimited access to everyone. So, everyone got infected after malware infected this network resource. The students could not do their class work, tests and lab work at school for at least few weeks.Now about missing security patches. Modern malware takes advantage of existing vulnerabilities. The network with even a single patch can be faced a serious risk. This is a common issue that we see mostly in Small organization, where number of end-users is less than 500. They either do not have enough expertise or ignoring patching completely.Partially protected environment means that Antimalware solution is installed on part of the network, leaving other resource unprotected.We have got some incidents related to firmware vulnerabilities. There was a software vulnerability in some DSL Router device. The impact of it was huge – possible lawsuit.And the last mistake is to believe that tools and software downloaded from the Web are always good software.