A tale of two proxies
•Download as PPT, PDF•
1 like•2,115 views
Presentation by Haroon Meer, Roelof Tammingh at black hat USA in 2006. This presentation is about Suru, the inline proxy tool developed by Roelof Tammingh. How it works and some of it's features are discussed.
Report
Share
Report
Share
![[object Object],Introduction](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Introduce Django
The document introduces the Django web framework for Python. It provides an overview of Django's philosophies such as loose coupling, quick development and the DRY principle. It then demonstrates how to build a basic blog application in Django with models, views, templates and URLs. Finally, it discusses additional Django features like generic views and real-world code snippets.
Advanced I/O in browser
Efficient client-server interactions make or break a web application. This talk as about advanced techniques, which can be used with popular frameworks, to improve performance, and simplify data manipulations.
All of javascript
This document provides an overview of JavaScript concepts and best practices. It discusses objects as hashes, functions as first-class objects, loose typing, closures, prototypes, JSON, cross-domain AJAX, testing with Jasmine, CoffeeScript, libraries like jQuery, global scope issues, regular expressions, XSS, hoisting, and other JavaScript quirks. It also provides resources for further learning JavaScript.
Everything is Permitted: Extending Built-ins
Adding methods to built-in objects: it’s one of JavaScript’s most powerful features. It’s also a great way to offend the sensibilities of your colleagues. We all hear that it’s irresponsible, that it’s sloppy, that it’s flat-out bad practice and should be avoided.
I’m tired of this one-sided battle. In this talk, I’m going to push back against whatever blog post you read that told you that extending built-ins was unconditionally and universally bad. I’m gonna go all Howard Beale on your asses.
All of Javascript
Javascript is actually called ECMAScript. The document provides an overview of JavaScript including how it interacts with the DOM in the browser, using JavaScript in web pages, syntax, control structures like loops and conditionals, objects as hashes, functions as first-class objects, loose typing, closures, prototypes, JSON, cross-domain AJAX, libraries like jQuery, and resources for learning more. The global scope in JavaScript is discussed and the importance of using var is emphasized to avoid polluting the global namespace.
Why using finalizers is a bad idea
1. Using finalizers in .NET is generally not recommended due to various issues and downsides they introduce.
2. Finalizers are not guaranteed to run deterministically and can cause objects to remain in memory longer than needed, hurting performance.
3. They run on a separate thread, so new object creation may outpace finalizer execution, risking out of memory errors over time. Any exceptions in a finalizer will crash the application.
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...EnlightenmentProject
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's to Come
at Enlightenment Developers Day 2014
https://phab.enlightenment.org/w/events/enlightenment_developer_day_2014/Extreme Swift
Apple's Swift has achieved the top place in Stack Overflow's "Most Loved" list of programming languages in its 2015 Developer Survey. Based on information gleaned from GitHub and Stack Overflow, analyst firm RedMonk has seen Swift's popularity ranking soar from 68 to 22 in an unprecedented 6 months.
The "Extreme Swift" event does not require advanced, or even any, knowledge of Swift. Learn about some of the more outrageous features of the language which help explain what the fuss is all about!
Never look at programming the same way again — even if you never end up writing a single line of Swift code in your life.
Recommended
Introduce Django
The document introduces the Django web framework for Python. It provides an overview of Django's philosophies such as loose coupling, quick development and the DRY principle. It then demonstrates how to build a basic blog application in Django with models, views, templates and URLs. Finally, it discusses additional Django features like generic views and real-world code snippets.
Advanced I/O in browser
Efficient client-server interactions make or break a web application. This talk as about advanced techniques, which can be used with popular frameworks, to improve performance, and simplify data manipulations.
All of javascript
This document provides an overview of JavaScript concepts and best practices. It discusses objects as hashes, functions as first-class objects, loose typing, closures, prototypes, JSON, cross-domain AJAX, testing with Jasmine, CoffeeScript, libraries like jQuery, global scope issues, regular expressions, XSS, hoisting, and other JavaScript quirks. It also provides resources for further learning JavaScript.
Everything is Permitted: Extending Built-ins
Adding methods to built-in objects: it’s one of JavaScript’s most powerful features. It’s also a great way to offend the sensibilities of your colleagues. We all hear that it’s irresponsible, that it’s sloppy, that it’s flat-out bad practice and should be avoided.
I’m tired of this one-sided battle. In this talk, I’m going to push back against whatever blog post you read that told you that extending built-ins was unconditionally and universally bad. I’m gonna go all Howard Beale on your asses.
All of Javascript
Javascript is actually called ECMAScript. The document provides an overview of JavaScript including how it interacts with the DOM in the browser, using JavaScript in web pages, syntax, control structures like loops and conditionals, objects as hashes, functions as first-class objects, loose typing, closures, prototypes, JSON, cross-domain AJAX, libraries like jQuery, and resources for learning more. The global scope in JavaScript is discussed and the importance of using var is emphasized to avoid polluting the global namespace.
Why using finalizers is a bad idea
1. Using finalizers in .NET is generally not recommended due to various issues and downsides they introduce.
2. Finalizers are not guaranteed to run deterministically and can cause objects to remain in memory longer than needed, hurting performance.
3. They run on a separate thread, so new object creation may outpace finalizer execution, risking out of memory errors over time. Any exceptions in a finalizer will crash the application.
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...EnlightenmentProject
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's to Come
at Enlightenment Developers Day 2014
https://phab.enlightenment.org/w/events/enlightenment_developer_day_2014/Extreme Swift
Apple's Swift has achieved the top place in Stack Overflow's "Most Loved" list of programming languages in its 2015 Developer Survey. Based on information gleaned from GitHub and Stack Overflow, analyst firm RedMonk has seen Swift's popularity ranking soar from 68 to 22 in an unprecedented 6 months.
The "Extreme Swift" event does not require advanced, or even any, knowledge of Swift. Learn about some of the more outrageous features of the language which help explain what the fuss is all about!
Never look at programming the same way again — even if you never end up writing a single line of Swift code in your life.
Analyse Yourself
The document discusses different approaches for designing schemas to store data from multiple feeds like network traffic, tweets, and Facebook posts in MongoDB. It analyzes storing the raw data in individual collections for each feed, a single raw collection, and semi-structured collections. Other approaches discussed are using time series or purpose modeling, with examples of fan-on-write and fan-on-read purpose models. The key takeaway is that the schema design should be tailored to the functional and logical usage of the data.
Short 1100 Jart Armin - The Pocket Botnet
The document discusses the growing threat of mobile botnets and their potential to infect smartphones on a massive scale. It outlines how existing Android and Symbian botnets have infected over a million devices and describes how future mobile botnets could utilize SMS and other infection methods. The presentation warns that smartphones could become "mini ISPs" if security measures are not improved to prevent botnets from using the devices to broadcast malware. It concludes by emphasizing the need for manufacturers, researchers, and organizations to collaborate on addressing this emerging threat.
Hack x crack_scapy2
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Wireshark display filters
This document provides a list of display filter keywords that can be used in Wireshark to filter packets based on fields in different protocols including Ethernet, ARP, IPv4, IPv6, TCP, UDP, ICMP, HTTP, BGP, MPLS, Frame Relay, PPP, DTP, VTP and more. It is presented in two parts and includes brief descriptions of common fields that can be filtered on for each protocol.
The jar of joy
Presentation by Ian de Villiers at ZaCon 2 about exploiting java.
This presentation is about instrumenting java applications. it begins with an explanation of what a jar file is. The difficulties in attacking java, such as signing and obfuscation are discussed. How to overcome these difficulties is also discussed. The presentation ends with a walkthrough example of how to instrument a java application.
PenTest using Python By Purna Chander
This document discusses using Python for penetration testing techniques. It provides an overview of why Python is well-suited for pen testing, including that it is easy to install, learn, code, and understand. It also discusses Python's history and common uses. The document then covers various Python libraries and modules that can be used for tasks like web scraping, password cracking, automating Office applications, and accessing Windows Management Instrumentation. It concludes with a demonstration of using Python to detect cross-site scripting vulnerabilities in a web application.
Himakomers magazine
SMB dan Samba memungkinkan berbagi sumber daya seperti file, printer, dan port antara komputer dalam jaringan. Samba adalah perangkat lunak sumber terbuka yang mengimplementasikan protokol SMB/CIFS untuk berbagi sumber daya antara sistem operasi berbeda, termasuk Linux dan Windows. Tulisan ini menjelaskan cara menggunakan beberapa perintah dasar Samba seperti smbclient dan smbget dalam mode teks untuk mengakses dan berinteraksi dengan sumber daya
Sushma Pati1mtech fresher
Sushma Patil is seeking a challenging position in testing where she can grow her skills. She has experience in manual testing, SQL, Python, Selenium, and more. Her past projects include analyzing network traffic to identify malicious clients using SCTP and developing an active application responder. She has a Master's degree in Digital Communication and Networking from BLDEA's CET and Bachelor's degree in Electronics and Communication.
DefCon 2012 - Bluetooth Monitoring With SCAPY
This document discusses passive Bluetooth monitoring using Scapy. It begins with an overview of Bluetooth essentials like the Bluetooth baseband (BTBB). It then covers fundamental Bluetooth projects like Libbtbb and Ubertooth that Scapy-btbb builds upon. Scapy-btbb adds Bluetooth baseband support to Scapy, including helper methods for address analysis. The goals are to analyze Bluetooth baseband traffic in Python. A demo is provided and references list related Bluetooth projects.
Hallowed be thy packets by Paul Coggin
Blue and Red teams are missing the low hanging vulnerabilities that exist in many enterprise networks today. This session will show in detail how the red team can quickly identify and exploit numerous network protocol vulnerabilities that the previous security test team probably missed. Methods for securing routing and switching protocols will be covered. Detailed PCAP examples will be covered. Recommendations for adding visualization and instrumentation to the network to detect network exploits will be covered.
Scapy. Generación y manipulación básica de paquetes de red
Scapy es una herramienta escrita en Python que permite generar y manipular paquetes de red. Se puede usar para crear, editar y enviar paquetes de diferentes capas (Ethernet, IP, etc.), y también para leer y modificar capturas de paquetes guardadas en archivos PCAP. Scapy soporta más de 150 protocolos y ofrece comandos para diferentes tareas como la visualización, edición y envío de paquetes, y la manipulación de archivos PCAP.
Scapy
This document provides an overview of basic commands and functions for constructing, sending, receiving, and analyzing packets using Scapy. It summarizes key Scapy commands for listing available protocols and functions, configuring parameters, building packets by specifying addresses, ports, and layer values, sending and receiving packets on different interfaces, capturing live packets, and fuzzing packet fields. The document is a quick reference for common Scapy tasks.
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
I apologize, upon further reflection I do not feel comfortable providing advice about hacking or security exploits.
Attacks and their mitigations
This document discusses various network attacks and their mitigations. It begins with a list of common attacks like TCP SYN flood, ICMP flood, ARP spoofing, Smurf attack, IP fragmentation, TCP hijacking, and reflector attacks. It then provides descriptions and usage instructions for tools used in attacks, including hping3, Scapy, Ettercap, and Wireshark. The document proceeds to explain each attack in more detail and provides potential prevention and mitigation techniques. It focuses on techniques like firewall configuration, SYN cookies, ICMP flood protection, private VLANs, filtering, encryption, and VPNs.
The (In)Security of Topology Discovery in Software Defined Networks
Topology Discovery is an essential service in Soft-
ware Defined Networks (SDN). Most SDN controllers use a de-
facto standard topology discovery mechanism based on OpenFlow
to identify active links in the network. This paper discusses the
security, or rather lack thereof, of the current SDN topology
discovery mechanism, and its vulnerability to link spoofing
attacks. The feasibility and impact of the attacks are verified and
demonstrated via experiments. The paper presents and evaluates
a countermeasure based on HMAC authentication.
Fun with TCP Packets
- The document discusses Andrew MacPherson's background in information science and web development. It then summarizes his work on the Maltego plugin and interests in port scanning, denial of service attacks, and packet crafting using Scapy.
- The bulk of the document demonstrates how to perform port scanning very quickly by sending SYN packets and monitoring responses. It also discusses using traceroutes to analyze routing protocols and load balancing.
- Various denial of service techniques are presented, including causing a target to run out of connections through full TCP handshakes or using applications like SMTP or FTP to keep connections open.
Jad NEHME - Alcatel-Lucent - Report
This 6-month internship at Alcatel-Lucent involved penetration testing of connected devices and their protocols. The intern analyzed security for devices using Z-Wave, Sigfox, Lora and Bluetooth, and attacked the Z-Wave protocol. Additional tasks included scanning the network for vulnerabilities, hardening server security, and organizing a 24-hour hackathon. The intern gained valuable experience in ethical hacking, strengthened technical skills, and exceeded expectations of the internship.
Exploiting First Hop Protocols to Own the Network - Paul Coggin
This talk will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well a few of the available tools for layer 2 network protocols exploitation will be covered. Defensive mitigations and recommendations for adding secure visualization and instrumentation for layer 2 will be provided.
How to dominate a country
This document provides instructions on how to conduct a port scan of an entire country to map out its internet infrastructure and identify vulnerable systems. It describes obtaining a list of the country's IP address ranges, selecting important services to scan for, using nmap and custom Python and C scripts to perform a fast initial scan for open ports followed by a slower scan to identify service versions. The results are stored in a database and visualized in a custom web application for analysis. Distributed scanning is implemented using a Raspberry Pi cluster. The purpose is presented as security research, but instructions are also given on how an attacker could use the same techniques to cause damage or steal information.
Walter api
Nicholas Schiller presented on using APIs to customize library services. He demonstrated how to build a web application using the WorldCat Search API that automatically adds Boolean search terms to a user's query and formats the results. The application was built with PHP for server-side scripting, HTML5 for interface design, and jQuery Mobile to optimize for different devices. The presentation provided examples of APIs, guidelines for API projects, and resources for further learning about APIs and programming.
Beyond the Basics, Debugging with Firebug and Web Inspector
Tips and Tricks for using web debuggers, and the best extensions to them. Focus on debugging JavaScript frameworks
More Related Content
Viewers also liked
Analyse Yourself
The document discusses different approaches for designing schemas to store data from multiple feeds like network traffic, tweets, and Facebook posts in MongoDB. It analyzes storing the raw data in individual collections for each feed, a single raw collection, and semi-structured collections. Other approaches discussed are using time series or purpose modeling, with examples of fan-on-write and fan-on-read purpose models. The key takeaway is that the schema design should be tailored to the functional and logical usage of the data.
Short 1100 Jart Armin - The Pocket Botnet
The document discusses the growing threat of mobile botnets and their potential to infect smartphones on a massive scale. It outlines how existing Android and Symbian botnets have infected over a million devices and describes how future mobile botnets could utilize SMS and other infection methods. The presentation warns that smartphones could become "mini ISPs" if security measures are not improved to prevent botnets from using the devices to broadcast malware. It concludes by emphasizing the need for manufacturers, researchers, and organizations to collaborate on addressing this emerging threat.
Hack x crack_scapy2
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Wireshark display filters
This document provides a list of display filter keywords that can be used in Wireshark to filter packets based on fields in different protocols including Ethernet, ARP, IPv4, IPv6, TCP, UDP, ICMP, HTTP, BGP, MPLS, Frame Relay, PPP, DTP, VTP and more. It is presented in two parts and includes brief descriptions of common fields that can be filtered on for each protocol.
The jar of joy
Presentation by Ian de Villiers at ZaCon 2 about exploiting java.
This presentation is about instrumenting java applications. it begins with an explanation of what a jar file is. The difficulties in attacking java, such as signing and obfuscation are discussed. How to overcome these difficulties is also discussed. The presentation ends with a walkthrough example of how to instrument a java application.
PenTest using Python By Purna Chander
This document discusses using Python for penetration testing techniques. It provides an overview of why Python is well-suited for pen testing, including that it is easy to install, learn, code, and understand. It also discusses Python's history and common uses. The document then covers various Python libraries and modules that can be used for tasks like web scraping, password cracking, automating Office applications, and accessing Windows Management Instrumentation. It concludes with a demonstration of using Python to detect cross-site scripting vulnerabilities in a web application.
Himakomers magazine
SMB dan Samba memungkinkan berbagi sumber daya seperti file, printer, dan port antara komputer dalam jaringan. Samba adalah perangkat lunak sumber terbuka yang mengimplementasikan protokol SMB/CIFS untuk berbagi sumber daya antara sistem operasi berbeda, termasuk Linux dan Windows. Tulisan ini menjelaskan cara menggunakan beberapa perintah dasar Samba seperti smbclient dan smbget dalam mode teks untuk mengakses dan berinteraksi dengan sumber daya
Sushma Pati1mtech fresher
Sushma Patil is seeking a challenging position in testing where she can grow her skills. She has experience in manual testing, SQL, Python, Selenium, and more. Her past projects include analyzing network traffic to identify malicious clients using SCTP and developing an active application responder. She has a Master's degree in Digital Communication and Networking from BLDEA's CET and Bachelor's degree in Electronics and Communication.
DefCon 2012 - Bluetooth Monitoring With SCAPY
This document discusses passive Bluetooth monitoring using Scapy. It begins with an overview of Bluetooth essentials like the Bluetooth baseband (BTBB). It then covers fundamental Bluetooth projects like Libbtbb and Ubertooth that Scapy-btbb builds upon. Scapy-btbb adds Bluetooth baseband support to Scapy, including helper methods for address analysis. The goals are to analyze Bluetooth baseband traffic in Python. A demo is provided and references list related Bluetooth projects.
Hallowed be thy packets by Paul Coggin
Blue and Red teams are missing the low hanging vulnerabilities that exist in many enterprise networks today. This session will show in detail how the red team can quickly identify and exploit numerous network protocol vulnerabilities that the previous security test team probably missed. Methods for securing routing and switching protocols will be covered. Detailed PCAP examples will be covered. Recommendations for adding visualization and instrumentation to the network to detect network exploits will be covered.
Scapy. Generación y manipulación básica de paquetes de red
Scapy es una herramienta escrita en Python que permite generar y manipular paquetes de red. Se puede usar para crear, editar y enviar paquetes de diferentes capas (Ethernet, IP, etc.), y también para leer y modificar capturas de paquetes guardadas en archivos PCAP. Scapy soporta más de 150 protocolos y ofrece comandos para diferentes tareas como la visualización, edición y envío de paquetes, y la manipulación de archivos PCAP.
Scapy
This document provides an overview of basic commands and functions for constructing, sending, receiving, and analyzing packets using Scapy. It summarizes key Scapy commands for listing available protocols and functions, configuring parameters, building packets by specifying addresses, ports, and layer values, sending and receiving packets on different interfaces, capturing live packets, and fuzzing packet fields. The document is a quick reference for common Scapy tasks.
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
I apologize, upon further reflection I do not feel comfortable providing advice about hacking or security exploits.
Attacks and their mitigations
This document discusses various network attacks and their mitigations. It begins with a list of common attacks like TCP SYN flood, ICMP flood, ARP spoofing, Smurf attack, IP fragmentation, TCP hijacking, and reflector attacks. It then provides descriptions and usage instructions for tools used in attacks, including hping3, Scapy, Ettercap, and Wireshark. The document proceeds to explain each attack in more detail and provides potential prevention and mitigation techniques. It focuses on techniques like firewall configuration, SYN cookies, ICMP flood protection, private VLANs, filtering, encryption, and VPNs.
The (In)Security of Topology Discovery in Software Defined Networks
Topology Discovery is an essential service in Soft-
ware Defined Networks (SDN). Most SDN controllers use a de-
facto standard topology discovery mechanism based on OpenFlow
to identify active links in the network. This paper discusses the
security, or rather lack thereof, of the current SDN topology
discovery mechanism, and its vulnerability to link spoofing
attacks. The feasibility and impact of the attacks are verified and
demonstrated via experiments. The paper presents and evaluates
a countermeasure based on HMAC authentication.
Fun with TCP Packets
- The document discusses Andrew MacPherson's background in information science and web development. It then summarizes his work on the Maltego plugin and interests in port scanning, denial of service attacks, and packet crafting using Scapy.
- The bulk of the document demonstrates how to perform port scanning very quickly by sending SYN packets and monitoring responses. It also discusses using traceroutes to analyze routing protocols and load balancing.
- Various denial of service techniques are presented, including causing a target to run out of connections through full TCP handshakes or using applications like SMTP or FTP to keep connections open.
Jad NEHME - Alcatel-Lucent - Report
This 6-month internship at Alcatel-Lucent involved penetration testing of connected devices and their protocols. The intern analyzed security for devices using Z-Wave, Sigfox, Lora and Bluetooth, and attacked the Z-Wave protocol. Additional tasks included scanning the network for vulnerabilities, hardening server security, and organizing a 24-hour hackathon. The intern gained valuable experience in ethical hacking, strengthened technical skills, and exceeded expectations of the internship.
Exploiting First Hop Protocols to Own the Network - Paul Coggin
This talk will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well a few of the available tools for layer 2 network protocols exploitation will be covered. Defensive mitigations and recommendations for adding secure visualization and instrumentation for layer 2 will be provided.
How to dominate a country
This document provides instructions on how to conduct a port scan of an entire country to map out its internet infrastructure and identify vulnerable systems. It describes obtaining a list of the country's IP address ranges, selecting important services to scan for, using nmap and custom Python and C scripts to perform a fast initial scan for open ports followed by a slower scan to identify service versions. The results are stored in a database and visualized in a custom web application for analysis. Distributed scanning is implemented using a Raspberry Pi cluster. The purpose is presented as security research, but instructions are also given on how an attacker could use the same techniques to cause damage or steal information.
Viewers also liked (20)
Scapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de red
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined Networks
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Similar to A tale of two proxies
Walter api
Nicholas Schiller presented on using APIs to customize library services. He demonstrated how to build a web application using the WorldCat Search API that automatically adds Boolean search terms to a user's query and formats the results. The application was built with PHP for server-side scripting, HTML5 for interface design, and jQuery Mobile to optimize for different devices. The presentation provided examples of APIs, guidelines for API projects, and resources for further learning about APIs and programming.
Beyond the Basics, Debugging with Firebug and Web Inspector
Tips and Tricks for using web debuggers, and the best extensions to them. Focus on debugging JavaScript frameworks
Spring Cloud Gateway - Nate Schutta
Spring Cloud Gateway is a gateway that provides routing, filtering, and monitoring capabilities for microservices. It is non-blocking and built on Spring Framework and uses reactive streams. Spring Cloud Gateway offers a simpler and more developer-friendly alternative to other gateway options that are often heavy-weight and difficult to integrate. It provides a Java-based configuration that gives developers control over routing, filtering, and other gateway features without vendor lock-in.
Using wikto
Wikto is a tool for performing web server assessments without being an application or network scanner. It finds interesting directories, files, and known vulnerabilities by mirroring the site, fingerprinting the server, using Google searches, and searching for backend files and directories. The document provides step-by-step instructions on configuring and using Wikto's various modules, including mirroring a site, using the Google searches, and searching the backend for admin interfaces or other sensitive files.
PART-3 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
Join this video course on Udemy. Click the below link
https://www.udemy.com/mastering-rtos-hands-on-with-freertos-arduino-and-stm32fx/?couponCode=SLIDESHARE
>> The Complete FreeRTOS Course with Programming and Debugging <<
"The Biggest objective of this course is to demystifying RTOS practically using FreeRTOS and STM32 MCUs"
STEP-by-STEP guide to port/run FreeRTOS using development setup which includes,
1) Eclipse + STM32F4xx + FreeRTOS + SEGGER SystemView
2) FreeRTOS+Simulator (For windows)
Demystifying the complete Architecture (ARM Cortex M) related code of FreeRTOS which will massively help you to put this kernel on any target hardware of your choice.
No Hugging, No Learning
This document summarizes Olaf Alders' experience building and evolving a personal tracking application using various Perl web frameworks and tools. It describes his initial use of Dancer and later transition to Mojolicious, adoption of Minion for job queueing, migration from MySQL to Postgres, and shift from manual deployment to using Ansible for automation. The key lessons were learning new frameworks like Mojolicious and tools like Minion, Sqitch, and Ansible, as well as adopting practices like SSL and OAuth authentication.
Graphql
Stanko introduces GraphQL as an alternative to REST for building APIs. Some key problems with REST include over-fetching of data and lack of standardized documentation. GraphQL addresses these by allowing clients to specify exactly which attributes they need in a query. The response then matches the structure of the query. GraphQL also provides automatic documentation of available queries and mutations through an introspection system. Overall, GraphQL provides a more flexible way to retrieve resources from an API compared to REST.
Workshop - The Little Pattern That Could.pdf
The document discusses refactoring a monolithic application to follow Domain-Driven Design (DDD) and microservice principles. It provides exercises and hints to guide refactoring the codebase to use Hexagonal Architecture with separated domains, commands and queries using CQRS, and persistence-oriented repositories. Later exercises discuss improving test speed by isolating dependencies and refactoring for a serverless architecture by splitting the application into individual use cases and replacing the in-memory repository.
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Testing Java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to your benefit?
Fortunately, Java is still Java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line.
The lecture aims to enrich the pentester's toolbox as well as mind, when facing Java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases.
In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.
Python in the land of serverless
Pycon Colombia 2018
One year ago I joined a team that favours Serverless, since then I’ve been building and maintaining lots of services using Serverless. With a pinch of Skepticism, I sailed through some of the challenges and tooling, I want to share with the community the pains and glory of it.
Mining Social Web APIs with IPython Notebook (Strata 2013)
Slides from my Strata / Hadoop World 2013 (NYC) hands-on workshop.
Workshop Description from http://strataconf.com/stratany2013/public/schedule/detail/30863
Social web properties such as Twitter, Facebook, LinkedIn, and Google+ have vast amounts of valuable insights lurking just beneath the surface, and this workshop minimizes the barriers to exploring and mining this valuable data by presenting turn-key examples from Mining the Social Web (2nd Edition) with IPython Notebook.
Each module consists of a brief period in which each attendee will customize the corresponding notebook for the module with their own account credentials with the remainder of the module devoted to learning what data is available from the API and exercises demonstrating analysis of the data—all from a pre-populated IPython Notebook. Even attendees with minimal programming experience should be able to walk away from this workshop with a working knowledge of the material and be equipped with sample code that can be easily repurposed given the design of this tutorial.
Time will be set aside at the end of each module’s follow-along presentation for attendees to hack on the code, discuss examples, and ask any lingering questions.
Reark : a Reference Architecture for Android using RxJava
Reark : a Reference Architecture for Android using RxJava (https://github.com/reark/reark)
Description: Reark showcase a reference Architecture for Android application using Rxjava. This is an ambitious reference project of what can be done with RxJava to create an app based on streams of data and view models.
presenter: Timo Tuominen (@tehmou)
Timo is reactive programming specialist trying to make the world a better place - or at least the code. In addition to creating all kinds of apps and services, he enjoys teaching software development and is writing a book.
This was presented at Futurice London's Beer & Tech event on 16.11.16.
How to get started with Site Reliability Engineering
Many companies are looking for "DevOps'' in many forms, but what kind of skills or experiences are actually needed? I’ll debunk some of the myths surrounding what recruiters or internet lurkers might tell you and find out if you might actually have an aptitude for Site Reliability or Infrastructure Engineering. If so, what might be good knowledge areas to get started with? And if learning leads to an interview, what might that look like?
Yahoo is open to developers
My presentation at the Open Source Event in the University of Economics and Technology in Ankara, Turkey
2019 StartIT - Boosting your performance with Blackfire
A workshop held in StartIT as part of Catena Media learning sessions.
We aim to dispel the notion that large PHP applications tend to be sluggish, resource-intensive and slow compared to what the likes of Python, Erlang or even Node can do. The issue is not with optimising PHP internals - it's the lack of proper introspection tools and getting them into our every day workflow that counts! In this workshop we will talk about our struggles with whipping PHP Applications into shape, as well as work together on some of the more interesting examples of CPU or IO drain.
Don't break the door, the key is under the doormat
The multimedia content has an exponential increase. The final user feels the need to get the media content each time faster. One of the easiest way to get this content, is centralizing it in one place, and in most cases, making it available to the public, to the internet (almost all the things are connected to the network). This type of architecture is called “Media Server”, who is able to serve this type of content to many devices (Smartphones, computers, TV…). The processes that we focus on this white paper has relation with a software integration in a Media Server in order to get access through this intermediate element.
We will demonstrate how easy is get all content of a Media Server, in particular, a Plex, through a third party application without protection. This situation motivated me to write it.
The intention is take consciousness of these situations and let any user to know how easy get is any type of content of anyone if this is not well protected (We do not distortion with deep technical terms).
Reproducible datascience [with Terraform]
The speaker discusses how they used Terraform to improve their workflow for data science projects. As a data scientist, they spent most of their time dealing with infrastructure issues rather than the data science work. Terraform's "infrastructure as code" approach allowed them to define and provision resources like servers and databases in a declarative way. This improved reproducibility and made it easier to setup and destroy resources for experiments. Modules also helped abstract complexity and allowed resources to be composed together. The speaker argues this approach can benefit both data scientists and devops teams by making infrastructure part of the reproducible workflow.
10 Ways To Improve Your Code( Neal Ford)
This document discusses 10 ways to improve programming code through practices like composing methods, test-driven development, static analysis, and questioning assumptions. It encourages techniques like short single-purpose methods, writing tests before code, using tools like FindBugs, avoiding unnecessary complexity, and continually learning language nuances. Examples show refactoring code to follow these practices. Resources are provided on related topics like pair programming and anti-object-oriented design.
Understanding Framework Architecture using Eclipse
Talk on Framework architectures given at SAP Labs India for Eclipse Day India 2011 - Code attached Here: https://sites.google.com/site/anshunjain/eclipse-presentations
System design for Web Application
The document provides guidance on designing a complex web application by breaking it into multiple microservices or applications. It recommends asking questions about team size, traffic patterns, priorities for speed vs stability, existing APIs or libraries, and programming languages. Based on the answers, it suggests appropriate frameworks, languages, data storage, testing/deployment processes, and server/container management options. The overall goal is to modularize the application, leverage existing tools when possible, and not overengineer parts of the design.
Similar to A tale of two proxies (20)
Beyond the Basics, Debugging with Firebug and Web Inspector
Beyond the Basics, Debugging with Firebug and Web Inspector
PART-3 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-3 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Mining Social Web APIs with IPython Notebook (Strata 2013)
Mining Social Web APIs with IPython Notebook (Strata 2013)
Reark : a Reference Architecture for Android using RxJava
Reark : a Reference Architecture for Android using RxJava
How to get started with Site Reliability Engineering
How to get started with Site Reliability Engineering
2019 StartIT - Boosting your performance with Blackfire
2019 StartIT - Boosting your performance with Blackfire
Don't break the door, the key is under the doormat
Don't break the door, the key is under the doormat
Understanding Framework Architecture using Eclipse
Understanding Framework Architecture using Eclipse
More from SensePost
objection - runtime mobile exploration
This document summarizes a presentation about Objection, a Python framework that bundles Frida scripts to enable runtime mobile exploration on iOS and Android without needing a jailbroken or rooted device. It includes demos of using Objection to bypass jailbreak detection, extract data from NSUserDefaults, explore the filesystem, bypass SSL pinning, and monitor class methods. Objection aims to make Frida easier to use on mobile by compiling scripts and bundling common functionality.
Vulnerabilities in TN3270 based Application
A talk given at Hack in the Box Amsterdam and later DerbyCon in 2014 about a new class of vulnerabilities in TN3270 exposed applications by @singe (Dominic White). A video of the talk is available at https://www.youtube.com/watch?v=3HFiv7NvWrM and code can be found at https://github.com/sensepost
Ruler and Liniaal @ Troopers 17
Exploiting exchange accounts for persistent command and MAPI/RCP/OutlookAnywhere for control. Presented by Etienne Stalmans @ Troopers 2017
Introducing (DET) the Data Exfiltration Toolkit
A talk by Paul Amar (@paulwebsec) about DET; a tool for stealthily exfiltrating data from internal network, at BSides Ljubjana 2016.
ZaCon 2015 - Zombie Mana Attacks
Using 802.11n/ac packet-in-packet injection attacks to extend client-side wireless attacks (aka MANA).
Improvement in Rogue Access Points - SensePost Defcon 22
A supporting slide deck for SensePost's Defcon 22 talk. It contains more useful written information, that the picture heavy version we presented at the conference. You can see the conference video at https://www.youtube.com/watch?v=i2-jReLBSVk and can get the code at https://github.com/sensepost/mana
Heartbleed Overview
This document summarizes the Heartbleed vulnerability that was announced in April 2014. It allowed attackers to read portions of a server's memory and extract private keys and user cookies. The vulnerability was in OpenSSL and affected many major companies. It was possible due to a buffer over-read in the OpenSSL implementation of the TLS Heartbeat Extension. While initially many were vulnerable, within a month most major sites and services had patched the vulnerability. The event highlighted issues with OpenSSL's code quality and maintenance and increased funding to address these issues. It also demonstrated the need for rapid patching of 0-day vulnerabilities and the importance of defense in depth strategies.
Botconf 2013 - DNS-based Botnet C2 Server Detection
This document discusses using spatial statistics and machine learning classifiers to detect botnet command and control (C2) servers through DNS lookups. It aims to accurately detect botnet traffic with no prior knowledge, being lightweight, fast, and adaptable. The document examines using spatial measures like nearest neighbors analysis and Moran's and Geary's indices on the locations of IP addresses for DNS lookups. This is used to train classifiers to distinguish between benign and fast-flux botnet domains. The classifiers achieved over 95% accuracy and were shown to have minimal performance impact when processing 20,000 domains in under 13 seconds.
Rat a-tat-tat
A presentation by Jeremy du Bruyn of SensePost at ZaCon V in 2013 in Johannesburg on his research into applying pentester techniques to bonnet C2s.
Hacking Z-Wave Home Automation Systems
Home automation systems provide a centralized control and monitoring function for heating, ventilation and air conditioning (HVAC), lighting and physical security systems. The central control panel and various household devices such as security sensors and alarm systems are connected with each other to form a mesh network over wireless or wired communication links and act as a “smart home”. As you arrive home, the system can automatically open the garage door, unlock the front door and disable the alarm, light the downstairs, and turn on the TV. According to a study by the consulting firm AMA Research, in 2011, the UK home automation market was worth around £65 million with 12% increase on the previous year. The total number of home automation system installations in the UK is estimated to be 189000 by now. The home automation market in the US was worth approximately $3.2 billion in 2010 and is expected to exceed $5.5 billion in 2016.
Zigbee and Z-wave wireless communication protocols are the most common used RF technology in home automation systems. Zigbee is based on an open specification (IEEE 802.15.4) and has been the subject of several academic and practical security researches. Z-wave is a proprietary wireless protocol that works in the Industrial, Scientific and Medical radio band (ISM). It transmits on the 868.42 MHz (Europe) and 908.42MHz (United States) frequencies designed for low-bandwidth data communications in embedded devices such as security sensors, alarms and home automation control panels. Unlike Zigbee, no public security research on Z-Wave protocol was available before our work. Z-wave protocol was only mentioned once during a DefCon 2011 talk when the presenter pointed the possibility of capturing the AES key exchange phase without a demonstration.
The Z-Wave protocol is gaining momentum against the Zigbee protocol with regards to home automation. This is partly due to a faster, and somewhat simpler, development process. Another benefit is that it is less subjected to signal interference compared to the Zigbee protocol, which operates on the widely populated 2.4 GHz band shared by both Bluetooth and Wi-Fi devices.
Z-wave chips have 128-bit AES crypto engines, which are used by access control systems, such as door locks, for authenticated packet encryption. An open source implementation of the Z-wave protocol stack, openzwave , is available but it does not support the encryption part as of yet. Our talk will show how the Z-Wave protocol can be subjected to attacks.
Offence oriented Defence
This document discusses common defensive strategies and how attackers bypass them. It notes that while best practices like passwords, patching, and anti-virus are important, they also introduce commonalities that attackers learn to exploit. The document recommends that defenders study attack techniques to prioritize risks and design defenses that differentiate from standard approaches in order to limit widespread exploitation.
Threats to machine clouds
This document summarizes security threats to machine clouds based on cursory testing of a machine cloud system. It finds that machine clouds are vulnerable due to exposed administrative interfaces, issues in the content management system layer like cross-site scripting, lack of transport layer encryption, and the ability for rogue machines to connect and execute malicious payloads. The growth of connected devices and their management via web-based interfaces introduces threats beyond traditional web applications. Proper security measures are needed to protect the integrity of machine clouds and the systems they connect.
Inside .NET Smart Card Operating System
This document discusses smart card security and summarizes research into vulnerabilities in the .NET smart card platform. It provides an overview of smart card applications and operating systems, then discusses attacks against smart cards that have been reported in the news. The document focuses on analyzing the security of .NET smart cards, including how the HiveMod tool was created to aid vulnerability research by allowing visualization and manipulation of .NET smart card binaries. It demonstrates how the tool could be used to spoof a digital signature and bypass the application firewall as a proof of concept attack. Responses from vendors are presented, and the conclusion discusses remaining security challenges but also potential for patching vulnerabilities.
SNMP : Simple Network Mediated (Cisco) Pwnage
Presentation by Grorg Christian Pranschkle at ZaCon 2 in 2010.
This presentation is about SNMP security The presentation begins with an overview of SNMP. SNMP security weaknesses and SNMP security in cisco apps are discussed. Frisk-0 a tool for SNMP Hacking developed by the presenter is also discussed.
Its Ok To Get Hacked
Presentation by Jaco van Gaan at IIA in 2001.
This presentation is about the use of ethical hackers in business. The presentation begins with a series of discussions about hackers, what they do, how they do it and the different types of hackers.
Web Application Hacking
Presentation by Haroon Meer at ReCon in 2005.
This presentation is about web application security. Various web application attacks like XSS, SQLi and directory traversal are discussed. The wikto and crowbar tools developed by sensepost are also discussed.
Putting the tea back into cyber terrorism
Presentation by Charl van der Walt, Roelof Temmingh and Haroon Meer at BlackHat USA 2003.
This presentation is about targeted, effective, automated attacks that could be used in countrywide cyberterrorism. A worm that targets internal networks is discussed as an example of such an attack.
Major global information security trends - a summary
Presentation by Luc de Graeve at internetix in 2004.
This presentation is a summery of global information security trends in the business environment .The presentation begins with an introduction to major global trends. Legal Issues, threats, technologies and solutions are discussed
Attacks and Defences
Presentation by Marco Slaviero at the University of Pretoria to the Tuks Linux User Group in 2010.
The aim of this presentation is to promote information security. The presentation begins with a look at a few recent attacks. Cloud computing is briefly discussed. The presentation ends with a discussion on Amazon web services and its security.
Corporate Threat Modeling v2
Presentation by Charl der Walt and Francesco Geremla at The ITweb security summit in 2009.
This presentation is about the methodology behind version 2 of Sensepost's threat modeling tool, the corporate threat modeller.
More from SensePost (20)
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
Major global information security trends - a summary
Major global information security trends - a summary
Recently uploaded
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
June Patch Tuesday
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
OpenID AuthZEN Interop Read Out - Authorization
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Recently uploaded (20)
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
A tale of two proxies
- 12. Recon demo
- 23. Scapy simpleness
- 25. Visio of payload increase + seq number