Talk given to the Vanguards on 2022-02-25. Covers cognitive security definitions, ecoystem, main activities (disinformation risk assessment, detection/response coordination), and scaling.
Data fluency in today’s connected world has become a leverage point, inaccessible to many, leaving them unable to assess critical factors to act in their own or their communities’ interests. Data is a language that many people don’t speak, thus being conversant is becoming a societal “gap.” Data seed narratives. Powerful narratives can drive actions or they can distract and misinform. At a time with less institutional protection and fewer objective referees, those of us fluent in data need to help our communities understand data-driven systems and learn to speak the language.
Talk given to the Vanguards on 2022-02-25. Covers cognitive security definitions, ecoystem, main activities (disinformation risk assessment, detection/response coordination), and scaling.
Data fluency in today’s connected world has become a leverage point, inaccessible to many, leaving them unable to assess critical factors to act in their own or their communities’ interests. Data is a language that many people don’t speak, thus being conversant is becoming a societal “gap.” Data seed narratives. Powerful narratives can drive actions or they can distract and misinform. At a time with less institutional protection and fewer objective referees, those of us fluent in data need to help our communities understand data-driven systems and learn to speak the language.
Learning Objective: Explore methods for obtaining a career in cybersecurity
Security threats are increasingly complex, coming from both in and outside organizations, making everyone vulnerable. Consequently, cybersecurity has become one of the most dynamic fields in information technology (IT). It combines IT with crime-fighting, and global organizations are leading the search for skilled professionals. Since women represent less than 25 percent of the global cybersecurity workforce, recruiting more people of color is essential. This environment requires diverse professionals who can bring expertise and skills to these challenging times. Join our expert panel as they discuss how to get certified, gain experience, and land your first job in this in-demand industry.
At the end of this session, participants will be able to:
a. Present your non-traditional resume in a way that is attractive to the recruiter.
b. Examine tools and resources to enhance your journey to mastering cybersecurity.
c. Explore tips on gaining experience before applying to jobs.
This is the presentation I shared with the Uno high School Alumni Association for the digital hygiene program for the benefit of the Uno Community. Parents, students, alumni, teachers, and friends joined the webinar last May 01, 2021.
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
There are many (small) risks and threats which are frequently overlooked in an organization. The presentation takes a look at where Risks & Threats (RaT) come from and at the "Biggies" in the RaT Lists. We look at a few Frequently Overlooked Threats and Risks (FORT) and Course Correction Options and finally a few Case Studies to highlight FORTs
Niloufer Tamboly, presented Top Ten Challenges of Securing Smart
Infrastructure at the New York Metro Joint Cyber Security Coalition
2020 Conference & Workshop on October 22, 2020.
Famous script kiddie groups
The evolution of script kiddies
Conclusion
FAQs
1. Introduction
As technology continues to advance, so do the threats that accompany it. Hackers, who once were a rare breed of computer experts, have become more and more common. Among these hackers, there is a category known as script kiddies. While they lack the skills of more experienced hackers, they can still cause significant damage to businesses and individuals.
2. What are script kiddies?
Script kiddies are individuals who use existing tools and techniques to launch attacks against computer systems and networks without fully understanding how they work. They are often young, inexperienced, and lack the technical knowledge required to create their own tools and exploits. Instead, they rely on pre-packaged tools and scripts to carry out attacks.
3. How do script kiddies operate?
Script kiddies typically use automated tools to scan for vulnerable systems and networks. Once they identify a potential target, they use pre-written scripts and tools to exploit any vulnerabilities they find. These attacks can take many forms,Famous script kiddie groups
The evolution of script kiddies
Conclusion
FAQs
1. Introduction
As technology continues to advance, so do the threats that accompany it. Hackers, who once were a rare breed of computer experts, have become more and more common. Among these hackers, there is a category known as script kiddies. While they lack the skills of more experienced hackers, they can still cause significant damage to businesses and individuals.
2. What are script kiddies?
Script kiddies are individuals who use existing tools and techniques to launch attacks against computer systems and networks without fully understanding how they work. They are often young, inexperienced, and lack the technical knowledge required to create their own tools and exploits. Instead, they rely on pre-packaged tools and scripts to carry out attacks.
3. How do script kiddies operate?
Script kiddies typically use automated tools to scan for vulnerable systems and networks. Once they identify a potential target, they use pre-written scripts and tools to exploit any vulnerabilities they find. These attacks can take many forms,Famous script kiddie groups
The evolution of script kiddies
Conclusion
FAQs
1. Introduction
As technology continues to advance, so do the threats that accompany it. Hackers, who once were a rare breed of computer experts, have become more and more common. Among these hackers, there is a category known as script kiddies. While they lack the skills of more experienced hackers, they can still cause significant damage to businesses and individuals.
2. What are script kiddies?
Script kiddies are individuals who use existing tools and techniques to launch attacks against computer systems and networks without fully understanding how they work. They are often young, inexperienced, and lack the technical knowledge required to create their own tools and exploit
Trustworthy Computational Science: A Multi-decade PerspectiveVon Welch
Trust is critical to the process of science. Two decades ago the Internet and World Wide Web fostered a new age in computational science with the emergence of accessible and high performance computing, storage, software, and networking. More recent paradigms, including virtual organizations, federated identity, big data, and global-scale operations continue to evolve the way computing for science is performed.
Advancing technologies, the need to coordinate across organizations and nations, and an evolving threat landscape are sources of ongoing challenges in maintaining the trustworthy nature of computational infrastructure and the science it supports. To address these challenges, a number of projects have focused on improving the cybersecurity and trustworthiness of scientific computing. Recent examples include the Center for Trustworthy Scientific Cyberinfrastructure funded by NSF, the Software Assurance Marketplace funded by DHS, and the Extreme Scale Identity Management for Science project funded by DOE.
This presentation will give a 20 year retrospective together with a vision for the future of cybersecurity for computational science. It will describe the state of trust and cybersecurity for scientific computing, its evolution over the past twenty years, challenges it is facing today, how the exemplar projects are addressing those challenges, and a vision of cybersecurity for research and higher education in general augmenting each other in the future.
Privacy and Security for the Emerging Internet of ThingsJason Hong
Intel iSecCon2016 conference
I talk about the pyramid of IoT devices, sketch out some of the security and privacy issues, and present some of the ongoing work we are doing in this space at Carnegie Mellon University.
Algocracy and the state of AI in public administrations.Sandra Bermúdez
AI, as technical approach to solve problems, now is deploying in social systems and public administrations. What are the effects? the challenges? should we fear? What should we do?
Intro to Android, IOT, Hacking & Web DesigninngI am Cipher
This PPT will Introduce you to the Trending Topics such as Android, IOT, Hacking and Web Designing.....
Please do leave a comment if you like it...and if you don't gift me with a Feedback...
Thank you!
Disrupting technologies like Data Science and Knowledge Automation are projected to have an economic impact of trillions of dollars in the next decade.
This presentation was given at the Dallas Tableau User Group on Oct 29, 2103 and
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
Digital Forensics for Artificial
Intelligence (AI ) Systems:
AI systems make decisions impacting our daily life Their actions might cause accidents, harm or, more generally, violate
regulations either intentionally or not and consequently might be considered suspects for various events. In this lecture we explore how digital forensics can be performed for AI based systems.
Guidance note: Advancing Infodemic Management within Risk Communication and C...SaraJayneTerp
Summary of WHO report "Guidance note: Advancing Infodemic Management within Risk Communication and Community Engagement in the WHO European Region", to be released November 2022
Learning Objective: Explore methods for obtaining a career in cybersecurity
Security threats are increasingly complex, coming from both in and outside organizations, making everyone vulnerable. Consequently, cybersecurity has become one of the most dynamic fields in information technology (IT). It combines IT with crime-fighting, and global organizations are leading the search for skilled professionals. Since women represent less than 25 percent of the global cybersecurity workforce, recruiting more people of color is essential. This environment requires diverse professionals who can bring expertise and skills to these challenging times. Join our expert panel as they discuss how to get certified, gain experience, and land your first job in this in-demand industry.
At the end of this session, participants will be able to:
a. Present your non-traditional resume in a way that is attractive to the recruiter.
b. Examine tools and resources to enhance your journey to mastering cybersecurity.
c. Explore tips on gaining experience before applying to jobs.
This is the presentation I shared with the Uno high School Alumni Association for the digital hygiene program for the benefit of the Uno Community. Parents, students, alumni, teachers, and friends joined the webinar last May 01, 2021.
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
There are many (small) risks and threats which are frequently overlooked in an organization. The presentation takes a look at where Risks & Threats (RaT) come from and at the "Biggies" in the RaT Lists. We look at a few Frequently Overlooked Threats and Risks (FORT) and Course Correction Options and finally a few Case Studies to highlight FORTs
Niloufer Tamboly, presented Top Ten Challenges of Securing Smart
Infrastructure at the New York Metro Joint Cyber Security Coalition
2020 Conference & Workshop on October 22, 2020.
Famous script kiddie groups
The evolution of script kiddies
Conclusion
FAQs
1. Introduction
As technology continues to advance, so do the threats that accompany it. Hackers, who once were a rare breed of computer experts, have become more and more common. Among these hackers, there is a category known as script kiddies. While they lack the skills of more experienced hackers, they can still cause significant damage to businesses and individuals.
2. What are script kiddies?
Script kiddies are individuals who use existing tools and techniques to launch attacks against computer systems and networks without fully understanding how they work. They are often young, inexperienced, and lack the technical knowledge required to create their own tools and exploits. Instead, they rely on pre-packaged tools and scripts to carry out attacks.
3. How do script kiddies operate?
Script kiddies typically use automated tools to scan for vulnerable systems and networks. Once they identify a potential target, they use pre-written scripts and tools to exploit any vulnerabilities they find. These attacks can take many forms,Famous script kiddie groups
The evolution of script kiddies
Conclusion
FAQs
1. Introduction
As technology continues to advance, so do the threats that accompany it. Hackers, who once were a rare breed of computer experts, have become more and more common. Among these hackers, there is a category known as script kiddies. While they lack the skills of more experienced hackers, they can still cause significant damage to businesses and individuals.
2. What are script kiddies?
Script kiddies are individuals who use existing tools and techniques to launch attacks against computer systems and networks without fully understanding how they work. They are often young, inexperienced, and lack the technical knowledge required to create their own tools and exploits. Instead, they rely on pre-packaged tools and scripts to carry out attacks.
3. How do script kiddies operate?
Script kiddies typically use automated tools to scan for vulnerable systems and networks. Once they identify a potential target, they use pre-written scripts and tools to exploit any vulnerabilities they find. These attacks can take many forms,Famous script kiddie groups
The evolution of script kiddies
Conclusion
FAQs
1. Introduction
As technology continues to advance, so do the threats that accompany it. Hackers, who once were a rare breed of computer experts, have become more and more common. Among these hackers, there is a category known as script kiddies. While they lack the skills of more experienced hackers, they can still cause significant damage to businesses and individuals.
2. What are script kiddies?
Script kiddies are individuals who use existing tools and techniques to launch attacks against computer systems and networks without fully understanding how they work. They are often young, inexperienced, and lack the technical knowledge required to create their own tools and exploit
Trustworthy Computational Science: A Multi-decade PerspectiveVon Welch
Trust is critical to the process of science. Two decades ago the Internet and World Wide Web fostered a new age in computational science with the emergence of accessible and high performance computing, storage, software, and networking. More recent paradigms, including virtual organizations, federated identity, big data, and global-scale operations continue to evolve the way computing for science is performed.
Advancing technologies, the need to coordinate across organizations and nations, and an evolving threat landscape are sources of ongoing challenges in maintaining the trustworthy nature of computational infrastructure and the science it supports. To address these challenges, a number of projects have focused on improving the cybersecurity and trustworthiness of scientific computing. Recent examples include the Center for Trustworthy Scientific Cyberinfrastructure funded by NSF, the Software Assurance Marketplace funded by DHS, and the Extreme Scale Identity Management for Science project funded by DOE.
This presentation will give a 20 year retrospective together with a vision for the future of cybersecurity for computational science. It will describe the state of trust and cybersecurity for scientific computing, its evolution over the past twenty years, challenges it is facing today, how the exemplar projects are addressing those challenges, and a vision of cybersecurity for research and higher education in general augmenting each other in the future.
Privacy and Security for the Emerging Internet of ThingsJason Hong
Intel iSecCon2016 conference
I talk about the pyramid of IoT devices, sketch out some of the security and privacy issues, and present some of the ongoing work we are doing in this space at Carnegie Mellon University.
Algocracy and the state of AI in public administrations.Sandra Bermúdez
AI, as technical approach to solve problems, now is deploying in social systems and public administrations. What are the effects? the challenges? should we fear? What should we do?
Intro to Android, IOT, Hacking & Web DesigninngI am Cipher
This PPT will Introduce you to the Trending Topics such as Android, IOT, Hacking and Web Designing.....
Please do leave a comment if you like it...and if you don't gift me with a Feedback...
Thank you!
Disrupting technologies like Data Science and Knowledge Automation are projected to have an economic impact of trillions of dollars in the next decade.
This presentation was given at the Dallas Tableau User Group on Oct 29, 2103 and
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
Digital Forensics for Artificial
Intelligence (AI ) Systems:
AI systems make decisions impacting our daily life Their actions might cause accidents, harm or, more generally, violate
regulations either intentionally or not and consequently might be considered suspects for various events. In this lecture we explore how digital forensics can be performed for AI based systems.
Guidance note: Advancing Infodemic Management within Risk Communication and C...SaraJayneTerp
Summary of WHO report "Guidance note: Advancing Infodemic Management within Risk Communication and Community Engagement in the WHO European Region", to be released November 2022
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
2. DISARM
Foundation
2022
NOT ALL GREAT
HACKERS CODE.
GREAT HACKERS
THINK ABOUT
SYSTEMS
2
And we need more of these
people
Image: https://business.leeds.ac.uk/research-stc/doc/socio-
technical-systems-theory
3. DISARM
Foundation
2022
BUT ALL THE INTRO
HACKING BOOKS, ALL
THE COURSES, ARE
BOXES AND WIRES
(kudos to “The Car Hacker’s
Handbook” and “Practical IoT
Hacking” though)
Certified Ethical Hacking
● Ethical hacking fundamentals
● Reconnaissance and footprinting
● Scanning and enumeration
● Sniffing and evasion
● Attacking a system
● Hacking web servers and applications
● Wireless network hacking
● Mobile, IoT, and OT
● Security in cloud computing
● Trojans and other attacks, including
malware analysis
● Cryptography
● Social engineering and physical security
● Penetration testing
3
4. DISARM
Foundation
2022
HOW DO WE BUILD
SYSTEMS HACKERS?
A: we teach them. At
university. In a very liberal
college (yay librarians!).
2021-2022 16-week courses:
● Sociotechnical Ethical Hacking
● Cybersecurity Decision Making
● Cognitive Security
● Technology Innovation
● Privacy, Security, Ethics
● Living with algorithms
4
5. DISARM
Foundation
2022
BUILDING A
COGNITIVE SECURITY
COURSE
Brains, PCs, they’re all belief
systems
“Cognitive security is the application
of information security principles,
practices, and tools to
misinformation, disinformation, and
influence operations.
It takes a socio-technical lens to
high-volume, high-velocity, and
high-variety forms of “something is
wrong on the internet”.
Cognitive security can be seen as a
holistic view of disinformation from
a security practitioner’s perspective”
5
6. DISARM
Foundation
2022
Cognitive Security course
What we’re dealing with
1. Introduction
a. disinformation reports, ethics
b. researcher risks
2. fundamentals (objects)
3. cogsec risks
Human aspects
1. human system vulnerabilities and
patches
2. psychology of influence
Building better models
1. frameworks
2. relational frameworks
3. building landscapes
Investigating incidents
8. setting up an investigation
9. misinformation data analysis
10. disinformation data analysis
Improving our responses
8. disinformation responses
9. monitoring and evaluation
10. games, red teaming and simulations
Where this is heading
8. cogsec as a business
9. future possibilities
6
7. DISARM
Foundation
2022
Disinformation as a risk management problem
Manage the risks, not the artifacts
● Risk assessment, reduction, remediation
● Risks: How bad? How big? How likely? Who
to?
● Attack surfaces, vulnerabilities, potential
losses / outcomes
Manage resources
● Mis/disinformation is everywhere
● Detection, mitigation, response
● People, technologies, time, attention
● Connections
7
Image: https://www.risklens.com/infographics/fair-model-on-a-page
9. DISARM
Foundation
2022
Sociotechnical Ethical Hacking course
First, do no harm
1. Ethics = risk management
2. Don’t harm others (harms frameworks)
3. Don’t harm yourself (permissions etc)
4. Fix what you break (purple teaming)
It’s systems all the way down
1. Infosec = systems (sociotechnical infosec)
2. All systems can be broken (with resources)
3. All systems have back doors (people, hardware, process, tech
etc)
Psychology is important
1. Reverse engineering = understanding someone else’s
thoughts
2. Social engineering = adapting someone else’s thoughts
3. Algorithms think too (adversarial AI)
Be curious about everything
1. Curiosity is a hacker’s best friend
2. Computers are everywhere (IoT etc)
3. Help is everywhere (how to search, how to ask)
4. CTFs, bounties, and competitions
Cognitive security
14. Yourself (recon & systems thinking)
15. Social media (social engineering)
16. Elections (OSINT & mixed security modes)
Physical security
14. Locksports (vulnerabilities)
15. Buildings and physical (don’t harm self)
Cyber security
14. Web, networks, PCs (RE, malware)
15. Machine learning (adversarial AI)
16. Maps and algorithms (back doors)
17. Assembler (microcontrollers)
18. Hardware (IoT, badges)
19. Radio (AISB, SDRs etc)
Systems that move
14. Cars (canbuses and bypasses)
15. Robotics / automation (inc don’t harm others)
16. Aerospace & Marine (reverse engineering big systems)
17. Satellites (remote commands)
9
10. DISARM
Foundation
2022
Keeping ‘em safe
● Teach ethics and the law. Not just “hey
behave yourselves please”
● Continuing safely: Introduce them to
places to practice, that will be around long
after the course finishes
● Mentoring: introduce them to hackers I
value, who can talk about why not to be on
the dark side
● Purple team, not red team.
● Keep pushing the message of “here’s a safe
place to try this; don’t do it anywhere you
don’t have permission / understand the
potential consequences”
Safe places to practice:
● Tryhackme.com
● Hack The Box
● RingZer0 CTF
● https://www.hackthebox.com/
● CTFTime - live
● picoCTF - practice
● Micro Corruption - one of the original CTFs
● Top 10 Cyber Hacking Competitions - competitive CTF
(cash prizes etc)
Bug bounties:
● https://www.bugcrowd.com/bug-bounty-list/
● https://hackerone.com/bug-bounty-programs
● https://www.guru99.com/bug-bounty-programs.html
Help:
● Look for reddit and discord groups
● IppSec for techniques
● https://ctf101.org/ - tips and tricks
● Beginner's Guide to Capture the Flag (CTF)- tips, tricks,
links to more online CTFs
● Capture-The-Flag Competitions: all you ever wanted to
know!
10
11. DISARM
Foundation
2022
I also fell a bit in love with the Parkerian Hexad
Confidentiality, integrity, availability
■ Confidentiality: data should only be visible
to people who authorized to see it
■ Integrity: data should not be altered in
unauthorized ways
■ Availability: data should be available to be
used
Possession, authenticity, utility
■ Possession: controlling the data media
■ Authenticity: accuracy and truth of the
origin of the information
■ Utility: usefulness (e.g. losing the
encryption key)
11
Image: https://www.staffhosteurope.com/blog/2019/03/cybersecurity-and-the-parkerian-hexad
12. DISARM
Foundation
2022
Other work over the past year…
Communities
● CogSecCollab
● CTI League disinformation team
● Ukraine
Collaborations
● DISARM Foundation (inc MITRE, FIU, EU etc)
● Community-level behaviour tagging (UW)
● Disinformation response coordination: European
Union (51 countries), UNDP (170 countries),
individual countries (3 english-speaking ones), (WHO
Europe&Central Asia: 51+ countries)
● Defcon Misinfo Village (inc CredCo / MisinfoCon)
● Atlantic Council / Vanguards
Mentoring
● Individuals and organisations
● Book sub-editing
● Machine learning in infosec PhD advisors
● Nonprofit boards (RealityTeam, SocietyLibrary etc)
Research
● Risk-based Cognitive Security
○ AMITT model set (DISARM, EU, NATO, etc)
○ AMITT-SPICE model merge (with MITRE, FIU)
○ Extensions to FAIR etc
○ Community disinfo behaviour tagging (UW)
○ iVerify extensions (UN)
● Machine learning for cognitive security
○ Disinfo OSINT (country)
○ Community-based disinfo response (UN)
○ Extremism tracking (country)
● One-off research
○ Disinformation market models (DARPA)
○ Assessing disinformation training systems (State Dept)
○ Disinformation social ecological models (ARLIS)
○ Etc
12