Drupal is a very popular content management system that has been widely adopted by government agencies, major businesses, social networks, and more. This talk focuses on the penetration tester's perspective of Drupal and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists.
Download the associated scripts, movies, and checklist here: https://github.com/gfoss/attacking-drupal
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsPatrick Coble
This was a session on September 23, 2017 at DerbyCon 7.
VDI Deployments are in over 90% of all the Fortune 1000 companies and are used in almost all industry verticals, but are they secure? The goal of most VDI deployments is to centrally deliver applications and/or desktops to users internally and externally, but in many cases their basic security recommendations haven’t fully deployed, allowing an attacker to gain access. This talk will review the basic design of the top two solution providers, Citrix and VMware. We will go over these solutions strengths and weaknesses and learn how to quickly identify server roles and pivot. We will also examine all the major attack points and their defensive counters. If you or if you have a client that has a VDI Deployment you don’t want to miss this talk.
Patrick Coble is an independent EUC and Security Consultant working around Nashville, TN. Patrick has worked in IT for 18 years and as a consultant for over 9 years. He is a recognized expert in Virtualization, EUC solutions and Security. He has deployed hundreds of VDI deployments using both Citrix and VMware solutions all over the southeast. Patrick is working to expose and close the gaps in VDI solutions when it comes to security. He helps with Red and Blue teams to gain access and secure VDI deployments.
Thick Client Penetration Testing
You will learn how to do pentesting of Thick client applications on a local and network level, You will also learn how to analyze the internal communication between web services & API.
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
Presented at Black Hat 2019
https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540
Casey Smith (Red Canary)
Ross Wolf (Endgame)
bit.ly/fantastic19
Abstract:
Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible.
This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events.
Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsPatrick Coble
This was a session on September 23, 2017 at DerbyCon 7.
VDI Deployments are in over 90% of all the Fortune 1000 companies and are used in almost all industry verticals, but are they secure? The goal of most VDI deployments is to centrally deliver applications and/or desktops to users internally and externally, but in many cases their basic security recommendations haven’t fully deployed, allowing an attacker to gain access. This talk will review the basic design of the top two solution providers, Citrix and VMware. We will go over these solutions strengths and weaknesses and learn how to quickly identify server roles and pivot. We will also examine all the major attack points and their defensive counters. If you or if you have a client that has a VDI Deployment you don’t want to miss this talk.
Patrick Coble is an independent EUC and Security Consultant working around Nashville, TN. Patrick has worked in IT for 18 years and as a consultant for over 9 years. He is a recognized expert in Virtualization, EUC solutions and Security. He has deployed hundreds of VDI deployments using both Citrix and VMware solutions all over the southeast. Patrick is working to expose and close the gaps in VDI solutions when it comes to security. He helps with Red and Blue teams to gain access and secure VDI deployments.
Thick Client Penetration Testing
You will learn how to do pentesting of Thick client applications on a local and network level, You will also learn how to analyze the internal communication between web services & API.
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
Presented at Black Hat 2019
https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540
Casey Smith (Red Canary)
Ross Wolf (Endgame)
bit.ly/fantastic19
Abstract:
Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible.
This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events.
Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.
Who should attend? Anyone that works in security and wants to leverage their machine data to detect internal and advanced threats, monitor activities in real time, and improve their organization's security posture.
Description: Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
From ATT&CKcon 3.0
By Jason Wood and Justin Swisher, CrowdStrike
When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session will explore how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team will demonstrate how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They will also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
A presentation about using Open Source Intelligence for proactive defense delivered at Rootconf 2019 Bangalore, India.
RedHunt Labs
https://redhuntlabs.com/
Your adversaries continue to attack and get into companies. You can no longer rely solely on alerts from point solutions to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd
View companion webinar:
"Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q
Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series.
Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders.
The webinar covers:
- The job duties of a Cyber Threat Hunting professional
- Frameworks and strategies for Cyber Threat Hunting
- How to get started and progress your defensive security career
- And questions from live viewers!
Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/
In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
How to protect, detect, and respond to your threats.
This is an MSP centric talk exploring how to detect, protect, and respond to cyber security threats. We first walk through the cyber defense matrix, explore what security intelligence needs to be and emphasize the concepts with two case studies of BlackCat.
Drupal, WordPress, and Joomla are very popular Content Management Systems (CMS) that have been widely adopted by government agencies, major businesses, social networks, and more — underscoring why understanding how these systems work and properly securing these applications is of the utmost importance. This talk focuses on the penetration tester’s perspective of CMS’ and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists- all of which are open-source and can be downloaded and implemented following the presentation.
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
This presentation was given in Las Vegas at BlogWorld 2010 by Brian Layman. It describes techniques that can be used to keep your WordPress website safe.
Who should attend? Anyone that works in security and wants to leverage their machine data to detect internal and advanced threats, monitor activities in real time, and improve their organization's security posture.
Description: Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
From ATT&CKcon 3.0
By Jason Wood and Justin Swisher, CrowdStrike
When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session will explore how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team will demonstrate how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They will also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
A presentation about using Open Source Intelligence for proactive defense delivered at Rootconf 2019 Bangalore, India.
RedHunt Labs
https://redhuntlabs.com/
Your adversaries continue to attack and get into companies. You can no longer rely solely on alerts from point solutions to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd
View companion webinar:
"Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q
Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series.
Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders.
The webinar covers:
- The job duties of a Cyber Threat Hunting professional
- Frameworks and strategies for Cyber Threat Hunting
- How to get started and progress your defensive security career
- And questions from live viewers!
Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/
In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
How to protect, detect, and respond to your threats.
This is an MSP centric talk exploring how to detect, protect, and respond to cyber security threats. We first walk through the cyber defense matrix, explore what security intelligence needs to be and emphasize the concepts with two case studies of BlackCat.
Drupal, WordPress, and Joomla are very popular Content Management Systems (CMS) that have been widely adopted by government agencies, major businesses, social networks, and more — underscoring why understanding how these systems work and properly securing these applications is of the utmost importance. This talk focuses on the penetration tester’s perspective of CMS’ and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists- all of which are open-source and can be downloaded and implemented following the presentation.
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
This presentation was given in Las Vegas at BlogWorld 2010 by Brian Layman. It describes techniques that can be used to keep your WordPress website safe.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
Drupal, lessons learnt from real world security incidentssydneydrupal
Dr. Pedram Hayati, Security Consultant from Security Dimension covers best-practice recommendations to pro-actively harden and secure Drupal. As well as share a few checks to detect if your Drupal has been already compromised and steps to un-hack your website.
This was presented at the March 16th, 2016 WordPress Meetup in Hamilton and describes WordPress Security and best practices that should be taken to protect any WordPress website against hackers whom target WordPress websites and impact your Google reputation and online presence.
Ransomware has plagued organizations of all types and sizes for years. Yet, we have still only seen these tools, techniques, and procedures applied to traditional on-premise networks, and cloud-hosted assets themselves. And while we have just begun to see the tip of the iceberg as it relates to global-scale sweeping attacks that leverage enterprise management technologies, we have not yet experienced the cascading impact of such an attack on the very cloud infrastructure we have come to rely upon. This is surprising, given the simplicity, speed, and sheer efficacy of such an event. In this session, we will highlight the overlaps and disparities between traditional and cloud environments, using MITRE ATT&CK as a guide, to get ahead of the adversaries, and proactively protect our organizations, our customers, and ultimately society as a whole.
VMware Carbon Black Connect 2020 - Presentation on Destructive Malware and how the threat landscape is evolving as it relates to Nation State Adversaries and their capabilities.
Crypto Hacks - Quit your Job and Become a Crypto FarmerGreg Foss
With cryptocurrencies becoming more widely adopted as a form of payment, identity management, and accountability, our understanding of security implications around digital currency needs to keep pace. This talk dives into the many ways in which the systems put in place around new cryptocurrency technologies can be exploited to take advantage of loopholes and bypasses in this technology space.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported. This talk covers the framework and then dives into some stories from the field.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported.
Optimizing SAO with Open Source Tools. A deep dive into the Phishing Intelligence Engine (PIE) and how users can leverage infrastructure and open source to automate and respond to threats.
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
Recorded Webcast: https://logrhythm.com/resources/webcasts/activated-charcoal-making-sense-of-endpoint-data/
Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you can highlight trends, find flaws and resolve issues.
This Presentation was given at Black Hat 2016 and, recently, an SC Magazine Webcast, covering the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
InfoSec analysts are all somewhat familiar with Honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly; when deployed and monitored properly, Honeypots and Honey Tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using Honeypots and actively defend their network using indicators generated from an internal Honeynet?
The answer is Honeypots for Active Defense. There are currently many open source security tool distributions that come pre-loaded with Honeypots among other useful tools, however the Honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage Honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the Honeypots with the production environment. When deploying Honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network before they become the next headline.
Wireless technology is inherently insecure in general, however this presentation details some unconventional attacks that have been around for years but are still incredibly effective. Discussing the basics of AP cloning, abusing captive portals, and more.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
4. Company Confidential
• Open
Source!
• Popular
–
Government,
Business,
Personal,
etc.
• Easy
to
install,
configure,
and
use.
• Minimal
back-‐end
knowledge
or
PHP/MySQL
experience
necessary
(for
basic
site
configurations)
• Excellent
community!
why
8. Company Confidential
• Drupal
core
is
fairly
well
hardened
against
injection
attacks
• Contributed
and/or
third-‐party
modules
are
not…
• Good
exploits
are
few
and
far
between…
why
scanning
isn’t
enough
20. Company Confidential
• Static
analysis
is
outside
of
the
scope
of
this
talk…
• For
more
information
on
the
inner-‐workings
of
Drupal
security,
please
visit
the
following
resources:
• https://drupal.org/security
• http://crackingdrupal.com/
• http://drupalscout.com/
• http://www.madirish.net/
resources
22. Company Confidential
• Appropriate
access
for
testing:
• Administrative
account
• ‘Basic
user’
account
• Content
manager/creator
account
• Other
applicable
accounts
necessary
access
23. Company Confidential
• Already
have
server
access?
• Drush
available?
• Create
a
one-‐time
link
to
log
in
as
an
admin…
• $
cd
[drupal
directory]
$
drush
uli
necessary
access
28. Company Confidential
• Iterate
through
accounts
• View
comments,
posts,
etc.
• Social
features,
forums,
etc.
• User
Profiles.
• Not
seen
as
a
vuln
by
many.
user
enumeration
39. Company Confidential
[demo]
User
Enumeration
and
Dictionary
Attack
Scripts
https://github.com/gfoss/attacking-‐drupal/
40. Company Confidential
• Replace
the
default
forgot
password
and
failed
logon
attempt
messages
• Do
not
display
authors
of
articles,
if
possible
use
pseudonym
• Limit
permissions
of
anonymous
/
basic
users
to
view
user
profiles:
https://drupal.org/node/849602
• Log
and
alert
on
attempts
to
scrape
user
account
information
• Not
just
server
logs!
• Watchdog
or
Drupal
syslog
should
be
captured
and
stored
remotely
user
enumeration
(partial)
mitigations
48. Company Confidential
• Limit
number
of
invalid
login
attempts
and
block
attacker
IP
addresses
• https://drupal.org/project/login_security
• LDAP
Integration
• Single
Sign
On
(SSO)
• Multifactor
Authentication:
https://drupal.org/project/tfa
other
brute
force
protections
51. Company Confidential
• User
permissions
properly
implemented?
• administration
=>
people
=>
permissions
• trust
but
verify…
• Create
new
roles
as
necessary
• Drupal
6
–
defaults
to
2
roles
(anonymous
&
authenticated)
• Drupal
7
–
defaults
to
3
roles
(anonymous,
authenticated,
&
admin)
• Test
the
app
using
all
user
roles,
verify
their
permissions
and
search
for
security
weakness
authorization
62. Company Confidential
• Uploading
and
executing
PHP
code
has
been
‘fixed’
in
recent
versions
of
Drupal
as
of
November
2013
• https://drupal.org/SA-‐CORE-‐2013-‐003
• Code
execution
prevention
(Files
directory
.htaccess
for
Apache
-‐
Drupal
6
and
7)
file
upload
–
PHP
code
execution
63. Company Confidential
• Modules
that
assist
with
the
active
development
of
a
Drupal
application.
• Excellent
for
Development
• Remove
prior
to
Test/Staging
• Never
leave
installed
on
Production
applications
• Picking
on…
• Masquerade
(https://drupal.org/project/masquerade)
• Devel
(https://drupal.org/project/devel)
development
modules
64. Company Confidential
• Allows
the
user
to
change
accounts
to
any
other
user.
• Could
be
used
to
implicate
other’s
in
suspicious
activities,
elevate
privileges,
etc.
masquerade
65. Company Confidential
• Module
used
for
development
• Should
never
be
installed
on
production,
ever…
• Allows
users
to
view
debugging
information,
including
full
database
details
of
application
content.
• Also
allows
for
PHP
code
execution!
devel
70. Company Confidential
• Defines
the
hashing
algorithms
for
Drupal
7
• Hashes
the
password
using
SHA512
and
a
randomly
generated
Salt.
• Password
passed
through
hash
function
numerous
times
to
increase
the
time
it
will
take
to
crack.
./includes/password.inc
71. Company Confidential
• Drupal
7
#
john
list.txt
–wordlist=“
”
–salt=“
”
–
format=“drupal7”
• Drupal
6
#
john
list.txt
–wordlist=“
”
cracking
Drupal
hashes
77. Company Confidential
• Easier
said
than
done…
• Alert
on
unauthorized
file
access
/
writes
/
etc.
• ‘Strange’
server
behavior…
• Utilizing
WAF
/
Web
Proxy
/
Net
Flow
Data
/
etc.
-‐
alert
on
reverse-‐
shell
attempts
and
similar
activities
the
server
should
not
be
doing…
catch
code
execution
78. Company Confidential
• We’ve
discussed
many
very
common
Drupal
development
pitfalls
today…
• How
do
we
fix
these
issues
now
and
avoid
them
in
the
future?
• Simple…
what
to
do?!
80. Company Confidential
1. Integrate
your
security
team
early
on
in
the
development
process
to
assure
that
your
needs
can
be
met
in
an
acceptable
timeframe.
• Applications
should
periodically
be
reviewed
by
a
third-‐party,
to
assure
security.
• Develop
an
ongoing
security
testing
plan,
to
regularly
review
the
security
of
the
applications.
• Re-‐review
the
application
whenever
major
changes
have
been
made.
Drupal
security
checklist
81. Company Confidential
2. Harden
the
application
and
server
architecture.
• Protect
risky
Drupal
files
from
the
internet:
• Install.php,
cron.php,
&
xmlrpc.php
• Example
Hardening
Guides
–
Bare
Minimum:
• Harden
PHP:
https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
• Harden
the
Server
(Linux):
http://www.sans.org/score/checklists/linuxchecklist.pdf
• Harden
the
Server
(Windows):
http://technet.microsoft.com/en-‐us/security/jj720323.aspx
Drupal
security
checklist
82. Company Confidential
3. Disallow
weak
passwords
for
privileged
users
and
enforce
a
strong
password
policy.
• Utilize
the
Password
Policy
Drupal
module
to
enforce
a
password
policy
that
meets
your
company
security
guidelines.
• https://drupal.org/project/password_policy
•
https://drupal.org/project/zxcvbn
Drupal
security
checklist
83. Company Confidential
4. Implement
Server,
Application,
and
Drupal
logging.
• Assure
that
logs
are
being
stored
on
a
separate
and
trusted
server
and
actively
review/parse
these
logs
for
security
events.
• Do
not
rely
on
the
integrity
of
local
logs
within
the
database
or
on
the
server
itself…
Drupal
security
checklist
84. Company Confidential
• Two
options…
• Watchdog
–
Drupal’s
built
in
logging,
captures
data
within
the
‘Watchdog’
database
table.
• Syslog
–
Export
Drupal’s
logs
to
the
Linux
syslog.
Creates
a
flat
file
that
is
easy
to
monitor.
Drupal
security
checklist
85. Company Confidential
• Watchdog
logs
should
be
captured
and
stored
outside
of
the
database
to
ensure
log
integrity.
• Centralized
log
management
• SIEM
–
Security
Information
Event
Management
• Drupal
has
a
built-‐in
feature
to
clear
these
logs,
effectively
erasing
a
large
portion
of
the
evidence
within
the
application
itself.
remote
log
management
-‐
Watchdog
86. Company Confidential
• Extract
the
logs
from
the
database
(MySQL
/
PostgresSQL)
with
Universal
Database
Layer
Access
(UDLA):
remote
log
management
-‐
Watchdog
90. Company Confidential
5. Make
sure
that
Development
modules
are
not
installed
on
production
applications.
• Remember
Devel
and
Masquerade?
Drupal
security
checklist
91. Company Confidential
6. Review
and
apply
all
available
Drupal
security
updates
as
soon
as
possible.
Drupal
security
checklist
94. Company Confidential
7. Disallow
untrusted
user
roles
from
creating
content
using
HTML
(filtered
/
unfiltered)
to
avoid
JavaScript
inclusion.
Also
explicitly
disallow
PHP
code
execution.
• While
limited
HTML
is
recommended
by
the
Drupal
community,
a
skilled
attacker
may
still
bypass
these
restrictions
and
attack
a
site
or
its
users
via
user-‐generated
content.
• Be
careful
with
what
HTML
entities
are
explicitly
allowed…
Drupal
security
checklist
95. Company Confidential
8. Check
file
permissions;
verify
there
are
no
unintentional
world-‐
writeable
files.
Drupal
security
checklist
96. Company Confidential
9. Implement
CAPTCHA
or
a
similar
mechanism
in
front
of
user-‐
registration
and
login
forms.
• Assure
that
this
is
not
configured
to
allow
authentication/
registration
attempts
following
an
initial
successful
CAPTCHA
completion.
• This
will
also
help
mitigate
the
creation
of
accounts
by
a
botnet
and
deter
subsequent
comment
spam.
Drupal
security
checklist
97. Company Confidential
10.
Install
and
run
the
Security
Review
module
• https://drupal.org/project/security_review
• Verify
and
resolve
any
uncovered
issues.
• Install
Paranoia
if
you
are
especially
security
conscious…
• https://drupal.org/project/paranoia
Drupal
security
checklist
98. Company Confidential
11.
Regularly
check
the
site’s
status
report
page
and
resolve
any
open
issues.
Drupal
security
checklist
99. Company Confidential
12.
Assure
that
the
HTTPOnly
flag
is
set
to
protect
user
sessions
from
attacks
such
as
XSS.
• Whenever
possible,
implement
the
Secure
Flag
as
well,
so
session
tokens
are
not
inadvertently
passed
in
plain
text
over
HTTP.
Drupal
security
checklist
100. Company Confidential
13.
Implement
additional
layers
of
application
protection
• PHP
IDS
• https://phpids.org/
• Drupal
Module:
https://drupal.org/project/phpids
• Mod
Security
• http://www.modsecurity.org/
• Commercial
Web
Application
Firewall’s
(WAF)
and
Intrusion
Detection/Prevention
(IDS
/
IPS)
appliances
Drupal
security
checklist
101. Company Confidential
14.
Assure
there
are
no
resident
phpinfo
files
/
phpmyadmin
installations
/
etc.
accessible
to
users…
Drupal
security
checklist
102. Company Confidential
• Do
your
research
to
better
understand
your
organizational
architecture,
servers,
applications,
log
data,
etc.
• Pen
Test
your
applications,
don’t
just
scan…
• Update
early
and
often!
• Leverage
assistance
from
external
entities
as
necessary
• Listen
to
Greg.
;-‐)
closing
thoughts…