The document contains 131 URLs linking to various DJ equipment, audio interfaces, headphones, turntables, cartridges, mixers, controllers, and other music production hardware. The items span a wide range of brands including Pioneer, Native Instruments, Numark, Shure, Audio-Technica, and more.
Es werde Licht! Monitoring jenseits von tail und grepOliver Fischer
Die meisten Systeme laufen im Dunkeln. Fehler finden sich unter Umständen in Logfiles wieder, wenn das Loglevel richtig gesetzt wurde und die richtigen Daten geloggt werden.
In diesem Vortrag wird gezeigt, wie mit Hilfe von selbstdefinierten fachlichen und technischen Metriken, ElasticSearch und weiteren Open-Source-Lösungen sich ein zentrales, skalierbares und leicht benutzbares Monitoring-System entwickeln läßt. Es wird unter anderem darauf eingegangen, wie die Datenhaltung konzeptionell aufzubauen ist, wie sinnvolle Metriken identifiert und Metrikdaten in Java-Anwendungen selbst bereit gestellt werden können. Auch wird dargestellt, wie Event-Sourcing als Design-Prinzip das Monitoring unterstützen kann.
Raspberry Pi is well known little Linux machine which almost everybody has. But, did you know that it can replace multiple programmers and enrich your hacking toolbox?
In this talk, we will take a look how to use Raspberry Pi (any model) to program any 3.3V target device from AVR micro-controllers, CPLD and FPGA devices and even CC110x which is available in IM-ME, nice little gadget useful for sub-1GHz radio spectrum analysis.
We will cover openocd, urjtag, avrdude and other projects which are useful if you want to run your own code on more of less any device.
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...CODE BLUE
ECU software is responsible for various functionality in the vehicle, e.g., engine control and driver assistance systems. Therefore, bugs or vulnerabilities in such systems may have disastrous impacts affecting human life. We consider possible vulnerabilities in ECU software categorized into memory corruption vulnerabilities and non-memory corruption vulnerabilities, and examine attack techniques for such vulnerabilities. Since we did not acquire and reverse-engineer actual ECU software, we first consider in theory how and if attacks are possible under the assumption that there would exist memory corruption vulnerabilities in ECU software. For our investigation, we consider the ECU microcontroller architecture TriCore1797 (TriCore Architecture 1.3.1) from Infineon which exists in a number of ECUs. In contrast to x86 architecture, the return address is not stored on the stack; therefore, we assumed that performing code execution by stack overflow would not be easy. We investigated if it would be possible to perform arbitrary code execution based on approaches from the PC environment and also if other attack approaches could be considered. We considered the following attack approaches:
1) Overwriting a function pointer stored on the stack by performing a buffer overflow to execute code;
2) Overwriting the memory area handling context switching used by TriCore itself to execute code;
3) Overwriting the vector tables used by interrupt and trap functions.
Moreover, using a TriCore evaluation board and software created to perform the experiments, we tested the various attack approaches. We confirmed that several attack approaches are not possible due to security mechanisms provided by the microcontroller or differences in the microcontroller architecture compared to traditional CPUs. However, under certain specific conditions, as a result of performing a buffer overflow attack to overwrite a function pointer, we manage to make the TriCore jump to an address of our choosing and execute the code already stored on that location.
Es werde Licht! Monitoring jenseits von tail und grepOliver Fischer
Die meisten Systeme laufen im Dunkeln. Fehler finden sich unter Umständen in Logfiles wieder, wenn das Loglevel richtig gesetzt wurde und die richtigen Daten geloggt werden.
In diesem Vortrag wird gezeigt, wie mit Hilfe von selbstdefinierten fachlichen und technischen Metriken, ElasticSearch und weiteren Open-Source-Lösungen sich ein zentrales, skalierbares und leicht benutzbares Monitoring-System entwickeln läßt. Es wird unter anderem darauf eingegangen, wie die Datenhaltung konzeptionell aufzubauen ist, wie sinnvolle Metriken identifiert und Metrikdaten in Java-Anwendungen selbst bereit gestellt werden können. Auch wird dargestellt, wie Event-Sourcing als Design-Prinzip das Monitoring unterstützen kann.
Raspberry Pi is well known little Linux machine which almost everybody has. But, did you know that it can replace multiple programmers and enrich your hacking toolbox?
In this talk, we will take a look how to use Raspberry Pi (any model) to program any 3.3V target device from AVR micro-controllers, CPLD and FPGA devices and even CC110x which is available in IM-ME, nice little gadget useful for sub-1GHz radio spectrum analysis.
We will cover openocd, urjtag, avrdude and other projects which are useful if you want to run your own code on more of less any device.
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...CODE BLUE
ECU software is responsible for various functionality in the vehicle, e.g., engine control and driver assistance systems. Therefore, bugs or vulnerabilities in such systems may have disastrous impacts affecting human life. We consider possible vulnerabilities in ECU software categorized into memory corruption vulnerabilities and non-memory corruption vulnerabilities, and examine attack techniques for such vulnerabilities. Since we did not acquire and reverse-engineer actual ECU software, we first consider in theory how and if attacks are possible under the assumption that there would exist memory corruption vulnerabilities in ECU software. For our investigation, we consider the ECU microcontroller architecture TriCore1797 (TriCore Architecture 1.3.1) from Infineon which exists in a number of ECUs. In contrast to x86 architecture, the return address is not stored on the stack; therefore, we assumed that performing code execution by stack overflow would not be easy. We investigated if it would be possible to perform arbitrary code execution based on approaches from the PC environment and also if other attack approaches could be considered. We considered the following attack approaches:
1) Overwriting a function pointer stored on the stack by performing a buffer overflow to execute code;
2) Overwriting the memory area handling context switching used by TriCore itself to execute code;
3) Overwriting the vector tables used by interrupt and trap functions.
Moreover, using a TriCore evaluation board and software created to perform the experiments, we tested the various attack approaches. We confirmed that several attack approaches are not possible due to security mechanisms provided by the microcontroller or differences in the microcontroller architecture compared to traditional CPUs. However, under certain specific conditions, as a result of performing a buffer overflow attack to overwrite a function pointer, we manage to make the TriCore jump to an address of our choosing and execute the code already stored on that location.
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe FitzPatrick
Most dismiss power side channel attacks as difficult, expensive and unlikely, and are therefore out of scope for many security evaluations. Recent presentations have demonstrated how to get this cost down to a few hundred dollars using low-cost, high performance analog components alongside current high performance FPGAs.
By simplifying both the target hardware and the analysis, I aim to present a series of simple examples of timing and power analysis attacks on microcontroller hardware that require no advanced math and can be done in the comfort of your home for less than $20 in parts
This presentation describes my experience with nRF24L01, Arduino, Bus Pirate and various other hardware toys when somebody who does software gets into contact with "real stuff".
The prevalence of computers in form of so called "smart" devices embedded in our everyday environment is inevitable. From pentester's perspective, the adjective "smart" at first glance can hardly be used to describe their inventors and ambassadors.
Based on a few examples (i.a. BTLE beacons, smart meters, security cameras...) I will show how easily "smart" devices can be outsmarted. Sometimes you don't even need any 'hacking' skills, or the default configuration is wide-open. But are we doomed? What are the conditions for real threat? Can the vulnerabilities be exploited anonymously and as easily as in web application? Where is the physical border the intruder would be likely to cross? The risks involved are usually different, but does it mean we don't have to worry? Are we sure how to use securely the emerging technology?
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe FitzPatrick
Most dismiss power side channel attacks as difficult, expensive and unlikely, and are therefore out of scope for many security evaluations. Recent presentations have demonstrated how to get this cost down to a few hundred dollars using low-cost, high performance analog components alongside current high performance FPGAs.
By simplifying both the target hardware and the analysis, I aim to present a series of simple examples of timing and power analysis attacks on microcontroller hardware that require no advanced math and can be done in the comfort of your home for less than $20 in parts
This presentation describes my experience with nRF24L01, Arduino, Bus Pirate and various other hardware toys when somebody who does software gets into contact with "real stuff".
The prevalence of computers in form of so called "smart" devices embedded in our everyday environment is inevitable. From pentester's perspective, the adjective "smart" at first glance can hardly be used to describe their inventors and ambassadors.
Based on a few examples (i.a. BTLE beacons, smart meters, security cameras...) I will show how easily "smart" devices can be outsmarted. Sometimes you don't even need any 'hacking' skills, or the default configuration is wide-open. But are we doomed? What are the conditions for real threat? Can the vulnerabilities be exploited anonymously and as easily as in web application? Where is the physical border the intruder would be likely to cross? The risks involved are usually different, but does it mean we don't have to worry? Are we sure how to use securely the emerging technology?
Tiny ML for spark Fun Edge
https://www.ittraining.com.tw/ittraining/it-elearning/el-ai/ai-tensorflow-lite-for-mcu
TensorFlow Lite for MCU正是專為邊緣裝置設計的TensorFlow模型預測框架,是TensorFlow的精簡版本,讓開發者可以在物聯網與嵌入式裝置中部署微型機器學習模型。 本課程將教授AI模型如何佈署於微控制器,包含模型訓練、模型最佳化以及TensorFlow Lite框架的程式開發等。此外,在實作上以Sparkfun edge board (ARM cortex M4)為例,說明如何以TensorFlow Lite 進行微控制器上面的人工智慧開發專案,包含人臉偵測、關鍵字的字詞偵測、姿態識別、異常偵測等。
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.