Will "Good Enough" kill the digital design agency?Ryan McCormack
A lot has changed since the early days of web design, when tools were scarce and skills were in high demand. Design tools, platforms and patterns have become ubiquitous (and often free). Does this spell the end for digital design agencies?
Spooky Halloween IT Security Lecture -- The Deep WebNicholas Davis
On the occasion of Halloween, I like to give the students in my IS 365 Information Security class at the University of Wisconsin-Madison, a break from the normal course material. Therefore, today, I presented a class lecture on the Deep Web (the hidden, scary and dark side of the Internet) Appropriate for this spooky time of year. While it was intended to be fun, it also sparked good conversation within the class, and they learned some solid concepts about ways in which people try to evade IT security controls, to preserve anonymity.
There are currently more than 555 million unique domains for surface level websites that the average internet user can access. But there are 500 times that number of hidden sites that aren’t obvious to most. These sites are referred to as the Deep Web, which often gets a negative connotation in our modern media. The real illegal activities happen on the Dark Web, which is a region of the internet only accessible through anonymized browsers such as Tor. This presentation will explain the differences between the surface, deep, and dark webs and explain what each contains.
Finding things that we are hard to find
A large portion of data available on the web is present in the so called deep web..
World Wide Web content that is not part of the Surface Web and is indexed by search engines.
It is called the Deep Web, Invisible Web or Hidden Web.
Will "Good Enough" kill the digital design agency?Ryan McCormack
A lot has changed since the early days of web design, when tools were scarce and skills were in high demand. Design tools, platforms and patterns have become ubiquitous (and often free). Does this spell the end for digital design agencies?
Spooky Halloween IT Security Lecture -- The Deep WebNicholas Davis
On the occasion of Halloween, I like to give the students in my IS 365 Information Security class at the University of Wisconsin-Madison, a break from the normal course material. Therefore, today, I presented a class lecture on the Deep Web (the hidden, scary and dark side of the Internet) Appropriate for this spooky time of year. While it was intended to be fun, it also sparked good conversation within the class, and they learned some solid concepts about ways in which people try to evade IT security controls, to preserve anonymity.
There are currently more than 555 million unique domains for surface level websites that the average internet user can access. But there are 500 times that number of hidden sites that aren’t obvious to most. These sites are referred to as the Deep Web, which often gets a negative connotation in our modern media. The real illegal activities happen on the Dark Web, which is a region of the internet only accessible through anonymized browsers such as Tor. This presentation will explain the differences between the surface, deep, and dark webs and explain what each contains.
Finding things that we are hard to find
A large portion of data available on the web is present in the so called deep web..
World Wide Web content that is not part of the Surface Web and is indexed by search engines.
It is called the Deep Web, Invisible Web or Hidden Web.
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
The deep web is the world wide web content, but that is not the part of the surface web. Which is indexed by standard search engines. Which can’t be accessed by the conventional search engines. 400 to 500 time more public information are included in the deep web than the surface web. The total quantity of the deep web is 1000 to 2000 time greater than the surface web.
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseJohn Bambenek
Between limited resources and a lack of trained professionals on one hand and the increasing quantity and quality of attacks on the other, securing enterprises and responding to incidents has placed defenders on the losing end of a digital arms race. Even managing the amounts of threat data and open-source intelligence has become a challenge.
This talk will cover the possibilities and perils of integrating all the various sources of threat intelligence data to protect an organization. With all the various open-source and paid-source data, simply dumping it all into a firewall or DNS RPZ zone can be problematic. What to do about compromised websites or shared hosting environments? What about DGA domains that use full words and may collide with actual innocent websites? What about how to handle threat data that is lacking in context to make appropriate decisions on its validity and accuracy? This talk will present several case studies in how these problems can be tackled and how using multi-domain analysis can help reduce the risk and maximize the value of automated protection using these types of data.
Presented at Diana Initiative, Queercon 16, and DEFCON 27 Recon Village 8/9-10, 2019.
When we think of the process for attacking an organization, OSINT comes to the front and center of our minds. This presentation takes a presenter with experience in applying OSINT to effective penetration testing and social engineering and reverse engineers the process to determine what steps can be taken to further complicate their efforts. This is a presentation that talks about online deception, decoy accounts, canary data, encryption, maintaining one’s social media in a secure manner, and protecting one’s identity as much as possible. While nothing is absolute, this is a presentation that will leave attendees more aware of techniques to make it harder for attackers to collect accurate OSINT, either by removal or deception.
iWeb Scraping Services is a leader in providing the Low cost Web Scraping, Data Extraction, Web Data Mining Services.
Expert in developing high-end web crawlers / Web Scrapers/spiders/extractions.
Driven by recent increases in cryptocurrency values, Cryptojacking is poised to be a center of conversation. It’s one of the latest innovations in hacking in which a victim’s computer is enlisted to mine cryptocurrency. Unlike ransomware, this attack steals processor cycles in an attempt to mine Monero and other currencies, typically without the user’s knowledge or consent.
This project is under the Alternative Investment course lectured by Professor David Lee at SMU. These slides illustrate the definition, history, types and future of crowdfunding. More specifically, slides demonstrate that, innovative technology, blockchain, will be employed in crowdfunding.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
More Related Content
Similar to Bitsquatting: Exploiting bit-flips for fun, or profit?
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
The deep web is the world wide web content, but that is not the part of the surface web. Which is indexed by standard search engines. Which can’t be accessed by the conventional search engines. 400 to 500 time more public information are included in the deep web than the surface web. The total quantity of the deep web is 1000 to 2000 time greater than the surface web.
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseJohn Bambenek
Between limited resources and a lack of trained professionals on one hand and the increasing quantity and quality of attacks on the other, securing enterprises and responding to incidents has placed defenders on the losing end of a digital arms race. Even managing the amounts of threat data and open-source intelligence has become a challenge.
This talk will cover the possibilities and perils of integrating all the various sources of threat intelligence data to protect an organization. With all the various open-source and paid-source data, simply dumping it all into a firewall or DNS RPZ zone can be problematic. What to do about compromised websites or shared hosting environments? What about DGA domains that use full words and may collide with actual innocent websites? What about how to handle threat data that is lacking in context to make appropriate decisions on its validity and accuracy? This talk will present several case studies in how these problems can be tackled and how using multi-domain analysis can help reduce the risk and maximize the value of automated protection using these types of data.
Presented at Diana Initiative, Queercon 16, and DEFCON 27 Recon Village 8/9-10, 2019.
When we think of the process for attacking an organization, OSINT comes to the front and center of our minds. This presentation takes a presenter with experience in applying OSINT to effective penetration testing and social engineering and reverse engineers the process to determine what steps can be taken to further complicate their efforts. This is a presentation that talks about online deception, decoy accounts, canary data, encryption, maintaining one’s social media in a secure manner, and protecting one’s identity as much as possible. While nothing is absolute, this is a presentation that will leave attendees more aware of techniques to make it harder for attackers to collect accurate OSINT, either by removal or deception.
iWeb Scraping Services is a leader in providing the Low cost Web Scraping, Data Extraction, Web Data Mining Services.
Expert in developing high-end web crawlers / Web Scrapers/spiders/extractions.
Driven by recent increases in cryptocurrency values, Cryptojacking is poised to be a center of conversation. It’s one of the latest innovations in hacking in which a victim’s computer is enlisted to mine cryptocurrency. Unlike ransomware, this attack steals processor cycles in an attempt to mine Monero and other currencies, typically without the user’s knowledge or consent.
This project is under the Alternative Investment course lectured by Professor David Lee at SMU. These slides illustrate the definition, history, types and future of crowdfunding. More specifically, slides demonstrate that, innovative technology, blockchain, will be employed in crowdfunding.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
Bitsquatting: Exploiting bit-flips for fun, or profit?
1. Bitsquatting
Exploiting Bit-Flips for Fun, or Profit?
Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven
Desmet. Frank Piessens, Wouter Joosen
WWW 2013
2. Humble beginnings
• There was a time when the Internet wasn’t yet a big thing
o Some sites existed, and people were starting to register
domain names
o But many were skeptical
• Some, however, were registering domains by the dozens
o Speculators
• wine.com
• cheapairlinetickets.com
• traveltobrazil.com
3. Cybersquatters
• In 1994, 2/3 of the Fortune 500 companies had not
registered the domains corresponding to their
trademarks[13]
o E.g. mcdonalds.com
• Some of the speculators, decided to push it a bit by
registering such domains, hoping for profit
o This practice was named “cybersquatting”
• In some cases, cybersquatters speculated the name of
future products and services:
o iphone6.com
7. Cybersquatting evolves
• Typosquatting
o Keyboard users, even experienced ones, make
mistakes while typing
o Registration of mistypes of popular domains
• foogle.com, ffacebook.com, twitte.com
• Homograph domains
o Registration of domains that look like, popular domains
• tvvitter.com, paypa1.com, ⅿicrosoft.com
o Higher chances of maliciousness
• Users arrive to these domains by clicking on malicious links
8. I heard some bits need help…
• Dinaburg, in 2011, suggested that random bit-flips could
happen in memory of hardware, storing a domain name
example.com
01100101 01111000 01100001…
01100101 01111001 01100001…
eyample.com
9. Bitsquatting
• To test his theory, Dinaburg registered 30 bitsquatting
domains, targeting popular domains
o E.g. mic2osoft.com and fbbdn.com
• In 8 months, he received:
o 52,317 requests from 12,949 unique IP addresses
o Requests were:
• From all over the world
• All popular OSs and browsers
• Some clearly not user-initiated, like “Windows Updates”
10. Our question…
• Given the crowded typosquatting field, were
cybersquatters convinced by Dinaburg’s attack?
o i.e., did they started registering bitsquatting domains?
• Bitsquatting-domain generator and crawler
o Investigated all possible bitsquatting domains daily, for
nine months.
o Recorded, HTML, inline JavaScript, redirections and
destination IP addresses
11. Results
• In 9 months, we
discovered:
o 5,366
different
bitsquatting
domains
o Targeting
491/500
Alexa
domains
13. How are bitsquatting domains used?
• How does one explore 5,336 domains, with possibly 9
months worth of data for each domain?
o Bitsquatting, typosquatting, cybersquatting are all
branches of the same tree
• Prior research has shown that most “whitehat”
cybersquatters use one of the following monetization
techniques:
o Parking pages
o Affiliate abuse
14.
15. Detecting parkers
• Used the hosts identified as large parking agencies by
Wang et al [17], together with a simple extra heuristic
o If these hosts appeared in any place in the gathered
pages (HTML, JavaScript, redirections), the page was
flagged as parked
o 2,782 domains were flagged as parked (51.8%)
• Domain-parking agencies are the biggest facilitators of
cybersquatters
16. Detecting affiliate abuse
• Abusers of affiliate programs gain money by product
commissions, with the help of unsuspecting users
o constintcontact.com -> constantcontact.com?pn=aff123
• 311 (5.7%) of the domains redirected the user back to the
correct authoritative site
o 211 belonged to the same company
o 58 were abusing affiliate programs
o 42 were unclassified
17. Bitsquatting experiments
• Hypothesis: Dinaburg’s idea sounds improbable, thus
there must be people trying to recreate it
• We searched each bitsquatting page for keywords that
would give away the experiment
o bitsquatting, squatting, experiment
• 61 of the 5,366 domains were classified as experiments
o E.g. iozilla.org and wozdpress.com
18. Need for further classification
• Using our automated methods, we were able to classify
more than half of all the bitsquatting pages
• To estimate the classes of the rest, we chose a 10%
random sample, which we manually analyzed
o Check source, WHOIS records, DBs of malicious sites
20. Results
Category Percentage
Legitimately owned 40.0%
Parked 15.4%
Redirect 15.0%
For sale 10.0%
Non-syndicated ads 6.8%
Other 6.8%
Malware 3.2%
Empty 2.7%
Overall:
More than 73% of the discovered bitsquatting domains were
exploited for profit
22. Defenses
• Hardware Based
o Global use of ECC memory
• Software Based
o Sanity checks by software to detect unexpected
modifications
o DNSSEC
• Damage Control
o Companies register these domains before attackers do
• Incentive Removal
o Thousands of cybersquatters flock around tens of
domain parking agencies
23. Conclusion
• As the web expands, domain names can only become
more popular
• Bitsquatting is a new type of domain squatting, relying on
hardware failures rather than user mistakes
• Verdict is still out on the magnitute of the bitsquatting
problem and the practicality of the attack
• Cybersquatters, however, are using it in exactly the same
way as other types of domain squatting