Blacklisted 411 - the official hackers magazine (volume 6 - issue 3 summer 2004)
•
0 likes•36 views
This document does not contain any text to summarize. It appears to be blank.
Report
Share
Report
Share
Download to read offline
Recommended
Escanear2
This short document does not contain any meaningful information to summarize in 3 sentences or less. It consists of only punctuation marks without any words, sentences, or context.
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
The document discusses strategies for red teaming Active Directory security. It begins with an overview of Active Directory components and how they can be exploited by attackers. It then covers offensive PowerShell techniques and how PowerShell security can be bypassed. The document also provides methods for effective Active Directory reconnaissance, including discovering administrator accounts and network assets without port scanning. Finally, it discusses some Active Directory defenses that can be deployed and potential bypass techniques.
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
The document discusses vulnerabilities found in seismological network devices that could allow remote exploitation. It begins with a disclaimer and agenda. The speakers are then introduced as researchers from Costa Rica who were interested in these networks due to potential attack scenarios. Through a search engine, they discovered vulnerabilities in devices from multiple vendors. The talk demonstrates taking control of a device and outlines impacts such as sabotage. Recommendations are made to vendors to improve security of these critical scientific instruments.
DEF CON 24 - Tamas Szakaly - help i got ants
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms for those who already suffer from conditions like anxiety and depression.
DEF CON 24 - Ladar Levison - compelled decryption
This document appears to be a preview of slides for a presentation at DEF CON 24 about compelled decryption. The slides discuss the difference between first and third parties in communications and the Communications Assistance for Law Enforcement Act. It also lists several third parties like technology companies and individuals that could potentially be compelled to decrypt communications. The document indicates that it is a preliminary version and the slides may be altered before the actual presentation.
Recommended
Escanear2
This short document does not contain any meaningful information to summarize in 3 sentences or less. It consists of only punctuation marks without any words, sentences, or context.
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
The document discusses strategies for red teaming Active Directory security. It begins with an overview of Active Directory components and how they can be exploited by attackers. It then covers offensive PowerShell techniques and how PowerShell security can be bypassed. The document also provides methods for effective Active Directory reconnaissance, including discovering administrator accounts and network assets without port scanning. Finally, it discusses some Active Directory defenses that can be deployed and potential bypass techniques.
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
The document discusses vulnerabilities found in seismological network devices that could allow remote exploitation. It begins with a disclaimer and agenda. The speakers are then introduced as researchers from Costa Rica who were interested in these networks due to potential attack scenarios. Through a search engine, they discovered vulnerabilities in devices from multiple vendors. The talk demonstrates taking control of a device and outlines impacts such as sabotage. Recommendations are made to vendors to improve security of these critical scientific instruments.
DEF CON 24 - Tamas Szakaly - help i got ants
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms for those who already suffer from conditions like anxiety and depression.
DEF CON 24 - Ladar Levison - compelled decryption
This document appears to be a preview of slides for a presentation at DEF CON 24 about compelled decryption. The slides discuss the difference between first and third parties in communications and the Communications Assistance for Law Enforcement Act. It also lists several third parties like technology companies and individuals that could potentially be compelled to decrypt communications. The document indicates that it is a preliminary version and the slides may be altered before the actual presentation.
DEF CON 24 - Clarence Chio - machine duping 101
Deep learning systems are susceptible to adversarial manipulation through techniques like generating adversarial samples and substitute models. By making small, targeted perturbations to inputs, an attacker can cause misclassifications or reduce a model's confidence without affecting human perception of the inputs. This is possible due to blind spots in how models learn representations that are different from human concepts. Defending against such attacks requires training models with adversarial techniques to make them more robust.
DEF CON 24 - Chris Rock - how to overthrow a government
This document outlines various strategies and tactics for overthrowing a government through covert and clandestine means, including cyber espionage, propaganda, agitation of public unrest, sabotage of critical infrastructure, and manipulation of financial systems. It discusses using mercenaries and private intelligence agencies to carry out these activities at an arm's length from sponsorship by nation states. Specific examples from Kuwait in 2011 are referenced to illustrate techniques for fomenting revolution through cyber and information operations.
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
This document discusses various ways that hardware can become "bricked", or rendered unusable, through both software and hardware issues. It covers 101 different bricking scenarios across firmware, printed circuit boards, connectors, integrated circuits, and unexpected situations. Examples include wiping firmware, damaging traces on PCBs, breaking solder joints on connectors, applying too much voltage to ICs, and devices being bricked by environmental factors. The document provides tips for both bricking and avoiding bricking hardware, as well as techniques for potentially unbricking devices.
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
This document provides an overview of a talk on novel USB attacks that can provide remote command and control of even air-gapped machines with minimal forensic footprint. It describes building an open-source toolset using freely available hardware that implements a stealthy bi-directional communication channel over USB using a keyboard/mouse and generic HID profiles to deploy payloads and proxy traffic without touching the network. The talk will demonstrate attacking Windows systems by staging payloads in memory to avoid disk artifacts and establishing a VNC session without user interaction or malware deployment. Source code and documentation for the toolset, called USaBUSe, will be released on GitHub at Defcon.
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
The document discusses common challenges and failures that can occur when conducting phishing campaigns professionally. It outlines eleven stories of phishing failures caused by issues like poor scheduling, spam filters blocking emails, not having enough target email addresses, domain name choices being too obvious, and lack of communication. For each failure, it provides recommendations on how to avoid the problem by improving collaboration, communication, planning and negotiation with the client organization. The overall message is that success requires treating phishing engagements as multi-party negotiations and managing expectations through clear communication and involvement of all stakeholders.
DEF CON 24 - Gorenc Sands - hacker machine interface
The document discusses vulnerabilities found in human-machine interface (HMI) solutions used for industrial control systems. It details a case study of multiple stack-based buffer overflow vulnerabilities found in Advantech WebAccess through an RPC service that could allow remote code execution. The vulnerabilities were caused by improper validation of user-supplied input to functions like sprintf and strcpy. While patches were released, analysis showed the fixes did not fully address the underlying problems with input handling.
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
This document summarizes tool-assisted speedruns (TAS) of video games. It discusses how emulators and tools are used to play games faster than humanly possible by deterministically recording every input. Advanced techniques like memory searching and scripting push games to their limits. Console verification devices were developed to play back TAS movies on original hardware. The document argues that TAS tools are like penetration testing tools and can be used to find and exploit vulnerabilities in games. It demonstrates an arbitrary code execution in Pokemon Red using an unintended opcode execution.
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
This document shows a graph with distance on the x-axis ranging from 0 to 35 meters and Received Signal Strength (RSS) in dBm on the y-axis ranging from -100 to -40 dBm. The graph contains a line for a model with a path loss exponent of 2.0 as well as scattered data points representing collected RSS measurements.
DEF CON 24 - Rich Mogull - pragmatic cloud security
This document provides an overview of a hands-on, turbocharged pragmatic cloud security training that covers topics in a fraction of the normal time by slimming down four days of material into four hours. It will cover configuring production-quality AWS accounts, building deployment pipelines, and automating security controls. Most examples will use Ruby and Python. Nearly all labs will be in AWS. There will be minimal slides and hand-holding. Participants are responsible for their own AWS bills after the training.
DEF CON 24 - Grant Bugher - Bypassing captive portals
The document discusses the results of a study on the impact of COVID-19 lockdowns on air pollution. Researchers analyzed data from dozens of countries and found that lockdowns led to an average decline of nearly 30% in nitrogen dioxide levels over cities. However, they also observed that this improvement was temporary and air pollution rebounded once lockdowns were lifted as vehicle traffic increased again. The short-term reductions could help policymakers design better emission control strategies in the future.
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Little Snitch is a host-based firewall for macOS that intercepts connection attempts and allows the user to approve or deny them. The document discusses understanding, bypassing, and reversing Little Snitch. It provides an overview of Little Snitch's components and architecture, describes several methods for bypassing its network filtering, and examines techniques for interacting with and disabling Little Snitch's kernel extension through the I/O Kit framework.
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
The document summarizes two presentations on cracking electronic safe locks. It discusses cracking a Sargent & Greenleaf 6120 safe lock by using a power analysis side-channel attack to recover the keycode stored in clear in the lock's EEPROM. It also discusses cracking a Sargent & Greenleaf Titan PivotBolt safe lock by using a timing side-channel attack to recover the keycode, and defeating the lock's incorrect code lockout feature.
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
This document discusses hacking heavy trucks and related networking protocols. It describes building a "Truck-in-a-Box" simulator to experiment with truck electronics and protocols like J1939 and J1708. The document outlines adventures in truck hacking, including modifying engine parameters, impersonating an engine control module, and exploiting bad cryptography. Details are provided on new hardware tools like the Truck Duck for analyzing truck communication networks.
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
The document provides an overview of a workshop on practical Android application exploitation. The workshop aims to teach skills for performing reverse engineering, static and dynamic testing, and binary analysis of Android applications. It will use demonstrations and hands-on exercises with custom applications like InsecureBankv2. The workshop focuses on discovery and remediation, targeting intermediate to advanced skill levels. It will cover tools, techniques, and common vulnerabilities to exploit Android applications.
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
The document discusses vulnerabilities in VNC implementations that allow unauthenticated access. It notes that a scan of the internet found over 335,000 VNC servers, with around 8,000 having no authentication. This lack of authentication allows attackers to access and "pivot" into internal networks. The document provides statistics on different VNC protocol versions found and describes exploits that could allow compromising devices to access additional internal systems through insecure VNC implementations and proxies.
DEF CON 24 - Antonio Joseph - fuzzing android devices
Droid-FF is an Android fuzzing framework that aims to automate the fuzzing process on Android devices. It uses Python scripts and integrates fuzzing tools like Peach and radamsa to generate test case data. The framework runs fuzzing campaigns on Android devices, processes the logs to identify crashes, verifies the crashes are unique, maps crashes to source code locations, and analyzes crashes for exploitability using a GDB plugin. The goal of Droid-FF is to make fuzzing easier on mobile devices and help find more crashes and potential vulnerabilities in Android applications and frameworks.
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Firmware analysis often involves searching firmware images for known file headers and file systems like SquashFS to extract contained files. Automated binary analysis tools like binwalk can help extract files from images. HTTP interfaces are common targets for security testing since they are often exposed without authentication. Testing may uncover vulnerabilities like XSS, CSRF, SQLi or command injection. Wireless interfaces also require testing to check for issues like weak encryption or exposure of credentials in cleartext.
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
This document discusses the history and techniques of malware targeting gaming communities through virtual item scams and theft. It outlines how non-functional cosmetic items in games like CS:GO and Dota 2 led to an economy where items could be traded, and how scammers have since exploited this through techniques like phishing sites and malware downloads. The document analyzes the tactics of a group called "Steampunks" and recommends steps gaming companies and communities can take to help address the problem, such as URL scanning and anti-phishing plugins.
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
Yuwei Zheng and Haoqi Shan from 360 Unicorn Team discuss hacking femtocells to capture cellular traffic. They explain how to obtain a free femtocell through social engineering complaints to mobile carriers. After dismantling the hardware, they find the UART interface and use the boot shell to download firmware. By patching the login process, they gain access to the VxWorks kernel and use it to capture packets including SMS, voice, and GPRS data in real-time.
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
The document discusses turning a KVM device into a keylogging monster by extracting and analyzing its firmware. Researchers were able to reverse engineer the firmware blob and discover it was encrypted 8051 assembly code. By analyzing differences across firmware versions, they found strings that indicated the last bytes of each version contained the firmware version in ASCII. This revealed the encryption method and allowed them to decrypt and understand the assembly code. They then proposed designing custom firmware for the KVM that would add network connectivity and advanced keylogging capabilities.
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
More Related Content
More from Felipe Prado
DEF CON 24 - Clarence Chio - machine duping 101
Deep learning systems are susceptible to adversarial manipulation through techniques like generating adversarial samples and substitute models. By making small, targeted perturbations to inputs, an attacker can cause misclassifications or reduce a model's confidence without affecting human perception of the inputs. This is possible due to blind spots in how models learn representations that are different from human concepts. Defending against such attacks requires training models with adversarial techniques to make them more robust.
DEF CON 24 - Chris Rock - how to overthrow a government
This document outlines various strategies and tactics for overthrowing a government through covert and clandestine means, including cyber espionage, propaganda, agitation of public unrest, sabotage of critical infrastructure, and manipulation of financial systems. It discusses using mercenaries and private intelligence agencies to carry out these activities at an arm's length from sponsorship by nation states. Specific examples from Kuwait in 2011 are referenced to illustrate techniques for fomenting revolution through cyber and information operations.
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
This document discusses various ways that hardware can become "bricked", or rendered unusable, through both software and hardware issues. It covers 101 different bricking scenarios across firmware, printed circuit boards, connectors, integrated circuits, and unexpected situations. Examples include wiping firmware, damaging traces on PCBs, breaking solder joints on connectors, applying too much voltage to ICs, and devices being bricked by environmental factors. The document provides tips for both bricking and avoiding bricking hardware, as well as techniques for potentially unbricking devices.
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
This document provides an overview of a talk on novel USB attacks that can provide remote command and control of even air-gapped machines with minimal forensic footprint. It describes building an open-source toolset using freely available hardware that implements a stealthy bi-directional communication channel over USB using a keyboard/mouse and generic HID profiles to deploy payloads and proxy traffic without touching the network. The talk will demonstrate attacking Windows systems by staging payloads in memory to avoid disk artifacts and establishing a VNC session without user interaction or malware deployment. Source code and documentation for the toolset, called USaBUSe, will be released on GitHub at Defcon.
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
The document discusses common challenges and failures that can occur when conducting phishing campaigns professionally. It outlines eleven stories of phishing failures caused by issues like poor scheduling, spam filters blocking emails, not having enough target email addresses, domain name choices being too obvious, and lack of communication. For each failure, it provides recommendations on how to avoid the problem by improving collaboration, communication, planning and negotiation with the client organization. The overall message is that success requires treating phishing engagements as multi-party negotiations and managing expectations through clear communication and involvement of all stakeholders.
DEF CON 24 - Gorenc Sands - hacker machine interface
The document discusses vulnerabilities found in human-machine interface (HMI) solutions used for industrial control systems. It details a case study of multiple stack-based buffer overflow vulnerabilities found in Advantech WebAccess through an RPC service that could allow remote code execution. The vulnerabilities were caused by improper validation of user-supplied input to functions like sprintf and strcpy. While patches were released, analysis showed the fixes did not fully address the underlying problems with input handling.
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
This document summarizes tool-assisted speedruns (TAS) of video games. It discusses how emulators and tools are used to play games faster than humanly possible by deterministically recording every input. Advanced techniques like memory searching and scripting push games to their limits. Console verification devices were developed to play back TAS movies on original hardware. The document argues that TAS tools are like penetration testing tools and can be used to find and exploit vulnerabilities in games. It demonstrates an arbitrary code execution in Pokemon Red using an unintended opcode execution.
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
This document shows a graph with distance on the x-axis ranging from 0 to 35 meters and Received Signal Strength (RSS) in dBm on the y-axis ranging from -100 to -40 dBm. The graph contains a line for a model with a path loss exponent of 2.0 as well as scattered data points representing collected RSS measurements.
DEF CON 24 - Rich Mogull - pragmatic cloud security
This document provides an overview of a hands-on, turbocharged pragmatic cloud security training that covers topics in a fraction of the normal time by slimming down four days of material into four hours. It will cover configuring production-quality AWS accounts, building deployment pipelines, and automating security controls. Most examples will use Ruby and Python. Nearly all labs will be in AWS. There will be minimal slides and hand-holding. Participants are responsible for their own AWS bills after the training.
DEF CON 24 - Grant Bugher - Bypassing captive portals
The document discusses the results of a study on the impact of COVID-19 lockdowns on air pollution. Researchers analyzed data from dozens of countries and found that lockdowns led to an average decline of nearly 30% in nitrogen dioxide levels over cities. However, they also observed that this improvement was temporary and air pollution rebounded once lockdowns were lifted as vehicle traffic increased again. The short-term reductions could help policymakers design better emission control strategies in the future.
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Little Snitch is a host-based firewall for macOS that intercepts connection attempts and allows the user to approve or deny them. The document discusses understanding, bypassing, and reversing Little Snitch. It provides an overview of Little Snitch's components and architecture, describes several methods for bypassing its network filtering, and examines techniques for interacting with and disabling Little Snitch's kernel extension through the I/O Kit framework.
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
The document summarizes two presentations on cracking electronic safe locks. It discusses cracking a Sargent & Greenleaf 6120 safe lock by using a power analysis side-channel attack to recover the keycode stored in clear in the lock's EEPROM. It also discusses cracking a Sargent & Greenleaf Titan PivotBolt safe lock by using a timing side-channel attack to recover the keycode, and defeating the lock's incorrect code lockout feature.
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
This document discusses hacking heavy trucks and related networking protocols. It describes building a "Truck-in-a-Box" simulator to experiment with truck electronics and protocols like J1939 and J1708. The document outlines adventures in truck hacking, including modifying engine parameters, impersonating an engine control module, and exploiting bad cryptography. Details are provided on new hardware tools like the Truck Duck for analyzing truck communication networks.
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
The document provides an overview of a workshop on practical Android application exploitation. The workshop aims to teach skills for performing reverse engineering, static and dynamic testing, and binary analysis of Android applications. It will use demonstrations and hands-on exercises with custom applications like InsecureBankv2. The workshop focuses on discovery and remediation, targeting intermediate to advanced skill levels. It will cover tools, techniques, and common vulnerabilities to exploit Android applications.
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
The document discusses vulnerabilities in VNC implementations that allow unauthenticated access. It notes that a scan of the internet found over 335,000 VNC servers, with around 8,000 having no authentication. This lack of authentication allows attackers to access and "pivot" into internal networks. The document provides statistics on different VNC protocol versions found and describes exploits that could allow compromising devices to access additional internal systems through insecure VNC implementations and proxies.
DEF CON 24 - Antonio Joseph - fuzzing android devices
Droid-FF is an Android fuzzing framework that aims to automate the fuzzing process on Android devices. It uses Python scripts and integrates fuzzing tools like Peach and radamsa to generate test case data. The framework runs fuzzing campaigns on Android devices, processes the logs to identify crashes, verifies the crashes are unique, maps crashes to source code locations, and analyzes crashes for exploitability using a GDB plugin. The goal of Droid-FF is to make fuzzing easier on mobile devices and help find more crashes and potential vulnerabilities in Android applications and frameworks.
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Firmware analysis often involves searching firmware images for known file headers and file systems like SquashFS to extract contained files. Automated binary analysis tools like binwalk can help extract files from images. HTTP interfaces are common targets for security testing since they are often exposed without authentication. Testing may uncover vulnerabilities like XSS, CSRF, SQLi or command injection. Wireless interfaces also require testing to check for issues like weak encryption or exposure of credentials in cleartext.
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
This document discusses the history and techniques of malware targeting gaming communities through virtual item scams and theft. It outlines how non-functional cosmetic items in games like CS:GO and Dota 2 led to an economy where items could be traded, and how scammers have since exploited this through techniques like phishing sites and malware downloads. The document analyzes the tactics of a group called "Steampunks" and recommends steps gaming companies and communities can take to help address the problem, such as URL scanning and anti-phishing plugins.
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
Yuwei Zheng and Haoqi Shan from 360 Unicorn Team discuss hacking femtocells to capture cellular traffic. They explain how to obtain a free femtocell through social engineering complaints to mobile carriers. After dismantling the hardware, they find the UART interface and use the boot shell to download firmware. By patching the login process, they gain access to the VxWorks kernel and use it to capture packets including SMS, voice, and GPRS data in real-time.
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
The document discusses turning a KVM device into a keylogging monster by extracting and analyzing its firmware. Researchers were able to reverse engineer the firmware blob and discover it was encrypted 8051 assembly code. By analyzing differences across firmware versions, they found strings that indicated the last bytes of each version contained the firmware version in ASCII. This revealed the encryption method and allowed them to decrypt and understand the assembly code. They then proposed designing custom firmware for the KVM that would add network connectivity and advanced keylogging capabilities.
More from Felipe Prado (20)
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
Recently uploaded
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
Demystifying Knowledge Management through Storytelling
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
GNSS spoofing via SDR (Criptored Talks 2024)
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Astute Business Solutions | Oracle Cloud Partner |
Your goto partner for Oracle Cloud, PeopleSoft, E-Business Suite, and Ellucian Banner. We are a firm specialized in managed services and consulting.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Essentials of Automations: Exploring Attributes & Automation Parameters
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Dandelion Hashtable: beyond billion requests per second on a commodity server
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Recently uploaded (20)
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Blacklisted 411 - the official hackers magazine (volume 6 - issue 3 summer 2004)
- 11. .11 .