This talk was at California Information Technology in Education (CITE 2022. This talk discussed tool that a blue team can use to gain to better respond to threats on their networks
OWASP SF - Reviewing Modern JavaScript ApplicationsLewis Ardern
The document provides an overview of reviewing modern JavaScript applications for security. It discusses how JavaScript is used widely, common frameworks like React and Angular, and tools for analyzing JavaScript like ESLint. It also covers real-world examples of vulnerabilities like cross-site scripting and remote code execution. The talk emphasizes embracing developer tools and best practices like code reviews and linting to identify security issues in JavaScript applications.
Thick Application Penetration Testing - A Crash CourseNetSPI
This document provides an overview of penetration testing thick applications. It discusses why thick apps present unique risks compared to web apps, common thick app architectures, and how to access and test various components of thick apps including the GUI, files, registry, network traffic, memory, and configurations. A variety of tools are listed that can be used for tasks like decompiling, injecting code, and exploiting excessive privileges. The document concludes with recommendations such as never storing sensitive data in assemblies and being careful when deploying thick apps via terminal services.
This document provides an overview of information gathering and vulnerability scanning techniques for the CompTIA Pentest+ certification. It discusses the importance of gathering both technical and people information about the target. It covers passive information gathering techniques like searching public databases and active techniques like port scanning and website crawling. The document demonstrates tools for discovering domains, IP addresses, ports, services and technical details through techniques like DNS queries, Nmap scanning, and using search engines and Shodan. It emphasizes using both passive and active approaches to fully map the target environment.
Android Embedded - Smart Hubs als Schaltzentrale des IoTinovex GmbH
Android can be used as an operating system for smart hubs and embedded devices in the Internet of Things (IoT). Key advantages of using Android include its powerful graphics capabilities, ability to easily update devices over-the-air, and support for integrating various hardware protocols and devices. Android also provides a stable architecture and development process similar to building smartphone apps, making it well-suited for building smart hub and IoT devices.
We all know Azure is a powerful platform but many aren’t aware of the little features lurking in the corners than can transform you from an Azure Acolyte to full blown Azure Ninja. In this whirlwind session we’ll cover tips on everything from UI Customization to CLI’s lurking in unexpected places and from free tools and services to mysterious repositories of wisdom and enlightenment.
Slides from the ECU Security Research Institute seminar Monday 29 April 2013, presented by Professor Craig Valli.
Our increasing interconnection networks and production of data of various types such as pictures and videos (artefacts), are producing an increasingly unseen amount of data.
Metadata is data about an artefact that may, for instance, give away the location where a
photo was taken, the device that created the artefact, or what operating systems and applications were used in the construction of the artefact.
Furthermore, the device that transmitted the artefact may be reliably fingerprinted and identified by the applications and operating systems that it runs. Most organisations and individuals are unaware of the attendant risk that the production of artefacts with embedded metadata represents to privacy and security.
This presentation will explore those risks and also demonstrate some of the capabilities of the tools publicly available to extract intelligence from metadata.
Speaker Profile
Professor Craig Valli is the Director of the ECU Security Research Institute (ECUSRI) at Edith Cowan University. Professor Valli has over 25 years experience in the IT industry. He conducts research and consults to industry and government on network security and digital forensics issues. His main consultancy focus is on securing networks and critical infrastructures, detection of network borne threats and forensic analysis of cyber security incidents.
The ECU Security Research Institute (ECUSRI) is a research unit with Edith Cowan University.
This presentation is prepared for students of computer science to help guide them about various career options and potential job opportunities.
This will help for better preparation and best practices and behaves as road map for career in software engineering.
OWASP SF - Reviewing Modern JavaScript ApplicationsLewis Ardern
The document provides an overview of reviewing modern JavaScript applications for security. It discusses how JavaScript is used widely, common frameworks like React and Angular, and tools for analyzing JavaScript like ESLint. It also covers real-world examples of vulnerabilities like cross-site scripting and remote code execution. The talk emphasizes embracing developer tools and best practices like code reviews and linting to identify security issues in JavaScript applications.
Thick Application Penetration Testing - A Crash CourseNetSPI
This document provides an overview of penetration testing thick applications. It discusses why thick apps present unique risks compared to web apps, common thick app architectures, and how to access and test various components of thick apps including the GUI, files, registry, network traffic, memory, and configurations. A variety of tools are listed that can be used for tasks like decompiling, injecting code, and exploiting excessive privileges. The document concludes with recommendations such as never storing sensitive data in assemblies and being careful when deploying thick apps via terminal services.
This document provides an overview of information gathering and vulnerability scanning techniques for the CompTIA Pentest+ certification. It discusses the importance of gathering both technical and people information about the target. It covers passive information gathering techniques like searching public databases and active techniques like port scanning and website crawling. The document demonstrates tools for discovering domains, IP addresses, ports, services and technical details through techniques like DNS queries, Nmap scanning, and using search engines and Shodan. It emphasizes using both passive and active approaches to fully map the target environment.
Android Embedded - Smart Hubs als Schaltzentrale des IoTinovex GmbH
Android can be used as an operating system for smart hubs and embedded devices in the Internet of Things (IoT). Key advantages of using Android include its powerful graphics capabilities, ability to easily update devices over-the-air, and support for integrating various hardware protocols and devices. Android also provides a stable architecture and development process similar to building smartphone apps, making it well-suited for building smart hub and IoT devices.
We all know Azure is a powerful platform but many aren’t aware of the little features lurking in the corners than can transform you from an Azure Acolyte to full blown Azure Ninja. In this whirlwind session we’ll cover tips on everything from UI Customization to CLI’s lurking in unexpected places and from free tools and services to mysterious repositories of wisdom and enlightenment.
Slides from the ECU Security Research Institute seminar Monday 29 April 2013, presented by Professor Craig Valli.
Our increasing interconnection networks and production of data of various types such as pictures and videos (artefacts), are producing an increasingly unseen amount of data.
Metadata is data about an artefact that may, for instance, give away the location where a
photo was taken, the device that created the artefact, or what operating systems and applications were used in the construction of the artefact.
Furthermore, the device that transmitted the artefact may be reliably fingerprinted and identified by the applications and operating systems that it runs. Most organisations and individuals are unaware of the attendant risk that the production of artefacts with embedded metadata represents to privacy and security.
This presentation will explore those risks and also demonstrate some of the capabilities of the tools publicly available to extract intelligence from metadata.
Speaker Profile
Professor Craig Valli is the Director of the ECU Security Research Institute (ECUSRI) at Edith Cowan University. Professor Valli has over 25 years experience in the IT industry. He conducts research and consults to industry and government on network security and digital forensics issues. His main consultancy focus is on securing networks and critical infrastructures, detection of network borne threats and forensic analysis of cyber security incidents.
The ECU Security Research Institute (ECUSRI) is a research unit with Edith Cowan University.
This presentation is prepared for students of computer science to help guide them about various career options and potential job opportunities.
This will help for better preparation and best practices and behaves as road map for career in software engineering.
Build Low-Latency Applications in Rust on ScyllaDBScyllaDB
Join us for a developer workshop where we’ll go hands-on to explore the affinities between Rust, the Tokio framework, and ScyllaDB.
ScyllaDB is a perfect match for Rust. Similar to the Rust programming language and the Tokio framework, ScyllaDB is built on an asynchronous, non-blocking runtime that works extremely well for building highly-reliable low-latency distributed applications.
In this workshop, you’ll go live with our sample Rust application, built on our new, high performance native Rust client driver. By compiling and walking through the code, you’ll learn specifically how to craft queries to a locally running ScyllaDB cluster.
In the process you’ll discover the features and best practices that enable your Rust applications to squeeze maximum performance out of ScyllaDB's shard-per-core architecture.
- Install and compile an IoT sample app, built on ScyllaDB’s native Rust SDK.
- Install a single cluster of Scylla locally
- Use Docker to get a 3-node cluster running on your laptop
- Connect the application to the database
- Review data modeling, query types and best practices
- Manage and monitor
If you’re an application developer with an interest in Rust and Tokio, this workshop is for you!
Scott Sutherland discusses penetration testing thick applications. He explains why these applications create unique risks compared to web applications due to users having full control over the application environment. This allows attacks on trusted components, exposure of data and admin functions, and privilege escalation. Sutherland outlines the goals and process for testing thick applications, including common architectures, accessing the application, and testing the application's GUI, files, registry, network traffic, memory, and configurations to identify vulnerabilities.
This document provides a roadmap for learning DevOps skills and technologies. It covers topics such as source code management with Git, programming languages, Linux, networking, servers, containers, orchestration with Kubernetes, infrastructure as code with Terraform, CI/CD, monitoring, cloud providers, Agile methodologies, and automation testing. For each topic, it lists several learning resources like websites, courses, and documentation to gain knowledge in that area. The overall roadmap is intended to help develop the full range of abilities needed for a career in DevOps engineering.
Denny Lee introduced Azure DocumentDB, a fully managed NoSQL database service. DocumentDB provides elastic scaling of throughput and storage, global distribution with low latency reads and writes, and supports querying JSON documents with SQL and JavaScript. Common scenarios that benefit from DocumentDB include storing product catalogs, user profiles, sensor telemetry, and social graphs due to its ability to handle hierarchical and de-normalized data at massive scale.
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
Fast innovation requires Fast IT: the new model for IT that transforms the way we deliver new business application capabilities to our clients.
Cisco IT has created solutions that enable automated provisioning of environments and fast deployment of cloud applications through “Software Development-as-a-Service”.
In this session, we’ll provide a hands-on experience of how application teams use an automated toolset to combine quality and agility, while reducing operational expense. We’ll also provide a view of the key technologies that enable this solution.
Finally, there’s a quick glimpse into what’s next: containerization and IOE Application Enablement.
The document discusses Purple Teaming and infrastructure as code (IaC) tools for security simulation labs. It introduces BlueCloud and PurpleCloud simulation labs, with BlueCloud being a single Windows host lab for adversary simulation and PurpleCloud being an open-source tool that automates the creation of labs in Azure, including labs with Azure Active Directory and a detection engineering focus. Purple Teaming is described as Red and Blue teams collaborating to improve defenses through adversary emulations. IaC tools like Terraform and Pulumi are discussed for provisioning lab infrastructure.
The document provides contact information for Dan Stolts and Ian Philpot of Microsoft, including their blog URLs, Twitter handles, and areas of specialization related to DevOps, containers, cloud computing, and more. It also includes definitions for MTTD (mean time to detect) and MTTR (mean time to resolve) and discusses how containers can provide increased application density and deployment flexibility compared to virtual machines.
This document outlines topics to be covered in a productivity performance tune up seminar for developers, designers, and database designers. The topics include semantic markup, Subversion, best coding practices, documentation, query optimization, security, technology trends, profiling, content delivery networks, image and script minimization, Agile/Scrum methodologies, and participating in online communities. Resources are provided for many of the topics. The target audience is web developers in Bangladesh.
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
The document discusses how to strengthen the security of mobile apps. It recommends conducting source code reviews, security testing apps during QA, and analyzing deployed apps. It provides examples of security checks like reviewing for vulnerabilities and threats. The document also shares tools for analyzing iOS and Android apps, such as reverse engineering toolkits and decompiling APK files. Resources are listed for tasks like monitoring network traffic and examining app databases and files.
Big Data - in the cloud or rather on-premises?Guido Schmutz
You want to implement an Big Data/IoT solution and would like to know if it should be implemented in the cloud or on-premises. You are interested in the cloud offerings of vendors and what benefits they provide and if a similar solution would not be possible on-premises.
This presentation deals with this and other questions. Starting from an vendor-independent reference architecture and corresponding design patterns, different cloud solutions from various vendors are compared and rated. Additionally it will be shown how such solution could be implemented on-premises and how a hybrid Big Data/IoT solution could look like.
Nikos Katirtzis gave a presentation on improving source code searching capabilities. He discussed why source code search engines are needed as developers spend more time reading code than writing it. He then compared popular code search engines like Searchcode Server, Hound, Zoekt, and Sourcegraph. Finally, he described HApiDoc, a service developed by Hotels.com that mines API usage examples from client source code using an approach called CLAMS.
Improving your team’s source code searching capabilitiesNikos Katirtzis
Nikos Katirtzis gave a presentation on improving source code searching capabilities. He discussed why source code search engines are needed, compared popular options like Searchcode Server, Hound, Zoekt, and Sourcegraph. He also described HApiDoc, a service that mines API usage examples from client source code using CLAMS, an approach to cluster and summarize examples. The presentation provided recommendations on source code search and considerations for setting one up.
Slides of a talk given to the Seattle Chapter of the Cloud Security Alliance. Looks briefly at Architectures, Sources of Log Data, and behavioral signatures in the data and issues and observations around using Big Data products for security.
Michael Dawson is a senior software developer and technical lead at IBM who is involved in many aspects of Node.js development including working groups, releases, build infrastructure, and platform support. IBM is a founding member and platinum sponsor of the Node.js Foundation and has many employees contributing to Node.js as core collaborators and through various working groups. IBM uses Node.js extensively for its own products, services, and platforms.
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...Fedir RYKHTIK
Slides from "Web Applications Automated Security Testing in a Continuous Delivery Pipeline" workshop, made during Drupal Developers Days 2017 at Seville, Spain
Sergii Bielskyi "Azure Logic App and building modern cloud native apps"Fwdays
I would like to share my experience of using Azure Logic App as a tool to build cloud native applications as easy and fast as we can. I will explain how we can use SDKs for our needs and how to use the cloud interface to simplify the process. During the demo, I will solve the problem that often happens especially with me when I am not at home.
Well, the story will be about IoT device and how we can user Logic app to notify me when electricity is turned off. Also, I will demonstrate how we can use computer vision into the Logic App.
Freelancer Weapons of mass productivityGregg Coppen
In the battle to stay organized, efficient, sane and maximize on billable time it helps to have systems in place to help deal with the daily business processes and management that make sure that you are working on what you should be and that projects, budgets and timelines stay on track. In particular, when you work on your own, its critical to have things like billing, time tracking and project management as a natural and seamless part of your workflow.
This session aims to be a whistle stop tour of some useful open source tools and subscription solutions I have found to be well worth their costs - including how they can be used effectively together to allow you to make the most efficient use of your time designing and developing Drupal sites.
I work as a remote contractor & consultant and my clients are drupal shops and companies needing web sites and systems designed, built, themed and/or maintained. These tools and services work for me to help stay organized and on top of my workload and help me to manage my responsibilities across multiple clients and timezones effectively.
The material in this session is geared more towards individual freelancers although much of it will be relevant for larger drupal shops and teams too.
A few of the topics I intend to cover will include
* Project Management with Redmine - an overview of this powerful open source project management system and a demo of some of the plugins that extend its functionality and integrate well with Drupal, Dropbox, Github, Chrome and others.
* Simplifying getting paid and easy record keeping - Easy invoicing, credit card processing and automatic importing of expenses using Freshbooks & Stripe
* Design to theme tricks and up and coming in-browser design tools and workflows using Styletiles, CSS Hat, SASS, Typekit, Typecast & Livestyle
* Faster Drupal development tips using Alfred & Sublime Text
* Rapid protoyping using Bootstrap/Zenstrap
* Site building strategies using install profiles and drush make files
* Deployment and Maintenance using Aegir
* Server monitoring using New Relic & load testing using Blazemeter
* Hosting and managing your site in the cloud
It is my aim to introduce ( in some cases briefly) tools and services that have made a difference to me that may have the potential to add to and improve your existing workflows.
This document provides an overview of microservices in the enterprise. It discusses factors driving the rise of microservices like SOA fatigue and the need for faster innovation. Examples of microservice architectures from companies like Netflix, Twitter and Gilt are presented. Key capabilities for building enterprise-ready microservices are described, including service discovery, description, deployment isolation using containers, data/verb partitioning, lightweight middleware, API gateways and observability. Open source technologies that support implementing these capabilities are also outlined. The document concludes that microservices are the future of distributed systems and enterprises should implement solutions from first principles using inspiration from internet companies.
Cisco APIs: An Interactive Assistant for the Web2Day Developer ConferenceCisco DevNet
Stève Sfartz is an API evangelist at Cisco who presented on Cisco APIs and leveraging them through examples. The presentation covered Cisco technologies like Connected Mobile Experience (CMX), Mobility IQ, and Cisco Spark which have REST APIs that can be used to access location data, analytics, and collaboration features. It encouraged developers to join the Cisco DevNet community to learn about APIs, take labs, and interact with other developers.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Build Low-Latency Applications in Rust on ScyllaDBScyllaDB
Join us for a developer workshop where we’ll go hands-on to explore the affinities between Rust, the Tokio framework, and ScyllaDB.
ScyllaDB is a perfect match for Rust. Similar to the Rust programming language and the Tokio framework, ScyllaDB is built on an asynchronous, non-blocking runtime that works extremely well for building highly-reliable low-latency distributed applications.
In this workshop, you’ll go live with our sample Rust application, built on our new, high performance native Rust client driver. By compiling and walking through the code, you’ll learn specifically how to craft queries to a locally running ScyllaDB cluster.
In the process you’ll discover the features and best practices that enable your Rust applications to squeeze maximum performance out of ScyllaDB's shard-per-core architecture.
- Install and compile an IoT sample app, built on ScyllaDB’s native Rust SDK.
- Install a single cluster of Scylla locally
- Use Docker to get a 3-node cluster running on your laptop
- Connect the application to the database
- Review data modeling, query types and best practices
- Manage and monitor
If you’re an application developer with an interest in Rust and Tokio, this workshop is for you!
Scott Sutherland discusses penetration testing thick applications. He explains why these applications create unique risks compared to web applications due to users having full control over the application environment. This allows attacks on trusted components, exposure of data and admin functions, and privilege escalation. Sutherland outlines the goals and process for testing thick applications, including common architectures, accessing the application, and testing the application's GUI, files, registry, network traffic, memory, and configurations to identify vulnerabilities.
This document provides a roadmap for learning DevOps skills and technologies. It covers topics such as source code management with Git, programming languages, Linux, networking, servers, containers, orchestration with Kubernetes, infrastructure as code with Terraform, CI/CD, monitoring, cloud providers, Agile methodologies, and automation testing. For each topic, it lists several learning resources like websites, courses, and documentation to gain knowledge in that area. The overall roadmap is intended to help develop the full range of abilities needed for a career in DevOps engineering.
Denny Lee introduced Azure DocumentDB, a fully managed NoSQL database service. DocumentDB provides elastic scaling of throughput and storage, global distribution with low latency reads and writes, and supports querying JSON documents with SQL and JavaScript. Common scenarios that benefit from DocumentDB include storing product catalogs, user profiles, sensor telemetry, and social graphs due to its ability to handle hierarchical and de-normalized data at massive scale.
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
Fast innovation requires Fast IT: the new model for IT that transforms the way we deliver new business application capabilities to our clients.
Cisco IT has created solutions that enable automated provisioning of environments and fast deployment of cloud applications through “Software Development-as-a-Service”.
In this session, we’ll provide a hands-on experience of how application teams use an automated toolset to combine quality and agility, while reducing operational expense. We’ll also provide a view of the key technologies that enable this solution.
Finally, there’s a quick glimpse into what’s next: containerization and IOE Application Enablement.
The document discusses Purple Teaming and infrastructure as code (IaC) tools for security simulation labs. It introduces BlueCloud and PurpleCloud simulation labs, with BlueCloud being a single Windows host lab for adversary simulation and PurpleCloud being an open-source tool that automates the creation of labs in Azure, including labs with Azure Active Directory and a detection engineering focus. Purple Teaming is described as Red and Blue teams collaborating to improve defenses through adversary emulations. IaC tools like Terraform and Pulumi are discussed for provisioning lab infrastructure.
The document provides contact information for Dan Stolts and Ian Philpot of Microsoft, including their blog URLs, Twitter handles, and areas of specialization related to DevOps, containers, cloud computing, and more. It also includes definitions for MTTD (mean time to detect) and MTTR (mean time to resolve) and discusses how containers can provide increased application density and deployment flexibility compared to virtual machines.
This document outlines topics to be covered in a productivity performance tune up seminar for developers, designers, and database designers. The topics include semantic markup, Subversion, best coding practices, documentation, query optimization, security, technology trends, profiling, content delivery networks, image and script minimization, Agile/Scrum methodologies, and participating in online communities. Resources are provided for many of the topics. The target audience is web developers in Bangladesh.
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
The document discusses how to strengthen the security of mobile apps. It recommends conducting source code reviews, security testing apps during QA, and analyzing deployed apps. It provides examples of security checks like reviewing for vulnerabilities and threats. The document also shares tools for analyzing iOS and Android apps, such as reverse engineering toolkits and decompiling APK files. Resources are listed for tasks like monitoring network traffic and examining app databases and files.
Big Data - in the cloud or rather on-premises?Guido Schmutz
You want to implement an Big Data/IoT solution and would like to know if it should be implemented in the cloud or on-premises. You are interested in the cloud offerings of vendors and what benefits they provide and if a similar solution would not be possible on-premises.
This presentation deals with this and other questions. Starting from an vendor-independent reference architecture and corresponding design patterns, different cloud solutions from various vendors are compared and rated. Additionally it will be shown how such solution could be implemented on-premises and how a hybrid Big Data/IoT solution could look like.
Nikos Katirtzis gave a presentation on improving source code searching capabilities. He discussed why source code search engines are needed as developers spend more time reading code than writing it. He then compared popular code search engines like Searchcode Server, Hound, Zoekt, and Sourcegraph. Finally, he described HApiDoc, a service developed by Hotels.com that mines API usage examples from client source code using an approach called CLAMS.
Improving your team’s source code searching capabilitiesNikos Katirtzis
Nikos Katirtzis gave a presentation on improving source code searching capabilities. He discussed why source code search engines are needed, compared popular options like Searchcode Server, Hound, Zoekt, and Sourcegraph. He also described HApiDoc, a service that mines API usage examples from client source code using CLAMS, an approach to cluster and summarize examples. The presentation provided recommendations on source code search and considerations for setting one up.
Slides of a talk given to the Seattle Chapter of the Cloud Security Alliance. Looks briefly at Architectures, Sources of Log Data, and behavioral signatures in the data and issues and observations around using Big Data products for security.
Michael Dawson is a senior software developer and technical lead at IBM who is involved in many aspects of Node.js development including working groups, releases, build infrastructure, and platform support. IBM is a founding member and platinum sponsor of the Node.js Foundation and has many employees contributing to Node.js as core collaborators and through various working groups. IBM uses Node.js extensively for its own products, services, and platforms.
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...Fedir RYKHTIK
Slides from "Web Applications Automated Security Testing in a Continuous Delivery Pipeline" workshop, made during Drupal Developers Days 2017 at Seville, Spain
Sergii Bielskyi "Azure Logic App and building modern cloud native apps"Fwdays
I would like to share my experience of using Azure Logic App as a tool to build cloud native applications as easy and fast as we can. I will explain how we can use SDKs for our needs and how to use the cloud interface to simplify the process. During the demo, I will solve the problem that often happens especially with me when I am not at home.
Well, the story will be about IoT device and how we can user Logic app to notify me when electricity is turned off. Also, I will demonstrate how we can use computer vision into the Logic App.
Freelancer Weapons of mass productivityGregg Coppen
In the battle to stay organized, efficient, sane and maximize on billable time it helps to have systems in place to help deal with the daily business processes and management that make sure that you are working on what you should be and that projects, budgets and timelines stay on track. In particular, when you work on your own, its critical to have things like billing, time tracking and project management as a natural and seamless part of your workflow.
This session aims to be a whistle stop tour of some useful open source tools and subscription solutions I have found to be well worth their costs - including how they can be used effectively together to allow you to make the most efficient use of your time designing and developing Drupal sites.
I work as a remote contractor & consultant and my clients are drupal shops and companies needing web sites and systems designed, built, themed and/or maintained. These tools and services work for me to help stay organized and on top of my workload and help me to manage my responsibilities across multiple clients and timezones effectively.
The material in this session is geared more towards individual freelancers although much of it will be relevant for larger drupal shops and teams too.
A few of the topics I intend to cover will include
* Project Management with Redmine - an overview of this powerful open source project management system and a demo of some of the plugins that extend its functionality and integrate well with Drupal, Dropbox, Github, Chrome and others.
* Simplifying getting paid and easy record keeping - Easy invoicing, credit card processing and automatic importing of expenses using Freshbooks & Stripe
* Design to theme tricks and up and coming in-browser design tools and workflows using Styletiles, CSS Hat, SASS, Typekit, Typecast & Livestyle
* Faster Drupal development tips using Alfred & Sublime Text
* Rapid protoyping using Bootstrap/Zenstrap
* Site building strategies using install profiles and drush make files
* Deployment and Maintenance using Aegir
* Server monitoring using New Relic & load testing using Blazemeter
* Hosting and managing your site in the cloud
It is my aim to introduce ( in some cases briefly) tools and services that have made a difference to me that may have the potential to add to and improve your existing workflows.
This document provides an overview of microservices in the enterprise. It discusses factors driving the rise of microservices like SOA fatigue and the need for faster innovation. Examples of microservice architectures from companies like Netflix, Twitter and Gilt are presented. Key capabilities for building enterprise-ready microservices are described, including service discovery, description, deployment isolation using containers, data/verb partitioning, lightweight middleware, API gateways and observability. Open source technologies that support implementing these capabilities are also outlined. The document concludes that microservices are the future of distributed systems and enterprises should implement solutions from first principles using inspiration from internet companies.
Cisco APIs: An Interactive Assistant for the Web2Day Developer ConferenceCisco DevNet
Stève Sfartz is an API evangelist at Cisco who presented on Cisco APIs and leveraging them through examples. The presentation covered Cisco technologies like Connected Mobile Experience (CMX), Mobility IQ, and Cisco Spark which have REST APIs that can be used to access location data, analytics, and collaboration features. It encouraged developers to join the Cisco DevNet community to learn about APIs, take labs, and interact with other developers.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
1. Blue Teaming on a Budget
Carl Fong – CTO
cfong@ocde.us
Nigel Green
Cybersecurity Analyst
ngreenjr@ocde.us
Kevin Riley
Cyber Security Architect
kriley@ocde.us
CITE Conference 2022
2. What is the Blue Team?
• Defenders
• Responders
• SME
4. OSINT Tools
Usernames
Email Addresses
Domain Name
IP Address
Images/Videos/Docs
Social Networks
Search Engines
https://osintframework.com
https://Id.crawl.com,
https://whatsmyname.app,
www.google.com ,
https://www.yandex.com/images
https://thatsthem.com
5. OSINT Tools
Blind Crawler And Cewl
Find Email Addresses
Find Subdomains
Site Paths
Generate Word Lists
Find emails
•Find Subdomains
•Site Paths
•Generate Word Lists
https://github.com/AhmedConstant/BlindCrawler/R
EADME.md,
https://github.com/digininja/CeWL
https://github.com/BillyV4/ID-entify
https://haveibeenpwned.com
https://dehased.com
6. OSINT Tools
Mr. Holmes
Whats My Name
Sherlock
Find emails
•Find Subdomains
•Site Paths
•Generate Word Lists
https://github.com/Lucksi/Mr.Holmes
https://github.com/m4ll0k/Infoga
https://github.com/sherlock-project/sherlock
https://github.com/WebBreacher/WhatsMyName
8. OSINT Tools
Have I been pwned?
DeHashed
Find emails
•Find Subdomains
•Site Paths
•Generate Word Lists
https://haveibeenpwned.com/
https://www.dehashed.com
9. OSINT Tools
Image Search
Sock Puppets
Find emails
•Find Subdomains
•Site Paths
•Generate Word Lists
https://this-person-does-not-exist.com/en
https://fauxid.com/
www.bing.com,
https://cybervie.com/blog/what-is-sock-puppets-iin-osint-how-to-create-one/
Youtube video on how to search via images using bing.com
https://www.youtube.com/watch?v=OsY32K1s51Y&ab_channel=DavidBombal
10. OSINT Tools
Find emails
•Find Subdomains
•Site Paths
•Generate Word Lists
Heath Adams ( The Cyber Mentor) 5 hour video on OSINT:
https://www.youtube.com/watch?v=qwA6MmbeGNo&ab_channel=TheCyberMentor
11. Sysinternals
• Mark Russinovich -1996
• Microsoft
• Free
• Actively Developed
Main Site
https://learn.microsoft.com/en-us/sysinternals/
Live Download
https://live.sysinternals.com/
12. Sysinternals
Sysmon
PS C:Program Filessysmon> .Sysmon64.exe -i .sysmon-config.xml
System Monitor v14.12 - System activity monitor
By Mark Russinovich and Thomas Garnier
Copyright (C) 2014-2022 Microsoft Corporation
Using libxml2. libxml2 is Copyright (C) 1998-2012 Daniel Veillard.
All Rights Reserved.
Sysinternals - www.sysinternals.com
Loading configuration file with schema version 4.50
Sysmon schema version: 4.83
Configuration file validated.
Sysmon64 installed.
SysmonDrv installed.
Starting SysmonDrv.
SysmonDrv started.
Starting Sysmon64..
Sysmon64 started.
https://github.com/SwiftOnSecurity/sysmon-config
26. Suricata / Snort IDS
High performance - multi-threaded, scalable code base
Multipurpose Engine - NIDS, NIPS, NSM, offline analysis, etc.
Cross-platform support - Linux, Windows, macOS, OpenBSD, etc.
Modern TCP/IP support including a scalable flow engine, full IPv4/IPv6, TCP
streams, and IP packet defragmentation
Protocol parsers - packet decoding, application layer decoding
HTTP engine - HTTP parser, request logger, keyword match, etc.
Autodetect services for portless configuration
Lua scripting (LuaJIT)
Application-layer logging and analysis, including TLS/SSL certs, HTTP requests,
DNS requests, and more
Built-in hardware acceleration (GPU for network sniffing)
File extraction
https://suricata.readthedocs.io/en/suricata-6.0.9/
Modular design:
Multi-threading for packet processing
Shared configuration and attribute table
Use a simple, scriptable configuration
Plugin framework, make key components pluggable (and 200+ plugins)
Auto-detect services for portless configuration
Auto-generate reference documentation
Scalable memory profile
Rule parser and syntax (support sticky buffers in rules)
https://www.snort.org/documents
27. OSQuery
OSQuery allows you to use SQL to access information about a system.
Runs everywhere.
Cross platform – Mac, Windows, Linux
Small footprint
OSQuery Site
https://www.osquery.io/
OSQuery resources
https://github.com/sttor/awesome-osquery
https://fleetdm.com/
Osint is a compilation of publicly available resources to acquire knowledge about an individual, company, or subject matter. In this presentation, I will go over some of the tools I use to conduct OSINT research on the districts with which we conduct pentesting engagements. I will discuss how you can also use these tools to decrease your threat landscape to threat actors.
The picture above is an OSINT framework that outlines various tools you can use to gather information on people and organizations. The bullet points to the left outline the typical things the OCDE cybersecurity department would focus on during a pen testing engagement. We would include these things in the OSINT section of our report to the district.
BlindCrawler is a really helpful tool that helps to enumerate a target organization’s website. Blindcrawler will find emails and websites paths and save them in a text file. Finding emails in the environment is important when identifying company personnel to target with different attack vectors to penetrate the organization. Cewl is a tool that generates a wordlist from a website for password cracking of NTLM hashes. These would expedite password cracking if users in the environment use passwords that are related to where they work i.e. OCDE123!! Creating unique passwords reducing the security risk for your organization. It only takes one account with the correct access to get into an organization.
Mr. Holmes is my OSINT search tool of choice. It provides several options to utilize when researching someone. It searches popular social media sites for the username you input. It is also able to validate an email. Mr. Holmes can be installed on Kali Linux/Ubuntu. Mr. Holmes will also save a report of everything found in a folder with a file in different file formats. Review the security section of your social media accounts. There are options to keep people who aren’t your friends from viewing your profile and friends. A threat actor can use your social media accounts to gain valuable information about you and use that to comprise the organization that you work for.
DNS Dumpster help to provide a security overview of your organization. DNSdumpster does this by discovering hosts related to a domain. This is valuable for assessing whether hosts are visible to a threat actor because DNS dumpster is a free tool.
HaveIbeenpwned is a valuable tool because it lets you know if an email has been leaked in any breaches. This can be a great tool to check to see if any of your staff members’ work email has been found in a breach. This way you can inform them to change their passwords as passwords are usually leaked with email information. Dhashed takes HaveIbeenpwned to the next level and allows you to search for leaked passwords and hashes of email/username account.
This is Kristy Boyer she lives in San Rafael New Mexico. Her email address k.boyer@gmail.com. We can use the OSINT tools that we have previously discussed to find out what accounts she has only. She is not a real person. This picture is not real and there is no Kristy Boyer. This is an AI generated photo. If you look real closely on her face by her cheek the hair blends in with the skin. These are they types of profiles you need to be aware of. What I created was a sock puppet. Threat actors can create fake people and profiles to steal your information or catfish you.
Your users are your first line of defense. Educating them on best practices for password use, safe browsing, data protection, and avoiding password reuse is imperative in keeping your environment safe. Users should know that their data is valuable for threat actors who wish to use it for financial gain. Threat actors use social engineering, phishing, vishing, and smishing to extract vital information from users. Know what these threats look and sound like and be careful what links you click. What can you do to protect your users? Invest in phishing simulation software to educate your user bases such as Knowbe4 or Proofpoint Phishing Education. Encourage your users to use a password manager. If using a password manager please sign out of your password manager daily.
osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.