HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Brian Gorenc, Trend Micro
Much like their six-legged counterparts in nature, bugs in software have a lifecycle. They are discovered, they get exploited, they get reported, they get patched, and usually, they go away. At each stage of this lifecycle, information about the vulnerability equates to a monetary value, and, depending on how this information is disseminated, that monetary value can drastically change. Various marketplaces exist for security research, and the current gray and black markets can be as robust as their white market counterparts. Different agents within these markets influence research trends by shifting finances to or away from specific areas, resulting in more bugs discovered and reported in that area.
Even if you don’t directly participate in this economy, it impacts you and the systems you defend. Bugs bought and sold in the marketplace often become security patches and sometimes get wrapped into exploit kits or malware. Administering the world’s largest vendor agnostic bug bounty program puts us in a unique position to examine the inner workings of these transactions. While firmly in the white market, our experience and relationships provide us with insight across the entire exploit landscape. Some of these factors might not be obvious to those outside of the marketplace until exposed through data leaks or compromise.
These hidden factors can shift prices and send researchers – and thus exploits – in new directions. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an exploit kit. This presentation covers the inner-workings of the exploit marketplace, the main players in various sectors, and the winding, often controversial lifespan of a security bug. We include real-world examples of how effectively run programs have disrupted nation-state exploit usage in the wild, and take a look at how existing and impending legislation could irrevocably affect the exploit marketplace – and maybe not for the better.
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...Knud Lasse Lueth
This is the presentation that I held at the 3rd IoT Meetup Hamburg on February 5, 2015.
The presentation includes a number of competitive intelligence analyses on the Internet of Things. It does not include the results from the breakout sessions.
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...IoTAnalytics
This is the presentation that we held at the 3rd IoT Meetup Hamburg on February 5, 2015.
The presentation includes a number of competitive intelligence analyses on the Internet of Things. It does not include the results from the breakout sessions.
Results from the 2018 edition of our annual IoT Developer Survey.
An analysis of the key findings and trends of the survey is available here: https://blog.benjamin-cabe.com/2018/04/17/key-trends-iot-developer-survey-2018
The survey features trends on IoT cloud platforms, programming languages, databases, security practices, messaging protocols (MQTT, AMQP), and more.
Brian Gorenc, Trend Micro
Much like their six-legged counterparts in nature, bugs in software have a lifecycle. They are discovered, they get exploited, they get reported, they get patched, and usually, they go away. At each stage of this lifecycle, information about the vulnerability equates to a monetary value, and, depending on how this information is disseminated, that monetary value can drastically change. Various marketplaces exist for security research, and the current gray and black markets can be as robust as their white market counterparts. Different agents within these markets influence research trends by shifting finances to or away from specific areas, resulting in more bugs discovered and reported in that area.
Even if you don’t directly participate in this economy, it impacts you and the systems you defend. Bugs bought and sold in the marketplace often become security patches and sometimes get wrapped into exploit kits or malware. Administering the world’s largest vendor agnostic bug bounty program puts us in a unique position to examine the inner workings of these transactions. While firmly in the white market, our experience and relationships provide us with insight across the entire exploit landscape. Some of these factors might not be obvious to those outside of the marketplace until exposed through data leaks or compromise.
These hidden factors can shift prices and send researchers – and thus exploits – in new directions. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an exploit kit. This presentation covers the inner-workings of the exploit marketplace, the main players in various sectors, and the winding, often controversial lifespan of a security bug. We include real-world examples of how effectively run programs have disrupted nation-state exploit usage in the wild, and take a look at how existing and impending legislation could irrevocably affect the exploit marketplace – and maybe not for the better.
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...Knud Lasse Lueth
This is the presentation that I held at the 3rd IoT Meetup Hamburg on February 5, 2015.
The presentation includes a number of competitive intelligence analyses on the Internet of Things. It does not include the results from the breakout sessions.
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...IoTAnalytics
This is the presentation that we held at the 3rd IoT Meetup Hamburg on February 5, 2015.
The presentation includes a number of competitive intelligence analyses on the Internet of Things. It does not include the results from the breakout sessions.
Results from the 2018 edition of our annual IoT Developer Survey.
An analysis of the key findings and trends of the survey is available here: https://blog.benjamin-cabe.com/2018/04/17/key-trends-iot-developer-survey-2018
The survey features trends on IoT cloud platforms, programming languages, databases, security practices, messaging protocols (MQTT, AMQP), and more.
Key takeaways -
1. Key drivers for Software Supply Chain Security in 2022 and beyond
2. Top 3 challenges for scaling Software Supply Chain Security
3. Summary of emerging best practices and a few open-source tools
For nearly 30 years, Trend Micro’s unwavering vision has been to make the world safe for exchanging digital information. Security is our entire focus, and it shows. This single-minded passion has inspired our innovations that keep up with the bad guys despite a changing IT landscape, riskier user behavior, and constantly evolving threats.
Web3 Security Reports for Informed Decision-Making and Risk Mitigation
Stay ahead of the curve with expertly crafted Web3 security reports that offer actionable insights and unparalleled analysis.
Web3 Security Outlook 2022
-> $4B were lost in 300+ security exploits in 2022
-> The report outlines all major hacks and security breaches that occurred in 2022.
-> The report also explores new technologies, such as Layer 2 and zero-knowledge proofs, the role of AI in securing the Web3 ecosystem, and offers essential technical measures for smart contract developers to mitigate vulnerabilities.
Protecting your Web3 assets and users from security threats is crucial but can be overwhelming.
That's why we have curated a series of expertly crafted reports that provide real-world examples and practical advice. Our engaging and informative reports are the ultimate resource for businesses and organisations operating in the Web3 space. Join us on the journey to a safer Web3 world.
B2B Tech Trends 2019
Read the full post on B2B TECH TRENDS 2019 at fourquadrant.com/tech-trends-for-b2b-marketers/
Included in this SlideShare Deck is:
Trend No. 1: Autonomous Things
Trend No. 2: Augmented Analytics
By 2020, more than 40% of data science tasks will be automated
Trend No. 3: AI-Driven Development
Trend No. 4: Digital Twins
Trend No. 5: Empowered Edge
Trend No. 6: Immersive Technologies
By 2022, 70% of enterprises will be experimenting with immersive technologies for consumer and enterprise use, and 25% will have deployed to production
Trend No. 7: Blockchain
Blockchain Will Create $3.1T in Business Value by 2030
Trend No. 8: Smart Spaces
Trend No. 9: Digital Ethics & Privacy
Trend No. 10: Quantum Computing
============================================================
FOR ADDITIONAL GO TO MARKET RESOURCES VISIT www.fourquadrant.com
============================================================
Read the full post on B2B TECH TRENDS 2019 at fourquadrant.com/tech-trends-for-b2b-marketers/
CMO Spend Survey, fourquadrant.com/cmo-spend-research-results-2018-2019/
Go to Market Resources @ fourquadrant.com
Predictive Marketing Analytics Buyer’s Checklist, fourquadrant.com/go-to-market-planning-templates/predictive-marketing-analytics-buyers-checklist/
Free Downloads @ fourquadrant.com/free-marketing-templates/
Go to Market Insights @ fourquadrant.com/go-to-market-planning-templates/
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
In today’s digital world, the issue of cyber-security is something that is continually weighing on everyone’s mind, especially with the exponential growth of connected devices thanks to the Internet of Things. But despite the growing attack surface, businesses everywhere cannot ignore the value of implementing IoT solutions. IoT security is complex, especially due to the nature of the legacy devices and the complex ecosystem,
Download Lantronix VP of Marketing Shahram Mehraban's 2018 Sensors Expo Keynote to learn more.
Check Point Software Technologies y Secure Soft Corporation lo invitan a su
próximo encuentro donde aprenderá cómo proteger sus redes, cloud, smartphones y
tablets gracias a Infinity Total Protection by Check Point.
This was delivered during National Apprenticeships Week 2018. The global shortage of Cyber Security Professionals is set to grow to 1.5 million in 2019. By harnessing apprenticeships organisations can train new talent and up-skill existing employees.
Digital technology as driving force for industry 4.0 and digital economySuta Wijaya
Digital Technology has been fueling the Industrial Revolution and digital economy as it creates rapid transition to new manufacturing processes in industry, from manual process to mechanization, started from hand process (manual), steam power machine, electricity power assembly line, electronics and it automation, to digital – biological - physical systems and AI
Peter Todd - Hardware Wallets - Threats and VulnerabilitiesHacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Seyfullah Kilic - Hacking Cryptocurrency Miners with OSINT TechniquesHacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
More Related Content
Similar to Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings of the Bug Bazaar”.
Key takeaways -
1. Key drivers for Software Supply Chain Security in 2022 and beyond
2. Top 3 challenges for scaling Software Supply Chain Security
3. Summary of emerging best practices and a few open-source tools
For nearly 30 years, Trend Micro’s unwavering vision has been to make the world safe for exchanging digital information. Security is our entire focus, and it shows. This single-minded passion has inspired our innovations that keep up with the bad guys despite a changing IT landscape, riskier user behavior, and constantly evolving threats.
Web3 Security Reports for Informed Decision-Making and Risk Mitigation
Stay ahead of the curve with expertly crafted Web3 security reports that offer actionable insights and unparalleled analysis.
Web3 Security Outlook 2022
-> $4B were lost in 300+ security exploits in 2022
-> The report outlines all major hacks and security breaches that occurred in 2022.
-> The report also explores new technologies, such as Layer 2 and zero-knowledge proofs, the role of AI in securing the Web3 ecosystem, and offers essential technical measures for smart contract developers to mitigate vulnerabilities.
Protecting your Web3 assets and users from security threats is crucial but can be overwhelming.
That's why we have curated a series of expertly crafted reports that provide real-world examples and practical advice. Our engaging and informative reports are the ultimate resource for businesses and organisations operating in the Web3 space. Join us on the journey to a safer Web3 world.
B2B Tech Trends 2019
Read the full post on B2B TECH TRENDS 2019 at fourquadrant.com/tech-trends-for-b2b-marketers/
Included in this SlideShare Deck is:
Trend No. 1: Autonomous Things
Trend No. 2: Augmented Analytics
By 2020, more than 40% of data science tasks will be automated
Trend No. 3: AI-Driven Development
Trend No. 4: Digital Twins
Trend No. 5: Empowered Edge
Trend No. 6: Immersive Technologies
By 2022, 70% of enterprises will be experimenting with immersive technologies for consumer and enterprise use, and 25% will have deployed to production
Trend No. 7: Blockchain
Blockchain Will Create $3.1T in Business Value by 2030
Trend No. 8: Smart Spaces
Trend No. 9: Digital Ethics & Privacy
Trend No. 10: Quantum Computing
============================================================
FOR ADDITIONAL GO TO MARKET RESOURCES VISIT www.fourquadrant.com
============================================================
Read the full post on B2B TECH TRENDS 2019 at fourquadrant.com/tech-trends-for-b2b-marketers/
CMO Spend Survey, fourquadrant.com/cmo-spend-research-results-2018-2019/
Go to Market Resources @ fourquadrant.com
Predictive Marketing Analytics Buyer’s Checklist, fourquadrant.com/go-to-market-planning-templates/predictive-marketing-analytics-buyers-checklist/
Free Downloads @ fourquadrant.com/free-marketing-templates/
Go to Market Insights @ fourquadrant.com/go-to-market-planning-templates/
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
In today’s digital world, the issue of cyber-security is something that is continually weighing on everyone’s mind, especially with the exponential growth of connected devices thanks to the Internet of Things. But despite the growing attack surface, businesses everywhere cannot ignore the value of implementing IoT solutions. IoT security is complex, especially due to the nature of the legacy devices and the complex ecosystem,
Download Lantronix VP of Marketing Shahram Mehraban's 2018 Sensors Expo Keynote to learn more.
Check Point Software Technologies y Secure Soft Corporation lo invitan a su
próximo encuentro donde aprenderá cómo proteger sus redes, cloud, smartphones y
tablets gracias a Infinity Total Protection by Check Point.
This was delivered during National Apprenticeships Week 2018. The global shortage of Cyber Security Professionals is set to grow to 1.5 million in 2019. By harnessing apprenticeships organisations can train new talent and up-skill existing employees.
Digital technology as driving force for industry 4.0 and digital economySuta Wijaya
Digital Technology has been fueling the Industrial Revolution and digital economy as it creates rapid transition to new manufacturing processes in industry, from manual process to mechanization, started from hand process (manual), steam power machine, electricity power assembly line, electronics and it automation, to digital – biological - physical systems and AI
Similar to Brian Gorenc on the topic “Modern Day Entomology - Examing the Inner Workings of the Bug Bazaar”. (20)
Peter Todd - Hardware Wallets - Threats and VulnerabilitiesHacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Seyfullah Kilic - Hacking Cryptocurrency Miners with OSINT TechniquesHacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Tomi Wen - The Blockchain Built for Real World AppsHacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Renaud Lifchitz - Blockchain decentralized apps: the future of malwares?Hacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?Hacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Alex Zdrilko - АI and Blockchain in real life application with the highest se...Hacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
John Graham-Cumming - Helping to build a better InternetHacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Hacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Max Keidun - How to build a Bitcoin exchange and not burn in hellHacken_Ecosystem
Max Keidun - How to build a Bitcoin exchange and not burn in hell
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Ryan Stortz & Sophia D'Antoine - “EVM2VEC: Bug Discovery in Smart Contracts”Hacken_Ecosystem
Sophia D'Antoine and Ryan Stortz on the topic “EVM2VEC: Bug Discovery in Smart Contracts”
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI""Hacken_Ecosystem
Dinis Guarda - CEO and Founder Ztudium - blocksdna presentation on Hackit 4.0: Hacking the DNA of humanity with Blockchain and AI
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players of the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/2CRnP9g
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking #ai #dna
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
2. 2 Copyright 2018 Trend Micro Inc.
Director of Vulnerability Research at Trend Micro
Leads the Zero Day Initiative
Organizes Pwn2Own
Approver of Payments
Past Experiences
Lead Developer at Lockheed Martin
Bug Hunter
Past research:
Microsoft Bounty submission
Patents on Exploit Mitigation Technologies
Bug hunting in many products
Twitter: @MaliciousInput
Brian Gorenc
4. 4 Copyright 2018 Trend Micro Inc.
How it works
Trend Micro Customers Protected Ahead of Patch
Other Network Security Vendor’s Customers at Risk
Vulnerability
submitted to the
ZDI program
Vendor Notified
Digital Vaccine®
Filter Created
Vendor Response
Window
Vulnerability is
Patched or
Remains Unfixed
Public Disclosure
8. 8 Copyright 2018 Trend Micro Inc.
Variety
High-Profile
SCADA/IIoT
Infrastructure
Virtualization
IoT
Enterprise
Security
Misc
Open Source
Web
Other
Mobile
Top Vendors
Vulnerability Submitted: A researcher submits a previously unpatched vulnerability to the Zero Day Initiative, who validates the vulnerability, determines its worth, and makes a monetary offer to the researcher.
Vendor Notified: The Zero Day Initiative responsibly and promptly notifies the appropriate product vendor of a security flaw with their product(s) or service(s).
Digital Vaccine® Filter Created: Simultaneously with the vendor being notified, Trend Micro TippingPoint works to create a Digital Vaccine filter to protect customers from the unpatched vulnerability.
Vendor Response: The Zero Day Initiative allows the vendor four months to address the vulnerability.
Vulnerability is Patched or Remains Unfixed: The vendor will either release a patch for the vulnerability or indicate to the Zero Day Initiative that it is unable to, or chooses not to, patch the vulnerability.
Public Disclosure: The Zero Day Initiative will publicly and responsibly disclose the details of the vulnerability on its Web site in accordance with its vulnerability disclosure policy.
Now, when Hacking Team happened most in the industry poured over the evidence look for 0-day. Not ZDI. We looked for financial data.
Who was buying, Who was selling, What were the prices? Are we making a impact in the shady grey market?
Hacking Team dumps give us solid evidence here…and it is quite lucrative.
RAV service 90,000 E to Czech Republic
Similar service to Kazazkhstan for 180,000 E
Additional buyers:
Guatemala
Lebanon
Mongolia
Russia
Egypt
Vietnam
Malaysia
Federal police of brazil
Bangladesh Police - Rapid Action Battalion
Republic of South Korea - Army
Saudi Arabia
Cyprus
UAE
Mexico
Republic of Hungary
And
Small company called Cyberpoint in MD< USA
Information from their Board of Directors meeting leads to other interesting insights into the marketplace
10 million in revue
Expected >30% growth
Paid employees $80,000 on average
Other Personal Cost
500,000
Grow by 50% next year
What is the category? Could it be consultancy fees and the broker costs. Highly likely.
To make this money, you need in this business you need 0-day exploits. Via FTE or from the free market…
How do they do they engage in the free market?
Go directly to the researchers. But you have to be good…
For example, take Vitaliy Toropov
Next option is Vulnerability Brokers to keeps the remote access product working is brokers.
Here we have an Adobe Flash exploit for sale
The most interesting here is the asset availability. Why buy exclusive or non-exclusive? Stealthiness, of course.
For highly target attacks, a “fire-and-forget” model is the only real option. The more it is out there, the more likely it will get caught.
But what does that benefit cost?
Much better then the consultancy rate. $95,000
Paid out over a 3 month period. Why is this done?
0-day is only as good as long as it is 0-day. Fees are paid out over time so the original researcher does not burn the bug after the payment.
What is being avilable?
Browsers, Kernel, Mobile, Security Software, Core Software like PHP
So how does ZDI fair in the what it is attracting from the marketplace?
Are we buying and fixing bugs that will impact the grey market and protect customers?
The answer is YES
But where is the evidence of our impact in this market place?
Jan 2013 - https://blog.mozilla.org/security/2013/01/29/putting-users-in-control-of-plugins/
JIT (Bound Checking, Type Confusion)
UAF due to MemGC failed as a mitigation
Issue in JavaScript Array Implementation
JIT (Bound Checking, Type Confusion)
UAF due to MemGC failed as a mitigation
Issue in JavaScript Array Implementation
Adobe End of life announcement - https://theblog.adobe.com/adobe-flash-update/
JIT (Bound Checking, Type Confusion)
UAF due to MemGC failed as a mitigation
Issue in JavaScript Array Implementation
JIT (Bound Checking, Type Confusion)
UAF due to MemGC failed as a mitigation
Issue in JavaScript Array Implementation
December 2013
The purpose of the amendments was to prevent Western technology companies from selling surveillance technology to governments known to abuse human rights.
The Wassenaar Arrangement was established to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations. Participating states seek, through their national policies, to ensure that transfers of these items do not contribute to the development or enhancement of military capabilities which undermine these goals, and are not diverted to support such capabilities.
https://www.wassenaar.org/app/uploads/2018/01/WA-DOC-17-PUB-006-Public-Docs-Vol.II-2017-List-of-DU-Goods-and-Technologies-and-Munitions-List.pdf
Starting in 2007, the Pwn2Own hacking competition has grown into the world’s premier hacking contest. 2017 was the 10th anniversary of the contest, and more than $1 million dollars was made available to contestants. It’s only a slight hyperbole to refer to Pwn2Own as the root of all research. When we announce a new category for Pwn2Own, we don’t expect to see any entries in that category that year. However, history has shown that once we announce a new target at Pwn2Own, researchers start working in that area and submit entries the following year. That happened in 2016 when we announce VMWare as a target. As expected, we didn’t get any entries in 2016, but we did get two successful VMWare escapes in 2017. This was also our first year with Hyper-V and Apache web server as a target, and again, we didn’t receive any attempts on these targets. Next year’s conference should prove interesting.