This slide is a entry level introduction to blockchain security, it illustrates the current status of the issue, summarises attack methodology, and reviewed a few past hack cases.
Blockchain technology is being touted as the Next Big Thing, seemingly capable of great feats of strength and perhaps even curing the common cold. But what exactly is it and how could it contribute to a security program? This session will describe how blockchain works, define its value proposition, and identify specific use cases where blockchain makes sense and some where it doesn't. Along the way, we will discuss similar capabilities and technologies that accomplish the objectives.
Hackbama Presentation
Presenter: Jason Cuneo
Abstract: The revolution of blockchain centered technologies provides security practitioners with a unique opportunity to participate in shaping the future of secure networking and has the potential to redefine how organizations and society transact and determine value. The objective of this discussion is to introduce how blockchains are disrupting the status quo and how they can be used to improve the Cybersecurity landscape.
The fundamental security properties of blockchain originate from both bitcoin architecture and cryptography advances. the proficiency of the cryptographic chain of blocks was advanced giving birth to various inborn security qualities.
Introduction to Blockchain Governance ModelsGokul Alex
The presentation on the history and emergence of distributed consensus and the contemporary aspects of Blockchain Governance presented for the Global FinTech and Blockchain Forum organised by Pyramid Learning Platforms.
This introductory session for the security model of blockchain will cover the 101 of blockchain technology, how transactions work and the use of cryptography for securing the distributed ledger, private and public keys, multisignature and review one of the hacks Ethereum has been exposed to, the parity wallet hack.
Deja vu Security - Blockchain Security Summit - Adam CecchettiScott Strang
Deja vu Security and Peach Tech founder Adam Cecchetti slides from Deja vu Security's December 2017 Security Summit.
The Realities of Enterprise Blockchain
Blockchain is currently everywhere and on the minds of everyone from entrepreneurs to enterprise architects. This talk will explore some of the enterprise focused Blockchain technologies. It will overview how they can fit in the enterprise security ecosystem and what security, integrity, and transnational guarantees they can and cannot provide.
Blockchain technology is being touted as the Next Big Thing, seemingly capable of great feats of strength and perhaps even curing the common cold. But what exactly is it and how could it contribute to a security program? This session will describe how blockchain works, define its value proposition, and identify specific use cases where blockchain makes sense and some where it doesn't. Along the way, we will discuss similar capabilities and technologies that accomplish the objectives.
Hackbama Presentation
Presenter: Jason Cuneo
Abstract: The revolution of blockchain centered technologies provides security practitioners with a unique opportunity to participate in shaping the future of secure networking and has the potential to redefine how organizations and society transact and determine value. The objective of this discussion is to introduce how blockchains are disrupting the status quo and how they can be used to improve the Cybersecurity landscape.
The fundamental security properties of blockchain originate from both bitcoin architecture and cryptography advances. the proficiency of the cryptographic chain of blocks was advanced giving birth to various inborn security qualities.
Introduction to Blockchain Governance ModelsGokul Alex
The presentation on the history and emergence of distributed consensus and the contemporary aspects of Blockchain Governance presented for the Global FinTech and Blockchain Forum organised by Pyramid Learning Platforms.
This introductory session for the security model of blockchain will cover the 101 of blockchain technology, how transactions work and the use of cryptography for securing the distributed ledger, private and public keys, multisignature and review one of the hacks Ethereum has been exposed to, the parity wallet hack.
Deja vu Security - Blockchain Security Summit - Adam CecchettiScott Strang
Deja vu Security and Peach Tech founder Adam Cecchetti slides from Deja vu Security's December 2017 Security Summit.
The Realities of Enterprise Blockchain
Blockchain is currently everywhere and on the minds of everyone from entrepreneurs to enterprise architects. This talk will explore some of the enterprise focused Blockchain technologies. It will overview how they can fit in the enterprise security ecosystem and what security, integrity, and transnational guarantees they can and cannot provide.
Blockchain based Security Architectures - A ReviewGokul Alex
From my session on #Blockchain based #Cybersecurity Architectures presented in the Malabar Cybersecurity Summit organised by RedTeam Hacker Academy in Calicut. This presentation navigates through the fundamental concepts of Blockchain, Tamper Evidence properties of Blockchain Data Structure, Blockchain Architectures, Possibilities of Immutable Ledger, Importance of Blockchain for Digital Identities, IoT Security etc.
Getting Started in Blockchain Security and Smart Contract AuditingBeau Bullock
Why is blockchain security important?
Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system.
The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where users can transact various cryptocurrencies, NFTs, and tokens. Smart contracts can be written to programmatically apply behavior to blockchain transactions. Decentralized Finance (DeFi) markets exist where users can swap tokens without needing to sign up for an account.
All of these pieces are prone to vulnerabilities, and with blockchain being at the forefront of emerging technology new issues are being found daily.
In this Black Hills Information Security (BHIS) webcast, we'll use case studies about recent blockchain hacks to introduce the underlying issues that occur in writing/engineering smart contracts that have ultimately lead to the loss of millions of dollars to attackers.
My presentation prepared for the one-day national level workshop on "Blockchain Technologies" organised by the Department of Information Technology, Academy of Maritime Education and Training. The presentation covers the definition, classification, components, structure and working of ethereum and bitcoin blockchains.
Blockchains and Smart Contracts: Architecture Design and Model-Driven Develop...Ingo Weber
Software Architecture and Business Process Management research by the AAP team, Data61, CSIRO (Sydney Australia):
1. Architectural concerns of developing applications around Blockchain
2. Model-driven development for blockchain smart contracts
3. Business process execution on blockchain (details on one case of 2.)
Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
satoshin@gmx.com
www.bitcoin.org
Abstract.
A purely peer-to-peer version of electronic cash would allow online
payments to be sent directly from one party to another without going through a
financial institution. Digital signatures provide part of the solution, but the main
benefits are lost if a trusted third party is still required to prevent double-spending.
We propose a solution to the double-spending problem using a peer-to-peer network.
The network timestamps transactions by hashing them into an ongoing chain of
hash-based proof-of-work, forming a record that cannot be changed without redoing
the proof-of-work. The longest chain not only serves as proof of the sequence of
events witnessed, but proof that it came from the largest pool of CPU power. As
long as a majority of CPU power is controlled by nodes that are not cooperating to
attack the network, they'll generate the longest chain and outpace attackers. The
network itself requires minimal structure. Messages are broadcast on a best effort
basis, and nodes can leave and rejoin the network at will, accepting the longest
proof-of-work chain as proof of what happened while they were gone.
Analysing Data from Blockchains - Keynote @ SOCCA 2020Ingo Weber
Keynote at the Symposium on Cryptocurrency Analysis (SOCCA 2020). Content:
In order to analyse how concrete blockchain systems as well as blockchain applications are used, data must be extracted from these systems. Due to various complexities inherent in blockchain, the question how to interpret such data is non-trivial. Such interpretation should often be shared among parties, e.g., if they collaborate via a blockchain. To this end, we devised an approach codify the interpretation of blockchain data, to extract data from blockchains accordingly, and to output it in suitable formats -- see https://arxiv.org/abs/2001.10281.
In addition, application developers and users of blockchain applications may want to estimate the cost of using or op- erating a blockchain application. In the keynote, I will also discuss our cost estimation method.
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFGokul Alex
DEFCON is is one of the world's largest and most notable hacker conventions in the world. It an esoteric experience of an elusive kind. It is a daring dream to destroy the dystopian darkness of super surveillance states. Here we are presenting our passion for Blockchain Security in DEFCON 28, based on the theme - 'Preventing DDoS Attacks on Ethereum 2.0 using Verifiable Delay Function Powered Authentication Architectures'. When we teamed up together a month ago, we never ever imagined that we will march into the league of extraordinary hackers to present our beloved blockchain security models in-front of the pioneers and paragons in the security space. We are grateful to all our well wishers in Governments, Private Sector, Academic Institutions, Think Tanks, Research Organisations across the world who has inspired us to deep dive on the creative convergence of cryptography and consensus algorithms to weave this world together. Our session is part of the Block Village stream in the DEFCON 28. Please find further details of the event in the Block Village portal. https://www.blockchainvillage.net/schedule2020
#defcon2020 #defcon28 #cybersecurity #ethereum #blockvillage #blockchainsecurity #blockchainaudit
6
4
key
concepts
of blockchain
-‐
Distributed shared
ledgers
•
Group of
replicated
logs/databases (nodes)
•
Transactions distributed in
blocks
•
All
nodes hold
all
transactions
•
Parties
identified
with public key (=
anonymised
)
•
Accessibility
of transactions depending on
blockchain
implementation
•
Resilient
for failure of one or more nodes
•
Group of nodes operate
tamper proof
Blockchain Scalability - Architectures and AlgorithmsGokul Alex
My presentation on 'Blockchain Scalability - Architectures and Algorithms' for the TechAthena Digital Community Webinar.
Blockchain Scalability is one of the most significant concern for Minimum Viable Blockchain Implementation. It is one of the key aspects determining the relevance and feasibility of Blockchain Technology for a particular use case.This session will cover the fundamental aspects of distributed computing that determine the contours of scalability.
Subsequently, the session will outline the parameters and metrics related to Blockchain Scalability in detail. In this context, the session will deep dive into architectural and algorithmic techniques that enables a scalable Blockchain.Architectural techniques such as vertical scaling and horizontal scaling will be explained in detail. Design techniques such as State Channels, Sharding, SideChains, Off chain computations, Block Size and Time Optimization etc. will be explained.
In summary, this session will conclude with the implications and trade-off between Blockchain Scalability, Security, Simplicity and Interoperability. Looking forward to your views and thoughts !
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018Codemotion
Due to the immutability of the ledger and the difficulty to update their consensus rules, Blockchain applications have many critical layers where a bug can cause huge, irreversible fund losses. This talk will shed some light on why and how Blockchain applications are so critical and will discuss past events that led to fund loss or consensus failures due to bugs in critical parts of the code of Bitcoin and Ethereum applications.
Blockchain based Security Architectures - A ReviewGokul Alex
From my session on #Blockchain based #Cybersecurity Architectures presented in the Malabar Cybersecurity Summit organised by RedTeam Hacker Academy in Calicut. This presentation navigates through the fundamental concepts of Blockchain, Tamper Evidence properties of Blockchain Data Structure, Blockchain Architectures, Possibilities of Immutable Ledger, Importance of Blockchain for Digital Identities, IoT Security etc.
Getting Started in Blockchain Security and Smart Contract AuditingBeau Bullock
Why is blockchain security important?
Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system.
The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where users can transact various cryptocurrencies, NFTs, and tokens. Smart contracts can be written to programmatically apply behavior to blockchain transactions. Decentralized Finance (DeFi) markets exist where users can swap tokens without needing to sign up for an account.
All of these pieces are prone to vulnerabilities, and with blockchain being at the forefront of emerging technology new issues are being found daily.
In this Black Hills Information Security (BHIS) webcast, we'll use case studies about recent blockchain hacks to introduce the underlying issues that occur in writing/engineering smart contracts that have ultimately lead to the loss of millions of dollars to attackers.
My presentation prepared for the one-day national level workshop on "Blockchain Technologies" organised by the Department of Information Technology, Academy of Maritime Education and Training. The presentation covers the definition, classification, components, structure and working of ethereum and bitcoin blockchains.
Blockchains and Smart Contracts: Architecture Design and Model-Driven Develop...Ingo Weber
Software Architecture and Business Process Management research by the AAP team, Data61, CSIRO (Sydney Australia):
1. Architectural concerns of developing applications around Blockchain
2. Model-driven development for blockchain smart contracts
3. Business process execution on blockchain (details on one case of 2.)
Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
satoshin@gmx.com
www.bitcoin.org
Abstract.
A purely peer-to-peer version of electronic cash would allow online
payments to be sent directly from one party to another without going through a
financial institution. Digital signatures provide part of the solution, but the main
benefits are lost if a trusted third party is still required to prevent double-spending.
We propose a solution to the double-spending problem using a peer-to-peer network.
The network timestamps transactions by hashing them into an ongoing chain of
hash-based proof-of-work, forming a record that cannot be changed without redoing
the proof-of-work. The longest chain not only serves as proof of the sequence of
events witnessed, but proof that it came from the largest pool of CPU power. As
long as a majority of CPU power is controlled by nodes that are not cooperating to
attack the network, they'll generate the longest chain and outpace attackers. The
network itself requires minimal structure. Messages are broadcast on a best effort
basis, and nodes can leave and rejoin the network at will, accepting the longest
proof-of-work chain as proof of what happened while they were gone.
Analysing Data from Blockchains - Keynote @ SOCCA 2020Ingo Weber
Keynote at the Symposium on Cryptocurrency Analysis (SOCCA 2020). Content:
In order to analyse how concrete blockchain systems as well as blockchain applications are used, data must be extracted from these systems. Due to various complexities inherent in blockchain, the question how to interpret such data is non-trivial. Such interpretation should often be shared among parties, e.g., if they collaborate via a blockchain. To this end, we devised an approach codify the interpretation of blockchain data, to extract data from blockchains accordingly, and to output it in suitable formats -- see https://arxiv.org/abs/2001.10281.
In addition, application developers and users of blockchain applications may want to estimate the cost of using or op- erating a blockchain application. In the keynote, I will also discuss our cost estimation method.
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFGokul Alex
DEFCON is is one of the world's largest and most notable hacker conventions in the world. It an esoteric experience of an elusive kind. It is a daring dream to destroy the dystopian darkness of super surveillance states. Here we are presenting our passion for Blockchain Security in DEFCON 28, based on the theme - 'Preventing DDoS Attacks on Ethereum 2.0 using Verifiable Delay Function Powered Authentication Architectures'. When we teamed up together a month ago, we never ever imagined that we will march into the league of extraordinary hackers to present our beloved blockchain security models in-front of the pioneers and paragons in the security space. We are grateful to all our well wishers in Governments, Private Sector, Academic Institutions, Think Tanks, Research Organisations across the world who has inspired us to deep dive on the creative convergence of cryptography and consensus algorithms to weave this world together. Our session is part of the Block Village stream in the DEFCON 28. Please find further details of the event in the Block Village portal. https://www.blockchainvillage.net/schedule2020
#defcon2020 #defcon28 #cybersecurity #ethereum #blockvillage #blockchainsecurity #blockchainaudit
6
4
key
concepts
of blockchain
-‐
Distributed shared
ledgers
•
Group of
replicated
logs/databases (nodes)
•
Transactions distributed in
blocks
•
All
nodes hold
all
transactions
•
Parties
identified
with public key (=
anonymised
)
•
Accessibility
of transactions depending on
blockchain
implementation
•
Resilient
for failure of one or more nodes
•
Group of nodes operate
tamper proof
Blockchain Scalability - Architectures and AlgorithmsGokul Alex
My presentation on 'Blockchain Scalability - Architectures and Algorithms' for the TechAthena Digital Community Webinar.
Blockchain Scalability is one of the most significant concern for Minimum Viable Blockchain Implementation. It is one of the key aspects determining the relevance and feasibility of Blockchain Technology for a particular use case.This session will cover the fundamental aspects of distributed computing that determine the contours of scalability.
Subsequently, the session will outline the parameters and metrics related to Blockchain Scalability in detail. In this context, the session will deep dive into architectural and algorithmic techniques that enables a scalable Blockchain.Architectural techniques such as vertical scaling and horizontal scaling will be explained in detail. Design techniques such as State Channels, Sharding, SideChains, Off chain computations, Block Size and Time Optimization etc. will be explained.
In summary, this session will conclude with the implications and trade-off between Blockchain Scalability, Security, Simplicity and Interoperability. Looking forward to your views and thoughts !
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018Codemotion
Due to the immutability of the ledger and the difficulty to update their consensus rules, Blockchain applications have many critical layers where a bug can cause huge, irreversible fund losses. This talk will shed some light on why and how Blockchain applications are so critical and will discuss past events that led to fund loss or consensus failures due to bugs in critical parts of the code of Bitcoin and Ethereum applications.
This presentation is about world's hot trending topic known as "Cryptocurrency". This presentation covers a general knowledge about cryptocurrency, crypto coins, bitcoin, coin mining. It specifically shows people about how to start mining and what are the basic requirements.
Virtual or digital currencies, with Bitcoin chief amongst them, have been gaining momentum and investment over the last couple of years. Offering an almost costless means of making payments around the globe, virtual currencies have the potential to bring significant disruption to the banking industry. This potential is not lost on either Bitcoin startups or banks themselves. But how does Bitcoin actually work? A peer-to-peer network maintains the “blockchain”, an innovative cryptographic protocol which securely mediates payments between parties without mutual trust. This session will step through the structure of the blockchain, showing how it solves the “double spend” problem and allows decentralised processing of financial transactions. Whether Bitcoin will become the currency of the internet or it’s a bubble that is doomed to burst sooner or later, the blockchain itself will change the face of transactional banking and perhaps other industries along the way.
Presentation to the Sydney Financial Mathematics Workshop (11 March 2015)
http://www.qgroup.org.au/content/bitcoin-banking-and-blockchain
Blockchain has gained lots of attention in recent years. Bitcoin and Ethereum are leading the race. Crypto currencies in spite of uncertainty and volatility are here to stay. Smart contract programming is the future for the Internet 3.0.
Blockchain concept and technology. How this is becoming the next trend after the Bitcoin, expanding to a myriad of solutions. Smart contracts might be using a public distributed, and encrypted platform to support data persistence.
Driven by recent increases in cryptocurrency values, Cryptojacking is poised to be a center of conversation. It’s one of the latest innovations in hacking in which a victim’s computer is enlisted to mine cryptocurrency. Unlike ransomware, this attack steals processor cycles in an attempt to mine Monero and other currencies, typically without the user’s knowledge or consent.
Web3 Security: The Blockchain is Your SIEMTal Be'ery
2021’s hottest new tech term, according to TechCrunch, was “definitely Web3”. Web3, as its name suggests, is considered by many as the future of the internet: decentralized, permissionless, and based on modern blockchain technology. While Web3 might have a bright future, it’s in the middle of growing pains: A number of Web3 apps were hacked in 2021, leading to theft of cryptoassets valued at hundreds of millions of US Dollars. In this talk we will present Web3 app technology, dissect new attack surfaces, and suggest new and exciting defense mechanisms.
First, we will dive into the technical details of Web3 applications, showing how Web3 technology opens new attack surfaces by moving app functionality onto the blockchain. We will then analyze these newly-exposed attack surfaces by reviewing a few examples we’ve discovered “in the wild.”
While Web3 exposes new attack surfaces, it also provides novel detection opportunities. Specifically, the public and transparent nature of the blockchain allows security researchers to immediately explore full details of any attack and, as a result, leads to quick and thorough discoveries. This is a paradigm shift in security research, as current practices only allow a few to learn actual attack details, only some portions of which are shared publicly. This shift in transparency allowed us to independently explore the aforementioned attacks.
Furthermore, we believe we can do even better and go beyond rapid post-mortem reports. We will show how the same raw data we had previously used for a post-mortem analysis can be analyzed in real-time (or even ante factum by “taking a peek” into the blocks that have yet to be mined) to detect and even prevent attacks. This capability is enabled by the online nature of the blockchain and its inherent block time delays. In fact, we can import, with relevant modifications, many of the principles and learnings of current web defenses, including Web Application Firewall (WAF) into the realm of blockchain. By doing so, we introduce a scheme for a Web3 Application Firewall (W3AF) which can greatly improve Web3 security and blockchain-based apps.
A broad-ranging introduction into Blockchain, the Mental Models to use to think about its implications (Blockchain as a Database, as a City and as a Continent); and a technical introduction into the key ingredients to build a blockchain as well as dApps.
A research-oriented introduction to the cryptographic currencies (starting wi...vpnmentor
Presentation by Stefan Dziembowski, associate professor and leader of Cryptology and Data Security Group University of Warsaw. In BIU workshop on Bitcoin. Covered exclusively by vpnMentor.com
Presentation Titled " Bitcoin and Ransomware Analysis " we discuss ransomware and how bitcoin are being utlized in cyber crime. we also have look at Bitcoin mining, Bitcoin trading market and block chain concept.
Similar to Brief Introduction to Blockchain Security (20)
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
2. Blockchain - Hacker’s ATM Machine
“More than 980,000 bitcoins have been
stolen from exchanges, which would be
worth more than USD $15 billion at current
exchange rates.”
Reuters on 7 December 2017
“Roughly USD $1.1 billion worth of crypto-
currency was stolen in the first half of
2018.”
Carbon Black on 7 June 2018
2
Total crypto market cap: Around 250 billion
4. Classic Attack: 51 % Attack
● In PoW blockchain (like Bitcoin): Longest Chain Wins
○ When the node see two versions of blockchain, the longer chain
would be picked, and the shorter one would be discarded
● In theory, if the hacker can control 51% (or more) of the
overall hashpower, he can produce new blocks faster
than the public network
4
5. Classic Attack: 51 % Attack
● The hacker will do mining without broadcast to the public
○ A secret version of the chain will exist
● When hacker broadcasts the secret chain, the original
chain would get discarded, because Longest Chain Wins
● The hacker can include transaction in the original chain,
and later force everyone on to the new chain
5
6. Classic Attack: 51 % Attack
● Very difficult and expensive to perform on Bitcoin chain
○ Need to control HUGE hashpower
● But not impossible …
○ 56.3% of the hashpower “controlled” by Bitmain
○ Lack the motivation to conduct the attack
■ Miners can switch mining pool at will
■ Act honestly can earn more consistently
owned
lead the
investment
Alliance
6
7. Classic Attack: 51 % Attack
● But not so difficult on less popular chains…
○ https://www.crypto51.app/
○ Real attacks did happen on some of the smaller coins like Bitcoin Gold, Verge,
etc.
7
8. How Hackers Attack the Blockchain
Hack the protocol
● Design issue
● Code flaw
● Vulnerable node
● Logic errors Hack the exchange
● Application
vulnerability
● Employee computer
compromise
● Cloud infrastructure
compromise
● DNS service hijack
● Rogue insider
● Customer
credentials
compromise
● Denial of Service
attack
Hack the miner / mining
pool
● Physical breach
● Malware
● Hosting account
compromise
● Rogue insider
Hack the wallet
● Design flaw
● Social
engineering
● Credential theft
● Malware
Not in the diagram
● ICO Scam
● Cloud mining scam
● Hacked scam
● Kidnap and violence
● ...
8
9. Crypto Institution Hacks In The Past
Data source: https://magoo.github.io/Blockchain-Graveyard/
The security of blockchain not only depends on blockchain
concepts like decentralization, consensus and smart
contract, it’s also closely related to traditional cyber security
mechanisms.
9
10. Case Study 1: Exchange Hack
Mt Gox Hack in 2011-2013
● BitcoinCore before 0.4.0 (released in Sep 2011) doesn’t
support native private key encryption
● Mt Gox’s wallet.dat file (contains private key for the hot
wallet in plaintext) was stolen via remote hacking or insider
theft
● Mt Gox wasn’t aware of the key theft for years
● Users keeps depositing into the hot wallet
● In total 744,000 Bitcoins had been lost (6% of the total 12.4
mil Bitcoin in circulation in Q4 2013)
References:
https://bitcoin.org/en/release/v0.4.0
https://blog.wizsec.jp/2017/07/breaking-open-mtg
ox-1.html
10
11. Case Study 2: Exchange User Hack
Binance Attack in March 2018
● Hackers using URLs like www.biṇaṇce.com to steal user credentials
● Bypass 2FA by double login, and create API for auto trading
● In 48 hours, BTC drop 20%, global crypto market cap drop 15%
1. User login with
credentials and OTP
2. Hacker redirect user to the real
Binance
3. Hacker login using valid OTP
within 30 sec
Altcoins BTC VIA
VIA BTC
Withdraw
(Failed)
Compromised accounts
Hacker’s accounts
Phishing
API
Trading
Reference: https://cryptobriefing.com/binance-suspends-withdrawals-after-possible-api-breach/
11
12. Case Study 3: Mining Pool Hack
Slush Pool hack in March 2012
● Early days of CPU/GPU mining era, Slush pool has a mining
market share of 13%
● Slush Pool’s cloud infrastructure provider, Linode, got
hacked
● According to Linode “an intruder accessed a web-based
Linode customer service portal”
● Hackers compromised Slush Pool’s hot wallet that
contained 3000+ BTC
● The Linode hack also affected the community, including:
○ Gavin Andersen, founder of Bitcoin Foundation
○ Bitcoinica, a well known Bitcoin trading platform
● Total loss up to 46,703 BTC (0.5% of the world’s total BTC at
the time of the hack)
References:
http://archive.is/tRQ9#selection-78.10-78.14
https://blog.trezor.io/how-trezor-was-born-from-a-hacking-attack-that-affected-slush-pool-7a538f03fd8f
12
13. Case Study 4: Wallet Hack
MyEtherWallet Hack in April 2018
● MyEtherWallet is a popular online service for
cryptocurrency transactions
○ An interface to interact with the blockchain
○ User upload private key in order to make a transaction
○ MyEtherWallet won’t hold user’s funds/private key
● Hackers hacked into the BGP router in the ISP
● Users were redirected by false DNS record to a fake
website, and wallets got emptied
AWS
ISP
Server
Hacked
BGP
Router
Fake site
MyEtherWallet
server in
Russia
DNS redirect to
AWS Route 53
User
13
14. Lessons Learned from Case 1-4
● Blockchain is effectively decentralized, but the solutions
built around blockchain is still centralized (also the
infrastructure…)
○ Exchange
○ Mining pool
○ …
● Problems of centralization:
Single Point of Failure
● Possible solutions:
Decentralized Everything?
14
15. Case Study 5: Protocol Hack
BEC Overflow Vulnerability in April 2018
BEC is a ERC20 token written in Solidity
● Problematic function: batchTransfer
○ Send a fixed amount of token (_value) to an array of receivers
(_receivers), the number of receivers in the array is (cnt)
● Maximum value for an uint256 parameter is 2^256-1
● Hackers set _value=2^255, cnt=2, amount overflowed to be 0
● require(_value > 0 && balances[msg.sender] >= amount) Always
true! function batchTransfer(address[] _receivers, uint256 _value) public returns
(bool) {
uint cnt = _receivers.length;
// Total number tokens withdrawn from the sender.
uint256 amount = uint256(cnt) * _value;
require(cnt > 0 && cnt <= 20);
// Check if the sender can afford it.
require(_value > 0 && balances[msg.sender] >= amount);
// Withdraw the amount from sender.
balances[msg.sender] = balances[msg.sender].sub(amount);
for (uint i = 0; i < cnt; i++) {
// Transfer _value to each of the receiver.
balances[_receivers[i]] = balances[_receivers[i]].add(_value);
Transfer(msg.sender, _receivers[i], _value);
}
// Succeeds or die.
return true;
}
Result:
● Sender sent 0
token!
● Receiver each get
2^255 tokens!
15
16. 16
Lessons learned from Case 5
● Security is often the least concerned aspect for a
startup (which is the reality but not the right thing to
do in blockchain field)
● Smart contracts were often developed by developers
without a security mindset
● Security frameworks for references
○ OpenZeppelin
(https://github.com/OpenZeppelin/openzeppelin-solidity)
○ CryptoCurrency Security Standard
(https://cryptoconsortium.org/standards/CCSS)
○ Smart Contract Best Practices
(https://github.com/ConsenSys/smart-contract-best-practi
ces)
Reference:
https://etherscan.io/token/0xc5d105e63711398af9bbff092d4b6769c82f793d?a=0xb4d30cac5124b46c2df0cf3e3e1be05f42119033