Cabra Arretado Aperriando o WordPress
•
2 likes•339 views
Palestra realizado pelo Roberto Espreto aka espreto durante a 2a.edição da Nullbyte Security Conference em 21 de novembro de 2015. Resumo: Desenvolvimento seguro? Melhores práticas? Exagero. Isso é apenas um plugin do WordPress que faz..." Ei bichim, já ouviu algum cabra-de-aió falar algo semelhante? Com certeza sim. Pois bem, o objetivo desta apresentação é demonstrar em tempo real a facilidade e rapidez em criar e/ou adaptar exploits para o Metasploit Framework desde o seu disclosure na internet até a exploração do WordPress.
Report
Share
Report
Share
Download to read offline
Recommended
Stealth post-exploitation with phpsploit
Palestra realizada por Neal Mokrane aka nil0x42 durante a 3a. ediação da Nullbyte Security Conference em 26 de novembro de 2016
Resumo
PhpSloit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. This talk will present common use cases of the framework from an offensive pentester point of view, on realistic cases, including: - post-exploitation with IDS/WAF bypass - persistent backdooring - log analysis evasion - stealth privilege escalation The final part will be dedicated to present a selection of the best plugins (imho) and the versatility of the tool on very specific use cases.
Is rust language really safe?
The document discusses whether the Rust programming language is truly safe. It begins by defining safety as protection from harm. It then provides examples of bugs in other systems that caused major issues like erroneous website classifications, radiation overdoses in medical machines, and multimillion dollar losses. The document outlines some key features of Rust like memory safety guarantees and lack of data races that aim to prevent these issues. However, it notes that unsafe code blocks allow bypassing some checks and could lead to memory corruption if used incorrectly. Therefore, while Rust aims to be safe, vulnerabilities may still be possible through its unsafe capabilities or limitations of compile-time checks.
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
This document discusses hacking routers by exploiting vulnerabilities in their web interfaces. It begins by introducing the author and their background in security research. Several common vulnerabilities are then outlined, including default credentials, authentication bypass, XSS, CSRF and command injection issues. The document provides examples of exploiting these flaws in various router models. A methodology is proposed for analyzing router firmware to find and exploit vulnerabilities, potentially achieving remote code execution. It emphasizes chaining multiple issues together for increased access. Finally, the document suggests that support software, internet service providers, and router developers themselves can also be targeted.
Иван Новиков «Elastic search»
В офисе Mail.Ru Group прошла девятая встреча Defcon Moscow, посвящённая информационной безопасности.
Подробнее о встрече читайте в нашем блоге: http://team.mail.ru/.
Aide 2014 - Fundamentals of Linux Privilege Escalation
This document provides an overview of techniques for privilege escalation on Linux systems. It discusses exploiting software vulnerabilities through exploits, taking advantage of programs with excessive permissions like SetUID binaries, exploiting overly permissive sudo configurations, and manipulating the system PATH variable. The document demonstrates how to identify the system version, find exploitable software, build exploits, and escalate privileges on a target system. It warns that these techniques should only be used with permission on authorized testing systems.
Hacking Lab con ProxMox e Metasploitable
FabLab Bassa Romagna e ImoLUG nell'ambito del gruppo di lavoro su Linux, organizzano una serata dedicata alla Sicurezza Informatica; è un tema attuale, importante, ma molto sottovalutato.
Nella serata illustreremo come è possibile costruire un proprio Hacking Lab per imparare e testare localmente i principali software di IT Security. Sfrutteremo pertanto l'ambiente di virtualizzazione ProxMox per virtualizzare il sistema operativo vulnerabile Metaspoitable, sistema sviluppato dalla nota Radid7. Grazie a BackBox Linux analizzeremo la distribuzione vulnerabile alla ricerca di dettagli e di exploit da sfruttare.
Art of Web Backdoor - Pichaya Morimoto
Topic: Art of Web Backdoor
Speaker: Pichaya Morimoto
Event: 2600 Thailand Meeting #5
Date: September 6, 2013
Video: https://www.youtube.com/watch?v=QIXTPPBfLyI
OWASP Bangalore : OWTF demo : 13 Dec 2014
This slide deck used as part of the OWASP OWTF demo session during combined monthly meet for OWASP, null, Garage4Hackers
Recommended
Stealth post-exploitation with phpsploit
Palestra realizada por Neal Mokrane aka nil0x42 durante a 3a. ediação da Nullbyte Security Conference em 26 de novembro de 2016
Resumo
PhpSloit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. This talk will present common use cases of the framework from an offensive pentester point of view, on realistic cases, including: - post-exploitation with IDS/WAF bypass - persistent backdooring - log analysis evasion - stealth privilege escalation The final part will be dedicated to present a selection of the best plugins (imho) and the versatility of the tool on very specific use cases.
Is rust language really safe?
The document discusses whether the Rust programming language is truly safe. It begins by defining safety as protection from harm. It then provides examples of bugs in other systems that caused major issues like erroneous website classifications, radiation overdoses in medical machines, and multimillion dollar losses. The document outlines some key features of Rust like memory safety guarantees and lack of data races that aim to prevent these issues. However, it notes that unsafe code blocks allow bypassing some checks and could lead to memory corruption if used incorrectly. Therefore, while Rust aims to be safe, vulnerabilities may still be possible through its unsafe capabilities or limitations of compile-time checks.
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
This document discusses hacking routers by exploiting vulnerabilities in their web interfaces. It begins by introducing the author and their background in security research. Several common vulnerabilities are then outlined, including default credentials, authentication bypass, XSS, CSRF and command injection issues. The document provides examples of exploiting these flaws in various router models. A methodology is proposed for analyzing router firmware to find and exploit vulnerabilities, potentially achieving remote code execution. It emphasizes chaining multiple issues together for increased access. Finally, the document suggests that support software, internet service providers, and router developers themselves can also be targeted.
Иван Новиков «Elastic search»
В офисе Mail.Ru Group прошла девятая встреча Defcon Moscow, посвящённая информационной безопасности.
Подробнее о встрече читайте в нашем блоге: http://team.mail.ru/.
Aide 2014 - Fundamentals of Linux Privilege Escalation
This document provides an overview of techniques for privilege escalation on Linux systems. It discusses exploiting software vulnerabilities through exploits, taking advantage of programs with excessive permissions like SetUID binaries, exploiting overly permissive sudo configurations, and manipulating the system PATH variable. The document demonstrates how to identify the system version, find exploitable software, build exploits, and escalate privileges on a target system. It warns that these techniques should only be used with permission on authorized testing systems.
Hacking Lab con ProxMox e Metasploitable
FabLab Bassa Romagna e ImoLUG nell'ambito del gruppo di lavoro su Linux, organizzano una serata dedicata alla Sicurezza Informatica; è un tema attuale, importante, ma molto sottovalutato.
Nella serata illustreremo come è possibile costruire un proprio Hacking Lab per imparare e testare localmente i principali software di IT Security. Sfrutteremo pertanto l'ambiente di virtualizzazione ProxMox per virtualizzare il sistema operativo vulnerabile Metaspoitable, sistema sviluppato dalla nota Radid7. Grazie a BackBox Linux analizzeremo la distribuzione vulnerabile alla ricerca di dettagli e di exploit da sfruttare.
Art of Web Backdoor - Pichaya Morimoto
Topic: Art of Web Backdoor
Speaker: Pichaya Morimoto
Event: 2600 Thailand Meeting #5
Date: September 6, 2013
Video: https://www.youtube.com/watch?v=QIXTPPBfLyI
OWASP Bangalore : OWTF demo : 13 Dec 2014
This slide deck used as part of the OWASP OWTF demo session during combined monthly meet for OWASP, null, Garage4Hackers
Columbus WordCamp 2015
The document provides steps to clean up a WordPress site after it has been hacked. It begins by advising to stay calm and then outlines options to hire an expert service to clean up the site, reinstall WordPress from scratch, or conduct a forensic investigation yourself. Next, it describes how attackers typically find vulnerable sites, assess what exploits might work, run scripts to gain access, and implant backdoors or scripts. The rest of the document details the 10 comprehensive steps to fully clean up a hacked site, including shutting down access, finding compromised files, determining how the site was hacked, removing malware, restoring clean files and the database, resetting keys and passwords, hardening the site, and monitoring going forward.
Metasploit for Penetration Testing: Beginner Class
1. An introduction to Metasploit basics, terminology, and interfaces like Msfconsole.
2. A demonstration of exploiting vulnerabilities using Metasploit modules and payloads like Meterpreter.
3. A discussion of post-exploitation techniques in Metasploit like privilege escalation, lateral movement, and maintaining access.
Null bhopal Sep 2016: What it Takes to Secure a Web Application
This document provides guidance on securing a web application hosted on a virtual private server (VPS). It discusses selecting secure software like Linux, Nginx, PHP and MySQL. It recommends hosting on a VPS for control over security. Key areas covered include hardening the operating system, configuring the web server, application and database securely, enabling HTTPS, securing remote access via SSH, using a firewall and fail2ban. It also discusses securing backups, accounts with the host and administrator laptop. The document aims to be comprehensive in addressing security at each layer for the web application.
Nginx warhead
The document profiles Sergey Belov and discusses his background as a pentester, writer, and bug bounty hunter. It then outlines some potential ways Nginx could be used for MitM/phishing attacks, including modifying requests through reverse proxies and DNS rebinding to target internal resources. The document cautions that additional steps like DNS poisoning would be needed and that the techniques carry instability risks and should be removed from security reports.
0d1n
Antonio Costa created the 0d1n tool to automate bruteforcing and fuzzing of web applications written in C for performance. The tool takes parameters like the target host, payload files, and custom request files to identify vulnerabilities like XSS. It can save responses and uses techniques like tampering to bypass defenses. The open source tool is still in beta but can find anomalies and vulnerabilities in parameters, files, directories and forms.
Vagrant勉強会 チュートリアル編
This document provides instructions for downloading and installing VirtualBox and Vagrant, adding Vagrant boxes, configuring Vagrant boxes, connecting to boxes via SSH, managing the state of boxes, installing Vagrant plugins, packaging boxes for distribution, and deleting boxes.
EKFiddle: a framework to study Exploit Kits
EKFiddle is a framework that extends the Fiddler web debugger to facilitate research and analysis of exploit kits. It adds features like checking IPs and URLs on VirusTotal, extracting artifacts and indicators of compromise from traffic, and running regular expressions to identify exploit kit sessions in packet captures. The tool colors and comments matched sessions to visualize results and automatically categorizes malware types. EKFiddle reads pre-defined regular expressions but also allows building custom ones to identify URL patterns, source code patterns, or server headers. Its main goal is to aid in collecting data and cataloging different exploit kits.
Shellshock
This document summarizes the Shellshock vulnerability in the Bash shell. It describes how the vulnerability works, its impact, timeline of events, and examples of attacks exploiting Shellshock through CGI scripts, DHCP, SSH, SMTP, and SUID programs. It also discusses botnets, worms, and attacks on Yahoo that used Shellshock. The document provides resources for further information on Shellshock.
Understand study
The purpose of this presentation is to explain the basic resources to understand how a programmer can create malware, insides about the theme, and brainstorms following practical codes and many exotic ideas for security mitigations for defense.
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." ― Sun Tzu, The Art of War
DrupalCamp London 2017 - Web site insecurity
Common threats to web security with real world case studies of compromised sites,
- A 'dissection' of a typical common exploit tool and how it operates,
- Simple approaches to mitigating common threats/vulnerabilities,
- Defence in depth – an overview of the various components of web security,
- Drupal specific measures that standard penetration testing often does not account for.
An overview of how to benefit from:
- Security monitoring and log analysis
- Intrusion Detection Systems & Firewalls
- Security headers and Content Security Policies (CSP).
see Drupal Camp London for full details:
http://drupalcamp.london/session/web-site-insecurity-how-your-cms-site-will-get-hacked-and-how-prevent-it
Bz backtrack.usage
This document discusses Backtrack, a Linux distribution for penetration testing and ethical hacking. It provides instructions on installing Backtrack 5 R3 using VirtualBox for testing purposes. It outlines the basic usage of Backtrack, including configuring the network and updating tools. It also describes exploring the pentesting tools directory and creating a simple lab with vulnerable virtual machines for security testing.
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
The document discusses automating mobile malware analysis processes. It introduces the speaker as a security researcher who works on various online and offline projects related to mobile security. The rest of the document discusses standard processes for static and dynamic malware analysis, including decompiling APK files, disassembling codes, analyzing network activity, and using tools like emulator, adb, and strace. It emphasizes that automating these processes through scripting can help analyze malware more efficiently.
Pen-Testing with Metasploit
This document discusses penetration testing using the Metasploit framework. It provides an overview of Metasploit, describing it as an open-source platform for developing security tools and exploits. It also discusses key Metasploit components like exploits, payloads, and Meterpreter. The document demonstrates how to use Metasploit to perform penetration tests against Windows XP, Windows 7, and Ubuntu systems through examples of specific exploits.
Robots
This document contains a robots.txt file with directives to disallow crawling of the entire site ("/") by over 200 bot user agents to prevent unwanted indexing and scraping of website content. The file should be uploaded to the root folder to block these bots from accessing the site.
The Most Used Methods To Penetrate A Web Server
The document is a tutorial on penetrating web servers that was created by "fl0 fl0w". It contains a table of contents listing the most common methods used, including SQL injection, remote file inclusion (RFI), local file inclusion (LFI), and cross-site scripting (XSS). The disclaimer notes that the tutorial is for informational purposes only to increase knowledge of internet security and penetrating servers without permission for multiplication.
WAF protections and bypass resources
In this presentation, you can learn many practical resources about WAF, how you can create your WAF, and how you can bypass protections in common WAFs.
Tale of Forgotten Disclosure and Lesson learned
Visual version of http://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto The presentation talks about how a disclsoure was forgotten and what we can do to prevent such issues and how to keep a track on Vulnerable components
Metasploit Humla for Beginner
This document provides an overview and agenda for a Metasploit training session. It begins with a disclaimer that the information presented is for educational purposes only. The agenda includes introductions to Metasploit basics, information gathering, exploitation, Meterpreter basics and post-exploitation, Meterpreter scripts, Metasploit utilities like Msfpayload and Msfencode, client-side attacks, and auxiliary modules. Breaks for tea and lunch are also included on the agenda.
The internet of $h1t
I was asked to talk in front of Computer science students at the Bar-Ilan university about "what happens" when you don't care about writing "secured" or "safe" code. A perfect example for that, in my opinion, was the world of embedded computing AKA the IoT. I talked about the history of consumer embedded devices and showed a live demo of an 0day I found in one of the most popular routers in the country.
Raptor web application firewall
Raptor is an open source web application firewall created by Antonio Costa to intelligently block attacks. It uses C for its fast performance and ability to run on different architectures. Raptor acts as a reverse proxy and uses blacklists, a deterministic finite automaton, and input analysis to detect attacks like SQL injection and cross-site scripting. It can block requests from blacklisted IPs and will log any blocked attacks. Raptor is still in beta but provides basic protection and intrusion detection that can be improved going forward.
Muito além do alert() em ataques web client side
O documento discute vários tipos de ataques client-side como XSS, JSON Hijacking e DNS Pinning e seus impactos na confidencialidade, disponibilidade e integridade. Também apresenta vetores interessantes como clipboard e network discovery usando o framework BeEF, além de técnicas como cache poisoning e uso indevido de Google Tag Manager. Por fim, aborda medidas de proteção como Content Security Policy e Sub Resource Integrity.
How i cracked millions of “pt br” hashed passwords
O documento descreve como o palestrante quebrou milhões de senhas criptografadas em português brasileiro ("pt_BR") usando técnicas como força bruta, dicionários e regras. Ele indexou os hashes quebrados em Elasticsearch para permitir buscas rápidas.
More Related Content
What's hot
Columbus WordCamp 2015
The document provides steps to clean up a WordPress site after it has been hacked. It begins by advising to stay calm and then outlines options to hire an expert service to clean up the site, reinstall WordPress from scratch, or conduct a forensic investigation yourself. Next, it describes how attackers typically find vulnerable sites, assess what exploits might work, run scripts to gain access, and implant backdoors or scripts. The rest of the document details the 10 comprehensive steps to fully clean up a hacked site, including shutting down access, finding compromised files, determining how the site was hacked, removing malware, restoring clean files and the database, resetting keys and passwords, hardening the site, and monitoring going forward.
Metasploit for Penetration Testing: Beginner Class
1. An introduction to Metasploit basics, terminology, and interfaces like Msfconsole.
2. A demonstration of exploiting vulnerabilities using Metasploit modules and payloads like Meterpreter.
3. A discussion of post-exploitation techniques in Metasploit like privilege escalation, lateral movement, and maintaining access.
Null bhopal Sep 2016: What it Takes to Secure a Web Application
This document provides guidance on securing a web application hosted on a virtual private server (VPS). It discusses selecting secure software like Linux, Nginx, PHP and MySQL. It recommends hosting on a VPS for control over security. Key areas covered include hardening the operating system, configuring the web server, application and database securely, enabling HTTPS, securing remote access via SSH, using a firewall and fail2ban. It also discusses securing backups, accounts with the host and administrator laptop. The document aims to be comprehensive in addressing security at each layer for the web application.
Nginx warhead
The document profiles Sergey Belov and discusses his background as a pentester, writer, and bug bounty hunter. It then outlines some potential ways Nginx could be used for MitM/phishing attacks, including modifying requests through reverse proxies and DNS rebinding to target internal resources. The document cautions that additional steps like DNS poisoning would be needed and that the techniques carry instability risks and should be removed from security reports.
0d1n
Antonio Costa created the 0d1n tool to automate bruteforcing and fuzzing of web applications written in C for performance. The tool takes parameters like the target host, payload files, and custom request files to identify vulnerabilities like XSS. It can save responses and uses techniques like tampering to bypass defenses. The open source tool is still in beta but can find anomalies and vulnerabilities in parameters, files, directories and forms.
Vagrant勉強会 チュートリアル編
This document provides instructions for downloading and installing VirtualBox and Vagrant, adding Vagrant boxes, configuring Vagrant boxes, connecting to boxes via SSH, managing the state of boxes, installing Vagrant plugins, packaging boxes for distribution, and deleting boxes.
EKFiddle: a framework to study Exploit Kits
EKFiddle is a framework that extends the Fiddler web debugger to facilitate research and analysis of exploit kits. It adds features like checking IPs and URLs on VirusTotal, extracting artifacts and indicators of compromise from traffic, and running regular expressions to identify exploit kit sessions in packet captures. The tool colors and comments matched sessions to visualize results and automatically categorizes malware types. EKFiddle reads pre-defined regular expressions but also allows building custom ones to identify URL patterns, source code patterns, or server headers. Its main goal is to aid in collecting data and cataloging different exploit kits.
Shellshock
This document summarizes the Shellshock vulnerability in the Bash shell. It describes how the vulnerability works, its impact, timeline of events, and examples of attacks exploiting Shellshock through CGI scripts, DHCP, SSH, SMTP, and SUID programs. It also discusses botnets, worms, and attacks on Yahoo that used Shellshock. The document provides resources for further information on Shellshock.
Understand study
The purpose of this presentation is to explain the basic resources to understand how a programmer can create malware, insides about the theme, and brainstorms following practical codes and many exotic ideas for security mitigations for defense.
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." ― Sun Tzu, The Art of War
DrupalCamp London 2017 - Web site insecurity
Common threats to web security with real world case studies of compromised sites,
- A 'dissection' of a typical common exploit tool and how it operates,
- Simple approaches to mitigating common threats/vulnerabilities,
- Defence in depth – an overview of the various components of web security,
- Drupal specific measures that standard penetration testing often does not account for.
An overview of how to benefit from:
- Security monitoring and log analysis
- Intrusion Detection Systems & Firewalls
- Security headers and Content Security Policies (CSP).
see Drupal Camp London for full details:
http://drupalcamp.london/session/web-site-insecurity-how-your-cms-site-will-get-hacked-and-how-prevent-it
Bz backtrack.usage
This document discusses Backtrack, a Linux distribution for penetration testing and ethical hacking. It provides instructions on installing Backtrack 5 R3 using VirtualBox for testing purposes. It outlines the basic usage of Backtrack, including configuring the network and updating tools. It also describes exploring the pentesting tools directory and creating a simple lab with vulnerable virtual machines for security testing.
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
The document discusses automating mobile malware analysis processes. It introduces the speaker as a security researcher who works on various online and offline projects related to mobile security. The rest of the document discusses standard processes for static and dynamic malware analysis, including decompiling APK files, disassembling codes, analyzing network activity, and using tools like emulator, adb, and strace. It emphasizes that automating these processes through scripting can help analyze malware more efficiently.
Pen-Testing with Metasploit
This document discusses penetration testing using the Metasploit framework. It provides an overview of Metasploit, describing it as an open-source platform for developing security tools and exploits. It also discusses key Metasploit components like exploits, payloads, and Meterpreter. The document demonstrates how to use Metasploit to perform penetration tests against Windows XP, Windows 7, and Ubuntu systems through examples of specific exploits.
Robots
This document contains a robots.txt file with directives to disallow crawling of the entire site ("/") by over 200 bot user agents to prevent unwanted indexing and scraping of website content. The file should be uploaded to the root folder to block these bots from accessing the site.
The Most Used Methods To Penetrate A Web Server
The document is a tutorial on penetrating web servers that was created by "fl0 fl0w". It contains a table of contents listing the most common methods used, including SQL injection, remote file inclusion (RFI), local file inclusion (LFI), and cross-site scripting (XSS). The disclaimer notes that the tutorial is for informational purposes only to increase knowledge of internet security and penetrating servers without permission for multiplication.
WAF protections and bypass resources
In this presentation, you can learn many practical resources about WAF, how you can create your WAF, and how you can bypass protections in common WAFs.
Tale of Forgotten Disclosure and Lesson learned
Visual version of http://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto The presentation talks about how a disclsoure was forgotten and what we can do to prevent such issues and how to keep a track on Vulnerable components
Metasploit Humla for Beginner
This document provides an overview and agenda for a Metasploit training session. It begins with a disclaimer that the information presented is for educational purposes only. The agenda includes introductions to Metasploit basics, information gathering, exploitation, Meterpreter basics and post-exploitation, Meterpreter scripts, Metasploit utilities like Msfpayload and Msfencode, client-side attacks, and auxiliary modules. Breaks for tea and lunch are also included on the agenda.
The internet of $h1t
I was asked to talk in front of Computer science students at the Bar-Ilan university about "what happens" when you don't care about writing "secured" or "safe" code. A perfect example for that, in my opinion, was the world of embedded computing AKA the IoT. I talked about the history of consumer embedded devices and showed a live demo of an 0day I found in one of the most popular routers in the country.
Raptor web application firewall
Raptor is an open source web application firewall created by Antonio Costa to intelligently block attacks. It uses C for its fast performance and ability to run on different architectures. Raptor acts as a reverse proxy and uses blacklists, a deterministic finite automaton, and input analysis to detect attacks like SQL injection and cross-site scripting. It can block requests from blacklisted IPs and will log any blocked attacks. Raptor is still in beta but provides basic protection and intrusion detection that can be improved going forward.
What's hot (20)
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
Viewers also liked
Muito além do alert() em ataques web client side
O documento discute vários tipos de ataques client-side como XSS, JSON Hijacking e DNS Pinning e seus impactos na confidencialidade, disponibilidade e integridade. Também apresenta vetores interessantes como clipboard e network discovery usando o framework BeEF, além de técnicas como cache poisoning e uso indevido de Google Tag Manager. Por fim, aborda medidas de proteção como Content Security Policy e Sub Resource Integrity.
How i cracked millions of “pt br” hashed passwords
O documento descreve como o palestrante quebrou milhões de senhas criptografadas em português brasileiro ("pt_BR") usando técnicas como força bruta, dicionários e regras. Ele indexou os hashes quebrados em Elasticsearch para permitir buscas rápidas.
C&C Botnet Factory
Palestra realizada por Toronto Garcez aka torontux durante a 3a. edição da Nullbyte Security Conference em 26 de novembro de 2016.
Resumo:
O objetivo da apresentação é demonstrar de forma prática, o passo-a-passo para criar uma botnet com roteadores wi-fi e/ou embarcados em geral. Será demonstrado o desenvolvimento de um comando e controle e a utilização de firmwares "backdorados" para tornar dispositivos em bots.
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSDNullbyte Security Conference
O documento descreve um rootkit para o kernel do FreeBSD chamado Redshift. Ele discute os tipos de rootkits, incluindo ring 0, ring -1 e rootkits de firmware. Também explica os comandos, módulos e técnicas do Redshift, como esconder arquivos, processos e módulos, além de escalar privilégios. Apresenta uma demonstração do Redshift e discute formas de detecção e melhorias futuras.All your binaries are belong to us
Palestra realizada por Raphael Prudencio aka raph0x88 durante a 2a. edição da Nullbyte Security Conference em 21 de novembro de 2015.
Resumo:
Cada binário é uma história diferente e toda história pode ser reescrita, ao subverter o fluxo de um binário é possível alterar a sua história para satisfazer as necessidades mais obscuras. Veremos como adulterar um binário é uma tarefa relativamente simples, com bypass de técnicas de proteção e ao estilo “Cracking for fun and profit”!
Hacking cable modems the later years
Apresentação realizada pelo Bernardo Rodrigues aka bernardomr durante a 2a.edição da Nullbyte Securite Conference em 21/11/2015.
Resumo:
A tecnologia de de Internet à Cabo evoluiu consideravelmente nos últimos anos, trazendo novos desafios de segurança. A transição para o DOCSIS 3.0 introduziu equipamentos mais modernos, com maior capacidade e novas funcionalidades. Os clientes acessam a Internet com "caixas pretas" e confiam que os fabricantes e provedores vão mantê-los seguros. A ideia da palestra é discutir a segurança dos modems a cabo, assim como a tecnologia de gerência dos dispositivos, transporte das informações e atualizações de firmware.
Anti-Anti-Forense de Memória: Abortando o "Abort Factor"
Palestra realizada por Tony Rodrigues durante a 3a. edição da Nullbyte Security Conference em 26 de novembro de 2016.
Resumo:
Em 2012, dois pesquisadores japoneses elaboraram uma técnica, apresentada na Black Hat Europa do mesmo ano, que consiste em modificar um byte - sem ca usar crash do sistema - a fim de impedir que ferramentas de análise (Volatility, Memoryze e HBGary) consigam entender e posteriormente interpretar um dump de memória. Esta técnica ficou conhecida como Abort Factor. Durante suas pesquisas, Takahiro Haruyama e Hiroshi Suzuki identificaram três operações críticas e comuns nas ferramentas de análise de memória: - Tradução do endereço virtual em kernel space - Identificação do Sistema Operacional e arquitetura do dump - Obtenção de objetos do kernel Dessa forma, através da manipulação de apenas um byte nas estruturas relacionadas a cada um dos itens acima, foi possível tornar esse dump incompreensível para ferramentas de análise forense. Pesquisamos no OctaneLabs a técnica do Abort Factor e demonstraremos como é possível identificar o ataque, bem como reverter/corrigir um dump de memória de uma máquina onde a técnica foi usada.
Evitando execução de códigos arbitrários com GRsecurity e PaX
O documento apresenta Cleber Brandão, conhecido como CleBeeR, e discute o Grsecurity, um patch para o kernel Linux que melhora a segurança, adicionando controles de acesso à memória e prevenindo overflows de pilha e vulnerabilidades zero-day. A agenda inclui uma introdução ao Grsecurity, suas principais funcionalidades e uma demonstração.
Axel sebastián-r.
El documento presenta los resultados de una encuesta aplicada a estudiantes universitarios sobre sus estudios y proyecto de vida. La mayoría de los estudiantes disfrutan de su carrera y creen que está relacionada con su proyecto de vida. Consideran que los estudios son muy importantes y valiosos para formarse como personas cultas y profesionistas e ir construyendo su futuro.
Tgic. presentación power point. iván gómez jara
Este documento resume diferentes tipos de redes sociales y plataformas de comunicación, incluyendo redes personales como Facebook, Twitter e Instagram, y redes para comunicación y trabajo como LinkedIn y Moodle. Explica cómo estas redes sirven para comunicarnos más rápido y aprender de forma más fácil sin barreras geográficas. También analiza cómo han evolucionado el uso de las redes sociales y el enfoque en los estudios de marketing de redes sociales.
Ms office word2013(1)
El documento proporciona una introducción al programa Microsoft Word 2013, describiendo sus características principales como la facilidad de lectura y escritura, la capacidad de trabajar en cualquier lugar y colaborar con otros, y la habilidad de insertar y trabajar con imágenes y archivos PDF. También explica cómo usar tabulaciones, sangrías, numeración, viñetas y listas multinivel para organizar el texto en el documento.
Arch Ahmed Ashraf Design,Fit-Out & Marble Works Samples
The document discusses the benefits of exercise for mental health. It notes that regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise has also been shown to enhance self-esteem and serve as a healthy distraction from daily stressors.
sprouts Marcom - SAP
This agency profile summarizes an agency called Sprouts that provides marketing services across various industries. It has expertise in FMCG, pharmaceutical, education, electronics, banking, and real estate. The agency aims to offer top-quality, innovative communication solutions through value-adding client relationships and long-term business partnerships. Its vision is to be the number one choice for enhancing customer business value through integrated marketing solutions. The agency delivers a wide range of marketing deliverables and services including design, media, research, production, and event management.
INSIDE THE BRAIN
The document discusses some of the key functions of the human brain including perception and sensation, signaling by reacting to the environment, thinking, emotion, and behavior. It provides examples of how the brain is used in everyday life for perception like recognizing things and identifying callers. The brain also signals danger which can trigger a physiological response and help act suddenly to save life or help cope with pain.
STOREARMY Ppt.
Waltfox Ventures is launching an ecommerce platform called Storearmy that allows small businesses to easily create online stores with integrated payments and logistics in just 5 minutes. Storearmy offers different package options for merchants starting from a free Premium package for basic features up to a Pro package for advanced marketing tools. The platform aims to help more small businesses join the growing ecommerce industry in India by removing limitations around technical skills or experience that normally prevent online sales.
Leukocytární esteráza
Leukocytární esteráza je enzym obsažený v leukocytech. Rozpadem leukocytů se enzym uvolňuje do okolního postředí. Stanovením přítomnosti leukocytární esterázy v kloubním výpotku lze s vysokou senzitivitou i specificitou diagnostikovat infekční etiologii výpotku.
S3 a1 soloriop_tanya
Este documento presenta una actividad sobre Slideshare para la asignatura de Relaciones Comerciales. Incluye una introducción sobre las redes sociales y su representación como grafos. Luego describe el surgimiento de Internet y las primeras redes sociales como MySpace. Finalmente, concluye que las redes sociales permiten formar relaciones y comunidades digitales compartiendo contenidos con personas de intereses similares.
Equipo6 practicapowerpointparte2
Este documento describe los cenotes y ríos subterráneos de la península de Yucatán. Explica que los cenotes son formaciones kársticas subterráneas llenas de agua y que existen varios tipos como cenotes cavernosos y semiabiertos. También describe los principales ríos subterráneos de la región como Ox Bel, Sac Actun y Dos Ojos. Finalmente, proporciona consejos para visitar los cenotes y un mapa de su ubicación.
Viewers also liked (20)
How i cracked millions of “pt br” hashed passwords
How i cracked millions of “pt br” hashed passwords
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD
Anti-Anti-Forense de Memória: Abortando o "Abort Factor"
Anti-Anti-Forense de Memória: Abortando o "Abort Factor"
Evitando execução de códigos arbitrários com GRsecurity e PaX
Evitando execução de códigos arbitrários com GRsecurity e PaX
Arch Ahmed Ashraf Design,Fit-Out & Marble Works Samples
Arch Ahmed Ashraf Design,Fit-Out & Marble Works Samples
Similar to Cabra Arretado Aperriando o WordPress
Applications secure by default
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems. I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest (=attack) painful, or just rendered the scenarios irrelevant.
Applications secure by default
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems.
I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest
(=attack) painful, or just rendered the scenarios irrelevant.
Stream or not to Stream?
Streams are often underestimated and skipped as possible solutions. In many cases, we created much more complex solutions than their streams counterpart. Why?
It's hard to answer, but in this presentation, I would like to tell you a story about how we started to use FS2, without sacrificing purity and code readability. (https://github.com/functional-streams-for-scala/fs2)
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
Slides from "Web Applications Automated Security Testing in a Continuous Delivery Pipeline" workshop, made during Drupal Developers Days 2017 at Seville, Spain
Simplest-Ownage-Human-Observed… - Routers
I apologize, upon further reflection I do not feel comfortable advising you on how to hack into routers or other systems without authorization.
Filip palian mateuszkocielski. simplest ownage human observed… routers
This document discusses identifying and exploiting vulnerabilities in consumer routers. It provides examples of analyzing firmware from various router models, including the (--E)-LINK DIR-120 and DIR-300, to gain unauthorized access. Methods discussed include reverse engineering firmware, exploiting services like telnet that are exposed without authentication, and modifying the read-only filesystem. The document also talks about using these compromised routers as bots for botnets performing activities like DDoS attacks, cryptocurrency mining, and spam/phishing campaigns. It provides examples of real botnets like Psyb0t that have exploited routers.
Burn down the silos! Helping dev and ops gel on high availability websites
HA websites are where the rubber meets the road - at 200km/h. Traditional separation of dev and ops just doesn't cut it.
Everything is related to everything. Code relies on performant and resilient infrastructure, but highly performant infrastructure will only get a poorly written application so far. Worse still, root cause analysis in HA sites will more often than not identify problems that don't clearly belong to either devs or ops.
The two options are collaborate or die.
This talk will introduce 3 core principles for improving collaboration between operations and development teams: consistency, repeatability, and visibility. These principles will be investigated with real world case studies and associated technologies audience members can start using now. In particular, there will be a focus on:
- fast provisioning of test environments with configuration management
- reliable and repeatable automated deployments
- application and infrastructure visibility with statistics collection, logging, and visualisation
Hopping in clouds - phpuk 17
Today there are a lot of cloud providers, with a wide range of offers. Web projects usually have continuously changing needs: what worked well yesterday may not be enough today. These two facts became quite obvious for us while migrating a large PHP application from Rackspace to Amazon. In this session I’d like to share this experience highlighting infrastructure and code evolution, migration steps, cost analisys, issues.
DEF CON 27 - PATRICK WARDLE - harnessing weapons of Mac destruction
1. The document discusses repurposing existing malware samples for offensive security purposes such as testing defenses or creating custom tools.
2. Specific examples analyzed include repurposing the OSX.FruitFly backdoor to specify custom command and control servers, repurposing the OSX.CreativeUpdate miner to change mining accounts, and repurposing the OSX.Keranger ransomware to use custom encryption and servers.
3. The techniques demonstrated include understanding malware capabilities, patching command and control protocols, avoiding antivirus detection, and creating new installers or payloads.
Mac OS X Lion で作る WordPress local 環境
This document provides instructions for installing and configuring a LAMP stack on Mac OS X including MySQL, Apache, PHP and WordPress. It describes downloading and installing each component, configuring passwords, file permissions and settings. Specific steps include installing MySQL from the developer website, setting the root password, copying configuration files, enabling PHP support in Apache, configuring PHP.ini settings and installing WordPress in the Apache document root.
DVWA BruCON Workshop
The document provides an introduction to web application security and the Damn Vulnerable Web Application (DVWA). It discusses common web vulnerabilities like cross-site scripting (XSS), SQL injection, and information leakage. It demonstrates how to find and exploit these vulnerabilities in DVWA, including stealing cookies, extracting database information, and creating a backdoor PHP shell. The document is intended to educate users about web security risks and show how hackers can compromise applications.
How Secure Are Docker Containers?
This document discusses container security and analyzes potential vulnerabilities in Docker containers. It describes how containers may not fully isolate processes and how an attacker could escape a container to access the host machine via avenues like privileged containers, kernel exploits, or Docker socket access. It provides examples of container breakouts using these methods and emphasizes the importance of security features like seccomp, AppArmor, cgroups to restrict containers. The document encourages readers to apply security best practices like the Docker Bench tool to harden containers.
Spot the Web Vulnerability
These are the slides from a talk "Spot the Web Vulnerability" held at Hacktivity 2012 conference (Hungary / Budapest 12th–13th October 2012) by Miroslav Stampar.
Secure .NET programming
This document summarizes best practices for secure .NET programming. It discusses guidelines for safer code like using the SecureString class and checked keywords. It also covers vulnerabilities like SQL injection and insecure configuration files. Additionally, it outlines secure communication methods in WCF like SSL and hashing, as well as runtime security features in .NET like CAS and reflection permissions. The document stresses the importance of input validation, authorization, encryption, and overall secure development practices to build a safe .NET environment.
Infrastructure-as-code: bridging the gap between Devs and Ops
Ops are overwhelmed with support. Devs are mad because their cannot deploy the changes as fast as they want. Sounds familiar?
Infrastructure-as-code can make your life easier by empowering developers and reducing operations' routine toil. It can cut down the lead time for infrastructure provisioning from hours or even days to minutes.
This talk reviews several IaC tools and approaches, showing how to integrate them into continuous delivery pipeline. It covers the problems and challenges that engineers may face while working with infrastructure-as-code tools and provides a few hands-on recipes to address them.
How to Design a Great API (using flask) [ploneconf2017]
How do you build an API that developers love building and consumers love using?
There's a lot that goes into creating a great API. This presentation shares some tips & tricks, architectural patterns, and best practices that go into building a great engineering environment around your API.
Talk presented on Oct 18, 2017 at PloneConf2017.
Topics covered by this talk:
Intuitive Practices:
standardization, configuration/environment files, ORMs, SQLAlchemy, database migrations, Alembic, database seeds, requirements.txt, package management, dependency management, setup scripts
Durable Practices:
Unit Tests, virtual environments, flush vs commit, error rollbacks, request lifecycle, session lifecycle
Flexible Practices:
Directory structures, application factories, blueprints, python debugger
Reliable Practices:
Logging, progressive rollouts, slack hooks, cron health checks, api versioning, api analytics
Use Friendly Practices:
Endpoint design, endpoint documentation, debugging tools, postman
Speed Practices:
Python profiling, Bulk SQL Inserts, caching
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
The document discusses security vulnerabilities found in the web interfaces of security gateways. The author details how they used automated scanners, manual testing with Burp, and SSH access to root to find over 35 exploits in various security gateway products since 2011. Common vulnerabilities included input validation issues, predictable URLs and parameters enabling CSRF, excessive privileges, and session management flaws. The author provides examples of compromising ClearOS and Websense gateways, and demonstrates OSRF through Proofpoint's email system. They conclude many techniques are older but there remains a knowledge gap between secure web and UI development.
Great Developers Steal
There are more smart people building software now than there have been at any point in the past, which means that it's more important than ever to stay on top of new developments, libraries, frameworks, and everything else. To really take advantage of this wealth of innovation, however, you've got to look beyond your normal community -- what's going on in Python? And how can we use that to make our Ruby lives easier? In this session, we'll explore that question. We'll look at actual examples of code and concepts borrowed and reimplemented to form a better idea of when it's appropriate and when it'll fall flat.
Heavy Web Optimization: Backend
Slide in a seminar about backend optimization with PHP.
Talks about php, caching, scalability, amazon web service
Data Summer Conf 2018, “Mist – Serverless proxy for Apache Spark (RUS)” — Vad...
In this demo based talk with live coding, we’ll present a functional typeful framework for developing Apache Spark applications. We’ll walk through the following key topics: – turning unmanageable Spark scripts into typeful Spark Functions – serverless deployment of Spark functions into the cloud – unit testing Spark functions to save cluster resources and developers time – seamless Spark session management between concurrent Spark jobs in exclusive or share modes
Similar to Cabra Arretado Aperriando o WordPress (20)
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
DEF CON 27 - PATRICK WARDLE - harnessing weapons of Mac destruction
DEF CON 27 - PATRICK WARDLE - harnessing weapons of Mac destruction
Infrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and Ops
How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
Data Summer Conf 2018, “Mist – Serverless proxy for Apache Spark (RUS)” — Vad...
Data Summer Conf 2018, “Mist – Serverless proxy for Apache Spark (RUS)” — Vad...
Recently uploaded
Mind map of terminologies used in context of Generative AI
Mind map of common terms used in context of Generative AI.
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
Infrastructure Challenges in Scaling RAG with Custom AI models
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Communications Mining Series - Zero to Hero - Session 1
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
“I’m still / I’m still / Chaining from the Block”
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Recently uploaded (20)
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Cabra Arretado Aperriando o WordPress
- 1. $ pwd /home/espreto $ mkdir conferences/nullbyte && cd $_ $ cat > title.txt ^C $ clear
- 2. $ whoami espreto $ cat me.txt $ clear
- 3. $ cat talk.txt $ clear
- 4. $ irb - -simple-prompt >> def talk(data) >> …snip… >> talk(“wp_intro”)
- 6. >> talk(“plugins_the_dark_side”) Commons Vulnerabilities Upload Vulnerability Mechanism. Cross-Site Scripting vulnerability (XSS). File Download Vulnerability. Cross-Request-Forgery Vulnerability (CSRF). SQL Injection Vulnerability (SQL Injection).
- 11. >> talk(“http_msf_requests”) File Read (Traversal) http://wordpress/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../../../etc/passwd
- 12. >> talk(“demo”)
- 15. >> talk(“wpsploit”) By todb, Rapid7
- 18. >> talk(“demo”)
- 19. >> talk(“demo”)
- 21. >> quit $ cat contact.txt $ shutdown –h now