Skilled attackers continually seek out new attack vectors and effective ways of obfuscating old techniques to evade detection. Active defenders can attest to attackers’ prolific obfuscation of JavaScript, VBScript and PowerShell payloads given the ample availability of obfuscation frameworks and their effectiveness at evading many of today’s defenses. However, advanced defenders are increasingly detecting this obfuscation with help from the data science community. This approach paired with deeper visibility into memory-resident payloads via interfaces like Microsoft’s Antimalware Scan Interface (AMSI) is causing some Red Teamers to shift tradecraft to languages that offer defenders less visibility. But what are attackers using in the wild? In the past year numerous APT and FIN (Financial) threat actors have increasingly introduced obfuscation techniques into their usage of native Windows binaries like wscript.exe, regsvr32.exe and cmd.exe. Some simple approaches entail randomly adding cmd.exe’s caret (^) escape character to command arguments. More interesting techniques like those employed by APT32, FIN7 and FIN8 involve quotes, parentheses and standard input. The most interesting obfuscation technique observed in the wild was FIN7’s use of cmd.exe’s string replacement functionality identified in June 2017. This discovery single-handedly initiated my research into cmd.exe’s surprisingly effective but vastly unexplored obfuscation capabilities. In this presentation I will dive deep into cmd.exe’s multi-faceted obfuscation opportunities beginning with carets, quotes and stdin argument hiding. Next I will extrapolate more complex techniques including FIN7’s string removal/replacement concept and two never-before-seen obfuscation and full encoding techniques – all performed entirely in memory by cmd.exe. Finally, I will outline three approaches for obfuscating binary names from static and dynamic analysis while highlighting lesser-known cmd.exe replacement binaries. I will conclude this talk by giving a live demo of my latest obfuscation framework called Invoke-DOSfuscation that obfuscates cmd.exe payloads using these multi-layered techniques. I will also share detection implications and approaches for this genre of obfuscation.
Reading Other Peoples Code (Web Rebels 2018)Patricia Aas
Someone else's code. Even worse, thousands of lines, maybe hundreds of files of other peoples code. Is there a way to methodically read and understand other peoples work, build their mental models? In this talk I will go through techniques I have developed throughout 18 years of programming. Hopefully you will walk away with a plan on how to approach a new code base. But even more I hope you walk away with a feeling of curiosity, wanting to get to know your fellow programmers through their code.
DevOps needs to consider many different aspects of software quality, including security. The term DevSecOps was developed to highlight that security is a focus of the pipeline, not a second-class citizen.
Fortunately, we can define done for our pipeline so that it includes security. Continuous integration can invoke static analysis tools to test for security errors and check if we are using components with known vulnerabilities. Automated deployments and virtualization make dynamic environments available for testing in a production-like setting. Regression tests can drive traffic through proxies for security analysis. From the code to the systems where we deploy the software, the process can be designed to make sure that we follow security best practices, and not produce insecure software.
Participants will learn how to construct a definition of done that focuses on security in a DevOps pipeline. They will see how to define security practices that build confidence that they are doing DevSecOps, and how those practices and criteria might mature over time.
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene GotimerDevOpsDays Baltimore
DevOps cannot be achieved without considering many different aspects of software quality, including security. The term DevSecOps was developed to highlight that security was being focused on as part of the pipeline, not a second-class citizen.
Fortunately, DevOps and continuous delivery practices give us opportunities to add different types of security testing to our pipeline so that security can be part of our definition of done. Continuous integration can invoke static analysis tools to test for simple security errors and check if components with known vulnerabilities are being used. Automated deployments and virtualization make dynamic environments available for testing in a production-like setting. Regression test suites can be used to drive traffic through proxies for security analysis. From the code to the systems where the software is being deployed, the process can make sure that security best practices are followed and insecure software is not being produced.
Gene will talk about how to construct a definition of done that focuses on security along with other types of quality in a DevOps pipeline. He will discuss how to define security practices and criteria that are appropriate for our teams and our projects to be confident that we are doing DevSecOps, and how those practices and criteria might mature over time.
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim KadlecDevSecCon
The document discusses security issues that arise from dependencies on third-party code and libraries. It notes that the web is powered by other people's code and outlines responsibilities for ensuring security across layers of an application. Specific vulnerabilities discussed include those in Struts and exposed servers, as well as mitigations like content security policy, subresource integrity, and developing with security in mind from the start.
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...ufpb
This document provides biographical information about João Matos Figueiredo and discusses server-side code injection vulnerabilities. It begins with Matos Figueiredo's background and experience reporting vulnerabilities in major companies. It then covers the prevalence of injection flaws, examples of different types of injections, and how tainted data can flow to vulnerable sinkholes. One section analyzes the 2017 Struts vulnerability CVE-2017-5638 in detail. Another section examines a 2018 RichFaces vulnerability (CVE-2018-14667) that allowed remote code execution via deserialization or expression language injection. The document emphasizes the importance of input validation and taint tracking to prevent such vulnerabilities.
Deploy Serverless Apps with Python: AWS Chalice Deep Dive (DEV427-R2) - AWS r...Amazon Web Services
AWS Chalice is a microframework for writing serverless applications in Python. It enables you to write and deploy serverless applications in minutes. In this session, we take a deep dive into Chalice. We take a sample Chalice application and walk through how Chalice builds and deploys it. This includes the deployment planner, automatic IAM policy generation, and how Chalice builds AWS Lambda deployment packages for Python. Come and hear from the core Chalice developers about best practices and how to get the out most of the microframework. This chalk talk is designed for Python developers who have experience with serverless and want tools to improve their development processes.
Arshan Dabirsiaghi, Contrast Security
Matt Austin, Contrast Security
Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR.
The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself.
Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application?
In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
Infrastructure-as-Code (IaC) has emerged as an essential element of organizational DevOps practices. Tools such as AWS CloudFormation and Terraform allow software-defined infrastructure to be deployed quickly and repeatably to AWS. But the agility of CI/CD pipelines also creates new challenges in infrastructure security hardening. How do you ensure that your CloudFormation templates meet your organization's security, compliance, and governance needs before you deploy them? How do you deploy infrastructure securely to production environments, and monitor the security posture on a continuous basis? And how do you do this repeatedly without hitting a speed bump? This session provides a foundation for how to bring proven software hardening practices into the world of infrastructure deployment. We discuss how to build security and compliance tests for infrastructure analogous to unit tests for application code, and showcase how security, compliance and governance testing fit in a modern CI/CD pipeline.
Session Sponsored by: Dome9
Reading Other Peoples Code (Web Rebels 2018)Patricia Aas
Someone else's code. Even worse, thousands of lines, maybe hundreds of files of other peoples code. Is there a way to methodically read and understand other peoples work, build their mental models? In this talk I will go through techniques I have developed throughout 18 years of programming. Hopefully you will walk away with a plan on how to approach a new code base. But even more I hope you walk away with a feeling of curiosity, wanting to get to know your fellow programmers through their code.
DevOps needs to consider many different aspects of software quality, including security. The term DevSecOps was developed to highlight that security is a focus of the pipeline, not a second-class citizen.
Fortunately, we can define done for our pipeline so that it includes security. Continuous integration can invoke static analysis tools to test for security errors and check if we are using components with known vulnerabilities. Automated deployments and virtualization make dynamic environments available for testing in a production-like setting. Regression tests can drive traffic through proxies for security analysis. From the code to the systems where we deploy the software, the process can be designed to make sure that we follow security best practices, and not produce insecure software.
Participants will learn how to construct a definition of done that focuses on security in a DevOps pipeline. They will see how to define security practices that build confidence that they are doing DevSecOps, and how those practices and criteria might mature over time.
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene GotimerDevOpsDays Baltimore
DevOps cannot be achieved without considering many different aspects of software quality, including security. The term DevSecOps was developed to highlight that security was being focused on as part of the pipeline, not a second-class citizen.
Fortunately, DevOps and continuous delivery practices give us opportunities to add different types of security testing to our pipeline so that security can be part of our definition of done. Continuous integration can invoke static analysis tools to test for simple security errors and check if components with known vulnerabilities are being used. Automated deployments and virtualization make dynamic environments available for testing in a production-like setting. Regression test suites can be used to drive traffic through proxies for security analysis. From the code to the systems where the software is being deployed, the process can make sure that security best practices are followed and insecure software is not being produced.
Gene will talk about how to construct a definition of done that focuses on security along with other types of quality in a DevOps pipeline. He will discuss how to define security practices and criteria that are appropriate for our teams and our projects to be confident that we are doing DevSecOps, and how those practices and criteria might mature over time.
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim KadlecDevSecCon
The document discusses security issues that arise from dependencies on third-party code and libraries. It notes that the web is powered by other people's code and outlines responsibilities for ensuring security across layers of an application. Specific vulnerabilities discussed include those in Struts and exposed servers, as well as mitigations like content security policy, subresource integrity, and developing with security in mind from the start.
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...ufpb
This document provides biographical information about João Matos Figueiredo and discusses server-side code injection vulnerabilities. It begins with Matos Figueiredo's background and experience reporting vulnerabilities in major companies. It then covers the prevalence of injection flaws, examples of different types of injections, and how tainted data can flow to vulnerable sinkholes. One section analyzes the 2017 Struts vulnerability CVE-2017-5638 in detail. Another section examines a 2018 RichFaces vulnerability (CVE-2018-14667) that allowed remote code execution via deserialization or expression language injection. The document emphasizes the importance of input validation and taint tracking to prevent such vulnerabilities.
Deploy Serverless Apps with Python: AWS Chalice Deep Dive (DEV427-R2) - AWS r...Amazon Web Services
AWS Chalice is a microframework for writing serverless applications in Python. It enables you to write and deploy serverless applications in minutes. In this session, we take a deep dive into Chalice. We take a sample Chalice application and walk through how Chalice builds and deploys it. This includes the deployment planner, automatic IAM policy generation, and how Chalice builds AWS Lambda deployment packages for Python. Come and hear from the core Chalice developers about best practices and how to get the out most of the microframework. This chalk talk is designed for Python developers who have experience with serverless and want tools to improve their development processes.
Arshan Dabirsiaghi, Contrast Security
Matt Austin, Contrast Security
Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR.
The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself.
Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application?
In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
Infrastructure-as-Code (IaC) has emerged as an essential element of organizational DevOps practices. Tools such as AWS CloudFormation and Terraform allow software-defined infrastructure to be deployed quickly and repeatably to AWS. But the agility of CI/CD pipelines also creates new challenges in infrastructure security hardening. How do you ensure that your CloudFormation templates meet your organization's security, compliance, and governance needs before you deploy them? How do you deploy infrastructure securely to production environments, and monitor the security posture on a continuous basis? And how do you do this repeatedly without hitting a speed bump? This session provides a foundation for how to bring proven software hardening practices into the world of infrastructure deployment. We discuss how to build security and compliance tests for infrastructure analogous to unit tests for application code, and showcase how security, compliance and governance testing fit in a modern CI/CD pipeline.
Session Sponsored by: Dome9
The document discusses using data visualization techniques in cyber security. It notes that cyber threats pose serious challenges and over 200 attacks occurred on industrial control systems in 2013. It then outlines some of the key roles machines and human cyber analysts play in cyber defense. The rest of the document provides examples of how different types of security data, like network traffic, logs, and events, can be visualized using techniques like node-link diagrams, histograms, dashboards and more to help analysts detect anomalies, patterns, and relationships to better understand threats and make timely decisions. It emphasizes the importance of situational awareness and a joint effort between humans and machines in cyber security.
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
A surprising trend is starting to emerge among organizations who are progressing through the cloud maturity lifecycle: major improvements in revenue growth, customer satisfaction, and mission success are being directly attributed to improvements in security and compliance. At one time thought of as speed bumps in the path to deployment, security and compliance are now seen as critical ingredients that help organizations differentiate their offerings in the market, win more deals, and achieve mission-critical goals faster. This session explores how organizations like Jive Software and the National Geospatial Agency use the Evident Security Platform, AWS, and AWS Quick Starts to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results.
Session sponsored by Evident.io
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
The document discusses emerging threats to web applications and strategies for testing applications to identify vulnerabilities. It finds that nearly half of all vulnerabilities are in web applications, with cross-site scripting and SQL injection being most common. Many vulnerabilities have no patches available yet. New attack types like client-side vulnerabilities are also emerging. The document advocates integrating security testing into the development process to help developers write more secure code and find issues early.
This document contains the resume of Neha Arora summarizing her experience as a software tester. She has over 5 years of experience in manual testing, creating test cases, and executing tests. She is proficient in various testing techniques and has experience testing both web and desktop applications. She is knowledgeable in defect tracking tools like JIRA and Mantis. Her testing experience includes projects in various domains like automobiles, banking, and e-learning.
Making the Case for Stronger Endpoint Data Visibilitydianadvo
As security practitioners, we often get caught up worrying about protecting against the latest threat or patching the latest zero-day, however we should spend at least an equal amount of time understanding the data risks of our users and how to offer both better visibility into endpoint data usage, as well as guidance into good data protection practices.
There are a number of different products and vendors that touch on these aspects, but there is no one-stop shop for data protection, and likely never will be. DLP, or Data Loss Prevention, can look at known content types for matches and take protective actions. However, most DLP deployments never moved beyond monitoring due to over-blocking or false positive concerns. Endpoint employee monitoring can take good forensic information, even screenshots to recreate evidence of either inappropriate data usage, or other significant events, though these types of technology are often cumbersome, hard to realize the value and present some serious privacy and ethical concerns. EDR or Endpoint Detection and Response is very threat-focused, with a severe limit on data visibility, and often does little more than capture a checksum of a file, with no content inspection or awareness. UEBA, or User and Entity Behavior Analytics, can often be deployed in conjunction with SIEM or log management capabilities to get a better contextual view of your organization, however, you must first have some semblance of “normal” or a baseline before you can uncover abnormal.
Organizations should begin building the case for stronger endpoint data visibility. This improved data visibility must be easy to use, fast to provide actionable answers, not impede other endpoint security capabilities, and most importantly provide the financial impact of endpoint data and the decisions that users make with that data.
With the rise of micro-services and large-scale distributed architectures, software systems have grown increasingly complex and hard to understand. Adding to that complexity, the velocity of software delivery has also dramatically increased, resulting in failures being harder to predict and contain.
While the cloud allows for high availability, redundancy and fault-tolerance, no single component can guarantee 100% uptime. Therefore, we have to understand availability but especially learn how to design architectures with failure in mind.
And since failures have become more and more chaotic in nature, we must turn to chaos engineering in order to identify failures before they become outages.
In this talk, Adrian deep dives into availability, reliability and large-scale architectures and make an introduction to chaos engineering, a discipline that promotes breaking things on purpose in order to learn how to build more resilient systems.
The document discusses various techniques for determining where to start testing a legacy application, including:
1) Analyzing code coverage reports to find which parts of the code are most used.
2) Checking version control history to identify files that change frequently.
3) Conducting code reviews to find areas that modify data.
4) Running static code analysis tools to locate sections likely to contain bugs.
The document advocates starting testing with the highest priority areas identified using these techniques, and provides examples of writing initial tests against a sample codebase.
CHFI v8 Module 18 Investigating Web Attacks.pdfkhanhtt2
This document provides instructions for using the SmartWhois tool to analyze domain names, IP addresses, and hostnames. It describes how to perform queries for this information, view the results, save results to files, and open previously saved results files. The goals are to help investigators analyze domain and IP address queries by providing information on domain ownership and network infrastructure configuration.
This workshop is designed to expose you to a number of AWS services that can be part of a threat detection and remediation strategy. We will cover the following services: Amazon GuardDuty, Amazon Macie, Amazon Inspector, Amazon CloudWatch (Events & Logs), AWS Lambda, Amazon SNS, Amazon S3, VPC Flow Logs, DNS Logs and AWS CloudTrail. You will learn how to use these services to set up a notification and remediation pipeline, to investigate threats during and after an attack, and how to evaluate what additional alerts and automated remediations should be deployed. We will go through a simulated attack scenario that will generate real GuardDuty findings and Macie alerts. We will investigate the attack, examine the threats, remediate the attack and investigate additional automated remediations that can be used in the future.
Level: 200
Speaker: Sean Leviseur - Security Architect, AWS Professional Services
This document provides an overview of functional programming concepts including:
- Pure functions which always return the same output for the same inputs and have no side effects.
- Lambda expressions which can be used to define anonymous functions.
- Higher order functions which take functions as arguments or return functions.
- Streams which allow processing sequences of objects in a functional style.
The document discusses functional programming paradigms and gives examples of pure functions, lambda expressions, and method references in Java.
This document discusses serverless applications and Ippon Technologies. It provides an overview of what serverless computing is, how a monolith application could be broken into serverless functions, best practices for serverless development including packaging code and continuous deployment, and tools for monitoring serverless applications on AWS like CloudWatch. It also advertises that Ippon Technologies is hiring for cloud-focused roles like Cloud Cost Architect and Site Reliability Engineers.
Learning to Rank Relevant Malware Strings Using Weak SupervisionPhil Tully
This document provides an overview of the StringSifter tool, which uses machine learning techniques to analyze and prioritize strings extracted from binaries. StringSifter was developed by FireEye to help analysts more efficiently identify the most relevant strings for malware analysis. It uses weak supervision and learning to rank models to assign priority scores to strings based on features like entropy rates and regular expressions. This allows analysts to focus on the highest priority strings first. The document describes the development of the EMBER dataset used to train and evaluate StringSifter, the labeling functions used for weak supervision, and the machine learning models employed, including gradient boosted decision trees and neural networks. Evaluation shows StringSifter performs well on a holdout set of
Keynote delivered by Madhusudan Sekhar on the topic "Chaos Engineering: Why breaking things should be practiced" presented at AWS Community Day, Bangalore 2018
SignaturesAreDead Long Live RESILIENT SignaturesDaniel Bohannon
Slides from presentation: $SignaturesAreDead = "Long Live RESILIENT Signatures" wide ascii nocase originally released at SANS DFIR Summit 2018.
For more information: http://www.danielbohannon.com/presentations/
1) The document discusses Accenture's DevOps capability group and their focus on DevOps transformations with clients. It describes how the group is embedded in wider client delivery and support within Accenture.
2) The group aims to scale DevOps adoption by starting small with continuous delivery pipelines and then expanding automation and sharing successes enterprise-wide.
3) The group provides services like training, consultancy, tools, and platforms to help clients replicate successes and improve DevOps capabilities over time.
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016Codemotion
1. The document discusses various ways to structure Go applications, including grouping code by domain, using interfaces to define dependencies, and separating applications into modules that can be tested independently.
2. It recommends creating packages for different parts of an application, such as an API, email provider, database adapter, and defining interfaces to abstract dependencies.
3. A sample application structure is shown with packages for the domain objects, API, email provider, database adapter, and a command package containing the executable.
Innovating Faster with Continuous Application Security Jeff Williams
DevSecOps tutorial and demonstration. Build your pipeline with IAST, RASP, and OSS. Try Contrast community edition full strength DevSecOps platform for testing, protecting, and open source analysis -- all for free. https://www.contrastsecurity.com/contrast-community-edition
The document discusses advanced threat hunting techniques. It describes the research team and threat intelligence definitions. It discusses the intelligence process and relationship between data, information, and intelligence. It addresses problems like limited resources, time and small team size. It promotes organizing signatures with revision control and automating processes. It also discusses prioritization techniques like scoring and meetings. Key takeaways include separating analysis by signature type, prioritization meetings, and contributing open source changes.
The document discusses advanced threat hunting techniques. It covers defining threat intelligence and the intelligence process. It discusses the challenges of small teams with limited resources and time. It provides examples of doing threat hunting wrong and right, such as using revision control and deployment scripts. It also discusses prioritization techniques, automation, and key performance indicators. The presentation provides examples of sources of samples and success stories. Key lessons are to organize signatures, automate systems, separate queues by type, hold prioritization meetings, and contribute to open source.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
More Related Content
Similar to CONFidence 2018: Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) - Daniel Bohannon
The document discusses using data visualization techniques in cyber security. It notes that cyber threats pose serious challenges and over 200 attacks occurred on industrial control systems in 2013. It then outlines some of the key roles machines and human cyber analysts play in cyber defense. The rest of the document provides examples of how different types of security data, like network traffic, logs, and events, can be visualized using techniques like node-link diagrams, histograms, dashboards and more to help analysts detect anomalies, patterns, and relationships to better understand threats and make timely decisions. It emphasizes the importance of situational awareness and a joint effort between humans and machines in cyber security.
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
A surprising trend is starting to emerge among organizations who are progressing through the cloud maturity lifecycle: major improvements in revenue growth, customer satisfaction, and mission success are being directly attributed to improvements in security and compliance. At one time thought of as speed bumps in the path to deployment, security and compliance are now seen as critical ingredients that help organizations differentiate their offerings in the market, win more deals, and achieve mission-critical goals faster. This session explores how organizations like Jive Software and the National Geospatial Agency use the Evident Security Platform, AWS, and AWS Quick Starts to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results.
Session sponsored by Evident.io
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
The document discusses emerging threats to web applications and strategies for testing applications to identify vulnerabilities. It finds that nearly half of all vulnerabilities are in web applications, with cross-site scripting and SQL injection being most common. Many vulnerabilities have no patches available yet. New attack types like client-side vulnerabilities are also emerging. The document advocates integrating security testing into the development process to help developers write more secure code and find issues early.
This document contains the resume of Neha Arora summarizing her experience as a software tester. She has over 5 years of experience in manual testing, creating test cases, and executing tests. She is proficient in various testing techniques and has experience testing both web and desktop applications. She is knowledgeable in defect tracking tools like JIRA and Mantis. Her testing experience includes projects in various domains like automobiles, banking, and e-learning.
Making the Case for Stronger Endpoint Data Visibilitydianadvo
As security practitioners, we often get caught up worrying about protecting against the latest threat or patching the latest zero-day, however we should spend at least an equal amount of time understanding the data risks of our users and how to offer both better visibility into endpoint data usage, as well as guidance into good data protection practices.
There are a number of different products and vendors that touch on these aspects, but there is no one-stop shop for data protection, and likely never will be. DLP, or Data Loss Prevention, can look at known content types for matches and take protective actions. However, most DLP deployments never moved beyond monitoring due to over-blocking or false positive concerns. Endpoint employee monitoring can take good forensic information, even screenshots to recreate evidence of either inappropriate data usage, or other significant events, though these types of technology are often cumbersome, hard to realize the value and present some serious privacy and ethical concerns. EDR or Endpoint Detection and Response is very threat-focused, with a severe limit on data visibility, and often does little more than capture a checksum of a file, with no content inspection or awareness. UEBA, or User and Entity Behavior Analytics, can often be deployed in conjunction with SIEM or log management capabilities to get a better contextual view of your organization, however, you must first have some semblance of “normal” or a baseline before you can uncover abnormal.
Organizations should begin building the case for stronger endpoint data visibility. This improved data visibility must be easy to use, fast to provide actionable answers, not impede other endpoint security capabilities, and most importantly provide the financial impact of endpoint data and the decisions that users make with that data.
With the rise of micro-services and large-scale distributed architectures, software systems have grown increasingly complex and hard to understand. Adding to that complexity, the velocity of software delivery has also dramatically increased, resulting in failures being harder to predict and contain.
While the cloud allows for high availability, redundancy and fault-tolerance, no single component can guarantee 100% uptime. Therefore, we have to understand availability but especially learn how to design architectures with failure in mind.
And since failures have become more and more chaotic in nature, we must turn to chaos engineering in order to identify failures before they become outages.
In this talk, Adrian deep dives into availability, reliability and large-scale architectures and make an introduction to chaos engineering, a discipline that promotes breaking things on purpose in order to learn how to build more resilient systems.
The document discusses various techniques for determining where to start testing a legacy application, including:
1) Analyzing code coverage reports to find which parts of the code are most used.
2) Checking version control history to identify files that change frequently.
3) Conducting code reviews to find areas that modify data.
4) Running static code analysis tools to locate sections likely to contain bugs.
The document advocates starting testing with the highest priority areas identified using these techniques, and provides examples of writing initial tests against a sample codebase.
CHFI v8 Module 18 Investigating Web Attacks.pdfkhanhtt2
This document provides instructions for using the SmartWhois tool to analyze domain names, IP addresses, and hostnames. It describes how to perform queries for this information, view the results, save results to files, and open previously saved results files. The goals are to help investigators analyze domain and IP address queries by providing information on domain ownership and network infrastructure configuration.
This workshop is designed to expose you to a number of AWS services that can be part of a threat detection and remediation strategy. We will cover the following services: Amazon GuardDuty, Amazon Macie, Amazon Inspector, Amazon CloudWatch (Events & Logs), AWS Lambda, Amazon SNS, Amazon S3, VPC Flow Logs, DNS Logs and AWS CloudTrail. You will learn how to use these services to set up a notification and remediation pipeline, to investigate threats during and after an attack, and how to evaluate what additional alerts and automated remediations should be deployed. We will go through a simulated attack scenario that will generate real GuardDuty findings and Macie alerts. We will investigate the attack, examine the threats, remediate the attack and investigate additional automated remediations that can be used in the future.
Level: 200
Speaker: Sean Leviseur - Security Architect, AWS Professional Services
This document provides an overview of functional programming concepts including:
- Pure functions which always return the same output for the same inputs and have no side effects.
- Lambda expressions which can be used to define anonymous functions.
- Higher order functions which take functions as arguments or return functions.
- Streams which allow processing sequences of objects in a functional style.
The document discusses functional programming paradigms and gives examples of pure functions, lambda expressions, and method references in Java.
This document discusses serverless applications and Ippon Technologies. It provides an overview of what serverless computing is, how a monolith application could be broken into serverless functions, best practices for serverless development including packaging code and continuous deployment, and tools for monitoring serverless applications on AWS like CloudWatch. It also advertises that Ippon Technologies is hiring for cloud-focused roles like Cloud Cost Architect and Site Reliability Engineers.
Learning to Rank Relevant Malware Strings Using Weak SupervisionPhil Tully
This document provides an overview of the StringSifter tool, which uses machine learning techniques to analyze and prioritize strings extracted from binaries. StringSifter was developed by FireEye to help analysts more efficiently identify the most relevant strings for malware analysis. It uses weak supervision and learning to rank models to assign priority scores to strings based on features like entropy rates and regular expressions. This allows analysts to focus on the highest priority strings first. The document describes the development of the EMBER dataset used to train and evaluate StringSifter, the labeling functions used for weak supervision, and the machine learning models employed, including gradient boosted decision trees and neural networks. Evaluation shows StringSifter performs well on a holdout set of
Keynote delivered by Madhusudan Sekhar on the topic "Chaos Engineering: Why breaking things should be practiced" presented at AWS Community Day, Bangalore 2018
SignaturesAreDead Long Live RESILIENT SignaturesDaniel Bohannon
Slides from presentation: $SignaturesAreDead = "Long Live RESILIENT Signatures" wide ascii nocase originally released at SANS DFIR Summit 2018.
For more information: http://www.danielbohannon.com/presentations/
1) The document discusses Accenture's DevOps capability group and their focus on DevOps transformations with clients. It describes how the group is embedded in wider client delivery and support within Accenture.
2) The group aims to scale DevOps adoption by starting small with continuous delivery pipelines and then expanding automation and sharing successes enterprise-wide.
3) The group provides services like training, consultancy, tools, and platforms to help clients replicate successes and improve DevOps capabilities over time.
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016Codemotion
1. The document discusses various ways to structure Go applications, including grouping code by domain, using interfaces to define dependencies, and separating applications into modules that can be tested independently.
2. It recommends creating packages for different parts of an application, such as an API, email provider, database adapter, and defining interfaces to abstract dependencies.
3. A sample application structure is shown with packages for the domain objects, API, email provider, database adapter, and a command package containing the executable.
Innovating Faster with Continuous Application Security Jeff Williams
DevSecOps tutorial and demonstration. Build your pipeline with IAST, RASP, and OSS. Try Contrast community edition full strength DevSecOps platform for testing, protecting, and open source analysis -- all for free. https://www.contrastsecurity.com/contrast-community-edition
The document discusses advanced threat hunting techniques. It describes the research team and threat intelligence definitions. It discusses the intelligence process and relationship between data, information, and intelligence. It addresses problems like limited resources, time and small team size. It promotes organizing signatures with revision control and automating processes. It also discusses prioritization techniques like scoring and meetings. Key takeaways include separating analysis by signature type, prioritization meetings, and contributing open source changes.
The document discusses advanced threat hunting techniques. It covers defining threat intelligence and the intelligence process. It discusses the challenges of small teams with limited resources and time. It provides examples of doing threat hunting wrong and right, such as using revision control and deployment scripts. It also discusses prioritization techniques, automation, and key performance indicators. The presentation provides examples of sources of samples and success stories. Key lessons are to organize signatures, automate systems, separate queues by type, hold prioritization meetings, and contribute to open source.
Similar to CONFidence 2018: Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) - Daniel Bohannon (20)
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
From Natural Language to Structured Solr Queries using LLMsSease
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
"NATO Hackathon Winner: AI-Powered Drug Search", Taras KlobaFwdays
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
Discover the Unseen: Tailored Recommendation of Unwatched ContentScyllaDB
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
What is an RPA CoE? Session 2 – CoE RolesDianaGray10
In this session, we will review the players involved in the CoE and how each role impacts opportunities.
Topics covered:
• What roles are essential?
• What place in the automation journey does each role play?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Keywords: AI, Containeres, Kubernetes, Cloud Native
Event Link: https://meine.doag.org/events/cloudland/2024/agenda/#agendaId.4211
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio