Cryptography is the underpinning of digital security. Get introduced to the building blocks of crypto, how they’re applied to secure web connections and bitcoin, and how cryptosystems are attacked in the wild.
(Source: RSA USA 2016-San Francisco)
Aspirin as a Service: Using the Cloud to Cure Security HeadachesPriyanka Aash
Moving critical workloads into the cloud can be unnerving for security professionals. In reality, though, the cloud offers a whole new set of opportunities for the security team to do things even better than in their on-premises environment. Two seasoned cloud experts will explore the latest real-world, practical tools and techniques for becoming demonstrably more secure as you move to the cloud.
(Source: RSA USA 2016-San Francisco)
SDN and Security: A Marriage Made in Heaven. Or Not.Priyanka Aash
Software-defined networking has come onto the scene and changed the way we think about moving packets throughout a network. But it has also morphed into multiple definitions and approaches, driven by both vendors and enterprise customers. But how does security fit into this picture? This talk will discuss the convergence of SDN and security and will try to make sense of them both.
Learning Objectives:
1: Understand all types of SDN.
2: Understand SDN and security.
3: Understand how a secure SDN makes a network safer.
(Source: RSA Conference USA 2018)
Cloud Breach – Preparation and ResponsePriyanka Aash
Your next breach or insider attack will most likely have you digging for evidence in the cloud. Are you prepared? The old styles of imaging disks and tapping networks won't work! It won’t scale! This session will discuss response scenarios for cloud-enabled and cloud-dependent enterprises, a model for preparing for cloud response, and will show examples of cloud breach investigations.
(Source: RSA USA 2016-San Francisco)
Security Program Development for the Hipster CompanyPriyanka Aash
Cloud services have evolved and can now replace nearly every facet of traditional infrastructure. This movement has enabled rapid scale while introducing a considerable element of risk. This session will discuss a framework for getting started building a security program in an organization that is built purely on cloud services, covering the contradictions and opportunities of that business model.
(Source: RSA USA 2016-San Francisco)
This document provides an overview of virtual network security architectures and the impacts of software-defined networking (SDN). It discusses how network functions are being virtualized and decoupled from hardware. SDN is described as offering network programmability and virtualization by abstracting the network control plane. Example SDN projects and frameworks are outlined. The document also summarizes new architectural models and the progression from traditional to virtual networking. It addresses security considerations and how network security is changing with SDN.
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-daysPriyanka Aash
Death from a million bugs. Android has become one of the world’s most deployed operating systems. Recently researchers have been focused on uncovering vulnerabilities in the Android smartphone ecosystem. This session will present newly developed automated vulnerability analysis techniques that resulted in the discovery of hundreds of previously unknown vulnerabilities.
Learning Objectives:
1: Learn how to use automated vulnerability analysis to ID security bugs at scale.
2: Learn about state-of-the-art and novel techniques for automated vulnerability analysis.
3: Learn proven techniques to find vulnerabilities in bootloaders, kernel drives and apps.
(Source: RSA Conference USA 2018)
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT.
(Source: RSA Conference USA 2018)
Aspirin as a Service: Using the Cloud to Cure Security HeadachesPriyanka Aash
Moving critical workloads into the cloud can be unnerving for security professionals. In reality, though, the cloud offers a whole new set of opportunities for the security team to do things even better than in their on-premises environment. Two seasoned cloud experts will explore the latest real-world, practical tools and techniques for becoming demonstrably more secure as you move to the cloud.
(Source: RSA USA 2016-San Francisco)
SDN and Security: A Marriage Made in Heaven. Or Not.Priyanka Aash
Software-defined networking has come onto the scene and changed the way we think about moving packets throughout a network. But it has also morphed into multiple definitions and approaches, driven by both vendors and enterprise customers. But how does security fit into this picture? This talk will discuss the convergence of SDN and security and will try to make sense of them both.
Learning Objectives:
1: Understand all types of SDN.
2: Understand SDN and security.
3: Understand how a secure SDN makes a network safer.
(Source: RSA Conference USA 2018)
Cloud Breach – Preparation and ResponsePriyanka Aash
Your next breach or insider attack will most likely have you digging for evidence in the cloud. Are you prepared? The old styles of imaging disks and tapping networks won't work! It won’t scale! This session will discuss response scenarios for cloud-enabled and cloud-dependent enterprises, a model for preparing for cloud response, and will show examples of cloud breach investigations.
(Source: RSA USA 2016-San Francisco)
Security Program Development for the Hipster CompanyPriyanka Aash
Cloud services have evolved and can now replace nearly every facet of traditional infrastructure. This movement has enabled rapid scale while introducing a considerable element of risk. This session will discuss a framework for getting started building a security program in an organization that is built purely on cloud services, covering the contradictions and opportunities of that business model.
(Source: RSA USA 2016-San Francisco)
This document provides an overview of virtual network security architectures and the impacts of software-defined networking (SDN). It discusses how network functions are being virtualized and decoupled from hardware. SDN is described as offering network programmability and virtualization by abstracting the network control plane. Example SDN projects and frameworks are outlined. The document also summarizes new architectural models and the progression from traditional to virtual networking. It addresses security considerations and how network security is changing with SDN.
How Automated Vulnerability Analysis Discovered Hundreds of Android 0-daysPriyanka Aash
Death from a million bugs. Android has become one of the world’s most deployed operating systems. Recently researchers have been focused on uncovering vulnerabilities in the Android smartphone ecosystem. This session will present newly developed automated vulnerability analysis techniques that resulted in the discovery of hundreds of previously unknown vulnerabilities.
Learning Objectives:
1: Learn how to use automated vulnerability analysis to ID security bugs at scale.
2: Learn about state-of-the-art and novel techniques for automated vulnerability analysis.
3: Learn proven techniques to find vulnerabilities in bootloaders, kernel drives and apps.
(Source: RSA Conference USA 2018)
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT.
(Source: RSA Conference USA 2018)
Take It to the Cloud: The Evolution of Security ArchitecturePriyanka Aash
As companies evolve their IT stack, traditional security approaches/architectures need to be reconsidered. This session will review some of the new risks introduced by SaaS/IaaS adoption and show how to mitigate these risks using new approaches to security architecture. Presenters will also review the transition of security architecture itself to the cloud.
(Source: RSA USA 2016-San Francisco)
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskPriyanka Aash
Time is of the essence when protecting your organization from complex cyberthreats. The clock doesn’t start when you have been breached—it’s always ticking. The board must articulate risk tolerances, management must set the strategy and IT must execute. The NIST CSF provides a common language for internal and external stakeholders, and helps the organization to stop translating and start defending.
Learning Objectives:
1: Learn how the NIST CSF can be used for more than just IT security.
2: Learn to use the CSF as a common language with the board, employees and customers.
3: Learn to adapt the CSF to the changing threat environment.
(Source: RSA Conference USA 2018)
The New Landscape of Airborne CyberattacksPriyanka Aash
This document discusses airborne cyberattacks and the new threat landscape they enable. It describes the BlueBorne attack, which can spread from device to device via Bluetooth without user interaction. BlueBorne impacts over 5.5 billion devices and was the most serious Bluetooth vulnerability to date. It demonstrates how an attacker could use BlueBorne to take over an Amazon Echo and then access a corporate network. The implications are that devices can now be attacked over the air, moving device-to-device. IoT devices need to be viewed as endpoints, and network infrastructure as unmanaged devices. It recommends that device and network discovery and visibility are critical next steps.
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
Confusion and deception new tools for data protectionPriyanka Aash
Cyberthreats are assymetric risks: corporate defenders must secure and detect everything, but the attacker needs to exploit only once. As petabytes of data traverse the ecosystem, legacy data protection methods leave many gaps. By looking through the adversary’s eyes, you can create subterfuges, delay attack progress or reduce the value of any data ultimately accessed—and shift the risk equation.
(Source : RSA Conference USA 2017)
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemPriyanka Aash
Vasilios Mavroudis and Giovanni Vigna presented on the ultrasonic communications ecosystem. They discussed how SilverPush used ultrasonic beacons for cross-device tracking starting in 2012. By 2014, their technology was covered in articles and funded by investors. In 2015, security researchers noticed the technology and raised privacy concerns. The FTC took action against SilverPush in 2016. The presentation examined open questions about the technology, potential use cases, and identified security and privacy risks like replay attacks if proper authentication and encryption are not implemented. They proposed mitigations like permission controls and browser extensions to filter ultrasonic signals.
Within 10-years-autonomous-vehicles-will-change-every-ciso s-jobDESMOND YUEN
2018 RSA Conference Presentation
How do we define autonomy?
Information security implications:
Insurance and vehicle finance
Information security and privacy
What does the threat model look like in each of the three phases?
Beyond the mcse red teaming active directoryPriyanka Aash
This document summarizes Sean Metcalf's presentation on red teaming Active Directory. It discusses leveraging PowerShell for offensive security, techniques for effective AD reconnaissance, and bypassing AD security defenses. The presentation provides an overview of key AD components, demonstrates offensive PowerShell commands, and outlines methods for discovering sensitive user and group information within the AD environment. It also reviews AD security controls and common techniques attackers use to circumvent defenses like LAPS and network segmentation.
Security precognition chaos engineering in incident responsePriyanka Aash
This document summarizes a presentation on security chaos engineering and incident response. The presentation discusses how complex adaptive systems are difficult to understand and failures are common. It introduces the concept of security chaos engineering, which involves experimenting with failures to build system resilience. An example is provided of how security chaos engineering could work by planning experiments, executing them during a "game day," analyzing results, and taking corrective action.
Making Threat Intelligence Actionable FinalPriyanka Aash
The document discusses making threat intelligence actionable by recommending responses using STIX. It proposes extending the STIX CourseOfActionType to include specific network actions like block, contain, inspect. Network actions could then be applied automatically or semi-automatically based on indicators in STIX. This would improve the connection between threat detection and response by enabling threat intelligence to recommend standardized, machine-readable responses.
This presentation will demonstrate a complete end-to-end analysis of an Android bot. This will include the decompilation and static analysis of bot code and the dynamic analysis of the bot’s behavior in a controlled sandboxed environment. The session will provide details of the lab environment and tools used for the analysis.
(Source: RSA USA 2016-San Francisco)
Breaking and entering how and why dhs conducts penetration testsPriyanka Aash
The document discusses how the Department of Homeland Security conducts penetration tests to identify vulnerabilities in networks. It provides examples of common methods used by adversaries like phishing and using default or reused credentials. The penetration tests help organizations identify issues, implement mitigations, and make risk-based security decisions. The services provided by DHS through NCATS include vulnerability scanning, incident response, and risk assessments to help secure systems and protect against cyber threats.
From ATT&CKcon 3.0
By Jared Stroud, Lacework
Adversaries target common cloud misconfigurations in container-focused workflows for initial access. Whether this is Docker or Kubernetes environments, Lacework Labs has identified adversaries attempting to deploy malicious container images (T1610) , mine Cryptocurrency (T1496), and deploy C2 agents. Defenders new to the container space may be unaware of the built-in capabilities popular container runtime engines have that can help defend against rogue containers being deployed into their environment. Attendees will walk away with an understanding of what these attack patterns look like based on honeypot data Lacework has gathered over the past year, as well as techniques on how to defend their own container focused workloads.
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
The increasing mobility of professional users has brought an end to the traditional corporate security perimeter. Google has reinvented its security perimeter around devices through its groundbreaking "BeyondCorp" initiative. In this talk, two Google security leaders will share how this transformation took place, where it's headed and how you can apply this approach to your organization.
(Source: RSA Conference USA 2017)
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
The document describes MITRE's Threat Report Automated Mapper (TRAM) tool, which uses machine learning to automatically map cyber threat reports to MITRE ATT&CK techniques. TRAM aims to streamline the process of analyzing reports and adding information to ATT&CK, though challenges remain around prediction accuracy and identifying new techniques. The document outlines TRAM's development process and discusses balancing automation with human analysis to better integrate cyber threat intelligence into ATT&CK.
Jagadeesh Parameswaran, Microsoft
Rahul Sachan, Microsoft
Windows Defender Advanced Threat Protection (WDATP) gives defenders unparalleled visibility into the enterprise. And Azure Advanced Threat Protection (AATP) gives the power to monitor attacks on the Domain Controllers and user identities. Come spend an hour with us as we pull back the covers and go through detailed examples of real attacks that we saw as we defended the Microsoft corporate environment using WDATP & AATP.
Dans le cadre de la 8ème edition des Cyber Security Days 2018, organisée par l'agence nationale de la sécurité informatique, notre partenaire Kaspersky North Africa a présenté son module "Kaspersky Threat intelligence".
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
From ATT&CKcon 3.0
By Jason Wood and Justin Swisher, CrowdStrike
When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session will explore how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team will demonstrate how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They will also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.
Poodle stands for Padding Oracle On Downgraded Legacy Encryption is an attack on SSL v3.0 which brings end of SSL. If you have got any doubts with the presentation, feel free to contact me via email.
Defect life cycle and Defect Status Life Cyclepavansmiles
The document describes the defect life cycle process. It involves defects being reported by testers as new, assigned to developers for analysis and fixing, then assigned back to testers for retesting. If the fix is satisfactory, the defect is closed, but if not it is reopened for further work by developers. The defect status changes through stages from new to open, fixed, closed or reopened depending on where it is in the process.
Take It to the Cloud: The Evolution of Security ArchitecturePriyanka Aash
As companies evolve their IT stack, traditional security approaches/architectures need to be reconsidered. This session will review some of the new risks introduced by SaaS/IaaS adoption and show how to mitigate these risks using new approaches to security architecture. Presenters will also review the transition of security architecture itself to the cloud.
(Source: RSA USA 2016-San Francisco)
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskPriyanka Aash
Time is of the essence when protecting your organization from complex cyberthreats. The clock doesn’t start when you have been breached—it’s always ticking. The board must articulate risk tolerances, management must set the strategy and IT must execute. The NIST CSF provides a common language for internal and external stakeholders, and helps the organization to stop translating and start defending.
Learning Objectives:
1: Learn how the NIST CSF can be used for more than just IT security.
2: Learn to use the CSF as a common language with the board, employees and customers.
3: Learn to adapt the CSF to the changing threat environment.
(Source: RSA Conference USA 2018)
The New Landscape of Airborne CyberattacksPriyanka Aash
This document discusses airborne cyberattacks and the new threat landscape they enable. It describes the BlueBorne attack, which can spread from device to device via Bluetooth without user interaction. BlueBorne impacts over 5.5 billion devices and was the most serious Bluetooth vulnerability to date. It demonstrates how an attacker could use BlueBorne to take over an Amazon Echo and then access a corporate network. The implications are that devices can now be attacked over the air, moving device-to-device. IoT devices need to be viewed as endpoints, and network infrastructure as unmanaged devices. It recommends that device and network discovery and visibility are critical next steps.
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
Confusion and deception new tools for data protectionPriyanka Aash
Cyberthreats are assymetric risks: corporate defenders must secure and detect everything, but the attacker needs to exploit only once. As petabytes of data traverse the ecosystem, legacy data protection methods leave many gaps. By looking through the adversary’s eyes, you can create subterfuges, delay attack progress or reduce the value of any data ultimately accessed—and shift the risk equation.
(Source : RSA Conference USA 2017)
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemPriyanka Aash
Vasilios Mavroudis and Giovanni Vigna presented on the ultrasonic communications ecosystem. They discussed how SilverPush used ultrasonic beacons for cross-device tracking starting in 2012. By 2014, their technology was covered in articles and funded by investors. In 2015, security researchers noticed the technology and raised privacy concerns. The FTC took action against SilverPush in 2016. The presentation examined open questions about the technology, potential use cases, and identified security and privacy risks like replay attacks if proper authentication and encryption are not implemented. They proposed mitigations like permission controls and browser extensions to filter ultrasonic signals.
Within 10-years-autonomous-vehicles-will-change-every-ciso s-jobDESMOND YUEN
2018 RSA Conference Presentation
How do we define autonomy?
Information security implications:
Insurance and vehicle finance
Information security and privacy
What does the threat model look like in each of the three phases?
Beyond the mcse red teaming active directoryPriyanka Aash
This document summarizes Sean Metcalf's presentation on red teaming Active Directory. It discusses leveraging PowerShell for offensive security, techniques for effective AD reconnaissance, and bypassing AD security defenses. The presentation provides an overview of key AD components, demonstrates offensive PowerShell commands, and outlines methods for discovering sensitive user and group information within the AD environment. It also reviews AD security controls and common techniques attackers use to circumvent defenses like LAPS and network segmentation.
Security precognition chaos engineering in incident responsePriyanka Aash
This document summarizes a presentation on security chaos engineering and incident response. The presentation discusses how complex adaptive systems are difficult to understand and failures are common. It introduces the concept of security chaos engineering, which involves experimenting with failures to build system resilience. An example is provided of how security chaos engineering could work by planning experiments, executing them during a "game day," analyzing results, and taking corrective action.
Making Threat Intelligence Actionable FinalPriyanka Aash
The document discusses making threat intelligence actionable by recommending responses using STIX. It proposes extending the STIX CourseOfActionType to include specific network actions like block, contain, inspect. Network actions could then be applied automatically or semi-automatically based on indicators in STIX. This would improve the connection between threat detection and response by enabling threat intelligence to recommend standardized, machine-readable responses.
This presentation will demonstrate a complete end-to-end analysis of an Android bot. This will include the decompilation and static analysis of bot code and the dynamic analysis of the bot’s behavior in a controlled sandboxed environment. The session will provide details of the lab environment and tools used for the analysis.
(Source: RSA USA 2016-San Francisco)
Breaking and entering how and why dhs conducts penetration testsPriyanka Aash
The document discusses how the Department of Homeland Security conducts penetration tests to identify vulnerabilities in networks. It provides examples of common methods used by adversaries like phishing and using default or reused credentials. The penetration tests help organizations identify issues, implement mitigations, and make risk-based security decisions. The services provided by DHS through NCATS include vulnerability scanning, incident response, and risk assessments to help secure systems and protect against cyber threats.
From ATT&CKcon 3.0
By Jared Stroud, Lacework
Adversaries target common cloud misconfigurations in container-focused workflows for initial access. Whether this is Docker or Kubernetes environments, Lacework Labs has identified adversaries attempting to deploy malicious container images (T1610) , mine Cryptocurrency (T1496), and deploy C2 agents. Defenders new to the container space may be unaware of the built-in capabilities popular container runtime engines have that can help defend against rogue containers being deployed into their environment. Attendees will walk away with an understanding of what these attack patterns look like based on honeypot data Lacework has gathered over the past year, as well as techniques on how to defend their own container focused workloads.
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
The increasing mobility of professional users has brought an end to the traditional corporate security perimeter. Google has reinvented its security perimeter around devices through its groundbreaking "BeyondCorp" initiative. In this talk, two Google security leaders will share how this transformation took place, where it's headed and how you can apply this approach to your organization.
(Source: RSA Conference USA 2017)
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
The document describes MITRE's Threat Report Automated Mapper (TRAM) tool, which uses machine learning to automatically map cyber threat reports to MITRE ATT&CK techniques. TRAM aims to streamline the process of analyzing reports and adding information to ATT&CK, though challenges remain around prediction accuracy and identifying new techniques. The document outlines TRAM's development process and discusses balancing automation with human analysis to better integrate cyber threat intelligence into ATT&CK.
Jagadeesh Parameswaran, Microsoft
Rahul Sachan, Microsoft
Windows Defender Advanced Threat Protection (WDATP) gives defenders unparalleled visibility into the enterprise. And Azure Advanced Threat Protection (AATP) gives the power to monitor attacks on the Domain Controllers and user identities. Come spend an hour with us as we pull back the covers and go through detailed examples of real attacks that we saw as we defended the Microsoft corporate environment using WDATP & AATP.
Dans le cadre de la 8ème edition des Cyber Security Days 2018, organisée par l'agence nationale de la sécurité informatique, notre partenaire Kaspersky North Africa a présenté son module "Kaspersky Threat intelligence".
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
From ATT&CKcon 3.0
By Jason Wood and Justin Swisher, CrowdStrike
When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session will explore how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team will demonstrate how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They will also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.
Poodle stands for Padding Oracle On Downgraded Legacy Encryption is an attack on SSL v3.0 which brings end of SSL. If you have got any doubts with the presentation, feel free to contact me via email.
Defect life cycle and Defect Status Life Cyclepavansmiles
The document describes the defect life cycle process. It involves defects being reported by testers as new, assigned to developers for analysis and fixing, then assigned back to testers for retesting. If the fix is satisfactory, the defect is closed, but if not it is reopened for further work by developers. The defect status changes through stages from new to open, fixed, closed or reopened depending on where it is in the process.
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
This document provides an overview of Bitcoin including:
1. The history and creation of Bitcoin, how it works without a central authority, and how new bitcoins are created through mining.
2. How transactions work using private keys and the blockchain to record balances and verify transactions.
3. Methods for individuals and merchants to use Bitcoin, including obtaining, storing, and spending bitcoins as well as advantages like low fees and risks to consider.
4. Both advantages like payment freedom and security, and disadvantages like price volatility.
Short Presentation (2 Hrs) on SSL and TLS Protocol and its reference standard. Good for intermediate participant or technical who want to understand secure protocol an
Peer to peer (P2P) computing involves direct sharing of resources and services between systems without centralized control or servers. P2P systems can be either pure, with no central server and peers communicating directly, or hybrid with a centralized server for name resolution but direct peer-to-peer communication. P2P is commonly used for applications that involve parallelizable or componentized tasks, content/file sharing, and collaboration where users can interact and edit shared information.
This document discusses algorithm analysis and complexity. It introduces algorithm analysis as a way to predict and compare algorithm performance. Different algorithms for computing factorials and finding the maximum subsequence sum are presented, along with their time complexities. The importance of efficient algorithms for problems involving large datasets is discussed.
The document provides an overview of security topics including algorithms, encryption, digital signatures, certificates, and cryptography. It discusses the need for message security, privacy, authentication, integrity and non-repudiation. It then describes symmetric key cryptography, public key cryptography, digital signatures, key management, certificates, and security at the IP, transport and application layers including SSL/TLS, IPSec, PGP and S/MIME.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
This document provides an overview of cryptography. It begins with basic definitions related to cryptography and a brief history of its use from ancient times to modern ciphers. It then describes different types of ciphers like stream ciphers, block ciphers, and public key cryptosystems. It also covers cryptography methods like symmetric and asymmetric algorithms. Common types of attacks on cryptosystems like brute force, chosen ciphertext, and frequency analysis are also discussed.
Bitcoin is a decentralized digital currency introduced in 2009 that allows for peer-to-peer financial transactions without a central authority. It uses blockchain technology to record transactions through a public ledger maintained by a network of computers. New bitcoins are created through a process called mining where users offer their computing power to verify transactions. Bitcoins can be obtained by mining or in exchange for fiat money, products, or services. Users can send and receive bitcoins electronically through wallet software. The blockchain protects against fraud by requiring digital signatures to validate transactions and cryptographic hashes to prevent modification of ledger entries.
Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it across insecure networks so that it cannot be read by anyone except the intended recipient.
Symmetric encryption uses a shared secret key between the sender and receiver to encrypt and decrypt messages. It is faster than asymmetric encryption but requires secure key exchange. Asymmetric encryption uses separate public and private keys, where the public key is used to encrypt and the private key decrypts, allowing secure communication without pre-shared keys. Common symmetric algorithms are AES and DES, while asymmetric algorithms include RSA, Diffie-Hellman, and ECDSA.
A brief discussion of network security and an introduction to cryptography. We end the presentation with a discussion of the RSA algorithm, and show how it works with a basic example.
A study of cryptography for satellite applicationsRajesh Ishida
This document discusses and compares various cryptographic algorithms for use in securing satellite downlink communications. It begins with an overview of aspects of satellite security and introduces cryptography. It then covers symmetric and asymmetric cryptographic algorithms like AES, RSA and stream ciphers. It analyzes the performance of algorithms in terms of hardware usage and throughput. Block cipher modes and attacks on cryptosystems are also examined. The document concludes by recommending the KHAZAD block cipher and A5/1 stream cipher as best suited for satellite security based on a performance comparison.
Client server computing in mobile environments part 2Praveen Joshi
Client server computing in mobile environments. Versatile, Message based, Modular Infrastructure intended to improve usability, flexibility, interoperability and scalability as compared to Centralized, Mainframe, time sharing computing.
Intended to reduce Network Traffic.
Communication is using RPC or SQL
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the classical cryptographic techniques that were in practice and the basic concepts behind the design of Feistel ciphers
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...IOSR Journals
This document presents a secure encryption technique based on an advanced Hill cipher for a public key cryptosystem. The technique uses an involutory matrix and permuted key to encrypt plaintext into ciphertext. It further encrypts the ciphertext through two levels of scrambling and adds tamper detection by calculating and transmitting the determinant of the ciphertext matrix. The decryption process reverses these steps to recover the original plaintext. The technique aims to make the cipher highly secure against cryptanalytic attacks by introducing multiple transformations and ensuring the integrity of the ciphertext through determinant verification.
“Proposed Model for Network Security Issues Using Elliptical Curve Cryptography”IOSR Journals
Abstract: Elliptic Curve Cryptography (ECC) plays an important role in today’s public key based security
systems. . ECC is a faster and more secure method of encryption as compared to other Public Key
Cryptographic algorithms. This paper focuses on the performance advantages of using ECC in the wireless
network. So in this paper its algorithm has been implemented and analyzed for various bit length inputs. The
Private key is known only to sender and receiver and hence data transmission is secure.
Pairing Based Elliptic Curve Cryptosystem for Message AuthenticationIJTET Journal
This document summarizes a research paper on using elliptic curve cryptography for message authentication. It begins with an introduction to elliptic curve cryptography and how it can provide equivalent security to other public key encryption methods but with smaller key sizes. It then describes the proposed methodology which includes generating an ECC key pair, encrypting a message with the public key, transmitting the encrypted message, and decrypting it with the private key. The results show a message being encrypted and decrypted correctly using this ECC process. It concludes that ECC can provide an efficient method for authentication in systems like vehicular networks due to its lower computation and communication overhead compared to other encryption methods.
Information and data security pseudorandom number generation and stream cipherMazin Alwaaly
Information And Data Security Pseudorandom Number Generation and Stream Cipher seminar
Mustansiriya University
Department of Education
Computer Science
Public key cryptography uses two keys - a public key that can be shared openly and a private key that is kept secret. This allows people to securely communicate without having to first share a secret key. Some common public key cryptographic techniques include RSA, which uses the difficulty of factoring large numbers, Diffie-Hellman key exchange for securely establishing a shared secret, and elliptic curve cryptography which provides similar security to RSA but with smaller key sizes. Public key infrastructure involves techniques like digital certificates to authenticate and distribute public keys.
This document summarizes a lecture on public-key cryptography and the RSA algorithm. It begins by introducing public-key cryptography and how it can provide both confidentiality and authentication simultaneously. It then describes the basic idea behind the RSA algorithm, which uses modular exponentiation and the fact that exponents behave modulo the totient of a number when the number is a product of two primes. The document provides details on how to implement RSA, including choosing the modulus as a product of two large prime numbers, and proves that the RSA algorithm works as intended. It also discusses computational and security aspects of RSA.
Lightweight secure scheme for detecting provenance forgery and packet drop at...Pvrtechnologies Nellore
The document proposes a lightweight secure scheme to detect packet forgery and loss attacks in wireless sensor networks. It relies on in-packet Bloom filters to encode data provenance. The scheme introduces efficient mechanisms for provenance verification and reconstruction at the base station. Key generation, encryption, and signature techniques are used to securely transmit provenance information and detect suspicious data packets. The proposed technique is evaluated analytically and empirically, proving its effectiveness and efficiency in detecting attacks.
This document analyzes the RC4 encryption algorithm and examines how its performance is affected by changing parameters like encryption key length and file size. Experimental tests were conducted to measure encryption time for different key lengths and file types. The results show encryption time increases with longer keys and larger files, and are modeled mathematically. The document also provides background on encryption methods, how RC4 works, and compares stream and block ciphers.
This document analyzes the RC4 encryption algorithm and examines how its performance is affected by changing parameters like encryption key length and file size. Experimental tests were conducted to measure encryption time for different key lengths and file types. The results show encryption time increases with longer keys and larger files, and are modeled mathematically. The document also provides background on encryption methods, how RC4 works, and compares stream and block ciphers.
This document analyzes the RC4 encryption algorithm and examines how its performance is affected by changing parameters like encryption key length and file size. Experimental tests were conducted to measure encryption time for different key lengths and file types. The results show encryption time increases polynomially with key length and can be approximated using mathematical equations. The document also provides background on encryption methods, how RC4 works, its features, and an example of encrypting an audio file with varying key lengths.
The document discusses key concepts related to the Ethereum blockchain platform, including accounts, transactions, gas/ether/tokens, code execution, and applications. It covers the state of the blockchain during execution, which is defined as the tuple of block state, transaction, message, code, memory, stack, program counter, and gas. It also discusses topics like cryptography, hashing, and how they are used in blockchain applications for digital signatures, transaction hashes, and block header hashes.
The document discusses encryption technology and its importance for securing electronic data. It describes how encryption works using encryption keys to scramble plaintext into ciphertext. Symmetric key algorithms like DES and asymmetric key algorithms like RSA are explained. The document also covers digital signatures, latest encryption methods like virtual matrix encryption, and quantum cryptography. It concludes that encryption technology is an emerging field with better, more secure algorithms being developed to transfer information securely over networks.
A new hybrid text encryption approach over mobile ad hoc network IJECEIAES
This document summarizes a research paper that proposes a new hybrid text encryption approach combining elliptic curve cryptography and the Hill cipher algorithm for use on mobile ad hoc networks. The approach aims to address security weaknesses in the Hill cipher by converting it from a symmetric to an asymmetric technique. It generates public and private keys using elliptic curve cryptography so the secret key does not need to be shared over unsecured channels. The approach also allows direct encryption and decryption of characters from the full 128-character ASCII table using their numeric values, avoiding the need for a character mapping table. The advantages are seen as improved security, efficiency and faster computation compared to other techniques.
This document discusses public key cryptography and the RSA encryption algorithm. It provides an overview of public key cryptography, how the RSA algorithm works using a public and private key pair, and some of its applications. The RSA algorithm is based on the difficulty of factoring large prime numbers and allows for secure communication without needing to share secret keys. Some advantages are convenience and enabling message authentication and non-repudiation using digital signatures, while disadvantages include slower performance and the need to authenticate public keys.
Multiple Encryption using ECC and Its Time Complexity AnalysisIJCERT
Rapid growth of information technology in present era, secure communication, strong data encryption technique and trusted third party are considered to be major topics of study. Robust encryption algorithm development to secure sensitive data is of great significance among researchers at present. The conventional methods of encryption used as of today may not sufficient and therefore new ideas for the purpose are to be design, analyze and need to be fit into the existing system of security to provide protection of our data from unauthorized access. An effective encryption/ decryption algorithm design to enhance data security is a challenging task while computation, complexity, robustness etc. are concerned. The multiple encryption technique is a process of applying encryption over a single encryption process in a number of iteration. Elliptic Curve Cryptography (ECC) is well known and well accepted cryptographic algorithm and used in many application as of today. In this paper, we discuss multiple encryptions and analyze the computation overhead in the process and study the feasibility of practical application. In the process we use ECC as a multiple-ECC algorithm and try to analyze degree of security, encryption/decryption computation time and complexity of the algorithm. Performance measure of the algorithm is evaluated by analyzing encryption time as well as decryption time in single ECC as well as multiple-ECC are compared with the help of various examples.
The document discusses using symmetric encryption to provide confidentiality, noting the need to securely distribute shared keys between parties and alternatives like using a trusted third party. It also covers generating random numbers, which are important in cryptography, and sources of randomness like noise-based hardware generators as well as pseudorandom number generators that can pass tests for randomness. Placement of encryption at different layers in the OSI model and traffic analysis techniques are also summarized.
Similar to Crypto 101: Encryption, Codebreaking, SSL and Bitcoin (20)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.
The document summarizes the top 10 cybersecurity risks presented to the board of directors of a manufacturing company. It discusses each risk such as insider threats, cloud security, ransomware attacks, third party risks, and data security. For each risk, it provides the current posture in terms of controls, compliance level, and planned improvements. The CISO and other leaders such as the managing director, finance director, and chief risk officer attended the presentation.
Simplifying data privacy and protection.pdfPriyanka Aash
1) Data is growing exponentially which increases the risk and impact of data breaches, while compliance requirements are also becoming more stringent.
2) IBM Security Guardium helps customers address this by discovering, classifying, and protecting sensitive data across platforms and simplifying compliance.
3) It detects threats in real-time, increases data security accuracy, and reduces the time spent on audits and issue remediation, helping customers minimize the impact of potential data breaches and address local compliance requirements.
Generative AI and Security (1).pptx.pdfPriyanka Aash
Generative AI and Security Testing discusses generative AI, including its definition as a subset of AI focused on generating content similar to human creations. The document outlines the evolution of generative AI from artificial neural networks to modern models like GPT, GANs, and VAEs. It provides examples of different types of generative AI like text, image, audio, and video generation. The document proposes potential uses of generative AI like GPT for security testing tasks such as malware generation, adversarial attack simulation, and penetration testing assistance.
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
The document discusses shifting the focus in cybersecurity from vulnerability management to weakness management and attack surface management. It argues that attacks persist because approaches focus only on software vulnerabilities, while ignoring other weaknesses like technological, people and process weaknesses that expand the potential attack surface. A new approach is needed that takes a holistic view of all weaknesses and continuously monitors the entire attack surface to better prevent attacks.
The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
This document discusses cybersecurity threats and SentinelOne's solutions. It begins with questions about an organization's cyber preparedness and budget. It then discusses the cat-and-mouse game between attackers and defenders. The document highlights growing ransomware threats and payments. It argues SentinelOne provides a unified security solution that lowers costs, risks, and complexity while improving detection and response. It shares industry recognition for SentinelOne and concludes by thanking the audience.
An IT systems outage and distributed denial of service (DDoS) attack impacted an organization called XYZ Ltd. This was followed by a ransom demand email from an anonymous sender threatening to release sensitive project data. When the ransom deadline passed, anonymous hackers released a video on social media and the data breach began receiving media coverage. A customer then contacted XYZ to inquire about the data leak and if their content was impacted. The document outlines discussions between teams at XYZ on responding to the cyber incident and lessons learned.
The CISO Platform is a 10+ year old dedicated social platform for CISOs and senior IT security leaders that has grown to over 40,000 members across 20+ countries. Through sharing and collaboration, the community has created over 500 checklists, frameworks, and playbooks that are available for free to members. The platform also hosts an annual security conference with over 100 speakers and 20 workshops attended by 20,000 people. The goal of the CISO Platform is to build tangible community goods and resources through open sharing and collaboration among security professionals.
This document provides updates from the Chennai Chapter of the CISO Platform for 2021. It discusses the following:
1. The Breach and Attack Summit held in December which included panel discussions, presentations, task forces, and workshops despite natural disasters, with over 200 attendees.
2. Chapter meetings focused on ransomware trends and lessons learned from attacks.
3. A kids initiative to promote cybersecurity awareness through sessions for students, parents and teachers at local schools.
4. The task forces focused on topics like cyber risk quantification, quantum computing, cyber insurance and privacy.
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Lessons Learned From Ransomware AttacksPriyanka Aash
The document summarizes a ransomware attack experienced by the author's organization and the lessons learned. It describes how the ransomware encrypted files and powered off virtual machines. It then details the recovery process over several days, including bringing in an incident response firm, rebuilding infrastructure, and restoring service for customers. Key lessons included having stronger access controls, backups stored separately, and implementing security tools like EDR, centralized logging, and identity management best practices.
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Zilliz
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Crypto 101: Encryption, Codebreaking, SSL and Bitcoin
1. SESSION ID:
Crypto 101:
Encryption, Codebreaking,
SSL and Bitcoin
BAS-M06
Benjamin
HVF Labs
@BenjaminJun
Some material adapted from Ivan Ristic, Qualys (RSAC 2011)
2. `
2
Crypto 101
Cryptography is the art and science of keeping
messages secure.
Cryptography building blocks
Cryptographic protocols
SSL / TLS
Bitcoin
Attacks on cryptography
5. `
5
Encryption
Obfuscation that is fast when you know the secrets, but
impossible or slow when you don’t.
Scytale
300BC
Image credit: Luringen, Sobebunny, R Boo
Enigma Machine
1920s
Jefferson Wheel (M94)
1900s
6. `
6
Symmetric encryption
Use shared key to encrypt/decrypt
Algorithm does not need to be secret
Key must be agreed and communicated in advance
Convenient and fast
Examples: RC4, 3DES, AES
7. `
Asymmetric encryption
Two related keys: one private, one public
Anyone with the public key can encrypt the message
Only the private key holder can decrypt message
Enables encryption, key exchange, and authentication
Examples: RSA, Diffie-Hellman, ElGamal, DSA, Elliptic curve (ECDH /
ECDSA)
Significantly slower than symmetric encryption
8. `
8
Authentication
Confirm data integrity and message origin
Mark of the Fisherman
(1200AD)
British Museum, flikr:favoritethings
Egyptian signet ring
(500BC)
US nuclear “football”
(present day)
On death, Cardinal
Camerlengo to destroy
Keys roll at noon on
inauguration day
9. `
9
Digital signatures
Asymmetric cryptography can authenticate messages
Only the private key holder can generate a signature
Anyone with the public key can validate the signature
Signatures protect digital certificates from modification or forgery
sign verifySigned
documen
t
10. `
10
Digital certificates
Digital ID can include public/private keypair
Digital certificate conveys identity
Credential holder info (name, address, etc.)
Identity’s public key
Validity period
Digital signature of Certificate Authority (CA)
Authentication has 3 steps
CA signature confirms data is authentic, vouched for
Do we approve of data in the certificate?
Identity keypair validated to confirm ID holder has the private key
11. `
11
Randomness matters
Random numbers at heart of crypto
Used for key generation
Weak keys = weak encryption
Random number generators
True random (TRNG) – truly random
Pseudorandom (PRNG) – look
random
PRNGs fine if properly seeded,
properly designed 60
“elliptic curve discrete logarithm problem” (ECDLP): given points P and Q on an ellipt
curve of order n, find a such that Q aP.
Dual_EC_DRBG uses an initial seed that is 2 * security_strength bits in length to initia
the generation of outlen-bit pseudorandom strings by performing scalar multiplications
two points in an elliptic curve group, where the curve is defined over a field approxima
2m
in size. For all the NIST curves given in this Recommendation, m is at least twice th
security_strength, and never less than 256. Throughout this DRBG mechanism
specification, m will be referred to as seedlen; the term “seedlen” is appropriate because
the internal state of Dual_EC_DRBG is used as a “seed” for the random block it produ
Figure 13 depicts the Dual_EC_DRBG.
The instantiation of this DRBG mechanism requires the selection of an appropriate ellip
curve and curve points specified in Appendix A.1 for the desired security strength. The
seed used to determine the initial value (s) of the DRBG mechanism shall have at least
security_strength bits of entropy. Further requirements for the seed are provided in Sect
8.6. This DRBG mechanism uses the derivation function specified in Section 10.4.1 dur
instantiation and reseeding.
The maximum security strength that can be supported by the Dual_EC_DRBG is the
security strength of the curve used; the security strengths for the curves are provided in
800-57].
seed
0
Instant. or
reseed only
+
(x (t*P)) (x (s*Q))
t
P Q
s r
If additional input = Null
Extract
Bits
Pseudorandom
Bits
[Optional]
additional input
Figure 13: Dual_EC_DRBG
77
Appendix A: (Normative) Application-Specific Constants
A.1 Constants for the Dual_EC_DRBG
The Dual_EC_DRBG requires the specifications of an elliptic curve and two points on the
elliptic curve. One of the following NIST approved curves with associated points shall be
used in applications requiring certification under [FIPS 140]. More details about these
curves may be found in [FIPS 186]. If alternative points are desired, they shall be
generated as specified in Appendix A.2.
Each of following curves is given by the equation:
y2
= x3
- 3x + b (mod p)
Notation:
p - Order of the field Fp , given in decimal
n - Order of the Elliptic Curve Group, in decimal .
a – (-3) in the above equation
b - Coefficient above
The x and y coordinates of the base point, i.e., generator G, are the same as for the point P.
A.1.1 Curve P-256
p = 11579208921035624876269744694940757353008614
3415290314195533631308867097853951
n = 11579208921035624876269744694940757352999695
5224135760342422259061068512044369
b = 5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e
27d2604b
Px = 6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0
f4a13945 d898c296
Py = 4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece
cbb64068 37bf51f5
Qx = c97445f4 5cdef9f0 d3e05e1e 585fc297 235b82b5 be8ff3ef
ca67c598 52018192
Qy = b28ef557 ba31dfcb dd21ac46 e2a91e3c 304f44cb 87058ada
2cb81515 1e610046
NIST SP800-90A: Dual EC
DRBG with NIST NSA*
constants
* NYT Snowden memos, September 2013
(don’t use these)
12. `
12
Hash functions
One-way transformation to
generate data fingerprints for:
Digital signatures
Integrity validation
Tokenization (e.g., storing passwords)
Examples
MD5 considered broken
SHA-1 (160) some concerns
SHA-2 (256) ok
Keccak and SHA-3
SHA2 (SHA-256) compression function
◆
Desirable qualities
Preimage resistance (one-wayness
Collision resistance and birthday
13. `
13
Stay humble
Don’t roll your own crypto
Failure modes subtle, catastrophic
Standard crypto has been strongly vetted
Avoid unnecessary complexity
System only as strong as its weakest link
Complexity = more stuff to go wrong
Never rely on obscurity
“If I can barely understand it, then it must be strong!”
Kerckhoffs's principle: only the key should be secure
Auguste Kerckhoffs (1835-1903)
15. `
15
TLS
Transport Layer Security
World’s most widely used cryptographic protocol
From Netscape SSL3 (Kocher, 1995)
Security requirements
Securely connect with someone you have never met
Data privacy, data integrity, no site impersonation, no
man-in-middle
16. `
16
Getting to https
1. Webserver provides digital
certificate to browser
• “Amazon.com’s passport”
2. TLS layer + browser
“authenticates passport”
• Confirms data fields in cert
• Confirms digital signature
3. TLS layer confirms that
webserver holds private key
• Sends encrypted data that can only
be decrypted w/private key
Cert. Authority signature
Amazon public RSA key
Amazon info
Certificate Authority info
18. `
18
Bitcoin (1/2)
Peer-to-peer, decentralized
currency
Not underwritten by any entity
“Satoshi Nakamoto” paper (2008)
180K transactions/day (Jan
‘16)
$6.5B in circulation (Jan ’16)
(US M0 Supply: $4,007B, Nov ‘15)
Diagrams from blockchain.info
Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
satoshin@gmx.com
www.bitcoin.org
Abstract. A purely peer-to-peer version of electronic cash would allow online
payments to be sent directly from one party to another without going through a
financial institution. Digital signatures provide part of the solution, but the main
benefits are lost if a trusted third party is still required to prevent double-spending.
We propose a solution to the double-spending problem using a peer-to-peer network.
The network timestamps transactions by hashing them into an ongoing chain of
hash-based proof-of-work, forming a record that cannot be changed without redoing
the proof-of-work. The longest chain not only serves as proof of the sequence of
events witnessed, but proof that it came from the largest pool of CPU power. As
long as a majority of CPU power is controlled by nodes that are not cooperating to
attack the network, they'll generate the longest chain and outpace attackers. The
network itself requires minimal structure. Messages are broadcast on a best effort
basis, and nodes can leave and rejoin the network at will, accepting the longest
proof-of-work chain as proof of what happened while they were gone.
1. Introduction
Commerce on the Internet has come to rely almost exclusively on financial institutions serving as
trusted third parties to process electronic payments. While the system works well enough for
most transactions, it still suffers from the inherent weaknesses of the trust based model.
Completely non-reversible transactions are not really possible, since financial institutions cannot
avoid mediating disputes. The cost of mediation increases transaction costs, limiting the
minimum practical transaction size and cutting off the possibility for small casual transactions,
and there is a broader cost in the loss of ability to make non-reversible payments for non-
reversible services. With the possibility of reversal, the need for trust spreads. Merchants must
be wary of their customers, hassling them for more information than they would otherwise need.
A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties
can be avoided in person by using physical currency, but no mechanism exists to make payments
over a communications channel without a trusted party.
What is needed is an electronic payment system based on cryptographic proof instead of trust,
allowing any two willing parties to transact directly with each other without the need for a trusted
third party. Transactions that are computationally impractical to reverse would protect sellers
from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In
19. `
19
Bitcoin (2/2)
Characteristic What happens Cryptography
Value creation
Mined by searching for magic
values KWh —> BTC!
Proof-of-work method uses
SHA-256 hash function
Coin transfers Digital signatures ECDSA digital signature
Recordkeeping
(no double-
spending)
Distributed ledger with financial
incentive for a “single view”
Block chain uses SHA-256
hash function
Backing entity NONE!
Everything regulated by
market forces + math!
Great technical resource: Bitcoin Developer Reference by Krzysztof Okupski
21. `
21
Brute force
DES Keysearch Machine, 1998
Tests 90 billion keys/sec, average
time to crack 56-bit DES: 5 days
(Cryptography Research, AWT, EFF)
US Navy Bombe, 1943
Contains 16 four-rotor Enigma
equivalents to perform exhaustive
key search.
22. `
22
Cryptanalysis
HDCP = “High bandwidth Digital Copy
Protection”
Protects digital content, interoperability
Fast, offline, any-to-any negotiation
Encryption and authentication
“Clever” key management
No one device contains global secret
HDCP master key published (2010)
Unlicensed implementations cannot
be revoked
A Cryptanalysis of the High-bandwidth
Digital Content Protection System
(Crosby, Goldberg, Johnson, Song, Wagner)
image from www.hdmi.org
But keys from
~40 devices can
reveal the master
key
23. `
23
Implementation: Side Channel (1/2)
Simple EM attack with radio at distance of 10 feet
Devices
Antennas
Receiver ($350)
Digitizer,
GNU Radio peripheral
($1000)
Signal Processing
(demodulation, filtering)
Images from Cryptography Research
24. `
24
Implementation: Side Channel (2/2)
Focus on Mpdp mod p calculation (Mqdq mod q similar)
For each bit i of secret dp
perform “Square”
if (bit i == 1)
perform “Multiply”
endif
endfor
SM S S S S S S S SM S SM SM S S S SM SM S S S S S S S S S
Images from Cryptography Research
25. `
25
Crypto necessary, but not sufficient
Game King poker (2014)
Bug allows user to adjust bet
after hand played
Siemens Simatic S7-315
Target of Stuxnet
Operation Olympic Games
http://www.wired.com/2014/10/cheating-video-poker/
27. `
27
Resources
Understanding Cryptography
Christof Paar and Jan Pelzl
(Springer, 2009)
Cryptography online course
Dan Boneh, Stanford University
Dan$Boneh$
Genera7ng$keys:$a$toy$protocol$
Alice$wants$a$shared$key$with$Bob.$$$$$Eavesdropping$security$only.$
$
Bob#(kB) $ $Alice#(kA) $ $ $ $TTP#
7cket$
kAB## kAB##
“Alice$wants$key$with$Bob”$
(E,D)$a$CPANsecure$cipher$
choose$$
random$kAB$
Dan$Boneh$
Insecure$against$manNinNtheNmiddle$
As$described,$the$protocol$is$insecure$against$acJve$aFacks$
Alice# Bob#MiTM#
28. `
28
How to apply what you have learned
In the first three months:
Identify where cryptography is used in your organization
Identify infrastructure required (key management, certificates)
Within six months:
Know what crypto can do. Explain the different security
properties.
Know what crypto can’t do. Understand basic implementation
security issues.
29. `
29
@BenjaminJun
Friday March 4, 10:10am
Our Road Ahead: Today’s Tech Developments,
Tomorrow’s Security Challenges
Fireside chat with Benjamin Jun and Hugh Thompson
Industry Experts EXP-F02
Questions?