The document discusses using locality sensitive hashing (LSH) to identify similar malware samples, specifically fresh ransomware. It evaluates the performance of different LSH techniques like SSDEEP, SDHASH and TLSH for clustering a dataset of malware binaries. TLSH was found to work best by grouping similar samples and completing searches faster than alternatives like YARA rules. The proposed solution uses LSH to search a database of old ransomware for similar new files, aiming to efficiently identify fresh ransomware samples. Future work could include parallelizing searches, expanding the ransomware corpus, developing improved LSH methods, and adding labels to the malware database.
DEEPSEC 2013: Malware Datamining And AttributionMichael Boman
Greg Hoglund explained at BlackHat 2010 that the development environments that malware authors use leaves traces in the code which can be used to attribute malware to a individual or a group of individuals. Not with the precision of name, date of birth and address but with evidence that a arrested suspects computer can be analysed and compared with the "tool marks" on the collected malware sample.
Adding Transparency and Automation into the Galaxy Tool Installation ProcessEnis Afgan
The talk will discuss process of unifying the tool installation approach within the Galaxy project and how it can be used by anyone to to install potentially hundreds of tools in an automated fashion.
Replay of Malicious Traffic in Network TestbedsDETER-Project
In this paper we present tools and methods to integrate attack measurements from the Internet with controlled experimentation on a network testbed. We show that this approach provides greater fidelity than synthetic models. We compare the statistical properties of real-world attacks with synthetically generated constant bit rate attacks on the testbed. Our results indicate that trace replay provides fine time-scale details that may be absent in constant bit rate attacks. Additionally, we demonstrate the effectiveness of our approach to study new and emerging attacks. We replay an Internet attack captured by the LANDER system on the DETERLab testbed within two hours.
Data and tools from the paper are available at: http://montage.deterlab.net/magi/hst2013tools
Also read the LANDER Blog entry at: http://ant.isi.edu/blog/?p=411
NOZZLE: A Defense Against Heap-spraying Code Injection AttacksNorman Mayes
Heap spraying is a security attack that increases the exploitability of memory corruption errors in type-unsafe
applications. In a heap-spraying attack, an attacker coerces an application to allocate many objects containing
malicious code in the heap, increasing the success rate of
an exploit that jumps to a location within the heap. Because heap layout randomization necessitates new forms
of attack, spraying has been used in many recent security
exploits.
Lightning fast genomics with Spark, Adam and ScalaAndy Petrella
We are at a time where biotech allow us to get personal genomes for $1000. Tremendous progress since the 70s in DNA sequencing have been done, e.g. more samples in an experiment, more genomic coverages at higher speeds. Genomic analysis standards that have been developed over the years weren't designed with scalability and adaptability in mind. In this talk, we’ll present a game changing technology in this area, ADAM, initiated by the AMPLab at Berkeley. ADAM is framework based on Apache Spark and the Parquet storage. We’ll see how it can speed up a sequence reconstruction to a factor 150.
Streaming data presents new challenges for statistics and machine learning on extremely large data sets. Tools such as Apache Storm, a stream processing framework, can power range of data analytics but lack advanced statistical capabilities. These slides are from the Apache.con talk, which discussed developing streaming algorithms with the flexibility of both Storm and R, a statistical programming language.
At the talk I dicsussed issues of why and how to use Storm and R to develop streaming algorithms; in particular I focused on:
• Streaming algorithms
• Online machine learning algorithms
• Use cases showing how to process hundreds of millions of events a day in (near) real time
See: https://apacheconna2015.sched.org/event/09f5a1cc372860b008bce09e15a034c4#.VUf7wxOUd5o
Course: Bioinformatics for Biomedical Research (2014).
Session: 2.2- Introduction to Galaxy. A web-based genome analysis platform.
Statistics and Bioinformatisc Unit (UEB) & High Technology Unit (UAT) from Vall d'Hebron Research Institute (www.vhir.org), Barcelona.
DEEPSEC 2013: Malware Datamining And AttributionMichael Boman
Greg Hoglund explained at BlackHat 2010 that the development environments that malware authors use leaves traces in the code which can be used to attribute malware to a individual or a group of individuals. Not with the precision of name, date of birth and address but with evidence that a arrested suspects computer can be analysed and compared with the "tool marks" on the collected malware sample.
Adding Transparency and Automation into the Galaxy Tool Installation ProcessEnis Afgan
The talk will discuss process of unifying the tool installation approach within the Galaxy project and how it can be used by anyone to to install potentially hundreds of tools in an automated fashion.
Replay of Malicious Traffic in Network TestbedsDETER-Project
In this paper we present tools and methods to integrate attack measurements from the Internet with controlled experimentation on a network testbed. We show that this approach provides greater fidelity than synthetic models. We compare the statistical properties of real-world attacks with synthetically generated constant bit rate attacks on the testbed. Our results indicate that trace replay provides fine time-scale details that may be absent in constant bit rate attacks. Additionally, we demonstrate the effectiveness of our approach to study new and emerging attacks. We replay an Internet attack captured by the LANDER system on the DETERLab testbed within two hours.
Data and tools from the paper are available at: http://montage.deterlab.net/magi/hst2013tools
Also read the LANDER Blog entry at: http://ant.isi.edu/blog/?p=411
NOZZLE: A Defense Against Heap-spraying Code Injection AttacksNorman Mayes
Heap spraying is a security attack that increases the exploitability of memory corruption errors in type-unsafe
applications. In a heap-spraying attack, an attacker coerces an application to allocate many objects containing
malicious code in the heap, increasing the success rate of
an exploit that jumps to a location within the heap. Because heap layout randomization necessitates new forms
of attack, spraying has been used in many recent security
exploits.
Lightning fast genomics with Spark, Adam and ScalaAndy Petrella
We are at a time where biotech allow us to get personal genomes for $1000. Tremendous progress since the 70s in DNA sequencing have been done, e.g. more samples in an experiment, more genomic coverages at higher speeds. Genomic analysis standards that have been developed over the years weren't designed with scalability and adaptability in mind. In this talk, we’ll present a game changing technology in this area, ADAM, initiated by the AMPLab at Berkeley. ADAM is framework based on Apache Spark and the Parquet storage. We’ll see how it can speed up a sequence reconstruction to a factor 150.
Streaming data presents new challenges for statistics and machine learning on extremely large data sets. Tools such as Apache Storm, a stream processing framework, can power range of data analytics but lack advanced statistical capabilities. These slides are from the Apache.con talk, which discussed developing streaming algorithms with the flexibility of both Storm and R, a statistical programming language.
At the talk I dicsussed issues of why and how to use Storm and R to develop streaming algorithms; in particular I focused on:
• Streaming algorithms
• Online machine learning algorithms
• Use cases showing how to process hundreds of millions of events a day in (near) real time
See: https://apacheconna2015.sched.org/event/09f5a1cc372860b008bce09e15a034c4#.VUf7wxOUd5o
Course: Bioinformatics for Biomedical Research (2014).
Session: 2.2- Introduction to Galaxy. A web-based genome analysis platform.
Statistics and Bioinformatisc Unit (UEB) & High Technology Unit (UAT) from Vall d'Hebron Research Institute (www.vhir.org), Barcelona.
It includes the information related to a bioinformatics tool BLAST (Basic Local Alignment Search Tool), BLAST is in-silico hybridisation to find regions of similarity between biological sequences. The program compares nucleotide or protein sequences to sequence databases and calculates the statistical significance. This presentation too contains the input - output format, Blast process and its types .
Regular Expression Denial of Service RegexDoSMichael Hidalgo
This talk was presented on the OWASP AppSec 2016 Rio de la Plata in Montevideo, Uruguay on 2nd December 2016.
Regular expressions are commonly used in each computational environment: from Web clients to IDS/IPS to Web applications to databases.
Software engineers use regular expressions to perform input data validation and a wide range of other functions related to string manipulations and parsing. With code examples, We'll discuss the so-called RegEx DoS vulnerability and why this security problem has become more and more recurrent in this repository-driven and open source software development model.
This is a presentation about the so-called Regular Expression Denial of Service vulnerability, also known as RegexDoS.
This research gives an explanation on what is a Regex DoS and how it happens on different programming languages.
Several books and online articles were visited in order to create the presentation. Special thanks to Juliette Reinders Folmer from Pluralsight for creating great course https://www.pluralsight.com/courses/regular-expressions-fundamentals.
MR201403 consideration and evaluation of using fuzzy hashingFFRI, Inc.
‘fuzzy hashing’ was introduced in 2006 by Jesse Kornblum.
In malware analysis fuzzy hashing algorithms such as ssdeep are being introduced in recent years.
(IMHO) However, we don’t consider the effective usage of them enough • In this slides, we evaluate an effectiveness of classification of malware similarity by fuzzy hashing Background and purpose.
An lsh based blocking approach with a homomorphic matching technique for priv...ieeepondy
An lsh based blocking approach with a homomorphic matching technique for privacy-preserving record linkage
+91-9994232214,8144199666, ieeeprojectchennai@gmail.com,
www.projectsieee.com, www.ieee-projects-chennai.com
IEEE PROJECTS 2015-2016
-----------------------------------
Contact:+91-9994232214,+91-8144199666
Email:ieeeprojectchennai@gmail.com
Support:
-------------
Projects Code
Documentation
PPT
Projects Video File
Projects Explanation
Teamviewer Support
Rabin Karp algorithm is a search algorithm that searches for a substring pattern in a text using hashing. It is beneficial for matching words with many patterns. One of the practical applications of Rabin Karp's algorithm is in the detection of plagiarism. Michael O. Rabin and Richard M. Karp invented the algorithm. This algorithm performs string search by using a hash function. A hash function is the values that are compared between two documents to determine the level of similarity of the document. Rabin-Karp algorithm is not very good for single pattern text search. This algorithm is perfect for multiple pattern search. The Levenshtein algorithm can be used to replace the hash calculation on the Rabin-Karp algorithm. The hash calculation on Rabin-Karp only counts the number of hashes that have the same value in both documents. Using the Levenshtein algorithm, the calculation of the hash distance in both documents will result in better accuracy.
Zsombor Kovács - Cheaters for Everything from Minesweeper to Mobile Banking ...hacktivity
In my opinion, cheating acceptable - it merely means expanding the frame of an application to the point, which is beyond what the creators of the application have ever imagined. In this talk, we explore how the popular instumentalisation framework Frida can be used to hack applications from games to mobile banking applications.
Vincent Ruijter - ~Securing~ Attacking Kuberneteshacktivity
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
More Related Content
Similar to Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malware Classification
It includes the information related to a bioinformatics tool BLAST (Basic Local Alignment Search Tool), BLAST is in-silico hybridisation to find regions of similarity between biological sequences. The program compares nucleotide or protein sequences to sequence databases and calculates the statistical significance. This presentation too contains the input - output format, Blast process and its types .
Regular Expression Denial of Service RegexDoSMichael Hidalgo
This talk was presented on the OWASP AppSec 2016 Rio de la Plata in Montevideo, Uruguay on 2nd December 2016.
Regular expressions are commonly used in each computational environment: from Web clients to IDS/IPS to Web applications to databases.
Software engineers use regular expressions to perform input data validation and a wide range of other functions related to string manipulations and parsing. With code examples, We'll discuss the so-called RegEx DoS vulnerability and why this security problem has become more and more recurrent in this repository-driven and open source software development model.
This is a presentation about the so-called Regular Expression Denial of Service vulnerability, also known as RegexDoS.
This research gives an explanation on what is a Regex DoS and how it happens on different programming languages.
Several books and online articles were visited in order to create the presentation. Special thanks to Juliette Reinders Folmer from Pluralsight for creating great course https://www.pluralsight.com/courses/regular-expressions-fundamentals.
MR201403 consideration and evaluation of using fuzzy hashingFFRI, Inc.
‘fuzzy hashing’ was introduced in 2006 by Jesse Kornblum.
In malware analysis fuzzy hashing algorithms such as ssdeep are being introduced in recent years.
(IMHO) However, we don’t consider the effective usage of them enough • In this slides, we evaluate an effectiveness of classification of malware similarity by fuzzy hashing Background and purpose.
An lsh based blocking approach with a homomorphic matching technique for priv...ieeepondy
An lsh based blocking approach with a homomorphic matching technique for privacy-preserving record linkage
+91-9994232214,8144199666, ieeeprojectchennai@gmail.com,
www.projectsieee.com, www.ieee-projects-chennai.com
IEEE PROJECTS 2015-2016
-----------------------------------
Contact:+91-9994232214,+91-8144199666
Email:ieeeprojectchennai@gmail.com
Support:
-------------
Projects Code
Documentation
PPT
Projects Video File
Projects Explanation
Teamviewer Support
Rabin Karp algorithm is a search algorithm that searches for a substring pattern in a text using hashing. It is beneficial for matching words with many patterns. One of the practical applications of Rabin Karp's algorithm is in the detection of plagiarism. Michael O. Rabin and Richard M. Karp invented the algorithm. This algorithm performs string search by using a hash function. A hash function is the values that are compared between two documents to determine the level of similarity of the document. Rabin-Karp algorithm is not very good for single pattern text search. This algorithm is perfect for multiple pattern search. The Levenshtein algorithm can be used to replace the hash calculation on the Rabin-Karp algorithm. The hash calculation on Rabin-Karp only counts the number of hashes that have the same value in both documents. Using the Levenshtein algorithm, the calculation of the hash distance in both documents will result in better accuracy.
Zsombor Kovács - Cheaters for Everything from Minesweeper to Mobile Banking ...hacktivity
In my opinion, cheating acceptable - it merely means expanding the frame of an application to the point, which is beyond what the creators of the application have ever imagined. In this talk, we explore how the popular instumentalisation framework Frida can be used to hack applications from games to mobile banking applications.
Vincent Ruijter - ~Securing~ Attacking Kuberneteshacktivity
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and offers the capability to the users to take care of only those things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP, RDP or SSH then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 12km on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. It will be show how to tunnel data over a Windows jumpbox utilising RDP (including the dirty low level "secrets") or how to exfiltrate data over ICMP from barely secured networks. We have simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity
Adobe Experience Manager (AEM) is an enterprise-grade CMS. It’s used by high-profile companies like Linkedin, Apple, Mastercard, Western Union, Cisco, General Motors, and others. AEM is built on top of the Apache Sling, Apache Felix and Apache Jackrabbit Oak projects. In the talk, the author will share unique methodology on how to approach AEM weabpps in pentests or bug bounty programs. Misconfiguration issues, as well as product vulnerabilities, will be covered in the talk, including newly discovered vulnerabilities for which Adobe PSIRT assigned CVE ids. The author will share automation tool for discovering vulnerabilities and misconfigurations discussed in the talk.
Gabrial Cirlig & Stefan Tanase - Smart Car Forensics and Vehicle Weaponizationhacktivity
As “smart” is becoming the new standard for everything, malicious threat actors are quick to capitalize on the insecurity of IoT devices. Hackers compromising your network and spying on you is not something new in the world of personal computers, but definitely an emerging threat in the world of personal cars.
Matthias Deeg - Bypassing an Enterprise-Grade Biometric Face Authentication S...hacktivity
Biometric authentication systems have long, checkered history in IT security and are regarded as a highly controversial technology. Many manufacturers and users love them because of their usability and the personal touch they give to human-computer interaction when it comes to an often annoying but necessary task like user authentication. Other people hate them because of data privacy and security concerns. Despite all the controversy, biometric authentication systems are still here and they seem to stay.
In fall 2017, SySS GmbH started a research project concerning the enterprise-grade face authentication system Microsoft Windows Hello Face Authentication based on near infrared technology.
In our talk, we will present the results of our research project concerning the enterprise-grade face authentication system Windows Hello Face Authentication by Microsoft based on near infrared and visible light and will demonstrate how different versions of it can be bypassed by rather simple means.
Gergely Biczók - Interdependent Privacy & the Psychology of Likeshacktivity
The Facebook/Cambridge Analytica case headlined technical news the whole Spring of 2018. This case is not the first (and certainly not the last) that demonstrates privacy issues with Facebook and the ecosystem around it; yet, it gained notoriety because of its scale and alleged direct effect on the outcome of the US presidential election. In this talk we look behind the scenes and under the hood and analyze the IT, economic, psychological and legal background necessary to understand the full impact of the Cambridge Analytica case. We touch upon the underlying economic theory on externalities that defines interdependent privacy and sets the scene at a high level; the permission system of the Facebook API that enabled the collection of personal data at scale; the breakthrough psychology research that enabled the use of these data to influence political elections; and the legal impact through the lens of the GDPR.
Paolo Stagno - A Drone Tale: All Your Drones Belong To Ushacktivity
In 2013, DJI Drones quickly gained the reputation as the most stable platform for use in aerial photography and other fields. Since then Drones have increased their field of application and are actively used across various industries (law enforcement and first responders, utility companies, governments and universities) to perform critical operations on daily basis. As a result of that, Drones security has also become a hot topic in the industry.
This talk will provide a comprehensive overview of the security model and security issues affecting the underlying technologies, including existing vulnerabilities in the radio signals, Wi-Fi, Chipset, FPV system, GPS, App and SDK. As part of the presentation, we will discuss the architecture of one of the most famous and popular consumer drone product: the DJI Phantom 3. This model will be used to demonstrate each aspect of discovered security vulnerabilities, together with recommendations and mitigations.
A special focus will be on the recent changes and countermeasures DJI has applied to the firmware of its products in order to harden the security, following the recent accusations and the US Army ban. While the topic of hacking drones by faking GPS signals has been shared before at major security conferences in the past, this talk will extend these aspects to include geo-fencing and no fly zones abuses.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.hacktivity
linkcabin aims to discuss the journey of reverse engineering a pub quiz machine, to a point of emulation. By reverse engineering the software, lessons have been learnt in implementation of security, limits in 'security by obscurity' software solutions and how complex actual machines which involve betting are. After reverse engineering parts of the machine, and coming from a threat intelligence background, it becomes clear how similar software and malware developers minds really are for functionality.
While still developing software for an archaic operating system, much like critical infrastructure around the world, it becomes hard to balance both security and functionality.
Zoltán Balázs - Ethereum Smart Contract Hacking Explained like I’m Fivehacktivity
Mining. Ethereum. Smart Contracts. Gas. Solidity. DAO. These words had no or a different meaning 5 years ago. But now these are the foundations of something exciting and powerful. But with great power comes great responsibility. Designing and implementing Smart Contracts are like encryption protocols. Everyone can come up with one which looks secure from the developer’s perspective, but only a few can design and implement one which is really safe.
But how can one hack Smart Contracts? In order to understand this, I will explain the meaning of all of these words in the Ethereum world from the ground-ups with real life analogies. Once the basic building blocks are explained, I will guide you into the world of hacking Smart Contracts. After attending this presentation, everyone will understand how a recursive call can burn 250M USD on the DAO and how developers can create a parallel universe where this never happened. Reinit? Multi-signature wallets? The Parity hack? All of this is simple once the basics are founded.
Warning: case studies from recent real-life hacks and live interaction with Smart Contracts are included. And Cryptokitties. Meow.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
2. |
Problem statement
We need a feed of fresh ransomware!
Fresh – from last week or month
But how?
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 2
NotPetya
3. |
Solution Concept
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 3
Old ransomware Feed of new files
Method
Fresh ransomware
4. |
Solution Concept
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 4
Search corpus Feed of new files
Method
Similar samples
5. |
Solution Concept
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 5
YARA rules Feed of new files
YARA rule matching
Fresh samples
Bad automatic
generation
Slow (0.015 s)
6. |
Solution Concept
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 6
Old ransomware Feed of new files
Method
Fresh ransomware
7. |
Solution Concept
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 7
Old ransomware Feed of new files
Method
Fresh ransomware
+ database
malware
8. |
Solution Concept
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 8
Old ransomware Feed of new files
Method
Fresh ransomware
+ database
malware
9. |
Solution Concept
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 9
Old ransomware Feed of new files
Method
Fresh ransomware
+ database
LSH
malware
10. |
Locality Sensitive Hashing
Examples for Locality Sensitive Hashing and their usage for malware similarity checking 10
What is Locality Sensitive Hashing?
–similar data –> ˝similar hash˝
–„aims to maximize the probability of a
collision for similar items”
–Distance can be calculated between two
digests (hashes)
–Similar files (hashes) are ˝close˝ to each
other, others are ˝far˝
11. |
Locality Sensitive Hashing
11
SSDEEP
–Context Triggered Piecewise Hashing
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
12. |
Locality Sensitive Hashing
12
SSDEEP
–Context Triggered Piecewise Hashing
SDHASH
–Statistically improbable features
TLSH
–TrendMicro Locality Sensitive Hash
–5-grams –> statistics –> hash
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
13. |
SSDEEP
13
o r h a n d s o f g o l
da r e a l w a y s c o l
d
,
F
o r l a n d s o f g o l
da r e a l w a y s c o l
d
,
F
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
14. |
Locality Sensitive Hashing
14
Reasons:
– Small data to store
– Fast automatic generation
– Fast comparison
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
YARA SSDEEP TLSH
0.015s 0.003s 0.002s
SSDEEP TLSH
0.100s 0.037s
YARA SSDEEP TLSH
Whole binary <110 bytes 70 bytes
15. |
Locality Sensitive Hashing
15
Reasons:
– Small data to store
– Fast automatic generation
– Fast comparison
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
YARA SSDEEP TLSH
0.015s 0.003s 0.002s
SSDEEP TLSH
0.100s 0.037s
YARA SSDEEP TLSH
Whole binary <110 bytes 70 bytes
But are they applicable?
16. |
Testing LSH on a small dataset
16
Dataset:
–34681 real binaries
–NOT classified
Clustering algorithms:
–1. simple – if two samples are ˝close˝ they
belong to the same group
–2. k-medoids – k group centers
–3. if similar to at least a few group members
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
17. |
Testing LSH on a small dataset
17
Results:
–(evaluation by hand)
–Samples in the same group are similar
–SDHASH is not applicable
–SSDEEP score (˝closeness˝) is badly scaled
»0 - 100 (mismatch - perfect match)
–Similar samples in different groups
– TLSH appears to be the best for this application
»With threshold = 70
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
18. |
Search SSDEEP
18
Original sample (GandCrabV4.X):
Similars:
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
19. |
Search SSDEEP
19
Original sample (GandCrabV4.X):
Similars:
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
20. |
Search SSDEEP
20
Original sample (GandCrabV4.X):
Similars:
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
21. |
Search SSDEEP
21
Original sample (GandCrabV4.X):
Similars:
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
22. |
Search TLSH
22
Original sample (Saturn):
Similars:
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
23. |
Search TLSH
23
Original sample (Saturn):
Similars:
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
24. |
Original sample (Saturn):
Similars:
Search TLSH
24Examples for Locality Sensitive Hashing and their usage for malware similarity checking
25. |
Moving on to the database
25
Generate hashes for every sample
–~ 1-2 months
Grouping algorithms use XREF
XREF is not scalable
300000000
2
* 0.002s ~= 2 853 881 y
Search will do
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
26. |
Ransomware corpus & search
26
Currently 477 samples from 15 families
Search currently uses 1 process, 1 thread
Search for similars to 1 sample
–SSDEEP –> ~10-20 minutes (prefix filter)
–TLSH –> ~50 minutes
Search for similars to 477 samples
–SSDEEP –> 14 hours
–TLSH –> 29 hours
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
27. |
Search
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 27
Search corpus Malware database
LSH
Similar samples
28. |
Final Solution
EXAMPLES OF LOCALITY SENSITIVE HASHING AND THEIR USAGE FOR MALWARE CLASSIFICATION 28
Old ransomwares Feed of new files
LSH
Fresh ransomwares
29. |
Future work
29
Parallelization
Widen ransomware corpus
Develop better LSH
Label database
Examples for Locality Sensitive Hashing and their usage for malware similarity checking
