Cyber security is one of the most challenging topics in the current era. Cyber attacks are becoming day by day more sophisticated and difficult to be detected by automated systems. People who understand cyber threats and act to block cyber attacks are defined as cyber analysts. But what do they really do? What difficulties do they meet and what background should they have before starting the "neverending" "cyber security" learning path? Why is not enough an automated system? Marco will talk about real experiences on the cyber analyst field.
ISIS (Now OSIRIS) Lab at NYU Tandon school hosts weekly sessions for young hackers. They excelled at developing this talent. This week I gave a talk discussing where vulnerabilities occur, how people handle them as well as a deep dive into various technical aspects of the Application Binary Interface (ABI) for the XNU derived kernels. The deep dive also included covering the loading mechanisms for Mach-O though the kernel and DYLD.
For the second part, I did a walk through which is recorded on youtube (https://www.youtube.com/watch?v=yg9svg9xE8g). It is about how we can use GCC to help you write assembly for your shellcode. It is especially useful for complex logic and for getting you bootstrapped on architectures you might not be familiar with. We use GCC to build up concise code for executing a system call. Just be aware that using GCC for this purpose will usually be enough to buildup ~90% of the work, you'd be responsible to shape it into something that meets all the requirements of your exploit.
At the end, there is a challenge given. It is to build shellcode which downloads and loads a dylib into a process without touch disk. There is a template on github (https://github.com/nologic/shellcc) for downloading and loading from disk.
Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017Codemotion
There has been a surge in the development of virtual reality applications with the production of easily accessible and sophisticated VR devices such as Oculus Rift, HTC Vive and Samsung Gear. Frameworks like A-Frame developed by the MozVR team combined with cheap alternatives such as Google Cardboard allows the developers to leverage the power of the web. The attendees of this talk would learn about the WebVR API, using A-Frame to build virtual worlds, creating virtual worlds for modern content display (such as reddit posts, news feeds, Instagram photos) as well as game development.
°Road to Invader - La nostra storia e come siamo diventati una Software House. Dall'incontro in Giappone con Capcom alla decisione di intraprendere lo sviluppo di una nostra IP. ° Daymare: 1998 - Descrizione del progetto e delle sfide che accompagnano lo sviluppo di un titolo del genere.
Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...Codemotion
Virtual Reality is an undoubtedly ideal storytelling platform, whichever the story. After starting with the very first VR comic in the world, "Magnetique", a GearVR exclusive, we'll focus on telling virtual reality stories without resorting to 360° videos. Drawing techniques, stereoscopic coding, sequential art tips and tricks. And more. Our times allow for a unique opportunity to tell old stories, anew.
Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...Codemotion
Mostrare come il game audio è a tutti gli effetti una professionalità che unisce ad aspetti artistico creativi, forti competenze tecnico informatiche. L'audio designer può a tutti gli effetti considerarsi un ingegnere del suono, che applica modelli, regole e metodi rigorosi per ottenere il risultato. Tutto questo all'interno del ciclo di produzione, integrandosi con grafici, designer e programmatori
Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...Codemotion
Continuiamo il viaggio iniziato lo scorso anno nel magico mondo della moderna programmazione del Commodore 64. La scena italiana e romana è molto attiva. Dopo una brevissima introduzione sugli sprite in generale, il mitico Andrea Pompili, autore dello sparattutto Catalypse pubblicato da Genias nel 1992, ci spiegherà la tecnica dello sprite multiplexing, utilizzata per superare il noto limite degli 8 sprite contemporanei a schermo, applicata al suo gioco.
Anche per te "Open Source" = "qualcuno ha già fatto il lavoro al posto mio, e per di più gratis"? Ottimo, allora sei nel posto giusto e con l'approccio giusto! In questo talk, attraverso tanti episodi di vita vissuta come utente, contributor e maintainer, discuteremo di come trarre una serie di altri vantaggi da questo magico mondo, di come approcciarsi alle community e, perché no, anche delle gioie e dei dolori che ti aspettano se decidi di saltare la staccionata e di rendere (veramente) open il tuo codice.
Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...Codemotion
Today UI frameworks for the web are embracing the concept of “components”. But what does a component-focused architecture really mean? In this talk we’ll dive into the theory behind component-based UIs and what it means for the future of user interfaces on the web. At the conclusion of this talk, attendees will have an understanding of what makes component-based architectures distinct, and why such an approach might be the ideal solution for building web-based UIs.
ISIS (Now OSIRIS) Lab at NYU Tandon school hosts weekly sessions for young hackers. They excelled at developing this talent. This week I gave a talk discussing where vulnerabilities occur, how people handle them as well as a deep dive into various technical aspects of the Application Binary Interface (ABI) for the XNU derived kernels. The deep dive also included covering the loading mechanisms for Mach-O though the kernel and DYLD.
For the second part, I did a walk through which is recorded on youtube (https://www.youtube.com/watch?v=yg9svg9xE8g). It is about how we can use GCC to help you write assembly for your shellcode. It is especially useful for complex logic and for getting you bootstrapped on architectures you might not be familiar with. We use GCC to build up concise code for executing a system call. Just be aware that using GCC for this purpose will usually be enough to buildup ~90% of the work, you'd be responsible to shape it into something that meets all the requirements of your exploit.
At the end, there is a challenge given. It is to build shellcode which downloads and loads a dylib into a process without touch disk. There is a template on github (https://github.com/nologic/shellcc) for downloading and loading from disk.
Web Based Virtual Reality - Tanay Pant - Codemotion Rome 2017Codemotion
There has been a surge in the development of virtual reality applications with the production of easily accessible and sophisticated VR devices such as Oculus Rift, HTC Vive and Samsung Gear. Frameworks like A-Frame developed by the MozVR team combined with cheap alternatives such as Google Cardboard allows the developers to leverage the power of the web. The attendees of this talk would learn about the WebVR API, using A-Frame to build virtual worlds, creating virtual worlds for modern content display (such as reddit posts, news feeds, Instagram photos) as well as game development.
°Road to Invader - La nostra storia e come siamo diventati una Software House. Dall'incontro in Giappone con Capcom alla decisione di intraprendere lo sviluppo di una nostra IP. ° Daymare: 1998 - Descrizione del progetto e delle sfide che accompagnano lo sviluppo di un titolo del genere.
Comics and immersive storytelling in Virtual Reality - Fabio Corrirossi - Cod...Codemotion
Virtual Reality is an undoubtedly ideal storytelling platform, whichever the story. After starting with the very first VR comic in the world, "Magnetique", a GearVR exclusive, we'll focus on telling virtual reality stories without resorting to 360° videos. Drawing techniques, stereoscopic coding, sequential art tips and tricks. And more. Our times allow for a unique opportunity to tell old stories, anew.
Il game audio come processo ingegneristico - Davide Pensato - Codemotion Rome...Codemotion
Mostrare come il game audio è a tutti gli effetti una professionalità che unisce ad aspetti artistico creativi, forti competenze tecnico informatiche. L'audio designer può a tutti gli effetti considerarsi un ingegnere del suono, che applica modelli, regole e metodi rigorosi per ottenere il risultato. Tutto questo all'interno del ciclo di produzione, integrandosi con grafici, designer e programmatori
Commodore 64 Mon Amour(2): sprite multiplexing. Il caso Catalypse e altre sto...Codemotion
Continuiamo il viaggio iniziato lo scorso anno nel magico mondo della moderna programmazione del Commodore 64. La scena italiana e romana è molto attiva. Dopo una brevissima introduzione sugli sprite in generale, il mitico Andrea Pompili, autore dello sparattutto Catalypse pubblicato da Genias nel 1992, ci spiegherà la tecnica dello sprite multiplexing, utilizzata per superare il noto limite degli 8 sprite contemporanei a schermo, applicata al suo gioco.
Anche per te "Open Source" = "qualcuno ha già fatto il lavoro al posto mio, e per di più gratis"? Ottimo, allora sei nel posto giusto e con l'approccio giusto! In questo talk, attraverso tanti episodi di vita vissuta come utente, contributor e maintainer, discuteremo di come trarre una serie di altri vantaggi da questo magico mondo, di come approcciarsi alle community e, perché no, anche delle gioie e dei dolori che ti aspettano se decidi di saltare la staccionata e di rendere (veramente) open il tuo codice.
Component-Based UI Architectures for the Web - Andrew Rota - Codemotion Rome...Codemotion
Today UI frameworks for the web are embracing the concept of “components”. But what does a component-focused architecture really mean? In this talk we’ll dive into the theory behind component-based UIs and what it means for the future of user interfaces on the web. At the conclusion of this talk, attendees will have an understanding of what makes component-based architectures distinct, and why such an approach might be the ideal solution for building web-based UIs.
Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017Codemotion
Una delle caratteristiche salienti di Unreal Engine 4 e' la possibilita' di essere programmato attraverso un linguaggio visuale a nodi denominato 'Blueprint'. Per molti programmatori si tratta di una vera e propria eresia, secondo Epic e' un ottimo modo per permettere agli artisti e i designer di iniziare a prototipizzare le loro creazioni. E' davvero cosi' ? Si puo' costruire un gioco utilizzando solo le Blueprint senza aver bisogno di un monitor da 2000 pollici? Le Blueprint possono davvero essere usate da un artista senza basi di programmazione?
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Codemotion
L’Application Economy obbliga l’IT a correre alla stessa velocità del business. Nel contempo l’entrata in vigore di nuove stringenti normative in ambito sicurezza impone l’adeguamento del Software Delivery LifeCycle affinché queste possano essere implementate e testate già dalle fasi iniziale dello sviluppo, ottimizzando i tempi di delivery e minimizzando il time to market.
Thinking Functionally - John Stevenson - Codemotion Rome 2017Codemotion
The rise in AI, machine learning & data lakes is driving greater use of Functional Programming, so how well do you know the concepts? We will discuss immutable data, functional composition, polymorphism, higher-order functions, pattern matching & recursion. These concepts helps the developer create performant, complex system with simple building blocks, using parallelism to make applications & services more scalable. Using Clojure as live code examples, you will understand the important functional concepts & patterns that you can apply to your own preferred languages.
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...Codemotion
Possiamo scrivere metodi asincroni anche in Java e con Spring, anche senza dover usare le ultime versioni della JVM o del framework. Si parlerà di thread bloccati e altri stati del thread. Le interfacce Executor della JDK ci aiutano a gestire le chiamate asincrone; vedremo come vengono implementate in Spring. Ci saranno esempi di configurazioni XML e con annotations. Si parlerà di callback hell e di come evitarlo usando la Completable Future.
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017Codemotion
Today’s applications are expected to provide powerful full-text search. But how does that work in general and how do I implement it on my site or in my application? Actually, this is not as hard as it sounds at first. This talk covers: * How full-text search works in general and what the differences to databases are. * How the score or quality of a search result is calculated. * How to implement this with Elasticsearch. Attendees will learn how to add common search patterns to their applications without breaking a sweat.
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...Codemotion
In a world of connected devices it is really important to be prepared receiving and managing a huge amount of messages. In this context what is making the real difference is the backend that has to be able to handle safely every request in real time. In this talk we will show how the broad spectrum of highly scalable services makes Google Cloud Platform the perfect habitat for such as workloads.
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017Codemotion
Nuovi modelli di sicurezza in ambienti multi-cloud. Ridefinizione del concetto di Front-End. Nuovi approcci alle tematiche di sicurezza in scenari magmatici.
Xamarin.Forms is a framework for building cross-platform applications that share most of the UI codebase among the UWP, iOS and Android platforms. Due to the higher level of abstraction compared to Xamarin.Native, Xamarin.Forms applications may suffer from memory leaks and slow rendering times at the expense of the final user experience. In the session, we will explore the mechanisms used by Xamarin.Forms to translate abstract UI components into native ones, highlight with demos what are the main bottlenecks met by developer, how to solve them and get close to native performances.
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017Codemotion
Docker is all the rage these days and you are told all the time you need to use Docker to host your applications. But what is Docker and why has it become such a hot topic? Why is Microsoft updating Windows 2016 so be a Docker container host? What does using Docker mean for your application architecture or can you just take any application and host it using Docker? In this session Maurice de Beijer will explain the history of Docker as well as explain how you could use it with your applications. He will also explain what else, besides Docker, you will need to add to your architecture.
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...Codemotion
Vast volume of our processed data is Time Series data and once you start working with distributed systems, you start tackling many scale and performance problems: How to handle missing data?Should I handle both serving and backed process or separating them out? Best Performance for Money? In the talk we will tell the tale of all of the transformations we’ve made to our data model@Windward, some of the problems we’ve handled, review the multiple data persistency layers like: S3, MongoDB, Apache Cassandra, MySQL. And I’ll try my best NOT to answer the question “Which one of them is the Best?"
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017Codemotion
This talk will examine the tools, methods and data behind the DDoS attacks that are prevalent in the news headlines. Using information collected, I will demonstrate what the attackers are using to cause their mischief and mayhem and examine the timeline and progression of attackers as they move from the historical page defacers to the motivated DDoS attacker. I will look at the motivations and rationale that they have and try to share some sort of understanding as to what patterns to be aware of for their own protection.
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017Codemotion
L’ecosistema degli orchestratori di container è in rapido movimento, una galassia di piattaforme e framework. Come si fa a scegliere quello giusto per le vostre esigenze? Vediamo tutti gli orchestratori in commercio, con i loro pro e contro: DC/OS, Kubernetes, Docker e anche quelli meno famosi ma saranno promesse, e anche le dinamiche e le scelte fatte.
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017Codemotion
Apache Ignite is a high-performance, integrated and distributed in-memory platform for computing and transacting on large-scale data sets in real-time, orders of magnitude faster than possible with traditional disk-based or flash technologies.
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...Codemotion
So you’ve already containerized the shit out of your code, broken down monoliths, microserviced the hell out of your app and have run some awesome workloads in your local, dev and test environments. It’s all looking good, but now what? Running Docker commands is one thing, but maintaining containers in production is a whole other ballgame. So, during this talk, I’ll show you the REAL wild world of Docker in production. With the added benefit of talking to and observing how over 900 of our customers have been using Docker in production.
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...Codemotion
Once you start working with Big Data systems, you discover a whole bunch of problems you won’t find in monolithic systems. Monitoring all of the components becomes a big data problem itself. In the talk, we’ll mention all of the aspects that you should take into consideration when monitoring a distributed system using tools like Web Services, Spark, Cassandra, MongoDB, AWS. Not only the tools, what should you monitor about the actual data that flows in the system? We’ll cover the simplest solution with your day to day open source tools, the surprising thing, that it comes not from an Ops Guy.
If you implement a microservice architecture correctly, you will end up with a proliferation of different microservices; with multiple instances of each one for redundancy. Find out how you to get microservices to automatically discover each other, share a configuration with real-time updates. See how to eliminate server management altogether with "serverless" microservice frameworks.
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...Codemotion
Most React-Redux applications store the work in progress as is in a database. It is fine to treat objects like this in a small application. But this is not optimal when applications are complex. Prefer the CQRS design pattern for more complex applications. Combining this with Event-Sourcing is an even more powerful solution. Event-Sourcing ensures that every action is stored as a separate domain event. These domain events are the CQRS write model. These events also project into a secondary database. This projection builds the CQRS read model for the application.
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...Codemotion
There is no denying that machine learning is rapidly reshaping the technological horizon, fueled by increasing availability of data, computing power, and software (e.g., TensorFlow). Classical ML techniques are becoming a common tool for the everyday programmer, at the same time that sophisticated deep learning models are fueling driverless cars, advanced AI players, and more. This talk will survey the ways in which ML is impacting the programming world, as we try to answer the following questions: are we truly witnessing a new AI resurgence? If yes, what should any developer be aware of?
I just hacked your app! - Marcos Placona - Codemotion Rome 2017Codemotion
Android security is nowhere near where it should be. I have been able to hack and get sensitive information from a few different apps and I’m just an amateur hacker at best. It’s easy to forget mobile devices aren’t as safe as we think they are. In this session we will explore a number of ways an Android app can be exploited and methods we can use to avoid these attacks. We will finish by looking at common techniques that will help you protect sensitive information within your application by adding tampering detection and making sure every external communication request is made securely.
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Codemotion
Cyber security is one of the most challenging topic in the current era. Cyber attacks are becoming day by day more sophisticated and difficult to be detected by automated systems. People who understand cyber threats and act to block cyber attacks are defined as cyber analysts. But what do they really do ? What dificulties do they meet and what background should they have before starting the "neverending" "cyber security" learning path ? Why is not enough an automated system ? Marco will talk about real experiences on the cyber analyst field.
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]OpenSlidesArchive
Presented by Olivier Cleynen at the 24th Chaos Communication Congress, Berlin, December 2007.
http://events.ccc.de/congress/2007/Fahrplan/events/2290.en.html
http://youtube.com/watch?v=rVHBFqvTPoM
http://lanyrd.com/scgyqf
Unreal Engine 4 Blueprints: Odio e amore Roberto De Ioris - Codemotion Rome 2017Codemotion
Una delle caratteristiche salienti di Unreal Engine 4 e' la possibilita' di essere programmato attraverso un linguaggio visuale a nodi denominato 'Blueprint'. Per molti programmatori si tratta di una vera e propria eresia, secondo Epic e' un ottimo modo per permettere agli artisti e i designer di iniziare a prototipizzare le loro creazioni. E' davvero cosi' ? Si puo' costruire un gioco utilizzando solo le Blueprint senza aver bisogno di un monitor da 2000 pollici? Le Blueprint possono davvero essere usate da un artista senza basi di programmazione?
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Codemotion
L’Application Economy obbliga l’IT a correre alla stessa velocità del business. Nel contempo l’entrata in vigore di nuove stringenti normative in ambito sicurezza impone l’adeguamento del Software Delivery LifeCycle affinché queste possano essere implementate e testate già dalle fasi iniziale dello sviluppo, ottimizzando i tempi di delivery e minimizzando il time to market.
Thinking Functionally - John Stevenson - Codemotion Rome 2017Codemotion
The rise in AI, machine learning & data lakes is driving greater use of Functional Programming, so how well do you know the concepts? We will discuss immutable data, functional composition, polymorphism, higher-order functions, pattern matching & recursion. These concepts helps the developer create performant, complex system with simple building blocks, using parallelism to make applications & services more scalable. Using Clojure as live code examples, you will understand the important functional concepts & patterns that you can apply to your own preferred languages.
Meetup Code Garden Roma e Java User Group Roma: metodi asincroni con Spring -...Codemotion
Possiamo scrivere metodi asincroni anche in Java e con Spring, anche senza dover usare le ultime versioni della JVM o del framework. Si parlerà di thread bloccati e altri stati del thread. Le interfacce Executor della JDK ci aiutano a gestire le chiamate asincrone; vedremo come vengono implementate in Spring. Ci saranno esempi di configurazioni XML e con annotations. Si parlerà di callback hell e di come evitarlo usando la Completable Future.
Full-Text Search Explained - Philipp Krenn - Codemotion Rome 2017Codemotion
Today’s applications are expected to provide powerful full-text search. But how does that work in general and how do I implement it on my site or in my application? Actually, this is not as hard as it sounds at first. This talk covers: * How full-text search works in general and what the differences to databases are. * How the score or quality of a search result is calculated. * How to implement this with Elasticsearch. Attendees will learn how to add common search patterns to their applications without breaking a sweat.
Handle insane devices traffic using Google Cloud Platform - Andrea Ulisse - C...Codemotion
In a world of connected devices it is really important to be prepared receiving and managing a huge amount of messages. In this context what is making the real difference is the backend that has to be able to handle safely every request in real time. In this talk we will show how the broad spectrum of highly scalable services makes Google Cloud Platform the perfect habitat for such as workloads.
Cyber Security in Multi Cloud Architecture - Luca Di Bari - Codemotion Rome 2017Codemotion
Nuovi modelli di sicurezza in ambienti multi-cloud. Ridefinizione del concetto di Front-End. Nuovi approcci alle tematiche di sicurezza in scenari magmatici.
Xamarin.Forms is a framework for building cross-platform applications that share most of the UI codebase among the UWP, iOS and Android platforms. Due to the higher level of abstraction compared to Xamarin.Native, Xamarin.Forms applications may suffer from memory leaks and slow rendering times at the expense of the final user experience. In the session, we will explore the mechanisms used by Xamarin.Forms to translate abstract UI components into native ones, highlight with demos what are the main bottlenecks met by developer, how to solve them and get close to native performances.
The busy developer guide to Docker - Maurice de Beijer - Codemotion Rome 2017Codemotion
Docker is all the rage these days and you are told all the time you need to use Docker to host your applications. But what is Docker and why has it become such a hot topic? Why is Microsoft updating Windows 2016 so be a Docker container host? What does using Docker mean for your application architecture or can you just take any application and host it using Docker? In this session Maurice de Beijer will explain the history of Docker as well as explain how you could use it with your applications. He will also explain what else, besides Docker, you will need to add to your architecture.
S3, Cassandra or Outer Space? Dumping Time Series Data using Spark - Demi Be...Codemotion
Vast volume of our processed data is Time Series data and once you start working with distributed systems, you start tackling many scale and performance problems: How to handle missing data?Should I handle both serving and backed process or separating them out? Best Performance for Money? In the talk we will tell the tale of all of the transformations we’ve made to our data model@Windward, some of the problems we’ve handled, review the multiple data persistency layers like: S3, MongoDB, Apache Cassandra, MySQL. And I’ll try my best NOT to answer the question “Which one of them is the Best?"
Barbarians at the Gate(way) - Dave Lewis - Codemotion Rome 2017Codemotion
This talk will examine the tools, methods and data behind the DDoS attacks that are prevalent in the news headlines. Using information collected, I will demonstrate what the attackers are using to cause their mischief and mayhem and examine the timeline and progression of attackers as they move from the historical page defacers to the motivated DDoS attacker. I will look at the motivations and rationale that they have and try to share some sort of understanding as to what patterns to be aware of for their own protection.
Container orchestration: the cold war - Giulio De Donato - Codemotion Rome 2017Codemotion
L’ecosistema degli orchestratori di container è in rapido movimento, una galassia di piattaforme e framework. Come si fa a scegliere quello giusto per le vostre esigenze? Vediamo tutti gli orchestratori in commercio, con i loro pro e contro: DC/OS, Kubernetes, Docker e anche quelli meno famosi ma saranno promesse, e anche le dinamiche e le scelte fatte.
An Introduction to Apache Ignite - Mandhir Gidda - Codemotion Rome 2017Codemotion
Apache Ignite is a high-performance, integrated and distributed in-memory platform for computing and transacting on large-scale data sets in real-time, orders of magnitude faster than possible with traditional disk-based or flash technologies.
Docker Inside/Out: the ‘real’ real-world of stacking containers in production...Codemotion
So you’ve already containerized the shit out of your code, broken down monoliths, microserviced the hell out of your app and have run some awesome workloads in your local, dev and test environments. It’s all looking good, but now what? Running Docker commands is one thing, but maintaining containers in production is a whole other ballgame. So, during this talk, I’ll show you the REAL wild world of Docker in production. With the added benefit of talking to and observing how over 900 of our customers have been using Docker in production.
Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...Codemotion
Once you start working with Big Data systems, you discover a whole bunch of problems you won’t find in monolithic systems. Monitoring all of the components becomes a big data problem itself. In the talk, we’ll mention all of the aspects that you should take into consideration when monitoring a distributed system using tools like Web Services, Spark, Cassandra, MongoDB, AWS. Not only the tools, what should you monitor about the actual data that flows in the system? We’ll cover the simplest solution with your day to day open source tools, the surprising thing, that it comes not from an Ops Guy.
If you implement a microservice architecture correctly, you will end up with a proliferation of different microservices; with multiple instances of each one for redundancy. Find out how you to get microservices to automatically discover each other, share a configuration with real-time updates. See how to eliminate server management altogether with "serverless" microservice frameworks.
Event-Sourcing your React-Redux applications - Maurice de Beijer - Codemotion...Codemotion
Most React-Redux applications store the work in progress as is in a database. It is fine to treat objects like this in a small application. But this is not optimal when applications are complex. Prefer the CQRS design pattern for more complex applications. Combining this with Event-Sourcing is an even more powerful solution. Event-Sourcing ensures that every action is stored as a separate domain event. These domain events are the CQRS write model. These events also project into a secondary database. This projection builds the CQRS read model for the application.
From a Developer's POV: is Machine Learning Reshaping the World? - Simone Sca...Codemotion
There is no denying that machine learning is rapidly reshaping the technological horizon, fueled by increasing availability of data, computing power, and software (e.g., TensorFlow). Classical ML techniques are becoming a common tool for the everyday programmer, at the same time that sophisticated deep learning models are fueling driverless cars, advanced AI players, and more. This talk will survey the ways in which ML is impacting the programming world, as we try to answer the following questions: are we truly witnessing a new AI resurgence? If yes, what should any developer be aware of?
I just hacked your app! - Marcos Placona - Codemotion Rome 2017Codemotion
Android security is nowhere near where it should be. I have been able to hack and get sensitive information from a few different apps and I’m just an amateur hacker at best. It’s easy to forget mobile devices aren’t as safe as we think they are. In this session we will explore a number of ways an Android app can be exploited and methods we can use to avoid these attacks. We will finish by looking at common techniques that will help you protect sensitive information within your application by adding tampering detection and making sure every external communication request is made securely.
Cyber Analysts: who they are, what they do, where they are - Marco Ramilli - ...Codemotion
Cyber security is one of the most challenging topic in the current era. Cyber attacks are becoming day by day more sophisticated and difficult to be detected by automated systems. People who understand cyber threats and act to block cyber attacks are defined as cyber analysts. But what do they really do ? What dificulties do they meet and what background should they have before starting the "neverending" "cyber security" learning path ? Why is not enough an automated system ? Marco will talk about real experiences on the cyber analyst field.
Olivier Cleynen: Overtaking Proprietary Software Without Writing Code [24c3]OpenSlidesArchive
Presented by Olivier Cleynen at the 24th Chaos Communication Congress, Berlin, December 2007.
http://events.ccc.de/congress/2007/Fahrplan/events/2290.en.html
http://youtube.com/watch?v=rVHBFqvTPoM
http://lanyrd.com/scgyqf
Malware's Most Wanted: How to tell BADware from adwareCyphort
How do you effectively deal with the ever-increasing amount of adware? Adware is annoying, but not all are created equal. At this MMW we look at growing landscape of adware and malware. We will discuss tools to give you behavior insights and ways to reveal the context of adware as it relates to your business.
Presentation by Haroon Meer at IDC in 2006.
The presentation begins with a discussion on google hacking. There is a brief discussion on Kernel-rootkits. The presentation ends with a discussion
on web application hacking.
Brick all the internet of things!(with notes)Jimmy Shah
Recently someone released a worm on the Internet that targeted IoT devices. In the past similar worms turned your Internet connected cameras and DVRs into nodes in a massive botnet. This time it used the same entry points into your devices to brick them. The better to prevent them from possibly being turned into weapons of mass denial of service.
We'll cover why that's a Bad Idea. And what are more constructive ways to get IoT/Internet-enabled embedded device manufacturers and vulnerability researchers to sit down at the same table.
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...CODE BLUE
With the emergence of IoT, which stands for Internet of Things, our daily life is being convenient more than ever. IoT market today grow continuously. To manage a plethora of IoT devices at once, it is changing to the way to control all IoT devices easily and conveniently, rather than operating IoT devices independently. Since the IoT Hub can control the connected IoT devices, it is at high risk for serious damage such as malicious control by an attacker, privacy invasion, leakage of personal information in case of security breaches.
We will present the overall process of exploitation in IoT hub from acquiring root shells to analyzing the multiple IoT Hub firmware for showing how we derive the vulnerabilities. We made a data flow diagram(called as DFD) through the network packet analysis, firmware analysis, security threats we defined, and vulnerabilities. Subsequently, We will also discuss the vulnerabilities found in recently commercialized IoT Hub, and introduce the critical threats that could be derived from the vulnerabilities.
Finally we will show the live demonstration of the full-chain exploitation scenarios in smart home such as “opening door lock, sniffing password and Eavesdropping through the device's microphone control”. By doing so, we will contribute improvement of the security of IoT Network and smart home with the awareness of the threats of IoT Hub.
HITB2013AMS Defenting the enterprise, a russian way!F _
This presentation was delivered at HITB 2013 Amsterdam as a lab session of enterprise defensive techniques and covers range of aspects from picking drive by download attacks to targeted mails.
We are delighted to have Gary Miliefsky on our second Hacker Hotshot of 2013! Gary is the Editor of Cyber Defense Magazine, which he recently founded after years of being a cover story author and regular contributor to Hakin9 Magazine. In partnership with UMASS, he started the Cyber Defense Test Labs to perform independent lab reviews of next generation information security products. Gary is also the founder of NetClarity, Inc., which is the world's first next generation agentless, non-inline network access control (NAC) and bring your own device (BYOD) management appliances vendor based on a patented technology which he invented.
BSidesSF 2016 - A year in the wild: fighting malware at the corporate levelJakub "Kuba" Sendor
From the moment of the threat detection, first response throughout the analysis, and the final resolution, we make sure that we can catch as many incidents as possible and properly sanitize the environment so that the potential problems are cut short. All this in an automated and orchestrated fashion, eliminating the manual repetition as much as possible thanks to the in-house built tools like AIR (Automated Incident Response), OSXCollector (Mac OS X forensics collection) and ElastAlert (alerting out of Elasticsearch). We also complement the pipeline with some available open source tools, like osquery and other proprietary threat detection technologies. This adds up to a balanced ecosystem that helps us leverage the current assets, learn about the potential problems quickly and respond to them in a timely fashion.
Skynet? Really? How close are we to self aware, self replicating machines? In this fun session learn some of what computers can do and what they can’t. You think you know. You may be surprised.
The emerging focus on Cognitive computing, general AI, Computer Vision, Internet of Things, etc. signpost the way to new opportunities and new challenges for computers and humans alike. We decided to see how far we could get in building our own version of an all powerful controlling entity.
In this session we’ll cover how we did it, what we learned and answer those important questions like: “Can we build a Skynet yet?”, “Can my computer be my best friend?”, ”Will I ever able to program without a keyboard?”, ”Can a computer read my mind?” and the all important “will drones be able to deliver beer at the right temperature?”
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
APTs are known to use advanced Techniques, Tactics, and Procedures (TTP), including advanced malware design with protection layers, sandboxing evasion, and lateral movement inside penetrated networks to seek out high value targets. In this webinar, Nick Bilogorskiy of Cyphort Labs will review various lateral movement techniques and methods used by advanced threats in the past. He will look at some APT samples, e.g. Shamoon, in detail to show the specific steps in the lateral movement by the malware. Understanding the lateral movement of APT should help security defenders to better select and implement protection solutions.
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
Increased complexity makes it very hard and time-consuming to keep your software bug-free and secure. We introduce fuzz-testing as a method for automatically and continuously discovering vulnerabilities hidden in your code. The talk will explain how fuzzing works and how to integrate fuzz-testing into your Software Development Life Cycle to increase your code’s security.
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
It was 1993 when we decided to venture in a beat'em up game for Amiga. The Catalypse's success story pushed me and my comrade to create something astonishing for this incredible game machine... but things went harder, assumptions were slightly different, and italian competitors appeared out of nowhere... the project died in 1996. Story ended? Probably not...
Il Commodore 65 è un prototipo di personal computer che Commodore avrebbe dovuto mettere in commercio quale successore del Commodore 64. Purtroppo la sua realizzazione si fermò appunto allo stadio prototipale. Racconterò l'affascinante storia del suo sviluppo ed il perchè della soppressione del progetto ormai ad un passo dalla immissione in commercio.
Rivivere l'ebbrezza di progettare un vecchio computer o una consolle da bar è oggi possibile sfruttando le FPGA, ovvero logiche programmabili che consentono a chiunque di progettare il proprio hardware o di ricrearne uno del passato. In questa sessione si racconta come dal reverse engineering dell'hardware di vecchie glorie come il Commodore 64 e lo ZX Spectrum sia stato possibile farle rivivere attraverso tecnologie oggi alla portata di tutti.
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Codemotion
There's a lot of talk about blockchain, but how does the technology behind it actually work? For developers, getting some hands-on experience is the fastest way to get familiair with new technologies. So let's build a blockchain, then! In this session, we're going to build one in plain old Java, and have it working in 40 minutes. We'll cover key concepts of a blockchain: transactions, blocks, mining, proof-of-work, and reaching consensus in the blockchain network. After this session, you'll have a better understanding of core aspects of blockchain technology.
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Codemotion
When was the last time you were truly lost? Thanks to the maps and location technology in our phones, a whole generation has now grown up in a world where getting lost is truly a thing of the past. Location technology goes far beyond maps in the palm of our hand, however. In this talk, we will explore how a ridesharing app works. How do we discover our destination?How do we find the closest driver? How do we display this information on a map? How do we find the best route?To answer these questions,we will be learning about a variety of location APIs, including Maps, Positioning, Geocoding etc.
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Codemotion
Eward Driehuis, SecureLink's research chief, will guide you through the bumpy ride we call the cyber threat landscape. As the industry has over a decade of experience of dealing with increasingly sophisticated attacks, you might be surprised to hear more attacks slip through the cracks than ever. From analyzing 20.000 of them in 2018, backed by a quarter of a million security events and over ten trillion data points, Eward will outline why this happens, how attacks are changing, and why it doesn't matter how neatly or securely you code.
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Codemotion
IoT revolution is ended. Thanks to hardware improvement, building an intelligent ecosystem is easier than never before for both startups and large-scale enterprises. The real challenge is now to connect, process, store and analyze data: in the cloud, but also, at the edge. We’ll give a quick look on frameworks that aggregate dispersed devices data into a single global optimized system allowing to improve operational efficiency, to predict maintenance, to track asset in real-time, to secure cloud-connected devices and much more.
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Codemotion
What if Virtual Reality glasses could transform your environment into a three-dimensional work of art in realtime in the style of a painting from Van Gogh? One of the many interesting developments in the field of Deep Learning is the so called "Style Transfer". It describes a possibility to create a patchwork (or pastiche) from two images. While one of these images defines the the artistic style of the result picture, the other one is used for extracting the image content. A team from TNG Technology Consulting managed to build an AI showcase using OpenCV and Tensorflow to realize such goggles.
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Codemotion
Blockchain (and Cryptocurrency) is an evolution of 20-year old research from scientists like Chaum, Lamport, and Castro & Liskov. Due to the current hype, it's hard to distinguish beneficial aspects of the technology from a desire for a "silver bullet" for device security, verifiable logistics, or "saving democracy". The problem: blockchain introduces new security challenges - and blind adoption without understanding reduces overall security. In this talk, Melanie Rieback and Klaus Kursawe explain the pitfalls and limits of blockchain, so you can avoid making your applications LESS secure.
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Codemotion
Networking is a core part of computing in the digital world we inhabit. But, how well do you know how it works? Do you understand all the moving parts of the OSI stack inside your computer, and how the network is actually put together? How can this ever work? This guided safari of layers, standards, protocols, and happenstance will bring us close to the copper wire, and up through the layers of CDMA/CD, ARP, routing and HTTP. We will make a few excursions through patchworks that still work forty years later, and cleverly designed mechanisms that show that simplicity is the only way to last.
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Codemotion
Performance tests are not only an important instrument for understanding a system and its runtime environment. It is also essential in order to check stability and scalability – non-functional requirements that might be decisive for success. But won't my cloud hosting service scale for me as long as I can afford it? Yes, but… It only operates and scales resources. It won't automatically make your system fast, stable and scalable. This talk shows how such and comparable questions can be clarified with performance tests and how DevOps teams benefit from regular test practise.
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Codemotion
Sascha will demonstrate the opportunities and challenges of Conversational AI learned from the practice. Both Technology and User Experience will be covered introducing a process finding micro-moments, writing happy paths, gathering intents, designing the conversational flow, and finally publishing on almost all channels including Voice Services and Chatbots. Valuable for enterprises, developers, and designers. All live on stage in just minutes and with almost no code.
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Codemotion
A key challenge we face at Pacmed is quickly calibrating and deploying our tools for clinical decision support in different hospitals, where data formats may vary greatly. Using Intensive Care Units as a case study, I’ll delve into our scalable Python pipeline, which leverages Pandas’ split-apply-combine approach to perform complex feature engineering and automatic quality checks on large time-varying data, e.g. vital signs. I’ll show how we use the resulting flexible and interpretable dataframes to quickly (re)train our models to predict mortality, discharge, and medical complications.
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Codemotion
Coolblue is a proud Dutch company, with a large internal development department; one that truly takes CI/CD to heart. Empowerment through automation is at the heart of these development teams, and with more than 1000 deployments a day, we think it's working out quite well. In this session, Pat Hermens (a Development Managers) will step you through what enables us to move so quickly, which tools we use, and most importantly, the mindset that is required to enable development teams to deliver at such a rapid pace.
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...Codemotion
Quantum computers can use all of the possible pathways generated by quantum decisions to solve problems that will forever remain intractable to classical compute power. As the mega players vie for quantum supremacy and Rigetti announces its $1M "quantum advantage" prize, we live in exciting times. IBM-Q and Microsoft Q# are two ways you can learn to program quantum computers so that you're ready when the quantum revolution comes. I'll demonstrate some quantum solutions to problems that will forever be out of reach of classical, including organic chemistry and large number factorisation.
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Codemotion
Chinese food exploded across America in the early 20th century, rapidly adapting to local tastes while also spreading like wildfire. How was it able to spread so fast? The GY6 is a family of scooter engines that has achieved near total ubiquity in Europe. It is reliable and cheap to manufacture, and it's made in factories across China. How are these factories able to remain afloat? Chinese-American food and the GY6 are both riveting studies in product-market fit, and both are the product of a distributed open source-like development model. What lessons can we learn for open source software?
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Codemotion
The design space has exploded in size within the last few years and Sketch is one of the most important milestones to represent the phenomenon. But behind the scenes of this growing reality there is a remote team that revolutionizes the design space all without leaving the home office. This talk will present how Sketch has grown to become a modern, product designer's tool.
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Codemotion
Would you fly in a plane designed by a craftsman or would you prefer your aircraft to be designed by engineers? We are learning that science and empiricism works in software development, maybe now is the time to redefine what “Software Engineering” really means. Software isn't bridge-building, it is not car or aircraft development either, but then neither is Chemical Engineering. Engineering is different in different disciplines. Maybe it is time for us to begin thinking about retrieving the term "Software Engineering" maybe it is time to define what our "Engineering" discipline should be.
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Codemotion
What is the job of a CTO and how does it change as a startup grows in size and scale? As a CTO, where should you spend your focus? As an engineer aspiring to be a CTO, what skills should you pursue? In this inspiring and personal talk, I describe my journey from early Red Hat engineer to CTO at Bloomon. I will share my view on what it means to be a CTO, and ultimately answer the question: Should the CTO be coding?
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
4. Profilo aziendale YOROI
Today’s Host
● PhD in Bologna Joint UCDavis
○ Cyber Security, Penetration Testing US Voting Machines
○ Books and Publications
● NIST
○ OEVT
○ Penetration Testing methodologies to help US Democracy
● Palantir
○ Product Company
○ Intelligence Company
● Yoroi
○ One of the most extraordinary cyber security company founded
in Europe (Hakin9)
5. Profilo aziendale YOROI
Who they are!
Nowadays is not a trivial topic:
● Deep Learning Machines
● Cognitive Computing
● Machine Learning Algorithms
● Neural Networks
Undermine the Human side of Cyber Security Analysis.
But could that technology really take off the human side of this job ?
6. Profilo aziendale YOROI
Who they are!
Dark Avenger Mutation Algorithm (1993)
It could produce some decryptor cases
that appeared only in about 5% or less
of all cases. However, the engine had a
couple of minor limitations that were
enough to detect the virus reliably
using an instruction size disassembler
and a state machine. In fact, there is
only one constant byte in an MtE
decryptor, the 0x75 (JNZ), which is
followed by a negative offset—and
even that is placed at a variable
location (at the end of the decryptor,
whose length is not constant).
7. Profilo aziendale YOROI
Who they are!
Super Simple Malware Evasion Technique.
Credits: https://www.exploit-db.com/34591
8. Profilo aziendale YOROI
Who they are!
Red Pill Approach
credits: A fistful of red-pills: How to
automatically generate procedures to
detect CPU emulators
10. Profilo aziendale YOROI
What they do!
● Day 1, Morning. A new event from Yoroi Defence Center saying a
server is performing weird network requests.
● Day 1, Afternoon. A VMWare image is sent to Cyber Analyst email
box
he’ gotta run !
11. Profilo aziendale YOROI
What they do!
Apport -> Intercepts crashes right when they happen the first time, gathers system information and send back to
developers stack traces and useful infos to fixt the crash
package-data-downloader -> used by software installers such as dpkg and apt.
19. Profilo aziendale YOROI
What they do!
Ok, we’ve got password exfiltration every crash dump and every
software update and machine control since ssh is available.
But how they trigger persistence on a server ?
Maybe attackers trigger crashes from
outside ?
21. Profilo aziendale YOROI
What they do!
Ok, we know pretty much a lot of things about the intrusion even how
they get persistence...
But why the user reported a “strange
behavior” ?
Maybe attackers needed such a server as
pivot server ?
Oh..Oh !!
22. Profilo aziendale YOROI
What they do!
Here we go !
A nice SEH BOverflow on Windows
We need to asks for
another server Image
….. :D
Ok not today...
23. Profilo aziendale YOROI
What they do!
It was a quite original way to
penetrate a system… is it a new
fancy opportunistic way ?
30. Profilo aziendale YOROI
Where they are!
● Unfortunately there is not a full learning path to become Cyber
Security Analyst so far.
● There are a lot of classes on:
○ Reverse Engineer
○ Firmware Analyses
○ Forensic Analyses
○ Penetration Testing
○ Vulnerability Assessments
○ Secure Policy Assessment
○ . . . . .
● But a Cyber Security Analyst should be able to perform each of
these actions + human interactions + strategic thinking +
organization chart knowledge + problem solving