illusoryTLS: Nobody But Us Impersonate, Tamper, Exploit (DeepSEC 2015)a001
Learn how to embed an elliptic-curve asymmetric backdoor into a RSA modulus using Elligator. Find out how the entire TLS security may turn to be fictional, if a single CA certificate with a secretly embedded backdoor enters the certificate store of relying parties. Discover how some entities might have practically explored cryptographic backdoors for intelligence purposes regardless of the policy framework.
illusoryTLS: Nobody But Us Impersonate, Tamper, Exploit (DeepSEC 2015)a001
Learn how to embed an elliptic-curve asymmetric backdoor into a RSA modulus using Elligator. Find out how the entire TLS security may turn to be fictional, if a single CA certificate with a secretly embedded backdoor enters the certificate store of relying parties. Discover how some entities might have practically explored cryptographic backdoors for intelligence purposes regardless of the policy framework.
Windows Phone ASO - App Store OptimizationMika Levo
Windows Phone application store optimization (ASO) by http://levotation.com. Summary of different ASO activities to be done for your Windows Phone application when launching it in Windows Phone Store.
For more information see our website at: www.levotation.com
Need optimization for your Windows Phone app? Please send email to: info@levotation.com
Future-proofing maritime ports against emerging cyber-physical threatsSteven SIM Kok Leong
First presented at Cybersecurity for Maritime Summit 2017 in Oct 2017. Subsequently presented at Temasek Polytechnic ISACA Day in Nov 2017. Audience comprises of cybersecurity professionals in the maritime sector and also cybersecurity students who are keen to learn more about cybersecurity considerations in a shipping port environment.
Hardware Trojans, a relatively unheard threat viz-a-viz the typical software based malwares and virus attacks ,that keep befalling across is being realized gradually by the IT security domain including the users, the IT Security guys and the corporate sector who all of a sudden recognize the immense threat they might already be living in with. A distinctive dormant Hardware Trojan threat can be so flagitious that the victim doesn’t even know if he is effectuated when he might already be. Hardware Trojans are evolving threats that can shake the roots of any set and constituted government or corporate giant for that matter. Unlike Software virus/malware threats, Hardware Trojans are persistent in nature ie once infected in an IC, the threat remains and cannot be removed even once detected. The presentation i plan to run will bring out the over view of these threats including classifications, mechanisms they work on,few case studies and the current set of countermeasures being researched upon.
IoT exploitation: from memory corruption to code execution by Marco RomanoCodemotion
#Codemotion Rome 2018 - Attraverso un "IoT pentester's diary", analizzeremo i passaggi chiave di un penetration test su una IP webcam, che ci porterà dall'analisi delle superfici di attacco, all'individuazione di una vulnerabilità reale. Un'introduzione all'exploitation, per spostarci dall'overflow di un buffer all'esecuzione remota di codice.
IoT exploitation: from memory corruption to code execution - Marco Romano - C...Codemotion
Attraverso un "IoT pentester's diary", analizzeremo i passaggi chiave di un penetration test su una IP webcam, che ci porterà dall'analisi delle superfici di attacco, all'individuazione di una vulnerabilità reale. Un'introduzione all'exploitation, per spostarci dall'overflow di un buffer all'esecuzione remota di codice.
The goal of the talk is to demonstrate how technical vulnerabilities in the IT components can be used to bypass industrial and functional safety features and create cable melting or blackout conditions. Few (fixed) vulnerabilities in Relay Protection terminals discovered by the SCADA StrangeLove team will be discussed.
Windows Phone ASO - App Store OptimizationMika Levo
Windows Phone application store optimization (ASO) by http://levotation.com. Summary of different ASO activities to be done for your Windows Phone application when launching it in Windows Phone Store.
For more information see our website at: www.levotation.com
Need optimization for your Windows Phone app? Please send email to: info@levotation.com
Future-proofing maritime ports against emerging cyber-physical threatsSteven SIM Kok Leong
First presented at Cybersecurity for Maritime Summit 2017 in Oct 2017. Subsequently presented at Temasek Polytechnic ISACA Day in Nov 2017. Audience comprises of cybersecurity professionals in the maritime sector and also cybersecurity students who are keen to learn more about cybersecurity considerations in a shipping port environment.
Hardware Trojans, a relatively unheard threat viz-a-viz the typical software based malwares and virus attacks ,that keep befalling across is being realized gradually by the IT security domain including the users, the IT Security guys and the corporate sector who all of a sudden recognize the immense threat they might already be living in with. A distinctive dormant Hardware Trojan threat can be so flagitious that the victim doesn’t even know if he is effectuated when he might already be. Hardware Trojans are evolving threats that can shake the roots of any set and constituted government or corporate giant for that matter. Unlike Software virus/malware threats, Hardware Trojans are persistent in nature ie once infected in an IC, the threat remains and cannot be removed even once detected. The presentation i plan to run will bring out the over view of these threats including classifications, mechanisms they work on,few case studies and the current set of countermeasures being researched upon.
IoT exploitation: from memory corruption to code execution by Marco RomanoCodemotion
#Codemotion Rome 2018 - Attraverso un "IoT pentester's diary", analizzeremo i passaggi chiave di un penetration test su una IP webcam, che ci porterà dall'analisi delle superfici di attacco, all'individuazione di una vulnerabilità reale. Un'introduzione all'exploitation, per spostarci dall'overflow di un buffer all'esecuzione remota di codice.
IoT exploitation: from memory corruption to code execution - Marco Romano - C...Codemotion
Attraverso un "IoT pentester's diary", analizzeremo i passaggi chiave di un penetration test su una IP webcam, che ci porterà dall'analisi delle superfici di attacco, all'individuazione di una vulnerabilità reale. Un'introduzione all'exploitation, per spostarci dall'overflow di un buffer all'esecuzione remota di codice.
The goal of the talk is to demonstrate how technical vulnerabilities in the IT components can be used to bypass industrial and functional safety features and create cable melting or blackout conditions. Few (fixed) vulnerabilities in Relay Protection terminals discovered by the SCADA StrangeLove team will be discussed.
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
This presentation will deconstruct the skyjacking vulnerability - explaining why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.
You say SCADA, I say … mainframes. There are some remarkable - and scary - parallels between the worlds of SCADA ICS and mainframes. Each system is critical to our lives. Their worlds are insular, proprietary, and seemingly shut-off to everyone else. Except for when they aren’t. Extrapolate the future of security for mainframes based on the challenges and failures of SCADA ICS as it has evolved from sequestered to connected. SCADA serves as a cautionary tale for securing mainframes against acts of God, nature and man in this scenario of a Stuxnet for Mainframes.
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
By Andy Wingo.
Refreshing your Twitter feed is such a drag over 3G, taking forever to connect and fetch those precious kilobytes. The reasons for this go deep into the architecture of the internet: making an HTTPS connection simply has terrible latency.
So let’s fix the internet! MinimaLT is an exciting new network protocol that connects faster than TCP, is more secure than TLS (crypto by DJ Bernstein), and allows mobile devices to keep connections open as they change IP addresses. This talk presents the MinimaLT protocol and a Node library that allows JS hackers to experimentally build a new Internet.
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
White hat defense systems continue to improve on supervised learning sets using machine and deep learning neural networks to defend against an exploding attack surface. Zombies that require commands from botnet herders are becoming intelligent, capable of their own decisions as we saw with Hajime in 2017. Swarm intelligence can be used to enhance these networks. What can we do to defend?
Learning Objectives:
1: Learn about the current state of black hat automation/AI practices.
2: Understand the next stage of black hat swarm intelligence hive networks
3: Gain insight into practical defense approaches using white hat automation and AI.
(Source: RSA Conference USA 2018)
The next generation ethernet gangster (part 2)Jeff Green
Today Extreme can be more aggressive, with confidence in knowing we can compete with anyone in the market. As the #1 market alternative, there are three critical reasons for including Extreme in your technology considerations: our end-to-end portfolio, our fabric, and our customer service. We are moving Extreme from a reactive, tactical vendor to a pro-active, strategic partner. When Extreme gets a seat at the table, and we bring our unique “sizzle,” we are the customer’s choice. Our customer retention rate is unmatched in the industry, according to Gartner.
Jeff Green
Extreme Networks
jgreen@extremenetworks.com
Mobile (772) 925-2345
https://prezi.com/view/BFLC71PVkoYVKBOffPAv/
Similar to Cyberattacks on a marine context (NATO Congress 2011) (20)
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Communications Mining Series - Zero to Hero - Session 1
Cyberattacks on a marine context (NATO Congress 2011)
1. A.P.T.
Cyberattacks
on a marine context
Gutiérrez A.
Corredera L.E.
2. Goal of the talk
Identification of potential security flaws on a
marine context using the most recent asset-
oriented hacking techniques.
Potential scenarios pirates could pursue targeting a vessel:
1- Compromised communications.
2- Malfunctioning/Sabotage of PLC systems
3- GPS precise fleet position discovering
3. Key concept
A.P.T. (Advanced Persistant Threat): Refers to a group with
both the capability and the intent to persistently and effectively target a
specific entity.
Advanced: Intelligence-gathering techniques
Persistent: Not opportunistic
Threat: Capability and Intent
4. Are sea pirates an A.P.T.?
Persistent: Hijacking from early 90s.
Threat: 53 ships on 2010
But...could they become
Advanced?
5. Are sea pirates an A.P.T.?
Persistent: Hijacking from early 90s.
Threat: 53 ships on 2010
But...could they become
Advanced?
6. Are sea pirates an A.P.T.?
Persistent: Hijacking from early 90s.
Threat: 53 ships on 2010
But...could they become
Advanced?
7. Cyberattacks makes them Advanced
Intelligence-gathering: Information Systems Intrusion
Communications interception: Fake base station techniques
Satellite Imaging: Google Maps, Bing...
8. Classic Cyberattacks: IP oriented
Every device connected to the Internet has an IP address
Basic steps of a “classical” Hacker (Not Persistent)
IP ranges scan for listening services
Target Characterization
Investigate vulnerabilities and exploits
9. New Cyberattacks: Asset oriented
Asset oriented search engine.
Basic steps of a “Persistent” Hacker (Addressed to a certain target)
Search for a concrete target in Shodan: e.g. Router Model
Find exploit in Shodan
So much faster and straightforward technique!
10. DEMO: Quick hacking session
Search for USAL assets: hostname:usal.es
Find vulnerable ones. (But be nice to them :)
http://www.shodanhq.com
19. Communications interception
By Tsaitgaist [see http://commons.wikimedia.org/wiki/File
%3AGsm_structures.svg for license], via Wikimedia Commons
20. Communications interception
By Tsaitgaist [see http://commons.wikimedia.org/wiki/File
%3AGsm_structures.svg for license], via Wikimedia Commons
21. Communications interception
By Tsaitgaist [see http://commons.wikimedia.org/wiki/File
%3AGsm_structures.svg for license], via Wikimedia Commons
22. Communications interception
A5/x No real time. Look up tables
Needs saved CUDA/GPUs Very costly
Cryptoanalysis transmission.
Fake base Micro BTS
Close to the target Freq.inhibitor for 3G Less than 10k€
station openBSC, openBTS
Cellphone Close to the target Motorola C123,155
baseband No GPRS by now
OsMoComBB Less than 13$!!!
modification Experimental
30. Sabotage
Stuxnet Very sophisticated. 4 Zero-days
Deeply targeted at vulnerabilities. Extremely
(Infects PLCs PLCs. 2 stolen digital expensive
from FieldPGs) Spionage certificates.
Needs a infection
ScadaTrojans pathway to install a
Inspired by Stuxnet
(Infects PLCs but “Low cost”
client side modified Cheaper
from SCADAs) file.
3 Zero-days.
40. Intelligence gathering
Internet connection.
Depends on
Asset oriented Computer.
manufacturer’s
Classic hacking Extremely cheap
hacking security
tools.
41. DEMO: Quick assets oriented search session
Membrane Biological Reactor, Merchant Vessels, Worldwide
Control system solution comprises: Siemens S7-300 PLC with MP
HMI and S7-200 PLC based control systems and networking for the
water treatment systems.
Search for Maritime related assets:
Zynetix MaritimeGSM, S7-300, advantech
http://www.shodanhq.com
42. Conclusions
Pirates should be considered an APT.
They could virtually use Cyberattacks to hijack vessels
more easily.
Complex Cyberattacks are more and more affordable.
A ship may become practically speaking an Internet
node with all its risks (should be managed).
Let’s be in the look out!