On July of 2015, Italian cybersecurity solutions vendor "HackingTeam" was breached and more than 400 gigabytes of HackingTeam's most sensitive data leaked to the internet. Security researchers Amit Serper and Alex Frazer from Cybereason were one of the first to study the datadump and to publish information about. The research was quoted in several tech news sites such as Ars Technica. The research was also published in Hebrew in the DigitalWhisper e-zine, On the cybereason blog as an e-book (in english) and on public free lectures in Tel-aviv by the researchers themselves. The following slide deck is from that lecture.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
Recorded Webcast: https://logrhythm.com/resources/webcasts/activated-charcoal-making-sense-of-endpoint-data/
Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you can highlight trends, find flaws and resolve issues.
This Presentation was given at Black Hat 2016 and, recently, an SC Magazine Webcast, covering the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.
This session will provide insight into highly disruptive breaches that MANDIANT investigated over the past year. It describes how threat actors have destroyed system infrastructure and taken companies offline for weeks. The threat actors are split into two categories for this talk and focused on the SHAMOON cases. I will also talk about highlights from Incident Response cases of 2017. Financially motivated vs Non Financially motivated. I will talk about how recent attacks with SHAMOON differ - their motives compared to financially motivated threat actors. Highlights from a couple of 2017 IRs - Overview of TTPs of the important State Sponsored Attacks seen in 2017.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches.
In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
Recorded Webcast: https://logrhythm.com/resources/webcasts/activated-charcoal-making-sense-of-endpoint-data/
Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you can highlight trends, find flaws and resolve issues.
This Presentation was given at Black Hat 2016 and, recently, an SC Magazine Webcast, covering the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.
This session will provide insight into highly disruptive breaches that MANDIANT investigated over the past year. It describes how threat actors have destroyed system infrastructure and taken companies offline for weeks. The threat actors are split into two categories for this talk and focused on the SHAMOON cases. I will also talk about highlights from Incident Response cases of 2017. Financially motivated vs Non Financially motivated. I will talk about how recent attacks with SHAMOON differ - their motives compared to financially motivated threat actors. Highlights from a couple of 2017 IRs - Overview of TTPs of the important State Sponsored Attacks seen in 2017.
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
Hijacking Softwares for fun and profitNipun Jaswal
Presentation for my talk at Global Infosec Summit, LPU (11 Nov 2017). The Presentation demonstrates risk of using outdated and cracked software. Additionally, demonstrates the hand-on approach to finding DLL search order hijacking vulnerabilities. The Presentation is for educational purposes only.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...CODE BLUE
DeepExploit is fully automated penetration testing tool using Deep Reinforcement Learning. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint. DeepExploit’s key features are the following:
1) Efficiently execute exploit:
DeepExploit can execute exploits at pinpoint (minimum 1 attempt).
2) Deep penetration:
If DeepExploit succeeds the exploit to the target server (=compromised server) with in the perimeter network, then it executes the exploit to internal servers via compromised server.
3) Self-learning:
DeepExploit can learn how to exploitation by itself.
By using our DeepExploit, you will benefit from the following:
For penetration testers:
(a) They can greatly improve the test efficiency;
(b) The more penetration testers use DeepExploit, DeepExploit learns how to method of exploitation using Deep Reinforcement learning. As a result, accuracy of test can be improved.
For Information Security Officers:
(c) They can quickly identify vulnerabilities of own servers. As a result, prevent that attackers attack to your servers using vulnerabilities, and protect your reputation by avoiding the negative media coverage after breach.
Because attack methods to servers are evolving day by day, there is no guarantee that yesterday’s security countermeasures are safety today. It is necessary to quickly find vulnerabilities and take countermeasures. DeepExploit will contribute greatly to maintaining your safety.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
Thotcon Presentation by John Bambenek on how some security solutions are leaking sensitive data to the internet making it easy to spy on individuals and companies without breaking any laws.
Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar with attendees over 200. Meet m e at FB if u want it fb/nipun.jaswal
Drupal, WordPress, and Joomla are very popular Content Management Systems (CMS) that have been widely adopted by government agencies, major businesses, social networks, and more — underscoring why understanding how these systems work and properly securing these applications is of the utmost importance. This talk focuses on the penetration tester’s perspective of CMS’ and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists- all of which are open-source and can be downloaded and implemented following the presentation.
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...Imperva Incapsula
Mondrian, MySQL, Mongo, Casandra, Lucene. You name it, we tried it. As a startup looking for cost-efficient and scalable solutions to power our event processing and statistics backend, we gave almost every Big Data technology out there a go. What we learned from these experiences is that doing it yourself is better than using plug-and-play black box solutions.
This presentation details the building of Incapsula’s Big Data system as a case study, examining the requirements and the different evolutionary phases it went through before becoming what it is today.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported.
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
Today’s advanced threats and targeted attacks necessitate the collection, analysis and use of threat intelligence for effective cyber security. What was once the realm of government organizations is now something that all organizations should be focusing on, but few know where to start.
Join Gavin Reid, Lancope’s Vice President of Threat Intelligence, for a complimentary webinar to learn the ins and outs of threat intelligence and best practices for incorporating it into your security strategy. Topics covered will include:
What threat intelligence is
Best practices for developing a threat intelligence function
Common pitfalls to avoid when setting up a threat intelligence practice
How threat intelligence fits into the other components of an enterprise security strategy
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
Hijacking Softwares for fun and profitNipun Jaswal
Presentation for my talk at Global Infosec Summit, LPU (11 Nov 2017). The Presentation demonstrates risk of using outdated and cracked software. Additionally, demonstrates the hand-on approach to finding DLL search order hijacking vulnerabilities. The Presentation is for educational purposes only.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...CODE BLUE
DeepExploit is fully automated penetration testing tool using Deep Reinforcement Learning. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint. DeepExploit’s key features are the following:
1) Efficiently execute exploit:
DeepExploit can execute exploits at pinpoint (minimum 1 attempt).
2) Deep penetration:
If DeepExploit succeeds the exploit to the target server (=compromised server) with in the perimeter network, then it executes the exploit to internal servers via compromised server.
3) Self-learning:
DeepExploit can learn how to exploitation by itself.
By using our DeepExploit, you will benefit from the following:
For penetration testers:
(a) They can greatly improve the test efficiency;
(b) The more penetration testers use DeepExploit, DeepExploit learns how to method of exploitation using Deep Reinforcement learning. As a result, accuracy of test can be improved.
For Information Security Officers:
(c) They can quickly identify vulnerabilities of own servers. As a result, prevent that attackers attack to your servers using vulnerabilities, and protect your reputation by avoiding the negative media coverage after breach.
Because attack methods to servers are evolving day by day, there is no guarantee that yesterday’s security countermeasures are safety today. It is necessary to quickly find vulnerabilities and take countermeasures. DeepExploit will contribute greatly to maintaining your safety.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
Thotcon Presentation by John Bambenek on how some security solutions are leaking sensitive data to the internet making it easy to spy on individuals and companies without breaking any laws.
Presentation on topics beyond the conventional ethical hacking , discusses job factors and scope in the security field :) this was presented in LPU (Lovely Professional University) as a Seminar with attendees over 200. Meet m e at FB if u want it fb/nipun.jaswal
Drupal, WordPress, and Joomla are very popular Content Management Systems (CMS) that have been widely adopted by government agencies, major businesses, social networks, and more — underscoring why understanding how these systems work and properly securing these applications is of the utmost importance. This talk focuses on the penetration tester’s perspective of CMS’ and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists- all of which are open-source and can be downloaded and implemented following the presentation.
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...Imperva Incapsula
Mondrian, MySQL, Mongo, Casandra, Lucene. You name it, we tried it. As a startup looking for cost-efficient and scalable solutions to power our event processing and statistics backend, we gave almost every Big Data technology out there a go. What we learned from these experiences is that doing it yourself is better than using plug-and-play black box solutions.
This presentation details the building of Incapsula’s Big Data system as a case study, examining the requirements and the different evolutionary phases it went through before becoming what it is today.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported.
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
Today’s advanced threats and targeted attacks necessitate the collection, analysis and use of threat intelligence for effective cyber security. What was once the realm of government organizations is now something that all organizations should be focusing on, but few know where to start.
Join Gavin Reid, Lancope’s Vice President of Threat Intelligence, for a complimentary webinar to learn the ins and outs of threat intelligence and best practices for incorporating it into your security strategy. Topics covered will include:
What threat intelligence is
Best practices for developing a threat intelligence function
Common pitfalls to avoid when setting up a threat intelligence practice
How threat intelligence fits into the other components of an enterprise security strategy
Understanding and Hardening the Attack Surface at the Edge (GPSTEC402) - AWS ...Amazon Web Services
IoT devices often reside in environments where many people can access them. Join us to learn what you can do to protect the data and credentials on IoT devices when they are in the field and understand common attack vectors for IoT devices. Hear from our APN partner Zymbit on how their hardware-based security components can be integrated with AWS Greengrass and AWS IoT.
Advanced Authentication: Past, Present, and FutureSecureAuth
Channel Systems and SecureAuth have teamed up to discuss and educate you about how the advent of cloud and mobile applications has changed the way we should think about authentication.
Advanced Authentication topics include:
Pre-authentication Risk Analysis
Geo-fencing
Attribute Exchange
www.secureauth.com
Life of a Code Change to a Tier 1 Service - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- How Amazon's software development teams release code changes
- Cultural and operational continuous delivery best practices
- About AWS Developer Tools used to implement CI/CD
Splunk Conf 2013 September 30-October 3 & Splunklive Denver.
Monitoring for the big "T". Learn how Ping Identity manages, deploys and monitors it's hybrid cloud SaaS applications using best of breed solutions. Tools and people create T = r + t, our philosophy for transparency and reliability.
The threat model for IoT devices is very different from the threat model for cloud applications. Customers must understand what these threats are, prioritize them effectively, and navigate the growing ecosystem of partners that give customers tools to build secure IoT solutions. We showcase how to leverage partner solutions to mitigate threats, explain how to avoid common pitfalls, and make it clear that all IoT solutions must incorporate end-to-end security from the start. We begin with the steps to take in the manufacturing process, how to provision and authenticate devices in the field, and we cover solutions that can help customers comply with IT requirements in the maintenance phase of the product lifecycle.
IoT Microcontrollers and Getting Started with Amazon FreeRTOS (IOT338-R1) - A...Amazon Web Services
Come explore the challenges of embedded development, and learn to use Amazon FreeRTOS to solve these challenges. We cover differentiated features, such as tickless mode for low power consumption and the ecosystem of tools available for development, test, and debug. We also discuss use cases and their choice of microcontroller architecture.
With mega-breaches like Anthem, OPM, IRS, Ashley Madison, UCLA Health and TalkTalk all within the past 12 months, chances are your data has been targeted. What does this mean for 2016?
Review this presentation and learn:
• Why cyber attacks continue to increase in sophistication, magnitude and velocity
• What trends will have the largest and smallest impact on cyber security in 2016
• Why cloud-based apps and the Internet of Things have transformed cyber security
• How you can protect your organization from attacks from the inside
In this report, we demonstrate a new type of attack we call “Man in the Cloud” (MITC). These MITC attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, we show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures.
Since most organizations either allow their users to use file synchronization services, or even rely on these services as part of their business toolbox, we think that MITC attacks will become prevalent in the wild. As a result, we encourage enterprises to shift the focus of their security effort from preventing infections and endpoint protection to securing their business data and applications at the source.
Monkeys & Lemurs and Locusts Oh My - Anti-Fragile Platforms (Sean Keery, Pivotal) - Is the idea of a midnight meltdown keeping you up at night? Are the four levels of HA built into Cloud Foundry enough to put you at ease? Sean Keery will examine how leveraging a combination of exploratory testing practices, in concert with regular load and performance experiments, can simultaneously increase uptime and decrease release cycle times. He will demonstrate how operators can reduce platform risk by regularly injecting failure scenarios into BOSH deployed systems. Demonstrations of the Simian Army, Chaos Lemur and Locust.io tools will be presented. Sean will go beyond reliability, stability and availability to help your platform operations team build a continuous process improvement program which will prepare your production systems for the unexpected.
Best practices for privileged access & secrets management in the cloud - DEM0...Amazon Web Services
In this session, you learn from real-world scenarios related to privileged access security in cloud environments. Experts from TOTVS and CyberArk provide insights from lessons learned while securing commercial SaaS applications, cloud infrastructure, and internal applications deployed in the cloud. Topics covered include privilege and cloud scenarios (e.g., human access models, support for automation, proactive controls, and programmatic deployment), as well as best practices and augmentation of existing security controls for privilege and secrets management on the AWS Cloud. We also cover limited use of root accounts, considerations for human administrator access in the cloud, and success with hybrid cloud environments.
Governments have some big cyber security problems to face.
In a time where the global Cyber Crime market hit an estimated $600 Billion and gets its own “As A Service Category,” public sector agencies must find mechanisms to improve their security posture and fill the serious shortage in cyber professionals.
Using guidance from the NIST Cyber Security Framework (CSF), applying principles from the Cyber Kill Chain Framework and leveraging the power and innovation of Serverless technologies, AWS demonstrates the art of the possible in Serverless Cyber Defense.
AWS Serverless technologies help fill the gaps in the skilled cyber professionals able to fight the daily cyber battle. Using intelligent automation of threat management data allows customers to design architectures that are low touch, eliminate CAPEX and can reduce operations and maintenance costs.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
How the hell does one exfiltrate 400 gigs and no one notices?!
There’s not enough public info on that yet
We DO know that Metasploit was used
There are some tweets online about the fact that their servers were unpatched, unencrypted (“Encryption is for wussies”) and accessible from the web
How the hell does one exfiltrates 400 gigs and no one notices?!
Pozzi is a guy who in 2015 saves all of his passwords in a text file while using super complicated passwords.
Alex
Alex
Alex
Alex
Amit
This is the PHP code that extracts the user agent our of the browser
The xp_filter.py file
This script checks if the browser is either chrome or explorer (using php browscap) and serves it the correct flash exploit respectively.
Notice the large file called “news”. News is base64 encoded and AES encrypted with the key inside customerkey.js which is also base64 encoded
This is privesc_filter.py. We can see
Notice the large file called “news”. News is base64 encoded and AES encrypted with the key inside customerkey.js which is also base64 encoded