Deploying privileged access workstations (PAWs) is part of a strategy to limit credential theft and lateral movement in an organization's network. PAWs are hardened administrative workstations designed to isolate privileged accounts and limit the exposure of credentials. An effective PAW strategy involves deploying dedicated hardware for administrators, applying security group policies and logon restrictions, and implementing additional controls like multi-factor authentication and device whitelisting.
For CIOs and CISOs: every user is a privileged user, learn how to deal with.John Wallix
Every user is potentially a privileged user: how to guarantee to give the right access to the right for the right usage ? Learn from Chris Pace, head of Product Marketing at WALLIX and ensure your organization is cyber-secure and compliant with your business regulations and laws that include Privileged Access Management requirements.
Presentation about securing the environment that the Blackboard Learn application runs on. Includes:
* IPS/IDS
* Database Security Recommendations
* Load Balancer
etc.
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
On April 8 Syncsort announced Assure Security, a new product that brings together Syncsort’s best-in-class IBM i security capabilities. Assure Security enables organizations like yours to comply with cybersecurity regulations and strengthen IBM i security through features that assess security vulnerabilities, control access to systems and data, enforce data privacy, and monitor for security incidents and compliance deviations.
View this webcast on-demand to learn all about Assure Security, including:
• How Syncsort’s security brands have come together in Assure Security
• How Assure Security automates security best practices and satisfies regulatory requirements
• How Syncsort can help you control access to IBM i systems and prevent data breaches
For CIOs and CISOs: every user is a privileged user, learn how to deal with.John Wallix
Every user is potentially a privileged user: how to guarantee to give the right access to the right for the right usage ? Learn from Chris Pace, head of Product Marketing at WALLIX and ensure your organization is cyber-secure and compliant with your business regulations and laws that include Privileged Access Management requirements.
Presentation about securing the environment that the Blackboard Learn application runs on. Includes:
* IPS/IDS
* Database Security Recommendations
* Load Balancer
etc.
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
On April 8 Syncsort announced Assure Security, a new product that brings together Syncsort’s best-in-class IBM i security capabilities. Assure Security enables organizations like yours to comply with cybersecurity regulations and strengthen IBM i security through features that assess security vulnerabilities, control access to systems and data, enforce data privacy, and monitor for security incidents and compliance deviations.
View this webcast on-demand to learn all about Assure Security, including:
• How Syncsort’s security brands have come together in Assure Security
• How Assure Security automates security best practices and satisfies regulatory requirements
• How Syncsort can help you control access to IBM i systems and prevent data breaches
Our own UEM solutions engineer Bruce Johnson is teaming up with Microsoft MVP Nathan O’Bryan to help you strengthen your unified endpoint management strategy.
Securing DevOps through Privileged Access ManagementBeyondTrust
In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance.
Key use cases covered include:
• Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another
• Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail
• Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc.
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/
10 Steps to Better Windows Privileged Access ManagementBeyondTrust
In this presentation from his webinar, Derek A. Smith, Founder, National Cybersecurity Education Center, delves into the strategies and techniques attackers use to gain privileged access to systems, and how you can stop them.This presentation covers:
- Privileged Windows accounts
- The importance of managing privileged access in Windows
- How attackers compromise Windows Privileged Accounts
- Challenges PAM can help solve in your Windows environment
- 10 Steps to better Windows privileged access management
You can also watch the full webinar on-demand here: https://www.beyondtrust.com/resources/webinar/10-steps-better-windows-privileged-access-management/
Teramind provides a user-centric security approach to monitor employee behavior. Our software streamlines employee data collection in order to identify suspicious activity, detect possible threats, monitor employee efficiency, and ensure industry compliance. We help reduce security incidents by providing real-time access to user activities by offering alerts, warnings, redirects and user lock-outs to keep your business running as efficiently and secure as possible. Teramind provides both cloud-based and on-premise deployment options to meet your organization’s requirements.
Effective Patch and Software Update ManagementQuest
In this session, industry expert and Penton Tech contributing editor Orin Thomas, offers all the advice you need to create a comprehensive and proactive strategy for implementing patches and updates.
Virtualization: Security and IT Audit PerspectivesJason Chan
A brief overview of server virtualization for information security and audit professionals. I gave earlier versions of this talk at the SV and SF ISACA conferences in 2010, this version is for the UC Compliance and Audit Symposium.
IBM Power Systems servers (AS/400, iSeries) enjoy a reputation as one of the most secure platforms in the data center, and this is reinforced each time IBM enhances the already impressive set of built-in security features.
Unfortunately, many organizations are surprised to learn that IBM i ships in a completely open default state. Addressing this starts with understanding and configuring the supplied operating system controls.
Jeff Uehling of IBM outlines new security functions incorporated into recent editions of IBM i, including:
• New password policy controls
• Encryption
• User profile enhancements
• Field procedures (FieldProc)
• Row and column access control (RCAC)
The Cost of Managing IBM i Without AutomationHelpSystems
Take a fresh look your IBM i investment to identify the areas where automation provides you opportunities for cost control while improving scalability and resource utilization and boosting employee morale.
Our own UEM solutions engineer Bruce Johnson is teaming up with Microsoft MVP Nathan O’Bryan to help you strengthen your unified endpoint management strategy.
Securing DevOps through Privileged Access ManagementBeyondTrust
In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance.
Key use cases covered include:
• Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another
• Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail
• Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc.
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/
10 Steps to Better Windows Privileged Access ManagementBeyondTrust
In this presentation from his webinar, Derek A. Smith, Founder, National Cybersecurity Education Center, delves into the strategies and techniques attackers use to gain privileged access to systems, and how you can stop them.This presentation covers:
- Privileged Windows accounts
- The importance of managing privileged access in Windows
- How attackers compromise Windows Privileged Accounts
- Challenges PAM can help solve in your Windows environment
- 10 Steps to better Windows privileged access management
You can also watch the full webinar on-demand here: https://www.beyondtrust.com/resources/webinar/10-steps-better-windows-privileged-access-management/
Teramind provides a user-centric security approach to monitor employee behavior. Our software streamlines employee data collection in order to identify suspicious activity, detect possible threats, monitor employee efficiency, and ensure industry compliance. We help reduce security incidents by providing real-time access to user activities by offering alerts, warnings, redirects and user lock-outs to keep your business running as efficiently and secure as possible. Teramind provides both cloud-based and on-premise deployment options to meet your organization’s requirements.
Effective Patch and Software Update ManagementQuest
In this session, industry expert and Penton Tech contributing editor Orin Thomas, offers all the advice you need to create a comprehensive and proactive strategy for implementing patches and updates.
Virtualization: Security and IT Audit PerspectivesJason Chan
A brief overview of server virtualization for information security and audit professionals. I gave earlier versions of this talk at the SV and SF ISACA conferences in 2010, this version is for the UC Compliance and Audit Symposium.
IBM Power Systems servers (AS/400, iSeries) enjoy a reputation as one of the most secure platforms in the data center, and this is reinforced each time IBM enhances the already impressive set of built-in security features.
Unfortunately, many organizations are surprised to learn that IBM i ships in a completely open default state. Addressing this starts with understanding and configuring the supplied operating system controls.
Jeff Uehling of IBM outlines new security functions incorporated into recent editions of IBM i, including:
• New password policy controls
• Encryption
• User profile enhancements
• Field procedures (FieldProc)
• Row and column access control (RCAC)
The Cost of Managing IBM i Without AutomationHelpSystems
Take a fresh look your IBM i investment to identify the areas where automation provides you opportunities for cost control while improving scalability and resource utilization and boosting employee morale.
From Linux kernel livepatches to encryption to ASLR to compiler optimizations and configuration hardening, we strive to ensure that Ubuntu 16.04 LTS is the most secure Linux distribution out of the box.
These slides try to briefly explain:
- what we do to secure Ubuntu
- how the underlying technology works
- when the features took effect in Ubuntu
Slide show of the presentation given at Austrochip 2014 about a simple and very reliable PUF.
Physically unclonable constants (PUC) are circuits used to embed unique secret bit-words in chips. We propose a simple PUC, with a complexity comparable with an SRAM cell. The proposed scheme is studied both theoretically and by means of simulations and it is shown that the proposed PUC is both unbiased and very stable. In particular, its intra-distance is predicted to be from 10 to 100 times smaller than competitor schemes. Simulations allow to conclude that the advantages of the proposed scheme are relevant enough to make it competitive even if the actual performance of a real implementation, not considered in this paper, will turn out to be an order of magnitude worse than predicted.
See also
https://doi.org/10.1109/TIFS.2016.2599008
http://ieeexplore.ieee.org/document/7539631/
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
Slide show of the presentation given at Austrochip 2014.
Abstract:
Physically unclonable constants (PUC) are circuits used to embed unique secret bit-words in chips. We propose a simple PUC, with a complexity comparable with an SRAM cell. The proposed scheme is studied both theoretically and by means of simulations and it is shown that the proposed PUC is both unbiased and very stable. In particular, its intra-distance is predicted to be from 10 to 100 times smaller than competitor schemes. Simulations allow to conclude that the advantages of the proposed scheme are relevant enough to make it competitive even if the actual performance of a real implementation, not considered in this paper, will turn out to be an order of magnitude worse than predicted.
See also
http://ieeexplore.ieee.org/document/7539631/
https://doi.org/10.1109/TIFS.2016.2599008
The problem of generating a sequence of true random bits (suitable for cryptographic applications) from random discrete or analog sources is considered. A generalized
version, including Vector Quantization, of the classical approach by Elias for the generation of truly random bits is
introduced, and its performance is analyzed, both in the finite case and asymptotically. The theory allows us to provide an alternative proof of the optimality of the original
Elias’ scheme. We also consider the problem of deriving
random bits from measurements of a Poisson process and
from vectors of iid Gaussian variables. The comparison with
the scheme of Elias, applied to geometric-like non binary
vectors, originally based on the iso-probability property of permutations of iid variables, confirms the potential of the generalized scheme proposed in our work.
Physically Unclonable Constants (PUC) are circuits used to embed unique secret bit-words in chips. We propose a simple PUC, employing two Schottkydiodes in reverse. The difference of the reverse currents of the two diodes is used to charge a capacitance. The charge stops when the two currents become equal. It is shown that this scheme has a single equilibrium point that depends discontinuously from the difference of the two saturation currents. The proposed scheme is studied both theoretically and by means of simulations (0.18 μm technology). It is shown that the proposed PUC is unbiased (inter distance %), very stable (intra distance from 2.8% to 1.5%) and temperature insensitive (only 0.3% of the cells changes output over a military temperature range). Energy required is predicted to be as small as 0.6 pJ/bit.
The recent availability of reliable schemes for physically unclonable constants (PUC) opens interesting possibilities in the field of security. In this paper, we explore the possibility of using PUCs to embed in a chip random permutations to be used, for example, as building blocks in cryptographic constructions such as sponge functions, substitution–permutation networks, and so on. We show that the most difficult part is the generation of random integers using as the only randomness source the bit-string produced by the PUC. In order to solve the integer generation problem, we propose a partial rejection method that allows the designer to trade-off between entropy and efficiency. The results show that the proposed schemes can be implemented with reasonable complexity.
Full paper: "Making random permutations from physically unclonable constants" Bernardini, R. & Rinaldo, R. Int. J. Inf. Secur. (2016). doi:10.1007/s10207-016-0324-2
http://link.springer.com/article/10.1007/s10207-016-0324-2
PHDays '14 Cracking java pseudo random sequences by egorov & soldatovSergey Soldatov
This presentation was delivered at Positive Hack Days '14 in Moscow along with the following demos available on Youtube:
Demo#1: http://www.youtube.com/watch?v=mdOfZMsj4hA
Demo#2: http://www.youtube.com/watch?v=BwXhpjiCTyA
Demo#3: http://www.youtube.com/watch?v=B3EkrmNWeJs
Demo#4: http://www.youtube.com/watch?v=--ZuBUc2F2Y
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
#MFSummit2016 Secure: Is your mainframe less secure than your fileserverMicro Focus
For decades, organisations have relied on the mainframe to be a secure vault holding important data. As our businesses look to utilise this data in new ways to maintain competitive advantage, it’s more important than ever that we know who has access, and how we control it. In this session we’ll explore some of the common mainframe security challenges, and how they can be addressed.
Presenter: Malcolm Trigg, Solution Consultant
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksZoho Corporation
Derek Melber, Technical Evangelist for the AD Solutions team at ManageEngine and one of only 12 Microsoft Group Policy MVPs in the world, from his extensive knowledge in the Windows Active Directory security domain shares practical tips on the various ways to protect a computer / organization from Windows computer / password attacks. Gain strength from the detailed 14 tips and tricks!
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...Identity Days
Une conférence proposée par Xuan Ahehehinnou, Nicolas Bonnet & Hakim Taoussi
Sur les ordinateurs et les serveurs, tout compte utilisateur/ système / de service, avec privilège d’administrateur local présente un très haut niveau de risque.
Ces risques de sécurité pouvant ouvrir la porte à des attaques pass-the-hash et autres vols d’informations d’identification, exécution de malware, mouvement latéral, désactivation des mécanismes de défense comme l’antivirus ou l’EDR, impersonation, chiffrement des données, etc.
Dans cette session, nous vous détaillerons donc les bonnes pratiques ainsi que des outils et fonctionnalités Microsoft comme : LAPS, Endpoint Privilege Management, Account protection
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
Regulatory requirements such as GDPR are
platform agnostic – and who can predict what
further challenges lie ahead? It certainly will not
become any easier. Security for the mainframe
is likely to remain a live issue. If you have a
mainframe then this affects you. Fortunately, the
help is out there. Attend this session to discover
how Micro Focus can secure your mainframe
environment today and into the future.
Social Distance Your IBM i from Cybersecurity RiskPrecisely
The continuous news of personal information stolen from major retailers and financial institutions have driven consumers and regulatory bodies to demand that more action be taken to ensure data protection and privacy. Regulations such as PCI DSS, HIPAA, GDPR, and FISMA require that personal data be protected against unauthorized access using technologies like encryption, tokenization, masking, secure file transfer and more. With all the options available for securing IBM i data at rest and in motion, how do you know where to begin?
Register to get up to speed on the key concepts you need to know about assuring data privacy for your customers, business partners and employees.
Topics will include:
- Protecting data with encryption and the need for strong key management
- Use Cases that are best for tokenization
- Options for permanently deidentifying data
- Securing data in motion across networks
- Complete security solution for IBM I (AS/400)
Заполучили права администратора домена? Игра еще не оконченаPositive Hack Days
Получение прав администратора домена не всегда означает, что сразу появляется доступ ко всем хостам, общим ресурсам или базам данных сети. Хитрость в том, чтобы найти нужный аккаунт. Докладчик приведет примеры различных сценариев внутреннего тестирования на проникновение, расскажет о сложностях, с которыми столкнулась его команда и о том, как разрабатывался инструмент, позволивший справиться с ними.
Enterprise Node - Securing Your EnvironmentKurtis Kemple
Just like any other language, Node is susceptible to vulnerabilities, dependency issues, and other problems that can bring down or prevent you from releasing new versions of your application.
Learn how to safe-guard your environment with things like private registries and vulnerability testing during your CI build in this one-hour lightning talk.
=================================
TOPICS COVERED:
Why is Securing Your Environment Important
• Protects Your Company from Potential Threats
• Improves Confidence in Code and Systems
• Helps You Meet Legal and Organization Restrictions
Securing Your Runtime
• N|Solid - Enterprise Runtime
• Containerization
• Monitoring
Securing Your Dependencies
• Whitelisting Modules
• NSP
Securing Your Applications
• HTTPS ALL THE THINGS
• Encrypt Sensitive Data
=================================
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_F16.shtml
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
The cloud is not an 'All or Nothing' approach with regards to replacing workloads inside your datacenter. Enterprises with existing datacenters can easily extend their Infrastructure into the cloud to seamlessly leverage the benefits of cloud while using the same set of controls familiar to their business. However availability and security still remain among the top two concerns for CIOs when deciding on cloud adoption for their organization.
Amazon Web Services has infrastructure across multiple geographical Regions spanning five continents, with multiple Availability Zones in each Region along with a set of global edge locations. Building a similar infrastructure for high availability with your traditional datacenter would be non-trivial and cost prohibitive. Join this session to understand how you can achieve high availability across geographies, deploy your applications close to your users, control where your data is located, achieve low latency, and migrate your applications around the world in a cost-effective and easy manner using AWS services. You will also learn how AWS builds services in accordance with security best practices, provides appropriate security features in those services, has achieved industry standard certifications, and other third-party attestations. In addition, in line with the shared security model on the cloud, AWS customers must leverage on security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
Nowadays having a proper security configuration is a huge challenge, especially looking at the global hacks and personal data leak incidents that happened in IT a while back. Oracle EBS is not perfect and has lots of vulnerabilities covered by Oracle almost every quarter. A very small percent of Apps DBAs know all the features and options available, and usually, do not go over firewall/reverse proxy layer.
This presentation is going to cover an overview and recommendations of options and security features that are available and can be used out-of-the-box, and some of the non-trivial configurations that can help to keep your Oracle EBS system protected, per our experience.
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
These slides contains my notes on what are the security consideration w.r.t Micro services and Multi Cloud. I am still working on this part. It is just a comprehension of whatever I have studied so far.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
7. HOW TO THINK LIKE AN ATTACKER?
•DSU is a good start
•Learn from Pros - @Twitter is awesome
•Embrace the infosec community
•OffensiveSecurityTraining++
8. ATTACK SCENARIO #1
•Non security conscious org
•Most users running as local admin
•Attack dumps local creds
•Local admin creds are the same on every PC
•Attacker moves laterally, dumps more creds
•Quick path to Domain Admin
9. ATTACK SCENARIO #2
•Somewhat security conscious org
•Most users running as standard
•Attacker needs to escalate privileges
•May abuse misconfigs or find creds on network
•Move laterally until escalation success & dump creds
•Rinse/Lather/Repeat until goal achieved
10. WHY PAWS?
•Scenarios not all encompassing
•Domain Admin may not be end goal
•Attacker tactics revolve around finding/using creds
•Main goal of PAWs – limit this exposure
11. • WINDOWS LOGON TYPES
•Interactive [2]
•Network [3] – No Reusable Credentials
• Net use
• SQL Windows
Authentication
• Powershell Remoting
• Remote Registry
• Other MMC Snap-ins
• WMI / WMIC
• Batch [4]
• Service [5]
• Unlock [7]
• Network Cleartext [8]
• New Credentials [9]
• Remote Interactive [10]
• Cached Interactive [11]
17. LSA SECRETS
•Data only accessible to SYSTEM process
•Credentials are encrypted and stored on disk
•Scheduled tasks
•Computer Account
•Service Accounts
18. LSA SECRETS
•Domain cached credentials – aka password verifiers
•Stored in salted hash format
•Can’t be passed in a Pass-the-Hash attack
•Can be dumped and brute forced
19. CREDENTIAL MANAGER
•Passwords entered manually via Control Panel applet
•Or when user tells Windows to remember password
•Remote Desktop, IE Autocomplete
•Encrypted with key derived from user’s password
•Any program running as that user can access
20. WINDOWS CREDENTIAL & AUTH ISSUES
•Pass-the-Hash Attacks
•NTLM hashes acquired from memory or SAM
•Can be used to authenticate just as Windows does
21. WINDOWS CREDENTIAL & AUTH ISSUES
•Auth via NTLM protocols uses challenge/ response
•NTLMv1 – completely broken
• Attacker can recover hash if traffic can be capture on wire
•NTLMv2 – better but brute force still possible
•Both vulnerable to relay attacks – Use SMB Signing
22. WINDOWS CREDENTIAL & AUTH ISSUES
•Kerberos – Pass-the-Ticket
•Dumped from one computer and loaded on another
•Tickets can be extended by presenting expired TGT
•Other Issues
• Golden/Silver Tickets, etc.
23. WINDOWS CREDENTIAL & AUTH ISSUES
•Windows Access Tokens
•Not well known among defenders
•User logs on, system verifies password
•If password OK, access token is created
•Every process this user runs has copy of token
•Stored in memory, enable single sign-on
24. WINDOWS CREDENTIAL & AUTH ISSUES
•Impersonation Tokens - Non-Interactive Logons
•Can be used to escalate privs, but only good locally
•Delegation Tokens - Interactive Logons
•Attacker can steal more privileged user's token
•Use it on any network accessible system
27. STEALING WINDOWS ACCESS TOKENS
•Incognito – Tool from Luke Jennings
•Presented at Defcon 15 in 2008
•Whitepaper – Security Implications of Windows Access
Tokens – A Penetration Tester’s Guide
https://labs.mwrinfosecurity.com/assets/142/original/mwri_security-implications-of-windows-access-
tokens_2008-04-14.pdf
28. WINDOWS CRED & AUTH ISSUES
•Cred theft – major issue for a long time
•Roadblocks to overcome
•IT Admins may not understand the risk
•Change is hard; usability > security
•No “patch” for these issues
•Light at the end of the tunnel
29. INTRODUCING PAWS
•Hardened admin workstations
•Designed to limit credential theft of privileged accounts
•Similar in theory to network segmentation
•Requires grouping systems and users by privilege level
https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/privileged-access-
workstations
30. ACTIVE DIRECTORY ADMINISTRATIVE TIER
MODEL
•Tier 0 – Domain Admin & Domain Controllers
•Tier 1 – Member Server Admins & Member Servers
•Tier 2 – Workstation Admins & Workstations
33. PAW PREREQUISITES
•Remove local admin as many users as possible
•If necessary, give users multiple accounts and/or segment
•Legacy software may not play well with UAC
•Look for workarounds
•Put pressure on vendors
34. PAW PREREQUISITES
•Break out separate member server admins, if necessary
•Limit number of Tier 0 admins
•Delegate privileges in AD
•If possible, segment each group of admins
•Ops Server Admins; Dev Server Admins; Network Admins
35. PHASES OF DEPLOYMENT
•1) - Immediate deployment for AD Admins
•2) - Extend PAWs to all users with admin rights over
mission critical applications
•Cloud services admins, member server admins
•3) - Advanced PAW Security
36. PAW DEPLOYMENT MODELS
•Dedicated Hardware
•Pros – Strongest security separation
•Cons – Additional desk space, weight, hardware cost
•Simultaneous Use
•Pros – Lower hardware cost, better user experience
•Cons – Single keyboard/mouse can cause unintentional errors
37. PAW DEPLOYMENT MODELS
•Simultaneous Use
•“User” VM locally on hardened PAW host, or
•VDI, RDP – “User” VMs managed centrally in datacenter
accessed from hardened PAW
39. DEPLOY PAW ACTIVE DIRECTORY FRAMEWORK
•Create-PAWOUs.ps1
•Create the new OU structure in Active Directory
•Create-PAWGroups.ps1
•Create the new security groups in the appropriate OUs
•Set-PAWOUDelegation.ps1
•Assign permissions to the new OUs to the appropriate groups
40. NEW OUs
Users that are members of:
Domain Admins
Enterprise Admins
or equivalent
41. PAW HARDENING - COMPUTER GPOs
•Empty all local groups
•Add PAW Maintenance & Administrator to local admin
•Grant “PAW Users” group local login access
•Block Inbound Network Traffic
•Permit security scanning, patch management, etc.
•Configure WSUS for PAW
42. PAW HARDENING - USER GPOs
•Block Internet Access for PAW Users
•Allow internal and other necessary browsing
•Restrict Administrators from logging onto lower tier hosts
•Local PoliciesUsers Rights AssignmentDeny logon on…
•As a service
•As a batch job
•Locally
44. PAW SETUP – PHASE 1 (AD ADMINS)
•Acquire & validate installation media and other tools
•Windows 10 Enterprise if possible
•Credential Guard & Device Guard
•Set unique, complex password for local admin
45. PAW SETUP – PHASE 1 (AD ADMINS)
•Connect PAW to network, join domain
•Move to AdminTier 0Devices
•Install Windows Updates and any necessary admins tools
•Carefully consider risk for each tool installed
•Forward logs to SIEM
•Validate hardening GPOs
46. RESTRICTED ADMIN MODE
•Controversial RestrictedAdmin mode
•Leaves no reusable credentials
•Enabling it opens up Pass-the-Hash via RDP
•Weigh the Risk vs. Reward
47. RESTRICTED ADMIN MODE
Open up systems
to Pass-the-Hash
via RDP
Further limit
reusable creds
left on systems
vs.
Lock down RDP:
only trusted hosts
48. RESTRICTED ADMIN MODE
•RestrictedAdmin Mode
•Off by default; Enable on destination systems with regedit
•Mstsc.exe /RestrictedAdmin
•To Force RestrictedAdmin mode:
•Restrict Delegation of credential to remote servers – GPO
•Link to Admin Computer OUs in each tier
•Limitation - Connections made with computer account
49. REMOTE CREDENTIAL GUARD
•Same regedit as Restricted Admin mode to enable
•Mstsc.exe /remoteGuard
•Remote computer must be running Windows 10 - 1607 or
Windows Server 2016
•Limitation - signed on credentials only
•Benefit - Allows Multi-hop from the remote desktop
50. CREDENTIAL GUARD
•Enable Credential Guard, if possible
•Virtualizes Windows services that manage credentials
•To isolate from running OS and attacker with admin rights
•Requirements:
•Windows 10 Enterprise x64
•Secure Boot Enabled
•TPM & CPU Virtualization ext.
54. PAW SETUP – PHASE 3
•Builds on Phase 1; Not dependent Phase 2
•Multi-factor authentication – Smart cards
•Whitelisting – Device Guard / Applocker
•Protected Users Group
•Authentication Policies and Silos
55. PAW SETUP – PHASE 3 (MULTI-FACTOR)
•Windows 2FA solutions great control, but not magic bullet
•Limitations:
•Only enforced on interactive logons
•Forcing smart card logons ensures hash never changes
•Mitigate by script that toggles “Smart Card Required”
56. PAW SETUP – PHASE 3 (PROTECTED USERS)
•Most painless control to implement to limit cred exposure
•Most benefits when running 2012 R2 functional level
•Forces more secure Kerberos; tickets 4 hours instead of 10
•Users must re-authenticate when TGT expires
•Feature/Limitation - No local cached credentials
57. PAW SETUP – PHASE 3 (AUTH POLICIES & SILOS)
•Pair well with Protected Users group
•Requires 2012 R2 Functional Level
•Control where accounts can log on
•Which services they can authenticate to
•Set TGT settings
58. LESSONS LEARNED FROM MY DEPLOYMENT
•Windows 10 Enterprise Hyper-V is Awesome
•Dual monitors, audio & mic, copy+paste, separate vlans
•So many user accounts! The struggle is real
•Dramatic shift in day to day
•Sometimes “User Bill” doesn’t love “Security Bill”
•You can do it! Figure out system that works for you
59. FURTHER LIMITING EXPOSURE TO CREDENTIAL
THEFT AND LATERAL MOVEMENT
•Randomize local admin – Use LAPS or similar
61. CLOSING
•Stop buying blinky boxes as a cure-all
•Take time to truly understand the risk
•Research and learn offensive techniques
•Find your weak points, build walls, set tripwires,
plug the holes the best you can
64. REFERENCES
• PAW Technet Article
• https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/privileged-access-workstations
• Security Implications of Windows Access Tokens – A Penetration Tester’s Guide
• https://labs.mwrinfosecurity.com/assets/142/original/mwri_security-implications-of-windows-access-tokens_2008-04-14.pdf
• Hello my name is Microsoft and I have a credential problem
• https://media.blackhat.com/us-13/US-13-Duckwall-Pass-the-Hash-WP.pdf
• Mitigating Service Account Credential Theft on Windows
• https://community.rapid7.com/docs/DOC-2881
• Pass-the-Hash Whitepapers
• https://www.microsoft.com/en-us/download/details.aspx?id=36036
• Abusing Kerberos Whitepaper
• https://www.blackhat.com/docs/us-14/materials/us-14-Duckwall-Abusing-Microsoft-Kerberos-Sorry-You-Guys-Don't-Get-It-wp.pdf