In this work we explored the Attacks Landscape in the Dark Web. While in the past FTR looked at good and services offered and traded, here we investigated on the attacks and exposure. We observed hacking groups targeting each other, for example by defacing concurrent web sites in order to promote their -- or stealing Onion's private keys to possibly tampering on encrypted traffic in Tor.
Most investigators turn to Google and common social media platforms such as Facebook and Twitter to conduct research for their investigations. However, much of the Internet is inaccessible through simple searches, and criminals are increasingly turning to the dark web to conduct illicit business.
The dark web is anonymous and requires a special browser to access and some knowledge of how to navigate it safely. However, used properly, it can be a valuable source of information for investigators. It’s worthwhile for every investigator to develop the skills and knowledge to mine this treasure trove of dark data.
Join Chad Los Schumacher, investigator and researcher at iThreat Cyber Group, as he leads participants on an exploration of investigations in the dark web.
Webinar attendees will learn:
What the dark web is and how it fits into the rest of the worldwide web
What can be found on the dark web
How to get to the dark web using Tor and other browsers
How to locate common hubs and resources on the dark web and explore what they have to offer
How to bring leads from the dark web to the surface in an investigation
Most investigators turn to Google and common social media platforms such as Facebook and Twitter to conduct research for their investigations. However, much of the Internet is inaccessible through simple searches, and criminals are increasingly turning to the dark web to conduct illicit business.
The dark web is anonymous and requires a special browser to access and some knowledge of how to navigate it safely. However, used properly, it can be a valuable source of information for investigators. It’s worthwhile for every investigator to develop the skills and knowledge to mine this treasure trove of dark data.
Join Chad Los Schumacher, investigator and researcher at iThreat Cyber Group, as he leads participants on an exploration of investigations in the dark web.
Webinar attendees will learn:
What the dark web is and how it fits into the rest of the worldwide web
What can be found on the dark web
How to get to the dark web using Tor and other browsers
How to locate common hubs and resources on the dark web and explore what they have to offer
How to bring leads from the dark web to the surface in an investigation
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
Bad Actors (cyber criminals, terrorists, foreign spies) and their Tactics, Techniques, and Procedures (TTPS).
How is evolving the criminal underground in the Dark Web?
The response of the law enforcement.
A darknet (or dark net) is any overlay network that can be accessed only with specific software, configurations, or authorization, often using non-standard communications protocols and ports. Two typical darknet types are friend-to-friend networks (usually used for file sharing with a peer-to-peer connection)and privacy networks such as Tor.
All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers).
We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
We are currently moving out of a period of “Peak Privacy,” and into an era of “Peak Surveillance.” Encryption and other protective capabilities previously available only to governments, the super-rich, and hackers are now more accessible to the public. Recent events like the NSA snooping scandal have pushed privacy and security issues to the forefront of mainstream consciousness.
The result of these converging factors will be the emergence of the DarkNet, a new kind of Internet where large numbers of people will be able to conceal their online behavior. This talk will explore the features of the DarkNet and consider the mass adoption of hacker-like behaviors, including the use of anonymous online identities that cannot be linked to the physical identity of the person. It will also ask what this means for companies, and how they might plan for, and profit from, the coming shift using SnapChat, Silent Circle, and other apps as examples that point the way to a secure digital future
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
Within the last years, governmental bodies have been futilely trying to fight against dark web hosted marketplaces. Shortly after the closing of “The Silk Road” by the FBI and Europol in 2013, new successors have been established. Through the combination of cryptocurrencies and nonstandard communication protocols and tools, agents can anonymously trade in a marketplace for illegal items without leaving any record.
This talk will presents a research carried out to gain insights on the products and services sold within one of the larger marketplaces for drugs, fake ids and weapons on the Internet, Agora, and on new developments after the demise of Agora.
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
Horrible things happen on the Deep Web. It is important for information security professionals to know about this topic, so that we can help to stop the problem. Silence is acquiescence----If you see something horribly wrong, you have got to speak up and be part of the solution to stop it. Contact the FBI or local law enforcement.
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...festival ICT 2016
Le problematiche che sorgono in seguito all’utilizzo dei prodotti e dei servizi dell’IoT sono molteplici. Tra queste, le maggiori sono:
a) Asimmetria informativa e mancanza di controllo sui propri dati: la condivisione di dati personali tra produttori dei dispositivi, sviluppatori di sw, provider e analisti, comporta per le persone la difficoltà ad esercitare un adeguato controllo sugli stessi, e, soprattutto, sulle finalità perseguite diverse da quelle associate al dispositivo;
b) Consenso informato: estrema difficoltà per l’utilizzatore dei dispositivi IoT di prestare un consapevole e libero consenso al trattamento dei suoi dati personali;
c) Profilazione intrusiva: l’elevata quantità di dati personali e sensibili, rende altamente possibile una profilazione sempre più sofisticata delle abitudini degli utenti;
d) Sicurezza: le attuali tecnologie IoT non hanno ancora raggiunto un livello di sicurezza adeguato.
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
Bad Actors (cyber criminals, terrorists, foreign spies) and their Tactics, Techniques, and Procedures (TTPS).
How is evolving the criminal underground in the Dark Web?
The response of the law enforcement.
A darknet (or dark net) is any overlay network that can be accessed only with specific software, configurations, or authorization, often using non-standard communications protocols and ports. Two typical darknet types are friend-to-friend networks (usually used for file sharing with a peer-to-peer connection)and privacy networks such as Tor.
All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated only with the Onion Routing (TOR), the DeepWeb's ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET, and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host malware, high-resilient botnets, underground forums and bitcoin-based cashout systems (e.g., for cryptolockers).
We designed and implemented a prototype system called DeWA for the automated collection and analysis of the DeepWeb, with the goal of quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect, e.g., trading of illicit and counterfeit goods, underground forums, privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
We are currently moving out of a period of “Peak Privacy,” and into an era of “Peak Surveillance.” Encryption and other protective capabilities previously available only to governments, the super-rich, and hackers are now more accessible to the public. Recent events like the NSA snooping scandal have pushed privacy and security issues to the forefront of mainstream consciousness.
The result of these converging factors will be the emergence of the DarkNet, a new kind of Internet where large numbers of people will be able to conceal their online behavior. This talk will explore the features of the DarkNet and consider the mass adoption of hacker-like behaviors, including the use of anonymous online identities that cannot be linked to the physical identity of the person. It will also ask what this means for companies, and how they might plan for, and profit from, the coming shift using SnapChat, Silent Circle, and other apps as examples that point the way to a secure digital future
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
Within the last years, governmental bodies have been futilely trying to fight against dark web hosted marketplaces. Shortly after the closing of “The Silk Road” by the FBI and Europol in 2013, new successors have been established. Through the combination of cryptocurrencies and nonstandard communication protocols and tools, agents can anonymously trade in a marketplace for illegal items without leaving any record.
This talk will presents a research carried out to gain insights on the products and services sold within one of the larger marketplaces for drugs, fake ids and weapons on the Internet, Agora, and on new developments after the demise of Agora.
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
Horrible things happen on the Deep Web. It is important for information security professionals to know about this topic, so that we can help to stop the problem. Silence is acquiescence----If you see something horribly wrong, you have got to speak up and be part of the solution to stop it. Contact the FBI or local law enforcement.
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...festival ICT 2016
Le problematiche che sorgono in seguito all’utilizzo dei prodotti e dei servizi dell’IoT sono molteplici. Tra queste, le maggiori sono:
a) Asimmetria informativa e mancanza di controllo sui propri dati: la condivisione di dati personali tra produttori dei dispositivi, sviluppatori di sw, provider e analisti, comporta per le persone la difficoltà ad esercitare un adeguato controllo sugli stessi, e, soprattutto, sulle finalità perseguite diverse da quelle associate al dispositivo;
b) Consenso informato: estrema difficoltà per l’utilizzatore dei dispositivi IoT di prestare un consapevole e libero consenso al trattamento dei suoi dati personali;
c) Profilazione intrusiva: l’elevata quantità di dati personali e sensibili, rende altamente possibile una profilazione sempre più sofisticata delle abitudini degli utenti;
d) Sicurezza: le attuali tecnologie IoT non hanno ancora raggiunto un livello di sicurezza adeguato.
More than 80% of Today’s Top Malware Arrives via Web. More than 80% of Today’s Top Malware Arrives via Web. And
Security Demands on cloud service providers will increase. See the rest of Trend Micro's predictions for 2011.
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
Trend Micro Deep Security
#1 Security Platform for Virtualization and the cloud
Trend Micro Deep Discovery
Combating Advanced Persistent Treats (APT’s)
Trend Micro Mobile Security
Manage and control your mobile devices (BYOD)
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...festival ICT 2016
Il cash flow è la ricostruzione dei flussi monetari (differenza tra tutte le entrate e le uscite monetarie) di una azienda nell’arco del periodo di analisi e rappresenta una misura dell’autofinanziamento aziendale. Può essere calcolato a partire dal conto economico e dai dati di bilancio dell’impresa; l’insieme dei flussi di cassa è importante per stabilire in che misura ed in che maniera possono essere remunerati i centri di costo.
Partendo dall’analisi dei bilanci di alcune PMI italiane, cercheremo di analizzare le eventuali criticità emerse nella gestione del proprio cash flow e metteremo in evidenza l’importanza e i vantaggi di un flusso di cassa positivo, identificando quali strumenti utilizzare per creare liquidità, con particolare riferimento al procurement di prodotti ICT.
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
While migrating your infrastructure to the cloud offers an opportunity to rethink your approach to management and security, it can create a patchwork of processes and tools, a disorganized team, and duplication of work. In a few years, you may learn that the IT security team needs a unified approach to data protection and you must already overhaul your “new” setup. You thought you were speeding ahead with improved operations and lower costs, but you are actually in the security slow lane! Pull over and find a new route forward with VMWare on AWS by leveraging tools you know in an environment you already understand. Save years of work by utilizing a common set of tools, operational processes, and security framework when moving to the cloud. Learn tips and tactics from Trend Micro and Capgemini for setting your teams up for success now…and tomorrow.
This was one of Trend Micro's sessions presented at VMworld 2017.
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
A talk given by Kyle Wilhoit and Marco Balduzzi from Trend Micro's Forward Looking Threat Research team, along with independent researcher Alessandro Pasta.
Abstract:
In recent years, automated identification systems (AISes) have been introduced to enhance vessels tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS, which is currently a mandatory installation for all passenger ships and ships over 300 metric tonnes, works by acquiring GPS coordinates and exchanging vessel’s position, course and information with nearby ships, offshore installation, i.e. harbors and traffic controls, and Internet tracking and visualizing providers.
With an estimated number of 400,000 installation, AIS is currently the best system for collision avoidance, maritime security, aids to navigation and accident investigations.
Given its primary importance in marine traffic safety, we conducted a comprehensive security evaluation of AIS, by tackling it from both a software and a hardware, radio frequency perspective.
In this talk, we share with you our finding, i.e how we have been able to hijack and perform man-in-the-middle attacks on existing vessels, take over AIS communications, tamper with the major online tracking providers and eventually fake our own yacht!.
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...festival ICT 2016
Oggi Investire in risorse è sicuramente più conveniente che investire in licenze, I prodotti software open source sono altrettanto performanti e competitivi di quelli proprietari, il web è il loro veicolo principe la dove si manifestano con forza e penetrazione.
Il web è condivisione, Web Advisor è un programma di condivisione e aggiornamento per tutti, esperti, fornitori e clienti; per restare competitivi nel business digitale, per fare network, per restare informati e vivi!
Condividere la conoscenza con i propri clienti e partners è un paradosso commerciale da superare, Scopri le nuove regole del business open source!
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015festival ICT 2016
Oggi tutti parlano di UX Design, e finalmente si sta diffondendo la consapevolezza di quanto sia fondamentale una solida progettazione per determinare il successo o l’insuccesso di un prodotto o di un servizio. Nonostante questo, tuttavia ancora molti progetti soffrono di un design carente. In questo talk parleremo di come non cadere negli errori più comuni e di quali siano le best practices principali della UX Mobile di cui tenere conto quando si progetta una Mobile App, alla ricerca della felicità dell’utente (e nostra).
Cyber-crime and attacks in the dark side of the web - Marco Balduzzi - Codemo...Codemotion
The dark-web including TOR, FreeNet and I2P, is that part of the Internet that is not indexed by traditional search engines and where anonymity and confidentiality is enforced at the root. For these characteristics, cyber- criminals started abusing the dark-web to conduct illicit or malicious activities like illegal trading, malware hosting, and more recently targeted attacks. In this talk, we explore the cyber-criminal ecosystem in the dark-web and provides insights on its activities against hidden services and other users.
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Codemotion
The dark-web including TOR, FreeNet and I2P, is that part of the Internet that is not indexed by traditional search engines and where anonymity and confidentiality is enforced at the root. For these characteristics, cyber- criminals started abusing the dark-web to conduct illicit or malicious activities like illegal trading, malware hosting, and more recently targeted attacks. In this talk, we explore the cyber-criminal ecosystem in the dark-web and provides insights on its activities against hidden services and other users.
Presentation of "State of the Art of IoT Honeypots" technical report developed for the Seminar in Advanced Topics in Computer Science course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
Link: https://www.slideshare.net/secret/EfL8YbinRZjDPS
Describe briefly the OSI Reference model and its relevance to computer security. [4 Marks]
• Ans 1: The Open System Interconnection Model (OSI) is a standardized framework for describing how computers communicate with each other over a network system. The OSI model also conceptualizes how data flows through a stack of seven layers, beginning with the physical layer and continuing through the datalink, network, transport, session, presentation, and finally the application layer (Simoneau, 2006)
A free software implementation of second-generation onion routing that help the user to be anonymous while using the internet so it protect the user’s privacy from being monitored
Some people use it in the wrong way which lead to what is called now “The Darknet” : A black spot in the internet which involve all the criminal activities on the internet such as selling Drugs, fraud, copyright infringement and piracy and so on.
The geopolitical conflicts in the Middle East have deepened in the last few years. Syria is no exception, with the crisis there taking many forms, and the cyberspace conflict is intensifying as sides try to tilt the struggle in their favor by exploiting cyber intelligence and using distortion.
The Global Research & Analysis Team (GReAT) at Kaspersky Lab has discovered new malware attacks in Syria, using some techniques to hide and operate malware, in addition to proficient social engineering tricks to deliver malware by tricking and tempting victims to open and launch malicious files. The malware files were found on activist sites and social networking forums, some other files were also reported by local organizations like CyberArabs and Technicians for Freedom.
All technical details are available in this report ans related blog post at https://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/.
For any inquire please contact intelreports@kaspersky.com
The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda.
In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.
Similar to Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr. (20)
Investigating Web Defacement Campaigns at LargeTrend Micro
Website defacement is a very common attack. We know that hackers attack websites everyday. After websites are compromised, web pages could be altered by hackers.
Hackers usually leave some messages in deface pages, like who they are, why they attack.
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
Modern cybercrime operates highly-sophisticated campaigns that challenge, or even evade, the state-of-art in defense and protection. On a daily basis, users worldwide are fooled by new techniques and threats that went under the radar, like new 0-days or attack vectors. We passively monitored how these attacks are conducted on real installations, and unveiled the modus operandi of malware operators. In this presentation, we share with the audience our recent findings and trends that we observed in-the-wild from the analysis we conducted on 3 million software downloads, involving hundreds of thousands of Internet connected machines. During the talk, we provide insights on our investigation like the effect of code signing abuse, the compromise of cloud providers' operations, the use of domains generated automatically via social engineering, and the business model behind modern malware campaigns. We also discuss the problem of "unknown threats", showing how the Internet's threats landscape is still largely unexplored and how it badly impacts on million of users. We conclude with a proof-of-concept system that we designed and that uses machine-learning to generate human-readable rules for detection. Our system represents a potential mitigation to the problem of "unknown threats" and an assistance tool for analysts globally.
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
In today’s real-time enterprise where we all must do more with less, the operations team is sometimes forced to take shortcuts. Forgetting to manually apply security controls is often one of the first tasks to fall by the wayside. VMs that are put in production, lacking adequate protection, leave high-risk vulnerabilities open for exploitation. Learn how building-in security automation with VMware NSX and Trend Micro Deep Security provides visibility, assesses risk, and applies the right protection. Once in operation, using the adapter for vRealize Operations, the security events become visible next to the operational events, providing a holistic view of the environment. This will be illustrated through the case study of a leading manufacturing company, Plexus Corporation, who will also share their NSX journey.
This was one of Trend Micro's sessions presented at VMworld 2017.
All content not indexed by traditional web-based search engines is known
as the DeepWeb. Wrongly been associated only with the Onion Routing
(TOR), the DeepWeb's ecosystem comprises a number of other anonymous and
decentralized networks. The Invisible Internet Project (I2P), FreeNET,
and Alternative Domain Names (like Name.Space and OpenNic) are examples
of networks leveraged by bad actors to host malware, high-resilient
botnets, underground forums and bitcoin-based cashout systems (e.g., for
cryptolockers).
We designed and implemented a prototype system called DeWA for the
automated collection and analysis of the DeepWeb, with the goal of
quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect,
e.g., trading of illicit and counterfeit goods, underground forums,
privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)Trend Micro
AIS, Automatic Identification System, is a promoted standard and implementation for vessels traffic safety and monitoring. With more than 400,000 installations worldwide, AIS is currently a mandatory installation for commercial vessels and a de-facto equipment for leisure crafts. AIS is largely used in ports worldwide -- Rotterdam alone monitors over 700 AIS-enabled vessels each day, serving 32,000 seagoing and 87,000 inland vessels a year.
Back in October 2013, during HITB KUL, we showed that AIS is hardly broken, both at implementation and protocol level, and it suffers from severe vulnerabilities like spoofing and man-in-the-middle. In this talk, we extend our research by sharing with the audience several novel attacks that we recently discovered, for example how to extensively disable AIS communications or attack the software installed at back-end by port authorities. By doing so, we hope to raise the necessary awareness and lead the involved parties into calling for a more robust and secure AIS.
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
Targeted attacks and advanced persistent threats (APTs) are becoming the new norm of cyber security threats— encompassing organized, focused efforts that are custom-created to penetrate enterprises and government agencies for valuable data, trade secrets, and access to internal systems. We explore the anatomy of targeted attacks: the inner workings of the APT lifecycle, along with an in-depth overview of Trend Micro Deep Discovery advanced threat protection solution, and how it enables enterprise IT to adopt a custom defense strategy that modernizes its risk management program to defend against targeted attacks.
The Custom Defense Against Targeted AttacksTrend Micro
Advanced persistent threats (APTs) and targeted attacks have a proven ability to penetrate standard security defenses and remain undetected for months while siphoning valuable data or carrying out destructive actions. We review challenges faced by information security leaders, their options for dealing with attackers and how to a Custom Defense approach to deploy a comprehensive Detect—Analyze—Adapt—Respond lifecycle that enhances current security investments while providing new weapons to fight back against their attackers.
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
Dave Asprey, VP-Cloud Security of Trend Micro presented to members of the SDforum in Jan. 2011. This is an adapted version of is presentation which covers key considerations addressing data privacy concerns in the Cloud.
In this second installment of a three-part research paper series on the KOOBFACE botnet, Trend Micro threat researchers examine the botnet in more technical detail, chronicling its behavior and payloads.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Epistemic Interaction - tuning interfaces to provide information for AI support
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
1. Dark Web Impact on
Hidden Services in the Tor-
based Criminal Ecosystem
Dr. Marco Balduzzi @embyte
Sr. Researcher at Trend Micro
Forward-Looking Threat Research
14. Honeypot
I. Black market
II. Hosting/service
provider in Tor
III. Underground forum
IV. Misconfigured server
(FTP/SSH/IRC)
Technology
I. OsCommerce
II. WordPress + Shells
III. Custom
IV. Debian Linux
20. Data Collection and Advertisement
• 7 months experiment
• Month 1: Different advertisement strategies
to honeypot #1
• Month 2: Advertised ALL honeypots using ALL
strategies
• Month 3-7: Restricted access by blocking
incoming Tor2web traffic
32. Tor’s private key theft
• Used to compute the hidden service descriptor
Instruction
Points
Public
Key
Private Key
Instruction
Points
Public
Key
XYZ.onion
Signing
Keypair
Generation
34. Discussion
• Tor2web proxies play important role!
– Make the dark web not as private as someone would
think
• Hidden services are equally visible and exposed
as surface services
– Receive attacks within days
35. Discussion
• Dark Web is not safe heaven
– Attackers are actively conducting attacks against
hidden services
– Both automated and manuals
• Cyber-criminals are looking for services
operated by opponent groups
– Voluntarily attack them
36. • This work represents a first result in the
direction of understanding the attacks
landscape in the Dark Web.
Dr. Marco Balduzzi @embyte
Sr. Researcher at Trend Micro
Forward-Looking Threat Research
http://www.madlab.it/papers/sac17_darknets.pdf