IoT Key Elements demonstrated on Homie framework
Presented in IoT Bratislava meeting
Recorded session (in Slovak): https://www.youtube.com/watch?v=ov4M9oxFLxI
IoT Key Elements demonstrated on Homie framework
Presented in IoT Bratislava meeting
Recorded session (in Slovak): https://www.youtube.com/watch?v=ov4M9oxFLxI
Delivering a New Architecture for Security: Blockchain + Trusted ComputingRivetz
The old models of security are not enough anymore. Too much data is kept too centralized and too easy to steal. But blockchain alone isn't the answer, either. Just decentralization negates all the important security protocols we've established over decades. Add trusted computing to the mix, and now you're cooking.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
"How overlay networks can make public clouds your global WAN" from LASCON 2013Ryan Koop
"How overlay networks can make public clouds your global WAN" by Ryan Koop of CohesiveFT at LASCON
The presentation "How overlay networks can make public clouds your global WAN" presented by Ryan Koop on Oct 24, 2013 at LASCON in Austin, TX.
Enterprises, organizations and governments are realizing the benefits of cloud flexibility, cost savings, scalability and connectivity. Yet the traditional approach focuses too much on the underlying infrastructure, instead of the applications.
So who is making solutions for the people who work at the application layer? Are software-defined things secure?
With a focus on application-layer integration, governance and security, overlay networks let developers, and the enterprise apps they work with, use the public clouds as a global WAN network, not just extra storage.
Developers can build on top of overlay networking to extend traditional networks to the cloud with added security such as encryption, IPsec connections, VLANs and VPNs into the public cloud networks.
Prime examples are the previously cost-prohibitive projects can now use public clouds as global points of presence to create cloud WAN to partners and customers.
With the widespread use of connected devices, hackers have configured new ways to access your smartphones and laptops, even without you knowing. The Pineapple is a router that stages a fake WIFI access point, compromising the security of any smart device that unknowingly connects to it. During the accompanying webinar, Johan Hybinette, CISO at HOSTING, goes over the following discussion points:
- The technical makeup of the pineapple router
- How the Pineapple hacks into connected devices
- What personal information is at the most risk
- What you can do to protect yourself from this malicious form of identity theft
Part of the TelcoBridges How To series, Luc Morissette, Director of Customer Support and co-founder of TelcoBridges shows the installation and initial configuration of FreeSBC on a VMware virtual machine.
1) What does it mean to be secure?
2) What are trying to protect?
3) Who are the attackers?
4) Physical access
5) Secure boot techniques
6) Encryption, certificates, code signing, and digital signatures
7) Characteristics of a secure system
8) Stes to secure the data center, border gateway, and the edge devices
Ending the Tyranny of Expensive Security Tools: A New HopeMichele Chubirka
A long time ago, in a galaxy far far away, AV was invented. Then firewalls and IDS and SIEM and NAC and DLP and on and on.
With all these products, it seems like a career in information security is really more about managing tools than defeating a galactic empire of hackers and miscreants. But like the Rebel Alliance, you can take back your enterprise, because many of our existing monitoring systems and network devices also have security functionality. Moreover, there are many excellent open source applications that work just as well as commercial ones.
Creating Provable Cybersecurity with Blockchain and Trusted ComputingRivetz
Rivetz CEO Steven Sprague explains how hardware-based trusted computing, combined with blockchain enables you to create an immutable, accurate record of everything you do. Blockchain alone creates the immutable record; trusted computing ensures what's being recorded is what was supposed to be recorded.
IoT Seminar (Jan. 2016) - (3) benjamin cabé - building an open internet of th...Open Mobile Alliance
Slides from the OMA and oneM2M IoT Seminar on January 21, 2016
Speaker 3:
Benjamin Cabé, IoT Evangelist, Eclipse Foundation
Presentation title: “Building an Open Internet of Things, the Eclipse way”
Benjamin Cabé, Internet of Things enthusiast and evangelist at the Eclipse Foundation, has years of experience in connecting things, big and small, together. He is advocating the use of open source technologies to build Internet of Things solutions, which led him to cofound the Eclipse IoT Working Group in 2011. This working group has become a thriving community of 20+ open source projects, hundreds of developers, and thousands of users.
Will STIR/SHAKEN Solve the Illegal Robocall Problem?Alan Percy
Illegal robocalls continue to be a significant problem for consumers and businesses of all sizes. STIR/SHAKEN is expected to reduce illegal spam calls, but those behind the illegal calls will persist, wasting time, clogging up phone lines, and in some cases, perpetrating phishing attacks. Join us as we discuss the current state of STIR/SHAKEN and explain why further Robocall Mitigation is required.
Stay with us as Gerry Christensen, VP of Business Development and Strategic Partnerships at YouMail joins us to share an AI-powered robocall analytics platform that can be used by service providers and enterprises to block much of the unwanted traffic.
Video recording of the session is available at:
https://www2.telcobridges.com/videolibrary
This presentation demonstrates the attack and mitigation for weak implementation of IPSec.
Some helpful links:
1) https://www.youtube.com/watch?v=eRquHLXtDtw&t=25s
2) https://www.youtube.com/watch?v=KHrekdsLgdI
Microsegmentation from strategy to executionAlgoSec
Organizations heavily invest in security solutions to keep their networks safe, but still struggle to close the security gaps. Micro-segmentation helps protect against the lateral movement of malware and minimizes the risk of insider threats. Micro-segmentation has received lots of attention as a possible solution, but many IT security professionals aren’t sure where to begin or what approach to take.
In this practical webinar, Prof. Avishai Wool, AlgoSec’s CTO and co-founder will guide you through each stage of a micro-segmentation project – from developing the correct micro-segmentation strategy to effectively implementing it and continually maintaining your micro-segmented network.
Register now for this live webinar and get a practical blueprint to creating your micro-segmentation policy:
What is micro-segmentation.
Common pitfalls in micro-segmentation projects and how to avoid them.
The stages of a successful micro-segmentation project.
The role of policy change management and automation in micro-segmentation.
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
With the advent of IOT, Every 'Thing' is getting Smart, starting from the range of smartwatches, smart refrigerators, smart bulbs to smart car, smart healthcare, smart agriculture, smart retail, smart city and what not, even smart planet. But why is every thing getting smart? People are trying to bridge the gap between Digital World & Physical World by means of ubiquitous connectivity to Internet, and when digital things become physical, digital threats also become physical threats. Security & Privacy issues are rising as never before. What if the microphone in your smart TV can be used to eavesdrop the private communications in your bed room? What if a smart driverless car deliberately crashes itself into an accident? What if you want to be Anonymous over Internet and don't want anybody to track you?
This talk will focus on answering the above questions with a view on 'What are we currently doing to protect ourselves' and 'What we need to do'. What are the new security challenges that are coming up and how privacy & anonymity is taking the lead over security. The talk will also sensitive the audience about the paradigm shift that is happening in IOT DevOps, with help of Docker Containers and how they can be anonymised using TOR.
Delivering a New Architecture for Security: Blockchain + Trusted ComputingRivetz
The old models of security are not enough anymore. Too much data is kept too centralized and too easy to steal. But blockchain alone isn't the answer, either. Just decentralization negates all the important security protocols we've established over decades. Add trusted computing to the mix, and now you're cooking.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
"How overlay networks can make public clouds your global WAN" from LASCON 2013Ryan Koop
"How overlay networks can make public clouds your global WAN" by Ryan Koop of CohesiveFT at LASCON
The presentation "How overlay networks can make public clouds your global WAN" presented by Ryan Koop on Oct 24, 2013 at LASCON in Austin, TX.
Enterprises, organizations and governments are realizing the benefits of cloud flexibility, cost savings, scalability and connectivity. Yet the traditional approach focuses too much on the underlying infrastructure, instead of the applications.
So who is making solutions for the people who work at the application layer? Are software-defined things secure?
With a focus on application-layer integration, governance and security, overlay networks let developers, and the enterprise apps they work with, use the public clouds as a global WAN network, not just extra storage.
Developers can build on top of overlay networking to extend traditional networks to the cloud with added security such as encryption, IPsec connections, VLANs and VPNs into the public cloud networks.
Prime examples are the previously cost-prohibitive projects can now use public clouds as global points of presence to create cloud WAN to partners and customers.
With the widespread use of connected devices, hackers have configured new ways to access your smartphones and laptops, even without you knowing. The Pineapple is a router that stages a fake WIFI access point, compromising the security of any smart device that unknowingly connects to it. During the accompanying webinar, Johan Hybinette, CISO at HOSTING, goes over the following discussion points:
- The technical makeup of the pineapple router
- How the Pineapple hacks into connected devices
- What personal information is at the most risk
- What you can do to protect yourself from this malicious form of identity theft
Part of the TelcoBridges How To series, Luc Morissette, Director of Customer Support and co-founder of TelcoBridges shows the installation and initial configuration of FreeSBC on a VMware virtual machine.
1) What does it mean to be secure?
2) What are trying to protect?
3) Who are the attackers?
4) Physical access
5) Secure boot techniques
6) Encryption, certificates, code signing, and digital signatures
7) Characteristics of a secure system
8) Stes to secure the data center, border gateway, and the edge devices
Ending the Tyranny of Expensive Security Tools: A New HopeMichele Chubirka
A long time ago, in a galaxy far far away, AV was invented. Then firewalls and IDS and SIEM and NAC and DLP and on and on.
With all these products, it seems like a career in information security is really more about managing tools than defeating a galactic empire of hackers and miscreants. But like the Rebel Alliance, you can take back your enterprise, because many of our existing monitoring systems and network devices also have security functionality. Moreover, there are many excellent open source applications that work just as well as commercial ones.
Creating Provable Cybersecurity with Blockchain and Trusted ComputingRivetz
Rivetz CEO Steven Sprague explains how hardware-based trusted computing, combined with blockchain enables you to create an immutable, accurate record of everything you do. Blockchain alone creates the immutable record; trusted computing ensures what's being recorded is what was supposed to be recorded.
IoT Seminar (Jan. 2016) - (3) benjamin cabé - building an open internet of th...Open Mobile Alliance
Slides from the OMA and oneM2M IoT Seminar on January 21, 2016
Speaker 3:
Benjamin Cabé, IoT Evangelist, Eclipse Foundation
Presentation title: “Building an Open Internet of Things, the Eclipse way”
Benjamin Cabé, Internet of Things enthusiast and evangelist at the Eclipse Foundation, has years of experience in connecting things, big and small, together. He is advocating the use of open source technologies to build Internet of Things solutions, which led him to cofound the Eclipse IoT Working Group in 2011. This working group has become a thriving community of 20+ open source projects, hundreds of developers, and thousands of users.
Will STIR/SHAKEN Solve the Illegal Robocall Problem?Alan Percy
Illegal robocalls continue to be a significant problem for consumers and businesses of all sizes. STIR/SHAKEN is expected to reduce illegal spam calls, but those behind the illegal calls will persist, wasting time, clogging up phone lines, and in some cases, perpetrating phishing attacks. Join us as we discuss the current state of STIR/SHAKEN and explain why further Robocall Mitigation is required.
Stay with us as Gerry Christensen, VP of Business Development and Strategic Partnerships at YouMail joins us to share an AI-powered robocall analytics platform that can be used by service providers and enterprises to block much of the unwanted traffic.
Video recording of the session is available at:
https://www2.telcobridges.com/videolibrary
This presentation demonstrates the attack and mitigation for weak implementation of IPSec.
Some helpful links:
1) https://www.youtube.com/watch?v=eRquHLXtDtw&t=25s
2) https://www.youtube.com/watch?v=KHrekdsLgdI
Microsegmentation from strategy to executionAlgoSec
Organizations heavily invest in security solutions to keep their networks safe, but still struggle to close the security gaps. Micro-segmentation helps protect against the lateral movement of malware and minimizes the risk of insider threats. Micro-segmentation has received lots of attention as a possible solution, but many IT security professionals aren’t sure where to begin or what approach to take.
In this practical webinar, Prof. Avishai Wool, AlgoSec’s CTO and co-founder will guide you through each stage of a micro-segmentation project – from developing the correct micro-segmentation strategy to effectively implementing it and continually maintaining your micro-segmented network.
Register now for this live webinar and get a practical blueprint to creating your micro-segmentation policy:
What is micro-segmentation.
Common pitfalls in micro-segmentation projects and how to avoid them.
The stages of a successful micro-segmentation project.
The role of policy change management and automation in micro-segmentation.
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
With the advent of IOT, Every 'Thing' is getting Smart, starting from the range of smartwatches, smart refrigerators, smart bulbs to smart car, smart healthcare, smart agriculture, smart retail, smart city and what not, even smart planet. But why is every thing getting smart? People are trying to bridge the gap between Digital World & Physical World by means of ubiquitous connectivity to Internet, and when digital things become physical, digital threats also become physical threats. Security & Privacy issues are rising as never before. What if the microphone in your smart TV can be used to eavesdrop the private communications in your bed room? What if a smart driverless car deliberately crashes itself into an accident? What if you want to be Anonymous over Internet and don't want anybody to track you?
This talk will focus on answering the above questions with a view on 'What are we currently doing to protect ourselves' and 'What we need to do'. What are the new security challenges that are coming up and how privacy & anonymity is taking the lead over security. The talk will also sensitive the audience about the paradigm shift that is happening in IOT DevOps, with help of Docker Containers and how they can be anonymised using TOR.
Distributed Sensor Data Contextualization for Threat Intelligence AnalysisJason Trost
As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network?
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?Hacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Presented at All Things Open 2022
Presented by Andrew Zigler
Title: Open Source All The Things
Abstract: Open source software is increasingly becoming the number one choice for software developers worldwide because it's considered best in class for its improved security, extensibility and customization, and high-quality tooling. Wouldn’t it be great if your entire software development lifecycle could take place on open source software?
The good news is that it absolutely can! Modern open source tools give your development team everything they need to be productive, from initial planning to production deployment. In this session, you’ll learn how to use 100% open source software to set up a complete development pipeline that includes source code management, CI/CD, service monitoring and notifications, team communications and collaboration, project and task management, and process automation. Attendees will come away with an arsenal of tools they can deploy for their team to become more efficient at the software development process.
Target Audience:
Anyone who works on a software development team and wants to find ways to make their team more productive and facilitate better collaboration. This session is ideal for developers and technical managers who want to use open source tools to reduce context switching and increase the focus time they have to write code.
Weaponizing Intelligence: Interdiction in Today’s Threat LandscapePriyanka Aash
The threat environment is evolving every single day. As adversaries find more efficient and effective ways of making money they will reinvest that money to create more advanced and evasive malware. Disrupting that economy is key. This talk will focus on moving from gathering threat intelligence toward providing consistent offensive threat interdiction.
(Source: RSA Conference USA 2017)
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
Automation attacks are currently plaguing organizations in industries ranging from financial to retail, to gaming & entertainment. These attacks exploit stolen credential leaks, black market & custom attack toolkits, and massively scalable infrastructure to launch widely distributed attacks that are extremely difficult to detect, let alone attribute. In this presentation we will inform the audience of the scale of this problem, discuss a detection methodology to counter these attacks, and walk through 3 real-world examples of how attackers created and monetized the distributed infrastructure they require to launch these attacks.
Cloud Security Engineering - Tools and TechniquesGokul Alex
Cloud Security Engineering Education Materials prepared by Gokul Alex. It covers the essential tools and techniques to protect cloud enterprise architectures and cloud information systems.
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
In this presentation from his webinar, Rob Black, CISSP, Founder and Managing Principal of Fractional CISO, explores IoT architectures, the different types of credentials in an IoT system, the common challenges with IoT credential management, and what you can do to mitigate the risks of credential-based attacks.
You can also watch the full webinar on-demand here: https://www.beyondtrust.com/resources/webinar/5-crazy-mistakes-administrators-make-iot-system-credentials/
Similar to DEF CON 27 - MASARAH PAQUET CLOUSTON and OLIVER BILODEAU - the industry of social media manipulation driven by malware (20)
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
12. The Ecosystem of Social
Media Manipulation
Presentation is
about:
•A four-year long
investigation
•Various
investigative
techniques
•A mapping of all
actors involved
13.
14.
15. •Affects routers / Internet of Things (IoT)
• Embedded Linux systems with busybox userland
•Worm-like behavior
• Telnet credential brute force
•Payload: Proxy service
• SOCKSv4/v5, HTTP, HTTPS
Linux/Moose
25. Variables Honeypots used
Websites targeted
TLS fingerprints
User agents
API calls
Timestamps
Accounts created on social networks
Accounts followed on social networks
Traffic analysis
27. Where do we stand?
•Fake accounts
•Pinned to a given honeypot
•Originate from a single whitelisted IP address
•Whitelisted IP addresses
•Runs on Windows servers
•RDP is actively used
28.
29.
30. Automation Software
• We tried to find the Linux/Moose provider
• Based on User-Agents: Mobile and Desktop
• Socks proxy support
• Found different features
• Proxy-type HTTP / Socks
• Per account User-Agents (Mobile and Desktop)
• Custom browsing patterns
• Found different business models
• Unlimited accounts
• One-time fee / Pay-per-month / Pay-per-account
31.
32.
33.
34.
35.
36.
37. Automation Software Summary
Architecture Browser Packer Our Target?
GramDominator
/ Socinator
.Net CEF Not packed No socks proxy
support
FollowAdder Xojo /
REALBasic
CEF Obscure Xojo
framework
No unlimited
accounts
MassPlanner C++ / .Net CEF Themida /
WinLicense 2.x
Only one overridable
User-Agent
FollowingLike .Net BotSocial, a
custom
browser in .Net
ILProtector Custom User-Agent
feature too recent
FollowLiker Java compiled
to native code
HtmlUnit Java
Library
Excelsior JET Doesn’t interact with
Instagram similarly
38. Where do we stand?
Found several automation software vendors
Reseller model is not at the
botnet level
50. Reseller Panel Providers
All in one solution :
•Ready to go software
•Provides web hosting
•Domain name
sometimes included
Features:
•API to receive orders
•API to send orders
•Track your workers
64. Storm Proxies
• Received IPs from USA:
Kansas City, Lincoln NE
and Sunnyvale CA
• ISPs have conflicting
information:
• Digital Energy
Technologies Chile with
Org Host1Plus
• Victoria Mahe with Org
Joe's Datacenter, LLC
• Traceroute leads to the
US
65. Storm Proxies (cont)
• Uses Squid for
proxying
• Doesn’t protect scans
to localhost
• Linux system
• Most likely Debian
Jessie
• Exim 4.84_2
• Squid 3.4.8
66. RSocks
• Received IPs all
from same subnet
in Russia
• ISP: Adman LLC
• Traceroute
confirms Russia
67. RSocks (cont)
• Exposes SSH on 3389
• Doesn’t protect scans
to localhost
• Unable to fingerprint
proxy service
• Most likely Debian
Jessie
• SSH banner deb8u7
68. Valar Solutions
• Received a single IP from
France
• Scaleway, Dedibox
• Traffic goes out an IPv6
address in the USA
• AT&T Internet Services
69. Valar (cont)
• Uses 3Proxy
• on 1067 non-continuous ports
• Identified by nmap
• Confirmed by error message
strings that match source code
• Protects from localhost scans
• Both IPv4 and IPv6
• IPv6 sealed from outside
• Proxy entry is Debian 9
• Nginx + OpenSSH
70. Residential Proxy Providers Summary
Infrastructure Geoip / Whois Powered by
Malware?
Luminati Leveraging willing
participants’ phones
Unknown Unlikely
Storm Proxies Debian 8 (Jessie) with Squid Misleading
information
Unlikely
RSocks Debian 8 (Jessie) with
unknown proxy
Small unknown ISP Unlikely
High Proxies CentOS/RHEL 7 with Squid Misleading
information
Unlikely
Valar Solutions Debian 9 (Stretch) with
3Proxy. Tunnel between
France and USA. IPv6.
Legit AT&T Internet
Services
Unlikely
72. Where do we stand?
•IoT botnet or residential proxy services
•Automation software
•Reseller panels and reseller panel providers
Who buys from reseller panels?
73.
74.
75.
76.
77.
78.
79.
80. Potential Buyers
Linux/Moose
86% of the relayed traffic focused on Instagram
List of potential customers:
522 accounts
Method:
Content analysis
96. To fulfill an order of 100,000 followers
on Instagram
Each bot (honeypot) performed, on average,
1,186 follows per month on Instagram
85 bots per month
or
2,529 bots a day 2$/proxy
/month
97. Linux/Moose makes 100,000 follows
on Instagram per day
Creates 100k followers per day at
$22.5/10,000 follows
$250 per day
$82,125 per year
Median price
reseller
98. -> $1,000 a day at $22.5/10,000 follows
-> That is 45 orders of 10,000 follows
-> 450,000 follows a day
-> 11 382 bots
1 client = $365 000/year
104. Individuals (you)
Focus on the content rather
than the container!
What is this person bringing
to society? Is this post legit?
What are the sources?