DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDSorensenCPR
This slideshow gives an overview of how F5's BIG-IP Application Delivery Controllers protect customers' DNS infrastructure against various attacks by implementing a unique dynamic security signing policy.
SMBetray—Backdooring and breaking signaturesPriyanka Aash
When it comes to taking advantage of SMB connections, most tools available to penetration testers aim for system enumeration or for performing relay attacks to gain RCE. If signatures are required, or if the victims relayed are not local admins anywhere, that can put a real stint in leveraging SMB to gain any serious footholds in a network. Fortunately, the mentioned attacks are only the tip of the iceberg of the ways to gain RCE with insecure SMB connections – and there’s a new tool to help take full advantage of these opportunities.
Standardizing and Strengthening Security to Lower CostsOpenDNS
Your managed service includes anti-virus, an email filter and a firewall. So why do you still find yourself wasting resources on cleaning up and re-imaging infected customer endpoints? Learn how top MSPs are lowering costs, gaining efficiencies and fueling growth by leveraging cloud-delivered predictive security.
Over the past year, Intel Security has actively participated with global law enforcement agencies in take-down operations to shut down cybercrime infrastructure, associated malware and the cybercriminals themselves. This session will deconstruct emerging attack campaigns and techniques, examine pragmatic defense strategies and discuss what to expect in the future.
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDSorensenCPR
This slideshow gives an overview of how F5's BIG-IP Application Delivery Controllers protect customers' DNS infrastructure against various attacks by implementing a unique dynamic security signing policy.
SMBetray—Backdooring and breaking signaturesPriyanka Aash
When it comes to taking advantage of SMB connections, most tools available to penetration testers aim for system enumeration or for performing relay attacks to gain RCE. If signatures are required, or if the victims relayed are not local admins anywhere, that can put a real stint in leveraging SMB to gain any serious footholds in a network. Fortunately, the mentioned attacks are only the tip of the iceberg of the ways to gain RCE with insecure SMB connections – and there’s a new tool to help take full advantage of these opportunities.
Standardizing and Strengthening Security to Lower CostsOpenDNS
Your managed service includes anti-virus, an email filter and a firewall. So why do you still find yourself wasting resources on cleaning up and re-imaging infected customer endpoints? Learn how top MSPs are lowering costs, gaining efficiencies and fueling growth by leveraging cloud-delivered predictive security.
Over the past year, Intel Security has actively participated with global law enforcement agencies in take-down operations to shut down cybercrime infrastructure, associated malware and the cybercriminals themselves. This session will deconstruct emerging attack campaigns and techniques, examine pragmatic defense strategies and discuss what to expect in the future.
Hardening cassandra for compliance or paranoiazznate
How to secure a cassandra cluster. Includes details on configuring SSL, setting up a certificate authority and creating certificates and trust chains for the JVM.
The Last Pickle: Hardening Apache Cassandra for Compliance (or Paranoia).DataStax Academy
Security is always at odds with usability, particularly in the context of operations and development. More so when dealing with a distributed system such as Apache Cassandra. In this presentation, we'll walk through the steps required to completely secure a Cassandra cluster to meet most regulatory and compliance guidelines.
Topics will include:
- Encrypting cross-DC traffic
- Different types of at-rest disk encryption options available (and how to tune them)
- Configuring SSL for inter-cluster communication
- Configuring SSL between clients and the API
- Configuring and managing client authentication
Attendees will leave this presentation with the knowledge required to harden Cassandra to meet most guidelines imposed by regulations and compliance.
Overcoming the Challenges of Architecting for the CloudZscaler
The concept of backhauling traffic to a centralized datacenter worked when both users and applications resided there. But, the migration of applications from the data center to the cloud requires organizations to rethink their branch and network architectures. What is the best approach to manage costs, reduce risk, and deliver the best user experience for all your users?
Watch this webcast to uncover the five key requirements to overcome these challenges and securely route your branch traffic direct to the cloud.
Seattle C* Meetup: Hardening cassandra for compliance or paranoiazznate
Details how to secure Apache Cassandra clusters. Covers client to server and server to server encryption, securing management and tooling, using authentication and authorization, as well as options for encryption at rest.
How to use strategic and structural design principles to apply the MITRE Cyber Resiliency Engineering Framework (CREF) to improve the cybersecurity, resiliency, and therefore business continuity and survivability of your company.
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOOpenDNS
Ransomware, trojans, and keyloggers are increasingly targeting SMBs—and traditional, reactive security solutions are not cutting it. Malware not only puts your customers at risk but also hurts your bottom line through hours wasted cleaning up infected machines.
But how do you protect customers that may not understand the risks or the value of layered security? The answer lies in leveraging increased visibility and value reporting to improve your bottom line and become your customer's virtual CIO and CISO.
Join OpenDNS Sr. Product Manager Dima Kumets and guest speaker Jim Lancaster of MSPmentor 100 company Sagiss to learn about:
-Combining protection and containment to lower costs
-Improving renewal rates through value reporting
-Leveraging OpenDNS's new integration with ConnectWise to be the Virtual CIO
-Monitoring real-time network activity as a sellable service
This presentation will offer an overview on what are the frequently occurring 802.1x authentication based issues and how to quickly diagnose/troubleshoot the IAP WLAN network. Check out the webinar recording where this presentation was used. https://attendee.gotowebinar.com/register/5818157412807394306
2021 01-27 reducing risk of ransomware webinarAlgoSec
Micro-segmentation protects your network by limiting the lateral movement of ransomware and other threats in your network. Yet successfully implementing a defense-in-depth strategy using micro-segmentation may be complicated.
In this second webinar in a series of two webinars about ransomware, Yitzy Tannenbaum, Product Marketing Manager from AlgoSec and Jan Heijdra, Cisco Security Specialist, will provide a blueprint to implementing micro-segmentation using Cisco Secure Workload (formerly Cisco Tetration) and AlgoSec Network Security Policy Management.
Join our live webinar to learn:
• Why micro-segmentation is critical to fighting ransomware
• Understand your business applications to create your micro-segmentation policy
• Validate your micro-segmentation policy is accurate
• Enforce these granular policies on workloads and summarized policies across your infrastructure
• Use risk and vulnerability analysis to tighten your workload and network security
• Identify and manage security risk and compliance in your micro-segmented environment
Decrypting and Selectively Inspecting Modern TrafficShain Singh
Some Security equipment vendors claim that modern Perfect Forward Secrecy (PFS)-encrypted traffic cannot be decrypted inline. Alternative techniques must be used to locate malware hiding in such encrypted traffic, such as using Artificial Intelligence to guess if a security threat is present.
Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Navigating the Cybersecurity Landscape: Economics, Targeting, and the Best Security Controls
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB
Many applications with high-sensitivity workloads require enhanced technical options to control and limit access to confidential and regulated data. In some cases, system requirements or compliance obligations dictate a separation of duties for staff operating the database and those who maintain the application layer. In cloud-hosted environments, certain data are sometimes deemed too sensitive to store on third-party infrastructure. This is a common pain for system architects in the healthcare, finance, and consumer tech sectors — the benefits of managed, easily expanded compute and storage have been considered unavailable because of data confidentiality and privacy concerns.
This session will take a deep dive into new security capabilities in MongoDB 4.2 that address these scenarios, by enabling native client-side field-level encryption, using customer-managed keys. We will review how confidential data can be securely stored and easily accessed by applications running on MongoDB. Common query design patterns will be presented, with example code demonstrating strong end-to-end encryption in Atlas or on-premise. Implications for developers and others designing systems in regulated environments will be discussed, followed by a Q&A with senior MongoDB security engineers.
C1000-125 IBM Cloud Technical Advocate v3 By Certs Warrior.pptxCerts Warrior
Certification overview, objectives, exam preparation and registration
C1000-125 IBM Cloud Technical Advocate v3
Vendor Name: IBM
Code: C1000-125
-------------------
For More Details Visit: https://t.ly/59D9
https://www.certswarrior.com/exam/c1000-125/
https://www.youtube.com/watch?v=I5jkEGld-sM
--------------------
"C1000-125 Exam Details:
Certification Overview
The Technical Advocate is a technical role with less than one-year foundational Cloud knowledge and experience
coming from at least one information technology related discipline. They discern requirements and goals specified
by a client to facilitate an appropriate solution with IBM Cloud. Areas of focus include Cloud components,
architecture, and methodologies. Their mission is to help customers realize benefits related to leading Industry,
Open, and IBM Cloud offerings.
-------------
#exam #code #C1000125 #IBM #cloud #technical #advocatev3 #certification #overview, #objectives, #preparation
#registration #questions #answers #PDFDumps #dumps #examPDFDumps #CertsWarrior
-----------------------
About Certs Warrior:
---------------------------------
We always provide the latest certification exam questions, and answers with PDF dumps, practice tests, mock exams, and study guide materials to crack your final test with 100% success.
Certs Warrior is a group of experts who provide the most accurate and important IT exam preparation content. We are 100% beyond any doubt that you will pass your exam effectively with what we offer 100% full cashback guarantee. Our most senior advancement group works with utmost accuracy and efficiency to guarantee your completion in creating, planning and executing the questions and answers in our pdf about guides.
----------------
For More Videos Visit Our Website:
Certs Warrior: https://t.ly/AguN3
Please Don't Forget To Like, Comment, Share, And Subscribe To Our Official YouTube Channel #CertsWarrior:.
https://www.youtube.com/channel/UCin9hCQky99UQxOavz8n0TA
----------------------------------------------------------------------
Speaker: Tom Spitzer, Vice President, Engineering, EC Wise, Inc.
Session Type: 40 minute main track session
Level: 200 (Intermediate)
Track: Security
MongoDB Community Server provides a wide range of capabilities for securing your MongoDB installation. In this session, we will focus on access control features, including authentication and authorization mechanisms, that enable you to enforce a least privilege model on user accounts. We will also discuss strategies for enabling and maintaining service and application accounts. Next we will present the encryption capabilities that are available in the community edition and discuss their benefits and possible shortcomings. Finally, we will talk about application level protections your developers can implement to keep risky code from getting to your MongoDB instance.
What You Will Learn:
- The workings of the MongoDB User Management Interface, the Authentication Database, basic Authentication mechanisms (SCRAM-SHA-1 and certificates), Roles, and Role Based Access controls – plus best practices for using these features to improve the security of your database.
- How to use TLS/SSL for transport encryption, application encryption options, and field level redaction.
- How injection attacks work and how to minimize the risk of injection attacks.
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismological networks remotely
More Related Content
Similar to DEF CON 27 - YARON ZINAR and MARINA SIMAKOV - relaying credentials has never been easier how to easily bypass the latest ntlm relay mitigations
Hardening cassandra for compliance or paranoiazznate
How to secure a cassandra cluster. Includes details on configuring SSL, setting up a certificate authority and creating certificates and trust chains for the JVM.
The Last Pickle: Hardening Apache Cassandra for Compliance (or Paranoia).DataStax Academy
Security is always at odds with usability, particularly in the context of operations and development. More so when dealing with a distributed system such as Apache Cassandra. In this presentation, we'll walk through the steps required to completely secure a Cassandra cluster to meet most regulatory and compliance guidelines.
Topics will include:
- Encrypting cross-DC traffic
- Different types of at-rest disk encryption options available (and how to tune them)
- Configuring SSL for inter-cluster communication
- Configuring SSL between clients and the API
- Configuring and managing client authentication
Attendees will leave this presentation with the knowledge required to harden Cassandra to meet most guidelines imposed by regulations and compliance.
Overcoming the Challenges of Architecting for the CloudZscaler
The concept of backhauling traffic to a centralized datacenter worked when both users and applications resided there. But, the migration of applications from the data center to the cloud requires organizations to rethink their branch and network architectures. What is the best approach to manage costs, reduce risk, and deliver the best user experience for all your users?
Watch this webcast to uncover the five key requirements to overcome these challenges and securely route your branch traffic direct to the cloud.
Seattle C* Meetup: Hardening cassandra for compliance or paranoiazznate
Details how to secure Apache Cassandra clusters. Covers client to server and server to server encryption, securing management and tooling, using authentication and authorization, as well as options for encryption at rest.
How to use strategic and structural design principles to apply the MITRE Cyber Resiliency Engineering Framework (CREF) to improve the cybersecurity, resiliency, and therefore business continuity and survivability of your company.
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOOpenDNS
Ransomware, trojans, and keyloggers are increasingly targeting SMBs—and traditional, reactive security solutions are not cutting it. Malware not only puts your customers at risk but also hurts your bottom line through hours wasted cleaning up infected machines.
But how do you protect customers that may not understand the risks or the value of layered security? The answer lies in leveraging increased visibility and value reporting to improve your bottom line and become your customer's virtual CIO and CISO.
Join OpenDNS Sr. Product Manager Dima Kumets and guest speaker Jim Lancaster of MSPmentor 100 company Sagiss to learn about:
-Combining protection and containment to lower costs
-Improving renewal rates through value reporting
-Leveraging OpenDNS's new integration with ConnectWise to be the Virtual CIO
-Monitoring real-time network activity as a sellable service
This presentation will offer an overview on what are the frequently occurring 802.1x authentication based issues and how to quickly diagnose/troubleshoot the IAP WLAN network. Check out the webinar recording where this presentation was used. https://attendee.gotowebinar.com/register/5818157412807394306
2021 01-27 reducing risk of ransomware webinarAlgoSec
Micro-segmentation protects your network by limiting the lateral movement of ransomware and other threats in your network. Yet successfully implementing a defense-in-depth strategy using micro-segmentation may be complicated.
In this second webinar in a series of two webinars about ransomware, Yitzy Tannenbaum, Product Marketing Manager from AlgoSec and Jan Heijdra, Cisco Security Specialist, will provide a blueprint to implementing micro-segmentation using Cisco Secure Workload (formerly Cisco Tetration) and AlgoSec Network Security Policy Management.
Join our live webinar to learn:
• Why micro-segmentation is critical to fighting ransomware
• Understand your business applications to create your micro-segmentation policy
• Validate your micro-segmentation policy is accurate
• Enforce these granular policies on workloads and summarized policies across your infrastructure
• Use risk and vulnerability analysis to tighten your workload and network security
• Identify and manage security risk and compliance in your micro-segmented environment
Decrypting and Selectively Inspecting Modern TrafficShain Singh
Some Security equipment vendors claim that modern Perfect Forward Secrecy (PFS)-encrypted traffic cannot be decrypted inline. Alternative techniques must be used to locate malware hiding in such encrypted traffic, such as using Artificial Intelligence to guess if a security threat is present.
Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Navigating the Cybersecurity Landscape: Economics, Targeting, and the Best Security Controls
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB
Many applications with high-sensitivity workloads require enhanced technical options to control and limit access to confidential and regulated data. In some cases, system requirements or compliance obligations dictate a separation of duties for staff operating the database and those who maintain the application layer. In cloud-hosted environments, certain data are sometimes deemed too sensitive to store on third-party infrastructure. This is a common pain for system architects in the healthcare, finance, and consumer tech sectors — the benefits of managed, easily expanded compute and storage have been considered unavailable because of data confidentiality and privacy concerns.
This session will take a deep dive into new security capabilities in MongoDB 4.2 that address these scenarios, by enabling native client-side field-level encryption, using customer-managed keys. We will review how confidential data can be securely stored and easily accessed by applications running on MongoDB. Common query design patterns will be presented, with example code demonstrating strong end-to-end encryption in Atlas or on-premise. Implications for developers and others designing systems in regulated environments will be discussed, followed by a Q&A with senior MongoDB security engineers.
C1000-125 IBM Cloud Technical Advocate v3 By Certs Warrior.pptxCerts Warrior
Certification overview, objectives, exam preparation and registration
C1000-125 IBM Cloud Technical Advocate v3
Vendor Name: IBM
Code: C1000-125
-------------------
For More Details Visit: https://t.ly/59D9
https://www.certswarrior.com/exam/c1000-125/
https://www.youtube.com/watch?v=I5jkEGld-sM
--------------------
"C1000-125 Exam Details:
Certification Overview
The Technical Advocate is a technical role with less than one-year foundational Cloud knowledge and experience
coming from at least one information technology related discipline. They discern requirements and goals specified
by a client to facilitate an appropriate solution with IBM Cloud. Areas of focus include Cloud components,
architecture, and methodologies. Their mission is to help customers realize benefits related to leading Industry,
Open, and IBM Cloud offerings.
-------------
#exam #code #C1000125 #IBM #cloud #technical #advocatev3 #certification #overview, #objectives, #preparation
#registration #questions #answers #PDFDumps #dumps #examPDFDumps #CertsWarrior
-----------------------
About Certs Warrior:
---------------------------------
We always provide the latest certification exam questions, and answers with PDF dumps, practice tests, mock exams, and study guide materials to crack your final test with 100% success.
Certs Warrior is a group of experts who provide the most accurate and important IT exam preparation content. We are 100% beyond any doubt that you will pass your exam effectively with what we offer 100% full cashback guarantee. Our most senior advancement group works with utmost accuracy and efficiency to guarantee your completion in creating, planning and executing the questions and answers in our pdf about guides.
----------------
For More Videos Visit Our Website:
Certs Warrior: https://t.ly/AguN3
Please Don't Forget To Like, Comment, Share, And Subscribe To Our Official YouTube Channel #CertsWarrior:.
https://www.youtube.com/channel/UCin9hCQky99UQxOavz8n0TA
----------------------------------------------------------------------
Speaker: Tom Spitzer, Vice President, Engineering, EC Wise, Inc.
Session Type: 40 minute main track session
Level: 200 (Intermediate)
Track: Security
MongoDB Community Server provides a wide range of capabilities for securing your MongoDB installation. In this session, we will focus on access control features, including authentication and authorization mechanisms, that enable you to enforce a least privilege model on user accounts. We will also discuss strategies for enabling and maintaining service and application accounts. Next we will present the encryption capabilities that are available in the community edition and discuss their benefits and possible shortcomings. Finally, we will talk about application level protections your developers can implement to keep risky code from getting to your MongoDB instance.
What You Will Learn:
- The workings of the MongoDB User Management Interface, the Authentication Database, basic Authentication mechanisms (SCRAM-SHA-1 and certificates), Roles, and Role Based Access controls – plus best practices for using these features to improve the security of your database.
- How to use TLS/SSL for transport encryption, application encryption options, and field level redaction.
- How injection attacks work and how to minimize the risk of injection attacks.
Similar to DEF CON 27 - YARON ZINAR and MARINA SIMAKOV - relaying credentials has never been easier how to easily bypass the latest ntlm relay mitigations (20)
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. ABOUT US
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
• Senior Security Researcher @Preempt
• M.Sc. in computer science, with several published articles, with a main area of
expertise in graph theory
• Previously worked as a Security Researcher @Microsoft
• Spoke at various security conferences such as Black Hat, Blue Hat IL and DefCon
Marina Simakov (@simakov_marina)
• Senior Security Researcher Lead @Preempt
• M.Sc. in Computer Science with a focus on statistical analysis
• Spent over 12 years at leading companies such as Google and Microsoft
• Among his team latest finding are CVE-2017-8563, CVE-2018-0886, CVE-2019-
1040 and CVE-2019-1019
Yaron Zinar (@YaronZi)
3. AGENDA
1. Introduction:
§ Common attacks on Active
Directory
§ NTLM
§ Design weaknesses
§ NTLM Relay
§ Offered mitigations
2. Known Vulnerabilities
§ LDAPS Relay
§ CVE-2015-0005
3. New vulnerabilities
§ Your session key is my session
key
§ Drop the MIC
§ EPA bypass
§ Attacking AD FS
§ External lockout bypass
§ Reverse-Kerberoasting
4.Takeaways
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
4. INTRODUCTION: ACTIVE DIRECTORY
§ Main secrets storage of the domain
§ Stores password hashes of all accounts
§ In charge of authenticating accounts against domain resources
§ Authentication protocols
§ LDAP
§ NTLM
§ Kerberos
§ Common attacks
§ Golden & Silver Ticket
§ Forged PAC
§ PTT
§ PTH
§ NTLM Relay
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
5. NTLM
Authentication is not bound to the session!
(1) NTLM Negotiate
(3) NTLM Authenticate
(2) NTLM Challenge
(4) NETLOGON
(5) Approve/Reject
Client Machine Server DC
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
6. NTLM RELAY
(1) NTLM Negotiate
(5) NTLM Authenticate
(4) NTLM Challenge
Client Machine Server
Attacked
Target
DC
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
7. <RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
NTLM RELAY:
MITIGATIONS
8. NTLM RELAY: MITIGATIONS
§ Mitigations:
§ SMB Signing
§ LDAP Signing
§ EPA (Enhanced Protection for Authentication)
§ LDAPS channel binding
§ Server SPN target name validation
§ Hardened UNC Paths
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
9. NTLM RELAY: MITIGATIONS
§ SMB & LDAP signing
§ After the authentication, all communication between client and server will
be signed
§ The signing key is derived from the authenticating account’s password hash
§ The client calculates the session key by itself
§ The server receives the session key from the DC in the NETLOGON
response
§ An attacker with relay capabilities has no way of retrieving the session key
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
10. NTLM RELAY: MITIGATIONS
§ SMB & LDAP signing
(1) NTLM Negotiate
(5) NTLM Authenticate
(4) NTLM Challenge
Client
Machine
DCServer
Attacked
Target
Packet not
signed
correctly
+Session Key
(Hash Derived)
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
11. NTLM RELAY: MITIGATIONS
§ EPA (Enhanced Protection for Authentication)
§ RFC 5056
§ Binds the NTLM authentication to the secure channel over which the
authentication occurs
§ The final NTLM authentication packet contains a hash of the target service’s
certificate, signed with the user’s password hash
§ An attacker with relay capabilities is using a different certificate than the
attacked target, hence the client will respond with an incompatible
certificate hash value
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
12. NTLM RELAY: MITIGATIONS
§ EPA (Enhanced Protection for Authentication)
(2) NTLM Negotiate
Client
Machine
DCServer
Attacked
Target
(5) NTLM Challenge
(6) NTLM Authenticate
User signs the Server’s
certificate
Incorrect
certificate hash!
(1) TLS Session
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
13. <RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
NTLM RELAY:
KNOWN VULNERABILITIES
14. NTLM: KNOWN VULNERABILITIES
§ LDAPS Relay (CVE-2017-8563)
§ Discovered by Preempt in 2017
https://blog.preempt.com/new-ldap-rdp-relay-vulnerabilities-in-ntlm
§ Group Policy Object (GPO) - “Domain Controller: LDAP server signing
requirements”
§ Requires LDAP sessions to be signed OR
§ Requires session to be encrypted via TLS (LDAPS)
§ TLS does not protect from credential forwarding!
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
15. NTLM: KNOWN VULNERABILITIES
§ CVE-2015-0005
§ Discovered by Core Security (@agsolino)
§ DC didn’t verify target server identity
§ Allows NTLM Relay even when Signing is required
(1) NTLM Negotiate
(5) NTLM Authenticate
(4) NTLM Challenge
Client Machine DCServer
Attacked
Target
(9) NETLOGON
(10) Approve + Session Key
+Session Key
(Hash Derived)
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
16. NTLM: KNOWN VULNERABILITIES
§ CVE-2015-0005
§ NTLM Challenge message:
§ Contains identifying information about the target computer
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
17. NTLM: KNOWN VULNERABILITIES
§ CVE-2015-0005
§ NTLM Authenticate message:
§ User calculates HMAC_MD5 based on the challenge message using his NT Hash
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
18. NTLM: KNOWN VULNERABILITIES
§ CVE-2015-0005 – Fix:
§ Microsoft issued a fix in MS15-027
§ The fix validated that the computer
which established the secure
connection is the same as the target
in the NTLM Authenticate request
(1) NTLM Negotiate
(5) NTLM Authenticate
(4) NTLM Challenge
Client Machine DCServer
Attacked
Target
(9) NETLOGON
(10) DENY!
+Session Key
(Hash Derived)
Target hostname
mismatch!
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
19. <RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
NTLM RELAY:
NEW VULNERABILITIES
20. NTLM: NEW VULNERABILITIES
§ Your session key is my session key
§ Retrieve the session key for any NTLM authentication
§ Bypasses the MS15-027 fix
§ Drop the MIC
§ Modify session requirements (such as signing)
§ Overcome the MIC protection
§ EPA bypass
§ Relay authentication to servers which require EPA
§ Modify packets to bypass the EPA protection
§ Attacking AD-FS
§ External lockout policy bypass
§ Reverse-Kerberoasting
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
22. <RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
YOUR SESSION KEY IS MY
SESSION KEY
23. NTLM: NEW VULNERABILITIES
§ Your session key is my session key
§ MS15-027 fix validates target NetBIOS name
§ But what is the target NetBIOS name field is missing?
Original challenge: Modified challenge:
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
24. NTLM: NEW VULNERABILITIES
§ Your session key is my session key
§ The client responds with an NTLM_AUTHENTICATE message with target
NetBIOS field missing
§ The NETLOGON message is sent without this field
§ The domain controller responds with a session key!
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
25. NTLM: NEW VULNERABILITIES
§ Your session key is my session key
§ But what if the NTLM AUTHENTICATE message includes a MIC?
§ MIC: Message integrity for the NTLM NEGOTIATE, NTLM CHALLENGE, and
NTLM AUTHENTICATE
§ MIC = HMAC_MD5(SessionKey, ConcatenationOf(
NTLM_NEGOTIATE, NTLM_CHALLENGE, NTLM_AUTHENTICATE))
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
26. NTLM: NEW VULNERABILITIES
§ Your session key is my session key
§ Overcoming the MIC problem:
§ By removing the target hostname we are able to retrieve the session key
§ We have all 3 NTLM messages
§ The client provides a MIC which is based on the modified NTLM_CHALLENGE
message
§ We recalculate the MIC based on the original NTLM_CHALLENGE message
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
27. NTLM: NEW VULNERABILITIES
§ Your session key is my session key
(1) NTLM Negotiate
(5) NTLM Authenticate
(4) NTLM Challenge
remove target name
Client Machine DCServer
Attacked
Target
(6) NETLOGON
(7) Approve + Session Key
+Session Key
(Hash Derived)
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
30. NTLM: NEW VULNERABILITIES
§ Your session key is my session key – Fix:
§ Windows servers deny requests which do not include a target
§ Issues:
§ NTLMv1
§ messages do not have av_pairs -> no target field
§ Such authentication requests remain vulnerable to the attack
§ Non-Windows targets are still vulnerable
§ Patching is not enough
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
31. <RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
DROP THE MIC
32. NTLM: NEW VULNERABILITIES
§ Drop the MIC
§ MIC = HMAC_MD5(SessionKey, ConcatenationOf(
NTLM_NEGOTIATE, NTLM_CHALLENGE, NTLM_AUTHENTICATE))
§ If client & server negotiate session privacy/integrity, attackers cannot take
over the session
§ The MIC protects the NTLM negotiation from tampering
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
33. NTLM: NEW VULNERABILITIES
§ Drop the MIC
§ SMB clients turn on the signing negotiation flag by default & use a MIC
§ It is not possible (or at least, not trivial) to relay SMB to another protocol which
relies on this negotiation flag (in contrast to other protocols such as HTTP)
§ How can we overcome this obstacle?
§ MIC can be modified only if the session key is known
§ Otherwise, it can be simply removed J
§ [In order to remove the MIC, the version needs to be removed as well, as well as
some negotiation flags]
§ Result: It is possible to tamper with any stage of the NTLM authentication flow
when removing the MIC
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
34. NTLM: NEW VULNERABILITIES
§ Drop the MIC
(1) NTLM Negotiate
Signing supported
(5) NTLM Authenticate
Includes MIC
(4) NTLM Challenge
No signing negotiated
Client Machine Server
Attacked
Target
DC
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
35. NTLM: NEW VULNERABILITIES
§ Drop the MIC - Problem
§ The MIC presence is notified in the msvAvFlags attribute in the NTLM
authentication message
§ msvAvFlags is signed with the user’s password hash
§ Even if the corresponding bit is set, the target server does not verify that the
MIC is indeed present
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
37. NTLM: NEW VULNERABILITIES
§ MIC bypass - Fix:
§ If msvAvFlags indicate that a MIC is present, verify its presence.
§ Issues:
§ Some clients don’t add a MIC by default (Firefox on Linux or MacOS)
§ These clients are still vulnerable to NTLM session tampering
§ More serious issue:
CVE-2019-1166 –
Drop The MIC 2 J
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
39. NTLM: NEW VULNERABILITIES
§ EPA (Enhanced Protection for Authentication) bypass
§ EPA binds authentication
packets to a secure TLS channel
§ Adds a Channel Bindings field
to the NTLM_AUTHENTICATE
message based on the target
server certificate
§ Prevents attackers from relaying
the authentication to another
server
§ Modification requires
knowledge of the user’s NT
HASH
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
40. NTLM: NEW VULNERABILITIES
§ EPA (Enhanced Protection for Authentication) bypass
§ Servers protected by EPA:
§ AD-FS
§ OWA
§ LDAPS
§ Other HTTP servers (e.g. Sharepoint)
§ Unfortunately by default, EPA is disabled on all of the above servers
§ In most cases, these servers are vulnerable to much simpler attack vectors
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
41. NTLM: NEW VULNERABILITIES
§ EPA (Enhanced Protection for Authentication) bypass
§ Modifying the Channel Bindings
in the NTLM_AUTHENTICATE
message is not possible
§ But what if we add a Channel
Bindings field to the
NTLM_CHALLENGE message
before we send it to the client?
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
42. NTLM: NEW VULNERABILITIES
§ EPA (Enhanced Protection for Authentication) bypass
§ Client will add our crafted field
to the NTLM_AUTHENTICATE
message!
§ Additional fields would be
added to the message, including
a second Channel Binding
§ Server takes the first Channel
Binding for verification
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
43. NTLM: NEW VULNERABILITIES
§ EPA (Enhanced Protection for Authentication) bypass
§ What if the NTLM_AUTHENTICATE message includes a MIC?
§ DROP THE MIC!
Original NTLM_AUTHENTICATE: Modified NTLM_AUTHENTICATE:
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
44. NTLM: NEW VULNERABILITIES
§ EPA (Enhanced Protection for Authentication) bypass
(1) NTLM Negotiate
DCServer
Attacked
Target
(4) NTLM Challenge
Inject Channel Binding
(5) NTLM Authenticate
Rouge Channel Binding
MIC
Client Machine
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
47. NTLM: NEW VULNERABILITIES
§ EPA bypass - Fix:
§ Servers deny authentication requests which include more than one
channel binding value
§ Issues:
§ Some clients don’t support EPA & don’t add a MIC (Firefox on Linux or
MacOS)
§ These clients are still vulnerable to the EPA bypass
§ One such client is enough to make the entire domain vulnerable
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
48. <RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
ATTACKING AD-FS
49. ATTACKING AD-FS
§ AD-FS Architecture
https://www.sherweb.com/blog/office-365/active-directory-federation-services/
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
50. ATTACKING AD-FS
§ AD-FS Proxy
§ Open to the internet
§ Easy target for brute-force/password spraying attacks
§ External Lockout Policy
§ Locks the user coming from the external network after exceeding the
Extranet Lockout Threshold
§ Has effect when: Extranet Lockout Threshold < AD Lockout Threshold
§ Prevents brute-force-attacks
§ Prevents malicious account lockouts
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
51. ATTACKING AD-FS
§ WIA (Windows Integrated Authentication)
§ Use Kerberos or NTLM SSO capabilities to authenticate to AD-FS
§ WIA authentications were accepted by the AD-FS proxy
§ NTLM relay against the AD-FS proxy from the external network
§ NTLM authentications target at the AD FS proxy allowed attackers to bypass
the external lockout policy (CVE-2019-1126)
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
52. ATTACKING AD-FS
§ WIA (Windows Integrated Authentication)
§ Kerberos authentications allowed attackers to brute-force the AD-FS service
account’s password
§ Generate service tickets using different passwords and send to AD-FS proxy
§ If password is successfully guessed -> log into cloud resources using any
desired privileges
§ No logs generated for unsuccessful attempts
§ Reverse-Kerberoasting!
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
54. TAKEAWAYS
§ Patch all vulnerable machines!
§ Restrict NTLM usage as much as possible
§ NTLM authentication is susceptible to NTLM relay attacks
§ Always prefer Kerberos usage
§ Disable NTLMv1 in your environment
§ Configure the GPO ‘Network security: LAN Manager authentication level’ to:
‘Send NTLMv2 response only. Refuse LM & NTLM’
§ https://docs.microsoft.com/en-us/windows/security/threat-protection/security-
policy-settings/network-security-lan-manager-authentication-level
§ Incorporate NTLM relay mitigations:
§ SMB & LDAP signing
§ LDAP channel binding
§ EPA
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>
55. CREDITS
§ The Preempt Research Team
§ Eyal Karni (@eyal_karni)
§ Sagi Sheinfeld
§ Alberto Solino (@agsolino)
§ Some of the vulnerabilities are merged into impacket!
§ https://github.com/SecureAuthCorp/impacket
<RELAYING CREDENTIALS HAS NEVER BEEN EASIER. MARINA SIMAKOV & YARON ZINAR. DEFCON 2019>