concept of MITRE ATT&CK for connected cars and vehicles as presented at EU ATT&CK Workshop #8. Initiative to use Sigma rules for VSOC to proactively map out threats for connected cars.
Visibility on the network a tactical cti-based approachAlfredo Hickman
Provide a brief background and history of Cyber Threat Intelligence: CTI is a term often associated with marketing phrases such as NextGen, AI, and machine learning. The idea here is to cover the concept at a high-level, dispel any marketing lingo association, and clearly define what CTI is.
Discuss the differences between the different types of types of intelligence - strategic, operational and tactical: Now that we know what CTI really is and what it is not, we will cover the different types of CTI, why they are useful, and where they are typically consumed in the decision making hierarchy.
Review the Security Onion platform and where it fits into the intelligence-driven security operation: This section will briefly cover the Security Onion platform. While Security Onion is not directly a CTI platform, it can help in operationalizing and creating tactical intelligence via its rich and robust threat data integrations. Furthermore, Security Onion can provide the security professional on a budget a robust platform for conducting intelligence driven security operations.
Overview of the lab environment that facilitates the attack scenario: This section covers the lab I created for simulating a small business corporate network. This lab is where the attack scenarios and intrusion detection and analysis occurred.
Cover the attack scenario and review of the intrusion to understand attacker techniques, tools, and procedures: Based on the intrusion detection analysis provided, I demonstrate how a security analysts can start to describe adversary TTPs, and how a security organization can benefit from adopting a CTI-driven operation.
Cover how Security Onion can enable the intelligence-driven security operation: Based on the attack scenario and the associated intrusion analysis, I demonstrate how Security Onion can enable the CTI driven security operation.
Arshan Dabirsiaghi, Contrast Security
Matt Austin, Contrast Security
Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR.
The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself.
Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application?
In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner.
VERIS has been the base analysis framework for supporting the Verizon Data Breach Investigations Report (DBIR) since its inception. However, as organizations work to interpret the richness of information present on the DBIR to a more tactical level, the Threat Action Varieties available on VERIS fail to capture the detail present on the incidents recorded.
This talk presents the Verizon Common Attack Framework (VCAF), an effort from the Security Data Science team and the DBIR team in Verizon to expand and map the ATT&CK framework in alignment with the DBIR Threat Action Varieties to provide this much-sought level of granularity in recording and analyzing recorded breaches.
Additionally, this talk describes possible outcomes when this data is available and organized as such. Examples include applying DBIR-inspired attack vector analytics upon ATT&CK layer information, effectively identifying optimal control choke points on the attack graphs according to specific industries covered by the DBIR.
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...MITRE - ATT&CKcon
Operationalizing the ATT&CK framework has enabled GE to deploy custom detection to evolving threat actor behaviors. By leveraging an in-house developed tool called TIAMAT (Tactical Intelligence Adversary Mapping and Analysis Tool) the ATT&CK framework is
incorporated into an end-to-end operational process from intelligence collection to customized detection deployment.
The designing of this new operational process is examined, and a use case presented of how examining a historical incident led to a new method of deploying detection based on ATT&CK and the detection of previously undiscovered activity. There is also a demo that walks the audience through the end-to-end process and explains TIAMATs capabilities.
concept of MITRE ATT&CK for connected cars and vehicles as presented at EU ATT&CK Workshop #8. Initiative to use Sigma rules for VSOC to proactively map out threats for connected cars.
Visibility on the network a tactical cti-based approachAlfredo Hickman
Provide a brief background and history of Cyber Threat Intelligence: CTI is a term often associated with marketing phrases such as NextGen, AI, and machine learning. The idea here is to cover the concept at a high-level, dispel any marketing lingo association, and clearly define what CTI is.
Discuss the differences between the different types of types of intelligence - strategic, operational and tactical: Now that we know what CTI really is and what it is not, we will cover the different types of CTI, why they are useful, and where they are typically consumed in the decision making hierarchy.
Review the Security Onion platform and where it fits into the intelligence-driven security operation: This section will briefly cover the Security Onion platform. While Security Onion is not directly a CTI platform, it can help in operationalizing and creating tactical intelligence via its rich and robust threat data integrations. Furthermore, Security Onion can provide the security professional on a budget a robust platform for conducting intelligence driven security operations.
Overview of the lab environment that facilitates the attack scenario: This section covers the lab I created for simulating a small business corporate network. This lab is where the attack scenarios and intrusion detection and analysis occurred.
Cover the attack scenario and review of the intrusion to understand attacker techniques, tools, and procedures: Based on the intrusion detection analysis provided, I demonstrate how a security analysts can start to describe adversary TTPs, and how a security organization can benefit from adopting a CTI-driven operation.
Cover how Security Onion can enable the intelligence-driven security operation: Based on the attack scenario and the associated intrusion analysis, I demonstrate how Security Onion can enable the CTI driven security operation.
Arshan Dabirsiaghi, Contrast Security
Matt Austin, Contrast Security
Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR.
The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself.
Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application?
In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner.
VERIS has been the base analysis framework for supporting the Verizon Data Breach Investigations Report (DBIR) since its inception. However, as organizations work to interpret the richness of information present on the DBIR to a more tactical level, the Threat Action Varieties available on VERIS fail to capture the detail present on the incidents recorded.
This talk presents the Verizon Common Attack Framework (VCAF), an effort from the Security Data Science team and the DBIR team in Verizon to expand and map the ATT&CK framework in alignment with the DBIR Threat Action Varieties to provide this much-sought level of granularity in recording and analyzing recorded breaches.
Additionally, this talk describes possible outcomes when this data is available and organized as such. Examples include applying DBIR-inspired attack vector analytics upon ATT&CK layer information, effectively identifying optimal control choke points on the attack graphs according to specific industries covered by the DBIR.
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...MITRE - ATT&CKcon
Operationalizing the ATT&CK framework has enabled GE to deploy custom detection to evolving threat actor behaviors. By leveraging an in-house developed tool called TIAMAT (Tactical Intelligence Adversary Mapping and Analysis Tool) the ATT&CK framework is
incorporated into an end-to-end operational process from intelligence collection to customized detection deployment.
The designing of this new operational process is examined, and a use case presented of how examining a historical incident led to a new method of deploying detection based on ATT&CK and the detection of previously undiscovered activity. There is also a demo that walks the audience through the end-to-end process and explains TIAMATs capabilities.
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.
(Source: RSA USA 2016-San Francisco)
Brian Gorenc, Trend Micro
Much like their six-legged counterparts in nature, bugs in software have a lifecycle. They are discovered, they get exploited, they get reported, they get patched, and usually, they go away. At each stage of this lifecycle, information about the vulnerability equates to a monetary value, and, depending on how this information is disseminated, that monetary value can drastically change. Various marketplaces exist for security research, and the current gray and black markets can be as robust as their white market counterparts. Different agents within these markets influence research trends by shifting finances to or away from specific areas, resulting in more bugs discovered and reported in that area.
Even if you don’t directly participate in this economy, it impacts you and the systems you defend. Bugs bought and sold in the marketplace often become security patches and sometimes get wrapped into exploit kits or malware. Administering the world’s largest vendor agnostic bug bounty program puts us in a unique position to examine the inner workings of these transactions. While firmly in the white market, our experience and relationships provide us with insight across the entire exploit landscape. Some of these factors might not be obvious to those outside of the marketplace until exposed through data leaks or compromise.
These hidden factors can shift prices and send researchers – and thus exploits – in new directions. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an exploit kit. This presentation covers the inner-workings of the exploit marketplace, the main players in various sectors, and the winding, often controversial lifespan of a security bug. We include real-world examples of how effectively run programs have disrupted nation-state exploit usage in the wild, and take a look at how existing and impending legislation could irrevocably affect the exploit marketplace – and maybe not for the better.
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Marco Balduzzi
Modern cybercrime operates highly-sophisticated campaigns that challenge, or even evade, the state-of-art in defense and protection. On a daily basis, users worldwide are fooled by new techniques and threats that went under the radar, like new 0-days or attack vectors. We passively monitored how these attacks are conducted on real installations, and unveiled the modus operandi of malware operators. In this presentation, we share with the audience our recent findings and trends that we observed in-the-wild from the analysis we conducted on 3 million software downloads, involving hundreds of thousands of Internet connected machines. During the talk, we provide insights on our investigation like the effect of code signing abuse, the compromise of cloud providers' operations, the use of domains generated automatically via social engineering, and the business model behind modern malware campaigns. We also discuss the problem of "unknown threats", showing how the Internet's threats landscape is still largely unexplored and how it badly impacts on million of users. We conclude with a proof-of-concept system that we designed and that uses machine-learning to generate human-readable rules for detection. Our system represents a potential mitigation to the problem of "unknown threats" and an assistance tool for analysts globally.
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE - ATT&CKcon
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT&CK Incident Data for Service Providers and Organizations; Bob Rudis, Rapid7
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
Unit 42 researches threat activity and publishes detailed reports on attack campaigns launched by these adversaries. One of these adversaries, known as Sofacy, has been carrying out attack campaigns on high profile targets for many years and has continued into 2018.
To understand how to defend against these threats, an analyst has to read our reports, process them and mentally map them to their defenses. In most cases we expect readers just "block" all of the indicators we include in the report and assume they are covered. Last year we started using ATT&CK to codify the techniques we observed, linking those techniques to indicator patterns and encoding them into STIX 2 objects, with the goal of creating something that a defender can use to answer the question: "How am I defending against this adversary?" We call these documents, "Adversary Playbooks" as they contain our best approximation of how the adversary launches their attacks.
This talk describes the concept of Adversary Playbooks, as well as provides an overview of the attack campaigns Unit 42 has attributed to the Sofacy group in 2018. It uses the discussed attacks to show how these playbooks are constructed and explain some of the challenges of incorporating ATT&CK and STIX 2 together for this purpose.
As attacker tactics, techniques and procedures evolve, so must the defenses and strategy used to defend against them. Traditional red teaming presents an opportunity to find gaps in security, but leaves more valuable information unabsorbed. Results and methodologies used in red team assessments can drive protections in place use by blue teams and a larger program and vice versa.
(Source: RSA USA 2016-San Francisco)
Elements of the discussion will include:
– Insight into emerging cyber threats
– A profile of today’s evolved hackers: what they are after, why, and how they’re getting what they want
– Strategies and tools you can implement to safeguard against attacks
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Hieu Tran, Threat Detection Team Lead FPT Cybersecurity Division
No matter how sophisticated and thorough your security precautions may be, you cannot assume your security measures are impenetrable. This is why you need a threat hunting program in place. But how can we implement a proper threat hunting program and run it efficiently? In this talk, we will uncover how to sharpen your threat hunting strategy by leveraging ATT&CK. Ultimately, we’ll be demonstrating how effectively employing the hunting methodology in the real-world battlefield, fighting against well-known cyber espionage actors who strongly focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxCompanySeceon
Seceon focus on leveraging Artificial Intelligence (AI) and Machine Learning (ML) to identify and counter sophisticated and stealthy cyberattacks, as well as using AI and ML to generate advanced cyber threats. Call Us: +1 (978)-923-0040
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.
(Source: RSA USA 2016-San Francisco)
Brian Gorenc, Trend Micro
Much like their six-legged counterparts in nature, bugs in software have a lifecycle. They are discovered, they get exploited, they get reported, they get patched, and usually, they go away. At each stage of this lifecycle, information about the vulnerability equates to a monetary value, and, depending on how this information is disseminated, that monetary value can drastically change. Various marketplaces exist for security research, and the current gray and black markets can be as robust as their white market counterparts. Different agents within these markets influence research trends by shifting finances to or away from specific areas, resulting in more bugs discovered and reported in that area.
Even if you don’t directly participate in this economy, it impacts you and the systems you defend. Bugs bought and sold in the marketplace often become security patches and sometimes get wrapped into exploit kits or malware. Administering the world’s largest vendor agnostic bug bounty program puts us in a unique position to examine the inner workings of these transactions. While firmly in the white market, our experience and relationships provide us with insight across the entire exploit landscape. Some of these factors might not be obvious to those outside of the marketplace until exposed through data leaks or compromise.
These hidden factors can shift prices and send researchers – and thus exploits – in new directions. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an exploit kit. This presentation covers the inner-workings of the exploit marketplace, the main players in various sectors, and the winding, often controversial lifespan of a security bug. We include real-world examples of how effectively run programs have disrupted nation-state exploit usage in the wild, and take a look at how existing and impending legislation could irrevocably affect the exploit marketplace – and maybe not for the better.
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Marco Balduzzi
Modern cybercrime operates highly-sophisticated campaigns that challenge, or even evade, the state-of-art in defense and protection. On a daily basis, users worldwide are fooled by new techniques and threats that went under the radar, like new 0-days or attack vectors. We passively monitored how these attacks are conducted on real installations, and unveiled the modus operandi of malware operators. In this presentation, we share with the audience our recent findings and trends that we observed in-the-wild from the analysis we conducted on 3 million software downloads, involving hundreds of thousands of Internet connected machines. During the talk, we provide insights on our investigation like the effect of code signing abuse, the compromise of cloud providers' operations, the use of domains generated automatically via social engineering, and the business model behind modern malware campaigns. We also discuss the problem of "unknown threats", showing how the Internet's threats landscape is still largely unexplored and how it badly impacts on million of users. We conclude with a proof-of-concept system that we designed and that uses machine-learning to generate human-readable rules for detection. Our system represents a potential mitigation to the problem of "unknown threats" and an assistance tool for analysts globally.
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE - ATT&CKcon
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT&CK Incident Data for Service Providers and Organizations; Bob Rudis, Rapid7
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
Unit 42 researches threat activity and publishes detailed reports on attack campaigns launched by these adversaries. One of these adversaries, known as Sofacy, has been carrying out attack campaigns on high profile targets for many years and has continued into 2018.
To understand how to defend against these threats, an analyst has to read our reports, process them and mentally map them to their defenses. In most cases we expect readers just "block" all of the indicators we include in the report and assume they are covered. Last year we started using ATT&CK to codify the techniques we observed, linking those techniques to indicator patterns and encoding them into STIX 2 objects, with the goal of creating something that a defender can use to answer the question: "How am I defending against this adversary?" We call these documents, "Adversary Playbooks" as they contain our best approximation of how the adversary launches their attacks.
This talk describes the concept of Adversary Playbooks, as well as provides an overview of the attack campaigns Unit 42 has attributed to the Sofacy group in 2018. It uses the discussed attacks to show how these playbooks are constructed and explain some of the challenges of incorporating ATT&CK and STIX 2 together for this purpose.
As attacker tactics, techniques and procedures evolve, so must the defenses and strategy used to defend against them. Traditional red teaming presents an opportunity to find gaps in security, but leaves more valuable information unabsorbed. Results and methodologies used in red team assessments can drive protections in place use by blue teams and a larger program and vice versa.
(Source: RSA USA 2016-San Francisco)
Elements of the discussion will include:
– Insight into emerging cyber threats
– A profile of today’s evolved hackers: what they are after, why, and how they’re getting what they want
– Strategies and tools you can implement to safeguard against attacks
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Hieu Tran, Threat Detection Team Lead FPT Cybersecurity Division
No matter how sophisticated and thorough your security precautions may be, you cannot assume your security measures are impenetrable. This is why you need a threat hunting program in place. But how can we implement a proper threat hunting program and run it efficiently? In this talk, we will uncover how to sharpen your threat hunting strategy by leveraging ATT&CK. Ultimately, we’ll be demonstrating how effectively employing the hunting methodology in the real-world battlefield, fighting against well-known cyber espionage actors who strongly focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxCompanySeceon
Seceon focus on leveraging Artificial Intelligence (AI) and Machine Learning (ML) to identify and counter sophisticated and stealthy cyberattacks, as well as using AI and ML to generate advanced cyber threats. Call Us: +1 (978)-923-0040
Log Analytics for Distributed MicroservicesKai Wähner
Log Analytics and Operational Intelligence for Distributed Microservices.
IT systems and applications generate more and more distributed machine data due to millions of mobile devices, Internet of Things, social network users, and other new emerging technologies. However, organizations experience challenges when monitoring and managing their IT systems and technology infrastructure. They struggle with distributed Microservices and Cloud architectures, custom application monitoring and debugging, network and server monitoring / troubleshooting, security analysis, compliance standards, and others.
This session discusses how to solve the challenges of monitoring and analyzing Terabytes and more of different distributed machine data to leverage the “digital business”. The main part of the session compares different open source frameworks and SaaS cloud solutions for Log Management and operational intelligence, such as Graylog , the “ELK stack”, Papertrail, Splunk or TIBCO LogLogic Unity). A live demo will demonstrate how to monitor and analyze distributed Microservices and sensor data from the “Internet of Things”.
The session also explains the distinction of the discussed solutions to other big data components such as Apache Hadoop, Data Warehouse or Machine Learning, and how they can complement each other in a big data architecture.
The session concludes with an outlook to the new, advanced concept of IT Operations Analytics (ITOA). Prsesn
Security Architecture for Cyber Physical SystemsAlan Tatourian
Slides I presented at the Automotive Cybersecurity conference at Detroit on Friday. The main message is captured in the last bullet in the Summary: We do not know how to build 100% reliable systems, we only know how to manage risk – your system will fail and you have to build for failure. This was one of the first lessons I was taught when I worked in the aerospace.
Product security by Blockchain, AI and Security CertsLabSharegroup
Three themes You need to think about Product Security — and some tips for How to Do It
I have been working with software security laboratories and IT security firms for years. I have talked with clients, read and watched dozens of articles/videos and talked with several experts about product security themes, future, technologies.
The three themes are:
Is the blockchain the new technology of trust?
Blockchain has the potential to transform industries. However, some security experts raised questions: If blockchain is broadly used in technology solutions will security standards be adopted? How to protect the cryptographic keys that allow access to the blockchain applications? Although it is true that the potential is huge such as securing IoT nodes, edge devices with authentication, improved confidentiality and data integrity, disrupting current PKI systems, reducing DDoS attacks etc.
AI (Machine Learning, Deep Learning, Reinforcement Learning algorithm) potential in Product Security
Machine learning can help in creating products that analyse threats and respond to attacks and security incidents. There are several repositories on GitHub or open-source codes by IBM available for developers. Deep learning networks are rapidly growing due to cheap cloud GPU services and after Reinforcement learning algorithm’s last success nobody knows the upper limit.
Product Security by International security standards and practices
The present, future, and developmental orientations of independent third party certificates Industry. How can the international standards answer the rapid growth of new technologies and maintain secure applications in IoT, Blockchain or AI-driven industries?
Are IT products reliable, secure and will they stay that way?
I would like to explain Product Security in a simple way. My goal is the introduction of product security for Tech startups, fast-growing Tech firms. Furthermore, I would like to emphasize the benefits of product security certification.
Cisco Cloud Access Security with Elastica protects you from the hidden threats to cloud apps. It provides new visibility by monitoring your cloud app usage in real time, extends your control into cloud apps, and combats evolving threats through intelligent protection using data science.
Automation: Embracing the Future of SecOpsIBM Security
Join Mike Rothman, Analyst & President of Securosis and Ted Julian, VP of Product Management and co-founder of IBM Resilient, for a webinar on common automation use cases for the Security Operations Center (SOC).
Security Orchestration, Automation and Response (SOAR) tools are garnering interest in enterprise security teams due to tangible short-term benefits.
Watch the recording: https://event.on24.com/wcc/r/2007717/385A881A097E8EFCE493981972303416?partnerref=LI
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
Research shows that 25% of organizations have cryptojacking activity in their AWS, Azure, and GCP environments. Is yours one of them? While S3 buckets continue to dominate headlines, cryptojacking and other threats lay quietly behind the scenes. Learn about the latest cloud threats and arm yourself with effective countermeasures.
MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation.
Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
Quantitative Data AnalysisReliability Analysis (Cronbach Alpha) Common Method...2023240532
Quantitative data Analysis
Overview
Reliability Analysis (Cronbach Alpha)
Common Method Bias (Harman Single Factor Test)
Frequency Analysis (Demographic)
Descriptive Analysis
The Building Blocks of QuestDB, a Time Series Databasejavier ramirez
Talk Delivered at Valencia Codes Meetup 2024-06.
Traditionally, databases have treated timestamps just as another data type. However, when performing real-time analytics, timestamps should be first class citizens and we need rich time semantics to get the most out of our data. We also need to deal with ever growing datasets while keeping performant, which is as fun as it sounds.
It is no wonder time-series databases are now more popular than ever before. Join me in this session to learn about the internal architecture and building blocks of QuestDB, an open source time-series database designed for speed. We will also review a history of some of the changes we have gone over the past two years to deal with late and unordered data, non-blocking writes, read-replicas, or faster batch ingestion.
Adjusting OpenMP PageRank : SHORT REPORT / NOTESSubhajit Sahu
For massive graphs that fit in RAM, but not in GPU memory, it is possible to take
advantage of a shared memory system with multiple CPUs, each with multiple cores, to
accelerate pagerank computation. If the NUMA architecture of the system is properly taken
into account with good vertex partitioning, the speedup can be significant. To take steps in
this direction, experiments are conducted to implement pagerank in OpenMP using two
different approaches, uniform and hybrid. The uniform approach runs all primitives required
for pagerank in OpenMP mode (with multiple threads). On the other hand, the hybrid
approach runs certain primitives in sequential mode (i.e., sumAt, multiply).
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...John Andrews
SlideShare Description for "Chatty Kathy - UNC Bootcamp Final Project Presentation"
Title: Chatty Kathy: Enhancing Physical Activity Among Older Adults
Description:
Discover how Chatty Kathy, an innovative project developed at the UNC Bootcamp, aims to tackle the challenge of low physical activity among older adults. Our AI-driven solution uses peer interaction to boost and sustain exercise levels, significantly improving health outcomes. This presentation covers our problem statement, the rationale behind Chatty Kathy, synthetic data and persona creation, model performance metrics, a visual demonstration of the project, and potential future developments. Join us for an insightful Q&A session to explore the potential of this groundbreaking project.
Project Team: Jay Requarth, Jana Avery, John Andrews, Dr. Dick Davis II, Nee Buntoum, Nam Yeongjin & Mat Nicholas
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Data and AI
Round table discussion of vector databases, unstructured data, ai, big data, real-time, robots and Milvus.
A lively discussion with NJ Gen AI Meetup Lead, Prasad and Procure.FYI's Co-Found
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
41. Author
Technique ID
Last update DateRules count
Rules used for threat hunting,
detection and testing of specific
technique. Incudes Sigma, Yara, Snort,
SIEM rules & Attack simulation tests.
Examples count
Number of the known Procedures,
the exact ways an adversary or
software implements a technique.
Tactic
Adversary’s tactical
objective: the reason for
performing an action.
Technique
Techniques represent
“how” an adversary
achieves a tactical
objective by performing
an action.
ATT&CK knowledge base: attack.mitre.org
51. Problems with cloud security monitoring
1. Cloud Logs are Veeeeery Reactive
2. MITRE ATT&CK is Retrospective Proactive for Cloud
3. In 2019 we mostly talk hunt on Sysmon
53. It can take up to 30
minutes or up to 24
hours after an event
occurs for the
corresponding audit
log entry to be
displayed in the
search results. The
following table
shows the time it
takes for the
different services in
Office 365.
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-
the-audit-log-in-security-and-compliance