Presented at the Ohio Information Security Summit, October 30, 2009.
What does the Internet say about your company? Do you know what is being posted by your employees, customers, or your competition? We all know information or intelligence gathering is one of the most important phases of a penetration test. However, gathering information and intelligence about your own company is even more valuable and can help an organization proactively determine the information that may damage your brand, reputation and help mitigate leakage of confidential information.
This presentation will cover what the risks are to an organization regarding publicly available open source intelligence. How can your enterprise put an open source intelligence gathering program in place without additional resources or money. What free tools are available for gathering intelligence including how to find your company information on social networks and how metadata can expose potential vulnerabilities about your company and applications. Next, we will explore how to get information you may not want posted about your company removed and how sensitive metadata information you may not be aware of can be removed or limited. Finally, we will discuss how to build a Internet posting policy for your company and why this is more important then ever.
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
Speaker is going to conduct hands-on training on how an individual can use Open-source intelligence (OSINT) to collect data from publicly available sources. Speaker will showcase tools and techniques used in collecting information from the public sources.
https://nsconclave.net-square.com/advanced-reconnaissance-using-OSINT.html
OSINT: Open Source Intelligence gathering 101
Slides from my talk on OSINT. I listed examples in the slides about tools, legal methods for both online and physical information security reconnaissance.
OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense (DoD), as "produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.
SOURCE :https://en.wikipedia.org/wiki/Open-source_intelligence
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
Speaker is going to conduct hands-on training on how an individual can use Open-source intelligence (OSINT) to collect data from publicly available sources. Speaker will showcase tools and techniques used in collecting information from the public sources.
https://nsconclave.net-square.com/advanced-reconnaissance-using-OSINT.html
OSINT: Open Source Intelligence gathering 101
Slides from my talk on OSINT. I listed examples in the slides about tools, legal methods for both online and physical information security reconnaissance.
OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense (DoD), as "produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.
SOURCE :https://en.wikipedia.org/wiki/Open-source_intelligence
Durante l’intervento verranno presentati i cardini del processo di ricerca delle informazioni mediante la consultazione di fonti di pubblico accesso. Sarà illustrata la teoria alla base di questo processo che prevede l’identificazione delle fonti, la selezione e la valutazione del loro contenuto informativo per arrivare infine all’utilizzo stesso dell’informazione estratta. Nella seconda fase della presentazione verranno mostrati i tool e le metodologie per l’estrazione di informazioni mediante l’analisi di documenti, foto, social network e altre fonti spesso trascurate. In ultimo saranno mostrati sistemi in grado di correlare diverse informazioni provenienti dalle fonti aperte e verranno discussi i relativi scenari di utilizzo nonché le possibili contromisure.
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour January 2021
By Daniel Wyleczuk-Stern, Senior Security Engineer, Snowflake
Cyber security is inherently a function of risk management. Risk management is the identification, evaluation, and prioritization of risks followed by the effort to reduce those risks in a coordinated and economical manner (thanks wikipedia!). In this talk, Daniel will be going over some strategies for measuring and prioritizing your cyber risks using MITRE ATT&CK. He'll discuss some lessons learned in atomic testing of techniques vs attack chaining as well as what to measure and how to make decisions with that data.
How OSINT will play an important role in the future, helping to predict, prevent and react against incidents that threaten the Global security.
The presentation will delve into the tools and techniques that enable OSINT practitioners to measure the Global security signals conveyed by the Internet. Multiple facets of information dissemination, collection, analysis and interpretation will be examined, with a focus on the security dimension of the information.
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
A presentation about using Open Source Intelligence for proactive defense delivered at Rootconf 2019 Bangalore, India.
RedHunt Labs
https://redhuntlabs.com/
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
OSINT - Open Source Intelligence by Rohit Srivastwa at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.htm
Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
From MITRE ATT&CKcon Power Hour January 2021
By Adam Pennington, ATT&CK Lead, MITRE
Adam leads ATT&CK at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK’s initial techniques. He has spent much of his 12 years with MITRE studying and preaching the use of deception for intelligence gathering. Prior to joining MITRE, Adam was a researcher at Carnegie Mellon’s Parallel Data Lab and earned his BS and MS degrees in Computer Science and Electrical and Computer Engineering as well as the 2017 Alumni Service Award from Carnegie Mellon University. Adam has presented and published in a number of venues including FIRST CTI, USENIX Security and ACM Transactions on Information and System Security.
The goal of this presentation is to allow researchers to understand the possibilities of Social Media as a research field on the fields related to NLP/IR/DM.
Durante l’intervento verranno presentati i cardini del processo di ricerca delle informazioni mediante la consultazione di fonti di pubblico accesso. Sarà illustrata la teoria alla base di questo processo che prevede l’identificazione delle fonti, la selezione e la valutazione del loro contenuto informativo per arrivare infine all’utilizzo stesso dell’informazione estratta. Nella seconda fase della presentazione verranno mostrati i tool e le metodologie per l’estrazione di informazioni mediante l’analisi di documenti, foto, social network e altre fonti spesso trascurate. In ultimo saranno mostrati sistemi in grado di correlare diverse informazioni provenienti dalle fonti aperte e verranno discussi i relativi scenari di utilizzo nonché le possibili contromisure.
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour January 2021
By Daniel Wyleczuk-Stern, Senior Security Engineer, Snowflake
Cyber security is inherently a function of risk management. Risk management is the identification, evaluation, and prioritization of risks followed by the effort to reduce those risks in a coordinated and economical manner (thanks wikipedia!). In this talk, Daniel will be going over some strategies for measuring and prioritizing your cyber risks using MITRE ATT&CK. He'll discuss some lessons learned in atomic testing of techniques vs attack chaining as well as what to measure and how to make decisions with that data.
How OSINT will play an important role in the future, helping to predict, prevent and react against incidents that threaten the Global security.
The presentation will delve into the tools and techniques that enable OSINT practitioners to measure the Global security signals conveyed by the Internet. Multiple facets of information dissemination, collection, analysis and interpretation will be examined, with a focus on the security dimension of the information.
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
A presentation about using Open Source Intelligence for proactive defense delivered at Rootconf 2019 Bangalore, India.
RedHunt Labs
https://redhuntlabs.com/
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
OSINT - Open Source Intelligence by Rohit Srivastwa at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.htm
Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
From MITRE ATT&CKcon Power Hour January 2021
By Adam Pennington, ATT&CK Lead, MITRE
Adam leads ATT&CK at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK’s initial techniques. He has spent much of his 12 years with MITRE studying and preaching the use of deception for intelligence gathering. Prior to joining MITRE, Adam was a researcher at Carnegie Mellon’s Parallel Data Lab and earned his BS and MS degrees in Computer Science and Electrical and Computer Engineering as well as the 2017 Alumni Service Award from Carnegie Mellon University. Adam has presented and published in a number of venues including FIRST CTI, USENIX Security and ACM Transactions on Information and System Security.
The goal of this presentation is to allow researchers to understand the possibilities of Social Media as a research field on the fields related to NLP/IR/DM.
This presentation gives an overview of how social networks are used in companies and what are the risks associated with them. Some actions points are proposed to mitigate those risks.
Presented at Diana Initiative, Queercon 16, and DEFCON 27 Recon Village 8/9-10, 2019.
When we think of the process for attacking an organization, OSINT comes to the front and center of our minds. This presentation takes a presenter with experience in applying OSINT to effective penetration testing and social engineering and reverse engineers the process to determine what steps can be taken to further complicate their efforts. This is a presentation that talks about online deception, decoy accounts, canary data, encryption, maintaining one’s social media in a secure manner, and protecting one’s identity as much as possible. While nothing is absolute, this is a presentation that will leave attendees more aware of techniques to make it harder for attackers to collect accurate OSINT, either by removal or deception.
Social Zombies II: Your Friends Need More BrainsTom Eston
In Social Zombies II: Your Friends Need More Brains, Tom Eston, Kevin Johnson and Robin Wood continue the Zombie invasion from "Social Zombies: Your Friends want to eat Your Brains" presented at DEFCON 17. This presentation will further examine the risks of social networks and then present new techniques and tools that can be used to exploit these issues. This presentation begins by discussing new twists on existing privacy concerns that are caused by the trust mass that is social networks. We use this privacy confusion to exploit members and their companies during our penetration tests. The presentation then discusses social network botnets and bot programs. Both the delivery of malware through social networks and the use of these social networks as command and control channels will be examined. Tom, Kevin and Robin next explore the use of browser-based bots and their delivery through custom social network applications and show new ways social network applications can be used for malware delivery. Finally, the information available through the social network APIs is explored using third-party applications designed for penetration testing. This allows for complete coverage of the targets and their information. This was presented at Shmoocon 2010 on February 6, 2010.
Deep Web Search Part 2 by Cynthia HetheringtonCase IQ
Last September we offered a webinar on searching the deep web, led by online investigation expert Cynthia Hetherington, MLS, MSM, CFE. The response was tremendous and after the session, many of you asked for more. We listened, and have invited Cynthia back for another webinar to explore deeper into the topic of searching the deep web.
Social Media Data Collection & AnalysisScott Sanders
A non-technical primer on how to collect and analyze social media data. This was an invited lecture by Biostatistics and Bioinformatics Department in the School of Public Health at the University of Louisville.
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
Step right into a realm where cyber security meets the enchanting world of Harry Potter! Join Brian Pichman, our fearless Defense Against the Dark Arts wizard, as he unveils the secrets to safeguarding our digital realms. Prepare to be captivated as Brian illuminates the spellbinding techniques of encryption, firewalls, and intrusion detection, equipping us to fortify our cherished data against the sinister forces of the digital realm.
But beware! Just like in the magical world, treacherous adversaries prowl the shadows. Brian will expose the dark arts of phishing, ransomware, and social engineering, empowering us to defend our digital castles. Engrossed in tales of peril and armed with ancient cyber security spells, this captivating presentation promises to leave you spellbound and ready to protect yourself in this ever-evolving landscape. So grab your wands and brace yourselves as Brian Pichman conjures a shield of protection, ensuring the safety of our digital realms against the forces of darkness. Together, we shall prevail in this journey of cyber security and magic.
CyberSecurity - Computers In Libraries 2024Brian Pichman
Protecting privacy and security while leveraging technology to accomplish positive change is becoming a serious challenge for individuals, communities, and businesses. This workshop, led by expert leaders and practitioners, covers personal and organizational privacy as well as top security issues for libraries and their communities, especially the implications of AI. If you don’t have a security plan in place, are unsure of where to even start to make sure your library is secure, or have an existing plan in place but want to cross your T’s and dot your I’s, come to this interactive workshop.
hacking techniques and intrusion techniques useful in OSINT.pptxsconalbg
Cyber reconnaissance related to OSINT. This course emphaises on the importance of reconnaisance and e-discovery , along with hacking techniques along with intrusion detection. This is a very useful course on this subject which will help many students to understand the basic concepts of cyber ssecurity and cyber intelligence.
Competitive intelligence for sourcers gutmacher-TA Week 2021Glenn Gutmacher
presentation on competitive intelligence methods and tools for talent sourcers; big thanks to Greg Hawkes for contributions on an earlier version of this session co-presented at SOSU
Ever wonder, "how can I make my home internet more secure" or "how can I make sure my kids are safely browsing the internet"? Join this cat meme filled presentation on how to secure your home's internet; everything from securing your wireless network to tools that you can use to help keep you and your family safe while surfing the web.
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyTom Eston
Mobile devices and applications have taken the world by storm. Millions of consumers are using these devices for everything from conducting financial transactions, accessing health care information and sharing personal experiences over social media. Unfortunately there is still little regard or concern with how mobile platforms and major social networks collect, transmit and store personal and corporate information. This exacerbates existing privacy concerns and the need for new regulations in the age of big data. In this presentation we discuss the latest privacy concerns with this new technology. Topics will include:
• All new privacy concerns with mobile application data, geolocation, address book harvesting , third party information sharing and the latest mobile technology such as NFC (Near Field Communication)
• A close look at the top 20 mobile applications and how they transmit, store and reuse personal or private information
• Comparison of current privacy policies of the major social networks, what they tell you and what they don't
• Ramifications of international and US privacy regulations and how this impacts mobile devices, social networks, you and your business
Show me the money. If hackers were able to manipulate the world’s accounting systems, governments and corporations would be in a frenzy. Guess what? Hackers can…and will. In this presentation we describe manipulating the major financial accounting systems used by corporations large and small to show the importance of good Information Security and Accounting controls. In this talk we identify ways to manipulate accounting systems for financial gain demonstrating mass accounting systems fraud. Through our research we will demonstrate multiple ways to manipulate accounting data and misappropriate funds. We will also show information security and accounting controls needed to detect these types of advanced attacks. Tom and Spencer will be releasing and demonstrating new PoC malware and a Metasploit meterpreter extension that targets Microsoft Dynamics GP, one of the most popular accounting systems in the world.
Just when you thought “bath salts” were turning innocent humans into flesh eating Zombies in Florida…mobile devices have begun taken over the world like an infectious Zombie virus outbreak. Tablets and mobile phones are being used by everyone today and are more powerful than ever before. The technology implemented in these devices is truly bleeding edge. From new wireless technology like NFC (Near Field Communication) to social networks being integrated directly into mobile operating systems, the times are rapidly changing. These new technology advancements also introduce new privacy and physical security concerns not seen before as well. In addition, with new technology come new responsibilities and challenges for security professionals and consumers alike especially in a world of BYOD.
In this presentation Tom Eston and Kevin Johnson explore and exploit the new technology being implemented by these mobile platforms. Tom and Kevin have discovered interesting security and privacy issues with Android Jelly Bean, Apple iOS 6, OS X Mountain Lion, NFC and many popular mobile applications. New tools and exploits will be discussed that can be used by penetration testers to exploit these new technologies. Tom and Kevin will also discuss strategies to combat the ensuing mobile device onslaught into the enterprise. This information alone will help you to survive the “Rise of the Mobile Dead”.
The Android vs. Apple iOS Security Showdown Tom Eston
Android and Apple mobile devices have taken the market by storm. Not only are they being used by consumers but they are now being used for critical functions in businesses, hospitals, government and more. This trend is expected to continue with the popularity of mobile devices such as tablets well into the future. In this presentation we put Android up against Apple iOS to determine which, if any, are ready for enterprise or federal use. Once and for all we battle the Apple App Store vs. Google Play, device updates, developer controls, security features and the current slew of vulnerabilities for both devices. Which platform will emerge the victor? You might find that while the "tech is hot" the implementation and built in security controls are "not".
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
Breaking in is easy, real security is hard. Breaching the security of a Casino doesn't have to be as dramatic or dangerous as depicted in the Ocean's Eleven movies. In fact, by simply sitting in a hotel room of a Casino, hackers can find ways to breach the high security that Casino's have been known for. This type of attack has a simple goal: steal the Casino's money and cheat the system. All of this can be done without anyone seeing you and is much easier then walking directly into the Casino vault armed with guns and explosives.
In this presentation Tom Eston from SecureState walks us through some of the more interesting and exciting penetration tests his team have conducted. These include breaking into Casinos, Banks, Energy companies and other high security facilities (with permission of course). Tom's stories not only show how attackers break in but also show important lessons on how businesses can better secure their physical as well as network assets.
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.
In this presentation Tom, Josh and Kevin will discuss the new security issues with web services and release an updated web service testing methodology that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and a open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques.
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
Social Zombies Gone Wild: Totally Exposed and UncensoredTom Eston
Social networks have jumped onto the geolocation bandwagon with location-based tweets, status updates, check-ins, mayorships, and more. This doesn’t take into account EXIF, QR codes, and advancements in HTML 5 geo implementations, which are being built into these location-based services. This is often implemented and enabled without the user even knowing it. In fact, geolocation is one of the hottest technologies being used in everything from web browsers to mobile devices. As social networks throw our location coordinates around like candy, its only natural that bad things will happen and abuse will become more popular. This presentation will cover how social networks and other websites are currently using location-based services, what they plan on doing with it, and a discussion on the current privacy and security issues. We will also discuss the latest geolocation hacking techniques and will release custom code that can abuse all of the features being discussed.
Tom Eston is a Senior Security Consultant for SecureState. Tom focuses his research on the security of social media. Tom is also the founder of SocialMediaSecurity.com and co-host of the Security Justice and Social Media Security podcasts. Kevin Johnson is a security researcher with Secure Ideas. He has many years of experience performing security services for Fortune 100 companies, and leads a large number of open source security projects including BASE and SamuraiWTF. Kevin is also an instructor for SANS.
Presented at Notacon 8 in Cleveland Ohio.
Presentation I gave at the CoolTwitter Conference in Cleveland, Ohio August 7, 2009. I talked about the top 5 1/2 threats to Twitter and ways you can use it safely. Yes, there are more then 5 1/2 issues but I only had 15 minutes! :-)
During our last tool talk at NEOISF, Matt Neely talked about using a Fon (a wireless access point) with Karmetasploit to attack wireless clients for penetration testing. In this talk we will take this concept a step further and show you what the latest techniques are for conducting man-in-the-middle attacks (MITM). First, we will define what man-in-the-middle attacks are and why we should be doing these in our penetration tests. The technical discussion will include talk about our old favorites like Wireshark, Ettercap and Cain. Next, we will show some new techniques introduced with tools like SSLStrip, The Middler, and Network Miner. Finally, we will end with an open discussion on how to defend against man-in-the-middle attacks.
Rise of the Autobots: Into the Underground of Social Network BotsTom Eston
How do you know that last friend request or Twitter follower was an actual live human being? The truth is...you don't! Bots and bot manufacturers have become rampant in social networks such as MySpace, Facebook and Twitter exploiting the trust relationships that make social media work. Why are bots taking control of social networks? It's simple. Social networks are the fastest growing phenomenon of our time. For example, Facebook alone recently reached 150 million potential targets for spammers, malware authors, and other undesirables in 2008. Social networks are only getting bigger and bots will be part of this trend.
This presentation will take you on a journey into the thriving bot underground where bots are manufactured for every purpose imaginable. We will talk about good bots, bad bots, really evil bots, how to identify bots, terminating bots and the future possibility of social network botnets to rule them all.
This was presented at Notacon 6 in Cleveland Ohio.
Online Social Networks: 5 threats and 5 ways to use them safelyTom Eston
I spent the last few months doing research on various social networks specifically MySpace, Facebook, LinkedIn. Many of us either use these sites or know others that do. Users of these sites have been increasing at a dramatic rate for several years. For example, MySpace was the most visited website in the US with more than 114 million global visitors in 2007, and Facebook increased its global unique visitor numbers by 270% last year alone. With this massive increase in social network usage, online social networking is now becoming the fastest growing area of privacy concerns and security threats.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
3. Open source intelligence (OSINT) is a form
of intelligence collection management...
...involves finding, selecting, and acquiring information
from publicly available sources and analyzing it
to produce actionable intelligence.
- wikipedia
9. “A brand is the
personification of a product,
service, or even entire company.”
- Robert Blanchard, former P&G executive
10. 5 things you will learn
• What is out there on your company?
• Metadata
• Removal of Internet postings, metadata
• Setting up a simple (cheap) monitoring
program
• Building a Internet Posting Policy
11. What gets posted?
• Customer and Employee Complaints
• Exposure of Confidential Information
• Security Vulnerabilities
28. Finding Information on
Social Networks
• Socnet Search Engines
• Maltego (Twitter/Facebook)
• RSS feeds/Google Hacks
• Google Alerts + Google Reader = WIN
• Manual Searching
• Facebook status updates
29. Socnet Search Engines
• Wink, Spock, Twoogle, Knowem, WhosTalkin
(there are many more, see my blog post)
• Twitter Search
• Social Bookmark Sites
• Delicious, StumbleUpon
• Don’t forget about photos/video!
• Flickr Photo Search
• YouTube and Vimeo Video Search
30. Maltego + Mesh = WIN
*Screen shot from the “Maltego and Twitter!” post on paterva.com
31. Searching Facebook
• Good: Maltego Facebook Transform (violates TOS)
** No longer working! :-(
• Better: Login and use the search! FB doesn’t make status
updates public...yet.
• Best:
site:facebook.com inurl:group (bofa | "bank of america") =
Groups
• inurl:pages = Facebook Pages
• allinurl: people "John Doe" site:facebook.com = Public Profiles
• Yahoo! Pipe for Facebook Groups:
Facebook Discussion Board RSS Feed
• Create Google Alert(s)
32. Searching LinkedIn
• Similar to Facebook
• Google dorks
• site:linkedin.com inurl:pub (bofa | "bank
of america") = Public Profiles
• inurl:updates = Profile Updates
• inurl:companies = Company Profiles
33. Blogs and News
• Blogpulse, Technoratti, IceRocket
• Social Mention
(Search Engine for blogs, comments)
• Google/Yahoo News
37. What is Metadata?
• Metadata = Data that describes Data
• Catalog, index files, documents and more
• Often overlooked by:
• Document/File Creators
• Your Company
38. Why do we care?
• Can expose potential vulnerable software/
hardware in use! (client side attack)
• OS and version numbers
• Location information (GPS from
smartphones)
• User names, naming schemes, file paths
39. Where do you find it?
• Microsoft Office Documents
• PDF
• JPEG’s (photos)
• Other file types
47. Removing posts from
the Internet
• Hard, but not impossible.
Search Engine Cache FTL
• Submit request to Search Engines to
remove (there are multiple)
• Legal team involvement, especially w/
socnets
48. Metadata Removal
Techniques
• MS Office Documents
• Office 2002/03: CMD Line app “Remove
Hidden Data” (Offrhd.exe)
• Office 2007: Document Inspector
• EXIFtool (photos)
• Can be scripted to auto remove
51. What do you want to
monitor?
• Impossible to monitor everything!
• Pick the most popular social networks,
news sites, blogs, forums...
• Monitoring should be defined with your
PR/Marketing groups!
52. Free Tools
• Yahoo! Pipes (mashups)
• RSS Feeds/RSS Reader
Google Reader FTW
• Maltego (community version)
Good for defining relationships, not
automated
• Maltego for specific searching when you
need “more details”
55. What works best?
• Assign someone! (someone in infosec,
social media skill sets)
• Create RSS Feeds from identified sites
• Utilize Yahoo! Pipes, create RSS from pipes
• Monitor w/Google Reader
• Sites you can’t monitor
automatically...determine manual methods.
Build this into your Incident Response Procedures!
57. Define your Social
Media Strategy
• Partner with Marketing/Public Relations/HR
• What is acceptable for employees to post?
• At work/off work
• Employees have mobile devices, home
computers!
58. Define what gets
monitored?
• Difficult or impossible to monitor
everything
• Determine with your partners what should
be monitored
• Careful with policy conflicts!
61. Communicate to your
employees!
How can you enforce a policy if employees don’t know
about it?
62. Where to learn more?
• Great paper on Metadata
(SANS Reading Room):
“Document Metadata, the Silent
Killer” - Larry Pesce
• Maltego Tutorials:
Chris Gates, EthicalHacker.net
• My blog: spylogic.net
63. OSINT 3 Part Series
• All the details from this presentation!
• Part 1 - Social Networks
http://bit.ly/osint1
• Part 2 - Blogs, Message Boards, Metadata
http://bit.ly/osint2
• Part 3 - Monitoring, Social Media Policies
http://bit.ly/osint3
Editor's Notes
How many of us as security professionals think of reputational issues in regards to the company brand?