Having been a Penetration Tester for the last 15+ years I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’ve never even heard of and the agony of defeat on a major scale. Instead of just going over the what we used to work our way in, I want to go over the tricks the BLUE team used to keep us out! We will go over the technologies and techniques that have turned our traditional paths to root from minutes to months and the tricks that got us “caught” along the way. Not all pentests are a dream and the nightmares CAN / DO happen. So, let’s talk about how YOUR environment can become an attackers worst nightmare instead of their favorite playground
Nightmares of a Penetration Tester ( How to protect your network)Chris Nickerson
As a professional penetration tester for the last 15+ years, I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’d never even heard of, and the agony of defeat on a major scale. Rather than review the techniques used to work our way into systems, I will present the ways blue teams kept us out! In this session we will look at the technologies and techniques that have turned our traditional paths to root from minutes to months, and examine the tricks that got us “caught” along the way. Not all pen tests are a dream and nightmares can and do happen. So, let’s talk about how your environment can become an attacker’s worst nightmare instead of their favorite playground.
Things attendees will learn:
• Strategic defense
• Attacker techniques
• Indicators of Compromise
• Active blue team response techniques
• Security architecture
• Layered defensive techniques
Wireless technology is inherently insecure in general, however this presentation details some unconventional attacks that have been around for years but are still incredibly effective. Discussing the basics of AP cloning, abusing captive portals, and more.
As shown by headlines and countless intrusions, even moderately skilled attackers can sail through the defenses of a typical corporate network. Using a playbook of techniques both common and uncommon, intruders can bypass almost all security barriers despite even tough policies on end users and admins. But failure is not inevitable for a defender. There are many practical ways a network can be constructed that will wipe out most of the playbook, and they don’t always require expensive purchases.
Security must be built from the start, and this presentation will show you how it’s done; how to intelligently look at threats and plan defenses for a Windows network.
Drupal, WordPress, and Joomla are very popular Content Management Systems (CMS) that have been widely adopted by government agencies, major businesses, social networks, and more — underscoring why understanding how these systems work and properly securing these applications is of the utmost importance. This talk focuses on the penetration tester’s perspective of CMS’ and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists- all of which are open-source and can be downloaded and implemented following the presentation.
Nightmares of a Penetration Tester ( How to protect your network)Chris Nickerson
As a professional penetration tester for the last 15+ years, I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’d never even heard of, and the agony of defeat on a major scale. Rather than review the techniques used to work our way into systems, I will present the ways blue teams kept us out! In this session we will look at the technologies and techniques that have turned our traditional paths to root from minutes to months, and examine the tricks that got us “caught” along the way. Not all pen tests are a dream and nightmares can and do happen. So, let’s talk about how your environment can become an attacker’s worst nightmare instead of their favorite playground.
Things attendees will learn:
• Strategic defense
• Attacker techniques
• Indicators of Compromise
• Active blue team response techniques
• Security architecture
• Layered defensive techniques
Wireless technology is inherently insecure in general, however this presentation details some unconventional attacks that have been around for years but are still incredibly effective. Discussing the basics of AP cloning, abusing captive portals, and more.
As shown by headlines and countless intrusions, even moderately skilled attackers can sail through the defenses of a typical corporate network. Using a playbook of techniques both common and uncommon, intruders can bypass almost all security barriers despite even tough policies on end users and admins. But failure is not inevitable for a defender. There are many practical ways a network can be constructed that will wipe out most of the playbook, and they don’t always require expensive purchases.
Security must be built from the start, and this presentation will show you how it’s done; how to intelligently look at threats and plan defenses for a Windows network.
Drupal, WordPress, and Joomla are very popular Content Management Systems (CMS) that have been widely adopted by government agencies, major businesses, social networks, and more — underscoring why understanding how these systems work and properly securing these applications is of the utmost importance. This talk focuses on the penetration tester’s perspective of CMS’ and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists- all of which are open-source and can be downloaded and implemented following the presentation.
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
A presentation by Eric Kolb for a non-technical audience to increase laypersons' awareness of who cyber security professionals are and what they do. The latter half of the presentation provides a wealth of information on what non-security pros can do at home to protect their computers and accounts from events and actors outside their control.
Pentest Apocalypse-That's when you hire a pentester, and they walk all over your network. To avoid this, organizations need to be prepared before the first packet is sent in order to get the most value from the tester. There is no excuse for pentesters to find critical vulnerabilities that are six years old on an assessment. And who needs a zero-day when employees leave credentials on wide-open shares? Just like how Doomsday Preppers helps you prepare for the apocalypse, this presentation will help you prepare for, and avoid, a pentest apocalypse by describing common vulnerabilities found on many assessments. Being prepared for common pentester activities will not only help add value to a pentest but will also help prevent attackers from using the same tactics to compromise your organization.
For More Information Please Visit:- http://bsidestampa.net
http://www.irongeek.com/i.php?page=videos/bsidestampa2015/104-pentest-apocalypse-beau-bullock
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.
JavaScript controls our lives – we use it to zoom in and out of a map, to automatically schedule doctor appointments and toplay online games. But have we ever properly considered thesecurity state of this scripting language? Before dismissing the (in)security posture of JavaScript on the grounds of a client-side problem, consider the impact ofJavaScript vulnerability exploitation to the enterprise: from stealing serverside data to infecting users with malware. Hackers are beginning to recognize this new playground and are quicklyadding JavaScript exploitation tools to their Web attack arsenal.
Visual version of http://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto The presentation talks about how a disclsoure was forgotten and what we can do to prevent such issues and how to keep a track on Vulnerable components
You Spent All That Money And Still Got OwnedJoe McCray
This talk will focus on practical methods of identifying and bypassing modern enterprise class security solutions
such as Load Balancers, both Network and Host-based Intrusion Prevention Systems (IPSs), Web Application Firewalls (WAFs), and Network Access Control Solutions (NAC). The goal of this talk is to show IT Personnel the common weaknesses in popular security products and how those products should be configured.
The key areas are:
* IPS Identification and Evasion
* WAF Identification and Bypass
* Anti-Virus Bypass
* Privilege Escalation
* Becoming Domain Admin
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
In this talk I will quickly bring you up to speed on the history of embedded device insecurity. Next, we will look at a real-world example or two of how devices are exploited (And attackers profited). Finally, you will learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
You may have heard about this threat, one that has plagued our lives and networks for well over a decade. A problem so ubiquitous, it can't be ignored. Yet, this threat has a history of hiding in plain sight. Users are, for the most part, unaware of the dangers. Security researchers and the media have attempted to highlight this problem for years, without making an impact on improving security. However, vendors and users are still very much at risk and the problem is still largely being ignored by the masses. The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. The goal of this talk is to enable the audience to help raise awareness and influence the security of embedded systems in a positive way.
Wireless Pentesting: It's more than cracking WEPJoe McCray
This presentation walks you through the fundamentals of attacking and defending wireless networks.
Attacking WEP, WPA, WPA2, WPA Enterprise and captive portals is covered, and this presentation will be updated periodically. So keep checking back for updates.
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
A presentation by Eric Kolb for a non-technical audience to increase laypersons' awareness of who cyber security professionals are and what they do. The latter half of the presentation provides a wealth of information on what non-security pros can do at home to protect their computers and accounts from events and actors outside their control.
Pentest Apocalypse-That's when you hire a pentester, and they walk all over your network. To avoid this, organizations need to be prepared before the first packet is sent in order to get the most value from the tester. There is no excuse for pentesters to find critical vulnerabilities that are six years old on an assessment. And who needs a zero-day when employees leave credentials on wide-open shares? Just like how Doomsday Preppers helps you prepare for the apocalypse, this presentation will help you prepare for, and avoid, a pentest apocalypse by describing common vulnerabilities found on many assessments. Being prepared for common pentester activities will not only help add value to a pentest but will also help prevent attackers from using the same tactics to compromise your organization.
For More Information Please Visit:- http://bsidestampa.net
http://www.irongeek.com/i.php?page=videos/bsidestampa2015/104-pentest-apocalypse-beau-bullock
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.
JavaScript controls our lives – we use it to zoom in and out of a map, to automatically schedule doctor appointments and toplay online games. But have we ever properly considered thesecurity state of this scripting language? Before dismissing the (in)security posture of JavaScript on the grounds of a client-side problem, consider the impact ofJavaScript vulnerability exploitation to the enterprise: from stealing serverside data to infecting users with malware. Hackers are beginning to recognize this new playground and are quicklyadding JavaScript exploitation tools to their Web attack arsenal.
Visual version of http://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto The presentation talks about how a disclsoure was forgotten and what we can do to prevent such issues and how to keep a track on Vulnerable components
You Spent All That Money And Still Got OwnedJoe McCray
This talk will focus on practical methods of identifying and bypassing modern enterprise class security solutions
such as Load Balancers, both Network and Host-based Intrusion Prevention Systems (IPSs), Web Application Firewalls (WAFs), and Network Access Control Solutions (NAC). The goal of this talk is to show IT Personnel the common weaknesses in popular security products and how those products should be configured.
The key areas are:
* IPS Identification and Evasion
* WAF Identification and Bypass
* Anti-Virus Bypass
* Privilege Escalation
* Becoming Domain Admin
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
In this talk I will quickly bring you up to speed on the history of embedded device insecurity. Next, we will look at a real-world example or two of how devices are exploited (And attackers profited). Finally, you will learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
You may have heard about this threat, one that has plagued our lives and networks for well over a decade. A problem so ubiquitous, it can't be ignored. Yet, this threat has a history of hiding in plain sight. Users are, for the most part, unaware of the dangers. Security researchers and the media have attempted to highlight this problem for years, without making an impact on improving security. However, vendors and users are still very much at risk and the problem is still largely being ignored by the masses. The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. The goal of this talk is to enable the audience to help raise awareness and influence the security of embedded systems in a positive way.
Wireless Pentesting: It's more than cracking WEPJoe McCray
This presentation walks you through the fundamentals of attacking and defending wireless networks.
Attacking WEP, WPA, WPA2, WPA Enterprise and captive portals is covered, and this presentation will be updated periodically. So keep checking back for updates.
From 0 to 0xdeadbeef - security mistakes that will haunt your startupDiogo Mónica
Every company has to deal with the topic of security. Depending on the product/service, security might be more or less important, but it doesn’t matter if the product is moving money or sending disappearing pictures, if the company grows, it will have to deal with security sooner or later.
Unfortunately, not all security mistakes are created equal.
This talk will go over some security mistakes are several orders of magnitude harder to fix later in the lifecycle of a company, helping people prioritize their decisions when trying to keep the fine balance between security and product.
Jednym z najistotniejszych czynników wspierających ochronę krytycznej infrastruktury sieciowej jest czas reakcji zespołu reagowania na incydenty bezpieczeństwa (Incident Response Team).
Im szybciej, tym lepiej. Rozwiązania wspomagające wczesne wykrywanie ataków oparte o pasywną analizę zapytań DNS, zbiorów danych Netflow czy PCAP warto wesprzeć coraz częściej docenianą i wykorzystywaną produkcyjnie infrastrukturą typu honeynet. Rozsądne osadzenie sond honeypotowych w różnych segmentach sieci pozwoli na wykrycie ataku już w początkowych fazach rekonesansu i enumeracji. Dzięki honeypotom niejednokrotnie uzyskamy także szczegółowe informacje na temat nowej techniki ataku, próby wykorzystania błędu typu 0-day czy bardzo specyficznego użycia znanych od lat narzędzi.
"Know your enemy" - to dewiza, którą powinniśmy się kierować w trosce o rozwój defensywnych umiejętności zespołów bezpieczeństwa i honeypotowa sieć zdecydowanie posiada tu dużą wartość.
Podczas prelekcji postaram się przedstawić sposoby wykorzystania jak i możliwości oferowane przez open source'owe rozwiązania typu honeypot. Będziemy mówić o pojedynczych projektach imitujących rzeczywiste usługi (DNS, SMB, SSH, SCP/SFTP, FTP, telnet, HTTP, TFTP, MySQL/MSSQL, RDP i wiele innych), wstrzykiwaniu poprzez reverse proxy honeypotowych zawartości do aplikacji webowych, atakowaniu atakujących;) , kończąc na dedykowanych platformach z wbudowanych stackiem ELK.
Truetesters presents OWASP Top 10 Web VulnerabilityTrueTesters
This article highlights the OWASP top ten Vulnerability. It also shows how to protect yourself from these vulnerabilities and a few real-world examples of companies affected by these vulnerabilities
Threat Modeling for Web Applications (and other duties as assigned)Mike Tetreault
This presentation provides an overview of the OWASP Top Ten Web Application Security Risks, approaches to mitigate them, and a framework for addressing the inherent risk.
5 Bare Minimum Things A Web Startup CTO Must Worry AboutIndus Khaitan
So you have started-it-up and now you are getting good traffic — Thousands of users, etc. etc.
Do you know script kiddies are scanning your website using simple dictionary attacks on SSH ports? Do you know that once in a while there is a Fatal application Error in your PHP log (which may point to bigger problem)? Do you know that the backup you are taking is actually not gonna restore your DB? Do you know that every night at 12 one of the servers has a CPU spike?
It’s a good idea to catch some of the serious problems early on and deploy tools to proactively assess them. In this session we will discuss some very basic things, as a CTO you MUST worry about and proactively solve problems around them.
These are (in the order of decreasing priority):
1. Security
2. Monitoring/Availability/Load (External/System level)
3. Application errors
4. Backup
5. Source control
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
There is a big bunch of tools offering HTTP/SSL traffic interception. However, when it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.
To demonstrate, we will show a few case-studies - most interesting examples from real-life industry software, which in our opinion are a quintessence of "security by obscurity". We will challenge the security of proprietary protocols in pull printing solutions, FOREX trading software, remote desktops and home automation technologies.
These are the slides from my "Active Defense - Helping threat actors hack themselves!" presentation at the BSides Columbus Information Security Conference on 03/02/2018 in Columbus, Ohio.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
21. • 80,000 security incidents and more than 2,000 data
compromises from 61 countries.
• The top three industries affected are the same as
previous years: Public,Technology/Information, and
Financial Services.
• In 70% of the attacks where we know the motive for
the attack, there’s a secondary victim
• 23% of recipients now open phishing messages and
11% click on attachments
25. What do we do to try and DEFEND?
Buy stuff
▪ Firewalls
▪ WAF
▪ IDS/IPS
▪ AV
▪ SIEM
▪ Etc…
Test our stuff
▪ Conduct Audits
▪ Do “PenTests”
▪ Vuln scanning?
▪ Hire 3rd parties
▪ Hire industry “Experts”
32. Rule #1 DON’T TALK TO STRANGERS
▪ Implemented blocks from all emerging threats lists
▪ Honeypots that if SCANNED or traffic was sent to, that IP was blocked.
FORGOOD.
▪ External SIEM integration that correlated logins. *Magic* the same
address tries more than 3 usernames in an APP or SMPT it is banned for
a certain time, if it happens after timeout, its banned for good
▪ Constant monitoring and baseline analysis of open ports. If it changed, a
SEV1 ticket was created.
▪ Port scanning bans.
▪ Injection Bans
▪ Rejection of specific user agent strings ( most tools out there have
specific UA strings.
▪ Test it all until BLOCK modeWORKS! Monitor mode will just make you
feel bad when u go back to your logs and seeWHEN you got owned
▪ Big data like a boss. DOTHREAT INTEL IN HOUSE!!!!
▪ Protect yourOSINT ( anonymize info like DNS records)
33. Quick fixes
Tons of free stuff out there to get you started.
▪ External honeypot Network http://threatstream.github.io/mhn/
▪ Drupal honeypot: https://www.drupal.org/project/honeypot
▪ External honeypot starter https://www.binarydefense.com/project-
artillery/
▪ Tools to monitor open ports https://github.com/subinacls/Filibuster
▪ Wordpress honeypots http://leadin.com/plugins/wordpress-
honeypot
▪ Use the Emerging threats lists and other threat intel feeds
http://rules.emergingthreats.net/
▪ Check your osint / attack surface and threat landscape
http://www.spiderfoot.net/
35. #2 If you are going to talk, be sure u
know who it is
▪ Disable SMTP verify/validation
▪ Mailer verification ( USE SPF)
▪ Use Mail filtering solutions that can intercept ALL mail protocols
Encrypted and unencrypted
▪ Strict enforcement of Site Classification
▪ Analysis of certificate age and domain age “marination”
▪ Inspect all attachments and disallow all attachments except for a very
specific set which have mitigating controls at the host or can be used in a
sandboxed viewer.
▪ Browser based controls whitelisting 3rd party loaders like java, flash etc…
( or disabling all together)
▪ Verification of sender identity
▪ USE DNS ANALYSIS
▪ Don’t forward DNS. Split DNS is not hard
36. Quickies
▪ Enable SPF
▪ Implement spamcop and other blocking lists
https://www.spamcop.net/fom-serve/cache/291.html
https://www.spamhaus.org
▪ Implement a Mail inspection gateway Preferably cloud and local
▪ Check security setting of SMTP/SPF/DNS
http://mxtoolbox.com/diagnostic.aspx http://www.dnssy.com/
▪ Create Split DNS don’t allow forwarding and use only the validated
internal resolver. http://shorewall.net/SplitDNS.html
▪ Create automated Phishing reporting process in client or train users
on process to submit
▪ Phish the users, test them, train them. And UPDATE your new hire
training to include how to defend.
38. #3 Your internal network is a HOSTILE
environment. Treat it as such
▪ Monitor inside MORE than outside.
▪ Portscan inside = Block and SEV1 IR response
▪ Segmentation of all servers from users.
▪ Create Classified zones,These will require 2 factor auth to a Jump
box. Only jump box will be allowed to get into secured zone. Or
CreateVPN from user desktop directly into the Environment
▪ NEVER useVPN Pools.Always tie a user to a specific ip address and
firewall rule limitALL users to resources needed.
▪ Alert on ALL network device configuration change IMMEDIATELY.
▪ Use Netflows or other traffic analysis to identify top talkers and tune
to find future anomalies
▪ Set up “HoneyNets”
▪ LOCK DOWNYOUR CONFIGS!!!!!!!
▪ Remove your default route and intercept all HTTP/S
39. Quick hits
▪ Set up your AV to disallow/ban anything port scanning
▪ Segment and firewall protect ALL servers from user segments
▪ Tune internal IDS to look for port scans and inappropriate user to
server traffic. Also to identify protocols that shouldn’t be used (ex.
DNS traffic to things other than the registered internal DNS)
▪ Enable config monitoring on ALL network Devices
http://www.rconfig.com/
▪ Restrict network device management to only validated addresses of
network engineers OR setup mgmt. network that Engineers MUST
vpn into.
▪ Monitor all ports open and look for changes.
http://sourceforge.net/p/dnmap/wiki/Home/ distributed nmap
▪ Audit your configs https://github.com/pello/routerdefense
https://www.titania.com/nipperstudio
41. #4 Users have the ability to use the
companies resources.
▪ Only ad user accounts through secured methods. DO NOT USE
GPO’s that have cPassword or add accounts with cleartext values.
▪ Users should only be allowed to go to categorized sites.Any/all other
traffic must be denied.
▪ Whitelist approved and managed software.
▪ Disallow Local admin privs
▪ Do NOT let local admins to log on remotely
▪ Randomize ALL local admin passwords
▪ Maintain internal software reports for updates
▪ Manage all the things
▪ Host based firewalls, IDS, and behavioral analysis
▪ SCANALL HOSTS for vulnerabilities on a regular basis
42. Quickies
▪ Manage local admin passwords with a commercial solution or some
of the open sources. Microsoft LAPS
https://technet.microsoft.com/en-us/library/security/3062591.aspx
▪ Create GPO’s to whitelist or blackist services
▪ Remove admin rights
▪ Deploy anti exploitation defenses EMET
https://support.microsoft.com/en-us/kb/2458544
▪ Harden your devices. Linux, AIX, BSD, Etc.. hardening
https://cisofy.com/lynis/ Windows: Microsoft Baseline Security
Analyzer
▪ Enable hardening locally with detection and protection
http://www.fail2ban.org/ and windows firewall + AV
▪ Use Authenticated Scans to inventory software , find non compliant
software and define hardening.
▪ Harden default images
44. #5 Servers have a specific purpose
▪ Do not install workstation software on a SERVER. Office,Adobe
Acrobat….etc.
▪ Most of them do NOT need to connect to the internet. Not only does
this mean NO access with firewall it means, unless the product
would require an exception… NO BROWSER!
▪ Manage updates centrally and in house
▪ Segment, Segment, Segment….. SEGMENTTHE DAMNED
SERVERS!!!!!!!
▪ Standard image should have NO additional services installed and
build guidelines should be followed before release.
45. Quickies
▪ Remove all non essential services from servers RIGHT AWAY.They
will run faster and more secure.
▪ Disallow install of any readers,office type programs or all
workstation software in server hardening policy.
▪ Run FullAV on EVERY server.
▪ If you can’t get ids.ips for your servers try opensource like OSSEC
http://www.ossec.net/
▪ Use DLP https://code.google.com/p/opendlp/
▪ Disallow all non authenticated services.
▪ Do not allow the use of local accounts to log in remotely ( that
includes you SQL!!! No local sql accounts.. Integrate it)
▪ Make sure all report to the SIEM for security and login events.
46.
47. #6 Awareness > Knowledge
▪ Create Securiy Event Management Environments
▪ Implement logging on ALL servers and eventually specific
workstation events.
▪ Consolidate logging
▪ Have packet capture capabilities on the fly in ALL areas
48. Quick hits
▪ Set up IDS/IPS and have it report to a consolidated platform
http://blog.securityonion.net/p/securityonion.html
https://www.bro.org/
▪ Set up logging and have it report to a consolidated platform
http://www.splunk.com/en_us/products/splunk-light.html
http://blog.qbox.io/welcome-to-the-elk-stack-elasticsearch-
logstash-kibana
▪ Make it easy for yourself. Help correlate from multiple sources.
https://bammv.github.io/sguil/
50. #7 In order to say you have an information
security program you need to have an
Incident response plan.
▪ Humans must be assigned to this plan and the tasks in it
▪ Security response center must have defined plans, SOP’s, and most
of all a fully capable SLA to the business on risk
response/identification
▪ Active defenses to stop attack in progress
▪ Forensic/ malware analysis on the fly and manual
▪ Coordination with all teams to have real time response.
▪ Defined skillsets of all team members to be sure the right skill for
project.
51. Quick ways?
▪ Build a proper IR team. Define skills and roles to be played
▪ Setup an IR action group ( from all of IT and the business)
▪ Create defined IR plans that can be run as part of DR plans
▪ Build an IRTeam Sandbox toolkit / lab
https://zeltser.com/build-malware-analysis-toolkit/
▪ Build an Incident response platform
http://blog.crowdstrike.com/new-community-tool-crowdresponse/
https://github.com/google/grr
http://techblog.netflix.com/2015/05/introducing-fido-automated-
security.html
52.
53. We don’t just say it
WE PROVE IT
Yep..That’s right…. We will prove it for FREE.Throw a card in the
basket in the back and we will set up a few hours to show you what its
like to have a REAL attacker in your network.
54. Want to talk more….. Challah =)
Darren Davis ddavis@lares.com
Chris Nickerson cnickerson@lares.com