Flowchart - Building next gen malware behavioural analysis environment
•
1 like•615 views
The document describes the behavior of a ransomware sample. It unpacks files, checks system requirements like CPU cores and Windows version, decrypts decoy files using XOR, identifies a .NET binary, writes registry keys for persistence, checks for security software and debuggers, downloads and executes updates, and includes keylogging and screenshot capturing functionality before deleting logs and persisting on the system.
Report
Share
Report
Share
Download to read offline
Recommended
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
This document discusses software obfuscation techniques using C++ metaprogramming. It presents several implementations of string obfuscation using templates to encrypt strings at compile-time. It also discusses obfuscating function calls using finite state machines generated with metaprogramming. Debugger detection is added to fight dynamic analysis. The techniques aim to make reverse engineering and static/dynamic analysis more difficult without changing program semantics.Killing any security product … using a Mimikatz undocumented feature
This document discusses techniques for bypassing security products on Windows systems by manipulating process and registry notification callbacks. It shows how the Mimikatz tool can be used to find and modify these callbacks to prevent security products from receiving important notifications. Specifically, it demonstrates patching a callback routine to do nothing, and notes unlinking callbacks from the notification list is also possible but requires more work. The conclusion is this approach allows killing any security tool while making it appear still active from a monitoring perspective.
Debugging TV Frame 0x09
This episode teaches how to catch data corruption using the combination of software and hardware breakpoints.
Vm ware fuzzing - defcon russia 20
The document discusses using virtual machine techniques like GuestRPC and Backdoor I/O to conduct virtual denial of service attacks. It describes fuzzing the GuestRPC interface to discover bugs in systems like HGFS that could be exploited to cause memory leaks or crashes on the host machine. While vendors issue fixes, it notes that fully preventing abuse of these virtual machine behaviors is difficult and some techniques remain unfixed. It concludes with questions about using these kinds of attacks to bypass security systems on virtual machines.
Pf: the OpenBSD packet filter
pf(4) is the OpenBSD packet filter that provides stateful packet filtering and network address translation (NAT). It is used in OpenBSD, FreeBSD, NetBSD, DragonflyBSD, and other systems. Some key features of pf include its flexible rule syntax, atomic ruleset updates, integrated traffic shaping, and ability to divert packets to userspace processes like spamd for inspection. It provides logging in tcpdump format and can integrate with CARP and other services. The pf code was developed for OpenBSD after the previous IPFilter code was removed due to licensing issues.
Rop and it's friends
Buffer overflows have been the most common security vulnerability for the last few years. These are considered as one of the oldest and more reliable methods. Due to the latest linux defences it has become difficult to attack using traditional buffer overflow technique . This led to the development of the return-oriented programming technique.
Return-oriented programming is a type of security attack, in which you can take the control over saved instruction pointer and can induce unpredictable behavior in a program in which exploit is under our control without injecting any malicious code.
In this presentation I will trace the origins of ROP and some related techniques such as Call and Jump Oriented Programming as well as some advanced techniques like JIT-ROP, BROP and SROP.
Ceph OSD Op trace
This document summarizes the OSD op processing workflow in Ceph. It begins with messages like osd_op being received by OSD::ms_fast_dispatch. The op is then enqueued to the PG by OSD::enqueue_op. PrimaryLogPG processes the op through methods like do_request, do_op, and execute_ctx. It issues a repop, which is submitted to the PGBackend. The backend applies the changes, logs to the PG log, and sends ops to replicas. Replicas process the repop through similar methods and send a reply.
主機自保指南
This document provides instructions and configuration details for securing a FreeBSD system using PF packet filtering, fail2ban, and log monitoring. It includes steps for updating software and ports, configuring PF rules to block unwanted traffic and allow internal access, integrating fail2ban with PF to block banned hosts, and monitoring system logs and resource usage with tools like Logwatch and top.
Recommended
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
This document discusses software obfuscation techniques using C++ metaprogramming. It presents several implementations of string obfuscation using templates to encrypt strings at compile-time. It also discusses obfuscating function calls using finite state machines generated with metaprogramming. Debugger detection is added to fight dynamic analysis. The techniques aim to make reverse engineering and static/dynamic analysis more difficult without changing program semantics.Killing any security product … using a Mimikatz undocumented feature
This document discusses techniques for bypassing security products on Windows systems by manipulating process and registry notification callbacks. It shows how the Mimikatz tool can be used to find and modify these callbacks to prevent security products from receiving important notifications. Specifically, it demonstrates patching a callback routine to do nothing, and notes unlinking callbacks from the notification list is also possible but requires more work. The conclusion is this approach allows killing any security tool while making it appear still active from a monitoring perspective.
Debugging TV Frame 0x09
This episode teaches how to catch data corruption using the combination of software and hardware breakpoints.
Vm ware fuzzing - defcon russia 20
The document discusses using virtual machine techniques like GuestRPC and Backdoor I/O to conduct virtual denial of service attacks. It describes fuzzing the GuestRPC interface to discover bugs in systems like HGFS that could be exploited to cause memory leaks or crashes on the host machine. While vendors issue fixes, it notes that fully preventing abuse of these virtual machine behaviors is difficult and some techniques remain unfixed. It concludes with questions about using these kinds of attacks to bypass security systems on virtual machines.
Pf: the OpenBSD packet filter
pf(4) is the OpenBSD packet filter that provides stateful packet filtering and network address translation (NAT). It is used in OpenBSD, FreeBSD, NetBSD, DragonflyBSD, and other systems. Some key features of pf include its flexible rule syntax, atomic ruleset updates, integrated traffic shaping, and ability to divert packets to userspace processes like spamd for inspection. It provides logging in tcpdump format and can integrate with CARP and other services. The pf code was developed for OpenBSD after the previous IPFilter code was removed due to licensing issues.
Rop and it's friends
Buffer overflows have been the most common security vulnerability for the last few years. These are considered as one of the oldest and more reliable methods. Due to the latest linux defences it has become difficult to attack using traditional buffer overflow technique . This led to the development of the return-oriented programming technique.
Return-oriented programming is a type of security attack, in which you can take the control over saved instruction pointer and can induce unpredictable behavior in a program in which exploit is under our control without injecting any malicious code.
In this presentation I will trace the origins of ROP and some related techniques such as Call and Jump Oriented Programming as well as some advanced techniques like JIT-ROP, BROP and SROP.
Ceph OSD Op trace
This document summarizes the OSD op processing workflow in Ceph. It begins with messages like osd_op being received by OSD::ms_fast_dispatch. The op is then enqueued to the PG by OSD::enqueue_op. PrimaryLogPG processes the op through methods like do_request, do_op, and execute_ctx. It issues a repop, which is submitted to the PGBackend. The backend applies the changes, logs to the PG log, and sends ops to replicas. Replicas process the repop through similar methods and send a reply.
主機自保指南
This document provides instructions and configuration details for securing a FreeBSD system using PF packet filtering, fail2ban, and log monitoring. It includes steps for updating software and ports, configuring PF rules to block unwanted traffic and allow internal access, integrating fail2ban with PF to block banned hosts, and monitoring system logs and resource usage with tools like Logwatch and top.
Oop lecture9 12
The document discusses Java serialization and exceptions. It provides examples of implementing serialization by having a class implement the Serializable interface, which allows object instances to be written to and read from files. It also discusses exception handling using try-catch blocks and the finally clause, and how exceptions can be declared to be thrown from a method using the throws clause.
Rcpp11
Rcpp11 is a header-only rewrite of Rcpp that uses C++11 features and has a simpler interface. It has fewer constructors for NumericVector compared to Rcpp, with 11 versus 23. Rcpp11 also includes features like internal C++ try/catch blocks to safely handle errors from R code without needing R's tryCatch, and functions like R_PreserveObject and R_ReleaseObject to manage object lifetimes across R garbage collections.
A CTF Hackers Toolbox
Capture the Flag (CTF) are information security challenges. They are fun, but they also provide a opportunity to practise for real-world security challenges.
In this talk we present the concept of CTF. We focus on some tools used by our team, which can also be used to solve real-world problems.
Zn task - defcon russia 20
The document describes a simulated hacking game scenario involving a compromised POS terminal infected with malware. It details the components of the botnet architecture including bot nodes, command and control infrastructure, and social media propagation. Diagrams show the network layout and communication channels. The document also examines the bot's components, capabilities, and protection mechanisms such as bytecode encryption and anti-debugging techniques. Hints are provided to help players progress in the game by bypassing defenses and achieving objectives over multiple days.
Relayd: a load balancer for OpenBSD
Relayd is a daemon to relay and dynamically redirect incoming connections to a target host.
Its main purposes are to run as a load-balancer, application layer gateway, or transparent proxy.
Advanced Replication Internals
Internals of replication in mongodb. These internals cover replication selection, the replication process, elections (and the rules), and oplog transformation.
This presentation was given at the MongoDB San Francisco conference.
NYU hacknight, april 6, 2016
Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.
บทท 7
This document provides an overview of different cybersecurity tools and techniques used for reconnaissance, scanning, exploitation, and attacks. It discusses tools for footprinting and reconnaissance like nslookup and web spiders. It also covers port scanning, vulnerabilities in SQL injection and scripting languages, and intrusion detection system evasion. Finally, it mentions sniffing tools, denial of service attacks, vulnerability scanners, and wireless hacking tools.
Monitoring with Syslog and EventMachine
This document discusses monitoring systems using syslog and EventMachine. It proposes building a lightweight, polyglot system that aggregates syslog events and displays metrics and visualizations using various protocols like WebSockets, Server-Sent Events, and Graphite. Event sources would send syslog messages which an EventMachine server would parse and pass to an EM:Channel. A JavaScript client could subscribe to the channel for real-time updates.
Nmap Scripting Engine and http-enumeration
Nmap is a network scanning tool that scans hosts and networks for open ports. The Nmap Scripting Engine (NSE) allows Nmap to perform additional checks and functions beyond basic port scanning. NSE uses the Lua programming language to write scripts for tasks like service detection, vulnerability testing, and malware detection. Popular NSE scripts scan for vulnerabilities like SQL injection, fingerprint web servers and applications, perform service/version detection, and more. The NSE community develops and shares new scripts on the Nmap site to continually improve Nmap's scanning abilities.
Nmap5.cheatsheet.eng.v1
This document provides information and examples for using Nmap, a security scanning tool. It outlines options for specifying targets, port scanning techniques, host and service detection, firewall evasion, timing and performance, output formats, and example usage scenarios. Targets can be specified by IP, hostname, or subnet. Common port scanning types include TCP SYN, connect, UDP, and SCTP scans. Options are provided for service and OS detection, firewall evasion using fragmentation and decoys, tuning timing and performance, and selecting output formats. Examples demonstrate quick port scans, ping scans, traceroutes, and running Nmap scripts.
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
A Nessus vulnerability scan was performed on a host named "tareq-laptop" between 15:19 and 15:20 on November 17, 2008. The scan found 19 open ports but no vulnerabilities rated as high, medium, or low risk. Details provided include the operating system, NetBIOS name, and DNS name which were all listed as unknown. Each of the 19 open ports found are also listed.
Using the Power to Prove
This document discusses using the prove command-line tool to run tests and other scripts. Prove is a test runner that uses the Test Anything Protocol (TAP) to aggregate results. It can run tests and scripts written in any language by specifying the interpreter with --exec. Extensions other than .t can be run by setting --ext. Prove searches for tests in the t/ directory by default but can run any kind of scripts or tasks placed in t/, such as service monitoring scripts. The .proverc file can save common prove options for a project.
Specializing the Data Path - Hooking into the Linux Network Stack
Ever needed to add your custom logic into the network stack?
Ever hacked the network stack but wasn't certain you're doing it right?
Shmulik Ladkani talks about various mechanisms for customizing packet processing logic to the network stack's data path.
He covers covering topics such as packet sockets, netfilter hooks, traffic control actions and ebpf. We will discuss their applicable use-cases, advantages and disadvantages.
Shmulik Ladkani is a Tech Lead at Ravello Systems.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
51966 coffees and billions of forwarded packets later, with millions of homes running his software, Shmulik left his position as Jungo’s lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud service. He's now focused around virtualization systems, network virtualization and SDN.
Redis & ZeroMQ: How to scale your application
Presented at #PHPLX 11 July 2013
When you need to do some heavy processing how do you scale you application?
You can use Redis and ZeroMQ to leverage the heavy work for you!
With this presentation we will know more about this two technologies and how they can be used to help solve problems with the performance and scalability of your application.
Sniffing Mach Messages
The document discusses sniffing Mach messages on iOS and macOS. It provides an overview of the Mach message protocol and how to intercept and parse Mach messages using LLDB scripts. It describes setting breakpoints at functions like bootstrap_look_up and mach_msg, and using Python scripts to extract information from the messages, including the port name and number. Examples are given of intercepting messages from the libsimulatetouch library. The challenge proposed is to port the LLDB scripts to macOS and identify other uses of Mach messages, such as using Frida.
ZeroNights: Automating iOS blackbox security scanning
The document discusses several tools for testing iOS applications, including ChaoticMarch, Machshark, and Objc_trace. ChaoticMarch is described as a tool for simulating user interactions and automating testing of an iOS app. It allows writing Lua scripts to interact with the UI and regulate test execution speed. Machshark is a tool for analyzing Mach IPC messages and Objc_trace is used to trace Objective-C method calls. Code snippets are provided showing examples of how to use ChaoticMarch to automate tapping buttons and entering text, as well as how Machshark and Objc_trace work.
OWASP Proxy
The OWASP Proxy is an intercepting proxy library that allows visibility and modification of HTTP communications in a flexible, performant way. It provides a message object model that allows buffering or streaming of requests and responses. The proxy can be used to implement useful functions like response inspection, reverse proxying, and integration with technologies like SSL, SOCKS, and Apache JServ Protocol. It aims to be a clean, multi-protocol foundation for building custom proxies.
MongoDB 2.8 Replication Internals: Fitting it all together
MongoDB replication internal architecture for 2.8
Abstract:
Replication in MongoDB requires deep integration with almost every part of the codebase, and has important hooks in various systems like storage, indexing, command processing and querying. Most of the replication components have seen a major overhaul recently in order to make further improvements. In this talk we will address what those pieces are, how they interact, and interesting choices made during their design. In this talk we get into the interaction of the replication protocols, commands really, writes and write concern enforcement, consensus (elections/ leader/follower/ majority) behaviors, and down into the depths of oplog generation and application on replicas. While a large part of the talk will be a technical overview of the big pieces we will dive into many important areas in order to ensure better understanding. The audience will be able to greatly affect which areas we focus on during the session, so come with ideas and a focus.
A little systemtap
This document discusses the Linux tracing tool systemtap. It provides an overview of systemtap and what it can be used for, including tracing system calls, kernel functions, and application functions. It also discusses how systemtap works, how it uses debugging symbols, and how RPMs handle separate debug information files. Several examples are given of using systemtap probes to trace requests for Nginx, cURL, Redis, MySQL, and TCP retransmissions. The document concludes by mentioning using DTrace for other languages beyond C, such as MySQL, Python, and Java.
Building next gen malware behavioural analysis environment
This document discusses building an automated malware behavioral analysis environment. It covers types of malware analysis, taxonomy of analysis platforms, analysis phases and checks, and evaluation strategies. Static and dynamic automated analysis are described as well as their pros, cons, and limitations. The analysis phases of submission, analysis, and reporting are outlined. Key challenges like modularity, fingerprinting, stalling, social engineering, and decoys are examined. Examples of analysis platforms and tools are provided.
GDPR Cyber Insurance 11/1/2017
This document discusses cyber privacy insurance and the General Data Protection Regulation (GDPR). It provides an overview of data breach costs by industry. GDPR fines can be up to 20 million Euros or 4% of annual global turnover for breaches. Under GDPR, breaches must be reported to regulators within 72 hours and affected individuals if there is a high risk. The document also summarizes common cyber insurance coverage types like crisis management, cyber extortion, data asset protection, and business interruption. It analyzes past insurance claims payouts and causes of loss. Websites for cyber insurance quotes and resources are also listed.
More Related Content
What's hot
Oop lecture9 12
The document discusses Java serialization and exceptions. It provides examples of implementing serialization by having a class implement the Serializable interface, which allows object instances to be written to and read from files. It also discusses exception handling using try-catch blocks and the finally clause, and how exceptions can be declared to be thrown from a method using the throws clause.
Rcpp11
Rcpp11 is a header-only rewrite of Rcpp that uses C++11 features and has a simpler interface. It has fewer constructors for NumericVector compared to Rcpp, with 11 versus 23. Rcpp11 also includes features like internal C++ try/catch blocks to safely handle errors from R code without needing R's tryCatch, and functions like R_PreserveObject and R_ReleaseObject to manage object lifetimes across R garbage collections.
A CTF Hackers Toolbox
Capture the Flag (CTF) are information security challenges. They are fun, but they also provide a opportunity to practise for real-world security challenges.
In this talk we present the concept of CTF. We focus on some tools used by our team, which can also be used to solve real-world problems.
Zn task - defcon russia 20
The document describes a simulated hacking game scenario involving a compromised POS terminal infected with malware. It details the components of the botnet architecture including bot nodes, command and control infrastructure, and social media propagation. Diagrams show the network layout and communication channels. The document also examines the bot's components, capabilities, and protection mechanisms such as bytecode encryption and anti-debugging techniques. Hints are provided to help players progress in the game by bypassing defenses and achieving objectives over multiple days.
Relayd: a load balancer for OpenBSD
Relayd is a daemon to relay and dynamically redirect incoming connections to a target host.
Its main purposes are to run as a load-balancer, application layer gateway, or transparent proxy.
Advanced Replication Internals
Internals of replication in mongodb. These internals cover replication selection, the replication process, elections (and the rules), and oplog transformation.
This presentation was given at the MongoDB San Francisco conference.
NYU hacknight, april 6, 2016
Linux has this great tool called strace, on OSX there’s a tool called dtruss - based on dtrace. Dtruss is great in functionality, it gives pretty much everything you need. It is just not as nice to use as strace. However, on Linux there is also ltrace for library tracing. That is arguably more useful because you can see much more granular application activity. Unfortunately, there isn’t such a tool on OSX. So, I decided to make one - albeit a simpler version for now. I called it objc_trace.
บทท 7
This document provides an overview of different cybersecurity tools and techniques used for reconnaissance, scanning, exploitation, and attacks. It discusses tools for footprinting and reconnaissance like nslookup and web spiders. It also covers port scanning, vulnerabilities in SQL injection and scripting languages, and intrusion detection system evasion. Finally, it mentions sniffing tools, denial of service attacks, vulnerability scanners, and wireless hacking tools.
Monitoring with Syslog and EventMachine
This document discusses monitoring systems using syslog and EventMachine. It proposes building a lightweight, polyglot system that aggregates syslog events and displays metrics and visualizations using various protocols like WebSockets, Server-Sent Events, and Graphite. Event sources would send syslog messages which an EventMachine server would parse and pass to an EM:Channel. A JavaScript client could subscribe to the channel for real-time updates.
Nmap Scripting Engine and http-enumeration
Nmap is a network scanning tool that scans hosts and networks for open ports. The Nmap Scripting Engine (NSE) allows Nmap to perform additional checks and functions beyond basic port scanning. NSE uses the Lua programming language to write scripts for tasks like service detection, vulnerability testing, and malware detection. Popular NSE scripts scan for vulnerabilities like SQL injection, fingerprint web servers and applications, perform service/version detection, and more. The NSE community develops and shares new scripts on the Nmap site to continually improve Nmap's scanning abilities.
Nmap5.cheatsheet.eng.v1
This document provides information and examples for using Nmap, a security scanning tool. It outlines options for specifying targets, port scanning techniques, host and service detection, firewall evasion, timing and performance, output formats, and example usage scenarios. Targets can be specified by IP, hostname, or subnet. Common port scanning types include TCP SYN, connect, UDP, and SCTP scans. Options are provided for service and OS detection, firewall evasion using fragmentation and decoys, tuning timing and performance, and selecting output formats. Examples demonstrate quick port scans, ping scans, traceroutes, and running Nmap scripts.
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
A Nessus vulnerability scan was performed on a host named "tareq-laptop" between 15:19 and 15:20 on November 17, 2008. The scan found 19 open ports but no vulnerabilities rated as high, medium, or low risk. Details provided include the operating system, NetBIOS name, and DNS name which were all listed as unknown. Each of the 19 open ports found are also listed.
Using the Power to Prove
This document discusses using the prove command-line tool to run tests and other scripts. Prove is a test runner that uses the Test Anything Protocol (TAP) to aggregate results. It can run tests and scripts written in any language by specifying the interpreter with --exec. Extensions other than .t can be run by setting --ext. Prove searches for tests in the t/ directory by default but can run any kind of scripts or tasks placed in t/, such as service monitoring scripts. The .proverc file can save common prove options for a project.
Specializing the Data Path - Hooking into the Linux Network Stack
Ever needed to add your custom logic into the network stack?
Ever hacked the network stack but wasn't certain you're doing it right?
Shmulik Ladkani talks about various mechanisms for customizing packet processing logic to the network stack's data path.
He covers covering topics such as packet sockets, netfilter hooks, traffic control actions and ebpf. We will discuss their applicable use-cases, advantages and disadvantages.
Shmulik Ladkani is a Tech Lead at Ravello Systems.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
51966 coffees and billions of forwarded packets later, with millions of homes running his software, Shmulik left his position as Jungo’s lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud service. He's now focused around virtualization systems, network virtualization and SDN.
Redis & ZeroMQ: How to scale your application
Presented at #PHPLX 11 July 2013
When you need to do some heavy processing how do you scale you application?
You can use Redis and ZeroMQ to leverage the heavy work for you!
With this presentation we will know more about this two technologies and how they can be used to help solve problems with the performance and scalability of your application.
Sniffing Mach Messages
The document discusses sniffing Mach messages on iOS and macOS. It provides an overview of the Mach message protocol and how to intercept and parse Mach messages using LLDB scripts. It describes setting breakpoints at functions like bootstrap_look_up and mach_msg, and using Python scripts to extract information from the messages, including the port name and number. Examples are given of intercepting messages from the libsimulatetouch library. The challenge proposed is to port the LLDB scripts to macOS and identify other uses of Mach messages, such as using Frida.
ZeroNights: Automating iOS blackbox security scanning
The document discusses several tools for testing iOS applications, including ChaoticMarch, Machshark, and Objc_trace. ChaoticMarch is described as a tool for simulating user interactions and automating testing of an iOS app. It allows writing Lua scripts to interact with the UI and regulate test execution speed. Machshark is a tool for analyzing Mach IPC messages and Objc_trace is used to trace Objective-C method calls. Code snippets are provided showing examples of how to use ChaoticMarch to automate tapping buttons and entering text, as well as how Machshark and Objc_trace work.
OWASP Proxy
The OWASP Proxy is an intercepting proxy library that allows visibility and modification of HTTP communications in a flexible, performant way. It provides a message object model that allows buffering or streaming of requests and responses. The proxy can be used to implement useful functions like response inspection, reverse proxying, and integration with technologies like SSL, SOCKS, and Apache JServ Protocol. It aims to be a clean, multi-protocol foundation for building custom proxies.
MongoDB 2.8 Replication Internals: Fitting it all together
MongoDB replication internal architecture for 2.8
Abstract:
Replication in MongoDB requires deep integration with almost every part of the codebase, and has important hooks in various systems like storage, indexing, command processing and querying. Most of the replication components have seen a major overhaul recently in order to make further improvements. In this talk we will address what those pieces are, how they interact, and interesting choices made during their design. In this talk we get into the interaction of the replication protocols, commands really, writes and write concern enforcement, consensus (elections/ leader/follower/ majority) behaviors, and down into the depths of oplog generation and application on replicas. While a large part of the talk will be a technical overview of the big pieces we will dive into many important areas in order to ensure better understanding. The audience will be able to greatly affect which areas we focus on during the session, so come with ideas and a focus.
A little systemtap
This document discusses the Linux tracing tool systemtap. It provides an overview of systemtap and what it can be used for, including tracing system calls, kernel functions, and application functions. It also discusses how systemtap works, how it uses debugging symbols, and how RPMs handle separate debug information files. Several examples are given of using systemtap probes to trace requests for Nginx, cURL, Redis, MySQL, and TCP retransmissions. The document concludes by mentioning using DTrace for other languages beyond C, such as MySQL, Python, and Java.
What's hot (20)
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network Stack
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanning
MongoDB 2.8 Replication Internals: Fitting it all together
MongoDB 2.8 Replication Internals: Fitting it all together
Viewers also liked
Building next gen malware behavioural analysis environment
This document discusses building an automated malware behavioral analysis environment. It covers types of malware analysis, taxonomy of analysis platforms, analysis phases and checks, and evaluation strategies. Static and dynamic automated analysis are described as well as their pros, cons, and limitations. The analysis phases of submission, analysis, and reporting are outlined. Key challenges like modularity, fingerprinting, stalling, social engineering, and decoys are examined. Examples of analysis platforms and tools are provided.
GDPR Cyber Insurance 11/1/2017
This document discusses cyber privacy insurance and the General Data Protection Regulation (GDPR). It provides an overview of data breach costs by industry. GDPR fines can be up to 20 million Euros or 4% of annual global turnover for breaches. Under GDPR, breaches must be reported to regulators within 72 hours and affected individuals if there is a high risk. The document also summarizes common cyber insurance coverage types like crisis management, cyber extortion, data asset protection, and business interruption. It analyzes past insurance claims payouts and causes of loss. Websites for cyber insurance quotes and resources are also listed.
The evolving threats and the challenges of the modern CISO
This document summarizes a presentation given by Gerasimos Moschonas on the evolving threats facing CISOs and the challenges they face. It discusses how threats are becoming more advanced as attacks grow more aggressive and attackers become more professional. It also examines how the role of CISO has evolved from an IT security administrator to an independent and strategic role responsible for information security governance. Specific threats discussed include big data, the internet of things, cybercrime, social engineering, mobility, and an increasingly regulated environment. The challenges for CISOs are aligning security and business strategies, reducing risks to an acceptable level while protecting the business brand, and preparing for security incidents.
Pci standards, from participation to implementation and review
The document provides an overview of the PCI Data Security Standard (PCI DSS) including:
- The goals of PCI DSS which are to build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy.
- The twelve requirements of PCI DSS which are organized under these six goals.
- An introduction to the PCI Council which developed and manages the PCI DSS standard.
Operation Grand Mars
The document summarizes the detection and analysis of an Advanced Persistent Threat (APT) called "Grand Mars Operation" targeting organizations. The APT was detected through anomalous AV alerts and event log entries. It used social engineering via email to install a malicious VBS file as an entry point. It then persisted through scheduled tasks, registry runs, and memory resident scripts. Anunak malware was installed to gather system info, disable security software, enable RDP, and steal passwords. Cobalt Strike and Metasploit were used for command and control. The motivation was to collect bots, steal financial info, and control victim organizations. Multiple criminal groups were likely involved given the complex malware and techniques used.
Mandelaris_SecureWorld_2016_FINAL
Christopher Mandelaris is the CISO of Chemical Bank and has 15 years of progressive IT experience. He discusses the changing role of the CISO from being reactive to becoming more proactive and risk-informed. The modern CISO focuses on IT risk management and building partnerships between information security and IT teams. An information security management program consists of components like technical security operations, asset classification, security operations centers, business continuity, training and awareness, metrics and reporting, and information security governance. Future trends include addressing gaps in these program areas.
GDPR 11/1/2017
The GDPR introduces significant new compliance obligations for any organization handling personal data of EU individuals. It increases fines for non-compliance up to 4% of global annual turnover and strengthens the rights of individuals. Key changes include new consent requirements, breach notification timelines, data protection officers, privacy by design principles, documentation requirements, and extraterritorial jurisdiction. Organizations must review their data protection practices and ensure appropriate technical and organizational security measures are implemented to protect personal data.
European Cyber Security Challenge - Greel National Cyber Security Team
The document discusses the European Cyber Security Challenge (ECSC), an annual competition that brings together young cybersecurity talents from European countries. It aims to find and encourage new cybersecurity professionals, promote an open and secure cyberspace, and place cybersecurity at the service of humankind. This year's competition will take place in Malaga, Spain in October 2017, involving 14 teams of 10 competitors each from countries like Greece, Germany, and the UK. The Greek team will be selected through a national competition and supported by the University of Piraeus.
Super CISO 2020: How to Keep Your Job
This document provides an overview of the Chief Information Security Officer (CISO) role including:
1) A sample CISO job description outlining responsibilities such as managing the information security program, performing risk assessments, ensuring disaster recovery plans, and more.
2) A discussion of the evolution of the CISO role from the 1990s to present day, noting changes in technologies, laws/regulations, security issues, and organizational structure.
3) An examination of what constitutes a leading information security program in 2016, highlighting areas like risk management, monitoring, policies/controls, awareness, and certifications/frameworks.
4) A look at how the 2016-2020 CISO will need to balance
Itil 2011 Mind Maps
This document provides an overview of 13 ITIL mind maps related to IT service management. The mind maps cover topics such as ITIL service strategy, service design, service transition, service operation, and continual service improvement. For each topic, the mind maps define relevant processes, functions, roles, and relationships to help explain the ITIL framework and best practices for delivering quality IT services.
Viewers also liked (12)
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and review
European Cyber Security Challenge - Greel National Cyber Security Team
European Cyber Security Challenge - Greel National Cyber Security Team
Similar to Flowchart - Building next gen malware behavioural analysis environment
Lab4
The document provides examples of Java code using try, catch, throw, and exceptions to handle errors and exceptions. Program 36 introduces a try-catch block to handle potential InputMismatchExceptions from user input. Program 37 uses try-catch-finally to handle an ArithmeticException from division by zero and ensure the finally block always executes. Program 38 demonstrates multiple catch blocks to handle different exception types.
Java IO Streams V4
This document discusses Java input/output (IO) streams and serialization. It covers reading and writing text and binary files using classes like FileReader, FileWriter, ObjectInputStream and ObjectOutputStream. It also discusses reading from the keyboard, reading file attributes, serialization which converts an object to bytes, deserialization which converts bytes to an object, and using the Externalizable interface to customize serialization. The goal is to provide an overview of performing IO operations and serialization in Java.
ExtraFileIO.pptx
The document discusses file input and output in Java. It covers the File class, opening files for reading using a Scanner, handling exceptions, reading data line-by-line and tokenizing the lines. It also discusses opening files for writing using a PrintWriter and outputting data to files. The key topics are file I/O, exception handling, and using Scanners and PrintWriters to read from and write to files in Java.
Hibernate Import.Sql I18n
The document discusses three methods for importing SQL scripts using Hibernate:
1. Specify the import file in hibernate.cfg.xml using the classpath location
2. Directly specify the file path to import.sql
3. Implement a listener to convert the SQL file to the proper encoding on application startup
srgoc
The document provides examples of code snippets in C# to demonstrate various OOP concepts like inheritance, polymorphism, delegates, constructors, exception handling, file I/O, and adding a flash item to a website. It also explains XML and DTDs. The code snippets show how to implement inheritance by defining a base Shape class and derived Rectangle class, implement polymorphism by overloading a print method, use delegates to call methods, define default and parameterized constructors, handle exceptions, perform file read/write operations, and add a flash file to an HTML document. The explanation of XML covers internal and external DTD declarations to define document structure.
Devirtualizing FinSpy
The document analyzes and de-virtualizes the FinSpy malware sample. It finds the malware uses virtualization techniques to hide its execution through a virtual machine-like implementation. The author details analyzing the virtual machine code and operations, then describes decrypting and de-obfuscating the virtual machine to generate equivalent native x86 code. Finally, it summarizes the malware's anti-analysis and evasion techniques as well as finding it drops additional payloads depending on the environment.
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5/finalprojtemplate/.gitignore
# Ignore the build directory
build
# Ignore any executables
bin/*
# Ignore Mac specific files
.DS_Store
finalprojtemplatev5/finalprojtemplate/Makefile
# Script adapted from https://hiltmon.com/blog/2013/07/03/a-simple-c-plus-plus-project-structure/
CC := /usr/local/classes/eecs/spring2021/cs472/public/gcc/bin/g++
STRIPUTIL = strip
SRCDIR = src
BUILDDIR = build
TARGET = bin/cache_sim
# Handle debug case
DEBUG ?= 1
ifeq ($(DEBUG), 1)
CFLAGS += -g -Wall
else
CFLAGS += -DNDEBUG -O3
endif
SRCEXT = cpp
SOURCES = $(shell find $(SRCDIR) -type f -name *.$(SRCEXT))
OBJECTS = $(patsubst $(SRCDIR)/%,$(BUILDDIR)/%,$(SOURCES:.$(SRCEXT)=.o))
LDFLAGS += -Wl,-rpath,/usr/local/classes/eecs/spring2021/cs472/public/gcc/lib64
LIB += -pthread
INC += -I $(SRCDIR)
$(TARGET): $(OBJECTS)
@echo "Linking..."
@echo " $(CC) $^ -o $(TARGET) $(LIB) $(LDFLAGS)"; $(CC) $^ -o $(TARGET) $(LIB) $(LDFLAGS)
$(BUILDDIR)/%.o: $(SRCDIR)/%.$(SRCEXT)
@mkdir -p $(BUILDDIR)
@echo " $(CC) $(CFLAGS) $(INC) -c -o [email protected] $<"; $(CC) $(CFLAGS) $(INC) -c -o [email protected] $<
clean:
@echo "Cleaning...";
@echo " $(RM) -r $(BUILDDIR) $(TARGET)"; $(RM) -r $(BUILDDIR) $(TARGET)
.PHONY: clean
finalprojtemplatev5/finalprojtemplate/resources/simpletracefile==This is a simple tracefile for testing purposes L 08 L 808 L 1006 L 08 S 1805 L 1002 L 808 M 1806 L 1008 S 1005 S 1808 L 808 M 08 M 04 L 2804 M 808
finalprojtemplatev5/finalprojtemplate/resources/testconfig
1
230
8
16
3
1
0
13
finalprojtemplatev5/finalprojtemplate/src/CacheController.cppfinalprojtemplatev5/finalprojtemplate/src/CacheController.cpp/*
Cache Simulator (Starter Code) by Justin Goins
Oregon State University
Spring Term 2021
*/
#include"CacheController.h"
#include<iostream>
#include<fstream>
#include<regex>
#include<cmath>
usingnamespace std;
CacheController::CacheController(CacheInfo ci, string tracefile){
// store the configuration info
this->ci = ci;
this->inputFile = tracefile;
this->outputFile =this->inputFile +".out";
// compute the other cache parameters
this->ci.numByteOffsetBits = log2(ci.blockSize);
this->ci.numSetIndexBits = log2(ci.numberSets);
// initialize the counters
this->globalCycles =0;
this->globalHits =0;
this->globalMisses =0;
this->globalEvictions =0;
// create your cache structure
// ...
// manual test code to see if the cache is behaving properly
// will need to be changed slightly to match the function prototype
/*
cacheAccess(false, 0);
cacheAccess(false, 128);
cacheAccess(false, 256);
cacheAccess(false, 0);
cacheAccess(false, 128);
cacheAccess(false, 256);
*/
}
/*
Starts reading the tracefile and processing memory operations.
*/
voidCacheController::runTracefile(){
cout <<"Input tracefile: "<< inputFile << endl;
cout <<"Output file name: "<< outputFile << endl;
// process each input line
string line;
// define regular expressions that are used to locate ...
Shellcoding in linux
Shellcode is machine code that executes a shell when run. This document discusses shellcode, including:
- Shellcode injects machine code into a vulnerable application to spawn a shell.
- Three examples of shellcode are provided: an exit system call, displaying a message, and spawning a shell.
- Registers, assembly instructions, and system calls used in Linux are explained for creating shellcode.
What Have Syscalls Done for you Lately?
If you've ever written any code - even just Hello World - you've used some syscalls. In this talk we'll explore what syscalls are, how they are used to set up containers, and how to make your deployment more secure at runtime by limiting the syscalls your containers can make thanks to seccomp and Linux security modules like AppArmor.
We'll also discuss how, if your architecture is broken into containerized microservices, this gives you a great opportunity to improve security by limiting what each container can do. This is where containerized microservices really shine over traditional monoliths from a security perspective - so it's helpful to know about if you're trying to convince your security team that containers are a good idea.
There will be lots of live demos!
Strategies to design FUD malware
.Today, criminals are using novel tecnhiques to bypass AV detecions. Manual debugging must be used to unpack malware (a hard work that is needed to reveal the original malware code). Dissecting malware allows us to understand criminals’ modus operandi, and manual analysis is always required to reveal FUD malware.
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
The document discusses various examples of poor code quality, such as unnecessary comments, overly complex code, poor naming conventions, and unnecessary code. It provides examples of real code snippets that demonstrate these issues. It also discusses principles of good code quality like keeping code simple, avoiding duplication, and separation of concerns. Finally, it discusses tools and techniques for measuring and ensuring code quality like unit testing, code reviews, quality metrics, and issue tracking dashboards.
Java Input Output and File Handling
The document discusses input/output streams in Java. It covers:
- Different types of data storage including transient RAM and persistent storage like disks.
- I/O sources and destinations like consoles, disks, networks etc. and how streams represent sequential bytes to abstract I/O details.
- Common Java I/O stream classes like FileReader, FileWriter, InputStream and OutputStream for reading/writing text and binary data from files.
- Using File class to represent files and directories with methods to check attributes, read content and manipulate files.
Shell to be modified#include stdlib.h #include unistd.h .pdf
Shell to be modified
#include
#include
#include
#include
#include
#include
#include
#include
// Simplifed xv6 shell.
#define MAXARGS 10
// All commands have at least a type. Have looked at the type, the code
// typically casts the *cmd to some specific cmd type.
struct cmd {
int type; // ' ' (exec), | (pipe), '<' or '>' for redirection
};
struct execcmd {
int type; // ' '
char *argv[MAXARGS]; // arguments to the command to be exec-ed
};
struct redircmd {
int type; // < or >
struct cmd *cmd; // the command to be run (e.g., an execcmd)
char *file; // the input/output file
int mode; // the mode to open the file with
int fd; // the file descriptor number to use for the file
};
struct pipecmd {
int type; // |
struct cmd *left; // left side of pipe
struct cmd *right; // right side of pipe
};
int fork1(void); // Fork but exits on failure.
struct cmd *parsecmd(char*);
// Execute cmd. Never returns.
void
runcmd(struct cmd *cmd)
{
int p[2], r;
struct execcmd *ecmd;
struct pipecmd *pcmd;
struct redircmd *rcmd;
if(cmd == 0)
exit(0);
switch(cmd->type){
default:
fprintf(stderr, "unknown runcmd\n");
exit(-1);
case ' ':
ecmd = (struct execcmd*)cmd;
if(ecmd->argv[0] == 0)
exit(0);
fprintf(stderr, "exec not implemented\n");
// Your code here ...
break;
case '>':
case '<':
rcmd = (struct redircmd*)cmd;
fprintf(stderr, "redir not implemented\n");
// Your code here ...
runcmd(rcmd->cmd);
break;
case '|':
pcmd = (struct pipecmd*)cmd;
fprintf(stderr, "pipe not implemented\n");
// Your code here ...
break;
}
exit(0);
}
int
getcmd(char *buf, int nbuf)
{
if (isatty(fileno(stdin)))
fprintf(stdout, "$ ");
memset(buf, 0, nbuf);
fgets(buf, nbuf, stdin);
if(buf[0] == 0) // EOF
return -1;
return 0;
}
int
main(void)
{
static char buf[100];
int fd, r;
// Read and run input commands.
while(getcmd(buf, sizeof(buf)) >= 0){
if(buf[0] == 'c' && buf[1] == 'd' && buf[2] == ' '){
// Clumsy but will have to do for now.
// Chdir has no effect on the parent if run in the child.
buf[strlen(buf)-1] = 0; // chop \n
if(chdir(buf+3) < 0)
fprintf(stderr, "cannot cd %s\n", buf+3);
continue;
}
if(fork1() == 0)
runcmd(parsecmd(buf));
wait(&r);
}
exit(0);
}
int
fork1(void)
{
int pid;
pid = fork();
if(pid == -1)
perror("fork");
return pid;
}
struct cmd*
execcmd(void)
{
struct execcmd *cmd;
cmd = malloc(sizeof(*cmd));
memset(cmd, 0, sizeof(*cmd));
cmd->type = ' ';
return (struct cmd*)cmd;
}
struct cmd*
redircmd(struct cmd *subcmd, char *file, int type)
{
struct redircmd *cmd;
cmd = malloc(sizeof(*cmd));
memset(cmd, 0, sizeof(*cmd));
cmd->type = type;
cmd->cmd = subcmd;
cmd->file = file;
cmd->mode = (type == '<') ? O_RDONLY : O_WRONLY|O_CREAT|O_TRUNC;
cmd->fd = (type == '<') ? 0 : 1;
return (struct cmd*)cmd;
}
struct cmd*
pipecmd(struct cmd *left, struct cmd *right)
{
struct pipecmd *cmd;
cmd = malloc(sizeof(*cmd));
memset(cmd, 0, sizeof(*cmd));
cmd->type = '|';
cmd->left = left;
cmd->right = right;
return (struct cmd*)cmd;
}
// Parsing
char whitespace[] = " \t\r\n\v";
char symbols[] = "<|>";
int
ge.
Java practical
The document provides code examples for several Java programming concepts:
1. A program that takes command line arguments, calculates the sum and average of the numbers passed, and displays the results.
2. A Student class with member functions to read and display student details like name and age.
3. A Square class with data members for length, area, and perimeter, and member functions to read, compute values, and display details.
The document contains 10 additional examples covering topics like inheritance, packages, exceptions, threads, and GUI programming.
The Ring programming language version 1.6 book - Part 28 of 189
The document describes various functions for working with files, streams, and system operations in Ring including: Perror(), Fgetc(), Fgets(), Fputc(), Fputs(), Ungetc(), Fread(), Fwrite(), Fexists(), Int2Bytes(), Float2Bytes(), Double2Bytes(), Bytes2Int(), Bytes2Float(), Bytes2Double(), System(), SysGet(), IsMSDOS(), IsWindows(), IsWindows64(), IsUnix(), IsMacOSX(), IsLinux(), IsFreeBSD(), IsAndroid(), Windowsnl(), getting command line arguments, getting the active source file name, PrevFileName(), CurrentDir(), ExeFileName(), ChDir(), ExeFolder(), and Version(). An example at
Java 7 LavaJUG
This document summarizes new features and enhancements in Java 7 including Project Coin, NIO.2, invokedynamic, Fork/Join framework, and concurrency utilities. It discusses how these features make threads, parallelism, and concurrency easier to work with in Java. Code examples are provided to illustrate the use of ForkJoinPool, Callable, and try-with-resources statements.
200 Open Source Projects Later: Source Code Static Analysis Experience
Interesting Observations (7 Sins of Programmers); The compiler is to blame; Archeological strata; The last line effect; Programmers are the smartest; Security, security! But do you test it?; You can’t know everything; Seeking a silver bullet.
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
Banking Trojans have been part of the financial cybercrime landscape for over a decade, causing losses measured in billions of dollars. On the flip side, the constant evolution of defenses against this type of malware has forced Trojan operators to adjust to security controls designed to keep them out. As a result, many Trojan operators have either disappeared or considerably narrowed their activity scope, but more interestingly, are using novel techniques to achieve their goals. In this talk, we will present three top malware operators active in the wild and their use of automated scripts to tackle their challenges: The notorious Gozi (ISFB) malware used to run its own executable files. Nowadays, it avoids storing malicious payloads on disk and instead, writes a Powershell script to the Windows registry and executes it using a special regex-based run-key. Ramnit, a dated foe that focuses on UK banks, encrypts its payload using a Windows API function with a device-unique key. In every system reboot, it decrypts the payload in-memory and runs it with a Visual Basic script that runs Powershell. This allows Ramnit to avoid running a detectable, executable file as it used to do in the past. BackSwap is a new banking Trojan that attacks financial institutions in Spain. Its dropper is a JavaScript Encoded (JSE) file. When decoded, the dropper results in a 30k lines-of-code script which downloads a binary sample from a remote Command-and-Control server. Together with our audience, we will walk through the research process and share our findings along with our (sometimes) quick-and-dirty solutions. We aim to enhance our participants’ knowledge of today’s bankers and help them get deeper into current-day scripting-related techniques cybercriminals use.
“Linux Kernel CPU Hotplug in the Multicore System”
The respective talk was held by Oleksandr Shevchenko (Senior Engineering Consultant, GlobalLogic) at GlobalLogic Lviv Embedded TechTalk #2 on May 23, 2018.
Oleksandr presentation is about features of software architecture, which provides parallel work of Linux and operating system real-time on different cores of a single processor. The talk is also about the Linux mechanism, which allows to connect the processor cores after the boot process has finished, the so-called "CPU Hotplug".
Inheritance
The next document shows a Try-Catch block to handle an ArithmeticException from dividing by zero. It prints the exception message. The following document creates two threads, a main thread and a new child thread, running loops that print
Similar to Flowchart - Building next gen malware behavioural analysis environment (20)
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
Shell to be modified#include stdlib.h #include unistd.h .pdf
Shell to be modified#include stdlib.h #include unistd.h .pdf
The Ring programming language version 1.6 book - Part 28 of 189
The Ring programming language version 1.6 book - Part 28 of 189
200 Open Source Projects Later: Source Code Static Analysis Experience
200 Open Source Projects Later: Source Code Static Analysis Experience
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
“Linux Kernel CPU Hotplug in the Multicore System”
“Linux Kernel CPU Hotplug in the Multicore System”
More from isc2-hellenic
General assembly 2016 02 24 1.0
This document provides an agenda and summary for a General Assembly meeting of the (ISC)2 Hellenic Chapter. The agenda includes reviewing the chapter's accomplishments and financial results for 2015, as well as planning for 2016. In 2015, the chapter established its legal entity, grew membership to 85 members, held educational events, and became an official CISSP training provider. Financially, the chapter had revenues of €5,609.32 against a budget of €10,520 and expenses of €2,558.03 against a budget of €10,470, leaving a net position of €3,051.29. The meeting will also include an internal audit report and requests for general assembly approvals.
2016 02-14 - tlp-white ce2016 presentation
This document describes a cybersecurity simulation exercise taking place between April and October 2016. It will involve the staged release of scenarios related to technical cybersecurity incidents, business continuity, and crisis management. Participants will include IT security and business continuity teams who will handle incidents virtually and develop relationships with national and EU authorities. The goals are to test incident response and build expertise in addressing large-scale cybersecurity events. Details are provided on the types of incidents that will be covered as well as registration information.
2016 02-14-nis directive-overview isc2 chapter
The document discusses the key aspects of the upcoming EU Directive concerning measures for a high common level of security of network and information systems across the Union. It outlines that the directive will require all EU member states to have a national cybersecurity strategy and designate authorities to cooperate on strategic and operational cybersecurity issues. It also establishes security and incident notification requirements for operators of essential services, such as energy and transport, and digital service providers.
Event 16 12-15 kostas papadatos
This document provides an agenda for a cyber security predictions event held by OTE Academy in Athens, Greece. The event included two sessions on cyber security technology predictions and workforce trends for 2016. The first session included a panel of security professionals discussing expectations for 2016. The second session presented findings from the (ISC)2 2015 Global Information Security Workforce Study and another panel on expanding career opportunities. Sponsors and supporters of the event and information about (ISC)2, the organizing association, were also included.
Event 16 12-15 panel1
This document outlines a panel discussion on security expectations for 2016. The panel included four security experts: Bill Nikolopoulos from Checkpoint, Eleftherios Antoniadis from Odyssey, Emmanouil Gavriil from Neurosoft, and Panagiotis Sotiriou from Symantec. The discussion was coordinated by Panagiotis Trimintzios from the (ISC)2 Hellenic Chapter Membership.
Event 16 12-15 global information security workforce study 1.0
The document summarizes key findings from the 2015 Global Information Security Workforce Study. It found that the security skills gap is estimated to reach 1.5 million professionals within 5 years. Organizations report being forced to react to threats rather than prevent them due to growing complexity from technology and solution sprawl. The shortage of security professionals is leading organizations to outsource security tasks and push some responsibilities to overburdened IT staff.
5. Experience from recent national & international cyber exercises
This document discusses cyber exercises and the speaker's experience participating in them. It provides definitions of cyber exercises, categories of exercises (real-time and offline), typical training incidents covered, and objectives. The speaker's organization has participated in the Panoptis national Greek cyber defense exercises from 2010-2014 and the NATO Cyber Coalition 2014 exercise. These exercises train participants in skills like forensic investigation, malware analysis, and incident response through scenarios. The objectives are to evaluate security controls and identify gaps, train blue teams, and provide lessons learned.
4. Mitigating a Cyber Attack
This document outlines steps to mitigate cyber attacks. It defines a cyber attack as any offensive maneuver targeting computer systems for political or security purposes. Cyber attacks target critical infrastructure and aim to steal information, damage infrastructure, or harm reputation for financial or political goals. Attackers include hacktivists, nation states, cyber criminals, and insiders. The document discusses crime-as-a-service on underground forums and lists the Critical Security Controls for effective cyber defense. It also covers detecting attacks through logs and behavior analysis and having an incident response plan to prepare for and respond to attacks.
3. APTs Presentation
This document discusses advanced persistent threats (APTs) and strategies for cyber defense. It describes APTs as advanced, persistent, and threatening adversaries that are formally tasked to accomplish missions. The document outlines the lifecycle of APT attacks, including establishing backdoors in networks, maintaining long-term control, and exfiltrating data using encryption. It provides examples of APT groups and tools they use, such as exploiting vulnerabilities to escalate privileges and dump cached credentials from Windows networks. The overall summary is that APTs are dangerous, organized adversaries requiring persistent cyber defense strategies.
2. Chapter introduction & update
The document discusses the formation and status of the (ISC)2 Hellenic Chapter. It provides an overview of (ISC)2 and its certification programs, as well as information about the (ISC)2 Foundation. The (ISC)2 Hellenic Chapter was officially established in July 2014 and aims to provide a professional network for information security professionals in Greece. The presentation notes achievements in establishing the chapter and outlines plans for future activities and events.
1. Welcome Note
The University of Piraeus has a Systems Security Laboratory that conducts education and research in digital systems security, information systems security, and network security. The laboratory has 3 faculty members, 6 post-doc fellows, 15 PhD students, and 60 MSc students. It has received over 5 million euros in funding for international and national research projects. The laboratory teaches security courses at the undergraduate and postgraduate level and supervises theses. It collaborates extensively with other universities and industry partners on security research.
More from isc2-hellenic (12)
Event 16 12-15 global information security workforce study 1.0
Event 16 12-15 global information security workforce study 1.0
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises
Recently uploaded
By Design, not by Accident - Agile Venture Bolzano 2024
As presented at the Agile Venture Bolzano, 4.06.2024
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Communications Mining Series - Zero to Hero - Session 1
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Epistemic Interaction - tuning interfaces to provide information for AI support
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
“I’m still / I’m still / Chaining from the Block”
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Mind map of terminologies used in context of Generative AI
Mind map of common terms used in context of Generative AI.
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
Securing your Kubernetes cluster_ a step-by-step guide to success !
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Recently uploaded (20)
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Flowchart - Building next gen malware behavioural analysis environment
- 1. Extract Archive Unpack file with UPX Load TempKey in memory “c9e0b830ff18645849b8dbab57e47 7b5” CPU Check if (cores < 3) { Exit; } Check resources If (!filexists(base*.dat)) {exit;} Check Windows Version If (!WinVistaOrGreater) {exit;} Final Key Key = TempKey XOR 0x03 Decoy Base8.tmp = Base8.dat XOR Key XOR0x08 Real sample Base16.tmp = Base16.dat XOR key Decoy Base32.tmp = Base32.dat XOR Key XOR0x32 Decoy Base64.tmp = Base64.dat XOR Key XOR0x64 Clean-up: remove (base*.tmp) Run sample cmd /c base16.tmp Identify .NET binary Decompile binary RansomKiller: MainApp Write Registry Key RAND 15 char = HKLMSoftware SergSecKey CPU Check if (cores < 5) { Exit; } Checks for MAC ofNetcard Checks for debugger Checks for malware analysis software Detect HyperV MainApp Scan Buy product Update signatures Settings goes through files, doesn’t do anything Open Register Form Open Register Form Checks for internet by connecting to https://cyber-europe.net Checks thekey by sending a GET request to https://cyber-europe.net/ evl/ransomkill/reg.php If (reply == “260CA9DD8A4577FC00B7BD5810298 076") { RegisterProduct; } Enables all buttons of MainApp Easter Egg: checks ifpublic key of SergSec is installed in the CA Store Downloads https://cyber-europe.net// evl/ransomkill/update.rk Check ifit’s a Thursday Decrypt using AES-128 update.rk to updt.exe Gets AES Key = serial number of SergSec public certificate Executes updt.exe Creates Task: binary to be ran on 12th Oct 2016 Autoupdate: creates a Registry Key in HKLMSoftwareSergSecAutoUpdate = 1 Autostart: creates a Registry Key in HKLMSoftwareMicrosoftWindows CurrentVersionRun RansomKillerAppbase16.tmp Auto schedule: creates a weekly Task in theWindows Task Scheduler named RK_Weekly Sign in Easter Egg: if (user == “demo”)&(password==”demo”) { AccessWebPanel; }
- 2. updt.exe MainApp Hides Window Stalls Execution via Search Stalls Execution via Math Calculation Checks for debugger (Necromancy Check) Deletes Old Logs Anti-Forensics Checks Username Computer Name Processes Running CheckChecks for debugger (Running Proccess) Stalls Execution via Search2 Keylogger ScreenGrabber Sends data to: 10.210.1.12 Exfiltrator Stores key strikes in: rNdfgl34f.txt Grabs Printscreen test.jpg 500 Strikes Persistance Deletes Logs