Talk delivered by Chema Alonso ( https://MyPublicInbox.com/ChemaAlonso ) in Hack in the Box CyberWeek 2021 about Gremlin Apps & Gremlin Botnets. You can see the talk at: https://www.youtube.com/watch?v=yQJ5sFtOysM
How to code securely: a crash course for non-codersJaap Karan Singh
Ever wondered why coding securely is so difficult? In a non-technical session, learn more about the exponential growth of software and coders, why good code isn't necessarily secure code, how developers think and act, what are the most common mistakes developers make, and what you might be able to do about it. If you are up for it, challenge yourself to locate, identify and fix vulnerabilities within sample code snippets using our 'for-not-technical-people' pseudocode language!
THESEARCH.NET is regarded as a harmful redirect virus. Cyber criminals who create this annoying virus spread this pest to some suspicious websites, email attachments, or pop-up ads. Hence, if you do not pay much caution when surfing online, it will be easy for your machine to get infected. After intrusion, THESEARCH.NET virus will carry out many vicious activities and gain profit for its designers. To start with, it adds a new entry to the system registry so that it can be activated every time you launch the workstation. Besides, THESEARCH.NET malware hides deep in the system and escapes from the detection of your installed security programs.
How to code securely: a crash course for non-codersJaap Karan Singh
Ever wondered why coding securely is so difficult? In a non-technical session, learn more about the exponential growth of software and coders, why good code isn't necessarily secure code, how developers think and act, what are the most common mistakes developers make, and what you might be able to do about it. If you are up for it, challenge yourself to locate, identify and fix vulnerabilities within sample code snippets using our 'for-not-technical-people' pseudocode language!
THESEARCH.NET is regarded as a harmful redirect virus. Cyber criminals who create this annoying virus spread this pest to some suspicious websites, email attachments, or pop-up ads. Hence, if you do not pay much caution when surfing online, it will be easy for your machine to get infected. After intrusion, THESEARCH.NET virus will carry out many vicious activities and gain profit for its designers. To start with, it adds a new entry to the system registry so that it can be activated every time you launch the workstation. Besides, THESEARCH.NET malware hides deep in the system and escapes from the detection of your installed security programs.
Developing Mobile Application using PhonegapFahim Abdullah
Develop a Mobile Application by knowing HTML,CSS & Java Script Only!!
One can convert his Web Application to apk (for android user), ipa (for i phone user), & also for windows user by knowing Phonegap!!
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
The Internet of Fails - Where IoT (the Internet of Things) has gone wrong and how we’re making it right. By Mark Stanislav @mstanislav, Senior Security Consultant, Rapid7
Emanuele Bolognesi, responsabile del progetto AppsFuel, analizza le possibilità di distribuzione, promozione e monetizzazione del mobile web, facendo un confronto tra app native e web app, evidenziando le problematiche, ma anche le opportunità offerte da queste due tecnologie.
PhoneGap is an open source framework for building cross-platform mobile applications with HTML, CSS, and JavaScript. This is an ideal solution for web developers interested in mobile development as it allows them to leverage existing skills rather than start form scratch with a device-specific compiled language; it also works well if you want an application to run on multiple devices with the same code base. In this talk, I'll discuss the pros and cons of PhoneGap, give a brief survey of other cross-platform mobile application frameworks, an overview to the PhoneGap architecture/ecosystem, and discuss our new open-source framework, Mulberry.
For more info, please visit http://mulberry.toura.com
ADD14: ChromeCast and the future of Android TVSebastian Mauer
Google seems ready to try to take over the big screen again. Chromecast provides a unique way for developers to extend their apps with a second screen experience. This talk shows the inner bits and bolts of Chromecast and sheds light on Android’s deep connection with Chromecast.
Saturday, 17 May 2014
Presented at Android Developer Days 2014, Ankara, Turkey
Sascha Corti und Christof Zogg, Microsoft Schweiz, sprechen über Appconomy und wie man mit dem Windows Store Geld verdienen kann. Über die Entscheidung zum Geschäftsmodell, der Entwicklung der App, der Veröffentlichung bis hin zur Promotion der App wird alles angesprochen.
This slide show provides step by step instructions for how to use the GemTot iBeacon Demo App. It is for use by PassKit Partner.
At the end of the demo, the audience will be able to:
1. Describe the main benefits of iBeacon technology.
2. Understand why the distance measured is not precise.
3. Articulate how differentiated proximity services can be delivered using iBeacon ranges.
4. Identify opportunities to use Passbook passes and iBeacon technology to drive traffic and loyalty.
Businesses use PassKit to integrate technologies like Apple's iBeacon and Passbook, to create unique and remarkable experiences for their customers today.
PassKit connects the physical world to the digital world by enabling information, experiences or tokens of value that are relevant to a person's location, preferences and/or behaviours to be pushed to the smartphone. Businesses use PassKit to integrate technologies like Apple's iBeacon and Passbook, to create unique and remarkable experiences for their customers today.
As smartphone and micro-location technology continue to evolve, PassKit remains on the cutting edge, ensuring these innovations are instantly accessible to everyone. Founded in June 2012 and headquartered in Hong Kong, PassKit is already being used by thousands of pioneering companies worldwide.
For more information visit http://passkit.com
To become a PassKit Partner visit: http://passkit.com/partner-reseller-c...
To buy beacons visit http://passkit.com/buy-ibeacon/
ManekTech is leading mobile and software development company in the India who offers the best Enterprise application solution for your business. Our mobile and web developers develop the best application service with best quality work as per clients requirements.
Mobile has become one of the most prominent platforms that every business should consider having a mobile strategy to best reach or engage their audience.
Índice del libro "Big Data: Tecnologías para arquitecturas Data-Centric" de 0...Telefónica
Índice del libro "Big Data: Tecnologías para arquitecturas Data-Centric" de 0xWord escrito por Ibón Reinoso ( https://mypublicinbox.com/IBhone ) con Prólogo de Chema Alonso ( https://mypublicinbox.com/ChemaAlonso ). Puedes comprarlo aquí: https://0xword.com/es/libros/233-big-data-tecnologias-para-arquitecturas-data-centric.html
Índice de libro "Historias Cortas sobre Fondo Azul" de Willy en 0xWordTelefónica
Índice de libro "Historias Cortas sobre Fondo Azul" de Willy (Guillermo Obispo https://mypublicinbox.com/Willy_ ) en 0xWord. Puedes comprar el libro aquí: https://0xword.com/es/libros/232-historias-cortas-sobre-fondo-azul.html
More Related Content
Similar to Gremlin Apps & Gremlin Botnets by Chema Alonso
Developing Mobile Application using PhonegapFahim Abdullah
Develop a Mobile Application by knowing HTML,CSS & Java Script Only!!
One can convert his Web Application to apk (for android user), ipa (for i phone user), & also for windows user by knowing Phonegap!!
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
The Internet of Fails - Where IoT (the Internet of Things) has gone wrong and how we’re making it right. By Mark Stanislav @mstanislav, Senior Security Consultant, Rapid7
Emanuele Bolognesi, responsabile del progetto AppsFuel, analizza le possibilità di distribuzione, promozione e monetizzazione del mobile web, facendo un confronto tra app native e web app, evidenziando le problematiche, ma anche le opportunità offerte da queste due tecnologie.
PhoneGap is an open source framework for building cross-platform mobile applications with HTML, CSS, and JavaScript. This is an ideal solution for web developers interested in mobile development as it allows them to leverage existing skills rather than start form scratch with a device-specific compiled language; it also works well if you want an application to run on multiple devices with the same code base. In this talk, I'll discuss the pros and cons of PhoneGap, give a brief survey of other cross-platform mobile application frameworks, an overview to the PhoneGap architecture/ecosystem, and discuss our new open-source framework, Mulberry.
For more info, please visit http://mulberry.toura.com
ADD14: ChromeCast and the future of Android TVSebastian Mauer
Google seems ready to try to take over the big screen again. Chromecast provides a unique way for developers to extend their apps with a second screen experience. This talk shows the inner bits and bolts of Chromecast and sheds light on Android’s deep connection with Chromecast.
Saturday, 17 May 2014
Presented at Android Developer Days 2014, Ankara, Turkey
Sascha Corti und Christof Zogg, Microsoft Schweiz, sprechen über Appconomy und wie man mit dem Windows Store Geld verdienen kann. Über die Entscheidung zum Geschäftsmodell, der Entwicklung der App, der Veröffentlichung bis hin zur Promotion der App wird alles angesprochen.
This slide show provides step by step instructions for how to use the GemTot iBeacon Demo App. It is for use by PassKit Partner.
At the end of the demo, the audience will be able to:
1. Describe the main benefits of iBeacon technology.
2. Understand why the distance measured is not precise.
3. Articulate how differentiated proximity services can be delivered using iBeacon ranges.
4. Identify opportunities to use Passbook passes and iBeacon technology to drive traffic and loyalty.
Businesses use PassKit to integrate technologies like Apple's iBeacon and Passbook, to create unique and remarkable experiences for their customers today.
PassKit connects the physical world to the digital world by enabling information, experiences or tokens of value that are relevant to a person's location, preferences and/or behaviours to be pushed to the smartphone. Businesses use PassKit to integrate technologies like Apple's iBeacon and Passbook, to create unique and remarkable experiences for their customers today.
As smartphone and micro-location technology continue to evolve, PassKit remains on the cutting edge, ensuring these innovations are instantly accessible to everyone. Founded in June 2012 and headquartered in Hong Kong, PassKit is already being used by thousands of pioneering companies worldwide.
For more information visit http://passkit.com
To become a PassKit Partner visit: http://passkit.com/partner-reseller-c...
To buy beacons visit http://passkit.com/buy-ibeacon/
ManekTech is leading mobile and software development company in the India who offers the best Enterprise application solution for your business. Our mobile and web developers develop the best application service with best quality work as per clients requirements.
Mobile has become one of the most prominent platforms that every business should consider having a mobile strategy to best reach or engage their audience.
Índice del libro "Big Data: Tecnologías para arquitecturas Data-Centric" de 0...Telefónica
Índice del libro "Big Data: Tecnologías para arquitecturas Data-Centric" de 0xWord escrito por Ibón Reinoso ( https://mypublicinbox.com/IBhone ) con Prólogo de Chema Alonso ( https://mypublicinbox.com/ChemaAlonso ). Puedes comprarlo aquí: https://0xword.com/es/libros/233-big-data-tecnologias-para-arquitecturas-data-centric.html
Índice de libro "Historias Cortas sobre Fondo Azul" de Willy en 0xWordTelefónica
Índice de libro "Historias Cortas sobre Fondo Azul" de Willy (Guillermo Obispo https://mypublicinbox.com/Willy_ ) en 0xWord. Puedes comprar el libro aquí: https://0xword.com/es/libros/232-historias-cortas-sobre-fondo-azul.html
Índice del libro: Máxima Seguridad en Windows: Secretos Técnicos. 6ª Edición ...Telefónica
Índice del libro: "Máxima Seguridad en Windows: Secretos Técnicos. 6ª Edición Actualizada con nuevos contenidos" escrito por Sergio de Los Santos ( https://MyPublicInbox.com/SSantos ) en 0xWord. Puedes comprarlo aquí: https://0xword.com/es/libros/22-libro-maxima-seguridad-windows.html
Índice del libro "Amazon Web Services: Hardening de Infraestructuras Cloud Co...Telefónica
Índice del libro "Amazon Web Services: Hardening de Infraestructuras Cloud Computing" de Abraham Romero https://mypublicinbox.com/martrudix publicado por 0xWord. Puedes comprarlo online aquí: https://0xword.com/es/libros/229-amazon-web-services-hardening-de-infraestructuras-cloud-computing.html
Índice del Libro "Ciberestafas: La historia de nunca acabar" (2ª Edición) de ...Telefónica
Índice del Libro "Ciberestafas: La historia de nunca acabar" (2ª Edición) de 0xWord de Juan Carlos Galindo ( https://mypublicinbox.com/galindolegal ) con prólogo y epílogo del Sr. Juez Eloy Velasco ( https://mypublicinbox.com/eloyvelasco ) y Chema Alonso ( https://mypublicinbox.com/ChemaAlonso )
Índice del Libro "Storytelling para Emprendedores"Telefónica
´Índice del Libro "Storytelling para Emprendedores" escrito por Roda Padadero ( https://MyPublicInbox.com/RosaPanadero ) de 0xWord.Puedes comprarlo online aquí: https://0xword.com/es/libros/224-storytelling-para-emprendedores.html
Presentación de Chema Alonso ( https://MyPublicInbox.com/ChemaAlonso ) realizada en la DotNet 2023 en Madrid sobre Latch Web3. Más información en: https://www.elladodelmal.com/2023/05/latch-web3-un-pestillo-de-seguridad.html
Índice del libro "Hardening de servidores GNU / Linux 5ª Edición (Gold Edition)"Telefónica
Índice del libro "Hardening de servidores GNU / Linux 5ª Edición (Gold Editon)" de 0xWord. Puedes comprarlo aquí: https://0xword.com/es/libros/38-libro-hardening-servidores-linux.html
Escrito por Pablo González: https://MyPublicInbox.com/PabloGonzalez y Carlos Álvarez Martín
Índice del libro de "WhatsApp INT: OSINT en WhatsApp" de 0xWord escrito por Luis Márquez ( https://mypublicinbox.com/luismarquezEs ). Puedes comprar el libro en 0xWord.com: https://0xword.com/es/libros/219-whatsapp-int-osint-en-whatsapp.html
Índice del libro "De la Caverna al Metaverso" de 0xWord.comTelefónica
Índice del libro "De la Caverna al Metaverso" de 0xWord, escrito por Felipe Colorado Lobo [Contacto: https://mypublicinbox.com/FColorado ] Puedes comprarlo online en: https://0xword.com/es/libros/217-de-la-caverna-al-metaverso-un-relato-disruptivo-de-la-tecnologia.html
20º Máster Universitario de Ciberseguridad UNIRTelefónica
Programa del 20º Máster Universitario de Ciberseguridad UNIR.
Apadrinado por Chema Alonso. Más información en: https://estudiar.unir.net/es/es-esp-ma-ing-master-ciberseguridad/
BootCamp Online en DevOps (and SecDevOps) de GeeksHubs AcademyTelefónica
Descripción del BootCamp Online en DevOps (and SecDevOps) de GeeksHubs Más información en la web del curso. https://geekshubsacademy.com/producto/devops/
Índice del libro "Ciberseguridad de tú a tú" de 0xWordTelefónica
Índice del libro "Ciberseguridad de tú a tú" de 0xWord que puedes comprar online: https://0xword.com/es/libros/216-ciberseguridad-de-tu-a-tu-lo-que-tienes-que-conocer-para-sentirte-mas-seguro.html
Está escrito por Yolanda Corral ( https://mypublicinbox.com/yocomu ) que dirige el Canal de Youtube y Podcast "Palabra de Hacker" ( https://www.mypublicinbox.com/palabradehacker ).
Epílogo de Angelucho : https://www.mypublicinbox.com/Angelucho
Índice del libro "Open Source INTelligence (OSINT): Investigar personas e Ide...Telefónica
Índice del libro "Open Source INTelligence (OSINT): Investigar personas e Identidades en Internet 2ª Edición" de 0xWord, escrito por Carlos Seisdedos ( https://www.mypublicinbox.com/carlos_seisdedos ) y Vicente Aguilera ( https://mypublicinbox.com/VicenteAguileraDiaz ). Puedes comprar el libro en : https://0xword.com/libros/162-open-source-intelligence-osint-investigar-personas-e-identidades-en-internet.html
Índice del libro "Social Hunters" de 0xWordTelefónica
Índice del libro "Social Hunters" de 0xWord, escrito por Marta Barrio ( https://mypublicinbox.com/martrudix ) y Carolina Gómez ( https://mypublicinbox.com/Carol12Gory ) sobre el mundo de los hackers que utilizan técnicas de Ingeniería Social. Puedes comprarlo en: https://0xword.com/es/libros/215-social-hunters-hacking-con-ingenieria-social-en-el-red-team.html
Índice del libro "Kubernetes para profesionales: Desde cero al despliegue de ...Telefónica
Índice del libro de 0xWord "Kubernetes para profesionales: Desde cero al despliegue de aplicaciones seguras y resilientes" que puedes comprar aquí: https://0xword.com/es/libros/213-kubernetes-para-profesionales-desde-cero-al-despliegue-de-aplicaciones-seguras-y-resilientes.html Escrito por Rafael Troncoso ( https://mypublicinbox.com/rafaeltroncoso )
Los retos sociales y éticos del MetaversoTelefónica
Las empresas están comenzando a explorar las muchas oportunidades comerciales nuevas que ofrece. Sin embargo, de inteligencia artificial hemos aprendido que también existen posibles consecuencias éticas y sociales negativas asociado al uso masivo de estas tecnologías.
Richard Benjamins [ https://mypublicinbox.com/rbenjamins ] (Chief AI & Data Strategist), Yaiza Rubio [ https://MyPublicInbox.com/YrubioSec ] (Chief Metaverse Officer) y Chema Alonso [ https://MyPublicInbox.com/ChemaAlonso ] (Chief Digital Officer) de Telefónica abordan esta temática en un informe llamado “Social and ethical challenges of the metaverse” donde describen qué es el Metaverso, qué tecnologías forman parte de su ecosistema y de dónde proviene. Después se enfocan en los posibles riesgos sociales y éticos del metaverso y cómo mitigarlos. Finalmente, concluyen que las empresas que actualmente están implementando el uso responsable de la IA, están bien preparadas para prevenir o mitigar los riesgos sociales y éticos del metaverso. No porque conozcan el futuro, sino porque cuentan con la gobernanza y la cultura adecuadas para hacer frente a tales riesgos. Más info: https://www.telefonica.com/es/sala-comunicacion/los-retos-sociales-y-eticos-del-metaverso/
Índice del Libro "Ciberestafas: La historia de nunca acabar" de 0xWordTelefónica
Índice del Libro "Ciberestafas: La historia de nunca acabar" de 0xWord escrito por Juan Carlos Galindo ( https://MyPublicInbox.com/Galindolegal ) con Prólogo de Chema Alonso ( https://MyPublicInbox.com/ChemaAlonso ). Puedes comprarlo en: https://0xword.com/es/libros/205-ciberestafas-la-historia-de-nunca-acabar.html
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
11. https://MyPublicInbox.com/ChemaAlonso
Business Model: APT Provider with a Gremlin
Botnet of apps to become malicious only one
target. We sell targets, no malware.
• Create a Gremlin botnet with lot of Apps to know who you are and sell you as a target for APT:
• What Company you work for.
• Who you are in social networks
• Sell you for extorsion, data leakeage, CEO Attacks, part of a bigger APT, etc…
• Who you are in the device Gremlin app is installed:
• Accounts: Twitter, Facebook, etc…
• Phone Number: WhatsApp, Telegram, 2FA, Account Recovery.
• E-mail: Login.
• A little of OSINT on the Internet
• Dirty Business Card.
• Turn a Gremlin App into malicious only to the target we sell.
• Only one app becomes malicious.
• Steganography to connect C&C
• Opportunistic use of permissions (Install & RunTime)
14. https://MyPublicInbox.com/ChemaAlonso
Permissions to get Phone Number & Accounts
• TelephonyManager to Access phone number stored in SIM
• AccountsManager get infor for Accounts (twitter, telegram, google…)
• Some of them are:
• Email
• Phone number
15. https://MyPublicInbox.com/ChemaAlonso
Version Codename API Distribution (%) Total Afectados
Gingerbread 10 0,3 61,30 % < 8.0
2.3.3 -2.3.7
Ice Cream Sandwich 15 0,3
4.0.3 -4.0.4
4.1.x Jelly Bean 16 1,2
4.2.x 17 1,5
4.3 18 0,5
4.4 KitKat 19 6,9
5.0 Lollipop 21 3
5.1 22 11,5
6.0 Marshmallow 23 16,9
7.0 Nougat 24 11,4
7.1 25 7,8
8.0 Oreo 26 12,9
8.1 27 15,4
9 Pie 28 10,4
In 2018 (this PoC was done) almost 62% of devices
had versions < Android 8 and let Access to Accounts
(e-mail, twitter…). In 2021 (one week ago) aprox 50 %
devices are still in Android 9 or less.
Outdated (2018): Fragmentation and Update of
Android Devices
22. https://MyPublicInbox.com/ChemaAlonso
Gremlim Botnet: Oppotunistic permisions usage
• Nobody suspects of a permission if
they can explain it
• ”Yeah… it is because this is an app for
enhancing photos with beauty efects"
• Use permisions opportunisticly
• Ex: Pokemon Go & Photo Pictures
• Ex: Select a photo and take them all.
• Compiller / Lib Infections?
• Ej: XCodeGhost
• Do your own app and “be malicious”
when permission you need is in use.
23. https://MyPublicInbox.com/ChemaAlonso
Quiz App: PoC for our Gremlin Botnet
• Quiz App is a PoC.
• Quiz App is a “What do you prefer”
Game
• It´s working goodware in all devices
until one target is activated..
• Use steganography to exchange
commands and data from and to
C&C.
29. https://MyPublicInbox.com/ChemaAlonso
“Stealling” Apps with Data in Motion
• What happen when a
developer “die”?
• When app are
outdated?
• Can you re-register
developer accounts?
• Can you Steel and
app?
PROVEEDOR EXPIRATION POLICY (2018)
Gmail 9 months*
AOL Mail 3 months
FastMail End of payment
GMX Mail 6 months or end of payment
Hushmail 3 weeks or end of payment
ICloud Never
Lycos 1 month
Mail.com 6 months or end of payment
Mail.ru 6 months or end of payment
Mailfence 7 months (free) or never(paid)
Outlook.com (live
mail/Hotmail)
270 days
ProtonMail 3 months
Rackspace End of payment
Rediffmail 3 months
Runbox End of payment
Tutanota Nevers
Yahoo! 12 months
Yandex Mail 24 months
Zoho 4 months or end of payment
30. https://MyPublicInbox.com/ChemaAlonso
Tacyt: Orphan “apps” without developers
• Study for apps with developer
accounts outdated and free.
• Re-register again and take control of
the Google developer account..
• How many installations affected.
• We selected Outlook and a sample
of 217 e-mail accounts for old apps.
0 50 100 150 200 250
Cuentas sin caducar
Cuentas caducadas
Cuentas sin caducar Cuentas caducadas
Total 209 8
Cuentas caducadas Outlook
31. https://MyPublicInbox.com/ChemaAlonso
“Dead Poets Society”
Cuenta de correo Apps# Nombre de las apps Downloads#
XXXXXcolla@outlook.com 12
1.Insta Mirror
1,256,150
2.Insta Face
3.Insta Eyes
4.Face Blender
5.Insta Effects
6.Insta Collage
7.Insta Color
8.Animal Face
9.Insta Frames
10.Photo Shape for
Instagram
11.Insta Camera
12.Insta Square
XXXXXXloperapps@outlook.
com
1
1.Download Video
Downloader Free
1,000,000
XXXXXenes@outlook.com 1
1.Imágenes para
Whatsapp
1,000,000
XXXXXXnloader@outlook.co
m
1
1.IDM+ Download
Manager free
500,000
XXXXXtudios@outlook.com 1 1.Super Artie World 500,000
XXXXXkit4u@outlook.com 12 346,200
2.Military Armor Mod Installer
3.Poke Cube Mod Installer
4.Elsa Mod Installer
5.RhanCandia Elevator
Installer
6.Instant Structure Mod
Instaler
7.Better Lucky Blocks Installer
8.AutomatedCraft Mod
Installer
9.Christmas Bosses Mod
Installer
10.MineKart Mod Installer
11.Security Camera Mod
Installer
12.Morph Victim Mod
Installer
XXXXXX.sp@outlook.com 1 1.Video player for android 100,000
XXXXXX.rocha@outlook.co
m
6
1.Quiz Millonario Español
Gratis
152,000
2.Millionaire
3.Millionaire Quiz English
4.Quiz Milionario Italiano
5.Millionnaire Quiz Français
8 accouts = 4,854,350 downloads
33. https://MyPublicInbox.com/ChemaAlonso
Bring Your Own Device vs Take Your Own Device
• BYOD
• User has a personal account with
Google or Apple.
• User onws the device.
• Installs corporate apps IF they
agree to that.
• When employeer/empoloyee
relationship ends user manages
device to restore it as it was
before.
• TYOD (not a SMDM)
• User has a personal account
with Google or Apple.
• Company owns the device.
• User is ”forced” to Install apps
• Whe employeer/empoloyee
relationship ends.. Who
manages device?
34. https://MyPublicInbox.com/ChemaAlonso
Corporate Gremlin Botnet & BYOD
• Corporate & Event Apps
• Sideloading & Testflight (No Apps Store)
• No Audit / No Open Source
• Opportunistic usage of permisions
• BYOD: Your Own Device
• Your own Photos
• Your own Contacts
• Your own Messages
• TYOD or Corporate device
• Apple Contract / Google Contract?
36. https://MyPublicInbox.com/ChemaAlonso
Thanks!
• Every installed app (even your
Company one) can do in your device
everything permisions allow it to do,
therefore, always think the worst.
• Trust is not enought –> Zero Trust.
• Security for Top excutives means to
control security for every single app
installed in their profesional devices
and teach them to do it in their
personal ones.
• Any app can become a Gremlin App
eventually just because:
• An evil developer
• A bug in its code
• App is sold
• Apps is stolen
Contact to Chema Alonso at MyPublicInbox.com
https://MyPublicInbox.com/ChemaAlonso
”Dad, mum… can I play a free game
in your device that my friends play?
No.”