This document summarizes a presentation given by Sean Hanna on client side hacking. The presentation discussed how hacking has evolved from hobbyists to security research companies to organized criminal gangs producing crimeware. It noted how governments are now developing cyber warfare capabilities in a growing arms race. The presentation demonstrated hacking tools and warned that client systems are increasingly being targeted, and that future threats will be even more advanced as hacking continues to evolve.
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2DroneSec
Speaker: Christopher Church (INTERPOL)
Talk Recording: https://www.youtube.com/watch?v=eaUIk5_5aKI
The Global Drone Security Network (GDSN) is the only event of its kind focusing on Cyber-UAV security, Drone Threat Intelligence, Counter-UAS, and UTM security.
Speaker profile:
https://www.linkedin.com/in/christopher-church-aa7aa144/
DroneSec is a cyber-uav security and threat intelligence company who hosted this second series of the GDSN community event..
https://dronesec.com/
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...DroneSec
Mike Monnik (DroneSec)
Talk Recording: https://www.youtube.com/watch?v=-zuJerGWTWs
The Global Drone Security Network (GDSN) is the only event of its kind focusing on Cyber-UAV security, Drone Threat Intelligence, Counter-UAS, and UTM security. Watch the full recording here: https://www.youtube.com/watch?v=vZ6sRr65cSk
Speaker: https://www.linkedin.com/in/mike-monnik-23026a75/
DroneSec is a cyber-uav security and threat intelligence company who hosted this second series of the GDSN community event.
https://dronesec.com/
Drone Guardian: Countering the drone threat to commercial airportsNicholas Meadows
L3 Technologies is currently live trailing its pioneering Drone Guardian technology in both commercial and non-commercial settings. Our whitepaper explores the risk factors associated with drones at commercial airports and considers how a flexible and scalable system such as Drone Guardian can be deployed to counter an ever-growing threat from the illegal and hostile use of both commercial and military drones.
Unmanned Aircraft Systems (UAS) pose an increasing threat to the aviation sector due to the rapid proliferation of the technology into civilian hands. UAS can be weaponized by malicious actors, while non-malicious UAS operators may inadvertently interfere with aviation-related activities. There have been numerous aviation-related incidents involving UAS in recent years.
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2DroneSec
Speaker: Christopher Church (INTERPOL)
Talk Recording: https://www.youtube.com/watch?v=eaUIk5_5aKI
The Global Drone Security Network (GDSN) is the only event of its kind focusing on Cyber-UAV security, Drone Threat Intelligence, Counter-UAS, and UTM security.
Speaker profile:
https://www.linkedin.com/in/christopher-church-aa7aa144/
DroneSec is a cyber-uav security and threat intelligence company who hosted this second series of the GDSN community event..
https://dronesec.com/
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...DroneSec
Mike Monnik (DroneSec)
Talk Recording: https://www.youtube.com/watch?v=-zuJerGWTWs
The Global Drone Security Network (GDSN) is the only event of its kind focusing on Cyber-UAV security, Drone Threat Intelligence, Counter-UAS, and UTM security. Watch the full recording here: https://www.youtube.com/watch?v=vZ6sRr65cSk
Speaker: https://www.linkedin.com/in/mike-monnik-23026a75/
DroneSec is a cyber-uav security and threat intelligence company who hosted this second series of the GDSN community event.
https://dronesec.com/
Drone Guardian: Countering the drone threat to commercial airportsNicholas Meadows
L3 Technologies is currently live trailing its pioneering Drone Guardian technology in both commercial and non-commercial settings. Our whitepaper explores the risk factors associated with drones at commercial airports and considers how a flexible and scalable system such as Drone Guardian can be deployed to counter an ever-growing threat from the illegal and hostile use of both commercial and military drones.
Unmanned Aircraft Systems (UAS) pose an increasing threat to the aviation sector due to the rapid proliferation of the technology into civilian hands. UAS can be weaponized by malicious actors, while non-malicious UAS operators may inadvertently interfere with aviation-related activities. There have been numerous aviation-related incidents involving UAS in recent years.
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...José Antonio García Erce
Comunicación oral. Congreso Nacional de Hematología y Hemoterapia. Sección Anemia Eritropatología. Estudio epidemiológico Sector Huesca. Período 2011-2015. Estimación de valores promedio de Hemoglobina y estimación de prevalencia de la anemia en población ambulante, ajustado a edad, altura y sexo
Who is the next target proactive approaches to data securityUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
Détecter et neutraliser efficacement les cybermenaces !Kyos
Le 10.05.2016, Kyos a organisé une matinée sécurité sur Genève autour du thème "Détectez et neutralisez efficacement
les cybermenaces !"
Introduction :
Se doter d’une « capacité proactive d’intelligence en sécurité » est souvent perçu comme une démarche complexe et coûteuse. Cependant les attaques restent trop souvent identifiées uniquement plusieurs mois ou années après les méfaits. Avec LogRhythm, nous vous apportons une solution de nouvelle génération de visibilité centralisée autour des cybermenaces et incidents, qui a été construite pour :
- centraliser la collecte des logs et évènements de votre infrastructure,
- analyser en temps réel et détecter les menaces,
- accélérer votre workflow de gestion des menaces,
- savoir décerner votre niveau de risque,
- mettre en œuvre rapidement la sécurité analytique,
- orchestrer et automatiser la réponse aux incidents.
Nous vous présenterons les fonctionnalités de LogRhythm et son utilisation possible pour la mise en place d’un SOC (Centre de supervision et d’administration de la sécurité).
Pour les personnes voulant aller plus loin, une deuxième partie « hands-on » technique est organisée pour vous permettre d’évaluer les capacités de la solution en direct. Nous vous remercions de bien vouloir transmettre cette invitation à vos collègues intéressés par ce type d’approche pratique et conviviale.
Hackers and Harm Reduction / 29c3 / CCCviolet blue
Harm reduction methodology: An examination of hackers as an at-risk population (internal and external factors), ideas for applying harm reduction to reduce harmful consequences from hacking's inherent risks.
The Teenage Girl as Consumer and CommunicatorHavas PR
Euro RSCG Worldwide PR’s white paper analyzes data from a survey the agency commissioned of 100 girls between the ages of 13 and 18 about their spending and communications habits. The research reveals that the teenage girl contradicts almost all cultural stereotypes in those areas. But the core finding of the white paper is more sociological than statistical. Tearing down another false platitude about teenage girls, the paper proves that a sense of intimacy with a select group of friends and family drives almost all their social interaction—including shopping, which the study characterizes as a core social activity for teenage girls. The findings are helping to launch a new Euro PR initiative. Eventually focusing on teen boys and girls, the first phase is called The Sisterhood.
Delivered by Patrick Laverty and his daughter, this is about how kids can stay safe online. Various tips, suggestions and recommendations are given to keep children safe when they go on the internet.
Are you a hacker’s target? How do they get your information? In the world of network security, cybercrime and information warfare, it’s important to protect yourself. Check out the infographic below and let us know: how have you been a hacker’s target?
The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in.
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...José Antonio García Erce
Comunicación oral. Congreso Nacional de Hematología y Hemoterapia. Sección Anemia Eritropatología. Estudio epidemiológico Sector Huesca. Período 2011-2015. Estimación de valores promedio de Hemoglobina y estimación de prevalencia de la anemia en población ambulante, ajustado a edad, altura y sexo
Who is the next target proactive approaches to data securityUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
Détecter et neutraliser efficacement les cybermenaces !Kyos
Le 10.05.2016, Kyos a organisé une matinée sécurité sur Genève autour du thème "Détectez et neutralisez efficacement
les cybermenaces !"
Introduction :
Se doter d’une « capacité proactive d’intelligence en sécurité » est souvent perçu comme une démarche complexe et coûteuse. Cependant les attaques restent trop souvent identifiées uniquement plusieurs mois ou années après les méfaits. Avec LogRhythm, nous vous apportons une solution de nouvelle génération de visibilité centralisée autour des cybermenaces et incidents, qui a été construite pour :
- centraliser la collecte des logs et évènements de votre infrastructure,
- analyser en temps réel et détecter les menaces,
- accélérer votre workflow de gestion des menaces,
- savoir décerner votre niveau de risque,
- mettre en œuvre rapidement la sécurité analytique,
- orchestrer et automatiser la réponse aux incidents.
Nous vous présenterons les fonctionnalités de LogRhythm et son utilisation possible pour la mise en place d’un SOC (Centre de supervision et d’administration de la sécurité).
Pour les personnes voulant aller plus loin, une deuxième partie « hands-on » technique est organisée pour vous permettre d’évaluer les capacités de la solution en direct. Nous vous remercions de bien vouloir transmettre cette invitation à vos collègues intéressés par ce type d’approche pratique et conviviale.
Hackers and Harm Reduction / 29c3 / CCCviolet blue
Harm reduction methodology: An examination of hackers as an at-risk population (internal and external factors), ideas for applying harm reduction to reduce harmful consequences from hacking's inherent risks.
The Teenage Girl as Consumer and CommunicatorHavas PR
Euro RSCG Worldwide PR’s white paper analyzes data from a survey the agency commissioned of 100 girls between the ages of 13 and 18 about their spending and communications habits. The research reveals that the teenage girl contradicts almost all cultural stereotypes in those areas. But the core finding of the white paper is more sociological than statistical. Tearing down another false platitude about teenage girls, the paper proves that a sense of intimacy with a select group of friends and family drives almost all their social interaction—including shopping, which the study characterizes as a core social activity for teenage girls. The findings are helping to launch a new Euro PR initiative. Eventually focusing on teen boys and girls, the first phase is called The Sisterhood.
Delivered by Patrick Laverty and his daughter, this is about how kids can stay safe online. Various tips, suggestions and recommendations are given to keep children safe when they go on the internet.
Are you a hacker’s target? How do they get your information? In the world of network security, cybercrime and information warfare, it’s important to protect yourself. Check out the infographic below and let us know: how have you been a hacker’s target?
The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in.
Future-proofing maritime ports against emerging cyber-physical threatsSteven SIM Kok Leong
First presented at Cybersecurity for Maritime Summit 2017 in Oct 2017. Subsequently presented at Temasek Polytechnic ISACA Day in Nov 2017. Audience comprises of cybersecurity professionals in the maritime sector and also cybersecurity students who are keen to learn more about cybersecurity considerations in a shipping port environment.
DISCLAIMER: For an improve rendering please check the original source on our drive : https://docs.google.com/presentation/d/1akI0F7CYqff7xJuPklrQiYE4xymv6bU1FHHjvP9lBLY/edit#slide=id.g12c452509f1_2_41
Also more details provided on our github page: https://github.com/crowdsecurity/fundraising-decks
Presentation by Haroon Meer at IDC in 2006.
The presentation begins with a discussion on google hacking. There is a brief discussion on Kernel-rootkits. The presentation ends with a discussion
on web application hacking.
A presentation to discuss information securities and responsibilities of individual to keep it safe. This specific presentation was contributed by many people. Each of the different area has its own author. I have planned and coordinated with them to compile it into a group presentation.
Web security – application security roads to software security nirvana iisf...Eoin Keary
Approaching Web Security, Secure application development and how to fix what matters. A useful talk for application developers and security experts alike.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
2. About New Horizons
World’s largest IT training company since 2002 (IDC)
Recognized among the world's Top 20 IT training companies four out
of four years (Trainingindustry.com)
Deliver a full range of technical, application, and business skills training
solutions
Advanced technical solutions (Microsoft, IBM, CompTIA, Adobe, ITIL,
and various Information Security offerings);
Desktop applications (Microsoft Project, Excel, Access, PowerPoint;
Adobe Photoshop, Illustrator, InDesign);
Business skills (project management, practical selling skills,
time management, effective presentations, etc.)
Offer more courses, at more times, and in more locations
than any other computer and business training company
16. Weapons R&D EC-Council
Finding the next Vulnerability is highly technical
Greatest challenge for coders
Years of experience required
Reverse Engineering
Zero Day Attacks
17. For Example… EC-Council
Wi-Fi Protected Setup is designed to ease the
task of setting up and configuring security on
wireless local area networks
It has many weaknesses
External Registrar option does not require any kind
of authentication apart from providing the PIN, it is
potentially vulnerable to brute force attacks.
22. For Example… EC-Council
Remote Code Buffer Overflows occurs when
data written to a buffer, due to insufficient
bounds checking, corrupts data values in
memory addresses adjacent to the allocated
buffer and may allow remote code to be run
Microsoft DNS RPC Service
extractQuotedChar() Overflow (TCP)
MS07-029
26. The Payloads EC-Council
Shells “Dangerous Weapon”
Reverse Shells
HTTP
Reverse HTTP
VNC
Password Collector
Visa Collector
Bombs
27. For Example… EC-Council
A botnet is a collection of compromised
computers, each of which is known as a 'bot',
connected to the Internet.
Shark
Botnet Payload
Botnet C&C Server
36. if you’ve got it then you might as
EC-Council
well …
37. For Example… EC-Council
Metasploit a well-known Framework, a tool for
developing and executing exploit code against a
remote target machine
Contains many plug-ins
SET
41. Random Demos? EC-Council
Were these just 3 random demos, or was there
something more behind them?
Each of the demos targeted a client system
This is only the start of our story…
43. The Arms Race EC-Council
The term arms race in its
original usage describes a
competition between two or
more parties for military
supremacy. Each party
competes to produce larger
numbers of weapons,
greater armies, or superior
military technology in a
technological escalation
Source: Wiki
45. The Ingredients Of An Arms Race EC-Council
A new technology that might have a use a
weapon
Existing research in non-weapon areas
An accidental or deliberate demonstration of its
potential
One government to use it against another
Big business to see the chance of massive
profits
46. The Dawn of a New Era EC-Council
We have just entered the dawn of new era
Cyber Warfare is not the stuff of science fiction
Militaries around the world deploy Cyber
Warfare Weaponry on an hourly bases
The technologies is in use in live operational
theatres around the world
48. This Time Its Different EC-Council
The human race has always been careful to
control the availability of weapons
This time we can’t
49. Cyber Weaponry EC-Council
When a solider leaves the army
You can take his gun of him
When a sailor leaves the navy
You can take his ship of him
When a pilot leaves the air force
You can take his plane of him
51. RISK EC-Council
Your job is managing Information RISK
The risk profile id constantly changing
New threats are constantly emerging
Everything is a state of constant flux
53. Journey EC-Council
Let me take you on journey through hacking
From the start though the years to today
Then on towards the future
Let me share why things are about to change
FOREVER.
60. Hobbyist Hackers EC-Council
C0mrade
hacked into NASA
downloaded the source code of the
International Space Station
$1.7 million
Kevin Mitnick
most wanted computer criminal in
U.S. history
breached the national defence system
61. Hobbyist Hackers EC-Council
Started the whole process
Limited success
Limited resources
Limited skills
63. Security Research Companies EC-Council
HP Fortify
Largest commercial research organization in the
world
Identified over 430 vulnerability categories across 18
programming languages
Discovered two entirely new categories of
vulnerabilities (JavaScript Hijacking and Cross-Build
Injection)
65. Criminal Gangs EC-Council
431 million adults worldwide were victims of
cyber crime last year (Norton Cyber Crime
Report 2011)
$388 billion is lost globally each year to cyber
crime (Norton Cyber Crime Report 2011)
67. Criminal Gangs EC-Council
Russian cybercriminals (Mafia Today)
raked in over $4 billion in 2011
consolidated their efforts; organized crime groups
are clamoring for a piece of the action
most lucrative form of Russian cybercrime last year
was online fraud
“The cybercrime market originating from Russia
costs the global economy billions of dollars every
year,” Ilya Sachkov, Group-IB’s CEO
68. Criminal Gangs EC-Council
Cyber crime costs the UK economy £27bn a
year, the government has said.
£21bn of costs to businesses
£2.2bn to government
£3.1bn to citizens
Security minister Baroness Neville-Jones said
the government was determined to work with
industry to tackle cyber crime.
69. Criminal Gangs EC-Council
Took the process to second stage
Invested money to make money
Professional career hackers
Large budgets
Large multi-skills teams
Results in the production of commercial quality
hacks:
Crimeware is born
70. Crimeware EC-Council
Crimeware is a class of malware designed
specifically to automate cybercrime
The term was coined by Peter Cassidy,
Secretary General of the Anti-Phishing Working
Group
Crimeware is said to started around 2003
Crimeware has made rapid advancements in
the last 9 years
74. Cyber Warfare EC-Council
“actions by a nation-state to penetrate another
nation's computers or networks for the
purposes of causing damage or disruption”
“the fifth domain of warfare”
“as critical to military operations as land, sea,
air, and space”
75. Cyber Warfare - History EC-Council
March 1999: Hackers in Serbia attack NATO systems in retaliation for NATO’s military
intervention in Kosovo.
May 1999: NATO accidentally bombs the Chinese embassy in Belgrade, spawning a wave of
cyberattacks from China against U.S. government Web sites.
2003: Hackers begin a series of assaults on U.S. government computer systems that lasts for
years. The government code names the attacks Titan Rain and eventually traces them to
China.
April-May 2007: Hackers believed to be linked to the Russian government bring down the
Web sites of Estonia’s parliament, banks, ministries, newspapers and broadcasters.
June-July 2008: Hundreds of government and corporate Web sites in Lithuania are hacked,
and some are covered in digital Soviet-era graffiti, implicating Russian nationalist hackers.
August 2008: Cyber attackers hijack government and commercial Web sites in Georgia
during a military conflict with Russia.
January 2009: Attacks shut down at least two of Kyrgyzstan’s four Internet service providers
during political squabbling among Russia, the ruling Kyrgyzstan party and an opposition
party.
April 2009: An attack on neighboring Kazakhstan shuts down a popular news Web site.
76. US First Cyber Warfare General EC-Council
The US military appointed its first senior general to direct
cyber warfare – despite fears that the move marks another
stage in the militarisation of cyberspace.
The creation of Cyber Command is in response to increasing
anxiety over the vulnerability of the US's military and other
networks to a cyber attack
The US air force discloses that some 30,000 of its troops had
been re-assigned from technical support "to the frontlines of
cyber warfare".
May 2010 – The Guardian Newspaper UK
78. Cyber Warfare EC-Council
A cyber attack by one state on another could be
considered an "act of war", former top national
security adviser (BBC News)
William Hague: UK is under cyber-attack
(BBC News)
79. White House warns of Cyber Warfare
boomerangs
EC-Council
Unlike a bullet or missile fired at an enemy, a
Cyber Weapon that spreads across the Internet
may circle back accidentally to infect computers
it was never supposed to target.
The Homeland Security Department’s warning
about the new virus, known as “Flame,”
3 Days ago – The White House
80. Germany prepares special unit to EC-Council
tackle cyber attack
BERLIN: Germany has prepared a special
cyber warfare unit of its military to conduct
offensive operations against computer hackers,
who attack key installations or engage in
espionage activities, defence ministry has said.
36 Hours ago – Economic Times
81. The Government Wants You EC-Council
Agencies need to hack clients
Al Qaeda operatives for example
Millions have been spent in developing the next
generation of client side hacking tools
84. Questions and Answers
New Horizons Bulgaria
36 Dragan Tsankov blvd.
Interpred, block A, floor 6
Phone : +359 2 421 0040
Email: office@newhorizons.bg
Web: www.newhorizons.bg
Blog: newhorizons.bg/blog
Editor's Notes
Licensed Penetration Tester (LPT),EC-Council Certified Security Analyst (ECSA), Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH); Director at Nemstar- Offering IT Security, Consultancy & Training services in Ireland, the UK and Europe