Hacking Cracking 2008

•

2 likes•1,467 views

This document discusses zero-day vulnerabilities and the zero-day market. It describes what a zero-day is, how they are obtained and traded, various players in the zero-day industry, and programs that pay for the discovery and disclosure of zero-days. The document also notes that many security companies acquire startups to expand their solutions, and while companies invest in security, common issues still exist like weak passwords and misconfigurations.

Technology

hacking/cracking
the other side of the story

jim geovedi

guide to ict megatrend
31 January 2008 — Hotel Shangri-La, Jakarta

‣ information security

‣ 0-day vulnerabilities

infosec ≠ satpam

‣ current trends: identity thefts, botnet,
mobile communication hacking, 0-day
vulnerabilities, corporate espionage,
wiretapping

industry status

‣ big security companies acquire small
start-up or spin-off companies to offer
more solutions
‣ "palugada" propaganda

software
development

‣ cheap software development?
outsource to india or china!

security investment

‣ companies bought a lot of security
devices or applications
‣ firewall, anti virus, spam and content
filtering, ids, ips, patch management,
etc.

common issues

‣ companies do not have enough
resources.
‣ vendors re-introducing:
‣ weak and easy guessed passwords
‣ clear-text protocols
‣ misconfigurations

‣ 0-day, pronounce zero-day, sometimes
oh day, means new.

‣ the term has it's origin in the warez scene,
but has become firmly entrenched in the
exploit trading scene.

‣ 0-day is used to refer to exploits,
software, media or vulnerability
information released today and those
that have not yet released.

vendor noticed patch released
intrusion

time

value life cycle of 0-day
(quick response from vendor)

vendor noticed patch released
intrusion

time

value life cycle of 0-day
(very late response from vendor)

‣ 0-day users: intelligence agents,
professional penetration testers, product
vendors, random hackers/crackers

obtaining 0-day

‣ conducting research (source code/
binary audit)
‣ share/trade between friends
‣ install honeypot
‣ buy from 0-day brokers

market

‣ current 0-day business model is
considered weak
‣ the auction model

the players

‣ corporate: ISS, eEye, iDEFENSE,
TippingPoint (3Com/ZDI), Immunity,
Gleg, Argeniss, wabisabilabi, etc
‣ group or personal: cirt.dk, piotr bania,
inge henriksen, mario ballano, neil kettle,
etc.

programs

‣ https://labs.idefense.com/vcp/
‣ http://www.wslabi.com/wabisabilabi/
rrp.do?
‣ http://www.zerodayinitiative.com/
details.html

prizes
‣ remote arbitrary code execution vulnerabilities
in specified e-mail clients and servers (outlook,
outlook express, thunderbird, sendmail,
exchange)
$8,000 - $12,000
‣ remote arbitrary code execution vulnerabilities
in specified critical internet infrastructure
applications (apache httpd, bind, sendmail,
openssh, iis, exchange):
$16.00 - $24.000

how many?

‣ every complex software have bugs
‣ we should assume every popular
application exist has at least one 0-day
exploit in wild
‣ professionals keep their own 0-day!

**Cybersecurity Training: https://www.edureka.co/cybersecurity-certification-training ** This Edureka "Ethical Hacking Course" PPT will give you an expansive view into Ethical Hacking. This video will give you an exhaustive understanding on key topics of Ethical Hacking for beginners! Follow us to never miss an update in the future. Instagram: https://www.instagram.com/edureka_learning/ Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015

Sina Manavi

Ethical hacking

Vishesh Singhal

Introduction to Hacking

Rishabha Garg

Ethical Hacking

Mukul Agarwal

Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.

Ethical hacking course

ChitraKuder

Ethical hacking

Ravi Rajput

Ethical hackingkawsarahmedchoudhuryzzz

IOT Security FUN-damental

Satria Ady Pradana

Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...

Edureka!

** Edureka Online Training: https://www.edureka.co/cybersecurity-... ** This Edureka PPT on "Ethical Hacking Career" will give you a sneak peek into the career of an Ethical Hacker. The following topics are discussed throughout the course of this PPT: Who is an Ethical Hacker? Ethical Hacker Roadmap Ethical Hacker Skills Ethical Hacker Job Trends Companies Hiring Ethical Hacker Salary Instagram: https://www.instagram.com/edureka_lea... Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka

What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...

Edureka!

** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training ** This Edureka PPT on "What is Ethical Hacking" (Blog: https://bit.ly/2rmFo9p) will give you an introduction to Ethical Hacking. This is a beginners tutorial covering all the fundamentals of Ethical Hacking. Below are the topics covered in this PPT: What is Ethical Hacking Types of Hackers Types of Hacking Phases of Ethical Hacking Reconnaissance FootPrinting FingerPrinting Follow us to never miss an update in the future. Instagram: https://www.instagram.com/edureka_learning/ Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka

Full seminar report on ethical hacking

Georgekutty Francis

ethical hackingsamprada123

Ethical Hacking

Mazenetsolution

As cyber attacks increase, so does the demand for information security professionals who possess true network penetration testing, Web Application Security and ethical hacking skills. There are several ethical hacking courses that claim to teach these skills, but few actually do. EC Council's Certified Ethical Hacker (CEH V8) course truly prepares you to conduct successful penetration testing and ethical hacking projects.

Ethical hackingAltacit Global

Ethical Hacking

justyogesh

Hacking" is the word that shakes everyone whenever it is said or heard by someone. Everyone born in this world with attitude wants to be a Hacker. But it is not a job of a new born baby or an old grown lady. A Hacker needs a brilliant mind to hack anything. His skills should be so powerful that no other hacker can hack him. A Hacker doesn't need software to hack. There are many rules that he should learn to become an Ethical Hacker. These rules include knowledge of HTML, JavaScript, Computer Tricks, and Cracking & Breaking etc.

Hacking

VipinYadav257

Ethical hacking

SVishnupriya5

Ethical hacking course ppt

DharsiniRavichandran

Ethical hacking for information security

Jayanth Vinay

PowerPoint Presentation On Ethical Hacking in Brief (Simple)

Shivam Sahu

Cyber Threat Intelligence

Prachi Mishra

Ethical HackingNitheesh Adithyan

Wireless Hotspot SecurityJim Geovedi

Professional Hackers

Jim Geovedi

What's hot

Ethical Hacking (CEH) - Industrial Training Report

Raghav Bisht

Hacking Mobile Apps

Sophos Benelux

Ethical hacking course

ChitraKuder

Ethical hacking

Ravi Rajput

Ethical hackingkawsarahmedchoudhuryzzz

IOT Security FUN-damental

Satria Ady Pradana

Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...

Edureka!

What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...

Edureka!

Full seminar report on ethical hacking

Georgekutty Francis

ethical hackingsamprada123

Ethical Hacking

Mazenetsolution

Ethical hackingAltacit Global

Ethical Hacking

justyogesh

Hacking

VipinYadav257

Ethical hacking

SVishnupriya5

Ethical hacking course ppt

DharsiniRavichandran

Ethical hacking for information security

Jayanth Vinay

PowerPoint Presentation On Ethical Hacking in Brief (Simple)

Shivam Sahu

Cyber Threat Intelligence

Prachi Mishra

Ethical HackingNitheesh Adithyan

What's hot (20)

Ethical Hacking (CEH) - Industrial Training Report

Hacking Mobile Apps

Ethical hacking course

Ethical hacking

IOT Security FUN-damental

Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...

What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...

Full seminar report on ethical hacking

ethical hacking

Ethical Hacking

Ethical hacking

Ethical Hacking

Hacking

Ethical hacking

Ethical hacking course ppt

Ethical hacking for information security

PowerPoint Presentation On Ethical Hacking in Brief (Simple)

Cyber Threat Intelligence

Ethical Hacking

Viewers also liked

Wireless Hotspot SecurityJim Geovedi

Professional Hackers

Jim Geovedi

IDS & Log Management

Jim Geovedi

Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipJim Geovedi

Internet Worms

Jim Geovedi

Hacking Satellite: A New Universe to DiscoverJim Geovedi

Wireless Hotspot: The Hackers PlaygroundJim Geovedi

AI & NLP pada @begobet

Jim Geovedi

Cheating the 10,000 hour ruleJim Geovedi

Waluku: Answering Astronomy Questions through Social Media

Jim Geovedi

langitselatan as one of the established astronomy community in Indonesia have been actively use social media to interact and discussion with their members and general public. Since 2011 langitselatan received question from public to answer in the form of blog article and now planning to extensively use social media network for astronomy outreach. This paper reports the development and implementation of Waluku, an online astronomy knowledge base management system with the extension of the dialogue based natural language chatbot on the Twitter social network, that creates responses based on information extracted from langitselatan blog articles, Wikipedia articles and community supplied answers.

Hacking TrustJim Geovedi

Hacking a Bird in the Sky: The Revenge of Angry BirdsJim Geovedi

Satellite Telephony Security

Jim Geovedi

This talk will provide an in-depth treatment of satellite telephony networks from a security perspective. The overall system seems secure, but in reality, it cannot be expected to be fully reliable. We will briefly cover the satellite mobile system architecture, then discuss GMR (GEO-Mobile Radio) system elements, e.g. GSS (Gateway Station Subsystem), MES (Mobile Earth Station), AOC (Advanced Operation Center), and TCS (Traffic Control Subsystem) for GMR-1 systems and NCC (Network Control Center), GW (Gateway), SCF (Satellite Control Facility) and CMIS (Customer Management Information System) for GMR-2 systems. From there, we will discuss the security issues of GMR system as it shares similar vulnerabilities with GSM–GMR is derived from the terrestrial digital cellular standard GSM and support access to GSM core networks, along with some interesting demos. Time permitting, a question and answer session at the end of the presentation will allow participants to cover any additional issues in satellite telephony system they’d like to discuss.

Adam Laurie - $atellite Hacking for Fun & Pr0fit!Jim Geovedi

Satellite Hacking — Intro by Indianz (2012)

Jim Geovedi

Hacking a Bird in the Sky: Hijacking VSAT ConnectionJim Geovedi

The 21st Century Bank Job

Jim Geovedi

Is Cyber-offence the New Cyber-defence?

Jim Geovedi

Leonardo Nve Egea - Playing in a Satellite Environment 1.2Jim Geovedi

Warezzman - DVB-Satellite HackingJim Geovedi

Viewers also liked (20)

Wireless Hotspot Security

Professional Hackers

IDS & Log Management

Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship

Internet Worms

Hacking Satellite: A New Universe to Discover

Wireless Hotspot: The Hackers Playground

AI & NLP pada @begobet

Cheating the 10,000 hour rule

Waluku: Answering Astronomy Questions through Social Media

Hacking Trust

Hacking a Bird in the Sky: The Revenge of Angry Birds

Satellite Telephony Security

Adam Laurie - $atellite Hacking for Fun & Pr0fit!

Satellite Hacking — Intro by Indianz (2012)

Hacking a Bird in the Sky: Hijacking VSAT Connection

The 21st Century Bank Job

Is Cyber-offence the New Cyber-defence?

Leonardo Nve Egea - Playing in a Satellite Environment 1.2

Warezzman - DVB-Satellite Hacking

Similar to Hacking Cracking 2008

Ten Security Product Categories You've Probably Never Heard Of

Adrian Sanabria

Ten security product categories you've (probably) never heard of

Adrian Sanabria

Security Opportunities A Silicon Valley VC Perspective

Positive Hack Days

(Isc)² secure johannesburg

Tunde Ogunkoya

This talk focussed on the challenges facing the DevOps community from the “developers culture perspective” and the consequences of the perceived disinterest in inculcating a complete 360 degrees’ risk mitigation framework in DevOps practices. The talk touched on the legal +Security+Operational Risk of using Open Source in their SDLC, the need for internal customized Open Source policy and a two-step approach to resolve these risks

Exodus intel slideshare 2019

Exodus Intelligence

Exodus Intelligence provides the US and Canadian governments; our NATO allies; security vendors and commercial clients with in-depth vulnerability intelligence related to unknown (0-day) vulnerabilities and known (N-day) vulnerabilities (including where vendor’ patches are failing to properly fix vulnerabilities). Focusing on defensive cyber-weaponization, Exodus identifies HIGH-RISK TARGETS, focusing on the discovery, exploitation and mitigation of undocumented vulnerabilities and known vulnerabilities (N-day) within systems and software affecting high value assets (critical infrastructure/ business-critical data). Exodus works closely with its clients to structure the continuous delivery of high-value intelligence applicable to an organization's infrastructure & business.

Exodus intel slideshare 2019

Exodus Intelligence

The Magic of Symbiotic Security

Denim Group

Throw out everything that you know about security tools today. No more six-figure appliances that only do one thing marginally well. No more proprietary protocols. We deserve better and we demand better. Envision a world where your security tools talk with eachother. They communicate and share data in order to leverage eachothers strengths and and help compensate for their weaknesses. They work together to solve problems. Envision "Symbiotic Security". Symbiotic Security is a new term that was coined to describe the ability of a tool to consume data from other tools or provide data to other tools. As part of our research, we have examined various classes of tools on the market and identified these abilities in each of them resulting in a label of "Consumer", "Provider", or "Symbiotic". As a consumer of security tools, this completely revolutionizes the way that we make purchases. As an example, let's pretend that you are purchasing a new Intrusion Prevention System for your enterprise. As you begin to evaluate the various tools from the Gartner Magic Quadrant, you quickly realize that they almost all have the same primary feature set. The key differentiator at this point aren't the rules or the hardware, but rather, the ability for the system to send and receive data with other systems. The IPS itself has some signatures and blocking abilities, but has zero relevancy data. Now, we give the IPS the ability to pull in vulnerability data and system configuration information from network and host scans and we gain relevancy. Add in some additional data on where the potential threat is coming from and now you have the data necessary to take a decisive action on threats. This new system is a "Consumer". Now, if you give the IPS the ability to send information to other devices on things like the source of relevant threats, those devices, like a firewall or HIPS, can now make intelligent blocking decisions as well. Our IPS now has "Provider" abilities. Since our IPS is labeled as both a "Provider" and "Consumer" it is deemed "Symbiotic". This convention can now be used both by the manufacturer to market the value-add of the device as well as a way for the purchasers to differentiate between otherwise similar devices. In order to demonstrate the true powers of being symbiotic, we are releasing a free tool that epitomizes this concept. The tool, named ThreadFix, has been labeled as a "Consumer" because of it's abilities to pull vulnerability data from static and dynamic scanning tools, threat modeling, and manual penetration tests as well as alert logs and vulnerability details from IDS, IPS, and WAF products. ThreadFix has also been labeled as a "Provider" because of it's abilities to normalize the data consumed and pass it along to IDS, IPS, and WAF for action as well as to your bug tracking system for remediation tracking. Because it can serve both a consumer and provider role, we designate it as a "Symbiotic" tool.

Découvrez le Rugged DevOps

Talent Agile @ Avanade

Security in the age of open source - Myths and misperceptions

Tim Mackey

As delivered at Interop ITX 2017. The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.

Wfh security risks - Ed Adams, President, Security Innovation

Priyanka Aash

Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods. What will you learn : -New Attack techniques hackers are using targeting WFH -How to handle decentralisation of IT and technology decisions? -Application risks as enterprises pivot to online/new business model(s) -New risks in the Cloud and due to Shadow IT -Security risks due to uninformed employees & their home infrastructure -How to handle Misconfigurations & Third party risks -How to build a robust breach response and recovery program? Full video - https://youtu.be/bQLfnmhDnQs

Ryan Wilson - ryanwilson.com - IoT Security

Ryan Wilson

Threat Landscape Lessons from IoTs and Honeynets

Digital Transformation EXPO Event Series

Understanding Your Attack Surface and Detecting & Mitigating External Threats

Ulf Mattsson

Understanding Your Attack Surface and Detecting & Mitigating External Threats Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how. Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How: What is a Digital Footprint? Breakdown of External Threats (Social, Mobile, Web) What are blended attacks? What is actually being targeting at your company? How are your brands, customers, and employees being attack outside of your company? How to become proactive in threat monitoring on the internet? Considerations in External Threat solutions Threat correspondence tracking considerations Is legal cease and desist letters adequate in stopping attacks? Examination of a phishing attack campaign How phishing kits work Analysis and lesson learned from recent published attacks What are the most important capability in a digital risk monitoring solution?

Asset Discovery in India – Redhunt Labs

RedhuntLabs2

Leading Asset Discovery Company Redhunt Labs provides a variety of solutions to assist companies in India in securing their online assets and guarding against cyber threats. Our Agent less Platform NVADR has been successful for many of our customers in locating significant data leaks across publicly exposed Docker containers. NVADR has the capability to continually monitor your exposed Docker Assets from across the globe. We also provide a Free Scan if you'd like to examine the Attack Surface of your company. Here to visit our page for more information.

Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA

NowSecure

HITCON 2017: Building a Public RPZ Service to Protect the World's Consumers

John Bambenek

While we have many products and tools to protect enterprises and government networks, we are not using those same tools to protect consumers who cannot afford products and services by security companies. This talk will focus on the building of a RPZ service that can use already existing threat intelligence feeds that are freely accessible to protect consumers against threats we already know about.

Application Security by Ethical Hackers

Entersoft

Entersoft is an award winning application security provider trusted by over 300 global brands. Our approach is a combination of offensive assessment, proactive monitoring and pragmatic managed security which provides highly cost effective and reliable solutions to some of the most pressing problems in Cyber Security. Through our unique model, we found bugs in Yahoo!, Blackberry, Dropbox and other 150+ organizations.

SignaturesAreDead Long Live RESILIENT Signatures

Daniel Bohannon

Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao

Shakacon

Since 2014, fifteen new malware or riskware families successfully attacked non-jailbroken iOS devices (e.g., WireLurker, Oneclickfraud, XcodeGhost, InstaAgent, ZergHelper, AceDeceiver), affected thousands of iOS apps and tens of millions users around the world. Ten of them even bypassed Apple’s code vetting and occurred at App Store. In this presentation, we will systematically study how could these malware, riskware and some Proof-of-Concepts infect non-jailbroken devices via practical vectors and approaches including abusing development certificates, bypassing code review by obfuscation, performing FairPlay MITM attack, abusing MDM solution, abusing private APIs, exploiting design flaws or app level vulnerabilities, and stealing privacy data. For each topic, we will introduce its implementation, explore real world cases, analyze its risky and consequences, explain Apple’s countermeasures, and discuss why some problems will still exist in near future. We will also share some stories of how we discovered those interesting iOS malware. Through this topic, audiences could make more effective policies to protect iOS devices in their organizations, build their own systems/tools to evaluate security risks in iOS apps, and hunt more iOS malware in the future.

When Insiders ATT&CK!

MITRE ATT&CK

From ATT&CKcon 3.0 By Matt Snyder, VMWare Insider threats are some of the most treacherous and every organization is susceptible: it's estimated that theft of Intellectual Property alone exceeds $600 billion a year. Armed with intimate knowledge of your organization and masked as legitimate business, often these attacks go unnoticed until it's too late and the damage is done. To make matters worse, threat actors are now trying to lure employees with the promise of large paydays to help carry out attacks. These advanced attacks require advanced solutions, and we are going to demonstrate how we are using the MITRE ATT&CK framework to proactively combat these threats. Armed with these tactics and techniques, we show you how to build intelligent detections to help secure even the toughest of environments.

Similar to Hacking Cracking 2008 (20)

Ten Security Product Categories You've Probably Never Heard Of

Ten security product categories you've (probably) never heard of

Security Opportunities A Silicon Valley VC Perspective

(Isc)² secure johannesburg

Exodus intel slideshare 2019

The Magic of Symbiotic Security

Découvrez le Rugged DevOps

Security in the age of open source - Myths and misperceptions

Wfh security risks - Ed Adams, President, Security Innovation

Ryan Wilson - ryanwilson.com - IoT Security

Threat Landscape Lessons from IoTs and Honeynets

Understanding Your Attack Surface and Detecting & Mitigating External Threats

Asset Discovery in India – Redhunt Labs

Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA

HITCON 2017: Building a Public RPZ Service to Protect the World's Consumers

Application Security by Ethical Hackers

SignaturesAreDead Long Live RESILIENT Signatures

Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao

When Insiders ATT&CK!

Recently uploaded

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Recently uploaded (20)

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Securing your Kubernetes cluster_ a step-by-step guide to success !

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Accelerate your Kubernetes clusters with Varnish Caching

UiPath Test Automation using UiPath Test Suite series, part 4

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

JMeter webinar - integration with InfluxDB and Grafana

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

UiPath Test Automation using UiPath Test Suite series, part 3

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Essentials of Automations: Optimizing FME Workflows with Parameters

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

GraphRAG is All You need? LLM & Knowledge Graph

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

When stars align: studies in data quality, knowledge graphs, and machine lear...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Hacking Cracking 2008

1. hacking/cracking the other side of the story jim geovedi guide to ict megatrend 31 January 2008 — Hotel Shangri-La, Jakarta

2. ‣ information security ‣ 0-day vulnerabilities

3. infosec ≠ satpam ‣ current trends: identity thefts, botnet, mobile communication hacking, 0-day vulnerabilities, corporate espionage, wiretapping

4. industry status ‣ big security companies acquire small start-up or spin-off companies to offer more solutions ‣ "palugada" propaganda

9. software development ‣ cheap software development? outsource to india or china!

10. security investment ‣ companies bought a lot of security devices or applications ‣ firewall, anti virus, spam and content filtering, ids, ips, patch management, etc.

11. common issues ‣ companies do not have enough resources. ‣ vendors re-introducing: ‣ weak and easy guessed passwords ‣ clear-text protocols ‣ misconfigurations

12. ‣ information security ‣ 0-day vulnerabilities

13. ‣ 0-day, pronounce zero-day, sometimes oh day, means new. ‣ the term has it's origin in the warez scene, but has become firmly entrenched in the exploit trading scene.

14. ‣ 0-day is used to refer to exploits, software, media or vulnerability information released today and those that have not yet released.

15. vendor noticed patch released intrusion time value life cycle of 0-day (quick response from vendor)

16. vendor noticed patch released intrusion time value life cycle of 0-day (very late response from vendor)

17.

18.

19. ‣ 0-day users: intelligence agents, professional penetration testers, product vendors, random hackers/crackers

20. obtaining 0-day ‣ conducting research (source code/ binary audit) ‣ share/trade between friends ‣ install honeypot ‣ buy from 0-day brokers

21. market ‣ current 0-day business model is considered weak ‣ the auction model

22. the players ‣ corporate: ISS, eEye, iDEFENSE, TippingPoint (3Com/ZDI), Immunity, Gleg, Argeniss, wabisabilabi, etc ‣ group or personal: cirt.dk, piotr bania, inge henriksen, mario ballano, neil kettle, etc.

23. programs ‣ https://labs.idefense.com/vcp/ ‣ http://www.wslabi.com/wabisabilabi/ rrp.do? ‣ http://www.zerodayinitiative.com/ details.html

24. prizes ‣ remote arbitrary code execution vulnerabilities in specified e-mail clients and servers (outlook, outlook express, thunderbird, sendmail, exchange) $8,000 - $12,000 ‣ remote arbitrary code execution vulnerabilities in specified critical internet infrastructure applications (apache httpd, bind, sendmail, openssh, iis, exchange): $16.00 - $24.000

25. how many? ‣ every complex software have bugs ‣ we should assume every popular application exist has at least one 0-day exploit in wild ‣ professionals keep their own 0-day!

26. fin. jim@geovedi.com

Hacking Cracking 2008

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Hacking Cracking 2008

Similar to Hacking Cracking 2008 (20)

Recently uploaded

Recently uploaded (20)

Hacking Cracking 2008