Honeypot Spotted
•Download as PPTX, PDF•
1 like•363 views
Slides from the Lightning Talk session in FIRST Annual Conference 2017, about the honeypot I observed by ShinoBOT. Due to the time (5min), I extremely shrink my slide, so it is a very partial data.
Report
Share
Report
Share
Recommended
Using Canary Honeypots for Network Security Monitoring
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Keith J. Jones, Ph.D. - Crash Course malware analysis
A 60 minute crash course into malware analysis. This is meant only to get your feet wet so you will want to learn more.
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.
10(?) holiday gifts for the SOC who has everything
Automating your organization’s security operations is no longer optional. It’s essential. Increasing analyst productivity and decreasing response time can mean the difference between successfully containing an attack, and suffering a devastating breach. This talk will focus on
ten practical automation techniques—each implemented in either Python or PowerShell—
that extend the functionality of a popular commercial SIEM. Each technique will demonstrate how to automatically gather additional context on an alert, make configuration changes in an operational environment, or retrieve and analyze forensic evidence. Proof of concept code samples and live/recorded demonstrations will be provided.
Cyber crime &_info_security
cyber crime & information security is most famous in the world..day by day increase cyber crime in internet world. that see. the detail about of cyber security.
Recommended
Using Canary Honeypots for Network Security Monitoring
In this presentation I talk about how honeypots that have more traditionally been used for research purposes can also be used as an effective part of a network security monitoring strategy.
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Keith J. Jones, Ph.D. - Crash Course malware analysis
A 60 minute crash course into malware analysis. This is meant only to get your feet wet so you will want to learn more.
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.
10(?) holiday gifts for the SOC who has everything
Automating your organization’s security operations is no longer optional. It’s essential. Increasing analyst productivity and decreasing response time can mean the difference between successfully containing an attack, and suffering a devastating breach. This talk will focus on
ten practical automation techniques—each implemented in either Python or PowerShell—
that extend the functionality of a popular commercial SIEM. Each technique will demonstrate how to automatically gather additional context on an alert, make configuration changes in an operational environment, or retrieve and analyze forensic evidence. Proof of concept code samples and live/recorded demonstrations will be provided.
Cyber crime &_info_security
cyber crime & information security is most famous in the world..day by day increase cyber crime in internet world. that see. the detail about of cyber security.
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
Honeypot a trap to hackers
A presentation on Honeypot technique which are used to track the hacker's movement
Reading Group Presentation: The Power of Procrastination
This presentation exposes the current threat model of execution stalling malicious code, and multiple pointers to relevant academic research in analysis. I presented these works to a weekly Security and Privacy reading group.
The academic proceeding can be found here:
www.syssec-project.eu/media/page-media/3/hasten-ccs11.pdf
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet: Analysis of Outbound Malware Communication, Stephan Chenette, Principal Security Researcher, (@StephanChenette) & Armin Buescher, Security Researcher
With advanced malware, targeted attacks, and advanced persistent threats, it’s not IF but WHEN a persistant attacker will penetrate your network and install malware on your company’s network and desktop computers. To get the full picture of the threat landscape created by malware, our malware sandbox lab runs over 30,000 malware samples a day. Network traffic is subsequently analyzed using heuristics and machine learning techniques to statistically score any outbound communication and identify command & control, back-channel, worm-like and other types of traffic used by malware.
Our talk will focus on the setup of the lab, major malware families as well as outlier malware, and the statistics we have generated to give our audience an exposure like never before into the details of malicious outbound communication. We will provide several tips, based on our analysis to help you create a safer and more secure network.
Stephan Chenette is a principal security researcher at Websense Security Labs, specializing in research tools and next generation emerging threats. In this role, he identifies and implements exploit and malcode detection techniques.
Armin Buescher is a Security Researcher and Software Engineer experienced in strategic development of detection/prevention technologies and analysis tools. Graduated as Dipl.-Inf. (MSc) with thesis on Client Honeypot systems. Interested in academic research work and published author of security research papers.
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
Did you know that today's cyber threat landscape costs companies BILLIONS in damages each year?
We want to help protect your company, employees and customers from the rising threat landscape!
This presentation includes:
• The state of cybersecurity and the threat landscape
• How a threat-focused approach is changing the ability to detect and respond to breaches
• How to develop a security game plan around a proven process
• How to automatically defend your network with Cisco’s Advanced Malware Protection (AMP)
http://www.utgsolutions.com/solutions/security-compliance
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and Abroad
http://blog.mazinahmed.net/2016/10/bug-bounty-hunting-swiss-cyber-storm.html
Workshop on Network Security
@skeptic_fx (Ahamed Nafeez) and I conducted a National Level Workshop on Network and Web Security on August 11th, 2010 during our third year BE CSE.
Thinking Outside the Sand[box]
Kyle Adams - Chief Software Architect for Junos Web App Secure - presents at San Francisco's BSides 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Splunk Live in RTP - March-2014-Jeff-Bollinger-Cisco
How Cisco Infosec uses Splunk to develop and execute their Incident Response playbook strategy.
Man in the Binder
Big Brother is watching. His name is Binder.
Binder is the only vehicle of inter process communication in Android, making it a prime target for attackers.
We'll provide a review of this sophisticated and little known mechanism, describe the multitude of dangers in its compromise and demonstrate several Binder-based data manipulation and theft attacks.
In depth (presentation outline):
* The Android malware world lags behind the PC in sophistication, but rapidly catching up. We believe the next generation of mobile malware is soon to come, and the Binder is a natural target.
* Binder Background (what makes it special?):
- The peculiarity of Android's architecture: on the idea of a userland OS built on top of the Linux kernel, and how Binder is critical to this concept.
- The inevitable security trade-off in Android: Minimizing the attack surface against the kernel, at the cost of introducing Binder as a classic single-point-of-control.
- How a developer sees the Binder (spoiler: he doesn't).
* In depth Binder mechanics (how does it work?):
- A detailed look at the data structures, classes and functions which define the behaviour of Binder, with a special focus on security-critical areas.
- Hooking Binder: How and where to control Android's IPC mechanism.
- Looking at the raw data travelling through Binder, and how to sift through it to find the interesting stuff (passwords, keyboard input, SMS, sound and many more).
- Why modern mobile AVs are having a hard time detecting these methods of operation.
* (Demonstrations) Comparing the "naive malware" approach and Man in the Binder philosophy to:
-> Logging keyboard input.
-> Capturing data sent between Activities.
-> Modifying sensitive information at runtime (i.e. faking a financial transaction, banking-trojan style).
* Mitigation:
- Why code obfuscation and app wrapping won't help you.
- Encrypting your data before it leaves the process (even within the same app!).
- Example: using an in-app keyboard securely.
We believe that this is ground-breaking work that has not been properly researched before: Binder’s central position in the Android architecture means that it is likely to become heavily attacked in the next few years. By shining a bright light on this topic, our research is a significant contribution to the security of the Android platform as a whole.
An earlier version of this research was presented at Black Hat Europe 2014 and Kaspersky SAS2015.
A white paper of the results up until a few months ago can be found here: https://www.blackhat.com/docs/eu-14/materials/eu-14-Artenstein-Man-In-The-Binder-He-Who-Controls-IPC-Controls-The-Droid.pdf
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
As presented in DroidCon Tel Aviv 2015
http://il.droidcon.com
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Ransomware ist nicht mehr nur ein auf Privatanwender ausgerichtetes Ärgernis, sondern hat sich zu einer ernstzunehmenden Bedrohung für Unternehmen und Regierungseinrichtungen entwickelt.
In unserem Webinar können Sie mehr darüber herausfinden, was Ransomware genau ist und wie es funktioniert. Anschliessend zeigen wir Ihnen das Ganze in einer Live Demo mit Daten aus einer Windows Ransomware Infektion.
Detailliert zeigen wir Ihnen:
- wie Sie mit Splunk Enterprise Ransomware IOCs "jagen"
- wie Sie Malicious Endpoint Verhalten aufdecken
- Abwehrstrategien
LLM App Hacking (AVTOKYO2023)
How to hack a LLM-integrated system using prompt injection.
This is the slide-deck that I used for AVTOKYO 2023.
More Related Content
Similar to Honeypot Spotted
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
Honeypot a trap to hackers
A presentation on Honeypot technique which are used to track the hacker's movement
Reading Group Presentation: The Power of Procrastination
This presentation exposes the current threat model of execution stalling malicious code, and multiple pointers to relevant academic research in analysis. I presented these works to a weekly Security and Privacy reading group.
The academic proceeding can be found here:
www.syssec-project.eu/media/page-media/3/hasten-ccs11.pdf
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet: Analysis of Outbound Malware Communication, Stephan Chenette, Principal Security Researcher, (@StephanChenette) & Armin Buescher, Security Researcher
With advanced malware, targeted attacks, and advanced persistent threats, it’s not IF but WHEN a persistant attacker will penetrate your network and install malware on your company’s network and desktop computers. To get the full picture of the threat landscape created by malware, our malware sandbox lab runs over 30,000 malware samples a day. Network traffic is subsequently analyzed using heuristics and machine learning techniques to statistically score any outbound communication and identify command & control, back-channel, worm-like and other types of traffic used by malware.
Our talk will focus on the setup of the lab, major malware families as well as outlier malware, and the statistics we have generated to give our audience an exposure like never before into the details of malicious outbound communication. We will provide several tips, based on our analysis to help you create a safer and more secure network.
Stephan Chenette is a principal security researcher at Websense Security Labs, specializing in research tools and next generation emerging threats. In this role, he identifies and implements exploit and malcode detection techniques.
Armin Buescher is a Security Researcher and Software Engineer experienced in strategic development of detection/prevention technologies and analysis tools. Graduated as Dipl.-Inf. (MSc) with thesis on Client Honeypot systems. Interested in academic research work and published author of security research papers.
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
Did you know that today's cyber threat landscape costs companies BILLIONS in damages each year?
We want to help protect your company, employees and customers from the rising threat landscape!
This presentation includes:
• The state of cybersecurity and the threat landscape
• How a threat-focused approach is changing the ability to detect and respond to breaches
• How to develop a security game plan around a proven process
• How to automatically defend your network with Cisco’s Advanced Malware Protection (AMP)
http://www.utgsolutions.com/solutions/security-compliance
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and Abroad
http://blog.mazinahmed.net/2016/10/bug-bounty-hunting-swiss-cyber-storm.html
Workshop on Network Security
@skeptic_fx (Ahamed Nafeez) and I conducted a National Level Workshop on Network and Web Security on August 11th, 2010 during our third year BE CSE.
Thinking Outside the Sand[box]
Kyle Adams - Chief Software Architect for Junos Web App Secure - presents at San Francisco's BSides 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
Splunk Live in RTP - March-2014-Jeff-Bollinger-Cisco
How Cisco Infosec uses Splunk to develop and execute their Incident Response playbook strategy.
Man in the Binder
Big Brother is watching. His name is Binder.
Binder is the only vehicle of inter process communication in Android, making it a prime target for attackers.
We'll provide a review of this sophisticated and little known mechanism, describe the multitude of dangers in its compromise and demonstrate several Binder-based data manipulation and theft attacks.
In depth (presentation outline):
* The Android malware world lags behind the PC in sophistication, but rapidly catching up. We believe the next generation of mobile malware is soon to come, and the Binder is a natural target.
* Binder Background (what makes it special?):
- The peculiarity of Android's architecture: on the idea of a userland OS built on top of the Linux kernel, and how Binder is critical to this concept.
- The inevitable security trade-off in Android: Minimizing the attack surface against the kernel, at the cost of introducing Binder as a classic single-point-of-control.
- How a developer sees the Binder (spoiler: he doesn't).
* In depth Binder mechanics (how does it work?):
- A detailed look at the data structures, classes and functions which define the behaviour of Binder, with a special focus on security-critical areas.
- Hooking Binder: How and where to control Android's IPC mechanism.
- Looking at the raw data travelling through Binder, and how to sift through it to find the interesting stuff (passwords, keyboard input, SMS, sound and many more).
- Why modern mobile AVs are having a hard time detecting these methods of operation.
* (Demonstrations) Comparing the "naive malware" approach and Man in the Binder philosophy to:
-> Logging keyboard input.
-> Capturing data sent between Activities.
-> Modifying sensitive information at runtime (i.e. faking a financial transaction, banking-trojan style).
* Mitigation:
- Why code obfuscation and app wrapping won't help you.
- Encrypting your data before it leaves the process (even within the same app!).
- Example: using an in-app keyboard securely.
We believe that this is ground-breaking work that has not been properly researched before: Binder’s central position in the Android architecture means that it is likely to become heavily attacked in the next few years. By shining a bright light on this topic, our research is a significant contribution to the security of the Android platform as a whole.
An earlier version of this research was presented at Black Hat Europe 2014 and Kaspersky SAS2015.
A white paper of the results up until a few months ago can be found here: https://www.blackhat.com/docs/eu-14/materials/eu-14-Artenstein-Man-In-The-Binder-He-Who-Controls-IPC-Controls-The-Droid.pdf
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
As presented in DroidCon Tel Aviv 2015
http://il.droidcon.com
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Ransomware ist nicht mehr nur ein auf Privatanwender ausgerichtetes Ärgernis, sondern hat sich zu einer ernstzunehmenden Bedrohung für Unternehmen und Regierungseinrichtungen entwickelt.
In unserem Webinar können Sie mehr darüber herausfinden, was Ransomware genau ist und wie es funktioniert. Anschliessend zeigen wir Ihnen das Ganze in einer Live Demo mit Daten aus einer Windows Ransomware Infektion.
Detailliert zeigen wir Ihnen:
- wie Sie mit Splunk Enterprise Ransomware IOCs "jagen"
- wie Sie Malicious Endpoint Verhalten aufdecken
- Abwehrstrategien
Similar to Honeypot Spotted (20)
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Reading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of Procrastination
SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Splunk Live in RTP - March-2014-Jeff-Bollinger-Cisco
Splunk Live in RTP - March-2014-Jeff-Bollinger-Cisco
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
More from Shota Shinogi
LLM App Hacking (AVTOKYO2023)
How to hack a LLM-integrated system using prompt injection.
This is the slide-deck that I used for AVTOKYO 2023.
HamaCTF WriteUp (Unpack category)
HamaCTF2019で出題したアンパック問題の解説です。x64dgbを用いています。
HamaCTF2019はhttp://hamactf.cf(206.189.87.180)でチャレンジできます。
RISEconf 2015 UNOFFICIAL Schedule
This is made from this schedule (https://riseconf.com/schedule) to make clear the parallel sessions.
There is no guarantee that this is up-to-date. If you find any mistake, please point me out.
ShinoBOT Suite
ShinoBOT Suite is a cyber attack campaign simulator. This slide was presented at the Black Hat USA 2014 Arsenal.
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT, the BOT/RAT simulator.
More from Shota Shinogi (11)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Recently uploaded
UiPath Test Automation using UiPath Test Suite series, part 4
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Elevating Tactical DDD Patterns Through Object Calisthenics
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Key Trends Shaping the Future of Infrastructure.pdf
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI)
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA Connect
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Accelerate your Kubernetes clusters with Varnish Caching
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head of Product, Amazon Games
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
By Design, not by Accident - Agile Venture Bolzano 2024
As presented at the Agile Venture Bolzano, 4.06.2024
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovation With Your Product by VP of Product Design, Warner Music Group
When stars align: studies in data quality, knowledge graphs, and machine lear...
Keynote at DQMLKG workshop at the 21st European Semantic Web Conference 2024
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Recently uploaded (20)
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Honeypot Spotted
- 2. ABOUT ME • @Sh1n0g1 • Security Researcher of Macnica Networks Corp. • Malware Simulator Developer
- 3. Malware Simulators • Backdoor Simulator – ShinoBOT – ShinoBOT.ps1 • APT Simulator – ShinoBOT Suite • Ransomware Simulator – ShinoLocker • ICS Malware Simulator – ShinoICS (not published yet) https://shinosec.com
- 4. QUESTION? • How do the honeypots, malware analysis systems, sandboxes look like from the attacker's point of view?
- 10. BIG DATA ANALYTICS(hostname vs ip) (n=5000)
- 11. Small Cluster
- 20. "TO BE SPOTTED" does matter? • Yes • The attacker will create next malware which avoids to be run on the honeypots/malware analytics system/sandboxes
- 21. CONCLUSION • Make your Honey pot "human-y" ≒ dirty • Make your Honey pot "random" • Use an IP address which does not related with you – Cloud service should be good