New publication from Xavier Roussel, Junior Security Analyst, High-Tech Bridge: In-Memory Fuzzing with Java https://www.htbridge.com/publications/in_memory_fuzzing_with_java.html
During this presentation at Information Security Day for ISACA Luxembourg Chapter, Frédéric BOURLA presented most memory manipulation tricks from both offensive and defensive angles.
3 Demo videos available on publication page, original URL: https://www.htbridge.com/publications/manipulating_memory_for_fun_and_profit.html
Hepatitis C virus infection and type 2 diabetes mellitus in Mexican patients. Erwin Chiquete, MD, PhD
34. Chiquete E, Ochoa-Guzmán A, García-Lamas L, Anaya-Gómez F, Gutiérrez-Manjarrez JI, Sánchez-Orozco LV, Godínez-Gutiérrez SA, Maldonado M, Román S, Panduro A. Hepatitis C virus infection and type 2 diabetes mellitus in Mexican patients. Rev Med Inst Mex Seguro Soc. 2012;50(5):481-6. [PMID: 23282259]
During this presentation at Information Security Day for ISACA Luxembourg Chapter, Frédéric BOURLA presented most memory manipulation tricks from both offensive and defensive angles.
3 Demo videos available on publication page, original URL: https://www.htbridge.com/publications/manipulating_memory_for_fun_and_profit.html
Hepatitis C virus infection and type 2 diabetes mellitus in Mexican patients. Erwin Chiquete, MD, PhD
34. Chiquete E, Ochoa-Guzmán A, García-Lamas L, Anaya-Gómez F, Gutiérrez-Manjarrez JI, Sánchez-Orozco LV, Godínez-Gutiérrez SA, Maldonado M, Román S, Panduro A. Hepatitis C virus infection and type 2 diabetes mellitus in Mexican patients. Rev Med Inst Mex Seguro Soc. 2012;50(5):481-6. [PMID: 23282259]
Cerebral Venous Thrombosis in a Mexican Multicenter Registry of Acute Cerebro...Erwin Chiquete, MD, PhD
Background: Cerebral venous thrombosis (CVT) is a rare form of cerebrovascular
disease that is usually not mentioned in multicenter registries on all-type acute
stroke. We aimed to describe the experience on hospitalized patients with CVT in
a Mexican multicenter registry on acute cerebrovascular disease. Methods: CVT
patients were selected from the RENAMEVASC registry, which was conducted
between 2002 and 2004 in 25 Mexican hospitals. Risk factors, neuroimaging,
and 30-day outcome as assessed by the modified Rankin scale (mRS) were analyzed.
Results: Among 2000 all-type acute stroke patients, 59 (3%; 95% CI, 2.3-3.8%) had
CVT (50 women; female:male ratio, 5:1; median age, 31 years). Puerperium (42%),
contraceptive use (18%), and pregnancy (12%) were the main risk factors in women.
In 67% of men, CVTwas registered as idiopathic, but thrombophilia assessment was
suboptimal. Longitudinal superior sinus was the most frequent thrombosis location
(78%). Extensive (.5 cm) venous infarction occurred in 36% of patients. Only 81% of
patients received anticoagulation since the acute phase, and 3% needed decompressive
craniectomy. Mechanical ventilation (13.6%), pneumonia (10.2%) and systemic
thromboembolism (8.5%) were the main in-hospital complications. The 30-day case
fatality rate was 3% (2 patients; 95% CI, 0.23-12.2%). In a Cox proportional hazards
model, only age ,40 years was associated with a mRS score of 0 to 2 (functional independence;
rate ratio, 3.46; 95% CI, 1.34-8.92). Conclusions: The relative frequency
of CVT and the associated in-hospital complications were higher than in other registries.
Thrombophilia assessment and acute treatment was suboptimal. Young age
is the main determinant of a good short-term outcome.
Sennheiser Hear Real Sound Experience "Vany Hilman Ghifary"Vany Hilman Ghifary
It's an activation program to Provide knowledge to the costomer that the Sennheiser product can give the best sound quality in it’s class, Establish stakeholder confidence, pride and ownership of the Sennheiser as a good audio equipment.
Everybody knows Javascript is single-threaded and that it shares this same thread with other browser-related processes such as painting and compositing. There are several techniques to implement pseudo multithreading in JavaScript; however, during this talk we will focus our attention on how to use and debug the Service Worker API. Our end goal is to explore practical use cases in order to simplify the process to render complex user interfaces and transitions in a browser.
In November 2012 High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. Details of the vulnerabilities were disclosed in April 2013. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.
Link to publication: https://www.htbridge.com/publications/novell_groupwise_untrusted_pointer_dereference_exploitation.html
Slides prepared for the worksop at the Macao Polytechnic Institute on 5th April, 2016.
Please get examples from the following URL:
https://github.com/kotobuki/esp8266_examples
Slides prepared for the worksop at the Macao Polytechnic Institute on 5th April, 2016.
Please get examples from the following URL:
https://github.com/kotobuki/esp8266_examples
Cerebral Venous Thrombosis in a Mexican Multicenter Registry of Acute Cerebro...Erwin Chiquete, MD, PhD
Background: Cerebral venous thrombosis (CVT) is a rare form of cerebrovascular
disease that is usually not mentioned in multicenter registries on all-type acute
stroke. We aimed to describe the experience on hospitalized patients with CVT in
a Mexican multicenter registry on acute cerebrovascular disease. Methods: CVT
patients were selected from the RENAMEVASC registry, which was conducted
between 2002 and 2004 in 25 Mexican hospitals. Risk factors, neuroimaging,
and 30-day outcome as assessed by the modified Rankin scale (mRS) were analyzed.
Results: Among 2000 all-type acute stroke patients, 59 (3%; 95% CI, 2.3-3.8%) had
CVT (50 women; female:male ratio, 5:1; median age, 31 years). Puerperium (42%),
contraceptive use (18%), and pregnancy (12%) were the main risk factors in women.
In 67% of men, CVTwas registered as idiopathic, but thrombophilia assessment was
suboptimal. Longitudinal superior sinus was the most frequent thrombosis location
(78%). Extensive (.5 cm) venous infarction occurred in 36% of patients. Only 81% of
patients received anticoagulation since the acute phase, and 3% needed decompressive
craniectomy. Mechanical ventilation (13.6%), pneumonia (10.2%) and systemic
thromboembolism (8.5%) were the main in-hospital complications. The 30-day case
fatality rate was 3% (2 patients; 95% CI, 0.23-12.2%). In a Cox proportional hazards
model, only age ,40 years was associated with a mRS score of 0 to 2 (functional independence;
rate ratio, 3.46; 95% CI, 1.34-8.92). Conclusions: The relative frequency
of CVT and the associated in-hospital complications were higher than in other registries.
Thrombophilia assessment and acute treatment was suboptimal. Young age
is the main determinant of a good short-term outcome.
Sennheiser Hear Real Sound Experience "Vany Hilman Ghifary"Vany Hilman Ghifary
It's an activation program to Provide knowledge to the costomer that the Sennheiser product can give the best sound quality in it’s class, Establish stakeholder confidence, pride and ownership of the Sennheiser as a good audio equipment.
Everybody knows Javascript is single-threaded and that it shares this same thread with other browser-related processes such as painting and compositing. There are several techniques to implement pseudo multithreading in JavaScript; however, during this talk we will focus our attention on how to use and debug the Service Worker API. Our end goal is to explore practical use cases in order to simplify the process to render complex user interfaces and transitions in a browser.
In November 2012 High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. Details of the vulnerabilities were disclosed in April 2013. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.
Link to publication: https://www.htbridge.com/publications/novell_groupwise_untrusted_pointer_dereference_exploitation.html
Slides prepared for the worksop at the Macao Polytechnic Institute on 5th April, 2016.
Please get examples from the following URL:
https://github.com/kotobuki/esp8266_examples
Slides prepared for the worksop at the Macao Polytechnic Institute on 5th April, 2016.
Please get examples from the following URL:
https://github.com/kotobuki/esp8266_examples
iOS Bootcamp: learning to create awesome apps on iOS using Swift (Lecture 7)Jonathan Engelsma
This lecture looks at multithreading and networking in Swift on iOS. We discuss why these concepts are important in the context of iOS programming and then demonstrate how the concepts are properly applied.
This lecture is part of a course intended to be an intensive and very compressed deep dive into iOS development in Swift. Visit the course web page to get copies of the course outline, lecture notes, sample code, etc.
Course website: http://www.themobilemontage.com/2015/05/12/ios-bootcamp-learning-to-create-awesome-apps-on-ios-using-swift/
Manipulating Memory for Fun and ProfitJovi Umawing
** NOT MINE **
I'm sharing the slides of Frédéric Bourla, chief security specialist of High-Tech Bridge, during ISACA in Luxembourg. This was originally shared by Mila Parkour (@snowfl0w) over at Contagion.
Simple architecture principles expressed in twelve "factors" can prepare the application for simple deployment into diverse environments, infrastructures, platforms.
Fuzzing is the art of knowing how to put heavy pressure on software in order to find security vulnerabilities. Fuzzing frameworks have been among us since many years. Some of them have made the difference and been adopted by well-known computer security researchers. This paper is an introduction to the fascinating world of fuzzing by exploring the awesome Sulley Fuzzing Framework. We also intend to demonstrate how quick and easy it could be to find security breaches and weaknesses in nowadays software.
Link to publication: https://www.htbridge.com/publications/fuzzing_an_introduction_to_sulley_framework.html
Moxa white paper---Using Sample Code to Develop Embedded ApplicationsDigital River
Using Sample Code to Develop Embedded Applications
Saves Time and Keeps Bugs at a Minimum
See More Embedded Computer White Papers by Visiting http://www.moxa.com/Resource/whitepapers.aspx
Quick introduction about Node.js, what is it? What is Node not?
What is V8 engine?
How to Install Node.js
github: https://github.com/elbassel/MEAN-Training.git
When it comes to Microsoft .NET-connected development, more and more frameworks are entering the market, both from Microsoft and from open source. Think of ASP.NET MVC, Castle, Windows Workflow Foundation (WF), Entity Framework, Unity, Linq2SQL, ADO.NET Data Services, Windows Communication Foundation (WCF), nHibernate, Spring.NET, CSLA, NUnit, Enterprise Library, MEF or ADF.
Once you apply one or more frameworks to a project, the trouble begins. What if you require features that aren’t implemented in the framework? What if you decide that another framework would have been better and want to switch halfway through your project? What if the author of your favorite open source framework suddenly stops developing? What if the framework contains bugs or omissions? And what if a new version of the framework is released that is implemented differently?
These and many more everyday problems can bring your project a halt, or at least require serious refactoring. During this highly interactive talk, Sander Hoogendoorn, chief architect of Capgemini’s agile Accelerated Delivery Platform and member of Microsoft’s Partner Advisory Council .NET, demonstrates pragmatic architectures and patterns that will help your projects avoid framework issues and to keep code independent of framework choices. Sander presents models of layered architectures, and looks at applying bridge patterns, managers-providers, dependency injection, descriptors and layer super-types, accompanied by lots of demos and (bad) code examples using blocks from Microsoft’s Enterprise Library, NHibernate, Log4Net, and the Entity Framework.
Join this interactive discussion to share your experience of improving the structure and quality of your software architecture and code, and to discuss how to avoid common pitfalls of applying frameworks to .NET software development.
Hardware hacking hit the news quite often in 2017, and a lot of pentesters tried to jump into the band wagon and discover the joy of hacking things rather than servers or applications. But most of them are only looking for rootz shellz and p0wning embedded Linux operating systems rather than doing what we really call "hardware hacking". In this talk, we are going to hack a Bluetooth Low Energy smartlock, from its printed circuit board to a fully working exploit, as well as its (wait for it) associated mobile application you need to install to operate this thing.
This talk is not only an introduction into the field of hardware hacking, but also a good way to dive into electronics and its specific protocols, and of course into microcontrollers and System-on-chip reverse engineering. We will cover some electronics basic knowledge as well as tools and classic methodologies when it comes at analyzing an IoT device and will provide tips and tricks based on our experience but our failures too.
In our interconnected world, users are everyday facing an hostile environment, even if most of them are usually not aware of the underlying risks. During his talk at 4th brokers forum which occurred in Chavannes-de-Bogis, Frederic BOURLA presented some of the threats which could deadly impact brokers businesses. This short talk is a basic and visual security awareness initiation for brokers and insurers.
Source: https://www.htbridge.com/publications/welcome_to_the_world_wild_web.html
Before the 30th of May 2012 attackers were exploiting a new Microsoft Internet explorer 0day... See more at source page: https://www.htbridge.com/publications/cve_2012_1889_microsoft_xml_core_services_uninitialized_memory_vulnerability.html
Through a real case study, we will explore the complexity of such attacks which endanger today's businesses.
All: https://www.htbridge.ch/publications/cybercrime_in_nowadays_businesses_a_real_case_study_of_targeted_attack.html
This document addresses the major threats which face today's companies, from database exfiltration in DMZ to the Advanced Persistent Threats recently undergone inmany international organizations.
Read more: https://www.htbridge.ch/publications/frontal_attacks_from_basic_compromise_to_advanced_persistent_threat.html
Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows
Read more: https://www.htbridge.ch/publications/defeating_data_execution_prevention_and_aslr_in_windows_xp_sp3.html
Exploiting ActiveX components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers.
Full version: https://www.htbridge.ch/publications/become_fully_aware_of_the_potential_dangers_of_activex_attacks.html
Client-side vulnerabilities are among the biggest threats facing users.
Full version: https://www.htbridge.ch/publications/client_side_threats_anatomy_of_reverse_trojan_attacks.html
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.