Recent trends in 2014-15 in the IT field. Big shots from the major companies, including rumours of shift in focus to car manufacturing. Seamless integration between devices etc.
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
Breaking in is easy, real security is hard. Breaching the security of a Casino doesn't have to be as dramatic or dangerous as depicted in the Ocean's Eleven movies. In fact, by simply sitting in a hotel room of a Casino, hackers can find ways to breach the high security that Casino's have been known for. This type of attack has a simple goal: steal the Casino's money and cheat the system. All of this can be done without anyone seeing you and is much easier then walking directly into the Casino vault armed with guns and explosives.
In this presentation Tom Eston from SecureState walks us through some of the more interesting and exciting penetration tests his team have conducted. These include breaking into Casinos, Banks, Energy companies and other high security facilities (with permission of course). Tom's stories not only show how attackers break in but also show important lessons on how businesses can better secure their physical as well as network assets.
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...Shakacon
Communication protocols are core to computing devices. They have evolved from the traditional Serial and LAN ports to complex (and lightweight) protocols of today, such as Bluetooth Low Energy (BLE), ANT+, ZigBee, etc.
Bluetooth Low Energy (BLE) is a popular protocol of choice for low energy, low performance computing systems. While versions of the BLE specification prior to 4.2 allowed simple key mechanisms to encrypt the communication between connected nodes, the more recent specification of BLE (4.2) provides better channel encryption via the Secure Simple Pairing (SSP) mode to protect data against snooping and man-in-the-middle style attacks. These protocols are used extensively by wearables such as smart watches and activity trackers.
Most wearables work in conjunction with a companion mobile application running on a platform that supports BLE with the aforementioned security mechanisms. We looked at Android and iOS for our study. We observe that there are fundamental assumptions (leading security limitations) in the adoption of the BLE security specifications on these two platforms. Relying on the standard BLE APIs for Android and iOS may be insufficient and may even project a false sense of security. It is critical to understand the degree of security that the BLE specifications can offer, and clearly separate that from the developers’ responsibility to design application level security in order to assure confidentiality and integrity of data being transmitted between a wearable device and its companion application.
Microcontrollers as an emerging attack platform: Offense and Defense. Presentation was given at Philadelphia Region Electronic Crimes Task Force.
Presentation is intended to provide an overview of the new and emerging technologies that can be used to circumvent traditional anti-virus and malware detection software. Discussed techniques can also be used as a method for covert data exfiltration.
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
Breaking in is easy, real security is hard. Breaching the security of a Casino doesn't have to be as dramatic or dangerous as depicted in the Ocean's Eleven movies. In fact, by simply sitting in a hotel room of a Casino, hackers can find ways to breach the high security that Casino's have been known for. This type of attack has a simple goal: steal the Casino's money and cheat the system. All of this can be done without anyone seeing you and is much easier then walking directly into the Casino vault armed with guns and explosives.
In this presentation Tom Eston from SecureState walks us through some of the more interesting and exciting penetration tests his team have conducted. These include breaking into Casinos, Banks, Energy companies and other high security facilities (with permission of course). Tom's stories not only show how attackers break in but also show important lessons on how businesses can better secure their physical as well as network assets.
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...Shakacon
Communication protocols are core to computing devices. They have evolved from the traditional Serial and LAN ports to complex (and lightweight) protocols of today, such as Bluetooth Low Energy (BLE), ANT+, ZigBee, etc.
Bluetooth Low Energy (BLE) is a popular protocol of choice for low energy, low performance computing systems. While versions of the BLE specification prior to 4.2 allowed simple key mechanisms to encrypt the communication between connected nodes, the more recent specification of BLE (4.2) provides better channel encryption via the Secure Simple Pairing (SSP) mode to protect data against snooping and man-in-the-middle style attacks. These protocols are used extensively by wearables such as smart watches and activity trackers.
Most wearables work in conjunction with a companion mobile application running on a platform that supports BLE with the aforementioned security mechanisms. We looked at Android and iOS for our study. We observe that there are fundamental assumptions (leading security limitations) in the adoption of the BLE security specifications on these two platforms. Relying on the standard BLE APIs for Android and iOS may be insufficient and may even project a false sense of security. It is critical to understand the degree of security that the BLE specifications can offer, and clearly separate that from the developers’ responsibility to design application level security in order to assure confidentiality and integrity of data being transmitted between a wearable device and its companion application.
Microcontrollers as an emerging attack platform: Offense and Defense. Presentation was given at Philadelphia Region Electronic Crimes Task Force.
Presentation is intended to provide an overview of the new and emerging technologies that can be used to circumvent traditional anti-virus and malware detection software. Discussed techniques can also be used as a method for covert data exfiltration.
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
Cyber Security Tips for students_Deepak Deepak Khari
Cyber Security Tips for students_Deepak
It will help a students or a non technical user to understand cyber security threats, Its awareness and precautions require to protect.
This presentation was made by collecting all publicly available materials and it is purely for educational purpose. Author wants to thank each and every contributor of pictures, video, text in this presentation.
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
Tom Eston has spent quite a bit of time evaluating mobile applications. In this presentation he will provide the audience with a high level understanding of what the risks are, how to evaluate mobile applications and provide examples of how things have been done wrong. Tom has used a variety of the top 25 applications downloaded from the Apple App Store and Google Play to provide real world examples of the problems applications face. Tom has mapped out how these applications are vulnerable to the OWASP Mobile Top 10 security issues.
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
Cyber Security Tips for students_Deepak Deepak Khari
Cyber Security Tips for students_Deepak
It will help a students or a non technical user to understand cyber security threats, Its awareness and precautions require to protect.
This presentation was made by collecting all publicly available materials and it is purely for educational purpose. Author wants to thank each and every contributor of pictures, video, text in this presentation.
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
Tom Eston has spent quite a bit of time evaluating mobile applications. In this presentation he will provide the audience with a high level understanding of what the risks are, how to evaluate mobile applications and provide examples of how things have been done wrong. Tom has used a variety of the top 25 applications downloaded from the Apple App Store and Google Play to provide real world examples of the problems applications face. Tom has mapped out how these applications are vulnerable to the OWASP Mobile Top 10 security issues.
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
Computer , Internet and physical security.Ankur Kumar
It refers to protection of a computer and the information stored in it, from the unauthorised users.
Computer security is a branch of computer technology known as information security as applied to computers and networks.
"I haz you and pwn your maal" by Harsimran Walia @b44nz0r at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
Anonymization techniques are a double-edged sword invention as they can be used by journalists to communicate more safely with whistle blowers or by malicious users to commit cyber-crimes without getting caught but the problem is that neither party is anonymous nor safe from being exposed. In the presentation Mohamed discussed a tool that he developed "dynamicDetect" to de-anonymize TOR clients and browsers and abstracting the user's original IP address and fingerprint. The tool then uses this information as a launchpad to perform defensive and offensive against that TOR user.
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
This series in about the Entrepreneurial and E-Commerce opportunities and how to harness the power of Information Technology to improve or revolutionize business.
This session discusses about:
the types of threats that could occur to an e-commerce business, and what are the prevention methods and technologies available for such threats.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
3. Unix / Mac OS /OS X
• Unix (all-caps UNIX for the trademark) is a
family of multitasking, multiuser computer
operating systems that derive from the
original AT&T Unix, developed in the 1970s
at the Bell Labs research centre by Ken
Thompson, Dennis Ritchie, and others
• Permission technology and also the user
groups sandboxing.
• Root / superuser sandboxing
• Virus adaptability better than its competitors.
4. Windows
• It is the most commonly
used OS world wide.
• It was developed by
Microsoft
• It uses DLL and registry
model.
• It uses a user access
control system.
5. Linux
• Linux is a Unix-like and mostly POSIX-
compliant computer operating system
assembled under the model of free and
open-source software development and
distribution. The defining component of Linux
is the Linux kernel,an operating system
kernel first released on 5 October 1991 by
Linus Torvalds.
• Almost all the security measures of that of
Unix.
• Ubuntu
• Mint
• Fedora
• Red hat
9. Password
• Its a simple mechanism to know whether the user is
genuine
• It may include letters numbers and may be in some cases
the special characters
• Password of the future may include the physical
verification
• extended security through 2 step verification.
• Password mangers to help you for password management
10. Precautions for password
• Different password for each and every website
• Avoid managers but too many passwords mean managers
• Use long passwords and avoid 123456, Password , Incorrect etc
• Avoid using meaningful words.
• use multilingual password
• Enable 2 step verification for the Gmail iCloud and available services
• Enable notification for Facebook and authenticators for generating a
2nd layer security.
11. • using passwords like these would ensure your computers are
safe but as said earlier MEMORY?
• Change the password in every 72-90 days
• Make sure you log out of the online services after use.
enable auto sign in the computers you have complete
control on.
• enable guest users for the computers and for mobiles .
• use incognito mode when ever you want your searches
traceless
• Clear the cookies and the history every 2 months.
• Avoid auto login saves time but your safety?
13. iOS
• iphone os - iOS
• Developed based on unix
• used by apple closed coded
• Benefits of sandboxing
• limitation slow roll out of features
• Fast updates
14. Android
• Freedom
• users mode
• customise the appearance
• easier access to the google services including the mail
the contacts the calendar system
• drawbacks too much resource allocation.
• Hacking prone
15. Windows Phone
• Better than windows mobile
• Fast growing
• Benefits of the existing users
• easier to learn for the majority of the users
• hugely inspired the windows 8/8.1 and the windows
10
16. • There are other Mobile OS available like ubuntu,
sailfish, Tizen and many more.
• But then why is it that they are not popular?
• Not well developed App stores - the hardware
companies want to go with the tried and tested
• the os will require a specific hardware and
• best is already used.
18. – Fred Durst
“If you wanna know how not secure you are,
just take a look around. Nothing's secure.
Nothing's safe. I don't hate technology, I don't
hate hackers, because that's just what comes
with it, without those hackers we wouldn't solve
the problems we need to solve, especially
security.”
19. Black Hat Hacker
• Dont follow rules
• Doesn't do hacking for approved reasons
• Malicious codes / virus
• Violates computer security
20. White Hat Hackers
• Computer Security
• Improves Security and Services
• Hacks with the permission of the user.
21. Hactivists
• The story of Anonymous
• The NSA
• The Digital Terrorism.
• Does Good / Bad
23. Virus
• A program that can replicate by itself and can
spread from one computer to another with out the
input from the creator
• Needs a host program
• The purpose for the virus can be different or it can
be used for any purpose eg kali linux payload
management
24. Computer Worms
• It is similiar to virus and can replicate through
network
• It is a self sustaining program doesn't need to be
attached with any of the programs
• Common symptoms include overall sluggishness in
the os and the slowness in the network due to
increase bandwith consumption.
25. Trojan Horse
• One of the most irritating programs in the computer
world.
• Inspiration from the TROY story
• Does something entirely different from what it is
suppose to do tricks the user. Started as a greeting card
virus.
• Commonly used to hack and steal information from the
users commonly used in keyloggers. Hence it is called
social engineering toolkit.
26. Types of hacking
• Password cracking : it can be done in 2 ways through
brute force or through dictionary guessing.
• Packet sniffing : all information through the internet
always passes through as packets and thus softwares like
wireshark can sniff the packet data and hence get the
information
• Phishing : My most favourite method of hacking
because requires very less work and then fool the
customers into giving their information. CLONING the
website.
27. Types of Hacking
• Rootkit: Software that can hid the unwanted process from seeing
in the windows task manger.
• Key loggers : if you have access to the computer installing a key
loggers can provide all that is typed in that computer. taps in to the
typing in the computer.
• Scareware/ransomware: Commonly disguise as an antivirus
making you pay for the security or for providing information.
Credit card informations !!!
• IP spoofing / MAC address cloning : use the id of some other
person and avoid being detected in the hacked network to avoid
the forensic detection.
28. Free advice
• Always protect your system with an antivirus !!!!!!!
and keep it updated.
• use cloud antivirus
• never use a cracked system or a cracked antivirus.
• it affects your motherboard and also your security.
30. Who wants 1 device ?
• Apple with iPod, iPad ,iPhone, mac, apple tv car play home kit
and apple watch.
• Google with chrome books chrome cast android and other
services like the google glass and even internet itself- project loom
android wear
• Windows with laptops, phones,xbox surface tabs and surface TV
and Zune players, Office.
• All want not one device but your complete home and the
complete ecosystem
• the maximum effects come with the maximum devices
34. • Wireless charging
• Hands free control
• 3D projectors
• 3D Printers - Guess what chicken of the future will
be printed.
• Robotic skeletons for army.
• Control the home from Anywhere in the world
through Home kit.
• Free and wireless payments through NFC.
36. Finger Print Scanner
• It is simple
• uses a unique design
• Much safer than the face recognition
• Partial and complete recognition of the finger print
• Safe place to store the data
• Can carry along where ever you go
• But not hack free
• Sensors inaccurate to detect a finger or differentiate from an animal
• Good for making authentication for the payments.
37.
38. USB Tokenisation
• A single usb key
• No passwords
• Connect the USB
• Incorruptible Data ROM storage.
• Best used in offices, for authentication.
39.
40. iris recognition system.
• the most secure in the world
• error rate is high
• requires very good sensors
• Used for very high security measures in the military
• mass usage still in testing
• Checking for the possibilities for the daily usage.
• inconvenient for almost daily usage.