The document discusses the Mirai botnet attacks of 2016 and subsequent variants. It provides details on:
1) The 2016 Mirai attack that took down major websites by exploiting vulnerabilities in IoT devices like IP cameras and routers.
2) How Mirai and other botnets work by compromising internet-connected devices into a botnet that can be used to launch DDoS attacks.
3) Updates on the evolution of Mirai variants that target new devices and architectures, incorporating more sophisticated techniques.
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
Social engineering and human error present the single biggest threat to companies in 2017. In fact, 60% of enterprise companies were targeted by social engineering attacks within the last year. As cyber security automation practices get better, attackers are increasingly relying on social engineering to make their way into systems and networks.
Visit- https://www.siemplify.co/
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
Targeted attacks need targeted Defense
What protocol should we use for CTI information exchange?
How should we describe our indicators of compromise
Structured threat information expression (STIX)
How we can keep information within our defined trust boundaries?
Where to store IOCs?
Threat Intelligence Feeds Lifecycle
How to measure the CTI process?
Malware Detection Using Data Mining Techniques Akash Karwande
Computer programs which have a destructive content and applied to systems from invader, are called malware and the systems on which this program are applied is called victim system .
Malwares are classified into several kinds based on behavior or attack methods.
IoT stands for Internet of Things.The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
IoT Security Training covers The Internet of Things security and examines IoT conventions, potential dangers, vulnerabilities, misuse, information breaks, security system and alleviation. IoT security training, Internet of Things (IoT) devices Include: manufacturers, retailers in customer hardware, social insurance, processing plant production network stockrooms, transportation offices and numerous others.
Learn about:
IoT Principles: The Internet of Things Overview
Principles for Connected Devices
IoT Design Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation and Testing
IoT Security Assessment on IoT devices
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface
Vulnerabilities and exploiting the vulnerabilities
Course Topics Include:
Overview and analysis of IoT devices and IoT implementation use cases
IoT Architecture
IoT Architectural and Design Requirements
IoT Security Fundamentals
IoT Security Standards
NIST Framework: Cyber Physical Systems
IoT Governance and Risk Management
IoT Security Compliance and Audit
IoT Encryption and Key Management
IoT Identity and Access Management IoT Security Challenges
IoT Security in Critical Infrastructure
IoT Security in Personal infrastructure
IoT Vulnerabilities
Wireless Security applied to IoT
ZigBee and Bluetooth Security
LTE and Mobile Security
Cloud-based web interface security
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
IoT SecurityTraining, IoT Security Awareness 2019
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
Metasploit framework can also be called as ‘Swiss Army knife ’ of penetration testers as it provides multiple exploit, customization, easy to redevelop according to the requirements of the system . To secure our system and prevent it from any type of threats , we should perform the penetration testing.
After massive hit of ransomware WannaCry. Check the basics of ransomware, protection and prevention tips. Find out history of ransomeware, spreading method, prevention tips in detail.
Social engineering and human error present the single biggest threat to companies in 2017. In fact, 60% of enterprise companies were targeted by social engineering attacks within the last year. As cyber security automation practices get better, attackers are increasingly relying on social engineering to make their way into systems and networks.
Visit- https://www.siemplify.co/
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
Targeted attacks need targeted Defense
What protocol should we use for CTI information exchange?
How should we describe our indicators of compromise
Structured threat information expression (STIX)
How we can keep information within our defined trust boundaries?
Where to store IOCs?
Threat Intelligence Feeds Lifecycle
How to measure the CTI process?
Malware Detection Using Data Mining Techniques Akash Karwande
Computer programs which have a destructive content and applied to systems from invader, are called malware and the systems on which this program are applied is called victim system .
Malwares are classified into several kinds based on behavior or attack methods.
IoT stands for Internet of Things.The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
IoT Security Training covers The Internet of Things security and examines IoT conventions, potential dangers, vulnerabilities, misuse, information breaks, security system and alleviation. IoT security training, Internet of Things (IoT) devices Include: manufacturers, retailers in customer hardware, social insurance, processing plant production network stockrooms, transportation offices and numerous others.
Learn about:
IoT Principles: The Internet of Things Overview
Principles for Connected Devices
IoT Design Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation and Testing
IoT Security Assessment on IoT devices
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface
Vulnerabilities and exploiting the vulnerabilities
Course Topics Include:
Overview and analysis of IoT devices and IoT implementation use cases
IoT Architecture
IoT Architectural and Design Requirements
IoT Security Fundamentals
IoT Security Standards
NIST Framework: Cyber Physical Systems
IoT Governance and Risk Management
IoT Security Compliance and Audit
IoT Encryption and Key Management
IoT Identity and Access Management IoT Security Challenges
IoT Security in Critical Infrastructure
IoT Security in Personal infrastructure
IoT Vulnerabilities
Wireless Security applied to IoT
ZigBee and Bluetooth Security
LTE and Mobile Security
Cloud-based web interface security
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
IoT SecurityTraining, IoT Security Awareness 2019
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
Metasploit framework can also be called as ‘Swiss Army knife ’ of penetration testers as it provides multiple exploit, customization, easy to redevelop according to the requirements of the system . To secure our system and prevent it from any type of threats , we should perform the penetration testing.
After massive hit of ransomware WannaCry. Check the basics of ransomware, protection and prevention tips. Find out history of ransomeware, spreading method, prevention tips in detail.
Cloud Security Engineering - Tools and TechniquesGokul Alex
Cloud Security Engineering Education Materials prepared by Gokul Alex. It covers the essential tools and techniques to protect cloud enterprise architectures and cloud information systems.
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
Discovery of TRISIS/TRITON was a landmark event in the Industrial Control Systems (ICS) security community. It is the fifth known ICS-specific malware (following Stuxnet, Havex, BlackEnergy2, and CRASHOVERRIDE), and the first such malware to specifically target safety instrumented systems. Since identification and public disclosure in early December 2017, much has been written on TRISIS, its operation, and mitigations; however, such mitigations are usually too specific to TRISIS and fall short in assisting defenders with safety systems other than a Schneider Electric Triconex. In May, Dragos discovered that XENOTIME, the activity group behind TRISIS, had expanded its targeting to North America and other safety systems. Given this new data, a generalized approach to safety system defense is critical knowledge for ICS security personnel. This discussion aims to provide such an approach to guarding safety systems. We will provide an overview of the TRISIS malware, including its installation, execution and modification to the controller. Next, we will break down the TRISIS event's specific tactics, techniques and procedures (TTPs) and generalize them across the ICS kill chain. Using this model, we provide present-day actionable defense strategies for asset owners, as well as guidance for forensics, restoration, and recovery should an attack be discovered. We also look to the future and recommend ways in which the state of the art can be improved by vendors and ICS owners to empower defenders with the information they need to stop future attacks.
Learn more here: https://www.dragos.com/blog/trisis/
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
Research shows that 25% of organizations have cryptojacking activity in their AWS, Azure, and GCP environments. Is yours one of them? While S3 buckets continue to dominate headlines, cryptojacking and other threats lay quietly behind the scenes. Learn about the latest cloud threats and arm yourself with effective countermeasures.
Yesterday Pierluigi Paganini, CISO Bit4Id and founder Security Affairs, presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. The presentation highlights the security and privacy issues for the Internet of Things, a technology that is changing user’s perception of the technology.
Secure Application Development in the Age of Continuous DeliveryTim Mackey
As delivered at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
With the advent of IOT, Every 'Thing' is getting Smart, starting from the range of smartwatches, smart refrigerators, smart bulbs to smart car, smart healthcare, smart agriculture, smart retail, smart city and what not, even smart planet. But why is every thing getting smart? People are trying to bridge the gap between Digital World & Physical World by means of ubiquitous connectivity to Internet, and when digital things become physical, digital threats also become physical threats. Security & Privacy issues are rising as never before. What if the microphone in your smart TV can be used to eavesdrop the private communications in your bed room? What if a smart driverless car deliberately crashes itself into an accident? What if you want to be Anonymous over Internet and don't want anybody to track you?
This talk will focus on answering the above questions with a view on 'What are we currently doing to protect ourselves' and 'What we need to do'. What are the new security challenges that are coming up and how privacy & anonymity is taking the lead over security. The talk will also sensitive the audience about the paradigm shift that is happening in IOT DevOps, with help of Docker Containers and how they can be anonymised using TOR.
The latest massive IoT DDoS attack from the Mirai botnet that took major websites like Twitter and Reddit offline for hours – has already gained notoriety as one of the worst DDoS strikes in history.
In this webinar Manish Rai & Ty Powers of Great Bay Software will help you understand exactly how the enterprise IoT landscape is changing, and what it means for the assumptions organizations have been making in regards to safeguarding against IoT cyberattacks. You will:
Gain insights into how the recent IoT-based DDoS attacks were launched
How similar attacks could be launched inside enterprise networks
How to safeguard against IoT device compromises
How to reduce your risk, whose job is it anyway?
Learn about what your peers are doing for IoT device security, relevant findings from the 2016 Great Bay Software IoT Security Survey
Watch this ondemand webinar with this link: https://go.greatbaysoftware.com/owb-safeguarding-against-iot-ddos-attacks
Application security meetup k8_s security with zero trust_29072021lior mazor
The "K8S security with Zero Trust" Meetup is about K8s posture Management and runtime protection, ways to secure your software supply chain, Managing Attack Surface reduction, and How to secure K8s with Zero-Trust.
This presentation will introduce the Lockheed Martin Cyber Kill Chain and MITRE ATT&CK frameworks. By working through 4 different practical scenarios in a fictional company https://sensenet-library.com, the attendees will learn how they can use those frameworks to measure their security response in today's diverse security threat landscape. We'll go through categorising security controls, responding to a vulnerability report, assessing a threat intel report and decide on future of the company's toolset where you will be able to answer a question if you should continue investing in a tool or should you buy a new one.
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
According to Matthew Green, Zero-Knowledge Proofs are the most powerful tool cryptographers have ever devised. Find out why. Find out how ZKPs apply to identity proofing and authentication.
Presentation for September 2017 ISC2 Security Congress
Biometric Recognition for Multi-Factor Authentication
- Biological and Behavioral Biometrics
- Benefits and Issues
- What Every CISO Should Know
- Laws, Standards, and Guidelines
- How to Measure Biometric Recognition
- Attack Vectors
- Multimodal Biometric Recognition
- Continuous Authentication with Biometrics
- Face ID Update
- The Future
In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.
Talk for Austin ISSA
What’s more accurate, face or iris?
What’s more secure, password or biometrics?
Is the US legal system up to the challenge?
Impact of EU GDPR and PSD2
Does NIST provide quantitative anti-spoofing requirements?
Will ISO/IEC define how to evaluate anti-spoofing for mobile devices?
Panel 4: Beyond Bugs: Embracing Security Features
How can startups go beyond bug hunting to implementing security features? This panel will consider how startups can overcome development challenges, such as impacts on performance, to embrace security features — like site-wide SSL/TLS, Content Security Policy, and multifactor authentication — that can protect consumers from threats proactively and help eliminate entire classes of vulnerabilities.
Moderator:
Katherine McCarron
Division of Privacy and Identity Protection, FTC
Panelists:
Robert Hansen
Vice President of WhiteHat Labs
WhiteHat Security
Clare Nelson
CEO
ClearMark Consulting
Caleb Queern
Manager
KPMG Cyber
OWASP AppSec USA 2015, San Francisco
How do you stump a multi-factor authentication vendor? Ask for a threat model.
This talk will help developers as well as CISOs make better authentication decisions. When we raise the bar, everyone wins.
Abstract: This presentation discusses multi-factor authentication, and what to look for if you are planning a product refresh, or implementing a solution for the first time. Since there are over 200 vendors, it is not easy to select the best solution for your needs. The goal of this presentation is to arm you with questions to ask, plus identify some suboptimal technologies to avoid. Your feedback to vendors will help them provide better, more secure products and services.
-
As German defense minister, Ursula von der Leyen can attest, fingerprints can be hacked. So can facial and other biometrics. Why, then, is biometric-based authentication so fashionable? Why did one of the largest insurance companies just announce it is rolling out fingerprint and facial recognition for its customers (while it uses Symantec VIP for internal employees)? Did product management and marketing conduct a study that concluded customers feel safer with fingerprint and facial?
Apple’s Touch ID, and VISA’s integration with it are shaping the fashionable trend faster than a Milan runway. Hopefully these short hemlines will fade soon. Apple’s senior vice president, Dan Riccio, irresponsibly claims, “Fingerprints are one of the best passwords in the world.” He probably understands it is easy to reset a password. He probably does not understand how hard it is to reset his fingerprints. Truly the inmates are running the asylum.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
2. Contents
1. 2016 Mirai attack
2. Botnets, DDoS
3. Current state of Mirai and Mirai variants
4. How detect and defend
5. September-October 2018 updates
• NISTIR Draft, Considerations for Managing
Internet of Things (IoT) Cybersecurity and
Privacy Risks
• California IoT Security Law
https://www.lexology.com/library/detail.aspx?g=8d4b1869-296d-4eaa-89b9-b4efb15adfcd
4. Botnets
Collection of internet-connected
devices that an attacker has
compromised
• Force multiplier for individual
attackers, cyber-criminal groups,
nation-states
• Disrupt or break into targets
systems
• Commonly used in DDoS attacks
• Collective computing power
o Send large volumes of spam
o Steal credentials at scale
o Spy on people and organizations
https://www.csoonline.com/article/3240364/hacking/what-is-a-botnet-and-why-they-arent-going-away-anytime-soon.html
https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html
Mirai-infected devices
5. Distributed Denial of Service (DDoS)
https://www.incapsula.com/blog/how-to-identify-a-mirai-style-ddos-attack.html
Botnet
Attack Nodes
Many vectors
• Layer 3, 4, and 7 attacks
• DNS attacks
• IoT Botnets
• New attacks
9. Mirai Targets
IP cameras, DVRs, home routers
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf
Unsophisticated Dictionary Attack
10. Mirai and the Minecraft Connection
https://www.cbronline.com/news/mirai-botnet
https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/
• Mirai attacked Minecraft servers
o Minecraft servers, lucrative
o Gain Minecraft advantage
• Targeted OVH, Minecraft DDoS
mitigation tools (VAC)
• Not nation-state attackers
o 21-year-old Rutgers college student
o 2 friends
• 200,000-300,000 infections
• Peak 600,000 devices
• Used variety of traffic
Graphic: https://minecraft.net/en-us/
“Targeted an entire range of IP addresses—not just one
particular server or website—enabling it to crush a
company’s entire network”
11. Mirai Operation
• Mirai bots scan the IPv4 address space for
devices that run telnet or SSH
o Log in using dictionary of hardcoded IoT
credentials
• Bot sends the victim IP address and
credentials to a report server, which
asynchronously triggers a loader to infect
the device
• Infected hosts scan for additional victims
and accept DDoS commands from a C2
server
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf
15. Mirai Variants
• Brian Krebs reported Mirai precursors
o Bashlite, Gafgyt, Qbot (2014), Remaiten, Torlus
• Satori, also known as Masuta, and DaddysMirai
include the original Mirai vectors but removed
the HTTP attack
• Orion is an exact copy of the original Mirai attack
table (and just like Mirai, has abandoned the
PROXY attack)
• Owari added two new vectors, STD and XMAS
https://www.zdnet.com/article/meet-torii-a-new-iot-botnet-far-more-sophisticated-than-mirai/
https://blog.radware.com/security/2018/09/defending-against-the-mirai-botnet/
https://krebsonsecurity.com/tag/ddos-for-hire/
16. Mirai Variants
https://blog.radware.com/security/2018/09/defending-against-the-mirai-botnet/
Many attackers were fighting for Telnet
access to IoT devices with traditional Mirai
• New variants were developed to find
additional methods of exploitation and
infection
• TR-064 exploits that were quickly added to
the code (and used to infect the endpoints
of service providers)
• 0-day exploit on Huawei routers in several
botnets
• Reaper botnet, which includes 10
previously disclosed CVEs.
CVE = Critical Vulnerabilities and Exposures
• TR064 is defined by DSL Forum as part
of its Broadband suite.
• TR064 describes a specific
implementation to be used for DSL CPE
LAN-side configuration.
• The management application can be a
software program or a installation CD
from the CPE vendor.
• It was developed by DSL Forum based
on UPnP Devices Structure 1.0.
17. New Mirai Botnet Breed Taps Aboriginal Linux to
Spawn Across Devices
https://www.cbronline.com/news/mirai-botnet
The new variant has been created using an
open source project named Aboriginal Linux;
• Botnet compatible with an array of
architectures, devices
o IP cameras
o Routers
o Speakers
o Android-based devices
• Found an ARM7 Mirai variant running on
an Android device running Android 4.4,
and as well as a variant on Debian ARM
Aboriginal Linux is a shell script that builds the smallest,
simplest Linux system capable of rebuilding itself from
source code. Aboriginal’s “elegant cross-compilation framework” gave Mirai new teeth
18. Torii (September 27, 2018)
• Sophistication "a level above anything we have seen before”
• Rich set of features for exfiltration of (sensitive) information
• Ability to persist
• Modular architecture capable of fetching and executing other
commands and executables
• Multiple layers of encrypted communication
• Can infect a wide range of devices
• Support for a wide range of target architectures, including MIPS,
ARM, x86, x64, PowerPC, SuperH, MC68000, and others
• Give credit to @VessOnSecurity, who actually tweeted about a
sample hitting his telnet honeypot last week
https://blog.avast.com/new-torii-botnet-threat-research
Infection chain starts with a Telnet attack on
the weak credentials of targeted devices
• Then execution of an initial shell script
20. IoT Challenges
• Limited IoT visibility
• Limited IoT control
• Limited IoT security manufactured in
• Increased attack surface
• Wide range of devices
• Many are consumer-managed
• Many have no interface
• Technical and regulatory challenges
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=006157&lang=EN
Graphic: https://www.theinquirer.net/inquirer/news/3036359/half-a-billion-iot-devices-in-the-office-vulnerable-to-dns-attacks-warns-armis
22. IoT Challenges
• IoT security must evolve away from default-open ports to
default-closed and adopt security hardening best practices
• Devices should consider default networking configurations
that limit remote address access to those devices to local
networks or specific providers
• Apart from network security, IoT developers need to apply
ASLR, isolation boundaries, and principles of least privilege
into their designs
• From a compliance perspective, certifications might help
guide consumers to more secure choices as well as pressure
manufacturers to produce more secure products
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf
ASLR = Address Space Layout Randomization
Telnet
A network protocol
that allows a user on
one computer to log
onto another
computer that is part
of the same network
23. IoT Challenges: NISTIR
• Many IoT devices interact with the physical
world in ways conventional IT devices usually
do not
• Many IoT devices cannot be accessed,
managed, or monitored in the same ways
conventional IT devices can
• The availability, efficiency, and effectiveness
of cybersecurity and privacy capabilities are
often different for IoT devices than
conventional IT devices
https://csrc.nist.gov/publications/detail/nistir/8228/draft
Graphic: https://online.stanford.edu/courses/xee100-introduction-internet-things
25. How Detect and Defend against Botnet Attacks?
Ideal World
• Detect new device on network
• Automatically apply device policy
• Monitor device
• Detect abnormal activity
• Alert on abnormal activity
• Disable infected devices
• End-of-Life, decommission
https://www.electronicspecifier.com/blog/iot-device-management-scorecard-profiles-wind-river-helix-device-cloud
26. DDoS Defenses
Ideal World
• Outgoing
o Throttle traffic
o Block outbound
DDoS
o Isolate botnets
• Incoming
o Stop incoming DDoS
o Throttle traffic
o Prevent infection
Brickers
• Detect botnet attack, brick devices
• BrickerBot
o IP Cameras, DVRs
• Use as a mitigating countermeasure?
o Hajime
o Blocks ports Mirai is known to attack
(23, 7547, 555, 5358)
o But after reboot, does not persist
Source: Electronic Design, Ralph Nguyen, August 8, 2017
27. Mitigate IoT Botnet Attacks
https://www.upwork.com/hiring/data/dont-get-entangled-botnet/
https://www.quest-global.com/wp-content/uploads/2015/08/UPnP-in_Digital_Home_Networking.pdf
• Credentials and login
o Change default passwords
o Enforce login rate limiting to prevent brute force attacks
o Use captcha or proof of work
o Future: Eliminate default credentials
• Authentication
• Device Identification
• Encryption
• Chains of Trust
• Turn Off Universal Plug-and-Play (UPnP)
• Firewalls
• Put IoT devices on a separate network
• Keep Firmware Up-to-Date
o Over the Air (OTA)
o Automatic, Make Auto Patch Mandatory
• Use Secure Devices
• End-of-Life, Decommission old IoT devices
o How get rid of them?
UPnP is meant to make it easier to connect and set
up devices by allowing them to discover one
another over a local network
28. Mitigate IoT Botnet Attacks Using AI
https://www.iotsecurityfoundation.org/machine-learning-will-be-key-to-securing-iot-in-smart-homes/
• Network-based solutions
• Device-based solutions
o Machine learning can help bring
lightweight endpoint protection to
IoT devices
o Not signature-based
o Behavior-based
29. Mitigate IoT Botnet Attacks Using AI
https://hackernoon.com/prevent-iot-botnet-attacks-using-ai-with-code-3817fb3fcf7e
Attribute Information
• H: Stats summarizing the recent traffic from this
packet’s host (IP)
• HH: Stats summarizing the recent traffic going
from this packet’s host (IP) to the packet’s
destination host.
• HpHp: Stats summarizing the recent traffic
going from this packet’s host+port (IP) to the
packet’s destination host+port. Example
192.168.4.2:1242 -> 192.168.4.12:80
• HH_jit: Stats summarizing the jitter of the traffic
going from this packet’s host (IP) to the packet’s
destination host
Uses Linear Regression
30. Mitigate IoT Botnet Attacks: Domain Specificity
https://www.iotsecurityfoundation.org/machine-learning-will-be-key-to-securing-iot-in-smart-homes/
• Domain-specific
• Industrial Control Systems
(ICS)
• Smart Buildings
o Includes intelligent buildings
equipment and controls
o Audio visual (AV)
o Fire
o HVAC
o Lighting
o Building security.
32. NIST Interagency/Internal Report (NISTIR)
https://csrc.nist.gov/publications/detail/nistir/8228/draft
NISTIR Draft,
Considerations for
Managing Internet of
Things (IoT) Cybersecurity
and Privacy Risks
• Date Published: September
2018
• Comments Due: October
24, 2018
34. NISTIR
https://csrc.nist.gov/publications/detail/nistir/8228/draft
Recommendations for
Addressing
Cybersecurity and
Privacy Risk Mitigation
Challenges for IoT
Devices
1. Understand the IoT device risk
2. Adjust organizational policies and processes
3. Implement updated mitigation practices for the
organization’s IoT devices
• May need to determine how to manage risk for hundreds or thousands of
IoT device types
• Capabilities vary widely from one IoT device type to another, with one type
lacking data storage and centralized management capabilities, and another
type having numerous sensors and actuators, using local and remote data
storage and processing capabilities, and being connected to several
internal and external networks at once
• The variability in capabilities causes similar variability in the cybersecurity
and privacy risks involving each IoT device type, as well as the options for
mitigating those risks
35. Filed September 28, 2018
• Senate Bill No. 327
• Chapter 886
Goes into effect January 1, 2020
https://www.lexology.com/library/detail.aspx?g=8d4b1869-296d-4eaa-89b9-b4efb15adfcd
California IoT Security Law
36. Requires manufacturers of any “connected device” to
implement “reasonable” security features
• “Connected device” is any device, or other physical object,
that is capable of connecting to the Internet, directly or
indirectly, and that is assigned an Internet Protocol address
or Bluetooth address
https://www.lexology.com/library/detail.aspx?g=8d4b1869-296d-4eaa-89b9-b4efb15adfcd
California IoT Security Law
37. “Reasonable” security features for IoT devices are ones
that are:
• Appropriate to the nature and function of the device;
• Appropriate to the information it may collect, contain, or
transmit; and
• Designed to protect the device and any information contained
therein from unauthorized access, destruction, use, modification,
or disclosure
Including:
• A preprogrammed unique password assigned by the
manufacturer, or
• Requiring that the user establish a new password prior to
first use
https://www.lexology.com/library/detail.aspx?g=8d4b1869-296d-4eaa-89b9-b4efb15adfcd
California IoT Security Law: No More Admin/Admin
60 username/password
pairs hardcoded into
Mirai source code:
https://www.grahamclul
ey.com/mirai-botnet-
password/
43. Usenix (August 2017)
• a
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf
44. References
• Fruhlinger, Josh. The Mirai botnet explained: How teen scammers and CCTV cameras almost brought down the internet,
https://www.csoonline.com/article/3258748/security/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-
down-the-internet.html (March 9, 2018).
• Graff, Garrett M. How a Dorm Room Minecraft Scam Brought Down the Internet, https://www.wired.com/story/mirai-botnet-minecraft-
scam-brought-down-the-internet/ (December 13, 2017). Herzberg, Dan; Bekerman, Dima; Zeifman, Igal. Breaking Down Mirai: An IoT DDoS
Botnet Analysis, https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html (October 26, 2016).
• Herzberg, Dan; Bekerman, Dima; Zeifman, Igal. Breaking Down Mirai: An IoT DDoS Botnet Analysis,
https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html (October 26, 2016).
• Krebs, Brian; Alleged ‘Satori‘ IoT Botnet Operator Sought Media Spotlight, Got Indicted, https://krebsonsecurity.com/tag/ddos-for-hire/
(September 2, 2018).
• Winward, Bob. Defending Against the Mirai Botnet, https://blog.radware.com/security/2018/09/defending-against-the-mirai-botnet/
(September 12, 2018).
45. Mirai successfully compromised a segment
that is severely lacking in security best
practices, IoT devices.
While it’s the first malware known to
possess this capability, it will surely not be
the last.
https://www.youtube.com/watch?v=jMTwA6q6VKo
– Roger Barranco, CISSP, NSA, CDCP
Senior Director, Global Security Operations,
Akamai Technologies
46. Defend Against the Mirai IoT Botnet
https://www.radware.com/iot-attack-ebook-lpc-64317
47. Defend Against the Mirai IoT Botnet
https://blog.radware.com/security/2018/09/defending-against-the-mirai-botnet/
Attack Vectors (Protocol)
• DNS (UDP)
• VSE (UDP)
• STOMP (TCP)
• GREETH (GRE)
• GREIO (GRE)
• SYN (TCP)
• ACK (TCP)
• UDO (UDP)
• UDPPLAIN (UDP)
• HTTP (TCP, HTTP)
• STD (UDP)
• XMAS (TCP)
Valve Source Engine attack is specially crafted for servers that
run certain games from the developer Valve Corporation
48. How Detect and Defend against Botnet Attacks?
• Group IoT Traffic
o Source or Destination IP address, Domains APN
o IMEI
o VLAN
• Type of protocols and applications permitted for communication
• Time of day, day of week for when communication allowed
• Number of new connections, amount of bandwidth allowed