This document discusses using Tacyt and Sinfonier tools to detect suspicious mobile apps. Tacyt is an innovative tool for monitoring and analyzing mobile threats, while Sinfonier is a visual programming tool for building security intelligence workflows. The document demonstrates how these tools can be used together to detect human errors in apps, monitor new and dead apps daily, and visualize relationships between apps, developers, and embedded files.
Blue and Red teams are missing the low hanging vulnerabilities that exist in many enterprise networks today. This session will show in detail how the red team can quickly identify and exploit numerous network protocol vulnerabilities that the previous security test team probably missed. Methods for securing routing and switching protocols will be covered. Detailed PCAP examples will be covered. Recommendations for adding visualization and instrumentation to the network to detect network exploits will be covered.
The document discusses the growing threat of mobile botnets and their potential to infect smartphones on a massive scale. It outlines how existing Android and Symbian botnets have infected over a million devices and describes how future mobile botnets could utilize SMS and other infection methods. The presentation warns that smartphones could become "mini ISPs" if security measures are not improved to prevent botnets from using the devices to broadcast malware. It concludes by emphasizing the need for manufacturers, researchers, and organizations to collaborate on addressing this emerging threat.
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...RootedCON
Cloud Malware Distribution (CMD) is an alternative method for malware distribution using legitimate DNS caches. It works by encoding malware payloads into DNS resource records and forcing the injection of these records into public DNS caches without compromising servers. The records are then resolved through intranet DNS servers, reassembling the malware payload on infected machines. The presentation describes the DNS protocol, caching, and how the technique was implemented and tested on various public DNS servers around the world.
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...RootedCON
This document discusses security intelligence and the intelligence cycle of direction, collection, analysis, and dissemination. It provides definitions of intelligence from official sources and describes how tools can help integrate, structure, enrich, classify, store, analyze, and real-time process large amounts of information. The rest of the document focuses on introducing Apache Storm, a free open source distributed real-time computation system, and how it can be used to define modules, make topologies to run them on Storm, and demo use cases like monitoring tweets or torrent peers. It invites readers to become beta testers.
The document discusses different approaches for designing schemas to store data from multiple feeds like network traffic, tweets, and Facebook posts in MongoDB. It analyzes storing the raw data in individual collections for each feed, a single raw collection, and semi-structured collections. Other approaches discussed are using time series or purpose modeling, with examples of fan-on-write and fan-on-read purpose models. The key takeaway is that the schema design should be tailored to the functional and logical usage of the data.
New Era of Software with modern Application Security v1.0Dinis Cruz
(as presented at Codemotion Rome 2016)
This presentation will start with an overview of the current state of Application Insecurity (with practical examples). This will make the attendees think twice about what is about to happen to their applications. The solution is to leverage a new generation of application security thinking such as: TDD, Docker, Test Automation, Static Analysis, cleaver Fuzzing, JIRA Risk workflows, Kanban, micro web services visualization, and ELK. These practices will not only make applications/software more secure/resilient, but it allow them to be developed in a much more efficient, cheaper and productive
Qualys provides vulnerability management software and services, including internet-based vulnerability scanners and internal scanning appliances. They have also developed research projects focused on web application fingerprinting, malware detection, browser security checks, and a malware analysis portal. Qualys continues working to expand their services and research activities around new technologies to help customers identify, manage, and respond to vulnerabilities and security risks.
Blue and Red teams are missing the low hanging vulnerabilities that exist in many enterprise networks today. This session will show in detail how the red team can quickly identify and exploit numerous network protocol vulnerabilities that the previous security test team probably missed. Methods for securing routing and switching protocols will be covered. Detailed PCAP examples will be covered. Recommendations for adding visualization and instrumentation to the network to detect network exploits will be covered.
The document discusses the growing threat of mobile botnets and their potential to infect smartphones on a massive scale. It outlines how existing Android and Symbian botnets have infected over a million devices and describes how future mobile botnets could utilize SMS and other infection methods. The presentation warns that smartphones could become "mini ISPs" if security measures are not improved to prevent botnets from using the devices to broadcast malware. It concludes by emphasizing the need for manufacturers, researchers, and organizations to collaborate on addressing this emerging threat.
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...RootedCON
Cloud Malware Distribution (CMD) is an alternative method for malware distribution using legitimate DNS caches. It works by encoding malware payloads into DNS resource records and forcing the injection of these records into public DNS caches without compromising servers. The records are then resolved through intranet DNS servers, reassembling the malware payload on infected machines. The presentation describes the DNS protocol, caching, and how the technique was implemented and tested on various public DNS servers around the world.
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...RootedCON
This document discusses security intelligence and the intelligence cycle of direction, collection, analysis, and dissemination. It provides definitions of intelligence from official sources and describes how tools can help integrate, structure, enrich, classify, store, analyze, and real-time process large amounts of information. The rest of the document focuses on introducing Apache Storm, a free open source distributed real-time computation system, and how it can be used to define modules, make topologies to run them on Storm, and demo use cases like monitoring tweets or torrent peers. It invites readers to become beta testers.
The document discusses different approaches for designing schemas to store data from multiple feeds like network traffic, tweets, and Facebook posts in MongoDB. It analyzes storing the raw data in individual collections for each feed, a single raw collection, and semi-structured collections. Other approaches discussed are using time series or purpose modeling, with examples of fan-on-write and fan-on-read purpose models. The key takeaway is that the schema design should be tailored to the functional and logical usage of the data.
New Era of Software with modern Application Security v1.0Dinis Cruz
(as presented at Codemotion Rome 2016)
This presentation will start with an overview of the current state of Application Insecurity (with practical examples). This will make the attendees think twice about what is about to happen to their applications. The solution is to leverage a new generation of application security thinking such as: TDD, Docker, Test Automation, Static Analysis, cleaver Fuzzing, JIRA Risk workflows, Kanban, micro web services visualization, and ELK. These practices will not only make applications/software more secure/resilient, but it allow them to be developed in a much more efficient, cheaper and productive
Qualys provides vulnerability management software and services, including internet-based vulnerability scanners and internal scanning appliances. They have also developed research projects focused on web application fingerprinting, malware detection, browser security checks, and a malware analysis portal. Qualys continues working to expand their services and research activities around new technologies to help customers identify, manage, and respond to vulnerabilities and security risks.
System and Software Engineering for Industry 4.0Pankesh Patel
This document provides an overview of Industry 4.0 concepts including:
- Examples of Industry 4.0 use cases like predictive maintenance, quality control, and remote monitoring.
- The Industry 4.0 architecture including devices, edge computing, data lakes, analytics, and applications.
- The technology stack required including connectivity, security, device and data management, analytics, and digital twins.
Роман Родоманський, «Досвід побудови Contact Tracing рішення»Sigma Software
The document discusses requirements for a COVID-19 tracking mobile app, including that it be reliable, cost-effective, privacy-friendly, user-friendly, and have good performance worldwide. It asks for estimates of development time, monthly infrastructure costs, and what tools and languages would be used.
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in PragueRoman Pickl
Continuous Code Quality with the SonarEcosystem
SonarQube is the leading platform for static code analysis and Continuous Code Quality. In this talk we will look into all three lines of defense of the SonarEcosystem and how they can help to find bugs before they enter your codebase (or at least go into production). After this talk, you’ll have a good overview of the SonarEcosystem as well as actionable starting points for increasing your code quality. Furthermore, we will share learnings from using SonarQube for more than 4 years and pointers to additional resources.
Roman Pickl
As Chief Technical Officer, Roman is in charge of the technical development at Fluidtime. He has comprehensive experience in project management, the technical coordination of national and international mobility projects and the optimisation of business and development processes. Roman Pickl studied business management and commercial information technology at the Vienna University of Economics and Business and the University of Technology, Sydney, as well as software engineering at the University of Applied Sciences Technikum Wien. There he specialised in the fields of entrepreneurship & innovation management, project & process management and information management as well as software evolution and mobile computing.
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
A completely subjective look at the direction the role of the architect might take in years to come, as we endeavour to keep up with the ever accelerating pace of change.
Smart Cities Part 1: Introduction (Slides for Talk on IoT, Pune Meetup)Bhavin Chandarana
This document provides an introduction to smart cities and IoT technologies. It discusses existing technologies like ICT, IoT, machine learning and big data, as well as future technologies like IPv6 and blockchain. It also provides examples of smart city applications in areas like waste management, transportation, and public spaces. The document then discusses definitions of smart cities, key technologies involved like ICT, cloud computing and mobile, as well as trends in IoT and machine learning. It also presents case studies on smart city initiatives in cities like Chicago and Hong Kong.
The document summarizes a presentation about mobile app development using Drupal. It discusses statistics showing the rise of mobile usage, compares apps vs mobile web, and outlines an architecture called xProgramD for building mobile apps with Drupal. It also covers challenges like deploying apps, data synchronization, and keeping code maintainable. The presentation encourages focusing technical efforts on serving human needs.
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
In this talk I’ll explain what is the Software Supply Chain, common threats and mitigations and how they apply to IAC ecosystem too. I’ll show off security threats using Terraform and its ecosystem and finally i’ll talk about OCI images talking about digital signatures and SBOM using Sigstore and Syft. I’ll do a live coding session showing off how to deploy secure OCI images on K8S cluster with security policies built with Kyverno, the session includes also security scanning using the generated SBOM.
Data Science Powered Apps for Internet of ThingsVMware Tanzu
The document discusses building data science applications and describes an example application for activity recognition using accelerometer data from mobile phones. It then discusses how the same framework could be applied to problems in other domains like preventing oil spills using IoT sensor data or influencing customer behavior for banks using financial transaction data. The framework involves ingesting and storing streaming data, building machine learning models for prediction, and operationalizing the models as APIs for real-time scoring.
Continuous Code Quality with the sonar ecosystemRoman Pickl
Continuous Code Quality with the SonarEcosystem
SonarQube is the leading platform for static code analysis and Continuous Code Quality.
In this talk we will look into all three lines of defense of the SonarEcosystem and how they can help to find bugs before they enter your codebase (or at least go into production).
After this talk, you’ll have a good overview of the SonarEcosystem as well as actionable starting points for increasing your code quality.
Furthermore, we will share learnings from using SonarQube for more than 4 years and pointers to additional resources.
About the Speaker:
As Chief Technical Officer, Roman Pickl is in charge of technical development at Fluidtime. He has comprehensive experience in project management, the technical coordination of national and international mobility projects and the optimisation of business and development processes.
The document discusses using data visualization techniques in cyber security. It notes that cyber threats pose serious challenges and over 200 attacks occurred on industrial control systems in 2013. It then outlines some of the key roles machines and human cyber analysts play in cyber defense. The rest of the document provides examples of how different types of security data, like network traffic, logs, and events, can be visualized using techniques like node-link diagrams, histograms, dashboards and more to help analysts detect anomalies, patterns, and relationships to better understand threats and make timely decisions. It emphasizes the importance of situational awareness and a joint effort between humans and machines in cyber security.
Why Progressive Web Apps will transform your websiteJason Grigsby
Progressive web apps (PWAs) can transform websites by making them more like native apps through the use of service workers, web app manifests, and other modern web capabilities. Some key benefits of PWAs include providing fast and reliable experiences even on slow mobile networks, working regardless of a network connection, and engaging users through web app banners and push notifications. Early results show that PWAs can significantly reduce data usage and increase user engagement, conversion rates, and sales compared to mobile websites. While PWAs work across browsers, including on iOS, their full capabilities are still progressively being adopted.
The document discusses indicators of compromise from a cyber attack. It describes the various stages an attacker goes through from initial access to installing malware and establishing command and control. The summary analyzes the host to find malware samples, network connections, and extracted files. It also looks for indicators in network traffic, such as tools downloaded and data uploaded to attacker infrastructure. The document concludes with monitoring effectiveness of security tools and ongoing attribution of attacks.
The Secrets of Succesful Front End Engineering
In this AE Foyer Glenn Dejaeger and Thomas Anciaux will focus on Trends and Aspects of front end engineering. When do you choose a native front end, when should you go web? What is a good front end architecture? How do you cover the design, development, test and lifecycle aspects of a professional front end? How to survive in the jungle of frameworks? What are the current insights and future directions in front end engineering? How do you deal with offline mobile? Do you need front end engineers?
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...CODE BLUE
Recently, services that provide remote control and acquire vehicle location information (GPS) is increasing. (As far as we know, it has been especially popular in the EV cars.)
These services are the challenging business for the automotive industry and OEMs because these have a potentially huge market or an additional value to their products in the future.
On the other hands, these services may lead to new threats and risks for the automobiles. This is because the Internet connection did not consider it was not necessary for automobiles so far.
Further, some researchers have already reported vulnerabilities in the remote services that are provided by various OEMs.
These issues are all reported in a foreign territory. Then, how about in Japan?
Therefore, we analyze the client apps for Japan provided by the various OEMs. But we also targeted analyzing apps for the US because apps for Japan is not many yet.
Specifically, we analyzed vulnerabilities (cooperation between apps, certificate verification, etc...) and whether these apps are using anti-analysis techniques such as obfuscation.
In this talk, we'll introduce about a potential for abusing of remote service apps in the future and countermeasures for these risks.
--- Naohide Waguri
Naohide Waguri joined FFRI in 2013. Before he joined FFRI, he had participated in software quality assurance, software development and promotion of test automation of network equipment (Gigabit Ethernet or Multilayer switches) as a network engineer. After joined FFRI, he participated in penetration testing, analysis and investigating the trend of cyber attacks. He is currently researching threat/risk analysis and evaluation method for a security of embedded systems such as in-vehicle devices. He was a speaker at CODE BLUE 2015.
Here are some common reasons why programs and applications may be vulnerable to buffer overflows:
cases, not done at all by the programmer. This
allows writing beyond the allocated buffer size.
1. Lack of input validation and sanitization: Programmers often fail to validate user input before using it. Malformed or excessive input is not checked, allowing a buffer overflow.
Use of unsafe functions like strcpy(), sprintf()
that do not perform boundary checks.
2. Use of unsafe functions: Functions like strcpy(), sprintf() are commonly used but do not perform boundary checks of the destination buffer. This can lead to buffer overflows.
Programmers assume input will be within
3
How open source empowers startups to start big, with case Double Open OyMindtrek
Track | The Future of Open Source Business
Martin von Willebrand, Attorney at HH Partners Attorneys-at-law, Founder at Double Open Oy
Mindtrek Conference
3rd of October 2023.
Tampere, Finland
www.mindtrek.org
Filtering From the Firehose: Real Time Social Media StreamingCloud Elements
All Things Cloud Developer Meetup.
Filtering From the Firehose: Real Time Social Media Streaming with Jim Moffitt from Gnip. Gnip is the world's largest and most trusted provider of social data.
Learn about collecting and filtering social media data with streaming APIs. Jim will cover best practices, use case examples and live demos of filtering data from Twitter.
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming FeaturesHortonworks
Hortonworks DataFlow (HDF) is the complete solution that addresses the most complex streaming architectures of today’s enterprises. More than 20 billion IoT devices are active on the planet today and thousands of use cases across IIOT, Healthcare and Manufacturing warrant capturing data-in-motion and delivering actionable intelligence right NOW. “Data decay” happens in a matter of seconds in today’s digital enterprises.
To meet all the needs of such fast-moving businesses, we have made significant enhancements and new streaming features in HDF 3.1.
https://hortonworks.com/webinar/series-hdf-3-1-technical-deep-dive-new-streaming-features/
Sinfonier Storm Builder for Security IntelligenceLeonardo Amor
Sinfonier is a visual programming tool for building real-time data processing topologies using Apache Storm. It provides an easy-to-use drag-and-drop interface for connecting modules together to process streaming data. The tool is open source and collaborative, allowing users to share and reuse modules. Sinfonier was created by Telefonica to enable flexible and adaptable real-time information processing for security intelligence applications.
Este documento presenta estadísticas sobre botnets como Zeus y su evolución entre 2008-2013, factores de motivación como lo económico detrás de su creación, y posibles actores como gobiernos, hackers y crimen organizado. También propone formación continua, investigación innovadora de la web superficial y profunda, y el desarrollo de servicios de ciberseguridad basados en inteligencia y datos de fuentes públicas y privadas para combatir amenazas como APT y vulnerabilidades de día cero.
More Related Content
Similar to Join the phishing dots to detect suspicious mobile apps
System and Software Engineering for Industry 4.0Pankesh Patel
This document provides an overview of Industry 4.0 concepts including:
- Examples of Industry 4.0 use cases like predictive maintenance, quality control, and remote monitoring.
- The Industry 4.0 architecture including devices, edge computing, data lakes, analytics, and applications.
- The technology stack required including connectivity, security, device and data management, analytics, and digital twins.
Роман Родоманський, «Досвід побудови Contact Tracing рішення»Sigma Software
The document discusses requirements for a COVID-19 tracking mobile app, including that it be reliable, cost-effective, privacy-friendly, user-friendly, and have good performance worldwide. It asks for estimates of development time, monthly infrastructure costs, and what tools and languages would be used.
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in PragueRoman Pickl
Continuous Code Quality with the SonarEcosystem
SonarQube is the leading platform for static code analysis and Continuous Code Quality. In this talk we will look into all three lines of defense of the SonarEcosystem and how they can help to find bugs before they enter your codebase (or at least go into production). After this talk, you’ll have a good overview of the SonarEcosystem as well as actionable starting points for increasing your code quality. Furthermore, we will share learnings from using SonarQube for more than 4 years and pointers to additional resources.
Roman Pickl
As Chief Technical Officer, Roman is in charge of the technical development at Fluidtime. He has comprehensive experience in project management, the technical coordination of national and international mobility projects and the optimisation of business and development processes. Roman Pickl studied business management and commercial information technology at the Vienna University of Economics and Business and the University of Technology, Sydney, as well as software engineering at the University of Applied Sciences Technikum Wien. There he specialised in the fields of entrepreneurship & innovation management, project & process management and information management as well as software evolution and mobile computing.
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
A completely subjective look at the direction the role of the architect might take in years to come, as we endeavour to keep up with the ever accelerating pace of change.
Smart Cities Part 1: Introduction (Slides for Talk on IoT, Pune Meetup)Bhavin Chandarana
This document provides an introduction to smart cities and IoT technologies. It discusses existing technologies like ICT, IoT, machine learning and big data, as well as future technologies like IPv6 and blockchain. It also provides examples of smart city applications in areas like waste management, transportation, and public spaces. The document then discusses definitions of smart cities, key technologies involved like ICT, cloud computing and mobile, as well as trends in IoT and machine learning. It also presents case studies on smart city initiatives in cities like Chicago and Hong Kong.
The document summarizes a presentation about mobile app development using Drupal. It discusses statistics showing the rise of mobile usage, compares apps vs mobile web, and outlines an architecture called xProgramD for building mobile apps with Drupal. It also covers challenges like deploying apps, data synchronization, and keeping code maintainable. The presentation encourages focusing technical efforts on serving human needs.
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
In this talk I’ll explain what is the Software Supply Chain, common threats and mitigations and how they apply to IAC ecosystem too. I’ll show off security threats using Terraform and its ecosystem and finally i’ll talk about OCI images talking about digital signatures and SBOM using Sigstore and Syft. I’ll do a live coding session showing off how to deploy secure OCI images on K8S cluster with security policies built with Kyverno, the session includes also security scanning using the generated SBOM.
Data Science Powered Apps for Internet of ThingsVMware Tanzu
The document discusses building data science applications and describes an example application for activity recognition using accelerometer data from mobile phones. It then discusses how the same framework could be applied to problems in other domains like preventing oil spills using IoT sensor data or influencing customer behavior for banks using financial transaction data. The framework involves ingesting and storing streaming data, building machine learning models for prediction, and operationalizing the models as APIs for real-time scoring.
Continuous Code Quality with the sonar ecosystemRoman Pickl
Continuous Code Quality with the SonarEcosystem
SonarQube is the leading platform for static code analysis and Continuous Code Quality.
In this talk we will look into all three lines of defense of the SonarEcosystem and how they can help to find bugs before they enter your codebase (or at least go into production).
After this talk, you’ll have a good overview of the SonarEcosystem as well as actionable starting points for increasing your code quality.
Furthermore, we will share learnings from using SonarQube for more than 4 years and pointers to additional resources.
About the Speaker:
As Chief Technical Officer, Roman Pickl is in charge of technical development at Fluidtime. He has comprehensive experience in project management, the technical coordination of national and international mobility projects and the optimisation of business and development processes.
The document discusses using data visualization techniques in cyber security. It notes that cyber threats pose serious challenges and over 200 attacks occurred on industrial control systems in 2013. It then outlines some of the key roles machines and human cyber analysts play in cyber defense. The rest of the document provides examples of how different types of security data, like network traffic, logs, and events, can be visualized using techniques like node-link diagrams, histograms, dashboards and more to help analysts detect anomalies, patterns, and relationships to better understand threats and make timely decisions. It emphasizes the importance of situational awareness and a joint effort between humans and machines in cyber security.
Why Progressive Web Apps will transform your websiteJason Grigsby
Progressive web apps (PWAs) can transform websites by making them more like native apps through the use of service workers, web app manifests, and other modern web capabilities. Some key benefits of PWAs include providing fast and reliable experiences even on slow mobile networks, working regardless of a network connection, and engaging users through web app banners and push notifications. Early results show that PWAs can significantly reduce data usage and increase user engagement, conversion rates, and sales compared to mobile websites. While PWAs work across browsers, including on iOS, their full capabilities are still progressively being adopted.
The document discusses indicators of compromise from a cyber attack. It describes the various stages an attacker goes through from initial access to installing malware and establishing command and control. The summary analyzes the host to find malware samples, network connections, and extracted files. It also looks for indicators in network traffic, such as tools downloaded and data uploaded to attacker infrastructure. The document concludes with monitoring effectiveness of security tools and ongoing attribution of attacks.
The Secrets of Succesful Front End Engineering
In this AE Foyer Glenn Dejaeger and Thomas Anciaux will focus on Trends and Aspects of front end engineering. When do you choose a native front end, when should you go web? What is a good front end architecture? How do you cover the design, development, test and lifecycle aspects of a professional front end? How to survive in the jungle of frameworks? What are the current insights and future directions in front end engineering? How do you deal with offline mobile? Do you need front end engineers?
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...CODE BLUE
Recently, services that provide remote control and acquire vehicle location information (GPS) is increasing. (As far as we know, it has been especially popular in the EV cars.)
These services are the challenging business for the automotive industry and OEMs because these have a potentially huge market or an additional value to their products in the future.
On the other hands, these services may lead to new threats and risks for the automobiles. This is because the Internet connection did not consider it was not necessary for automobiles so far.
Further, some researchers have already reported vulnerabilities in the remote services that are provided by various OEMs.
These issues are all reported in a foreign territory. Then, how about in Japan?
Therefore, we analyze the client apps for Japan provided by the various OEMs. But we also targeted analyzing apps for the US because apps for Japan is not many yet.
Specifically, we analyzed vulnerabilities (cooperation between apps, certificate verification, etc...) and whether these apps are using anti-analysis techniques such as obfuscation.
In this talk, we'll introduce about a potential for abusing of remote service apps in the future and countermeasures for these risks.
--- Naohide Waguri
Naohide Waguri joined FFRI in 2013. Before he joined FFRI, he had participated in software quality assurance, software development and promotion of test automation of network equipment (Gigabit Ethernet or Multilayer switches) as a network engineer. After joined FFRI, he participated in penetration testing, analysis and investigating the trend of cyber attacks. He is currently researching threat/risk analysis and evaluation method for a security of embedded systems such as in-vehicle devices. He was a speaker at CODE BLUE 2015.
Here are some common reasons why programs and applications may be vulnerable to buffer overflows:
cases, not done at all by the programmer. This
allows writing beyond the allocated buffer size.
1. Lack of input validation and sanitization: Programmers often fail to validate user input before using it. Malformed or excessive input is not checked, allowing a buffer overflow.
Use of unsafe functions like strcpy(), sprintf()
that do not perform boundary checks.
2. Use of unsafe functions: Functions like strcpy(), sprintf() are commonly used but do not perform boundary checks of the destination buffer. This can lead to buffer overflows.
Programmers assume input will be within
3
How open source empowers startups to start big, with case Double Open OyMindtrek
Track | The Future of Open Source Business
Martin von Willebrand, Attorney at HH Partners Attorneys-at-law, Founder at Double Open Oy
Mindtrek Conference
3rd of October 2023.
Tampere, Finland
www.mindtrek.org
Filtering From the Firehose: Real Time Social Media StreamingCloud Elements
All Things Cloud Developer Meetup.
Filtering From the Firehose: Real Time Social Media Streaming with Jim Moffitt from Gnip. Gnip is the world's largest and most trusted provider of social data.
Learn about collecting and filtering social media data with streaming APIs. Jim will cover best practices, use case examples and live demos of filtering data from Twitter.
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming FeaturesHortonworks
Hortonworks DataFlow (HDF) is the complete solution that addresses the most complex streaming architectures of today’s enterprises. More than 20 billion IoT devices are active on the planet today and thousands of use cases across IIOT, Healthcare and Manufacturing warrant capturing data-in-motion and delivering actionable intelligence right NOW. “Data decay” happens in a matter of seconds in today’s digital enterprises.
To meet all the needs of such fast-moving businesses, we have made significant enhancements and new streaming features in HDF 3.1.
https://hortonworks.com/webinar/series-hdf-3-1-technical-deep-dive-new-streaming-features/
Sinfonier Storm Builder for Security IntelligenceLeonardo Amor
Sinfonier is a visual programming tool for building real-time data processing topologies using Apache Storm. It provides an easy-to-use drag-and-drop interface for connecting modules together to process streaming data. The tool is open source and collaborative, allowing users to share and reuse modules. Sinfonier was created by Telefonica to enable flexible and adaptable real-time information processing for security intelligence applications.
Este documento presenta estadísticas sobre botnets como Zeus y su evolución entre 2008-2013, factores de motivación como lo económico detrás de su creación, y posibles actores como gobiernos, hackers y crimen organizado. También propone formación continua, investigación innovadora de la web superficial y profunda, y el desarrollo de servicios de ciberseguridad basados en inteligencia y datos de fuentes públicas y privadas para combatir amenazas como APT y vulnerabilidades de día cero.
El documento habla sobre los avances en tecnología de vigilancia como los APT y su uso para espionaje, ciberguerra y terrorismo. También describe cómo los entornos de trabajo han cambiado debido a factores como Big Data y la necesidad de proteger la información. Finalmente, introduce dos proyectos de innovación llamados Saqqara y KARMA que se enfocan en la detección de anomalías y el análisis de comportamiento para mejorar la seguridad.
El documento describe cómo los dispositivos móviles se han convertido en un objetivo importante de fraude debido a la gran cantidad de información personal y financiera que almacenan. Propone varias soluciones de seguridad como el bloqueo y borrado remoto de dispositivos perdidos o robados, la navegación segura para proteger contra malware, y el uso de perfiles duales para separar datos personales y laborales. Finalmente, concluye que las empresas deben gestionar de forma integral la seguridad de los dispositivos móviles de sus empleados.
El documento habla sobre cómo las empresas pueden protegerse de ataques de denegación de servicio distribuidos (DDoS) y fugas de información en la era de WikiLeaks. Recomienda que las empresas utilicen servicios como el Servicio Anti-DDoS de Telefónica para mitigar los ataques DDoS y proyectos de prevención de pérdida de datos para identificar, clasificar y proteger la información confidencial de la empresa. También enfatiza la importancia de las políticas de seguridad, los procesos y la concienciación de
El papel de la seguridad en la era PostPcLeonardo Amor
El documento describe cómo la seguridad se ha vuelto más importante en la era post-PC debido al aumento del uso de dispositivos móviles e Internet. Los dispositivos móviles contienen mucha información personal y son objetivos atractivos para el fraude. Se necesitan nuevos enfoques de seguridad como la monitorización de redes para detectar amenazas sin inspeccionar el contenido. También es importante que la seguridad sea transparente para los usuarios ya que no siempre toman las medidas de seguridad adecuadas.
Protege los dispositivos móviles de tu empresaLeonardo Amor
El documento destaca la importancia creciente de proteger los dispositivos móviles de las empresas ante las nuevas amenazas a la seguridad. Recomienda gestionar la seguridad de los dispositivos móviles de la misma forma que los ordenadores fijos, mediante soluciones como el bloqueo y borrado remoto en caso de pérdida, navegación segura, cifrado de datos y comunicaciones, y el uso del móvil como segundo factor de autenticación. También señala algunas diferencias con los ordenadores como los diversos sistemas oper
The document discusses setting up a global security operation across Telefonica locations. It proposes establishing security operation centers in Madrid, Lima, and Sao Paulo to serve 20 local operators. The centers would use common tools and processes to efficiently distribute workloads. Local operators would focus on sales while the centers provide security services and handle more complex issues. Standardizing approaches across locations could help address new problems and improve fraud prevention.
3G Dialers, A New Demon with an Old ScanLeonardo Amor
This document discusses security issues related to 3G dialers and mobile devices. It notes that alarms started occurring in 2009 related to traffic to premium phone numbers from 3G devices. Various sources helped identify the problem as 3G devices being compromised and used to generate fraudulent traffic without user knowledge. A proposal is made to create a new working group to determine major security risks posed by different mobile devices like phishing, malware, fraud and identity theft. The conclusion advocates working with industry groups to address old security problems on new platforms and distribute clean internet access through network security.
Generative Classifiers: Classifying with Bayesian decision theory, Bayes’ rule, Naïve Bayes classifier.
Discriminative Classifiers: Logistic Regression, Decision Trees: Training and Visualizing a Decision Tree, Making Predictions, Estimating Class Probabilities, The CART Training Algorithm, Attribute selection measures- Gini impurity; Entropy, Regularization Hyperparameters, Regression Trees, Linear Support vector machines.
Codeless Generative AI Pipelines
(GenAI with Milvus)
https://ml.dssconf.pl/user.html#!/lecture/DSSML24-041a/rate
Discover the potential of real-time streaming in the context of GenAI as we delve into the intricacies of Apache NiFi and its capabilities. Learn how this tool can significantly simplify the data engineering workflow for GenAI applications, allowing you to focus on the creative aspects rather than the technical complexities. I will guide you through practical examples and use cases, showing the impact of automation on prompt building. From data ingestion to transformation and delivery, witness how Apache NiFi streamlines the entire pipeline, ensuring a smooth and hassle-free experience.
Timothy Spann
https://www.youtube.com/@FLaNK-Stack
https://medium.com/@tspann
https://www.datainmotion.dev/
milvus, unstructured data, vector database, zilliz, cloud, vectors, python, deep learning, generative ai, genai, nifi, kafka, flink, streaming, iot, edge
Discovering Digital Process Twins for What-if Analysis: a Process Mining Appr...Marlon Dumas
This webinar discusses the limitations of traditional approaches for business process simulation based on had-crafted model with restrictive assumptions. It shows how process mining techniques can be assembled together to discover high-fidelity digital twins of end-to-end processes from event data.
We are pleased to share with you the latest VCOSA statistical report on the cotton and yarn industry for the month of March 2024.
Starting from January 2024, the full weekly and monthly reports will only be available for free to VCOSA members. To access the complete weekly report with figures, charts, and detailed analysis of the cotton fiber market in the past week, interested parties are kindly requested to contact VCOSA to subscribe to the newsletter.
Did you know that drowning is a leading cause of unintentional death among young children? According to recent data, children aged 1-4 years are at the highest risk. Let's raise awareness and take steps to prevent these tragic incidents. Supervision, barriers around pools, and learning CPR can make a difference. Stay safe this summer!
Join the phishing dots to detect suspicious mobile apps
1. Unifying the
Global Response
to Cybercrime
Join the phishing dots to detect
suspicious mobile apps
Leonardo Amor & Carlos Díaz
Telefónica
LeoAmor@telefonica.com & Carlos.DiazHidalgo@telefonica.com
2. Telefonica
Group
21
Countries
120.000
Employees
50.377m
Income
>340m
Customers
3. Our
employees
Mostly:
• Telco
engineers
• Computer
Science
• Engineers
• …..
• Science
or
ScienCst
people
4. But
there
also
space
to:
• Lawyers
• Business
administraCon
• Economist
• Psychologist
• Philologist
12. Tacyt
One
of
our
sources
May
18
19
20
21
22
23
24
New
10.105
5.702
9.998
15.483
15.294
9.394
10.647
Dead
1.140
2.200
2.014
1.917
2.856
1.446
646
Up
3
Million
Apps
today
21.649
of
them
contains
.apks
50.993
has
links
to
.cn
domains
39. Sinfonier
ü Storm
Builder
for
Security
Intelligence
ü hfp://sinfonier-‐project.net/
Reinject
into
the
topology
the
new
list
of
applicaCons
found
45. Data
VisualizaCon:
Data
EnCCes
ü hfp://ecrime2015.us.to:2015/zoom.html
“key”
[packageName][version][market]
hfps://play.google.com/store/apps/details?id=com.zaccur.b07.main
GP
“developerEmail”
embedded
link
that
points
an
“apk”
file
hfp://d.guomob.com/1142/2.apk
46. Data
VisualizaCon:
Example1
ü hfp://ecrime2015.us.to:2015/example1.html
ü GP
link:
hfps://play.google.com/store/apps/details?id=com.qfang.qfangmobile
• One
developer
– 3117479220@qq.com
• One
mobile
applicaCon
in
GP
– com.qfang.qfangmobile
• Five
embedded
“apk”
files
– hfp://down.gao7.com/Files/down/wxjx_2.2.3_C227.apk
– hfp://s.51aiya.com/content/down/aiya14100234.apk
– hfp://www.159cai.com/download/vip/43332/159cai_shouji.apk
– hfp://shoufu.3gu.com/Run/Upload/Apk/QFangWang.apk
– hfp://www.wanggouchao.com/data/apk/wgc/v2.5.6/wgc_10021.apk
47. Data
VisualizaCon:
Example1
ü hfp://ecrime2015.us.to:2015/example1.html
ü GP
link:
hfps://play.google.com/store/apps/details?id=com.qfang.qfangmobile
• One
developer
– 3117479220@qq.com
• One
mobile
applicaCon
in
GP
– com.qfang.qfangmobile
• Five
embedded
“apk”
files
– hfp://down.gao7.com/Files/down/wxjx_2.2.3_C227.apk
– hfp://s.51aiya.com/content/down/aiya14100234.apk
– hfp://www.159cai.com/download/vip/43332/159cai_shouji.apk
– hfp://shoufu.3gu.com/Run/Upload/Apk/QFangWang.apk
– hfp://www.wanggouchao.com/data/apk/wgc/v2.5.6/wgc_10021.apk
48. Data
VisualizaCon:
Example2
ü hfp://ecrime2015.us.to:2015/example2.html
• Three
differents
developers
– joowill9588@gmail.com
– hong@jingeng.cn
– info@bluby.com
• Four
mobile
applicaCons
in
GP
• Three
applicaCons
point
to
the
same
embedded
“apk”
files
– hfp://update.iuoooo.com/Android/
componentvoice/xfyy1.apk
– hfp://update.iuoooo.com/Android/
componentvoice/xfyy2.apk
49. Data
VisualizaCon:
Example3
ü hfp://ecrime2015.us.to:2015/example3.html
• Three
different
developers
• 7
mobile
applicaCons
in
GP
• 13
embedded
“apk”
files
62. com.giaitriviet.androidgp.masterchef
:
50-‐100
com.giaitriviet.androidgp.managerapplicaCon
:
1-‐5
com.giaitriviet.androidgp.fallsaigon1975
:
10-‐50
Analysis
of
a
Case:
12
GP
applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
63. com.giaitriviet.androidgp.masterchef
:
50-‐100
com.giaitriviet.androidgp.managerapplicaCon
:
1-‐5
com.giaitriviet.androidgp.fallsaigon1975
:
10-‐50
com.giaitriviet.android.caravat
:
50-‐100
Analysis
of
a
Case:
12
GP
applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
64. Domain:
mediafire.com
Analysis
of
a
Case:
Detail
of
embedded
“apk”
ü hfp://ecrime2015.us.to:2015/managementapp.html
All
links
are
up
65. Analysis
of
a
Case:
Detail
of
embedded
“apk”
ü hfp://ecrime2015.us.to:2015/managementapp.html
66. Analysis
of
a
Case:
Detail
of
embedded
“apk”
ü hfp://ecrime2015.us.to:2015/managementapp.html
67. Analysis
of
a
Case:
HotGirl
&
ChanDai
ü hfp://ecrime2015.us.to:2015/managementapp.html
Be
a
variant
of
a
known
malware
family
The
app
creates
or
modifies
SMS
Monitors
phone
state
(incoming
calls)
Uploads
the
list
of
apps
currently
running
to
a
remote
server
The
app
modifies
shortcuts
on
the
home
screen
68. Data
VisualizaCon:
Satellite
Photo
ü hfp://ecrime2015.us.to:2015/
ü If
you
click
this
URL,
most
likely
you
are
running
out
of
memory
in
your
computer
h9p://ecrime2015.us.to:2015/
69. Data
VisualizaCon:
Satellite
Photo
ü hfp://ecrime2015.us.to:2015/
ü If
you
click
this
URL,
most
likely
you
are
running
out
of
memory
in
your
computer
70. Conclusions
• This
presentaCon
is
only
the
beginning
…
• We
have
generated
a
RSS
feed
of
embedded
“apk”
files
…
• We
have
a
graphical
representaCon
of
the
relaConship
between
three
types
of
enCCes
…
• …
now
is
the
Cme
for
analysts
71. Community
Join
us:
sinfonier-‐project.net
@e_Sinfonier
@flexpired
@LeoAmorV