This document summarizes Shumon Huque's presentation on Kerberos deployment and usage at the University of Pennsylvania. The University of Pennsylvania initially deployed Kerberos in 2000-2002 to replace a legacy authentication system. Kerberos is used campus-wide with some departmental Windows servers performing cross-realm authentication. While efforts have been made to promote native Kerberos authentication, it remains a challenge with heterogeneous and unmanaged devices. The university also uses RADIUS, Shibboleth federation, and LDAP with Kerberos. Future enhancements discussed include upgrading Kerberos versions, testing FAST for AS exchange protection, and migrating to stronger encryption types.
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...Benjamin Delpy
This talk will focus on the how Windows authentication works in the real world and what are the popular attacks against it. You will learn the thought process of attackers in the real world and how it differs from a defender’s perspective. We’ll also cover post-exploitation tools and techniques such as Mimikatz. Finally, we’ll discuss next steps – How do you design services that are breach-resistant and make authentication harder to crack.
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
Talk of Skip Duckwall and I at BlackHat 2014 USA / Defcon Wall of Sheep.
Kerberos, and new pass-the-* feature, like overpass-the-hash and the Golden Ticket
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...Benjamin Delpy
This talk will focus on the how Windows authentication works in the real world and what are the popular attacks against it. You will learn the thought process of attackers in the real world and how it differs from a defender’s perspective. We’ll also cover post-exploitation tools and techniques such as Mimikatz. Finally, we’ll discuss next steps – How do you design services that are breach-resistant and make authentication harder to crack.
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
Talk of Skip Duckwall and I at BlackHat 2014 USA / Defcon Wall of Sheep.
Kerberos, and new pass-the-* feature, like overpass-the-hash and the Golden Ticket
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...bdemchak
The booming popularity of analytics authoring and delivery systems such as Jupyter and RStudio has enabled bioinformatic programmers to create, distribute and improve novel workflows more quickly and economically than ever before. While languages such as Python and R have access to robust and performant libraries that implement general graph operations, such libraries lack support for network biologic operations such as enrichment, complex clustering, complex layouts and visual styling, publication support, and biologic database access. To date, we have positioned Cytoscape to provide basic network construction, styling and layout capabilities via the CyREST system, which consists of language-specific libraries that broker Cytoscape functions across a REST-based network connection.
In our latest work, we have extended the CyREST repertoire to enable access to the large collection of biologically relevant Cytoscape apps thus far available only to interactive users. These include complex clustering, heat propagation, network alignment, pathway analysis, regulatory interaction attributes, enrichment and ontology analysis, among others.
Finally, the Cytoscape Cyberinfrastructure enables bioinformaticians to author new network analyses functions in the language of their choice (e.g., Python, golang, C++), deploy them as services in a scalable cluster, and make them available to Cytoscape as apps callable via CyREST. This extends Cytoscape to leverage large memory and CPU farms previously out of reach.
By exposing Cytoscape’s app ecosystem and flexible, scalable network-biologic web services, we enable network biologists to now author and distribute complex, auditable, and reproducible workflows without first redeveloping Cytoscape functionality, and yet still leverage highly capable web services.
Presentation at Networkshop46.
FRµIT: Raspberry Pi clusters and other adventures in networking research - by Phil Basford, University of Southampton.
Programmable network infrastructure: what does it mean for the campus? - by Matthew Broadbent, University of Lancaster.
Supporting Research through "Desktop as a Service" models of e-infrastructure...David Wallom
Keynote presentation given 13/9/16 @ ESA Earth Observation Open Science workshop 2016.
"The rise in cloud computing as an e-infrastructure model is one that has the power to democratise access to computational and data resources throughout the research communities. We have seen the difference that Infrastructure as a Service (IaaS) has made for different communities and are now only beginning to understand what different models further up the stack can make. It is also becoming clear that with the increase in research data volumes, the number of sources and the possibility of utilising data from different regulatory regimes that a different model of how analysis is performed on the data is possible. Utilising a "Desktop as a Service" model, with community focused applications installed on a common and well understood virtual system image that is directly connected to community relevant data allows the researcher to no longer have to consider moving data but only the final analysed results. This massively simplifies both the user model and the data and resource owner model. We will consider the specific example of the Environmental Ecomics Synthesis Cloud and how it could easily be generalised to other areas."
A Keynote at the Web Science Conference, 2018, held at the VU Amsterdam [1]. This describes in the main the output of the Semantic Technology Institute International (STI2) Summit (for senior researchers in the Semantic Web field) held in Crete in September, 2017 [2].
1. https://websci18.webscience.org/
2. https://www.sti2.org/events/2017-sti2-semantic-summit
Alma, the Cloud & the Evolution of the Library Systems Department - Kevin KiddKevin Kidd
As libraries implement Alma and other cloud-based technologies, there are many questions about the future role of the traditional sysadmin focused library systems department. What opportunities and challenges will systems departments face as libraries push their applications and services into the cloud? What will be the practical effect of implementing Alma on your systems department? What tasks will systems librarians give up? What new duties will they take on? What new skills will systems librarians need to develop? I will discuss these questions in the context of the implementation of Alma at the Boston College Libraries. As the first adopters of Alma, we would like to share thoughts and experiences in a broad discussion of the effects of cloud computing on library systems and services.
Introduces the Globus software-as-a-service for file transfer and data sharing. Includes step-by-step instructions for creating a Globus account, transferring a file, and setting up a Globus endpoint on your laptop.
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
Michael Wardrop, Netflix
Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads.
As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdfInfosec train
The Advanced Penetration Testing with Kali Linux is an all-embracing course that expertly explains to optimize Kali Linux and its powerful tools for advanced wired and wireless networks.
The Advanced Penetration Testing with Kali Linux is an all-embracing course that expertly explains to optimize Kali Linux and its powerful tools for advanced wired and wireless networks. The course focuses to demonstrate advanced techniques to perform penetration testing. You learn to use Metasploit Framework and practices used in exploiting Windows and Unixplatforms. Vulnerability scanningforms an integral part of this comprehensive training and demonstrates how a system is targeted and exploited. The training also empowers you with detailed understanding of diverse post-exploitation techniques and modernistic techniques to evade antivirus while understanding the customization of attacks.
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...bdemchak
The booming popularity of analytics authoring and delivery systems such as Jupyter and RStudio has enabled bioinformatic programmers to create, distribute and improve novel workflows more quickly and economically than ever before. While languages such as Python and R have access to robust and performant libraries that implement general graph operations, such libraries lack support for network biologic operations such as enrichment, complex clustering, complex layouts and visual styling, publication support, and biologic database access. To date, we have positioned Cytoscape to provide basic network construction, styling and layout capabilities via the CyREST system, which consists of language-specific libraries that broker Cytoscape functions across a REST-based network connection.
In our latest work, we have extended the CyREST repertoire to enable access to the large collection of biologically relevant Cytoscape apps thus far available only to interactive users. These include complex clustering, heat propagation, network alignment, pathway analysis, regulatory interaction attributes, enrichment and ontology analysis, among others.
Finally, the Cytoscape Cyberinfrastructure enables bioinformaticians to author new network analyses functions in the language of their choice (e.g., Python, golang, C++), deploy them as services in a scalable cluster, and make them available to Cytoscape as apps callable via CyREST. This extends Cytoscape to leverage large memory and CPU farms previously out of reach.
By exposing Cytoscape’s app ecosystem and flexible, scalable network-biologic web services, we enable network biologists to now author and distribute complex, auditable, and reproducible workflows without first redeveloping Cytoscape functionality, and yet still leverage highly capable web services.
Presentation at Networkshop46.
FRµIT: Raspberry Pi clusters and other adventures in networking research - by Phil Basford, University of Southampton.
Programmable network infrastructure: what does it mean for the campus? - by Matthew Broadbent, University of Lancaster.
Supporting Research through "Desktop as a Service" models of e-infrastructure...David Wallom
Keynote presentation given 13/9/16 @ ESA Earth Observation Open Science workshop 2016.
"The rise in cloud computing as an e-infrastructure model is one that has the power to democratise access to computational and data resources throughout the research communities. We have seen the difference that Infrastructure as a Service (IaaS) has made for different communities and are now only beginning to understand what different models further up the stack can make. It is also becoming clear that with the increase in research data volumes, the number of sources and the possibility of utilising data from different regulatory regimes that a different model of how analysis is performed on the data is possible. Utilising a "Desktop as a Service" model, with community focused applications installed on a common and well understood virtual system image that is directly connected to community relevant data allows the researcher to no longer have to consider moving data but only the final analysed results. This massively simplifies both the user model and the data and resource owner model. We will consider the specific example of the Environmental Ecomics Synthesis Cloud and how it could easily be generalised to other areas."
A Keynote at the Web Science Conference, 2018, held at the VU Amsterdam [1]. This describes in the main the output of the Semantic Technology Institute International (STI2) Summit (for senior researchers in the Semantic Web field) held in Crete in September, 2017 [2].
1. https://websci18.webscience.org/
2. https://www.sti2.org/events/2017-sti2-semantic-summit
Alma, the Cloud & the Evolution of the Library Systems Department - Kevin KiddKevin Kidd
As libraries implement Alma and other cloud-based technologies, there are many questions about the future role of the traditional sysadmin focused library systems department. What opportunities and challenges will systems departments face as libraries push their applications and services into the cloud? What will be the practical effect of implementing Alma on your systems department? What tasks will systems librarians give up? What new duties will they take on? What new skills will systems librarians need to develop? I will discuss these questions in the context of the implementation of Alma at the Boston College Libraries. As the first adopters of Alma, we would like to share thoughts and experiences in a broad discussion of the effects of cloud computing on library systems and services.
Introduces the Globus software-as-a-service for file transfer and data sharing. Includes step-by-step instructions for creating a Globus account, transferring a file, and setting up a Globus endpoint on your laptop.
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
Michael Wardrop, Netflix
Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads.
As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdfInfosec train
The Advanced Penetration Testing with Kali Linux is an all-embracing course that expertly explains to optimize Kali Linux and its powerful tools for advanced wired and wireless networks.
The Advanced Penetration Testing with Kali Linux is an all-embracing course that expertly explains to optimize Kali Linux and its powerful tools for advanced wired and wireless networks. The course focuses to demonstrate advanced techniques to perform penetration testing. You learn to use Metasploit Framework and practices used in exploiting Windows and Unixplatforms. Vulnerability scanningforms an integral part of this comprehensive training and demonstrates how a system is targeted and exploited. The training also empowers you with detailed understanding of diverse post-exploitation techniques and modernistic techniques to evade antivirus while understanding the customization of attacks.
IPv6 Campus Deployment Updates panel; University of Pennsylvania (Shumon Huque), IIJ (Randy Bush), U of Hawaii (Alan Whinery) - Joint Techs Workshop; February 2010
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Epistemic Interaction - tuning interfaces to provide information for AI support
Kerberos at Penn (MIT Kerberos Consortium)
1. • Shumon Huque, University of Pennsylvania
• Dennis Taylor, NASA
• Matt Selsky, Columbia University
• Dominic Hargreaves, Oxford University
Panel
Kerberos in the Knowledge Enterprise
1
2. Kerberos at Penn
Shumon Huque
University of Pennsylvania
Kerberos Conference, October 27th 2010
Massachusetts Institute of Technology
Cambridge, Massachusetts, USA
2
3. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
University of Pennsylvania
• Founded 1740, Philadelphia, PA
• 24,000 students, 4,000 faculty, 12,000 staff
• 50,000 IP addresses in use
• Some central and many decentralized IT
units
3
4. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
Kerberos Deployment
• Initial deployment: 2000 through 2002
• Replaced legacy homegrown system
• Campus-wide KDCs: MIT Kerberos 1.5.x
• (Some) departmental windows servers do
(1-way) cross realm authentication
• Custom IDM/account management tools
4
5. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
Native Kerberos vs.
PasswordVerification
• We’ve spent a significant amount of time and
energy trying to influence large scale use of native
Kerberos authentication.
• Some successes but numerous failures. It’s difficult
to do this in an environment of heteregenous,
unmanaged computers.
• A number of application protocols (and their
popular implementations) still don’t have good
support for Kerberos.
5
6. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
Intermediate systems
• RADIUS
• primarily to support EAP-TTLS-PAP
• Web Single-SignOn: CoSign (UMich)
• Federation: Shibboleth (via CoSign)
• Authenticated LDAP
• This is for authenticated access to our online directory.We strongly
discourage using this for application authentication.
6
7. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
Kerberos for the Web
• Made several attempts in this area over the years,
but has not gained (much) traction
• SPNEGO/HTTP Negotiate (+ SSL for
channel protection)
• KX.509 (from Univ of Michigan) - Kerberos to
short term X.509 credentials
• Need: widespread support and adoption;
official IETF standards
7
8. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
Multi-factor
• Investigated and piloted (no production):
• CRYPTOcard
• RSA SecurID
• Integration options:
• Kerberos pre-authentication step
• 2nd input to web SSO systems
8
9. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
Authorization systems
• Kerberos: authentication only
• Applications need to consult separate authz
infrastructure (ours is based on the
Internet2 Grouper system)
• Many windows systems also use their usual
methods (Authz data/PAC etc) for
additional local policies
9
10. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
Near term enhancements
• Upgrade to recent version of MIT code
• Adapt local changes to plug-in framework
• Test FAST (protect AS exch from offline dict attack)
• Incremental propagation
• LDAP back-end & multi-master (investigation)
• Migration -> stronger encryption types
10
11. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
Wants, hopes, desires?
• (Better) Native Kerberos for HTTP
• EAP method (wireless/802.1x authn)
• IPsec (does anyone use/implement KINK, GSS-IKE etc?)
• VoIP (SIP etc)
• Kerberos on mobile devices
• Multi-factor
11
12. Kerberos at Penn, October 27th 2010, Kerberos Conference, MIT
Questions?
Shumon Huque
shuque@upenn.edu
12