Presentación realizada el 3 de Julio en la que se presentaron los plugins de Latch para OS X, Latch para Windows [Personal/Enterprise] Edition y Latch para Linux. Los plugins están disponibles en: https://latch.elevenpaths.com/www/plugins_sdks.html
RootedCON 2014: Playing and Hacking with Digital LatchesChema Alonso
Talk about Latch (https://latch.elevenpaths.com) delivered by Chema Alonso in RootedCON 2014. Charla sobre Latch (https://latch.elevenpaths.com) y los distintos escenarios de uso de la tecnología realizada durante la RootedCON 2014
Charla impartida en el Asegur@IT Camp 2 en el año 2010 por Chema Alonso. El vídeo de la presentación está en https://www.youtube.com/watch?v=0KYnnITHLNU y la presentación está basada en el artículo de "Buscadores como armas de destrucción masivas" http://www.elladodelmal.com/2010/03/buscadores-como-arma-de-destruccion.html
La labor de gestionar la seguridad de una empresa suele ser como bailar sobre el alambre. Hay que permitir que el negocio siga funcionando, estar a la última, proteger lo ya implantado e innovar en cosas nuevas. Eso sí, de forma más eficiente cada año y con menos presupuesto. Todo ello, con el objetivo de no que no pase nada. La conclusión de esto es que al final siempre queda Long Hanging Fruit para que cualquiera se aproveche.
Codemotion 2013: Feliz 15 aniversario, SQL InjectionChema Alonso
Charla de Chema Alonso sobre la historia y evolución de las técnicas de SQL Injection en el evento Codemotion ES del año 2013 que tuvo lugar en la Escuela Universitaria de Informática de la Universidad Politécnica de Madrid
Este documento discute varios temas relacionados con ataques XSS persistentes y no persistentes, incluida la búsqueda de vulnerabilidades, la distribución de malware y la ejecución de comandos a través de ataques XSS. También describe cómo los ataques XSS no persistentes pueden convertirse efectivamente en persistentes al ser indexados por los motores de búsqueda principales e incluidos en las páginas web. El documento concluye señalando que la falta de filtrado de URLs y la indexación de XSS en Google u
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaChema Alonso
Diapositivas de la conferencia impartida en el X Fórum AUSAPE 2014 en Zaragoza, durante el mes de Junio de 2014. El vídeo de la sesión está disponible en el siguiente enlace: https://www.youtube.com/watch?v=jTdmPC9Bpk0
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataChema Alonso
Charla de 20 minutos sobre cómo los entornos de Big Data pueden utilizar detalles de huellas digitales de las conexiones para poder seguir los usuarios más allá de los entornos en los que está identificado con su usuario.
El documento describe una nueva tecnología llamada Latch que permite a los usuarios bloquear y desbloquear el acceso a sus cuentas y operaciones de manera remota y granular para mejorar la seguridad y privacidad. Latch genera códigos temporales y tokens de emparejamiento para autenticar el acceso desde dispositivos autorizados mientras bloquea el acceso no autorizado incluso si se comprometen las credenciales de la cuenta. Latch también puede requerir códigos OTP adicionales para ciertas operaciones sensibles.
RootedCON 2014: Playing and Hacking with Digital LatchesChema Alonso
Talk about Latch (https://latch.elevenpaths.com) delivered by Chema Alonso in RootedCON 2014. Charla sobre Latch (https://latch.elevenpaths.com) y los distintos escenarios de uso de la tecnología realizada durante la RootedCON 2014
Charla impartida en el Asegur@IT Camp 2 en el año 2010 por Chema Alonso. El vídeo de la presentación está en https://www.youtube.com/watch?v=0KYnnITHLNU y la presentación está basada en el artículo de "Buscadores como armas de destrucción masivas" http://www.elladodelmal.com/2010/03/buscadores-como-arma-de-destruccion.html
La labor de gestionar la seguridad de una empresa suele ser como bailar sobre el alambre. Hay que permitir que el negocio siga funcionando, estar a la última, proteger lo ya implantado e innovar en cosas nuevas. Eso sí, de forma más eficiente cada año y con menos presupuesto. Todo ello, con el objetivo de no que no pase nada. La conclusión de esto es que al final siempre queda Long Hanging Fruit para que cualquiera se aproveche.
Codemotion 2013: Feliz 15 aniversario, SQL InjectionChema Alonso
Charla de Chema Alonso sobre la historia y evolución de las técnicas de SQL Injection en el evento Codemotion ES del año 2013 que tuvo lugar en la Escuela Universitaria de Informática de la Universidad Politécnica de Madrid
Este documento discute varios temas relacionados con ataques XSS persistentes y no persistentes, incluida la búsqueda de vulnerabilidades, la distribución de malware y la ejecución de comandos a través de ataques XSS. También describe cómo los ataques XSS no persistentes pueden convertirse efectivamente en persistentes al ser indexados por los motores de búsqueda principales e incluidos en las páginas web. El documento concluye señalando que la falta de filtrado de URLs y la indexación de XSS en Google u
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaChema Alonso
Diapositivas de la conferencia impartida en el X Fórum AUSAPE 2014 en Zaragoza, durante el mes de Junio de 2014. El vídeo de la sesión está disponible en el siguiente enlace: https://www.youtube.com/watch?v=jTdmPC9Bpk0
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataChema Alonso
Charla de 20 minutos sobre cómo los entornos de Big Data pueden utilizar detalles de huellas digitales de las conexiones para poder seguir los usuarios más allá de los entornos en los que está identificado con su usuario.
El documento describe una nueva tecnología llamada Latch que permite a los usuarios bloquear y desbloquear el acceso a sus cuentas y operaciones de manera remota y granular para mejorar la seguridad y privacidad. Latch genera códigos temporales y tokens de emparejamiento para autenticar el acceso desde dispositivos autorizados mientras bloquea el acceso no autorizado incluso si se comprometen las credenciales de la cuenta. Latch también puede requerir códigos OTP adicionales para ciertas operaciones sensibles.
Codemotion ES 2014: Love Always Takes Care & HumilityChema Alonso
Talk delivered by Chema Alonso in Codemotion 2014 ES {Madrid}. It is about passwords, second factor authentication and Second Factor Authorization using Latch... with a Breaking Bad touch.
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
Charla dada por Chema Alonso en Five Talks sobre cómo funciona la seguridad de iPhone. Más información y detalles en el libro Hacking iOS {iPhone & iPad} http://0xword.com/es/libros/39-libro-hacking-dispositivos-ios-iphone-ipad.html
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionChema Alonso
Talk delivered by Chema Alonso & Jose Palazon "Palako" in ShmooCON 2009 at Washington about SQL Injection, Blind SQL Injection, Time-Based Blind SQL Injection, RFD (Remote File Downloading) and Serialized SQL Injection. http://www.slideshare.net/chemai64/timebased-blind-sql-injection-using-heavy-queries-34887073
Talk delivered by Chema Alonso in CyberCamp ES 2014 about Shuabang Botnet discoverd by Eleven Paths. http://www.slideshare.net/elevenpaths/shuabang-with-new-techniques-in-google-play
Presentación impartida por Chema Alonso en las Navajas Negras 4 Edición (año 2014) sobre la indexación de contenido en los buscadores y cómo aprovecharlo para hacer auditorías de seguridad y hacking
El documento presenta una serie de nombres de ingenieros y hackers asociados con la compañía elevenpaths.com. Al final, incluye un mensaje que indica que no es necesario ser ingeniero para ser hacker o viceversa, pero que la combinación de ambas habilidades es muy valiosa para la compañía.
Talk delivered by Chema Alonso at RootedCON Satellite (Saturday 12th of September 2015) about how to do hacking & pentesting using dorks over Tacyt, a Big Data of Android Apps
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
Artículo de Windows Técnico que muestra cómo recuperar dispositivos de sonido en Windows Vista y Windows 7 cuando estos desaparecen. Más información en http://www.elladodelmal.com
Charla impartida por Chema Alonso en el congreso Internet 3.0 el 24 de Abril de 2015 en Alicante sobre cómo la gente que cree en las soluciones mágicas y gratuitas acaba siendo estafada o víctima de fraude. Todas las partes de la presentación llevan sus enlaces a los artículos correspondientes para ampliar información.
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
This document analyzes LDAP injection techniques that can be used to exploit vulnerabilities in web applications that use LDAP directories. It discusses two types of LDAP injection - classic and blind. Classic injection allows attackers to directly execute malicious queries by appending injected code that will be processed by the LDAP server. Blind injection uses a binary approach to infer information from the server response without error messages. The document examines real examples of how attackers can use injected queries to view restricted documents or obtain a full list of users from the LDAP directory. It emphasizes that input validation is needed to prevent both classic and blind LDAP injection attacks.
Auditoría de TrueCrypt: Informe final fase IIChema Alonso
Informe con los resultados de la fase II del proceso de auditoría del software de cifrado de TrueCrypt que buscaba bugs y posibles puertas traseras en el código.
Latch en Linux (Ubuntu): El cerrojo digitalChema Alonso
Artículo de cómo fortifica Linux (Ubuntu) con Latch: El cerrojo digital. El paper ha sido escrito por Bilal Jebari http://www.bilaljebari.tk/index.php/es/blog/5-latch-en-ubuntu
Configurar y utilizar Latch en MagentoChema Alonso
Tutorial realizado por Joc sobre cómo instalar y configurar Latch en el framework Magento. El plugin puede descargarse desde https://github.com/jochhop/magento-latch y tienes un vídeo descriptivo de su uso en http://www.elladodelmal.com/2015/10/configurar-y-utilizar-latch-en-magento.html
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
The document discusses new paradigms in digital identity, including authentication and authorization as a service (AuthaaS). It describes the different types of digital identities (physical, corporate, social), and proposes a model where mobile devices can be used for multi-factor authentication and authorization. The model provides different levels of authentication from basic to strong, and allows companies to apply access control strategies across traditional IT environments and IAM solutions through services like one-time passwords and digital locks.
Esta es la presentación que di en OWASP EU 2013 sobre algunas reflexiones sobre por qué el pentesting y la seguridad informática fallan hoy en día y los "malos" o "ciberespías" siempre ganan. Son reflexiones personales sobre Pentesting by Design, diseño de soluciones de seguridad y planificación empresarial. Mis ideas.
Charla de contenido generalista sobre la Deep Web, impartida por Chema Alonso en el congreso e_Coned. En ella se habla de medios de pago e incidentes de seguridad.
Best Industrial Automation Software Development In India .Dreamsoft's unique technical expertise lies in the field of software development for industrial automation in terms of design, development and implementation. We have a unique combination of understanding of process development and the device interface aspect in the field of industrial automation. If you are an OEM of devices using specific protocols such as serial, TCP/IP, ASCII etc. or you have imported devices for which you want to develop data logging, data recording and data analysis software, we have the know-how to do it. We examine the protocol through which the devices can communicate and perform various tasks in our software accordingly.
Geht echte Sicherheit nur mit Open Source?Christian Egle
This document discusses the debate around open source software versus proprietary software. It argues that open source allows for more distribution, federation, and participation, which can create more freedom and prevent lock-in compared to closed, centralized platforms. Open source is presented as the antithesis to monopolistic control by being transparent, free, and enabling a free market of choice. Examples of open source email and app providers are given that allow moving data between providers and using the software without vendor lock-in.
Codemotion ES 2014: Love Always Takes Care & HumilityChema Alonso
Talk delivered by Chema Alonso in Codemotion 2014 ES {Madrid}. It is about passwords, second factor authentication and Second Factor Authorization using Latch... with a Breaking Bad touch.
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
Charla dada por Chema Alonso en Five Talks sobre cómo funciona la seguridad de iPhone. Más información y detalles en el libro Hacking iOS {iPhone & iPad} http://0xword.com/es/libros/39-libro-hacking-dispositivos-ios-iphone-ipad.html
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionChema Alonso
Talk delivered by Chema Alonso & Jose Palazon "Palako" in ShmooCON 2009 at Washington about SQL Injection, Blind SQL Injection, Time-Based Blind SQL Injection, RFD (Remote File Downloading) and Serialized SQL Injection. http://www.slideshare.net/chemai64/timebased-blind-sql-injection-using-heavy-queries-34887073
Talk delivered by Chema Alonso in CyberCamp ES 2014 about Shuabang Botnet discoverd by Eleven Paths. http://www.slideshare.net/elevenpaths/shuabang-with-new-techniques-in-google-play
Presentación impartida por Chema Alonso en las Navajas Negras 4 Edición (año 2014) sobre la indexación de contenido en los buscadores y cómo aprovecharlo para hacer auditorías de seguridad y hacking
El documento presenta una serie de nombres de ingenieros y hackers asociados con la compañía elevenpaths.com. Al final, incluye un mensaje que indica que no es necesario ser ingeniero para ser hacker o viceversa, pero que la combinación de ambas habilidades es muy valiosa para la compañía.
Talk delivered by Chema Alonso at RootedCON Satellite (Saturday 12th of September 2015) about how to do hacking & pentesting using dorks over Tacyt, a Big Data of Android Apps
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
Artículo de Windows Técnico que muestra cómo recuperar dispositivos de sonido en Windows Vista y Windows 7 cuando estos desaparecen. Más información en http://www.elladodelmal.com
Charla impartida por Chema Alonso en el congreso Internet 3.0 el 24 de Abril de 2015 en Alicante sobre cómo la gente que cree en las soluciones mágicas y gratuitas acaba siendo estafada o víctima de fraude. Todas las partes de la presentación llevan sus enlaces a los artículos correspondientes para ampliar información.
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
This document analyzes LDAP injection techniques that can be used to exploit vulnerabilities in web applications that use LDAP directories. It discusses two types of LDAP injection - classic and blind. Classic injection allows attackers to directly execute malicious queries by appending injected code that will be processed by the LDAP server. Blind injection uses a binary approach to infer information from the server response without error messages. The document examines real examples of how attackers can use injected queries to view restricted documents or obtain a full list of users from the LDAP directory. It emphasizes that input validation is needed to prevent both classic and blind LDAP injection attacks.
Auditoría de TrueCrypt: Informe final fase IIChema Alonso
Informe con los resultados de la fase II del proceso de auditoría del software de cifrado de TrueCrypt que buscaba bugs y posibles puertas traseras en el código.
Latch en Linux (Ubuntu): El cerrojo digitalChema Alonso
Artículo de cómo fortifica Linux (Ubuntu) con Latch: El cerrojo digital. El paper ha sido escrito por Bilal Jebari http://www.bilaljebari.tk/index.php/es/blog/5-latch-en-ubuntu
Configurar y utilizar Latch en MagentoChema Alonso
Tutorial realizado por Joc sobre cómo instalar y configurar Latch en el framework Magento. El plugin puede descargarse desde https://github.com/jochhop/magento-latch y tienes un vídeo descriptivo de su uso en http://www.elladodelmal.com/2015/10/configurar-y-utilizar-latch-en-magento.html
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
The document discusses new paradigms in digital identity, including authentication and authorization as a service (AuthaaS). It describes the different types of digital identities (physical, corporate, social), and proposes a model where mobile devices can be used for multi-factor authentication and authorization. The model provides different levels of authentication from basic to strong, and allows companies to apply access control strategies across traditional IT environments and IAM solutions through services like one-time passwords and digital locks.
Esta es la presentación que di en OWASP EU 2013 sobre algunas reflexiones sobre por qué el pentesting y la seguridad informática fallan hoy en día y los "malos" o "ciberespías" siempre ganan. Son reflexiones personales sobre Pentesting by Design, diseño de soluciones de seguridad y planificación empresarial. Mis ideas.
Charla de contenido generalista sobre la Deep Web, impartida por Chema Alonso en el congreso e_Coned. En ella se habla de medios de pago e incidentes de seguridad.
Best Industrial Automation Software Development In India .Dreamsoft's unique technical expertise lies in the field of software development for industrial automation in terms of design, development and implementation. We have a unique combination of understanding of process development and the device interface aspect in the field of industrial automation. If you are an OEM of devices using specific protocols such as serial, TCP/IP, ASCII etc. or you have imported devices for which you want to develop data logging, data recording and data analysis software, we have the know-how to do it. We examine the protocol through which the devices can communicate and perform various tasks in our software accordingly.
Geht echte Sicherheit nur mit Open Source?Christian Egle
This document discusses the debate around open source software versus proprietary software. It argues that open source allows for more distribution, federation, and participation, which can create more freedom and prevent lock-in compared to closed, centralized platforms. Open source is presented as the antithesis to monopolistic control by being transparent, free, and enabling a free market of choice. Examples of open source email and app providers are given that allow moving data between providers and using the software without vendor lock-in.
AppDynamics Sales Presentation Imagemaker 2014Urena Nicolas
AppDynamics es una nueva clase de software para gestión de rendimiento de aplicaciones (APM o Aplication Performance Management). AppDynamics ha sido diseñado para resolver las problemáticas de las plataformas modernas basadas en JEE y .NET, donde la combinación de servicios y componentes están sometidos a condiciones dinámicas y cambios frecuentes. Y ahora también tiene monitoreo dinámico de la experiencia de usuarios finales (EUM)
This is our general Key-Note type presentation on the evolution of computing to the social web - and it's implications. We declare the need for an Open Cloud, to enable people to regain control over their data. This is what Social Open-Xchange is all about, and here is why.
App Innovation Technologies is an IT consulting company that provides web and mobile application development, enterprise solutions, and collaboration services using technologies like PHP, .NET, iOS, Android, and SharePoint. They have development teams in the US and India to deliver cost-effective, high-quality solutions. The company has experience developing web and mobile applications for clients in various industries including healthcare, automotive, and publishing. They also provide search engine optimization and custom software development services.
[Solace] Open Data Movement for Connected VehiclesTomo Yamaguchi
This document discusses using Solace messaging technology as a data movement platform for connected vehicle projects. A connected car can share internet access both inside and outside the vehicle. Solace provides a common platform to simplify management, enable stress-free scaling, provide consistent policy control, support multiple protocols, and offer built-in high availability and disaster recovery. Case studies demonstrate how Solace has helped companies implement connected vehicle and smart city projects involving large numbers of devices.
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...DataDome
DataDome protects all vulnerability endpoints of digital business (website, mobile app, login pages, payment funnels, APIs, form and submit sections, backoffice, RSS feeds) from automated threats driven by bots. The Saas cybersecurity solution integrates seamlessly with 95% of the world's web infrastructure.
The document describes an online crime management system with two modules: 1) An admin module for managing complaints, criminal details, and police departments. 2) A user module for users to register complaints, view complaint history. It provides requirements, ER diagram, use case diagram, and screenshots of the system's interfaces for complaint registration, history, police management, and report viewing functions. The goal is to reduce manual work in crime management.
The document provides information about a company that offers IT, telecommunications, and custom software services. The company was established in 2009 in Athens, Greece and has 10 employees with expertise in IT, programming, systems, and telecommunications. It generates approximately 300k Euro in annual revenue. The company provides consulting, project development, customized software solutions, training, and technical support services.
MeasureWorks - Multichannel 2013 - Why your users quit your online (mobile) s...MeasureWorks
My slides from MultiChannel 2013... About why users demand performance and will abandon your website if you fail... Research is based on extensive user panal research, with a focus on performance and task completion.
This document provides a summary of Dinkar Singh's experience as a System Test Analyst at FirstData. It outlines his 5+ years of experience in software quality assurance, testing, production support and maintenance for banking/payment systems. It also lists his technical skills including programming languages, testing methods, databases, tools, operating systems, and education background of a Bachelor's degree in Electronics & Telecommunications.
The document provides an overview of an SAP training course on SAP technology. The course covers topics such as SAP BASIS, system architecture, development, administration, interfaces, and support. It introduces key SAP concepts and components including R/3, ABAP, and various SAP modules. It also discusses SAP system architecture, development tools, customizing, and administration tools.
The document discusses B.Open SA's cloud solutions portfolio for public sector organizations. It introduces jPlaton, a proprietary development platform for distributed applications, and Comidor, an integrated operational and management application suite offering features like e-collaboration and project management. Comidor is offered as a SaaS solution worldwide and can be implemented on-premises, in a private cloud, or public cloud. The solutions aim to help public sector organizations focus on service outcomes by integrating multiple tools into a single cloud platform and supporting interoperability with third-party systems.
LogicTree IT Solutions Inc executed various projects between September 2009 to March 2010 including an iPad application for pilots, an online small business tool platform, a retail mobile application for a Los Angeles client, an iPhone events application, a Windows media transfer application, an event ticket management system, website maintenance, and a cardiac wellness program management software. The projects encompassed a variety of technologies and platforms and were undertaken by teams of 2 to 8 people over durations ranging from 1 month to ongoing.
Confluent x imply: Build the last mile to value for data streaming applicationsconfluent
The document discusses how modern applications require real-time connectivity and instant reactions using data streams, as opposed to traditional batch processing with databases. It explains how Apache Kafka and stream processing with ksqlDB can act as the central nervous system to instantly connect data sources and sinks in real-time. The document also describes how Confluent Cloud provides a fully managed service for Apache Kafka deployments in public clouds.
What's New with Windows Phone - FoxCon TalkSam Basu
Samidip Basu presented on new features in Windows Phone 7.1 SDK (Mango) including push notifications, live tiles, sensors, location services, execution model improvements, and integration of Silverlight and XNA. He demonstrated new hardware devices and discussed using background agents, reminders, search extensibility and toolkits to develop Windows Phone apps. The presentation provided an overview of many new APIs and capabilities in Mango to help developers create compelling Windows Phone apps.
I have supervised and guided the research work of Hamida REBAÏ during her master's thesis. The research topic was "Contribution to the design and implementation of a middleware for parallel computing OLAP cubes". Hamida showed great rigor and autonomy in conducting her research. She was able to design and implement a proof of concept demonstrating the parallelization of OLAP cube calculation. Hamida would be an excellent addition to any team requiring strong technical skills and the ability to work independently on research and development projects. I highly recommend her.
2016 ibm watson io t forum 躍升雲端 敏捷打造物聯網平台Mike Chang
The document discusses IBM's Watson IoT platform and how it can be used from device connectivity to analytics. It provides an overview of the different phases of using the platform from try/dev to managing services. It also discusses how the platform allows composing applications using tools like Node-RED and integrating various services like data and analytics. Industry solutions and examples are also mentioned.
The document discusses IBM's Watson IoT platform and how it can be used from device connectivity to analytics. It provides an overview of the different phases of using the platform from try/dev to managing services. It also discusses how the platform allows composing applications using tools like Node-RED and integrating various cloud services for analytics, security and more. Industry solutions and the value of IBM's IoT platform from connecting assets to optimizing operations and innovating new business models is highlighted.
Adobe’s eCommerce Digital Transformation JourneyDynatrace
Adobe’s eCommerce Digital Transformation Journey
Digital performance is a journey, not a destination. For the eCommerce team at Adobe, their journey to change the world through digital media and digital marketing includes enabling their customers to explore and purchase products anywhere, on any screen. The creative community are tough customers, so making everything work 99.99% of the time while delivering the rich, artistic experience that Adobe's fans expect doesn't make life easy for the eCommerce group. But it's a challenge they've embraced!
Adobe's Greg Thomsen, Event Management Analyst, will share the steps his team has taken to transform their eCommerce platform and processes to be more resilient and responsive. You'll hear about the cultural changes and collaboration supported by the combination of Dynatrace Synthetic Monitoring and Application Monitoring, including:
Accelerating incident management through automation
Driving business alignment with management views
Successful cloud migration
Learn about the hurdles cleared, the lessons learned and Adobe's vision for the future of their digital performance management strategy.
CritoReto 4: Buscando una aguja en un pajarChema Alonso
Los últimos meses la contrainteligencia británica ha avanzado a pasos agigantados en la localización de agentes rusos activos en suelo inglés. Los avances en criptoanálisis, del ahora ascendido Capitán Torregrosa, han permitido localizar el punto central de trabajo de los agentes rusos. Después de días vigilando “Royal China Club”, no se observa ningún movimiento, da la sensación que no es un lugar de encuentro habitual, aunque según las informaciones recopiladas los datos más sensibles de los operativos rusos se encuentran en esa localización. Por este motivo, se decide entrar en el club y copiar toda la información para analizarla. Entre las cosas más curiosas encontradas, se observa un póster en la pared con una imagen algo rara y una especie de crucigrama, así como un texto impreso en una mesa. Ningún aparato electrónico excepcional ni nada aparentemente cifrado. ¿Podrá la inteligencia británica dar por fin con los agentes rusos? El tiempo corre en su contra…
Pentesting con PowerShell: Libro de 0xWordChema Alonso
Índice del libro "Pentesting con PowerShell" de 0xWord.com. Tienes más información y puedes adquirirlo en la siguiente URL: http://0xword.com/es/libros/69-pentesting-con-powershell.html
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Chema Alonso
Cuarta Edición del Curso Online de Especialización en Seguridad
Informática para la Ciberdefensa
Del 4 de mayo al 4 de junio de 2015
Orientado a:
- Responsables de seguridad.
- Cuerpos y fuerzas de seguridad del Estado.
- Agencias militares.
- Ingenieros de sistemas o similar.
- Estudiantes de tecnologías de la información
La mayoría de la gente tiene una buena concepción del hardware de Apple. En este artículo, José Antonio Rodriguez García intenta desmontar algunos mitos.
Este documento contiene información sobre diferentes técnicas de hacking avanzado y análisis de malware utilizando Python. Se cubren temas como ataques en redes locales, fuzzing, depuración de software, anonimato con TOR e I2P, amenazas persistentes avanzadas (APT), inyección de código malicioso, análisis de memoria y malware, y el desarrollo de herramientas para espiar víctimas y representar servidores en una red. El documento está organizado en cuatro capítulos principales y vari
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Chema Alonso
Traducción de la tesis de Sam DeFabbia-Kane en el año 2011. Una tesis entregada a la facultad de la Universidad Wesleyana como cumplimiento parcial de los requerimientos para el Diploma de Bachiller de Artes con Honores Departamentales en Ciencias de la Computación
Los alumnos de algunos grados y postgrados de la Universidad Internacional de La Rioja UNIR pueden utilizar Latch. Aquí hay una guía de uso de Latch en UNIR.
Curso Online de Especialización en Seguridad Informática para la CiberdefensaChema Alonso
Orientado a:
- Responsables de seguridad.
- Cuerpos y fuerzas de seguridad del estado.
- Agencias militares.
- Ingenieros de sistemas o similar.
- Estudiantes de tecnologías de la información.
Impartición: online vía WebEx
Duración: 40 horas
Formato: 7 módulos con 20 lecciones de dos horas cada una
Fecha: del 20 de Octubre al 24 de Noviembre de 2014 (10 Noviembre no lectivo)
Días-Horas: Lunes, Martes, Miércoles y Jueves de 16:00 a 18:00 horas (España)
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...Chema Alonso
Artículo presentado en el RECSI 2010 sobre cómo modelar las amenazas en el contexto de la indexación de documentos por parte de los buscadores de Internet.
Artículo sobre el X Forum AUSAPE 2014 en el que Chema Alonso fue ponente. Además artículo en sección firma invitada sobre "Problem Between Chair & Keyboard". El vídeo de la conferencia está disponible en la siguiente URL:
https://www.youtube.com/watch?v=jTdmPC9Bpk0
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3Data Hops
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
2. elevenpaths.com
Product
APP (Advanced
Persistent
Pentesting) Service
24x7x365
Metadata clean up
software to avoid DLP
(WebServers, FS, SPS
Desktop, Forensics)
2FAuthorization
based on Open
Digital Latches
platform
Target
Market
Medium – Large
Corporates
Enterprise
Consumers
Corporate
consumers
B2B2C
Stage Launched Dec 2013 Launched Dec 2013
Launched Dec
2013
Growing up
11Paths Products
3. elevenpaths.com
We use our digital services just a
tiny portion of time everyday.
Why should we left them open
through the day?
If we reduce availability, we reduce
exposure, and therefore risk.
Those developing new security
proposals in online purchase are
seizing all of the market.
4. elevenpaths.com
Taking a cab
To make her trip easier she decidesto pay everything using a service, on her way to
the officeat the destinationpoint she switches service on, so she can pay the taxi
fare.Once done she switches her accountoff, minimizing the exposure to improper
usage.
5. elevenpaths.com
At the airport
Anna has just starteda new job and she is on a business trip. As usual, she
checks the weather,preparesher suitcase and defines her online security
levels using Latch.
6. elevenpaths.com
Latch
Server
1.- Generate
pairing code
2.- Temporary
Pariring token
My Site
User Settings:
Login: XXXX
Pass: YYYY
Latch:
4.-AppID+Temp pairing Token
5.- OK+Unique Latch
6.-ID Latch
appears in app
U
L
a
t
c
h
Latch on a digital ID
7. elevenpaths.com
Latch
Server
My Bank
Users DB:
Login: XXXX
Pass: YYYY
Latch: Latch1
Login Page:
Login:AAAA
Pass:BBBB
1.- Client sends
Login/password
2.- Web checks
Credentials with
Its users DB
3.- asks about Latch1 status
4.- Latch 1 is OFF
5.- Login Error
6.- Someone try to get
Access to Latch 1 id.
2.- Check user/pass
Login into a Web
16. elevenpaths.com
Windows XP / Vista / 7 / 8/8.1
Local
Users
Query Status
User pairing
Open Platform:
Latch for Windows (Personal)
Latch for
Windows
17. elevenpaths.com
Windows Server 2003 / 2008 / 2012
Domain
Users Latch for
Windows
Query Status
User pairing
Windows XP / Vista /
7 / 8/ 8.1Login
Pairing Intranet
Open Platform:
Latch for Windows
(Enterprise)
18. elevenpaths.com
Windows Server 2003 / 2008 / 2012
Latch for
Windows
Windows Server 2003 / 2008 / 2012
Domain
Users
Latch for
windows
Secondary Domain Controllers
Principal Domain Controller
Sync
Service
Domain
Users
Open Platform: Latch for Windows (Enterprise)
Windows Server 2003 / 2008 / 2012
Domain
Users
Latch for
windows
21. elevenpaths.com
Latch
Server
Latch app
Latch1: OFF
Latch2:ON
Latch3:OTP
Latch4:OFF
….
My Bank
Users DB:
Login: XXXX
Pass: YYYY
Latch: Latch1
Login Page:
Login:AAAA
Pass:BBBB
1.- Client sends
Login/password
2.- Web checks
Credentials with
Its users DB
3.- asks about Latch1 status
5.- Latch 1 is ON(OTP)
6.- OTP?
7.- Use this (OTP).
4.- Latch
Server
Generates
OTP
2.- Check user/pass
Login into a Web with OTP
23. elevenpaths.com
Latch
Server
Latch app
Latch1: ON
Op1:OFF
Op2:ON
OP3:OTP
Latch 2:
OFF
….
My Bank
Login: XXXX
Pass: YYYY
Latch: Latch1
Int_Trnas: Op1
Online
Banking
Send Money:
1231124343
1.- Client orders
International
Transactions
3.- asks Latch1:Op1 status
4.- Latch 1:Op1 is OFF
5.- Denied
6.- Someone try to
do a Latch 1:Op1
Operation
Operations in Latch
24. elevenpaths.com
Users
Developers Corporates
Control all digital identities
from one single point.
ON/OFF.
Integrate Plugins and develop
solutions with SDKs to adapt
Latch technology to their
needs
SDKs:
PHP, Java, .NET, C, Ruby,
Python & WebService API
Plugins:
WordPress, PrestaShop,
RedMine, Cpanel, Moodle,
OpenVPN, SSH, Drupal,
DotNetNuke, Joomla!, …
more than 20
· Deploy 2FAuth
· Opt-in/mandatory
· Detect identity theft
· Granularity
· Reduce Fraud
· Parental Control
· 4 Eyes verification
Tools
· Control Dashboard
· Usage Statistics
· Internal appliance (beta)