Cyber security at the application level involves protecting applications from vulnerabilities through proper security measures implemented during the software development lifecycle. This includes securing applications from flaws introduced during design, development, deployment, upgrade or maintenance. Application security aims to prevent exceptions to the security policy by addressing vulnerabilities in the application or underlying system. Key aspects of application security include input validation, access controls, and output encoding.
Network forensics is the capture, recording, and analysis of network events and traffic in order to discover the source of security attacks or other problem incidents. It involves systematically capturing and analyzing network traffic and events to trace and prove a network security incident. Network forensics provides crucial network-based evidence that can be used to successfully prosecute criminals. It is a difficult process that depends on maintaining high-quality network information.
The document summarizes a presentation on network forensics and lessons learned from the July 2007 London attacks. The presentation covered early adoption of firewalls and DMZs, intrusion prevention systems, the use of fingerprints and DNA in forensics, the 2004 Madrid train bombings and 2005 London bombings. It discussed the police investigation into the London attacks including identifying suspects from CCTV footage and a practice run captured on video. The presentation proposed the use of network monitoring tools as a forensic technique and discussed challenges of detecting slow scan attacks and those using random ports or covert channels.
Think network forensics is just for security? Not with today’s 10G (and tomorrow’s 40G/100G) traffic, not to mention new 802.11ac wireless networks with multi-gigabit data rates. Data is traversing these networks so quickly that detailed, real-time analysis is at best a challenge. Network forensics provides key real-time statistics while saving a complete, packet-level recording of all network activity. You don’t need to worry about capturing the problem – your network forensics solution already has, allowing you to go back in time and analyze any network, application, or security condition.
The document discusses various aspects of network forensics and investigating logs. It covers analyzing log files as evidence, maintaining accurate timekeeping across systems, configuring extended logging in IIS servers, and the importance of log file accuracy and authenticity when using logs as evidence in an investigation.
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
This document provides an overview of network sniffing and packet analysis using Wireshark. It discusses why sniffing is useful for understanding network activity, troubleshooting issues, and performing computer forensics. The document outlines topics like the basic techniques of sniffing, an introduction to Wireshark and its features, analyzing common network protocols, and examples of case studies sniffing could be used for. It emphasizes that patience is a prerequisite and encourages interactive discussion.
Cyber security at the application level involves protecting applications from vulnerabilities through proper security measures implemented during the software development lifecycle. This includes securing applications from flaws introduced during design, development, deployment, upgrade or maintenance. Application security aims to prevent exceptions to the security policy by addressing vulnerabilities in the application or underlying system. Key aspects of application security include input validation, access controls, and output encoding.
Network forensics is the capture, recording, and analysis of network events and traffic in order to discover the source of security attacks or other problem incidents. It involves systematically capturing and analyzing network traffic and events to trace and prove a network security incident. Network forensics provides crucial network-based evidence that can be used to successfully prosecute criminals. It is a difficult process that depends on maintaining high-quality network information.
The document summarizes a presentation on network forensics and lessons learned from the July 2007 London attacks. The presentation covered early adoption of firewalls and DMZs, intrusion prevention systems, the use of fingerprints and DNA in forensics, the 2004 Madrid train bombings and 2005 London bombings. It discussed the police investigation into the London attacks including identifying suspects from CCTV footage and a practice run captured on video. The presentation proposed the use of network monitoring tools as a forensic technique and discussed challenges of detecting slow scan attacks and those using random ports or covert channels.
Think network forensics is just for security? Not with today’s 10G (and tomorrow’s 40G/100G) traffic, not to mention new 802.11ac wireless networks with multi-gigabit data rates. Data is traversing these networks so quickly that detailed, real-time analysis is at best a challenge. Network forensics provides key real-time statistics while saving a complete, packet-level recording of all network activity. You don’t need to worry about capturing the problem – your network forensics solution already has, allowing you to go back in time and analyze any network, application, or security condition.
The document discusses various aspects of network forensics and investigating logs. It covers analyzing log files as evidence, maintaining accurate timekeeping across systems, configuring extended logging in IIS servers, and the importance of log file accuracy and authenticity when using logs as evidence in an investigation.
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
This document provides an overview of network sniffing and packet analysis using Wireshark. It discusses why sniffing is useful for understanding network activity, troubleshooting issues, and performing computer forensics. The document outlines topics like the basic techniques of sniffing, an introduction to Wireshark and its features, analyzing common network protocols, and examples of case studies sniffing could be used for. It emphasizes that patience is a prerequisite and encourages interactive discussion.
Packet capture is a computer networking term for intercepting a data packet that is crossing or moving over a specific computer network. Once a packet is captured, it is stored temporarily so that it can be analyzed. The packet is inspected to help diagnose and solve network problems and determine whether network security policies are being followed. Hackers can also use packet capturing techniques to steal data that is being transmitted over a network.
A firewall of any description is a must for any user connecting to the Internet.
DPI proves to be a better security centric technology than SPI. However, from a security point of view
However, for a truly effective platform a dedicated hardware firewall with DPI provides the best all-round solution and goes a long way to securing networks from the more sophisticated and damaging Internet threats.
Unauthorized access to computer systems and networks can occur through various means such as hacking tools, social engineering, or exploiting system vulnerabilities. Network scanning tools can be used for both legitimate and illegitimate purposes to identify active systems and open ports. Various attacks exist such as man-in-the-middle, ARP poisoning, and wireless network hacking. Protecting against unauthorized access requires monitoring for anomalies, using tools like firewalls, regularly backing up data, and educating users.
Network traffic analysis with cyber securityKAMALI PRIYA P
We are students from SRM University pursuing B.TECH in Computer Science Department. We took a small initiative to make a PPT about how network traffic can be analyzed through Cyber Security. We have also mentioned the known network analyzers and future scope for network traffic analysis with cyber security.
This document discusses network security. It covers security attacks like interruption, interception, modification and fabrication. It also discusses security services like confidentiality, integrity and availability. The document outlines common security mechanisms like encryption, software/hardware controls and firewalls. It provides examples of security attacks like denial of service, TCP hijacking and how mechanisms like firewalls, intrusion detection systems and IPSec can provide defenses.
Network sniffers & injection tools
Network Threats Attack
Specific Attack Types
Network Sniffer
How does a Sniffer Work?
How can I detect a packet sniffer?
Packet Sniffer Mitigation
Injection Tools
Network Forensics - Your Only Choice at 10GSavvius, Inc
Watch the full OnDemand Webcast: http://bit.ly/networkforensics10G
Network forensics remains one of the hottest topics in network analysis, especially with the exploding deployments of 10 Gigabit (10G) gear. Though often considered for security analysis, especially the identification of network intrusions, network forensics can and should be used for much more general network analysis purposes.
At 10G, real-time network analysis is essentially unmanageable. The only effective way to deal with 10G traffic is to quickly screen incoming data for key network performance indicators and then to store the data for in-depth analysis of small slices of pertinent data as the need arises. Again, this in-depth analysis need not be security oriented – network forensics works equally well in identifying spikes in utilization, drops in VoIP call quality and increased latency, whether network or application. At 10G speeds this isn’t easy to accomplish, but with network forensics you’ll make quick work of it.
In this web seminar, we cover:
- Key technologies used in network forensics
- Applicability of network forensics in analyzing typical network performance issues
- Combining real-time capabilities with network forensics for effective 10G network analysis
What you will learn:
- How to effectively capture and manage 10G traffic for network analysis
- How to use real-time key network performance indicators to identify potential problems
- How to use network forensics to analyze and solve typical network performance issues
Open source network forensics and advanced pcap analysisGTKlondike
Speaker: GTKlondike
There is a lot of information freely available out on the internet to get network administrators and security professionals started with network analysis tools such as Wireshark. However, there is a well defined limit on how in depth the topic is covered. This intermediate level talk aims to bridge the gap between a basic understanding of protocol analyzers (I.e. Wireshark and TCPdump), and practical real world usage. Things that will be covered include: network file carving, statistical flow analysis, GeoIP, exfiltration, limitations of Wireshark, and other network based attacks. It is assumed the audience has working knowledge of protocol analysis tools (I.e. Wireshark and TCPdump), OSI and TCP/IP model, and major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.).
Bio
GTKlondike is a local hacker/independent security researcher who has a passion for network security, both attack and defense. He has several years experience working as an network infrastructure and security consultant mainly dealing with switching, routing, firewalls, and servers. Currently attending graduate school, he is constantly studying and learning new techniques to better defend or bypass network security mechanisms.
Network forensics involves collecting and analyzing network data and traffic to determine how attacks occur. It is important to establish standard forensic procedures and know normal network traffic patterns to detect variations. Tools like packet analyzers, Sysinternals, and honeypots can help monitor traffic and identify intrusions. The Honeynet Project aims to increase security awareness by observing new attacker techniques.
The document discusses intrusion detection and various types of intruders and intrusion techniques. It covers password capture methods like watching someone enter their password or using a Trojan horse. It also discusses different types of intrusion detection approaches like statistical anomaly detection, rule-based detection, and honeypots. The document then covers password management, viruses, worms, and distributed denial of service attacks. It concludes by discussing firewall design principles and characteristics like packet filtering routers.
A hybrid intrusion detection system for cloud computing environmentsMohamed Jelidi
This document discusses a proposed hybrid intrusion detection system for cloud computing environments. It aims to increase detection quality by deploying multiple intrusion detection systems (IDS) at different layers, including network IDS (NIDS), host IDS (HIDS), and web application IDS (WIDS). The proposed architecture also incorporates signature-based detection, anomaly-based detection, and event correlation between detection methods. The model is evaluated using real network traffic, web vulnerability scans, and simulated host attacks, demonstrating detection of various attacks across network, host, and application layers.
This document discusses various topics related to intruders and network security. It covers intrusion techniques like password guessing and capture. It also discusses approaches to intrusion detection such as statistical anomaly detection, rule-based detection, and audit record analysis. Finally, it discusses password management strategies like education, computer-generated passwords, and proactive password checking.
The document discusses using data mining approaches for intrusion detection. It describes current intrusion detection approaches like misuse detection using signatures of known attacks and anomaly detection using deviations from normal behavior profiles. Data mining can help by providing a systematic framework to select relevant audit data features, build and update detection models, and combine multiple models. Relevant techniques include building classifiers from audit data and mining patterns within audit records.
Routers play an important role in cyber forensics investigations. During an investigation, an analyst should gather evidence from routers to help determine the source of an attack. This includes examining router logs, configurations, and volatile memory to find artifacts left by attackers. Log files may contain source IP addresses and protocols used. Configurations should be collected but not reset to avoid destroying evidence. Commands like "show access list" and "show users" can provide clues about hacker activity on the router. Properly documenting the chain of custody of all router evidence is crucial for the investigation.
This document provides an overview of intrusion detection systems (IDS) based on the OSI layer model. It defines what an intrusion is and describes different types of intruders. The document discusses network IDS (NIDS) and host-based IDS (HIDS), comparing their advantages and disadvantages. It also outlines common types of attacks detected by IDS at different OSI layers, such as buffer overflow attacks at the application layer and TCP SYN floods at the transport layer. The document proposes an IDS to detect both network and host-based attacks across multiple OSI layers.
Where firewalls fit in the corporate landscape discusses various firewall topics such as why firewalls are needed, the risks without firewalls, what needs to be secured, firewall components, types of firewalls including packet filters, proxy firewalls, and network address translation. It also covers deploying and configuring firewalls properly, auditing firewalls, and trends in firewall technologies. The document provides an overview of firewall concepts and best practices for implementation in a corporate environment.
This document provides an overview of network sniffing including definitions, vulnerable protocols, types of sniffing attacks, tools used for sniffing, and countermeasures. It discusses passive and active sniffing, ARP spoofing, MAC flooding, DNS poisoning techniques, and popular sniffing tools like Wireshark, Arpspoof, and Dsniff. It also outlines methods for detecting sniffing activity on a network such as monitoring for changed MAC addresses and unusual packets, as well as recommendations for implementing countermeasures like encryption, static ARP tables, port security, and intrusion detection systems.
Network Forensics and Practical Packet AnalysisPriyanka Aash
Why Packet Analysis?
3 Phases - Analysis, Conversion & Collection
How do we do it ?
Statistics - Protocol Hierarchy
Statistics - End Points & Conversations
The last five to ten years has seen massive advancements in open source Internet-wide mass-scan tooling, on-demand cloud computing, and high speed Internet connectivity. This has lead to a massive influx of different groups mass-scanning all four billion IP address in the IPv4 space on a constant basis. Information security researchers, cyber security companies, search engines, and criminals scan the Internet for various different benign and nefarious reasons (such as the WannaCry ransomware and multiple MongoDB, ElasticSearch, and Memcached ransomware variants). It is increasingly difficult to differentiate between scan/attack traffic targeting your organization specifically and opportunistic mass-scan background radiation packets.
Grey Noise is a system that records and analyzes all the collective omnidirectional background noise of the Internet, performs enrichments and analytics, and makes the data available to researchers for free. Traffic is collected by a large network of geographically and logically diverse “listener” servers distributed around different data centers belonging to different cloud providers and ISPs around the world.
In this talk I will candidly discuss motivations for developing the system, a technical deep dive on the architecture, data pipeline, and analytics, observations and analysis of the traffic collected by the system, business impacts for network operators, pitfalls and lessons learned, and the vision for the system moving forward.
Packet capture is a computer networking term for intercepting a data packet that is crossing or moving over a specific computer network. Once a packet is captured, it is stored temporarily so that it can be analyzed. The packet is inspected to help diagnose and solve network problems and determine whether network security policies are being followed. Hackers can also use packet capturing techniques to steal data that is being transmitted over a network.
A firewall of any description is a must for any user connecting to the Internet.
DPI proves to be a better security centric technology than SPI. However, from a security point of view
However, for a truly effective platform a dedicated hardware firewall with DPI provides the best all-round solution and goes a long way to securing networks from the more sophisticated and damaging Internet threats.
Unauthorized access to computer systems and networks can occur through various means such as hacking tools, social engineering, or exploiting system vulnerabilities. Network scanning tools can be used for both legitimate and illegitimate purposes to identify active systems and open ports. Various attacks exist such as man-in-the-middle, ARP poisoning, and wireless network hacking. Protecting against unauthorized access requires monitoring for anomalies, using tools like firewalls, regularly backing up data, and educating users.
Network traffic analysis with cyber securityKAMALI PRIYA P
We are students from SRM University pursuing B.TECH in Computer Science Department. We took a small initiative to make a PPT about how network traffic can be analyzed through Cyber Security. We have also mentioned the known network analyzers and future scope for network traffic analysis with cyber security.
This document discusses network security. It covers security attacks like interruption, interception, modification and fabrication. It also discusses security services like confidentiality, integrity and availability. The document outlines common security mechanisms like encryption, software/hardware controls and firewalls. It provides examples of security attacks like denial of service, TCP hijacking and how mechanisms like firewalls, intrusion detection systems and IPSec can provide defenses.
Network sniffers & injection tools
Network Threats Attack
Specific Attack Types
Network Sniffer
How does a Sniffer Work?
How can I detect a packet sniffer?
Packet Sniffer Mitigation
Injection Tools
Network Forensics - Your Only Choice at 10GSavvius, Inc
Watch the full OnDemand Webcast: http://bit.ly/networkforensics10G
Network forensics remains one of the hottest topics in network analysis, especially with the exploding deployments of 10 Gigabit (10G) gear. Though often considered for security analysis, especially the identification of network intrusions, network forensics can and should be used for much more general network analysis purposes.
At 10G, real-time network analysis is essentially unmanageable. The only effective way to deal with 10G traffic is to quickly screen incoming data for key network performance indicators and then to store the data for in-depth analysis of small slices of pertinent data as the need arises. Again, this in-depth analysis need not be security oriented – network forensics works equally well in identifying spikes in utilization, drops in VoIP call quality and increased latency, whether network or application. At 10G speeds this isn’t easy to accomplish, but with network forensics you’ll make quick work of it.
In this web seminar, we cover:
- Key technologies used in network forensics
- Applicability of network forensics in analyzing typical network performance issues
- Combining real-time capabilities with network forensics for effective 10G network analysis
What you will learn:
- How to effectively capture and manage 10G traffic for network analysis
- How to use real-time key network performance indicators to identify potential problems
- How to use network forensics to analyze and solve typical network performance issues
Open source network forensics and advanced pcap analysisGTKlondike
Speaker: GTKlondike
There is a lot of information freely available out on the internet to get network administrators and security professionals started with network analysis tools such as Wireshark. However, there is a well defined limit on how in depth the topic is covered. This intermediate level talk aims to bridge the gap between a basic understanding of protocol analyzers (I.e. Wireshark and TCPdump), and practical real world usage. Things that will be covered include: network file carving, statistical flow analysis, GeoIP, exfiltration, limitations of Wireshark, and other network based attacks. It is assumed the audience has working knowledge of protocol analysis tools (I.e. Wireshark and TCPdump), OSI and TCP/IP model, and major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.).
Bio
GTKlondike is a local hacker/independent security researcher who has a passion for network security, both attack and defense. He has several years experience working as an network infrastructure and security consultant mainly dealing with switching, routing, firewalls, and servers. Currently attending graduate school, he is constantly studying and learning new techniques to better defend or bypass network security mechanisms.
Network forensics involves collecting and analyzing network data and traffic to determine how attacks occur. It is important to establish standard forensic procedures and know normal network traffic patterns to detect variations. Tools like packet analyzers, Sysinternals, and honeypots can help monitor traffic and identify intrusions. The Honeynet Project aims to increase security awareness by observing new attacker techniques.
The document discusses intrusion detection and various types of intruders and intrusion techniques. It covers password capture methods like watching someone enter their password or using a Trojan horse. It also discusses different types of intrusion detection approaches like statistical anomaly detection, rule-based detection, and honeypots. The document then covers password management, viruses, worms, and distributed denial of service attacks. It concludes by discussing firewall design principles and characteristics like packet filtering routers.
A hybrid intrusion detection system for cloud computing environmentsMohamed Jelidi
This document discusses a proposed hybrid intrusion detection system for cloud computing environments. It aims to increase detection quality by deploying multiple intrusion detection systems (IDS) at different layers, including network IDS (NIDS), host IDS (HIDS), and web application IDS (WIDS). The proposed architecture also incorporates signature-based detection, anomaly-based detection, and event correlation between detection methods. The model is evaluated using real network traffic, web vulnerability scans, and simulated host attacks, demonstrating detection of various attacks across network, host, and application layers.
This document discusses various topics related to intruders and network security. It covers intrusion techniques like password guessing and capture. It also discusses approaches to intrusion detection such as statistical anomaly detection, rule-based detection, and audit record analysis. Finally, it discusses password management strategies like education, computer-generated passwords, and proactive password checking.
The document discusses using data mining approaches for intrusion detection. It describes current intrusion detection approaches like misuse detection using signatures of known attacks and anomaly detection using deviations from normal behavior profiles. Data mining can help by providing a systematic framework to select relevant audit data features, build and update detection models, and combine multiple models. Relevant techniques include building classifiers from audit data and mining patterns within audit records.
Routers play an important role in cyber forensics investigations. During an investigation, an analyst should gather evidence from routers to help determine the source of an attack. This includes examining router logs, configurations, and volatile memory to find artifacts left by attackers. Log files may contain source IP addresses and protocols used. Configurations should be collected but not reset to avoid destroying evidence. Commands like "show access list" and "show users" can provide clues about hacker activity on the router. Properly documenting the chain of custody of all router evidence is crucial for the investigation.
This document provides an overview of intrusion detection systems (IDS) based on the OSI layer model. It defines what an intrusion is and describes different types of intruders. The document discusses network IDS (NIDS) and host-based IDS (HIDS), comparing their advantages and disadvantages. It also outlines common types of attacks detected by IDS at different OSI layers, such as buffer overflow attacks at the application layer and TCP SYN floods at the transport layer. The document proposes an IDS to detect both network and host-based attacks across multiple OSI layers.
Where firewalls fit in the corporate landscape discusses various firewall topics such as why firewalls are needed, the risks without firewalls, what needs to be secured, firewall components, types of firewalls including packet filters, proxy firewalls, and network address translation. It also covers deploying and configuring firewalls properly, auditing firewalls, and trends in firewall technologies. The document provides an overview of firewall concepts and best practices for implementation in a corporate environment.
This document provides an overview of network sniffing including definitions, vulnerable protocols, types of sniffing attacks, tools used for sniffing, and countermeasures. It discusses passive and active sniffing, ARP spoofing, MAC flooding, DNS poisoning techniques, and popular sniffing tools like Wireshark, Arpspoof, and Dsniff. It also outlines methods for detecting sniffing activity on a network such as monitoring for changed MAC addresses and unusual packets, as well as recommendations for implementing countermeasures like encryption, static ARP tables, port security, and intrusion detection systems.
Network Forensics and Practical Packet AnalysisPriyanka Aash
Why Packet Analysis?
3 Phases - Analysis, Conversion & Collection
How do we do it ?
Statistics - Protocol Hierarchy
Statistics - End Points & Conversations
The last five to ten years has seen massive advancements in open source Internet-wide mass-scan tooling, on-demand cloud computing, and high speed Internet connectivity. This has lead to a massive influx of different groups mass-scanning all four billion IP address in the IPv4 space on a constant basis. Information security researchers, cyber security companies, search engines, and criminals scan the Internet for various different benign and nefarious reasons (such as the WannaCry ransomware and multiple MongoDB, ElasticSearch, and Memcached ransomware variants). It is increasingly difficult to differentiate between scan/attack traffic targeting your organization specifically and opportunistic mass-scan background radiation packets.
Grey Noise is a system that records and analyzes all the collective omnidirectional background noise of the Internet, performs enrichments and analytics, and makes the data available to researchers for free. Traffic is collected by a large network of geographically and logically diverse “listener” servers distributed around different data centers belonging to different cloud providers and ISPs around the world.
In this talk I will candidly discuss motivations for developing the system, a technical deep dive on the architecture, data pipeline, and analytics, observations and analysis of the traffic collected by the system, business impacts for network operators, pitfalls and lessons learned, and the vision for the system moving forward.
Presents a WHOIS database search engine tool I wrote to allow pentesters to access network information for specified targets. First presented at BSidesDE 2010
2019 FRSecure CISSP Mentor Program: Class SixFRSecure
This document summarizes a CISSP mentor program session from April 29, 2019. It discusses completing chapters 1-4 of the curriculum, switching to questions from other sources, and covering network architecture and design topics like network defense in depth, fundamental network concepts of simplex/half-duplex/full-duplex communication, baseband/broadband, analog/digital, LANs/WANs/MANs/GANs/PANs, and circuit-switched vs. packet-switched networks. The session included quizzes and 134 slides to go over these topics.
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
This presentation discusses penetration testing techniques from an unconventional perspective. It advocates for intelligence gathering and footprinting before scanning or exploitation to have a more effective assessment. Specific techniques discussed include using open source intelligence gathering on internal and external systems to develop profiles and target lists. Footprinting activities within the network focus on enumeration of users, shares, services and other details to identify vulnerable systems rather than broad scanning. The presentation provides examples of exploiting old vulnerabilities in applications like Citrix and weaknesses in administration interfaces. It emphasizes continuing post-exploitation activities like privilege escalation and lateral movement within compromised systems to fully evaluate security.
Michael F. Collins gave a presentation about different ways for programs to communicate and collaborate. He discussed parent-child processes where a parent process spawns a child process and they communicate through standard input/output streams. He also covered distributed processes using various protocols like SOAP, REST, and Thrift. Additionally, he explained asynchronous messaging where programs communicate by sending one-way messages via a broker.
This document summarizes a CISSP mentor program session that covered network architecture and design concepts such as defense-in-depth, network segmentation, and the NSA methodology for adversary obstruction. It included quizzes and discussions of fundamental network topics like the OSI model, circuit switching vs. packet switching, LANs/WANs/MANs, and analog vs. digital communications. The session aimed to help students understand secure network principles in domain 4 of the CISSP exam.
With close to 10,000 new, legitimate websites being added to the Google malware blacklist every day, its clear that infecting websites to spread malware has become the go-to choice for malicious hackers. In this talk I will focus on how the problem is evolving, how websites are getting infected and what gets injected into websites. I will also focus on how to use machine learning to quickly build a system that can scale far beyond what AV engines can catch.
This talk will show a live demo and will be a mix of powerpoint slides that educate, inform and enable the audience to understand web malware trends and set up mechanisms to catch non obvious pieces of web malware.
Let's Talk About SOAP, Baby. Let's Talk About UPnP.HeadlessZeke
UPnP and SOAP protocols are commonly used by IoT devices to allow for discovery and control between devices on a home network. However, several vulnerabilities have been found that allow for remote command execution and information disclosure due to a lack of input sanitization on the device endpoints. Attackers can send specially crafted requests to exploit issues like buffer overflows, XML entity expansion, and command injection flaws. The widespread implementation of these protocols without proper security measures has led to many IoT devices being remotely accessible with little authentication.
Limiting application security tests to a single attacking host has left the industry using phrases such as “an attacker could” or “an attacker may be able to,” when referencing common attacks such as online attacks against user credentials, application-level denial of service and username enumeration. Attacks from a single host are not practical, and do not model real-world threats. The aforementioned tasks would benefit greatly from the ability to distribute across different hosts to properly demonstrate impact.
Httpillage is a tool designed to distribute HTTP(s) based attacks across multiple nodes, in similar fashion to a traditional botnet C&C server. Common attacks such as online password brute-force, denial of service, and application enumeration are entirely possible to distribute, increasing speed and effectiveness.
This talk will demonstrate the use of httpillage to launch common attacks across multiple nodes, including the ability to brute-force time-based password reset tokens. We’ll walk through scenarios that demonstrate how to provide proper impact demonstration, launching attacks that would not be successful during a traditional pentest.
The document discusses ethical hacking and penetration testing. It provides an overview of the session, why penetration testing is valuable, the penetration testing process including tools used for internal and external testing, and real-life case studies. It describes gathering information, scanning IP addresses, determining service versions, assembling target lists, gathering and testing exploits, running exploits against live targets, assessing results, and obtaining interactive or privileged access. The goal is to identify vulnerabilities before they are exploited.
The document discusses ethical hacking and penetration testing. It provides an overview of the session which will cover taking a look at the environment, the penetration testing process and tools, and some real-life case studies. It then discusses the benefits of penetration testing for identifying vulnerabilities before exploitation. The document outlines the general penetration testing process which involves information gathering, scanning, determining service versions, running exploits, and repeating until goals are achieved. It also discusses specific internal and external penetration testing methodologies and commonly used tools.
The document discusses ethical hacking and penetration testing. It provides an overview of the session which will cover taking a look at the environment, the penetration testing process and tools, and some real-life case studies. It then discusses the benefits of penetration testing for identifying vulnerabilities before exploitation. The document outlines the general penetration testing process which involves information gathering, scanning, determining service versions, running exploits, and repeating until goals are achieved. It also discusses specific internal and external penetration testing methodologies and commonly used tools.
DEF CON 23 - Rickey Lawshae - lets talk about soapFelipe Prado
This document discusses the Universal Plug and Play (UPnP) protocol and Simple Object Access Protocol (SOAP). It provides an overview of UPnP including discovery, description of devices and services, control of services via SOAP calls, and potential security issues. While UPnP aims to allow smart devices to easily communicate, the document notes that many devices have limited security which can lead to issues like command injection attacks.
The document summarizes Dan Kaminsky's planned talks and demonstrations at Black Hat 2006. Some key points include:
- Enforcing network neutrality through detecting non-neutral networks using techniques like active network probing and analyzing TCP bandwidth.
- Findings from scanning over 2.4 million SSL servers, including many servers responding on port 443 without SSL enabled and variability in certificates served from the same IP.
- Demonstrating ways to securely login to online applications from an insecure home page using iframes to initialize SSL.
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKelly Robertson
This document summarizes an information security presentation about keeping secrets in the Internet of Things era. It discusses increasing vulnerabilities and dependencies, limitations of current security approaches, and motivations for lack of trust. It then covers secure software development best practices including threat modeling techniques. Lastly, it discusses solutions for organizations and end users, including encryption, authentication, firewalls, intrusion detection and more. Specific examples of security breaches like Heartbleed, Snapchat, and PlaceRaider are also summarized.
This document introduces Archery, an open source vulnerability assessment and management tool. It summarizes Archery's key features as automating vulnerability scanners, collecting scan data in a centralized database, providing a dashboard to help manage vulnerabilities, and integrating with the software development lifecycle. The document also outlines Archery's supported scanners, roadmap, how to contribute, documentation resources, and contact information.
Similar to Network Forensic Tools & Techniques Workshop (20)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.
The document summarizes the top 10 cybersecurity risks presented to the board of directors of a manufacturing company. It discusses each risk such as insider threats, cloud security, ransomware attacks, third party risks, and data security. For each risk, it provides the current posture in terms of controls, compliance level, and planned improvements. The CISO and other leaders such as the managing director, finance director, and chief risk officer attended the presentation.
Simplifying data privacy and protection.pdfPriyanka Aash
1) Data is growing exponentially which increases the risk and impact of data breaches, while compliance requirements are also becoming more stringent.
2) IBM Security Guardium helps customers address this by discovering, classifying, and protecting sensitive data across platforms and simplifying compliance.
3) It detects threats in real-time, increases data security accuracy, and reduces the time spent on audits and issue remediation, helping customers minimize the impact of potential data breaches and address local compliance requirements.
Generative AI and Security (1).pptx.pdfPriyanka Aash
Generative AI and Security Testing discusses generative AI, including its definition as a subset of AI focused on generating content similar to human creations. The document outlines the evolution of generative AI from artificial neural networks to modern models like GPT, GANs, and VAEs. It provides examples of different types of generative AI like text, image, audio, and video generation. The document proposes potential uses of generative AI like GPT for security testing tasks such as malware generation, adversarial attack simulation, and penetration testing assistance.
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
The document discusses shifting the focus in cybersecurity from vulnerability management to weakness management and attack surface management. It argues that attacks persist because approaches focus only on software vulnerabilities, while ignoring other weaknesses like technological, people and process weaknesses that expand the potential attack surface. A new approach is needed that takes a holistic view of all weaknesses and continuously monitors the entire attack surface to better prevent attacks.
The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
This document discusses cybersecurity threats and SentinelOne's solutions. It begins with questions about an organization's cyber preparedness and budget. It then discusses the cat-and-mouse game between attackers and defenders. The document highlights growing ransomware threats and payments. It argues SentinelOne provides a unified security solution that lowers costs, risks, and complexity while improving detection and response. It shares industry recognition for SentinelOne and concludes by thanking the audience.
An IT systems outage and distributed denial of service (DDoS) attack impacted an organization called XYZ Ltd. This was followed by a ransom demand email from an anonymous sender threatening to release sensitive project data. When the ransom deadline passed, anonymous hackers released a video on social media and the data breach began receiving media coverage. A customer then contacted XYZ to inquire about the data leak and if their content was impacted. The document outlines discussions between teams at XYZ on responding to the cyber incident and lessons learned.
The CISO Platform is a 10+ year old dedicated social platform for CISOs and senior IT security leaders that has grown to over 40,000 members across 20+ countries. Through sharing and collaboration, the community has created over 500 checklists, frameworks, and playbooks that are available for free to members. The platform also hosts an annual security conference with over 100 speakers and 20 workshops attended by 20,000 people. The goal of the CISO Platform is to build tangible community goods and resources through open sharing and collaboration among security professionals.
This document provides updates from the Chennai Chapter of the CISO Platform for 2021. It discusses the following:
1. The Breach and Attack Summit held in December which included panel discussions, presentations, task forces, and workshops despite natural disasters, with over 200 attendees.
2. Chapter meetings focused on ransomware trends and lessons learned from attacks.
3. A kids initiative to promote cybersecurity awareness through sessions for students, parents and teachers at local schools.
4. The task forces focused on topics like cyber risk quantification, quantum computing, cyber insurance and privacy.
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Lessons Learned From Ransomware AttacksPriyanka Aash
The document summarizes a ransomware attack experienced by the author's organization and the lessons learned. It describes how the ransomware encrypted files and powered off virtual machines. It then details the recovery process over several days, including bringing in an incident response firm, rebuilding infrastructure, and restoring service for customers. Key lessons included having stronger access controls, backups stored separately, and implementing security tools like EDR, centralized logging, and identity management best practices.
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
2. $WHOAMI
• Senior Security Engineer
• Developer turned Security Researcher - Web app security and network
pen-testing, exploit development and network forensic
• OSCP, GCIH, RHCE, CEH, ECSA, Cyber Crime Investigator
• Speaker at OWASP, NULLCON, C0C0N, CLUBHACK, ISACA conferences
• Winner of NULLCON 2010 “Battle Underground” hacking competition
3. • SANS Mentor for Sec 504:
Hacker Techniques, Exploits &
Incident handling course, SANS
Institute, USA.
• Core Member of NULL
community – www.null.co.in .
Facilitates NULL Bangalore
Chapter
• Member of - NASSCOM-DSCI,
HONEYNET, CLUBHACK, OWASP
etc.
$WHOAMI
8. • A million things can go wrong with a computer
network - from a simple spyware infection to a
complex router configuration error.
• Packet level is the most basic level where
nothing is hidden.
• Understand the network, who is on a network,
whom your computer is talking to, What is the
network usage, any suspicious
communication (DOS , botnet, Intrusion
attempt etc.)
• Find unsecured and bloated applications –
FTP sends clear text authentication data
• One phase of computer forensic - could reveal
data otherwise hidden somewhere in a 150
GB HDD.
WHY PACKET ANALYSIS?
17. NOW WHAT?
Think it like you are solving a mystery
• Where do we start?
• What questions to ask?
• What tools do we need?
• Once you have the traces - what then?
18. Capture
•Where, How, What, How long
Transfer
•Hash, split, distribute
Analyze
•IP, Protocol, Time, Delay, Duration,
pattern, graphs, charts, blah…
HOW DO WE DO IT?
22. MORE QUESTIONS BETTER ANALYSIS
• Are the servers in the same
locations or different
• Same subnet, different subnet
• Any suspicion - IP Address,
Application
• When did it start
• How and when did it get identified
• Why you were there – lack of
resource, time, expertise
23. WHAT NOT TO DO
• Do not scroll up and down and try
manually reading packets one by
one.
• Do not capture any and every
traffic just for the sake of
capturing.
• Do not ASSUME. You can have
thoughts, suspicions.
37. REFERENCE
• Wireshark University by Laura Chappell and Gerald Combs
• Sharkfest talks - Betty DuBois on Network Mysteries
• Securitytube.net by Vivek Ramchandran
• Picture courtesy Google. Not my property.