NSC #2 - Challenge Introduction
•
0 likes•523 views
The document provides statistics from a Capture the Flag (CTF) cybersecurity competition that tested skills in reversing, exploit writing, and cryptography. Over 850 participants completed the first level, while 159 reversed engineering challenges, 22 evaded detection in level 2, and 5 completed the hardest level 3. The event also saw security scans and many blocked reverse connects and failed payload attempts, showing it provided a realistic testing environment.
Report
Share
Report
Share
Download to read offline
Recommended
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
This document discusses new process protection mechanisms introduced in Windows 8.1 that extend the protected process model to key non-DRM system processes. It protects processes like LSA even from Administrators, and mitigates pass-the-hash attacks. Digital signatures and code signing add another boundary of protection beyond just load/don't load. Processes can now be designated as protected or protected light, assigned a protected signer like Windows or Antimalware, and have increased restrictions on access.
NSC #2 - Challenge Solution
This document summarizes a three-part challenge involving cracking a MIPS binary, exploiting a Python/XXE vulnerability in a web application, and decrypting messages from a SecureDrop-like system. The MIPS binary is cracked by inverting its password checking algorithm. The web app is exploited via XXE to retrieve files containing an admin URL and view state details. Python code is modified at runtime to decrypt an AES key and access a "secret.key" file. This key reveals a tarball containing a SecureDrop implementation. A buffer overflow in SecDrop's service is used to run shellcode. Timing attacks via the CPU cache are then used to retrieve the private RSA key and decrypt messages stored by the SecureDrop-
NSC #2 - D1 02 - Georgi Geshev - Your Q is my Q
This document discusses message queue security and contains the following information:
- It describes common message queue concepts like asynchronous message exchange, publish/subscribe, and message queue protocols.
- It outlines the typical attack surface for message queues including common misconfigurations, vulnerabilities in XML processing and LDAP authentication.
- It provides examples of attack scenarios from the perspective of an anonymous attacker, authenticated client, or compromised broker.
- Methods for hardening message queue security are proposed such as restricting protocols, removing default accounts, and disabling unnecessary management interfaces.
NSC #2 - D2 02 - Benjamin Delpy - Mimikatz
Benjamin Delpy is a security researcher known for creating the tool mimikatz. Mimikatz can extract plaintext credentials and keys from memory. Kerberos authentication relies on encrypting tickets with various keys, including NTLM hashes and AES keys derived from the password. Mimikatz can perform pass-the-hash and over-pass-the-hash attacks by extracting these keys from memory and using them to authenticate.
NSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineering
The document discusses program synthesis in reverse engineering. It describes using program synthesis techniques to automatically generate CPU emulators by synthesizing descriptions of instruction behaviors from input-output examples of executing the instructions. The key steps involve generating hypotheses about instruction behaviors from templates, sampling instruction behaviors, filtering hypotheses that do not match the samples, and checking equivalence of remaining hypotheses. The goal is to produce a single accurate description of each instruction's behavior.
NSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based device
The document discusses reverse engineering the firmware of a real estate lockbox device. Key points include:
- The lockbox uses an MSP430 microcontroller protected by a JTAG fuse and BSL interface
- Traditional BSL attacks like timing and voltage glitching failed due to inconsistencies
- A "Paparazzi" attack was successful, bypassing the JTAG fuse using a camera flash to induce a photoelectric effect
- Firmware analysis revealed conventions like register usage and a "sparse index" switch statement technique
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
The document summarizes information about detecting BGP hijacks in 2014. It provides background on BGP, how prefixes are announced and removed, and examples of prefix hijacks. It describes how a hijacker redirected cryptocurrency miners to earn an estimated $83,000 from February to May 2014. It also outlines active and passive countermeasures networks can take to detect and mitigate against BGP hijacks.
NSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLC
This document discusses practical attacks against HomePlugAV powerline communication devices. It begins with an introduction to PLC technology and the OSI layers used. Previous work analyzing PLC security is summarized, including publications and tools. The document then analyzes the PLC network, describing how the ethernet interface can be used to retrieve device and network information. Basic attacks are discussed, such as intercepting the network passphrase or bruteforcing the network membership key. The document proposes studying default administrator passwords by analyzing devices sold on online marketplaces, to enable a "smart" bruteforce attack against the direct access key.
Recommended
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
This document discusses new process protection mechanisms introduced in Windows 8.1 that extend the protected process model to key non-DRM system processes. It protects processes like LSA even from Administrators, and mitigates pass-the-hash attacks. Digital signatures and code signing add another boundary of protection beyond just load/don't load. Processes can now be designated as protected or protected light, assigned a protected signer like Windows or Antimalware, and have increased restrictions on access.
NSC #2 - Challenge Solution
This document summarizes a three-part challenge involving cracking a MIPS binary, exploiting a Python/XXE vulnerability in a web application, and decrypting messages from a SecureDrop-like system. The MIPS binary is cracked by inverting its password checking algorithm. The web app is exploited via XXE to retrieve files containing an admin URL and view state details. Python code is modified at runtime to decrypt an AES key and access a "secret.key" file. This key reveals a tarball containing a SecureDrop implementation. A buffer overflow in SecDrop's service is used to run shellcode. Timing attacks via the CPU cache are then used to retrieve the private RSA key and decrypt messages stored by the SecureDrop-
NSC #2 - D1 02 - Georgi Geshev - Your Q is my Q
This document discusses message queue security and contains the following information:
- It describes common message queue concepts like asynchronous message exchange, publish/subscribe, and message queue protocols.
- It outlines the typical attack surface for message queues including common misconfigurations, vulnerabilities in XML processing and LDAP authentication.
- It provides examples of attack scenarios from the perspective of an anonymous attacker, authenticated client, or compromised broker.
- Methods for hardening message queue security are proposed such as restricting protocols, removing default accounts, and disabling unnecessary management interfaces.
NSC #2 - D2 02 - Benjamin Delpy - Mimikatz
Benjamin Delpy is a security researcher known for creating the tool mimikatz. Mimikatz can extract plaintext credentials and keys from memory. Kerberos authentication relies on encrypting tickets with various keys, including NTLM hashes and AES keys derived from the password. Mimikatz can perform pass-the-hash and over-pass-the-hash attacks by extracting these keys from memory and using them to authenticate.
NSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineering
The document discusses program synthesis in reverse engineering. It describes using program synthesis techniques to automatically generate CPU emulators by synthesizing descriptions of instruction behaviors from input-output examples of executing the instructions. The key steps involve generating hypotheses about instruction behaviors from templates, sampling instruction behaviors, filtering hypotheses that do not match the samples, and checking equivalence of remaining hypotheses. The goal is to produce a single accurate description of each instruction's behavior.
NSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based device
The document discusses reverse engineering the firmware of a real estate lockbox device. Key points include:
- The lockbox uses an MSP430 microcontroller protected by a JTAG fuse and BSL interface
- Traditional BSL attacks like timing and voltage glitching failed due to inconsistencies
- A "Paparazzi" attack was successful, bypassing the JTAG fuse using a camera flash to induce a photoelectric effect
- Firmware analysis revealed conventions like register usage and a "sparse index" switch statement technique
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
The document summarizes information about detecting BGP hijacks in 2014. It provides background on BGP, how prefixes are announced and removed, and examples of prefix hijacks. It describes how a hijacker redirected cryptocurrency miners to earn an estimated $83,000 from February to May 2014. It also outlines active and passive countermeasures networks can take to detect and mitigate against BGP hijacks.
NSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLC
This document discusses practical attacks against HomePlugAV powerline communication devices. It begins with an introduction to PLC technology and the OSI layers used. Previous work analyzing PLC security is summarized, including publications and tools. The document then analyzes the PLC network, describing how the ethernet interface can be used to retrieve device and network information. Basic attacks are discussed, such as intercepting the network passphrase or bruteforcing the network membership key. The document proposes studying default administrator passwords by analyzing devices sold on online marketplaces, to enable a "smart" bruteforce attack against the direct access key.
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
This document discusses defeating Windows 8.1's Kernel Patch Protection. It begins with introductions and definitions. It then explains how Patchguard and driver signing enforcement work in Windows 8.1, providing more protection than previous versions. The implementation of Kernel Patch Protection is described, including how it initializes, verifies the kernel, and crashes the system if modifications are detected. Previous methods of attacking Patchguard are reviewed, noting they have all been defeated in the latest version. The document aims to provide information to understand and potentially find new ways of attacking Patchguard.
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
This document discusses kernel exploitation techniques. It begins by explaining the KernelIo technique for reading and writing kernel memory on Windows and Linux despite protections like SMAP and SMEP. It then discusses several vulnerability cases that can enable KernelIo like out of bounds writes, kmalloc overflows, and abusing KASLR. Next, it analyzes design flaws in kernels like linked lists, hidden pointers, and callback mechanisms. It evaluates the state of exploitation on modern systems and envisions future hardened operating system designs. It advocates moving to C++ for exploitation development rather than shellcoding and introduces a C++ exploitation framework. The document was presented by Peter Hlavaty of the Keen Team and encourages recruitment for vulnerability research.
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
The document discusses automated testing techniques for software, including fuzzing and concolic testing. Fuzzing involves generating random inputs to exercise a program, while concolic testing uses symbolic execution to track data flows and observe how program logic is influenced by inputs. Concolic testing can generate inputs that cover more program states but requires instrumenting the code to analyze execution.
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic Backdooring
This document discusses cryptographic backdoors. It begins by explaining why research on backdoors is important, both to detect them and to understand how to implement them properly if required. It then provides an overview of different types of backdoors, such as weakened algorithms, covert channels, and key escrow. Specific sabotage tactics are described, like manipulating constants or elliptic curve parameters. Implementation issues are also covered, like introducing bugs or omitting validation checks. The document concludes by outlining characteristics of a "perfect backdoor" that would be undetectable.
NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
The document describes the USB armory, an open source flash drive-sized computer designed for personal security applications. It has an ARM Cortex-A8 CPU, 512MB RAM, runs Linux, and can emulate devices over USB. Its goals are to be compact, powered by USB, have secure boot and storage, and be customizable. The timeline shows development from a concept in 2014 to shipping units in late 2014. It aims to provide an open platform for applications like encryption, VPNs, password management, and penetration testing.
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
The document discusses attacking Google App Engine (GAE) applications and infrastructure. It describes how vulnerabilities in app implementations, APIs, and developer mistakes can be exploited. It also analyzes how the GAE Python sandbox can be evaded to enable arbitrary code execution on Google servers despite protections. The conclusion is that while Google security is robust with layered defenses, focused attacks have potential to compromise apps and other services due to developer errors.
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database Attacks
The document discusses blended web and database attacks on in-memory platforms like SAP HANA, outlining potential threat vectors such as SQL injection, cross-site scripting, integration with R server, and post-exploitation using C/C++. It notes that SAP HANA uses a blended web and database architecture, with code and data stored directly in the database, and that vulnerabilities could allow an attacker to access sensitive business and customer data, disrupt operations, or enable fraud. The presentation covers the architecture of SAP HANA, programming languages used, and how attacks may have a greater impact or different execution compared to traditional web application scenarios.
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practice
This document provides an overview and outline of a talk on quantum computing in practice and applications to cryptography. The talk will introduce quantum physics basics, discuss the state of quantum computing and cryptography, explain how to build quantum circuits, and provide tools and access for practicing quantum computing. It will cover fundamental quantum algorithms, attacks against cryptography, simulations and tools for quantum computing, and the future of post-quantum cryptography.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
This case study explores designing a scalable e-commerce platform, covering key requirements, system components, and best practices.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
More Related Content
Viewers also liked
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
This document discusses defeating Windows 8.1's Kernel Patch Protection. It begins with introductions and definitions. It then explains how Patchguard and driver signing enforcement work in Windows 8.1, providing more protection than previous versions. The implementation of Kernel Patch Protection is described, including how it initializes, verifies the kernel, and crashes the system if modifications are detected. Previous methods of attacking Patchguard are reviewed, noting they have all been defeated in the latest version. The document aims to provide information to understand and potentially find new ways of attacking Patchguard.
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
This document discusses kernel exploitation techniques. It begins by explaining the KernelIo technique for reading and writing kernel memory on Windows and Linux despite protections like SMAP and SMEP. It then discusses several vulnerability cases that can enable KernelIo like out of bounds writes, kmalloc overflows, and abusing KASLR. Next, it analyzes design flaws in kernels like linked lists, hidden pointers, and callback mechanisms. It evaluates the state of exploitation on modern systems and envisions future hardened operating system designs. It advocates moving to C++ for exploitation development rather than shellcoding and introduces a C++ exploitation framework. The document was presented by Peter Hlavaty of the Keen Team and encourages recruitment for vulnerability research.
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
The document discusses automated testing techniques for software, including fuzzing and concolic testing. Fuzzing involves generating random inputs to exercise a program, while concolic testing uses symbolic execution to track data flows and observe how program logic is influenced by inputs. Concolic testing can generate inputs that cover more program states but requires instrumenting the code to analyze execution.
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic Backdooring
This document discusses cryptographic backdoors. It begins by explaining why research on backdoors is important, both to detect them and to understand how to implement them properly if required. It then provides an overview of different types of backdoors, such as weakened algorithms, covert channels, and key escrow. Specific sabotage tactics are described, like manipulating constants or elliptic curve parameters. Implementation issues are also covered, like introducing bugs or omitting validation checks. The document concludes by outlining characteristics of a "perfect backdoor" that would be undetectable.
NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
The document describes the USB armory, an open source flash drive-sized computer designed for personal security applications. It has an ARM Cortex-A8 CPU, 512MB RAM, runs Linux, and can emulate devices over USB. Its goals are to be compact, powered by USB, have secure boot and storage, and be customizable. The timeline shows development from a concept in 2014 to shipping units in late 2014. It aims to provide an open platform for applications like encryption, VPNs, password management, and penetration testing.
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
The document discusses attacking Google App Engine (GAE) applications and infrastructure. It describes how vulnerabilities in app implementations, APIs, and developer mistakes can be exploited. It also analyzes how the GAE Python sandbox can be evaded to enable arbitrary code execution on Google servers despite protections. The conclusion is that while Google security is robust with layered defenses, focused attacks have potential to compromise apps and other services due to developer errors.
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database Attacks
The document discusses blended web and database attacks on in-memory platforms like SAP HANA, outlining potential threat vectors such as SQL injection, cross-site scripting, integration with R server, and post-exploitation using C/C++. It notes that SAP HANA uses a blended web and database architecture, with code and data stored directly in the database, and that vulnerabilities could allow an attacker to access sensitive business and customer data, disrupt operations, or enable fraud. The presentation covers the architecture of SAP HANA, programming languages used, and how attacks may have a greater impact or different execution compared to traditional web application scenarios.
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practice
This document provides an overview and outline of a talk on quantum computing in practice and applications to cryptography. The talk will introduce quantum physics basics, discuss the state of quantum computing and cryptography, explain how to build quantum circuits, and provide tools and access for practicing quantum computing. It will cover fundamental quantum algorithms, attacks against cryptography, simulations and tools for quantum computing, and the future of post-quantum cryptography.
Viewers also liked (8)
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic Backdooring
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic Backdooring
NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database Attacks
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database Attacks
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practice
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practice
Recently uploaded
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
This case study explores designing a scalable e-commerce platform, covering key requirements, system components, and best practices.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
A Comprehensive Guide to DeFi Development Services in 2024
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Operating System Used by Users in day-to-day life.pptx
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Skybuffer SAM4U tool for SAP license adoption
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Recently uploaded (20)
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
NSC #2 - Challenge Introduction
- 1. 21/11/2014 By Nicolas Collignon and Eloi Vanderbeken CTF NSC 2014
- 2. 2 / 7 our goals Mix various knowledge : – reversing – exploit writing for high & low level vulnerabilities – cryptography
- 3. 3 / 7 Some stats... 850+ curious downloaded level 1 159 reversers cracked level 1 22 ninjas evaded level 2 5 w4rL0rdZ killed level 3
- 4. 4 / 7 Some stats... 2 accunetix scans, 1 nessus scan ...
- 5. 5 / 7 Some stats... 1344 reverse-connect blocked
- 6. 6 / 7 Some stats... 1191 shellcodes segfaulted 212 payloads blocked @ seccomp level
- 7. 7 / 7 THANK YOU! Code will be released... eventually.