Click and Dragger: Denial and Deception on Android mobilegrugq
A presentation on OPSEC for mobile phones, covering the design and reasoning behind the CryptogenMod ROM and the DarkMatter app.
Source for DarkMatter: https://github.com/grugq/darkmatter
Social Engineering - Human aspects of grey and black competitive intelligence. What is social engineering? How it is used in the context of competitive intelligence and industrial espionage? How to recognize HUMINT / social engineering attacks? Which governments are known to use it?
OSINT Basics for Threat Hunters and PractitionersMegan DeBlois
This presentation was created for the SWIFT Tech Symposium at Calpoly Pomona. Learn the basics of OSINT, but for hunting Internet infrastructure.
-OSINT Basics: Let’ s talk about what it is, why it’s important, how it’s used in the world of Internet infrastructure.
-Understanding Different Use Cases: We’ll take a quick look at examples of how this is valuable for threat hunters, security practitioners, as well as researchers.
-Practice, practice, practice: I’ll end this talk by sharing out some good resources and ideas for how you can sharpen your OSINT skills for security research or for better organization defense.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Click and Dragger: Denial and Deception on Android mobilegrugq
A presentation on OPSEC for mobile phones, covering the design and reasoning behind the CryptogenMod ROM and the DarkMatter app.
Source for DarkMatter: https://github.com/grugq/darkmatter
Social Engineering - Human aspects of grey and black competitive intelligence. What is social engineering? How it is used in the context of competitive intelligence and industrial espionage? How to recognize HUMINT / social engineering attacks? Which governments are known to use it?
OSINT Basics for Threat Hunters and PractitionersMegan DeBlois
This presentation was created for the SWIFT Tech Symposium at Calpoly Pomona. Learn the basics of OSINT, but for hunting Internet infrastructure.
-OSINT Basics: Let’ s talk about what it is, why it’s important, how it’s used in the world of Internet infrastructure.
-Understanding Different Use Cases: We’ll take a quick look at examples of how this is valuable for threat hunters, security practitioners, as well as researchers.
-Practice, practice, practice: I’ll end this talk by sharing out some good resources and ideas for how you can sharpen your OSINT skills for security research or for better organization defense.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsApurv Singh Gautam
What's the hype with the dark web? Why are security researchers focusing more on the dark web? How to perform threat hunting on the dark web? Can it be automated? If you are curious about the answers to these questions, then this talk is for you. Dark web hosts several sites where criminals buy, sell, and trade goods and services like drugs, weapons, exploits, etc. Hunting on the dark web can help identify, profile, and mitigate any organization risks if done timely and appropriately. This is why threat intelligence obtained from the dark web can be crucial for any organization. In this presentation, you will learn why threat hunting on the dark web is necessary, different methodologies to perform hunting, the process after hunting, and how hunted data is analyzed. The main focus of this talk will be automating the threat hunting on the dark web. You will also get to know what operational security (OpSec) is and why it is essential while performing hunting on the dark web and how you can employ it in your daily life.
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Threat modeling web application: a case studyAntonio Fontes
TAM is a security activity conducted early in the development lifecycle, when we only have ideas, early design specifications and no source code is produced yet. It helps identify major threats to your web application and their appropriate countermeasures.
This session focuses on an introduction to the threat modeling technique through a case study on an online newspaper platform.
Event: Confoo 2011 Montreal
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
This is about what is threat hunting and how to perform it in cyberworld. Our traditional detection systems are being bypassed and we need modern approach to detect & respond to modern day threats.
Entire demo of the same is available on youtube - https://www.youtube.com/playlist?list=PL2iM-fIRjbTCQVI4tR7U2I5IdwLb2QSi_
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s
viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
Presented at Black Hat 2019
https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540
Casey Smith (Red Canary)
Ross Wolf (Endgame)
bit.ly/fantastic19
Abstract:
Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible.
This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events.
Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.
Threat Hunting for Command and Control ActivitySqrrl
Sqrrl's Security Technologist Josh Liburdi provides an overview of how to detect C2 through a combination of automated detection and hunting.
Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-for-command-and-control-activity
The clash of the open Internet and espionage was inevitable. Enjoy the show as we learn how espionage adapts to the fifth domain.
Video of the talk here: youtu.be/qlk4JDOiivM
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsApurv Singh Gautam
What's the hype with the dark web? Why are security researchers focusing more on the dark web? How to perform threat hunting on the dark web? Can it be automated? If you are curious about the answers to these questions, then this talk is for you. Dark web hosts several sites where criminals buy, sell, and trade goods and services like drugs, weapons, exploits, etc. Hunting on the dark web can help identify, profile, and mitigate any organization risks if done timely and appropriately. This is why threat intelligence obtained from the dark web can be crucial for any organization. In this presentation, you will learn why threat hunting on the dark web is necessary, different methodologies to perform hunting, the process after hunting, and how hunted data is analyzed. The main focus of this talk will be automating the threat hunting on the dark web. You will also get to know what operational security (OpSec) is and why it is essential while performing hunting on the dark web and how you can employ it in your daily life.
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Threat modeling web application: a case studyAntonio Fontes
TAM is a security activity conducted early in the development lifecycle, when we only have ideas, early design specifications and no source code is produced yet. It helps identify major threats to your web application and their appropriate countermeasures.
This session focuses on an introduction to the threat modeling technique through a case study on an online newspaper platform.
Event: Confoo 2011 Montreal
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
This is about what is threat hunting and how to perform it in cyberworld. Our traditional detection systems are being bypassed and we need modern approach to detect & respond to modern day threats.
Entire demo of the same is available on youtube - https://www.youtube.com/playlist?list=PL2iM-fIRjbTCQVI4tR7U2I5IdwLb2QSi_
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s
viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
Presented at Black Hat 2019
https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540
Casey Smith (Red Canary)
Ross Wolf (Endgame)
bit.ly/fantastic19
Abstract:
Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible.
This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events.
Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.
Threat Hunting for Command and Control ActivitySqrrl
Sqrrl's Security Technologist Josh Liburdi provides an overview of how to detect C2 through a combination of automated detection and hunting.
Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-for-command-and-control-activity
The clash of the open Internet and espionage was inevitable. Enjoy the show as we learn how espionage adapts to the fifth domain.
Video of the talk here: youtu.be/qlk4JDOiivM
Technical tips for OPSEC are all around.
However, what to do in real life encounters?
We provide some easy to follow tips to improve your chances in such situations.
A brief overview about digital privacy, why and how can you be spied on/have your data stolen, how to protect and how to have a safer approach to data sharing.
This presentation was given on May at FISL (Forum Internacional do Software Livre) 2014 at Porto Alegre, Brazil.
Presentation video (pt_BR): https://www.youtube.com/watch?v=gHuUnm0zckg
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
Speaking about how to go about taking security seriously in a digital company. Be it from scratch, or fixing a legacy codebase, learn from Canada Revenue Agency's Heartbleed mess-up and advice from a white-hat hacker.
Notacon 7 - SCADA and ICS for Security ExpertsJames Arlen
The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product fixes SCADA. And because they don't know what the hell they're talking about -- 'fake it till ya make it' doesn't work -- they're making all of us look stupid.
Attendees will gain a practical level of knowledge sufficient to keep them from appearing foolish should they choose to opine on any of the various real issues stemming from Industrial Control or SCADA systems. Attendees will also feel embarrassed for something they've said, empowered to call out charlatans, and much less worried about cyberhackers unleashing cyberattacks which cybercause cyberpipelines and cybermanufacturing plants to cybergonuts and cybertakeovertheplanet using cybercookiesofdeath.
BlackHat Europe 2010: SCADA and ICS for Security ExpertsJames Arlen
The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories.
Suddenly, every consultant is an expert and every product is loudly advertising how it solves SCADA SECURITY AND COMPLIANCY ISSUES!!!
And because they don't know what the hell they're talking about - 'fake it till ya make it' doesn't work - they're making all of us look stupid.
Let's sit down for a little fireside chat and discuss all things SCADA and ICS with an eye towards increasing our knowledge to the point where we can confidently say: "I'm not an expert at everything, I can help some, may we work together on a solution?"
It's time to stop being a Cyber Idiot and start being a positive contributor. Learn some truth, look behind the curtain, bust some FUD, Oh - and make government agents have kittens. That's fun for everyone.
And, there are many more horror stories on the internet regarding cybercrime, identity theft and data breaches. With so much evil on the internet, Cyber Security Experts from around the world have suggested using a VPN. Experts such as Edward Snowden, Martin McKeay, John Bristowe, and Dino A. Dai Zovi keep educating people regarding the risk they took when they connect to the internet and share valuable information in the form of credit card, emails, text messages, videos, pictures, check-ins and much more. There are thousands of articles telling the horror stories about the internet and keep recommending hiding your IP and encrypting your information online, but yet only 34% of the internet users seem concerned about the online security and use VPN. 66% of the internet users are still in denial.
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
This particular presentation covers, at a high level, our national cybersecurity initiative. The content targets prospective high school students and delves into areas of computer science, information systems, and policy.
Acpe 2014 Internet Anonymity Using TorJack Maynard
Security presentation on Tor at ACPEnw, a Pacific Northwest regional nonprofit association for the educational technology community dedicated to the support of administrative, information and instructional technology.
This talk by Chris Grayson contains lots of information about how to enter the so-called "hackerspace." From mental approaches to books, movies, and other media to online courses and knowledge repositories, this presentation is intended to be the one-stop-shop for anyone trying to become a penetration tester.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
4. Avon:You only got to fuck up once… Be a little
slow, be a little late, just once. How you
ain’t gonna never be slow? Never be late?
You can’t plan for that. Thats life.
20. • put the plumbing in first
• create a cover (new persona)
• work on the legend (history, background,
supporting evidence for the persona)
• Create sub-aliases
• NEVER CONTAMINATE
24. • Rule 1: Never reveal your operational
details
25. • Rule 1: Never reveal your operational
details
• Rule 2: Never reveal your plans
26. • Rule 1: Never reveal your operational
details
• Rule 2: Never reveal your plans
• Rule 3: Never trust anyone
27. • Rule 1: Never reveal your operational
details
• Rule 2: Never reveal your plans
• Rule 3: Never trust anyone
• Rule 4: Never confuse recreation and
hacking
FREEDOM FIGHTING
28. • Rule 1: Never reveal your operational
details
• Rule 2: Never reveal your plans
• Rule 3: Never trust anyone
• Rule 4: Never confuse recreation and
hacking
FREEDOM FIGHTING
• Rule 5: Never operate from your own
house
29.
30. • Rule 6: Be proactively paranoid, it doesn’t work
retroactively
31. • Rule 6: Be proactively paranoid, it doesn’t work
retroactively
FREEDOM
• Rule 7: Keep personal life and hacking
FIGHTING
separated
32. • Rule 6: Be proactively paranoid, it doesn’t work
retroactively
FREEDOM
• Rule 7: Keep personal life and hacking
FIGHTING
separated
• Rule 8: Keep your personal environment
contraband free
33. • Rule 6: Be proactively paranoid, it doesn’t work
retroactively
FREEDOM
• Rule 7: Keep personal life and hacking
FIGHTING
separated
• Rule 8: Keep your personal environment
contraband free
• Rule 9: Don’t talk to the police
34. • Rule 6: Be proactively paranoid, it doesn’t work
retroactively
FREEDOM
• Rule 7: Keep personal life and hacking
FIGHTING
separated
• Rule 8: Keep your personal environment
contraband free
• Rule 9: Don’t talk to the police
• Rule 10: Don't give anyone power over you
89. Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
90. Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
91. Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public
92. Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public
Virus (10:30:38 PM): gets owned
93. Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public
Virus (10:30:38 PM): gets owned
Sabu (10:32:29 PM): offering to pay you for shit?
94. Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public
Virus (10:30:38 PM): gets owned
Sabu (10:32:29 PM): offering to pay you for shit?
Virus (10:32:55 PM): yeah, you offered me money for
"dox"
95. Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public
Virus (10:30:38 PM): gets owned
Sabu (10:32:29 PM): offering to pay you for shit?
Virus (10:32:55 PM): yeah, you offered me money for
"dox"
Virus (10:33:39 PM): only informants offer up cash
for shit -- you gave yourself up with that one
118. Personas
• Danger to personas is contamination
• Contact between personas (covers)
contaminates both
• Keep cover identities isolated from each
other
120. • Fail safe technological solution
• TOR all the things!
• Back stop persona
• Primary cover alias as first identity
• Secondary cover aliases (eg. handles)
123. Practice
• Amateurs practice until they get it right,
professionals practice until they can’t get it
wrong
• Practice makes perfect
124. Stringer: What you doing?
Shamrock: Robert's Rules says we got to
have minutes of the meeting.
These the minutes.
Stringer: Nigga, is you taking notes on a
criminal fucking conspiracy?
128. Guidelines against
profiling
• Do not include personal informations in
your nick and screen name.
• Do not discuss personal informations in the
chat, where you are from...
• Do not mention your gender, tattoos,
piercings or physical capacities.
129. Guidelines, cont.
• Do not mention your profession, hobbies
or involvement in activist groups
• Do not use special characters on your
keyboard unique to your language
• Do not post informations to the regular
internet while you are anonymous in IRC.
• Do not use Twitter and Facebook
130. Guidelines, cont.
• Do not post links to Facebook images. The
image name contains a personal ID.
• Do not keep regular hours / habits (this can
reveal your timezone, geographic locale)
• Do not discuss your environment, e.g.
weather, political activities,
137. VPNs vs. TOR
• VPNs provide privacy
• TOR provides anonymity
• Confuse the two at your peril
138. • TOR connection to a VPN => OK
• VPN connection to TOR => GOTO JAIL
139. On VPNs
• Only safe currency is Bitcoins
• because they come from nothing
• Purchase only over TOR
• http://torrentfreak.com/which-vpn-
providers-really-take-anonymity-
seriously-111007/
145. PORTAL
• Router ensuring all traffic is transparently
sent over TOR
• Reduce the ability to make mistakes
• Use mobile uplink
• Mobility (go to a coffee shop)
• Reduce risk of wifi monitoring
154. If you think, don’t speak
If you speak, don’t write
If you write, don’t sign
If you sign, don’t be surprised
Editor's Notes
\n
\n
STFU\nNeed to Know\nPlumbing\n
The Wire, season 1, episode 5. This show is the most quotable show for OPSEC, evar!\n
\n
\n
“Thwarting enemies at home and abroad” book. Blackmail is basically, don’t allow anyone to have power over you where they can dictate your actions. You ceed control of your actions to someone else, and it will end poorly for you.\n
\n
I love this guide. It provides general guidelines to committing criminal activities and staying out of jail. These are good OPSEC techniques for one activity (smoking weed), but many can be generalized to all criminal^W freedom fighting activities.\n
\n
\n
\n
NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
\n
\n
\n
\n
#4 - don’t socialize with your criminal co-conspirators\n
#4 - don’t socialize with your criminal co-conspirators\n
#4 - don’t socialize with your criminal co-conspirators\n
#4 - don’t socialize with your criminal co-conspirators\n
#4 - don’t socialize with your criminal co-conspirators\n
#4 - don’t socialize with your criminal co-conspirators\n
#4 - don’t socialize with your criminal co-conspirators\n
#10: control over your actions.\n
#10: control over your actions.\n
#10: control over your actions.\n
#10: control over your actions.\n
#10: control over your actions.\n
#10: control over your actions.\n
#10: control over your actions.\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
This is a violation of the principle of “need to know”. Your lawyer needs to know that you are on probation (for a specific charge). Your criminal co-conspirators do not need to know this!\n
note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Keep your hacking^W freedom fighting, and family, completely separated\n
\n
\n
\n
\n
\n
\n
\n
directly connecting to the target from your home IP? Are you out of your fucking mind!\n
directly connecting to the target from your home IP? Are you out of your fucking mind!\n
directly connecting to the target from your home IP? Are you out of your fucking mind!\n
directly connecting to the target from your home IP? Are you out of your fucking mind!\n
directly connecting to the target from your home IP? Are you out of your fucking mind!\n
directly connecting to the target from your home IP? Are you out of your fucking mind!\n
colloquially, don’t shit where you eat.\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
They call them warning signs for a reason...\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
They call them warning signs for a reason...\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
self incriminating confession == bad\n
\n
Interrogation tactic: appeal to pride, ridicule the hacker’s abilities, encouraging him to “correct” your misperception of him... and in the process, confess. DO NOT TALK TO POLICE!\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
credit: ben nagy found this pic, i stole it from him cause my conference talk is first, :D\n
\n
NOTE: he’s wearing a mask. \ncredit: ben nagy also found this photo. \n
