This document summarizes a presentation about the Security Onion network security monitoring distribution. Security Onion allows users to easily deploy intrusion detection and network monitoring tools. It combines tools like Snort, Suricata, Bro and OSSEC into a cohesive Linux-based distribution for collecting, analyzing, and escalating network threats. The presentation highlights how Security Onion provides an easy to use and powerful open source solution for network security monitoring.
This document discusses techniques for brute forcing passwords online in a short amount of time. It recommends generating targeted wordlists by analyzing common password patterns and rules, such as capitalization variations, number/special character suffixes, and prefixes drawn from personal information. Wordlists should balance completeness with brevity to avoid detection. The author cracked over 20 passwords within a minute by heuristically guessing variations on an initial default password.
Ведущие: Дмитрий Частухин и Дмитрий Юдин
Бла-бла-бла SAP. Бла-бла-бла крупные компании. Бла-бла-бла взлом на миллионы долларов. Вот так обычно начинается любой доклад о SAP. Но в этот раз все будет по-другому. Давненько не было рассказов о жестокой эксплуатации и необычных уязвимостях. Пришло время пуститься во все тяжкие! Докладчики расскажут (и покажут), как получить полный контроль над системой, используя ряд незначительных уязвимостей в службах SAP.
This paper introduce practical techniques used by hackers to break the wireless security.
We recommend that the reader should have basic knowledge of wireless operation.
WiFi practical hacking "Show me the passwords!"DefCamp
Konrad Jędrzejczyk in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Using SSL/TLS the right way is often a big hurdle for developers. We prefer to have that one colleague perform "something with certificates", because he/she knows how that works. But what if "that one colleague" is enjoying vacation and something goes wrong with the certificates?
In this session we'll take a close look at secure communication at the transport level. Starting with what exactly SSL and TLS is, we'll dive into public/private keys, and signing. We'll also learn what all this has to do with an unfortunate Dutch notary. Of course, there'll be plenty of practical tips & trics, as well as demo's.
Attend this session to become "that one colleague"!
Security Onion: Peel Back the Layers of Your Network in MinutesGreat Wide Open
Security Onion is a Linux distribution for intrusion detection and network security monitoring. It contains tools like Snort, Suricata, Bro, Sguil and more. The easy setup wizard allows users to quickly build a distributed sensor network for their enterprise. It provides alerts, asset data, network sessions and full packet captures from multiple data sources in a centralized interface for analysis and investigation.
Scareware Traversing the World via IrelandMark Hillick
As a volunteer handler for IrissCert, I was notified of several Irish websites being compromised and containing malicious code. The presentation covers the investigation and incident handling process followed.
This document discusses Netflix's continuous delivery pipeline which allows for frequent code deployments. It describes how Netflix uses tools like Jenkins, Chef, and Asgard to automate building, testing, and deploying code. It also covers how Netflix tests deployments, monitors services, and has mechanisms like red/black deployments and the Simian Army to improve resiliency.
This document discusses techniques for brute forcing passwords online in a short amount of time. It recommends generating targeted wordlists by analyzing common password patterns and rules, such as capitalization variations, number/special character suffixes, and prefixes drawn from personal information. Wordlists should balance completeness with brevity to avoid detection. The author cracked over 20 passwords within a minute by heuristically guessing variations on an initial default password.
Ведущие: Дмитрий Частухин и Дмитрий Юдин
Бла-бла-бла SAP. Бла-бла-бла крупные компании. Бла-бла-бла взлом на миллионы долларов. Вот так обычно начинается любой доклад о SAP. Но в этот раз все будет по-другому. Давненько не было рассказов о жестокой эксплуатации и необычных уязвимостях. Пришло время пуститься во все тяжкие! Докладчики расскажут (и покажут), как получить полный контроль над системой, используя ряд незначительных уязвимостей в службах SAP.
This paper introduce practical techniques used by hackers to break the wireless security.
We recommend that the reader should have basic knowledge of wireless operation.
WiFi practical hacking "Show me the passwords!"DefCamp
Konrad Jędrzejczyk in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Using SSL/TLS the right way is often a big hurdle for developers. We prefer to have that one colleague perform "something with certificates", because he/she knows how that works. But what if "that one colleague" is enjoying vacation and something goes wrong with the certificates?
In this session we'll take a close look at secure communication at the transport level. Starting with what exactly SSL and TLS is, we'll dive into public/private keys, and signing. We'll also learn what all this has to do with an unfortunate Dutch notary. Of course, there'll be plenty of practical tips & trics, as well as demo's.
Attend this session to become "that one colleague"!
Security Onion: Peel Back the Layers of Your Network in MinutesGreat Wide Open
Security Onion is a Linux distribution for intrusion detection and network security monitoring. It contains tools like Snort, Suricata, Bro, Sguil and more. The easy setup wizard allows users to quickly build a distributed sensor network for their enterprise. It provides alerts, asset data, network sessions and full packet captures from multiple data sources in a centralized interface for analysis and investigation.
Scareware Traversing the World via IrelandMark Hillick
As a volunteer handler for IrissCert, I was notified of several Irish websites being compromised and containing malicious code. The presentation covers the investigation and incident handling process followed.
This document discusses Netflix's continuous delivery pipeline which allows for frequent code deployments. It describes how Netflix uses tools like Jenkins, Chef, and Asgard to automate building, testing, and deploying code. It also covers how Netflix tests deployments, monitors services, and has mechanisms like red/black deployments and the Simian Army to improve resiliency.
The document discusses lessons learned from creating a mobile web app in 8 days. It provides technical specifications for the app, including the frameworks and libraries used. It then covers various technical, performance, and design challenges encountered, such as different browser behaviors, slow loading times, rendering issues, and ensuring responsiveness on small screens. Tips are provided for testing across devices, improving performance, and following responsive and mobile-friendly design principles.
User generated data is an old problem. Systems and network telemetry, page analytics and application state combine to form an ever growing mountain of data collected by today's tools. Collecting and storing this data requires more than just a single application, having no single point where the user touches the system and gets an answer makes debugging a nightmare and reproducing the error intractable. Distributed systems require a clear perspective on production systems and access to data in real time to have any hope of solving complex problems related to state, all while not impacting user experience.
We will explain the problem, the pains and how we solved them. Develop in production; push code to development.
The document discusses how the City of Chicago has implemented a NoSQL database to store and analyze large amounts of municipal data. Some key points discussed include how the database works well for geospatial data, can grow elastically, uses a loose schema, and allows the city to bring all data into one place, make it available in real time, and find relationships within the data. Challenges mentioned include issues with certain geospatial queries and safely scaling the database.
A Morning with MongoDB Barcelona: MongoDB Basic ConceptsMongoDB
The document discusses MongoDB concepts including:
- Replication allows for data availability across nodes through multiple copies spread across data centers and automatic failover.
- Sharding provides horizontal scalability by distributing data across nodes in a transparent way and automatically redistributing as needed.
- MongoDB offers both eventual and immediate consistency, with the latter avoiding conflicts by limiting updates to a single master node.
- Durability options include fire and forget writes, getting the last error, journal syncing, and replica set acknowledgment.
Learn how to use the power of CSS3, Sass, Compass, and Sencha tools to create consistent and cross-platform themes for Ext JS 4 and Sencha Touch.
David Kaneda leads the Sencha design team. He has over eight years of experience designing in a variety of fields, from architecture and fashion to education and software. Recently, David created Outpost, an iPhone app for Basecamp, and jQTouch, a Javascript framework for iPhone development. David also maintains WebKitBits, a site about the browser engine in Safari, Google Chrome, and the iPhone. David brings his wealth of design knowledge to Sencha, and is responsible for the look and feel of our websites and software.
Rob Dougan is a Sencha core engineer with an eye for pixel-perfect designs. Born and raised in Northern Ireland, he has been building advanced Sencha applications for years and is a valued asset to the team. In his spare time he enjoys photography and cooking with his wife.
Fast and easy method of installing one or more MySQL servers in isolation.
Includes latest development, hints of Gearman remote install, and a lightning talk
The document discusses MongoDB concepts including:
- MongoDB uses a document-oriented data model with dynamic schemas and supports embedding and linking of related data.
- Replication allows for high availability and data redundancy across multiple nodes.
- Sharding provides horizontal scalability by distributing data across nodes in a cluster.
- MongoDB supports both eventual and immediate consistency models.
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South AfricaJumping Bean
The slides from a hands on lab given on Software Freedom Day on the 31 August 2013 at the University of the Witwatersrand.
It was aimed at showing some of the lesser know features of well known commands as well as some lesser known, yet powerful and command line tools
FabLab Bassa Romagna e ImoLUG nell'ambito del gruppo di lavoro su Linux, organizzano una serata dedicata alla Sicurezza Informatica; è un tema attuale, importante, ma molto sottovalutato.
Nella serata illustreremo come è possibile costruire un proprio Hacking Lab per imparare e testare localmente i principali software di IT Security. Sfrutteremo pertanto l'ambiente di virtualizzazione ProxMox per virtualizzare il sistema operativo vulnerabile Metaspoitable, sistema sviluppato dalla nota Radid7. Grazie a BackBox Linux analizzeremo la distribuzione vulnerabile alla ricerca di dettagli e di exploit da sfruttare.
Provisionamento orquestrado nas nuvens com JujuThiago Rondon
The document discusses JuJu, an open source tool for orchestrating and scaling cloud applications. It provides examples of deploying common applications like Jenkins, deploying additional units, relating services, and monitoring with Nagios. The document shows how JuJu handles provisioning, deployment, integration and monitoring of applications on clouds like AWS, Azure, OpenStack and more through charms and relations.
Provisionamento Orquestrado nas Nuvens com JujuiMasters
The document discusses JuJu, an open source tool for orchestrating and scaling cloud applications. It provides examples of deploying common applications like Jenkins, deploying additional units, relating services, and monitoring with Nagios. The document demonstrates how to use JuJu to deploy, manage, scale, and monitor applications on cloud platforms.
This document provides an introduction and overview of Vim, including how to get started, the different modes, basic navigation commands, opening and saving files, plugins, and pairing with others. It recommends cloning someone else's Vim configuration files, describes the main modes (insert, normal, visual), and lists some basic commands for movement, editing, searching/replacing text, and opening/quitting files. Several popular plugins are also mentioned including Fugitive for Git integration and Tim Pope's Endwise.
This talk was given on Oct 23 at HTML5DevConf in San Francisco. The topic was Continuous Delivery as it relates to JavaScript applications, using tools like grunt and jenkins.
The document discusses C2 Estudio S.A.S., a Colombian video game development studio. It provides information on games they developed between 2007-2010 including Cobalt Racing and Cowboy Guns. It also mentions they are a founding member of the Colombian Video Game Developers Association, a non-profit organization that supports the video game industry in Colombia.
This document provides an introduction and overview of MongoDB presented by Mark Hillick. It discusses what MongoDB is, how it compares to relational databases, the company 10gen that created MongoDB and its history, basic CRUD operations in MongoDB, installation, replication, sharding, drivers, operators and indexes.
This document provides an overview of using MongoDB with PHP. It begins with terminology for how MongoDB concepts map to traditional relational database concepts. It then covers connecting to MongoDB from PHP, inserting and querying documents, updating documents, indexing, and using cursors. It also discusses embedding and referencing documents, and libraries like Doctrine MongoDB ODM that provide additional functionality.
The document summarizes how a hacker compromised an environment through reconnaissance and exploitation. It describes how the hacker used Nmap and Nessus to identify hosts, found vulnerabilities like buffer overflows and weak passwords, exploited them to gain access to internal servers, escalated privileges by cracking password hashes, and ultimately retrieved sensitive files and flags from the last server.
This presentation explains how to deploy and use the Integrated Caching feature on Netscaler. I gave this presentation to Citrix staff, customers and partners in worldwide in 2011. The presentation covers best practices and gotchas :) Integrated Caching is an excellent feature that can greatly improve the performance of your website.
At the initial IrissCon, in 2009, I discussed the investigation, analysis and resolution of a Web Application attack that was part of a larger criminal scareware campaign.
The document discusses lessons learned from creating a mobile web app in 8 days. It provides technical specifications for the app, including the frameworks and libraries used. It then covers various technical, performance, and design challenges encountered, such as different browser behaviors, slow loading times, rendering issues, and ensuring responsiveness on small screens. Tips are provided for testing across devices, improving performance, and following responsive and mobile-friendly design principles.
User generated data is an old problem. Systems and network telemetry, page analytics and application state combine to form an ever growing mountain of data collected by today's tools. Collecting and storing this data requires more than just a single application, having no single point where the user touches the system and gets an answer makes debugging a nightmare and reproducing the error intractable. Distributed systems require a clear perspective on production systems and access to data in real time to have any hope of solving complex problems related to state, all while not impacting user experience.
We will explain the problem, the pains and how we solved them. Develop in production; push code to development.
The document discusses how the City of Chicago has implemented a NoSQL database to store and analyze large amounts of municipal data. Some key points discussed include how the database works well for geospatial data, can grow elastically, uses a loose schema, and allows the city to bring all data into one place, make it available in real time, and find relationships within the data. Challenges mentioned include issues with certain geospatial queries and safely scaling the database.
A Morning with MongoDB Barcelona: MongoDB Basic ConceptsMongoDB
The document discusses MongoDB concepts including:
- Replication allows for data availability across nodes through multiple copies spread across data centers and automatic failover.
- Sharding provides horizontal scalability by distributing data across nodes in a transparent way and automatically redistributing as needed.
- MongoDB offers both eventual and immediate consistency, with the latter avoiding conflicts by limiting updates to a single master node.
- Durability options include fire and forget writes, getting the last error, journal syncing, and replica set acknowledgment.
Learn how to use the power of CSS3, Sass, Compass, and Sencha tools to create consistent and cross-platform themes for Ext JS 4 and Sencha Touch.
David Kaneda leads the Sencha design team. He has over eight years of experience designing in a variety of fields, from architecture and fashion to education and software. Recently, David created Outpost, an iPhone app for Basecamp, and jQTouch, a Javascript framework for iPhone development. David also maintains WebKitBits, a site about the browser engine in Safari, Google Chrome, and the iPhone. David brings his wealth of design knowledge to Sencha, and is responsible for the look and feel of our websites and software.
Rob Dougan is a Sencha core engineer with an eye for pixel-perfect designs. Born and raised in Northern Ireland, he has been building advanced Sencha applications for years and is a valued asset to the team. In his spare time he enjoys photography and cooking with his wife.
Fast and easy method of installing one or more MySQL servers in isolation.
Includes latest development, hints of Gearman remote install, and a lightning talk
The document discusses MongoDB concepts including:
- MongoDB uses a document-oriented data model with dynamic schemas and supports embedding and linking of related data.
- Replication allows for high availability and data redundancy across multiple nodes.
- Sharding provides horizontal scalability by distributing data across nodes in a cluster.
- MongoDB supports both eventual and immediate consistency models.
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South AfricaJumping Bean
The slides from a hands on lab given on Software Freedom Day on the 31 August 2013 at the University of the Witwatersrand.
It was aimed at showing some of the lesser know features of well known commands as well as some lesser known, yet powerful and command line tools
FabLab Bassa Romagna e ImoLUG nell'ambito del gruppo di lavoro su Linux, organizzano una serata dedicata alla Sicurezza Informatica; è un tema attuale, importante, ma molto sottovalutato.
Nella serata illustreremo come è possibile costruire un proprio Hacking Lab per imparare e testare localmente i principali software di IT Security. Sfrutteremo pertanto l'ambiente di virtualizzazione ProxMox per virtualizzare il sistema operativo vulnerabile Metaspoitable, sistema sviluppato dalla nota Radid7. Grazie a BackBox Linux analizzeremo la distribuzione vulnerabile alla ricerca di dettagli e di exploit da sfruttare.
Provisionamento orquestrado nas nuvens com JujuThiago Rondon
The document discusses JuJu, an open source tool for orchestrating and scaling cloud applications. It provides examples of deploying common applications like Jenkins, deploying additional units, relating services, and monitoring with Nagios. The document shows how JuJu handles provisioning, deployment, integration and monitoring of applications on clouds like AWS, Azure, OpenStack and more through charms and relations.
Provisionamento Orquestrado nas Nuvens com JujuiMasters
The document discusses JuJu, an open source tool for orchestrating and scaling cloud applications. It provides examples of deploying common applications like Jenkins, deploying additional units, relating services, and monitoring with Nagios. The document demonstrates how to use JuJu to deploy, manage, scale, and monitor applications on cloud platforms.
This document provides an introduction and overview of Vim, including how to get started, the different modes, basic navigation commands, opening and saving files, plugins, and pairing with others. It recommends cloning someone else's Vim configuration files, describes the main modes (insert, normal, visual), and lists some basic commands for movement, editing, searching/replacing text, and opening/quitting files. Several popular plugins are also mentioned including Fugitive for Git integration and Tim Pope's Endwise.
This talk was given on Oct 23 at HTML5DevConf in San Francisco. The topic was Continuous Delivery as it relates to JavaScript applications, using tools like grunt and jenkins.
The document discusses C2 Estudio S.A.S., a Colombian video game development studio. It provides information on games they developed between 2007-2010 including Cobalt Racing and Cowboy Guns. It also mentions they are a founding member of the Colombian Video Game Developers Association, a non-profit organization that supports the video game industry in Colombia.
Similar to Peeling back your Network Layers with Security Onion (16)
This document provides an introduction and overview of MongoDB presented by Mark Hillick. It discusses what MongoDB is, how it compares to relational databases, the company 10gen that created MongoDB and its history, basic CRUD operations in MongoDB, installation, replication, sharding, drivers, operators and indexes.
This document provides an overview of using MongoDB with PHP. It begins with terminology for how MongoDB concepts map to traditional relational database concepts. It then covers connecting to MongoDB from PHP, inserting and querying documents, updating documents, indexing, and using cursors. It also discusses embedding and referencing documents, and libraries like Doctrine MongoDB ODM that provide additional functionality.
The document summarizes how a hacker compromised an environment through reconnaissance and exploitation. It describes how the hacker used Nmap and Nessus to identify hosts, found vulnerabilities like buffer overflows and weak passwords, exploited them to gain access to internal servers, escalated privileges by cracking password hashes, and ultimately retrieved sensitive files and flags from the last server.
This presentation explains how to deploy and use the Integrated Caching feature on Netscaler. I gave this presentation to Citrix staff, customers and partners in worldwide in 2011. The presentation covers best practices and gotchas :) Integrated Caching is an excellent feature that can greatly improve the performance of your website.
At the initial IrissCon, in 2009, I discussed the investigation, analysis and resolution of a Web Application attack that was part of a larger criminal scareware campaign.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
3. SO @ IrissCon
Last Presentation - need
humour!!!
Or at least an attempt at it :)
Friday 23 November 12
4. Four Things
This talk is NOT an IDS talk!
This talk will be fairly
technical :)
And fast :)
If you don’t like Lego or Star
Wars, you might want to leave
Friday 23 November 12
5. Creator
Doug Burks - the guy is
incredible, he does not sleep :)
Grew out of SANS Gold Paper
Wanted to help make Sguil &
NSM “easier” to deploy!
Friday 23 November 12
6. So, what is it?
Security Onion is a Linux distro for IDS (Intrusion Detection) & NSM
(Network Security Monitoring).
New version => all Ubuntu-type 12.04 distros [LTS], 32 & 64 bit
Old version => Xubuntu 10.04 [LTS], 32 bit only
Contains many security tools.
The easy-to-use Setup wizard allows you to build an army of distributed
sensors for your enterprise in minutes!
Open-Source : so it’s all there!!!!
Friday 23 November 12
7. Traditionally
DEFENCE-IN-DEPTH
Layers, layers & more layers:
Firewalls; IDS/IPS; WAF
Restrict inbound, allow all
outbound
Different FW tech
ACLs on Routers
But what is going on?
Friday 23 November 12
8. IDS Alert, what now?
alert ip $EXTERNAL_NET
$SHELLCODE_PORTS -> $HOME_NET any
(msg:"GPL SHELLCODE x86 inc ebx NOOP";
content:"CCCCCCCCCCCCCCCCCCCCCCCC";
fast_pattern:only; classtype:shellcode-detect; sid:
2101390; rev:7;)
Friday 23 November 12
9. NSM, Old-Style :(
WTF???????
Ah man, this sucks!
grep this, awk that, sed this,
pipe to cvs, scp & open excel :(
Then make pretty for
mgmt :)
Friday 23 November 12
10. State of IDS
Source: http://img2.moonbuggy.org/imgstore/doorstop.jpg
Friday 23 November 12
11. State of IDS
Source: http://img2.moonbuggy.org/imgstore/doorstop.jpg
Friday 23 November 12
12. NSM
NSM != IDS
Clarity!!!
“the collection, analysis, and
escalation of indications and
warnings (I&W) to detect and
respond to intrusions”
Richard Bejtlich, TaoSecurity Blog
http://taosecurity.blogspot.com/2007/04/networksecurity-
monitoring-history.html
Friday 23 November 12
24. Architecture
Server, Sensors or Both
Ultimate Analyst Workstation
Friday 23 November 12
25. Deploy, Build & Use
Aggregate or Tap
Use Cases:
Production - traditional DCs
on VM
Cloud Infrastructure
Personally: HackEire & @
home ETC
Admin - aptitude & upstart :)
Friday 23 November 12
26. Haz Tools 1
IDS: Snort or Suricata - your choice :)
Friday 23 November 12
27. Haz Tools 2
Bro: powerful
network analysis
framework with
amazingly detailed
logs
OSSEC monitors local
logs, file integrity &
rootkits
Can receive logs from
OSSEC Agents and
standard Syslog
Friday 23 November 12
29. Directory Structure
Data : /nsm
backup, bro, server data &sensor data
By sensor name “$hostname-$interface”
Config : /etc/nsm
ossec, pulledpork, securityonion
$hostname-$interface
pads, snort, suricata, barnyard etc
Logs: /var/log/nsm
Friday 23 November 12
30. NSM
sudo service nsm
restart
bro
ossec
sguil
sudo service nsm-
server restart
sudo service nsm-
sensor restart
Friday 23 November 12
62. Ah, yeah, now.......
How many clicks does it take you to get from an alert to
the packet????
Can you pivot?
Could you take a Windows Administrator off the
street???
Friday 23 November 12
64. All Wrapped Up
Thanks to Doug & the team
No more
compiling
messing with installations
sorting out pre-requisites
Significantly reduced testing
Point & Click
Friday 23 November 12
65. Conclusion
Easy Peasy
Powerful - haz tools
Nice pictures, GUIs &
graphs for
management ;-)
Open-Source is possible
& SO viable
Commodity H/W
Support - mixture!
Friday 23 November 12
66. Want to join?
Security Onion needs:
Documentation & Artwork
Web Interface
Package Maintainers
Performance Benchmarks
Me -> “GetOpts -> sosetup &
Chef”
http://code.google.com/p/security-onion/wiki/TeamMembers
Friday 23 November 12
67. Further Reading!!!
Project Home: https://code.google.com/p/
security-onion/
Blog: http://securityonion.blogspot.com
GG: https://groups.google.com/forum/?
fromgroups#!forum/security-onion
Wiki: http://code.google.com/p/security-
onion/w/list
Mailing Lists: http://code.google.com/p/
security-onion/wiki/MailingLists
IRC: #securityonion on irc.freenode.net
The Future: https://code.google.com/p/
security-onion/wiki/Roadmap
Friday 23 November 12
68. Contact Me
mark@kybeire.com
@markofu
BTW, Star Wars Fan :)
Friday 23 November 12
69. Pics Links
Onion: https://secure.flickr.com/
photos/7157427@N03/3248129452/
Star Wars Lego: http://imgur.com/a/
0XvKw (Huge thanks to Mike
Stimpson ->
www.mikestimpson.com:) )
Book -> “Stormtroopers, we love
you”
Friday 23 November 12