A Presentation by Thomas Powell (PINT) and me at the Bird Rock Systems luncheon at the Del Mar Race Track on 11th August 2010.
We talked about web attacks and the threat landscape as it stands today.
Triangle.rb - How Secure is Your Rails Site, Anyway?Cory Foy
In this talk from Triangle.rb, Cory Foy details the state of Rails security, including paying attention to libraries you use. He includes real world examples of exploits, and links to resources
A learning activity in real- and cyber- space. Learners follow "clues" that may be physical, in the world around them, or online, to solve fictitious "crimes". Both crimes and cases relate to the topic about which they are learning; and the information for pinning crimes on various suspects can be found in suspects' (also fictitious) MySpace profiles.
Triangle.rb - How Secure is Your Rails Site, Anyway?Cory Foy
In this talk from Triangle.rb, Cory Foy details the state of Rails security, including paying attention to libraries you use. He includes real world examples of exploits, and links to resources
A learning activity in real- and cyber- space. Learners follow "clues" that may be physical, in the world around them, or online, to solve fictitious "crimes". Both crimes and cases relate to the topic about which they are learning; and the information for pinning crimes on various suspects can be found in suspects' (also fictitious) MySpace profiles.
Workplace spirituality is not practicing personal beliefs at workplace but creating an environment within the organization driven by universal spiritual laws
Klassisches Projektmanagement und agil – (K)ein Widerspruch!? Dies ist das Thema der Präsentation, die Dr. Andreas Wagener und Colette Ziller (OPITZ CONSULTING) auf der OOP 2011 hielten. Wie kann Projektmanagement agil sein? Welche Vorteile hat dies? Welche Rolle spielen in diesem Zusammenhang Crum und Prince2? Auf diese Fragen geben die Experten der IT-Beratung OPITZ CONSULTING Antworten.
Evolve or Die: How Purpose and Authenticity are the Future of BrandsMackenzie Fogelson
Growth requires a very different approach in the digital age. Your organization you must understand its purpose, how that's relevant to your customers and employees, and do the work to prove you are worth their time and attention. The path to growth is different. Purpose is not the only component to an organization’s success, but it’s a big one. It’s time to evolve and lead from purpose.
Strategies for securing your banks & enterprises (from someone who robs bank...ITCamp
Most people who work on the defensive side of computer security only see the landscape from that perspective! In this talk, Street will show how an attacker views your Web site and employees, and then uses them against you. He will start with how a successful spear-phish is created, by using the information gathered from the company’s own ‘about’ page, as well as scouring social media sites for useful information to exploit employees. The majority of the talk will cover successful counter-measures to help stave off or detect attacks. This discussion will draw on the speaker’s 15 years’ experience of working in the US banking industry on the side of defence. At the same time, he’ll draw on over six years of participating in engagements where he has taken on the role of the attacker.
[HES2013] Information Warfare: mistakes from the MoDs by Raoul “Nobody” ChiesaHackito Ergo Sum
This talk will analyze those mistakes commonly done by MoD when trying to deal with the so-called “Cyberwar”. The speaker will empass through cultural, practical, logistics and narrow-minds issues he’s been able to observe while training various military staff in different countries.
https://www.hackitoergosum.org
CyberAttack -- Whose side is your computer on?Jim Isaak
Developed for the STEM4All lifelong learning class (2014) a topic that will change significantly with time
Describes key concepts and points to a number of online resources
Thoughts on Defensive Development for SitecorePINT Inc
Presentation given by Thomas Powell (tpowell@pint.com) and Joe Lima (jlima@port80software.com) - 2-15-2012 covering WebAppSec issues with an emphasis on concerns with the Sitecore CMS platform.
Sorry for any small quirks in slideshare conversion.
"Know Thy Enemy" - Module 1 of my Cybersecurity Primer Presentations. Who is Trying to Hack You? The Seven Types of Hackers on the Internet, their profiles and motivations.
Workplace spirituality is not practicing personal beliefs at workplace but creating an environment within the organization driven by universal spiritual laws
Klassisches Projektmanagement und agil – (K)ein Widerspruch!? Dies ist das Thema der Präsentation, die Dr. Andreas Wagener und Colette Ziller (OPITZ CONSULTING) auf der OOP 2011 hielten. Wie kann Projektmanagement agil sein? Welche Vorteile hat dies? Welche Rolle spielen in diesem Zusammenhang Crum und Prince2? Auf diese Fragen geben die Experten der IT-Beratung OPITZ CONSULTING Antworten.
Evolve or Die: How Purpose and Authenticity are the Future of BrandsMackenzie Fogelson
Growth requires a very different approach in the digital age. Your organization you must understand its purpose, how that's relevant to your customers and employees, and do the work to prove you are worth their time and attention. The path to growth is different. Purpose is not the only component to an organization’s success, but it’s a big one. It’s time to evolve and lead from purpose.
Strategies for securing your banks & enterprises (from someone who robs bank...ITCamp
Most people who work on the defensive side of computer security only see the landscape from that perspective! In this talk, Street will show how an attacker views your Web site and employees, and then uses them against you. He will start with how a successful spear-phish is created, by using the information gathered from the company’s own ‘about’ page, as well as scouring social media sites for useful information to exploit employees. The majority of the talk will cover successful counter-measures to help stave off or detect attacks. This discussion will draw on the speaker’s 15 years’ experience of working in the US banking industry on the side of defence. At the same time, he’ll draw on over six years of participating in engagements where he has taken on the role of the attacker.
[HES2013] Information Warfare: mistakes from the MoDs by Raoul “Nobody” ChiesaHackito Ergo Sum
This talk will analyze those mistakes commonly done by MoD when trying to deal with the so-called “Cyberwar”. The speaker will empass through cultural, practical, logistics and narrow-minds issues he’s been able to observe while training various military staff in different countries.
https://www.hackitoergosum.org
CyberAttack -- Whose side is your computer on?Jim Isaak
Developed for the STEM4All lifelong learning class (2014) a topic that will change significantly with time
Describes key concepts and points to a number of online resources
Thoughts on Defensive Development for SitecorePINT Inc
Presentation given by Thomas Powell (tpowell@pint.com) and Joe Lima (jlima@port80software.com) - 2-15-2012 covering WebAppSec issues with an emphasis on concerns with the Sitecore CMS platform.
Sorry for any small quirks in slideshare conversion.
"Know Thy Enemy" - Module 1 of my Cybersecurity Primer Presentations. Who is Trying to Hack You? The Seven Types of Hackers on the Internet, their profiles and motivations.
Client Side Exploitation Techniques for attack client-side then access into intranet for fun, Additional latest Microsoft vulnerability that never patch for year (MS was Suck...)
Things that go bump on the web - Web Application SecurityChristian Heilmann
My talk at the Web Directions North conference in Denver, Colorado. It covers basic technologies and methodologies of attacks of web applications, what we can do against them and a plea for making interfaces more educational about security than scaring users.
Essa palestra visa apresentar, tanto para usuários quanto para profissionais de TI, riscos que estamos correndo na internet nos últimos tempos. A ingenuidade ou despreparo das pessoas pode, muitas vezes, prejudicar ela mesma e até o local onde trabalha. Engenheiro sociais estão aparecendo em grande número e provocando danos significativos. Venha comigo em um passeio para descobrir como e porque essas pessoas agem, e aproveite para abrir a sua mente e se proteger desse tipo de situação.
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008eLiberatica
This is a presentation held at eLiberatica 2008.
http://www.eliberatica.ro/2008/
One of the biggest events of its kind in Eastern Europe, eLiberatica brings community leaders from around the world to discuss about the hottest topics in FLOSS movement, demonstrating the advantages of adopting, using and developing Open Source and Free Software solutions.
The eLiberatica organizational committee together with our speakers and guests, have graciously allowed media representatives and all attendees to photograph, videotape and otherwise record their sessions, on the condition that the photos, videos and recordings are licensed under the Creative Commons Share-Alike 3.0 License.
For over two decades, working as an cybersecurity entrepreneur, researcher and instructor, I have heard over and over again that attacks and defense are two sides of the same coin. But what does it really mean in application? What happens when sophisticated attacks collide with sophisticated defenses? Who wins?
This is talk is aimed at a wide audience in cybersecurity – from the strategists to the practitioners. We will discuss Evolution, Attacks, Defense and PEBKAC. What factors shall affect the posture of trustworthiness and safety in the digital world in the next two years to come depend largely on the road we have followed over the past two decades. This talk looks above and beyond, albeit optimistically, about realigning some of the conventional approaches, slowly but strategically shifting mindsets of stakeholders and consumers alike, to bring about a more proactive approach to security.
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSSaumil Shah
The EMUX IoT Firmware Emulation Framework currently provides near native userland emulation for ARM and MIPS IoT devices. EMUX is actively used Saumil's popular ARM IoT Exploit Laboratory training for over 5 years.
The Debugging with EMUX workshop shall be in two parts:
Part 1 (30 minutes) - Setting up EMUX in 7 minutes - A tour of EMUX internals - EMUX utilities - Tracing userland processes within EMUX
Part 2 (90 minutes) - Debugging an ARM IoT target in EMUX - Debugging a MIPS IoT Target in EMUX - Crash dump analysis
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
After 4 years, ARMX is changing its call sign. EMUX now features both ARM and MIPS device emulation, in a unified framework! Join us as we unveil EMUX and take you into the inner workings of emulating both ARM and MIPS IoT devices. We will be releasing a new Docker image featuring a MIPS CTF challenge to test your MIPS exploit development skills.
Slides from my workshop at Ringzer0's December 2021 Workshop Advent Calendar.
Effective Webinars: Presentation Skills for a Virtual AudienceSaumil Shah
A webinar on what it takes to conduct an effective webinar! Understand how to prepare your story for an invisible audience, keep them engaged and anticipate "in-flight turbulence". Enjoy!
The closest you will get to a VM for testing IoT devices. The ARM-X IoT Firmware Emulation Framework is a tried-and-tested framework which has led to four 0-days discovered on SoHo routers, IP cameras and VoIP exchanges. In this talk, I shall cover the evolution of ARM-X, demonstrate a few use cases and discuss future directions of IoT firmware emulation.
The closest you will get to a VM for testing IoT devices. The ARM-X IoT Firmware Emulation Framework is a tried-and-tested framework which has led to four 0-days discovered on SoHo routers, IP cameras and VoIP exchanges. In this talk, I shall cover the evolution of ARM-X, demonstrate a few use cases and discuss future directions of IoT firmware emulation.
The Road To Defendable Systems - Emirates NBDSaumil Shah
"Attack is a technical problem, defense is a political problem". For several years, cyber security has been misjudged as risk reduction. On one hand, business applications and architectures are growing rapidly. On the other hand, the cyber security organisation is struggling to be able to defend them in today's rapidly evolving threat landscape.
This talk explores the gap in thought between the owner and the defender of today's business applications and what needs to be done to bridge it. We shall present proactive steps and measures to overcome the last hurdle in building defendable systems.
Defending an enterprise is a balancing act. I have worked as an offensive testing vendor to several global organisations over 18 years. This talk explores the challenges that today’s CISOs face - the threat landscape, overall shortage of infosec expertise, the ever evaporating shelf life of infosec products and an increased burden of compliance requirements. I will share my experiences from working with highly effective CISOs and internal infosec teams and what it takes to function on the razor’s edge
Defending an enterprise is a balancing act. I have worked as an offensive testing vendor to several global organisations over 18 years. This talk explores the challenges that today’s CISOs face - the threat landscape, overall shortage of infosec expertise, the ever evaporating shelf life of infosec products and an increased burden of compliance requirements. I will share my experiences from working with highly effective CISOs and internal infosec teams and what it takes to function on the razor’s edge
My talk on creating ARM/Thumb Polyglot shellcode for obfuscation, signature evasion and downright novelty of approach! Presented at Hack in the Box Amsterdam 2019
Slides from my lectures on Photography As An Art Form. Follow me on facebook at https://www.facebook.com/my.spectral.lines and on Instagram at @therealsaumil.
Make ARM Shellcode Great Again - HITB2018PEKSaumil Shah
Compared to x86, ARM shellcode has made little progress. The x86 hardware is largely homogenous. ARM, however, has several versions and variants across devices today. There are several constraints and subtleties involved in writing production quality ARM shellcode which works on modern ARM hardware, not just on QEMU emulators.
In this talk, we shall explore issues such as overcoming cache coherency, reliable polymorphic shellcode, ARM egghunting and last but not the least, polyglot ARM shellcode. A bonus side effect of this talk will be creating headaches for those who like to defend agaisnt attacks using age old signature based techniques
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A