This document outlines 10 post-apocalyptic cyber scenarios and provides real world examples for each. The scenarios include: 1) widespread DDoS attacks causing communication outages, 2) social media being used to coordinate DDoS protests, 3) an insider stealing customer data, 4) malicious software updates, 5) hardware backdoors enabling theft and network control, 6) an insider abusing privileges for financial gain, 7) erroneous BGP routes blackholing the internet, 8) state-sponsored cyber espionage, 9) weapons-grade malware used for sabotage like Stuxnet, and 10) cyber attacks supporting military strikes
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. Ethical hacking is also known as penetration testing, intrusion testing, or red teaming.
What is hacking?
History of hacking.
Who is hacker and cracker?
Difference between hacker & cracker.
Types of hacking.
Benefits Of Computer Hacking
Security
Conclusion (How to hack your friend account or his/her password?)
Topic Of This Slide
-------------------------------
WHAT IS HACKING
Hackers – Who are they?
Communities of Hackers
Hackers Language
Why Attacks?
Type of Hackers
HACKING VS CRACKING
Malicious Hacker Strategies
Ethical Hacker Strategies
How can protect the system?
What should do after hacked?
What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense.
Referent: Kevin Kirst
Hacking is an attempt to exploit a computer system or a private network inside a computer. Black hat hackers hack to take control over the system for personal gains. They can destroy, steal or even prevent authorized users from accessing the system.
Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks.
This presentation will help you to learn more about hacking.
Hope, This will help you.
Thank you
Without even knowing it, you could be offering very private information to strangers every single day.
In this presentation, we will take a look at the history of security to vocabulary to modern day examples of data breaches.
Here's some of the vocabulary that we'll take a look at:
- Rootkit
- Trojan
- Ransomeware
- BOTNET
- DDoS
Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. Ethical hacking is also known as penetration testing, intrusion testing, or red teaming.
What is hacking?
History of hacking.
Who is hacker and cracker?
Difference between hacker & cracker.
Types of hacking.
Benefits Of Computer Hacking
Security
Conclusion (How to hack your friend account or his/her password?)
Topic Of This Slide
-------------------------------
WHAT IS HACKING
Hackers – Who are they?
Communities of Hackers
Hackers Language
Why Attacks?
Type of Hackers
HACKING VS CRACKING
Malicious Hacker Strategies
Ethical Hacker Strategies
How can protect the system?
What should do after hacked?
What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense.
Referent: Kevin Kirst
Hacking is an attempt to exploit a computer system or a private network inside a computer. Black hat hackers hack to take control over the system for personal gains. They can destroy, steal or even prevent authorized users from accessing the system.
Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks.
This presentation will help you to learn more about hacking.
Hope, This will help you.
Thank you
Without even knowing it, you could be offering very private information to strangers every single day.
In this presentation, we will take a look at the history of security to vocabulary to modern day examples of data breaches.
Here's some of the vocabulary that we'll take a look at:
- Rootkit
- Trojan
- Ransomeware
- BOTNET
- DDoS
Cyberwar is a form of conflict conducted in the digital realm, where nations, organizations, or individuals use cyberattacks and cyber espionage to achieve strategic goals or gain an advantage over their adversaries. Here's a detailed description of the topic:
1. **Definition**: Cyberwar refers to the use of computer-based techniques and tactics to disrupt, damage, or gain unauthorized access to computer systems, networks, and critical infrastructure, often with the intent to exert influence, espionage, or conduct acts of aggression against an adversary.
2. **Goals and Objectives**:
- **Espionage**: One primary objective of cyberwarfare is to gather intelligence by infiltrating the computer networks of other nations, organizations, or individuals.
- **Disruption**: Cyberwarfare can be used to disrupt critical infrastructure, such as power grids, transportation systems, or financial institutions, causing chaos and economic damage.
- **Destruction**: In some cases, cyberattacks may aim to destroy data, systems, or capabilities, causing long-term damage.
- **Psychological Operations**: Cyberwarfare can be used for psychological operations (PsyOps) to manipulate public opinion or create fear and uncertainty.
3. **Methods**:
- **Malware**: The use of malicious software like viruses, worms, Trojans, and ransomware to compromise systems.
- **Phishing**: Deceptive emails or websites that trick individuals into revealing sensitive information like passwords.
- **Denial of Service (DoS) and Distributed Denial of Service (DDoS)** attacks: Overwhelming a target's network or website to render it inaccessible.
- **Advanced Persistent Threats (APTs)**: Long-term, targeted attacks aimed at stealing information or controlling systems.
- **Zero-Day Exploits**: Exploiting vulnerabilities in software or hardware that are not yet known to the vendor.
4. **Attribution Challenges**: Determining the source of cyberattacks can be difficult due to the use of proxy servers, false flags, or the involvement of non-state actors.
5. **International Laws and Norms**: The legal framework for cyberwar is still evolving. Nations are working to establish rules and norms governing state behavior in cyberspace.
6. **Escalation and Deterrence**: The use of cyberweapons raises concerns about escalation and deterrence. The lack of clear boundaries in cyberspace can lead to unintended consequences.
7. **Notable Examples**:
- Stuxnet: A computer worm allegedly developed by the United States and Israel to sabotage Iran's nuclear program.
- NotPetya: A ransomware attack in 2017 that caused widespread damage, initially believed to be a cyberattack by Russia against Ukraine.
- SolarWinds: A supply chain attack discovered in 2020, attributed to Russian hackers, which compromised numerous U.S. government and private sector.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
By Roberto Preatoni Fabio Ghioni Corp Vs CorpFabio Ghioni
Roberto Preatoni & Fabio Ghioni - Corp-vs-Corp. Fabio Ghioni - Esperto in Tecnologie non convenzionali e del rischio, e in strategia
per la difesa nel Cyber Warfare Profiling. Fabio Ghioni, editorialista, Fabio Ghioni saggista, Fabio Ghioni conferenziere, Fabio Ghioni consulente strategico, Fabio Ghioni top manager, è riconosciuto come uno dei maggiori esperti mondiali di sicurezza.
Secure by design and secure software developmentBill Ross
This secure lifecycle management process (SLCMP said slickum) defines the basic and most realistic way to develop secure software. While the briefing is a bit dated slide 34 is still a very relevant process. What is below the green line is the security dynamic process that happens supporting the basic development process seen above the green line. SLCMP is supported by building a complementary and excellent information risk framework system security plan or IRASSP. SLCMP is operationally deployed.
Yesterday Pierluigi Paganini, CISO Bit4Id and founder Security Affairs, presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. The presentation highlights the security and privacy issues for the Internet of Things, a technology that is changing user’s perception of the technology.
Risk Management was developed so that IT security could “speak to management.”
Management understands threats not risks.
Show them the threats and they will respond.
This slide deck summarizes two years of research into the Revolution in Military Affairs that was network-centric warfare (NSW). Now available as a new book!
THERE WILL BE CYBERWAR
On Amazon, in bookstores.
It is impossible to identify all critical assets. It is impossible to determine value of IT assets. It is impossible to manage vulnerabilities. Impossible^3 = Impossible. Presented at ITAC 2013 Boston, November 19, 2013
How the Surveillance State Changes IT Security ForeverRichard Stiennon
The NSA's appetite for collecting all data has hurt the US tech industry. Trust has been broken on many fronts. Security spending set to explode by a factor of ten to counter the surveillance state.
A lot has happened since the last Cyberwar presentation was posted. This Update2010 includes Iranian cyberwar, South Korea and US Gov attacks, Twitter outage, and the China Google attacks
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
3. The futility of proposed scenarios
A stab in the dark at a divergent future, while interesting,
is doing us a disservice.
4.
5. Scenario 1.
Collateral damage from cyberwar
• Wide spread state sponsored DDoS
attack
• Communication outages
• Official web sites taken down
6. The reality
• August 8, 2008 Russia invades
Georgia
• DDoS against Georgia
president.gov.ge
rustavi2.com
• Tulip Systems Atlanta
• 68,000 requests/sec
8. Scenario 2. Political protesters
enlist social media to target attacks
Facebook or Twitter used to call protesters
to arms
DDoS tools distributed along with instructions
Websites disabled
9. Twitter as tool of riot creation
Post Iranian election Twitter was used to support
virtual riots via DDoS
Note that AnonymousOps
used LOIC too!
10. Twitter escalation
Phase 1. Hacking
instructions sites.
Phase 2. Links to
pagereload.com
Phase 3. Links to
a specially crafted
site that opens 15
frames on
pagereload.com
11. Scenario 3. An insider uses
privileged access to steal customer
data
• Despite strong authentication,
encryption, and DLP, a trusted
employee steals customer data
• Sells it to a third party
12. Rene Rebollo
Countrywide data loss estimated he
downloaded about
20,000 customer
profiles a week in excel
spreadsheets onto
flash drives.
2 million total
identities sold to Wahid
Siddiqi, his outside
accomplice.
13. Scenario 4. Malicious Software
Updates
• A software vendor issues software
updates that are malicious in nature
• Software is back-doored
• Systems compromised.
14. Athens 2004
A series of software updates turns on
Lawful intercept function
104 diplomats and Olympic officials
spied on
Engineer mysteriously commits suicide
15. Scenario 5. Hardware backdoors
• Hardware vendor builds backdoors
into critical equipment
• Uses backdoor to steal confidential
information
• Gains control of network
17. Scenario 6. Insider abuse
Insider uses knowledge of business
systems and back office to get
around internal controls.
Loss of millions
18. Trading losses
2008, Jerome Kerviel covers up trading losses,
Largest trading fraud in history to be carried out by a single person.
$7.14 Billion
5 year sentence reduced to 3
19. Scenario 7. Spurious BGP route
announcements used to black hole
the Internet
The biggest single vulnerability in Internet infrastructure
used to
1. Deny access to a service
2. Siphon data
3. Shut off a country
21. China drinks from a fire hose
“Internet routing, believe it or not, still works on the honor
system.”
“On April 8th (2010), starting at 15:50 UTC, China Telecom
incorrectly asserted ownership of more than 50,000 different
blocks of IP addresses. “ -Renysis Blog
15% of the Internet was party to a man in the middle attack for
18 minutes.
22. Mubarak’s Internet Kill Switch
January 27, 2011
At 22:34 UTC (00:34am local time), Renesys
observed the virtually simultaneous withdrawal
of all routes to Egyptian networks in the
Internet's global routing table. Approximately
3,500 individual BGP routes were withdrawn,
leaving no valid paths by which the rest of the
world could continue to exchange Internet
traffic with Egypt's service providers.
23. Scenario 8. State sponsored spying
• A nation state infiltrates dozens of
computers belonging to key
personnel
• Reads emails
• Steals information
• Uses information to impact
diplomatic mission
24. Ghostnet
• Office of the Dalai Lama infiltrated
through malware installed on
computers
• Email servers completely owned
• Emails modified in transit
• Email read and acted on
• Over 1,200 infected computers
globally
25. Sound familiar?
• Pentagon 2007
• Rio Tinto 2009
• Google Aurora 2010
• Night Dragon
• RSA 2011
• Mitsubishi, Kawasaki, 2011
28. Breaking news
October 18: Symantec announces new variants of Stuxnet in the
wild.
-New version was written by authors with access to original
Stuxnet source code
-This version targets PLC manufacturers.
-Most recent sample was compiled on October 17th.
29. Scenario 10. Cyber attacks in
support of military strikes.
Syria invaded by Israeli war planes that destroy a nuclear reactor.
Network attacks to shut down command and control
Airborn attacks against radar systems to “inject code” and shut
down radar systems.
Breaking news, October 18, New York Times reports that
Obama’s administration considered similar attacks against
Libya.
CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
\n
\n
CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
20 million Ids including SSN stolen by the insider, Rene Rebollo, Wahid Siddiqi, 25,was a senior financial analyst at Full Spectrum Lending, Countrywide's subprime lending division. The FBI's statement alleges Rebollo was taking the personal information of mortgage customers, including social security numbers, storing them on a USB thumb drive. Rebollo told the law enforcement he profited anywhere from $50,000 to $70,000 from the sale of the Countrywide-owned data. In an FBI affidavit Rebollo estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto the flash drives and then took the spreadsheets and emailed them to buyers from business center stores.\n