This is the slide deck from a presention for SecTor 2016.
I spoke with Chris Gates @carnal0wnage.
The outline is:
Purple Teaming is conducting focused Red Teams with clear training objectives for the Blue Team for the ultimate goal of improving the organization’s overall security posture. The popular opinion is that Purple Teaming requires a big undertaking. This is not true and we will show practical exercises for Purple Teaming for varying levels of organizational maturity using the Cyber Kill Chain[1] as our framework.
This talk was presented at BSidesLV 2016. It covered the trend of Automating Penetration Testing. We will delve into what this means for skilled penetration testers / exploit developers and the probable outcome of bigger and more breaches.
Purple Teaming is the idea of using a Red Team exercise with clear training objectives for the Blue Team.
Great exercises should not just be focused on testing a product, they should also test your active Blue Team members and their skills. But how does one start to think about a Purple Team exercise, how does one go about running one and what does it look like?
In this talk we will explain what, why and how, to plan an effective purple team exercise and give some examples. Most enterprise networks are Windows heavy so examples will heavily lean on this.
Testing Assumptions, gaps, blind spots is what being proactive is all about. This talk is both for the console folks and non-console folks.
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
Sector 2016 Chris Gates & Haydn Johnson
Purple Teaming is conducting focused Red Teams with clear training objectives for the Blue Team for the ultimate goal of improving the organization’s overall security posture. The popular opinion is that Purple Teaming requires a big undertaking. This is not true and we will show practical exercises for Purple Teaming for varying levels of organizational maturity using the Cyber Kill Chain[1] as our framework.
Power your way to becoming a red team cyber security expertShivamSharma909
Red Teaming is a tradition of rigorously challenging policies, plans, systems, and assumptions by embracing the adversarial approach. Red teams are independent of the organizations. They are only hired by companies when they decide to check their security policies.
https://infosec-train.blogspot.com/2021/08/power-your-way-to-becoming-red-team.html
Co Speaker: Cheryl Biswas
Talk Description:
How about this: a blue team talk given by red teamers. But here’s our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed.
We’ll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We’ll talk about the new “buzzwords” and how they apply: visibility; patterns; big data. There’s a whole lotta data to wrangle, and you aren’t seeing the whole picture if you aren’t doing things right. Threat intel is about getting the big picture as it applies to you. You’ll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we’ll take things further and talk about hunting the adversary, using an update on proven methodologies.
We’ll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.
This talk was presented at BSidesLV 2016. It covered the trend of Automating Penetration Testing. We will delve into what this means for skilled penetration testers / exploit developers and the probable outcome of bigger and more breaches.
Purple Teaming is the idea of using a Red Team exercise with clear training objectives for the Blue Team.
Great exercises should not just be focused on testing a product, they should also test your active Blue Team members and their skills. But how does one start to think about a Purple Team exercise, how does one go about running one and what does it look like?
In this talk we will explain what, why and how, to plan an effective purple team exercise and give some examples. Most enterprise networks are Windows heavy so examples will heavily lean on this.
Testing Assumptions, gaps, blind spots is what being proactive is all about. This talk is both for the console folks and non-console folks.
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
Sector 2016 Chris Gates & Haydn Johnson
Purple Teaming is conducting focused Red Teams with clear training objectives for the Blue Team for the ultimate goal of improving the organization’s overall security posture. The popular opinion is that Purple Teaming requires a big undertaking. This is not true and we will show practical exercises for Purple Teaming for varying levels of organizational maturity using the Cyber Kill Chain[1] as our framework.
Power your way to becoming a red team cyber security expertShivamSharma909
Red Teaming is a tradition of rigorously challenging policies, plans, systems, and assumptions by embracing the adversarial approach. Red teams are independent of the organizations. They are only hired by companies when they decide to check their security policies.
https://infosec-train.blogspot.com/2021/08/power-your-way-to-becoming-red-team.html
Co Speaker: Cheryl Biswas
Talk Description:
How about this: a blue team talk given by red teamers. But here’s our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed.
We’ll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We’ll talk about the new “buzzwords” and how they apply: visibility; patterns; big data. There’s a whole lotta data to wrangle, and you aren’t seeing the whole picture if you aren’t doing things right. Threat intel is about getting the big picture as it applies to you. You’ll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we’ll take things further and talk about hunting the adversary, using an update on proven methodologies.
We’ll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
A little over a year ago I made the transition from external security consultant to internal offensive security engineer at Facebook. I went from a full time breaker to part time fixer. This talk is aimed at providing lessons learned and documenting the mindset changes I've made over the last year that I feel can be used by the industry as a whole. I've broken the lessons learned into three primary buckets; Red, Blue, and Purple and the talk will hopefully bring value to anyone working in their respective bucket or assist in their creation/continuing of purple teaming at their company.
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Chris Gates
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk, we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us. This is an update to our 2016 Brucon talk. We plan to discuss what have we accomplished regarding the above in the last year. We plan to show how we have progressed with the automation of attacker activities and event generation using MITRE’s Cyber Analytics Repository & CAR Exploration Tool (CARET) along with pumping these results to Unfetter (https://iadgov.github.io/unfetter/) for aggregation and display in a useful format.
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
Phishing for clicks is like the VA portion of a Pentest. It feels nice being a hacker, but that fuzzy feeling wears off quickly, once you learn about command and control.
Everyone knows in theory what phishing is, what phishing emails looks like, they even may even theoretically know how it all works.
What about executing a Phishing campaign? This talk will show you the journey of setting up and executing a Phishing campaign to gain command and control. I have tried a few frameworks, coded some pages myself and will show the way I learned to Phish.
This is not just about sending an email and a link, this is about bypassing the email minefield to get the email to the target and having the payload call back out of the network.
We will go through:
Choosing and setting up a Phishing Framework
Cloning a site
Testing delivery and bypassing Spam filters with a payload (Click Once)
Testing different user interactions for executing payloads
Learning different payloads for command and control
In 2014, Filip managed to exceed our audience's expectations with a well-researched and energizing lecture. Since then, he's managed to build a successful tech startup and has worked for clients across the globe. We are very proud to present you one of the brightest minds on the Czech marketing scene!
My presentation at Expon 2011 in Sao Paulo. Anyone interested in my talk should check out the "importxml guide" here:
http://www.distilled.net/blog/distilled/guide-to-google-docs-importxml/
What Yoda Can Teach us About Application Quality Management
It’s no Jedi mind trick! 10 black holes to avoid for successful application delivery
A long time ago, in a galaxy not too far away, the very first CHAOS Report published by the Standish Group generated worldwide attention by its claim that 40 percent of IT projects failed and that these failings were costing the US economy 140 billion dollars each year. Ten years later, matters had improved somewhat with only half as many projects failing, but worryingly 53 percent were late, over-budget or not meeting their objectives. Now, within a mere five years, the number of failed projects is back on the rise, the 2009 Standish Group CHAOS report indicates that nearly 25 percent of projects are doomed.
The quality of application delivery is at the heart of many of the challenges faced in IT projects, and this paper reviews some of the most common pitfalls and pain points that often beset development projects. With the help of Yoda, Obi Wan and others from the Star Wars cast, we will learn how best to avoid these challenges and deliver your projects on time, on budget and most importantly with quality.
This presentation, aimed primarily at QA Management, addresses the challenges of software testing within QA and the impact it has on the business. It attempts to outline the main benefits of test automation in conjunction with good software testing processes, whilst highlighting the negative impact current market-dominating products have in the application quality process.
- See more at: http://www.origsoft.com/whitepapers/yoda-and-application-quality-management/
This is a talk I gave at Harvard for the National Collegiate Research Conference. It's more theoretical than my typical presentation but kind of fun - it looks at what makes innovation happen.
Are you building a product or service? What if you would go out and actually talk to the target audience? Like talk, talk. The real deal. Have a chat.
Now let's assume you actually do it. How? There are a thousand ways to ruin the opportunity and a few tips and tricks not to!
Presented at InterLab 2013, a workshop aimed at web designers, web application developers, online communications professionals, and managers of internet resources throughout the United States Department of Energy laboratory complex.
Developing Analytic Technique and Defeating Cognitive Bias in Securitychrissanders88
In this presentation, I discuss the evolution to the analysis era in information security and the challenges associated with it. This includes several examples of cognitive biases and the negative effects they can have on the analysis process. I also discuss different analytic techniques that can enhance analysis such as differential diagnosis and relational investigation.
The recent trend of using Attack and Defense Together.
Due to the recent trend of using offensive and defensive capabilities together, we thought a talk on Purple Teaming would be interesting. We hope to benefit those on the Attack side (red team), Defensive (blue team) and mixing the two.
Презентация для вебинара Вячеслава Васина, во время которого он рассказал, как уязвимости в распространённом программном обеспечении влияют на безопасность организаций.
Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido
se / quando todas as fases foram realizadas.
(DOCUMENTO EM INGLÊS)
THOR is a lightweight and portable scanner for IOCs. It ships with a huge set of Yara signatures and other indicators of compromise in order to detect attacker activity on Windows systems.
This was part of a 3 hour talk for students at a local college. Introductipn to post exploitation with PowerShell Empire. Feel free to use and learn from.
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
A little over a year ago I made the transition from external security consultant to internal offensive security engineer at Facebook. I went from a full time breaker to part time fixer. This talk is aimed at providing lessons learned and documenting the mindset changes I've made over the last year that I feel can be used by the industry as a whole. I've broken the lessons learned into three primary buckets; Red, Blue, and Purple and the talk will hopefully bring value to anyone working in their respective bucket or assist in their creation/continuing of purple teaming at their company.
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Chris Gates
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk, we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us. This is an update to our 2016 Brucon talk. We plan to discuss what have we accomplished regarding the above in the last year. We plan to show how we have progressed with the automation of attacker activities and event generation using MITRE’s Cyber Analytics Repository & CAR Exploration Tool (CARET) along with pumping these results to Unfetter (https://iadgov.github.io/unfetter/) for aggregation and display in a useful format.
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
Phishing for clicks is like the VA portion of a Pentest. It feels nice being a hacker, but that fuzzy feeling wears off quickly, once you learn about command and control.
Everyone knows in theory what phishing is, what phishing emails looks like, they even may even theoretically know how it all works.
What about executing a Phishing campaign? This talk will show you the journey of setting up and executing a Phishing campaign to gain command and control. I have tried a few frameworks, coded some pages myself and will show the way I learned to Phish.
This is not just about sending an email and a link, this is about bypassing the email minefield to get the email to the target and having the payload call back out of the network.
We will go through:
Choosing and setting up a Phishing Framework
Cloning a site
Testing delivery and bypassing Spam filters with a payload (Click Once)
Testing different user interactions for executing payloads
Learning different payloads for command and control
In 2014, Filip managed to exceed our audience's expectations with a well-researched and energizing lecture. Since then, he's managed to build a successful tech startup and has worked for clients across the globe. We are very proud to present you one of the brightest minds on the Czech marketing scene!
My presentation at Expon 2011 in Sao Paulo. Anyone interested in my talk should check out the "importxml guide" here:
http://www.distilled.net/blog/distilled/guide-to-google-docs-importxml/
What Yoda Can Teach us About Application Quality Management
It’s no Jedi mind trick! 10 black holes to avoid for successful application delivery
A long time ago, in a galaxy not too far away, the very first CHAOS Report published by the Standish Group generated worldwide attention by its claim that 40 percent of IT projects failed and that these failings were costing the US economy 140 billion dollars each year. Ten years later, matters had improved somewhat with only half as many projects failing, but worryingly 53 percent were late, over-budget or not meeting their objectives. Now, within a mere five years, the number of failed projects is back on the rise, the 2009 Standish Group CHAOS report indicates that nearly 25 percent of projects are doomed.
The quality of application delivery is at the heart of many of the challenges faced in IT projects, and this paper reviews some of the most common pitfalls and pain points that often beset development projects. With the help of Yoda, Obi Wan and others from the Star Wars cast, we will learn how best to avoid these challenges and deliver your projects on time, on budget and most importantly with quality.
This presentation, aimed primarily at QA Management, addresses the challenges of software testing within QA and the impact it has on the business. It attempts to outline the main benefits of test automation in conjunction with good software testing processes, whilst highlighting the negative impact current market-dominating products have in the application quality process.
- See more at: http://www.origsoft.com/whitepapers/yoda-and-application-quality-management/
This is a talk I gave at Harvard for the National Collegiate Research Conference. It's more theoretical than my typical presentation but kind of fun - it looks at what makes innovation happen.
Are you building a product or service? What if you would go out and actually talk to the target audience? Like talk, talk. The real deal. Have a chat.
Now let's assume you actually do it. How? There are a thousand ways to ruin the opportunity and a few tips and tricks not to!
Presented at InterLab 2013, a workshop aimed at web designers, web application developers, online communications professionals, and managers of internet resources throughout the United States Department of Energy laboratory complex.
Developing Analytic Technique and Defeating Cognitive Bias in Securitychrissanders88
In this presentation, I discuss the evolution to the analysis era in information security and the challenges associated with it. This includes several examples of cognitive biases and the negative effects they can have on the analysis process. I also discuss different analytic techniques that can enhance analysis such as differential diagnosis and relational investigation.
The recent trend of using Attack and Defense Together.
Due to the recent trend of using offensive and defensive capabilities together, we thought a talk on Purple Teaming would be interesting. We hope to benefit those on the Attack side (red team), Defensive (blue team) and mixing the two.
Презентация для вебинара Вячеслава Васина, во время которого он рассказал, как уязвимости в распространённом программном обеспечении влияют на безопасность организаций.
Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido
se / quando todas as fases foram realizadas.
(DOCUMENTO EM INGLÊS)
THOR is a lightweight and portable scanner for IOCs. It ships with a huge set of Yara signatures and other indicators of compromise in order to detect attacker activity on Windows systems.
This was part of a 3 hour talk for students at a local college. Introductipn to post exploitation with PowerShell Empire. Feel free to use and learn from.
Welcome to the United States: An Acculturation ConversationSuzanne M. Sullivan
Do you want to learn about living the the US as an expat? Click through to visit the land, the people, the language...and to avoid culture shock! Welcome!
The (In)Security of Topology Discovery in Software Defined NetworksTalal Alharbi
Topology Discovery is an essential service in Soft-
ware Defined Networks (SDN). Most SDN controllers use a de-
facto standard topology discovery mechanism based on OpenFlow
to identify active links in the network. This paper discusses the
security, or rather lack thereof, of the current SDN topology
discovery mechanism, and its vulnerability to link spoofing
attacks. The feasibility and impact of the attacks are verified and
demonstrated via experiments. The paper presents and evaluates
a countermeasure based on HMAC authentication.
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
This presentation, given at BSidesPittsburgh 2015, discusses free tools and techniques penetration testers use that can be translated to network defenders for immediate impact and value.
Code Obfuscation, PHP shells & more
What hackers do once they get passed your code - and how you can detect & fix it.
Content:
- What happens when I get hacked?
- What's code obfuscation?
- What are PHP shells?
- Show me some clever hacks!
- Prevention
- Post-hack cleanup
What is this not about:
- How can I hack a website?
- How can I DoS a website?
- How can I find my insecure code?
A combined approach to search for evasion techniques in network intrusion det...eSAT Journals
Abstract Network Intrusion Detection Systems (NIDS) whose base is signature, works on the signature of attacks. They must be updated quickly in order to prevent the system from new attacks. The attacker finds out new evasion techniques so that he should remain undetected. As the new evasion techniques are being developed it becomes difficult for NIDS to give accurate results and NIDS may fail. The key aspect of our paper is to develop a network intrusion detection system using C4.5 algorithm where Adaboost algorithm is used to classify the packet as normal packet or attack packet and also to further classify different types of attack. Apriori algorithm is used to find real time evasion and to generate rules to find intrusion These rules are further given as input to Snort intrusion detection system for detecting different attacks. Keywords: NIDS, Evasion, Apriori Algorithm, Adaboost Algorithm, Snort
Using the new extended Berkley Packet Filter capabilities in Linux to the improve performance of auditing security relevant kernel events around network, file and process actions.
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon YangLyon Yang
This is a light training/presentation talk.
My name is Lyon Yang and I am an IoT hacker. I live in sunny Singapore where IoT is rapidly being deployed – in production. This walkthrough will aim to shed light on the subject of IoT, from finding vulnerabilities in IoT devices to getting shiny hash prompts.
Our journey starts with a holistic view of IoT security, the issues faced by IoT devices and the common mistakes made by IoT developers. Things will then get technical as we progress into a both ARM and MIPS exploitation, followed by a ‘hack-along-with-us’ workshop where you will be exploiting a commonly found IoT daemon. If you are new to IoT or a seasoned professional you will likely learn something new in this workshop.
https://www.iotvillage.org/#schedule
Join well known industry thought leaders and experts from local New York companies for a 1/2 day event focused on the latest and greatest in DevOps practices.
The opening talk of running remote 2019.
I tried to explain what makes distributed teams and remote work special.
I talk about the most important aspect in remote teams: trust
The recent trend of using Attack and Defense Together.
Due to the recent trend of using offensive and defensive capabilities together, we thought a talk on Purple Teaming would be interesting. We hope to benefit those on the Attack side (red team), Defensive (blue team) and mixing the two.
DevOps: Cultural and Tooling Tips Around the WorldDynatrace
To watch this webinar replay, please join us here:
https://info.dynatrace.com/apm_wc_devops_journey_series_tips_around_the_world_na_registration.html
DevOps: Cultural and Tooling Tips Around the World
DevOps! One of the most abused terms in the software industry over the last few years. One of the reasons for this is that the term can mean something totally different, depending on what your role is, and what kind of business you are in. Yet, it is a very real practice with solid benefits that allow companies to build better quality software faster, and with lower cost and risk.
In this 30-minute “secret sauce” session, Andreas Grabner, DevOps Activist at Dynatrace, shares customer learnings and best practices from DevOps adopters around the world. You’ll gain insights from questions like:
• What does DevOps really mean for developers, testers and operators?
• How do companies like Facebook deploy twice a day without big issues?
• How does DevOps work in industries like finance, government, and healthcare where tight regulations exist?
• Is Dev responsible for Ops? Or only if you are working in a Cloud environment?
• What is different and unique as we move from old-fashioned on-prem software to hybrid and Cloud apps?
• Why is talking to people the forgotten DevOps tool?
Applied Data Science: Building a Beer Recommender | Data Science MD - Oct 2014Austin Ogilvie
Applied Data Science: Building a Beer Recommender | Data Science MD - Oct 2014
-----------
Slides from a talk by Greg Lamp, CTO of Yhat, about building recommendation systems using Python and deploying them to production.
Achieving Technical Excellence in Your Software Teams - from Devternity Peter Gfader
Our industry has a problem: We are not lacking software methodologies, programming languages, tools or frameworks but we need great software engineers.
Great software engineer teams build quality-in and deliver great software on a regular basis. The technical excellence of those engineers will help you escape the "Waterfall sandwich" and make your organization a little more agile, from the inception of an idea till they go live.
I will talk about my experiences from the last 15 years, including small software delivery teams until big financial institutions.
Why would a company like to be "agile"?
How can a company achieve that?
How can you achieve Technical Excellence in your software teams?
What developer skills are more important than languages, methods or frameworks?
This will be an interactive session with a Q&A at the end.
Gene Kim, an award winning CTO, researcher and DevOps author will share his top learnings on how effective leaders are driving DevOps change, as well as the skills he believes every technology leader needs to help their organizations survive and win in the marketplace.
For more information, please visit http://cainc.to/Nv2VOe
A granular look into The Do's and Don't of Post Incident Analysis, featuring Jason Hand - DevOps Evangelist - from VictorOps and Jason Yee - Technical Writer/Evangelist - from Datadog.
Topics include a breakdown of the process in the following order:
- Service disruptions
- Detection
- Diagnosis
- Post-incident analysis
- Framework
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...DevOpsDays Houston
I’ll discuss how my experience of approaching DevOps not as another siloed effort but instead as a discipline by embedding engineers within cross-functional teams who are dedicated to continuously improving the quality of automation across the entire SDLC.
Introduction to Just in Time Access - BrightTalkHaydn Johnson
Ensuring users have access to only the resources they need, aka least privilege is great. But have you considered granting users only needed access?
This talk will introduce the concept of granting ‘Just-in-Time Access’. Securing an endpoint is more than patching and vulnerability management. Granting access to who, when and what also secures an endpoint. Only when a user needs to connect to a system, can access be granted. Ports such as SSH do not need to be open for the world to connect and probe. Database credentials do not need to last forever.
This approach limits the damage that can be caused by an account -- privileged or otherwise -- by reducing the amount of time an attacker has to gain access to the account, as well as the time they have to move from a compromised account before losing access.
The short explanation for Just-in-Time Access is providing short-term access in real time. It is a relatively new term in the industry and is another way to practice the least privileged best practice.
Key Takeaways:
• The benefits to Just-in-Time access for security and operations
o Improved visibility
o Minimize damage from compromised accounts
o Operational efficiency
• How SSH can be replaced with AWS SSM sessions
o Direct SSH replacement
o SSH reverse proxy
• How Just in Time Access for database credentials can help
o Example: Hashicorp Vault
o Example: Akeyless
• Resources for learning more
Communication to the business is very different to exploitation. This talk helps bridge the gap between a finding and a business risk.
Presented at HackFest 2018
Human(e) Security in a World of Business 2018Haydn Johnson
Relationship Building in Security is extremely important.
Understand where I came from, where I am at, struggles I had and things I found work to help improve the security Posture of my organizaiton.
This report is to explain some key commands within Meterpreter that allow you to have some sort of situational awareness. That is, how to gain more insight into system information, the user you currently are and what processes are running among other things.
This blog gives a step by step guide to creating persistence with
PowerSploit. A reverse shell will be sent to the attacker when a victim logs into their machine.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
7. @haydnjohnson @carnal0wnage
Terminology
Vulnerability Assessment Person - Run Vuln Scanner….hey client you
suck
Penetration Tester - Metasploit /MSF PRO (FTW)...hey client you suck
Red Teaming - Phish, move laterally, find “sensitive stuff”, maybe
custom implant...hey client you suck
Purple Teaming - You did all the above, but got to charge for an extra
body and to tell the client how they suck in person
8. @haydnjohnson @carnal0wnage
No Really...
Red Teaming -
“Red Team engagements are the full spectrum warfare of
security assessments. In a red team engagement, the
consultants attack the client organization using physical
means, social engineering, and technological avenues. “
From: http://winterspite.com/security/phrasing/
10. @haydnjohnson @carnal0wnage
You can’t Red Team yourself
But you sure as hell can conduct training...and detection/protection validation
http://redteamjournal.com/red-teaming-laws/
12. @haydnjohnson @carnal0wnage
No Really...
Purple Teaming -
Conducting focused pentesting (up to Red Teaming) with
clear training objectives for the Blue Team.
It isn't a "can you get access to X" exercise it is a "train the
Blue Team on X" exercise. The pentesting activities are a
means to conduct realistic training.
More here: http://carnal0wnage.attackresearch.com/2016/03/more-on-purple-
teaming.html
13. @haydnjohnson @carnal0wnage
Purple Teaming Process
Training Exercise!
1. Primary result of the exercise is to create an intrusion
event (aka get caught) to test instrumentation (host/
network), validate detection processes and procedures,
validate protections in place, force response procedures
and post mortems.
Differs from Red Team where primary goal is to NOT get
caught
14. @haydnjohnson @carnal0wnage
Purple Teaming Process
Training Exercise + work the IR process
Investigate Logging vs Alert + action
○ Is the event logged at all?
○ Logged event != alert
○ Does alert == action taken?
○ Purple Team it!
17. @haydnjohnson @carnal0wnage
Pyramid of Pain
http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html https://www.youtube.com/watch?v=Mke74a9guNk
18. @haydnjohnson @carnal0wnage
Lockheed Martin Cyber Kill Chain
Worst. Name. Ever.
“The seven steps of the Lockheed Martin Cyber
Kill Chain® enhance visibility into an attack and
enrich an analyst’s understanding of an
adversary’s tactics, techniques and
procedures.”
http://cyber.lockheedmartin.com/solutions/cyber-kill-chain
19. @haydnjohnson @carnal0wnage
CKC is a great idea!
This is an integrated, end-to-end process described as a “chain” because
any one deficiency will interrupt the entire process.
AKA:
Any deficiency in the attackers chain, will interrupt the entire process
23. @haydnjohnson @carnal0wnage
Using the CKC to drive Exercises
http://csrc.nist.gov/cyberframework/framework_comments/20131213_charles_alsup_insa_part3.pdf
24. @haydnjohnson @carnal0wnage
Using the CKC to drive Exercises
● Rather than consolidate all attacker activities into a single
chart. We **could** create charts for various attack types
or CKC steps.
● This would force us to identify and DOCUMENT an
organization’s methods to Detect, Deny, Disrupt, Degrade,
Deceive & Contain (Destroy) for any attack type.
● As an added bonus, it creates Purple Team exercises for
us when we create a plan to validate the info in the chart.
29. @haydnjohnson @carnal0wnage
Mimikatz Example
● Mimikatz affects almost all organizations
● Outline your defenses against the tool
○ AV
○ Md5
○ Command line usage
○ Code certificate details
○ Windows Hardening
○ Detection (via ATA)
● https://adsecurity.org/?page_id=1821
31. @haydnjohnson @carnal0wnage
Mimikatz Example
Purple Team
● Pack, Recompile, Sign with different code sign certificate
● Powershell mimikatz
● Various whitelist bypass techniques
● Validate
○ Protected User Groups
○ LSA Protection
○ Registry changes prevent wdigest clear text
○ Alerting!
32. @haydnjohnson @carnal0wnage
Lateral Movement Example
● We could attempt to document every Lateral Movement
tool / technique
● Instead focus on how you detect/protect/respond to a tool
or suite of tools
○ Ex: impacket
34. @haydnjohnson @carnal0wnage
Lateral Movement Example
Purple Team
● Run impacket.py in default config
○ Did you detect it?
○ Tweak detection/deny/etc until you do!
● Let your Red Team modify impacket
○ Repeat the detect/deny process until the tool is
unusable in your org
● Do your GPO settings prevent most use cases?
35. @haydnjohnson @carnal0wnage
Malicious Attachments
● Everyone employs’ some sort of malicious attachment
protection
○ Google mail for business
○ Office 365
○ Proofpoint
○ FireEye
● Do you test it? Or do you just hope for the best?
39. @haydnjohnson @carnal0wnage
Malicious Attachments
Purple Team
• Send various types of malicious attachments via multiple
sources
• Compare to your chart of assumptions
• How many emails does it take to block a sender?
• What types of attachments generate alerts?
• Does suspicious stuff get moved to spam or deleted; do people open spam
emails?
• If sent to employees, do they report?
• Did any automated actions take place?
40. @haydnjohnson @carnal0wnage
CKC Exercise Outcomes
● Mental exercise of how we Detect/Respond/etc to attacks
● Document defense posture
● Answer the “Do the Blinky Boxes work?” question
The Purple Team component
● Validate the spreadsheet is accurate
● Validate the blinky box is doing “something”
● Identify training and coverage gaps for the org
○ Test plan for the above
41. @haydnjohnson @carnal0wnage
CKC Exercise Outcomes
● ITERATIVE PROCESS
○ Starts as simple detection validation exercises
○ Based on maturity, moves into gap analysis/detection
evasion by your attack team
○ You build up to Red Teaming
● Does what we have for detection/protection work?
○ Then how easy is it to bypass
○ Track last test date, drive exercises and training
43. @haydnjohnson @carnal0wnage
Story Time #1
• Receive call “Check this IP address”
• $secretpoliceinvestigation
• IP address seen - Investigators go to meeting + lunch
• 2 hours later, identify data exfil
• Sh*t hits fan
• Log into FTP server to delete data
• Execute processes
Alerts triggered purposely
48. @haydnjohnson @carnal0wnage
Story Time #1
• Big company hard to change quickly
• Issues clearly acknowledged
• Long term plans
Nothing changed in short term
49. @haydnjohnson @carnal0wnage
Story Time #1
• Create defined and clear process for hierarchy
• Training on hacking back - DON’T
• Budget for prioritized upgrade of Lab
• Shift style lunches
Solutions
53. @haydnjohnson @carnal0wnage
Story Time #2
• IR Manager had identified some gaps plus had new incident
responders
• Mobile Forensics
• Response to Golden Ticket attack
• Work thru IR process as a team
• Fully internal -- No external Contractors
• Partnered with senior Blue Team member
• Took things I found pentesting…chained together story for the
exercise
• “Create internal havoc” attackers
Overview of a Purple Teaming Exercise
74. @haydnjohnson @carnal0wnage
Please remember:
• Document your defenses and protections
• Find a way to (iteratively) build your attacks/validation
• Start simple, grow to more complex attacks/scenarios
• Pwn all the things...but in a way that helps your
organization