The document appears to be a presentation about infiltration techniques for cyber attacks. It discusses exploiting technical vulnerabilities like web, email and remote access software. It also covers gaining access through social engineering, like sending malicious links and files to trick users. The presentation emphasizes targeting individuals within an organization and using common tools like ZeuS or SpyEye malware to acquire sensitive data from infected systems.
This document provides an overview of Bitcoin, the world's first cryptocurrency. It discusses how Bitcoin aims to decentralize key functions like identity, accounting, truth, and issuance through a distributed peer-to-peer network. It notes that Bitcoin achieves decentralization by basing truth on the largest amount of computational power via a "1 CPU, 1 vote" system. The document also provides estimates of the hashing power and costs required to attack the Bitcoin network and examines how an economy is developing around Bitcoin through services and trade.
YouTipIt ist ein Plattform die es Ihnen ermöglicht tolle Internet Inhalt mit monetär zu belohnen. YouTipIt setzt auf der cryptographische Währung Bitcoin auf.
YouTipIt is a microdonation Platform which connects internet street performers and tipsters. YouTipIt uses Bitcoin, a cryptographic peer to peer currency.
This document provides an introduction to bitcoin, including what it is, how it works, advantages, disadvantages, weaknesses, history, data, mining process over time, physical representations, and future possibilities. Bitcoin is described as a decentralized digital currency based on cryptography, without a central authority. Transactions are confirmed by miners who are rewarded with new bitcoins. Key aspects covered include how users can send and receive bitcoins, security issues, increasing difficulty of mining over time, and the currency's value and adoption over its history.
Bitcoin is a digital currency created in 2008 that allows for fast and relatively free transactions anywhere in the world. It uses cryptography and a decentralized network to verify transactions and create new bitcoins. The value of bitcoin comes from its usefulness as a currency and the demand for it. However, bitcoin is still experimental and volatile, with an uncertain future in terms of stability, regulation, and widespread adoption. The bitcoin community continues to develop the software, payment systems, and applications around this new currency.
This document provides instructions for creating an alternative cryptocurrency like Bitcoin. It outlines the necessary planning steps like designing coin parameters, source code configuration changes, and compiling the code. Key steps include cloning an existing altcoin source, modifying parameters like block time and total coin amount, generating a genesis block, and connecting multiple computers to mine fresh coins. The document cautions that one should not create an altcoin just for the sake of it, but instead focus on innovation through new hashing algorithms, economic models, or smart contract capabilities.
The document is a presentation by Iftach Ian Amit on data exfiltration techniques. It discusses infiltrating target networks through both technical exploits and social engineering. It then covers targeting specific data for acquisition using tools like ZeuS or SpyEye. Finally, it outlines various methods for exfiltrating the acquired data covertly, such as using SSL encryption, avoiding detection by DLP and IPS systems, and encoding the data.
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
The document appears to be a presentation by Iftach Ian Amit from November 2011 about advanced data exfiltration techniques. It includes sections on using emails, web links and phishing to extract data, as well as utilizing social engineering techniques to manipulate targets. Automating parts of the process with tools like SET is also mentioned. The presentation suggests using both aggressive and ingratiating social behaviors when interacting with targets. It diagrams extracting data by routing it through third parties and the internet.
This document provides an overview of Bitcoin, the world's first cryptocurrency. It discusses how Bitcoin aims to decentralize key functions like identity, accounting, truth, and issuance through a distributed peer-to-peer network. It notes that Bitcoin achieves decentralization by basing truth on the largest amount of computational power via a "1 CPU, 1 vote" system. The document also provides estimates of the hashing power and costs required to attack the Bitcoin network and examines how an economy is developing around Bitcoin through services and trade.
YouTipIt ist ein Plattform die es Ihnen ermöglicht tolle Internet Inhalt mit monetär zu belohnen. YouTipIt setzt auf der cryptographische Währung Bitcoin auf.
YouTipIt is a microdonation Platform which connects internet street performers and tipsters. YouTipIt uses Bitcoin, a cryptographic peer to peer currency.
This document provides an introduction to bitcoin, including what it is, how it works, advantages, disadvantages, weaknesses, history, data, mining process over time, physical representations, and future possibilities. Bitcoin is described as a decentralized digital currency based on cryptography, without a central authority. Transactions are confirmed by miners who are rewarded with new bitcoins. Key aspects covered include how users can send and receive bitcoins, security issues, increasing difficulty of mining over time, and the currency's value and adoption over its history.
Bitcoin is a digital currency created in 2008 that allows for fast and relatively free transactions anywhere in the world. It uses cryptography and a decentralized network to verify transactions and create new bitcoins. The value of bitcoin comes from its usefulness as a currency and the demand for it. However, bitcoin is still experimental and volatile, with an uncertain future in terms of stability, regulation, and widespread adoption. The bitcoin community continues to develop the software, payment systems, and applications around this new currency.
This document provides instructions for creating an alternative cryptocurrency like Bitcoin. It outlines the necessary planning steps like designing coin parameters, source code configuration changes, and compiling the code. Key steps include cloning an existing altcoin source, modifying parameters like block time and total coin amount, generating a genesis block, and connecting multiple computers to mine fresh coins. The document cautions that one should not create an altcoin just for the sake of it, but instead focus on innovation through new hashing algorithms, economic models, or smart contract capabilities.
The document is a presentation by Iftach Ian Amit on data exfiltration techniques. It discusses infiltrating target networks through both technical exploits and social engineering. It then covers targeting specific data for acquisition using tools like ZeuS or SpyEye. Finally, it outlines various methods for exfiltrating the acquired data covertly, such as using SSL encryption, avoiding detection by DLP and IPS systems, and encoding the data.
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
The document appears to be a presentation by Iftach Ian Amit from November 2011 about advanced data exfiltration techniques. It includes sections on using emails, web links and phishing to extract data, as well as utilizing social engineering techniques to manipulate targets. Automating parts of the process with tools like SET is also mentioned. The presentation suggests using both aggressive and ingratiating social behaviors when interacting with targets. It diagrams extracting data by routing it through third parties and the internet.
The document discusses cyberwarfare capabilities of various countries including the USA, Russia, China, Iran, and Israel. It notes government and military agencies in each country involved in offensive and defensive cyber operations. Examples given include the US Cyber Command, Russian GRU and FSB, China's PLA, Iran's military and telecom monopoly, and Israel's IDF and Mossad. Cyberwar attacks are described as potentially involving highly selective targeting of military resources alongside kinetic attacks, or large-scale distributed denial of service attacks.
This document discusses cyberwarfare and cybercrime. It begins with a disclaimer from the author stating this is his personal opinion. The agenda covers cyberwar attack and defense, cybercrime attack and defense, and connecting history to the future. Countries seen as developing advanced cyber capabilities are discussed, including the US, Russia, China, Iran, and Israel. Cyberwar attack is described as highly selective targeting of military and critical resources, often in conjunction with kinetic attacks.
Mapping connections between CyberCrime and CyberTerrorism groups.
Reviewing mitigation factors on the nation-state level and international treaties and strategies that will thwart terrorism and state sponsored cyber offense.
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsSource Conference
This document is an agenda for a presentation on cyberwarfare and cybercrime. It discusses perceptions of cyberwar versus cybercrime and focuses on current players in cyberwar like the USA and Russia. Various US government cyberwarfare agencies and capabilities are mentioned, as well as Russian intelligence agencies involved in cyber operations. The document explores different views on what constitutes cyberwar.
Developing mobile apps varies from country to country. Learn how important it is to understand the Chinese culture and business trends as you develop apps for China.
This presentation was developed for @Appconomy by its development team members Mike Roeder and Brandon DuRette, first presented by them at @ATXStartupWeek September 9, 2011. It is intended to convey general knowledge of the developers about producing apps for users of mobile devices in China, as of the time they created it. For more detailed information about app development in and for China, viewers of the presentation are invited to visit http://developer.appconomy.com. PLEASE NOTE: The presentation is copyrighted via the Creative Commons commercial attribution share-alike license (see: http://en.wikipedia.org/wiki/Share-alike) meaning it may be downloaded and used for other commercial purposes, as long as it is attributed to Appconomy, Inc. and that any copyrighted work produced convey the identical rights to others.
The document discusses cybercrime and cyberwarfare. It provides an overview of major players in each area, including government agencies and criminal organizations. It then analyzes historical cyber attacks, such as those during conflicts involving Estonia, Israel, Georgia and Iran, and argues these attacks connected cybercrime networks and resources to state-sponsored cyber warfare operations.
Quantitative Risk Analysis Workshop - focused on working with business risk and factoring in cyber elements, and how to optimize the application of controls for the most effective risk management.
This document discusses DevSecOps at Cimpress, an online printing company. It outlines some of the challenges of their worldwide and decentralized operations with varying technology stacks. Their approach involves threat modeling to identify threats, assets, and controls. They create security assertions based on the threat model and assure test case coverage. The focus is on integrating security into development in a way that is not burdensome to developers. The expected deliverables include automated unit test coverage and tool scans to address the threat model.
Risk metric frameworks cover most of the elements that organizations deal with from an operational perspective. We have identified a gap in those, in which social media activities are not represented well (albeit being the highest growing attack vector). In this talk we’ll present a social media risk metric framework that allows organizations to measure and track both individuals as well as 3rd party entities risk to the organization.
This document discusses cyber security risks in the financial and healthcare industries and their impact on homeland security. It covers three parts: examples of information disclosure vulnerabilities in access points; connecting these vulnerabilities to critical infrastructure protection and homeland security; and arguing that an asset-centric rather than product-centric approach is needed to address industry-specific security challenges.
The document discusses the roles and techniques of red teams and blue teams, with the red team focusing on simulating real threats through activities like social engineering and identifying vulnerabilities, while the blue team aims to assess risks, minimize damage from attacks, and apply lessons learned to strengthen processes, people, and technology. It provides examples of tactics for each team and emphasizes the importance of collaboration between red and blue teams to continuously improve an organization's security.
"Cyber" security - all good, no need to worry?Iftach Ian Amit
This document discusses cyber security risks and incidents over time. It notes that 52% of all incidents are from businesses, with government, medical, and education each accounting for around 15-20% of incidents. The majority (57%) of incidents are caused by outside actors, while 20% are from insider threats and 10% are accidental insider incidents. The number of reported data loss incidents has increased significantly over time from just over 100 in 2004 to over 1600 in 2013. The document advocates returning to basic risk management practices, including prioritizing remediation based on risk, impact, costs, and addressing the most critical gaps in assets, processes, technologies and threats based on priority. It warns against overspending on products and focusing
This document discusses the importance of application logs for security purposes. It notes that while network, system and other logs have improved, application logs are still often lacking crucial context about user actions and application state. To effectively investigate issues, security analysts need a unified view of all log data, including details applications have about user sessions, access and functionality used. The document urges application developers to make more of this type of contextual log data available to defenders to help connect dots between different system components and entities.
Derbycon 2013 - Seeing Red in Your Future?
This talk is designed to complement the “Fifty Shades of Red” talk tomorrow, and provide context for organizations who either think about engaging in a red team test, or have been doing red teaming and want to see more value out of it. In this talk we’ll cover some of the basic elements of what red teaming is, and specifically how it benefits an organization engaging in such a practice. Red teaming by itself is a high-interaction test. Unlike many other tests (namely penetration testing, compliance engagements, vulnerability assessments and other IT related practices), red team is not limited to the technical scope of the organization’s security infrastructure. As such, it is imperative to be able to extract as much value out of a red team engagement as possible, and see return on that investment in as many different areas of the organization as possible. Based on years of experience in conducting red team tests, training and helping organizations improve their security through red teaming, these insights will be applicable to everyone who is seeing red in their future (and you all should in order to really address security in an organization that has people working in it and not just machines).
Hacking involves a single target and shallow attacks using common tools and techniques, motivated by financial or political goals. Cyber attacks are part of cyber warfare involving strategic targets across physical, social, intelligence and electronic domains using custom tools in a coordinated campaign. Cyber defenses require a strategic defense in depth approach across all domains with awareness training, unlike typical IT security products. Hacking is an individual battle while cyber attacks are part of a larger warfare strategy.
This document discusses best practices for securely storing passwords. It notes that passwords are often stored insecurely, such as in plain text. To securely store passwords, it recommends encrypting them using cryptographic hash functions with salts. Specifically, it advises using functions such as SHA-2, bcrypt, and scrypt, which can include salts and be slowed down through key stretching to make passwords very difficult to hack or crack. Following these guidelines helps protect users and companies by securing password data.
The document discusses strategies for maximizing home-field advantage in cybersecurity defense. It argues that defenders should flip the perspective of red team attackers by mapping assets and security issues, correlating internal and external threat data over time, and taking proactive measures like counterintelligence operations. Examples given include infiltrating hacker communities to booby-trap tools and using attackers' own tools against them. The presentation calls on vendors to develop integrative security products and defenders to own their security data and intelligence in order to focus defenses on real risks rather than compliance.
A presentation on the state of cyber security, current threats and opportunities at the national level.
An overview of current readiness analysis for countries, along-with a recommended strategic approach to developing capabilities and partnerships locally, regionally, and globally.
More Related Content
Similar to Pushing in, leaving a present, and pulling out slowly without anyone noticing
The document discusses cyberwarfare capabilities of various countries including the USA, Russia, China, Iran, and Israel. It notes government and military agencies in each country involved in offensive and defensive cyber operations. Examples given include the US Cyber Command, Russian GRU and FSB, China's PLA, Iran's military and telecom monopoly, and Israel's IDF and Mossad. Cyberwar attacks are described as potentially involving highly selective targeting of military resources alongside kinetic attacks, or large-scale distributed denial of service attacks.
This document discusses cyberwarfare and cybercrime. It begins with a disclaimer from the author stating this is his personal opinion. The agenda covers cyberwar attack and defense, cybercrime attack and defense, and connecting history to the future. Countries seen as developing advanced cyber capabilities are discussed, including the US, Russia, China, Iran, and Israel. Cyberwar attack is described as highly selective targeting of military and critical resources, often in conjunction with kinetic attacks.
Mapping connections between CyberCrime and CyberTerrorism groups.
Reviewing mitigation factors on the nation-state level and international treaties and strategies that will thwart terrorism and state sponsored cyber offense.
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsSource Conference
This document is an agenda for a presentation on cyberwarfare and cybercrime. It discusses perceptions of cyberwar versus cybercrime and focuses on current players in cyberwar like the USA and Russia. Various US government cyberwarfare agencies and capabilities are mentioned, as well as Russian intelligence agencies involved in cyber operations. The document explores different views on what constitutes cyberwar.
Developing mobile apps varies from country to country. Learn how important it is to understand the Chinese culture and business trends as you develop apps for China.
This presentation was developed for @Appconomy by its development team members Mike Roeder and Brandon DuRette, first presented by them at @ATXStartupWeek September 9, 2011. It is intended to convey general knowledge of the developers about producing apps for users of mobile devices in China, as of the time they created it. For more detailed information about app development in and for China, viewers of the presentation are invited to visit http://developer.appconomy.com. PLEASE NOTE: The presentation is copyrighted via the Creative Commons commercial attribution share-alike license (see: http://en.wikipedia.org/wiki/Share-alike) meaning it may be downloaded and used for other commercial purposes, as long as it is attributed to Appconomy, Inc. and that any copyrighted work produced convey the identical rights to others.
The document discusses cybercrime and cyberwarfare. It provides an overview of major players in each area, including government agencies and criminal organizations. It then analyzes historical cyber attacks, such as those during conflicts involving Estonia, Israel, Georgia and Iran, and argues these attacks connected cybercrime networks and resources to state-sponsored cyber warfare operations.
Similar to Pushing in, leaving a present, and pulling out slowly without anyone noticing (8)
Quantitative Risk Analysis Workshop - focused on working with business risk and factoring in cyber elements, and how to optimize the application of controls for the most effective risk management.
This document discusses DevSecOps at Cimpress, an online printing company. It outlines some of the challenges of their worldwide and decentralized operations with varying technology stacks. Their approach involves threat modeling to identify threats, assets, and controls. They create security assertions based on the threat model and assure test case coverage. The focus is on integrating security into development in a way that is not burdensome to developers. The expected deliverables include automated unit test coverage and tool scans to address the threat model.
Risk metric frameworks cover most of the elements that organizations deal with from an operational perspective. We have identified a gap in those, in which social media activities are not represented well (albeit being the highest growing attack vector). In this talk we’ll present a social media risk metric framework that allows organizations to measure and track both individuals as well as 3rd party entities risk to the organization.
This document discusses cyber security risks in the financial and healthcare industries and their impact on homeland security. It covers three parts: examples of information disclosure vulnerabilities in access points; connecting these vulnerabilities to critical infrastructure protection and homeland security; and arguing that an asset-centric rather than product-centric approach is needed to address industry-specific security challenges.
The document discusses the roles and techniques of red teams and blue teams, with the red team focusing on simulating real threats through activities like social engineering and identifying vulnerabilities, while the blue team aims to assess risks, minimize damage from attacks, and apply lessons learned to strengthen processes, people, and technology. It provides examples of tactics for each team and emphasizes the importance of collaboration between red and blue teams to continuously improve an organization's security.
"Cyber" security - all good, no need to worry?Iftach Ian Amit
This document discusses cyber security risks and incidents over time. It notes that 52% of all incidents are from businesses, with government, medical, and education each accounting for around 15-20% of incidents. The majority (57%) of incidents are caused by outside actors, while 20% are from insider threats and 10% are accidental insider incidents. The number of reported data loss incidents has increased significantly over time from just over 100 in 2004 to over 1600 in 2013. The document advocates returning to basic risk management practices, including prioritizing remediation based on risk, impact, costs, and addressing the most critical gaps in assets, processes, technologies and threats based on priority. It warns against overspending on products and focusing
This document discusses the importance of application logs for security purposes. It notes that while network, system and other logs have improved, application logs are still often lacking crucial context about user actions and application state. To effectively investigate issues, security analysts need a unified view of all log data, including details applications have about user sessions, access and functionality used. The document urges application developers to make more of this type of contextual log data available to defenders to help connect dots between different system components and entities.
Derbycon 2013 - Seeing Red in Your Future?
This talk is designed to complement the “Fifty Shades of Red” talk tomorrow, and provide context for organizations who either think about engaging in a red team test, or have been doing red teaming and want to see more value out of it. In this talk we’ll cover some of the basic elements of what red teaming is, and specifically how it benefits an organization engaging in such a practice. Red teaming by itself is a high-interaction test. Unlike many other tests (namely penetration testing, compliance engagements, vulnerability assessments and other IT related practices), red team is not limited to the technical scope of the organization’s security infrastructure. As such, it is imperative to be able to extract as much value out of a red team engagement as possible, and see return on that investment in as many different areas of the organization as possible. Based on years of experience in conducting red team tests, training and helping organizations improve their security through red teaming, these insights will be applicable to everyone who is seeing red in their future (and you all should in order to really address security in an organization that has people working in it and not just machines).
Hacking involves a single target and shallow attacks using common tools and techniques, motivated by financial or political goals. Cyber attacks are part of cyber warfare involving strategic targets across physical, social, intelligence and electronic domains using custom tools in a coordinated campaign. Cyber defenses require a strategic defense in depth approach across all domains with awareness training, unlike typical IT security products. Hacking is an individual battle while cyber attacks are part of a larger warfare strategy.
This document discusses best practices for securely storing passwords. It notes that passwords are often stored insecurely, such as in plain text. To securely store passwords, it recommends encrypting them using cryptographic hash functions with salts. Specifically, it advises using functions such as SHA-2, bcrypt, and scrypt, which can include salts and be slowed down through key stretching to make passwords very difficult to hack or crack. Following these guidelines helps protect users and companies by securing password data.
The document discusses strategies for maximizing home-field advantage in cybersecurity defense. It argues that defenders should flip the perspective of red team attackers by mapping assets and security issues, correlating internal and external threat data over time, and taking proactive measures like counterintelligence operations. Examples given include infiltrating hacker communities to booby-trap tools and using attackers' own tools against them. The presentation calls on vendors to develop integrative security products and defenders to own their security data and intelligence in order to focus defenses on real risks rather than compliance.
A presentation on the state of cyber security, current threats and opportunities at the national level.
An overview of current readiness analysis for countries, along-with a recommended strategic approach to developing capabilities and partnerships locally, regionally, and globally.
Second Life is a free online virtual world where users can generate content. Users can exchange the virtual currency, Linden Dollars, for real money. Key industries include real estate, adult entertainment, and fashion. Some users exploit the system by creating weapons to annoy others or using third-party viewers to crash clients and copy content illegally. In response, Linden Lab banned over 10,000 users and tightened policies around virtual weapons and third-party viewers.
This document discusses cheating in games and the techniques used. It covers reasons for cheating such as fun, profit, and gaining knowledge. It also discusses common cheating methods like bots, trainers, patching, and hooking. It provides examples of how to hook into the Windows API and examples of anti-cheating techniques used by game developers. Overall, the document is about cheating techniques in games and the ongoing challenge for developers to create uncheatable games.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Pushing in, leaving a present, and pulling out slowly without anyone noticing
1. Iftach Ian Amit | September 2011
Pushing in, leaving a present and
pulling out without anybody
noticing
Iftach Ian Amit
VP Consulting
DC9723
CSA-IL Board member
IL-CERT Visionary
All rights reserved to Security Art ltd. 2002-2011 www.security-art.com
Tuesday, September 20, 11
2. Iftach Ian Amit | September 2011
whoami
• Not certified
• VP Consulting at Security-Art
• Hacker, researcher, developer
• I like crime, and war :-)
• DC9723, PTES, IL-CERT, IAF
All rights reserved to Security Art ltd. 2002-2011 2
Tuesday, September 20, 11
3. Iftach Ian Amit | September 2011
Agenda
All rights reserved to Security Art ltd. 2002-2011 3
Tuesday, September 20, 11
4. Iftach Ian Amit | September 2011
Agenda
All rights reserved to Security Art ltd. 2002-2011 3
Tuesday, September 20, 11
5. Iftach Ian Amit | September 2011
Agenda
All rights reserved to Security Art ltd. 2002-2011 3
Tuesday, September 20, 11
6. Iftach Ian Amit | September 2011
Agenda
All rights reserved to Security Art ltd. 2002-2011 3
Tuesday, September 20, 11
7. Iftach Ian Amit | September 2011
1. Infiltration
• Technical factors
• Human factors
• Command & Control in loosely connected
environments
All rights reserved to Security Art ltd. 2002-2011 4
Tuesday, September 20, 11
8. Iftach Ian Amit | September 2011
Infiltration - Technical
All rights reserved to Security Art ltd. 2002-2011 5
Tuesday, September 20, 11
9. Iftach Ian Amit | September 2011
Infiltration - Technical
• Exploits! of what???
All rights reserved to Security Art ltd. 2002-2011 5
Tuesday, September 20, 11
10. Iftach Ian Amit | September 2011
Infiltration - Technical
• Exploits! of what???
• Web, FTP, mail, SSL-VPN...
All rights reserved to Security Art ltd. 2002-2011 5
Tuesday, September 20, 11
11. Iftach Ian Amit | September 2011
Infiltration - Technical
• Exploits! of what???
• Web, FTP, mail, SSL-VPN...
• Will only get you the basic stuff
All rights reserved to Security Art ltd. 2002-2011 5
Tuesday, September 20, 11
12. Iftach Ian Amit | September 2011
Infiltration - Technical
• Exploits! of what???
• Web, FTP, mail, SSL-VPN...
• Will only get you the basic stuff
• 3rd party tools used (LinkedIn,
SalesForce, SaaS applications)...
All rights reserved to Security Art ltd. 2002-2011 5
Tuesday, September 20, 11
13. Iftach Ian Amit | September 2011
Infiltration - Technical
• Exploits! of what???
• Web, FTP, mail, SSL-VPN...
• Will only get you the basic stuff
• 3rd party tools used (LinkedIn,
SalesForce, SaaS applications)...
• Harder to get
*although nice to have as reproducible on many targets
All rights reserved to Security Art ltd. 2002-2011 5
Tuesday, September 20, 11
14. Iftach Ian Amit | September 2011
Infiltration - Technical
The problem:
Small attack surface
All rights reserved to Security Art ltd. 2002-2011 6
Tuesday, September 20, 11
15. Iftach Ian Amit | September 2011
Infiltration - Technical
All rights reserved to Security Art ltd. 2002-2011 7
Tuesday, September 20, 11
16. Iftach Ian Amit | September 2011
Infiltration - Technical
• How about them windows?
All rights reserved to Security Art ltd. 2002-2011 7
Tuesday, September 20, 11
17. Iftach Ian Amit | September 2011
Infiltration - Technical
• How about them windows?
• Win XP still the dominantly deployed OS on
clients (both in corporate and government
settings)
All rights reserved to Security Art ltd. 2002-2011 7
Tuesday, September 20, 11
18. Iftach Ian Amit | September 2011
Infiltration - Technical
• How about them windows?
• Win XP still the dominantly deployed OS on
clients (both in corporate and government
settings)
• Win 7 is no big deal
All rights reserved to Security Art ltd. 2002-2011 7
Tuesday, September 20, 11
19. Iftach Ian Amit | September 2011
Infiltration - Technical
• How about them windows?
• Win XP still the dominantly deployed OS on
clients (both in corporate and government
settings)
• Win 7 is no big deal
All rights reserved to Security Art ltd. 2002-2011 7
Tuesday, September 20, 11
20. Iftach Ian Amit | September 2011
Infiltration - Technical
• How about them windows?
• Win XP still the dominantly deployed OS on
clients (both in corporate and government
settings)
• Win 7 is no big deal
• Attack surface is much broader (spell
Adobe, Symantec, WinZip, AOL, Mozilla, etc...)
All rights reserved to Security Art ltd. 2002-2011 7
Tuesday, September 20, 11
21. Iftach Ian Amit | September 2011
Infiltration - Human
All rights reserved to Security Art ltd. 2002-2011 8
Tuesday, September 20, 11
22. Iftach Ian Amit | September 2011
Infiltration - Human
• Not as in “I got your guy and I want
$1,000,000 to set him free”
All rights reserved to Security Art ltd. 2002-2011 8
Tuesday, September 20, 11
23. Iftach Ian Amit | September 2011
Infiltration - Human
• Not as in “I got your guy and I want
$1,000,000 to set him free”
• More like “dude, check out the pics from the
conference we went to last month. Wicked!”
All rights reserved to Security Art ltd. 2002-2011 8
Tuesday, September 20, 11
24. Iftach Ian Amit | September 2011
Infiltration - Human
• Not as in “I got your guy and I want
$1,000,000 to set him free”
• More like “dude, check out the pics from the
conference we went to last month. Wicked!”
• “did you get my memo with the new
price-list <link to .xls file>”
All rights reserved to Security Art ltd. 2002-2011 8
Tuesday, September 20, 11
25. Iftach Ian Amit | September 2011
Infiltration - Human
• Not as in “I got your guy and I want
$1,000,000 to set him free”
• More like “dude, check out the pics from the
conference we went to last month. Wicked!”
• “did you get my memo with the new
price-list <link to .xls file>”
• You get the idea...
All rights reserved to Security Art ltd. 2002-2011 8
Tuesday, September 20, 11
26. Iftach Ian Amit | September 2011
Infiltration - Human
All rights reserved to Security Art ltd. 2002-2011 9
Tuesday, September 20, 11
27. Iftach Ian Amit | September 2011
Infiltration - Human
All rights reserved to Security Art ltd. 2002-2011 9
Tuesday, September 20, 11
28. Iftach Ian Amit | September 2011
Infiltration - Human
All rights reserved to Security Art ltd. 2002-2011 9
Tuesday, September 20, 11
29. Iftach Ian Amit | September 2011
Infiltration - Human
All rights reserved to Security Art ltd. 2002-2011 10
Tuesday, September 20, 11
30. Iftach Ian Amit | September 2011
Infiltration - Human
• eMails, web links,
phishing...
All rights reserved to Security Art ltd. 2002-2011 10
Tuesday, September 20, 11
31. Iftach Ian Amit | September 2011
Infiltration - Human
• eMails, web links,
phishing...
• Works like a charm!
All rights reserved to Security Art ltd. 2002-2011 10
Tuesday, September 20, 11
32. Iftach Ian Amit | September 2011
Infiltration - Human
• eMails, web links,
phishing...
• Works like a charm!
• And can be mostly
automated
All rights reserved to Security Art ltd. 2002-2011 10
Tuesday, September 20, 11
33. Iftach Ian Amit | September 2011
Infiltration - Human
• eMails, web links,
phishing...
• Works like a charm!
• And can be mostly
automated
• SET to the rescue
All rights reserved to Security Art ltd. 2002-2011 10
Tuesday, September 20, 11
34. Iftach Ian Amit | September 2011
Infiltration - Human
• eMails, web links,
phishing...
• Works like a charm!
• And can be mostly
automated
• SET to the rescue
All rights reserved to Security Art ltd. 2002-2011 10
Tuesday, September 20, 11
35. Iftach Ian Amit | September 2011
Infiltration - Human
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 11
Tuesday, September 20, 11
36. Iftach Ian Amit | September 2011
Infiltration - Human
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 11
Tuesday, September 20, 11
37. Iftach Ian Amit | September 2011
Infiltration - Human
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 11
Tuesday, September 20, 11
38. Iftach Ian Amit | September 2011
Infiltration - Human
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 11
Tuesday, September 20, 11
39. Iftach Ian Amit | September 2011
Infiltration - Human
And... being nice/nasty/
obnoxious/needy always
helps!
All rights reserved to Security Art ltd. 2002-2011 11
Tuesday, September 20, 11
40. Iftach Ian Amit | September 2011
2. Data Targeting & Acquisition
• Weaponizing commercial tools
• Creating “APT” capabilities
• But first - targeting...
All rights reserved to Security Art ltd. 2002-2011 12
Tuesday, September 20, 11
41. Iftach Ian Amit | September 2011
Step 1: Basic Intel
What is the
target “willing”
to tell about
itself?
All rights reserved to Security Art ltd. 2002-2011 13
Tuesday, September 20, 11
42. Iftach Ian Amit | September 2011
Step 1: Basic Intel
What is the
target “willing”
to tell about
itself?
All rights reserved to Security Art ltd. 2002-2011 13
Tuesday, September 20, 11
43. Iftach Ian Amit | September 2011
Who’s your daddy?
And buddy, and friends, relatives, colleagues...
All rights reserved to Security Art ltd. 2002-2011 14
Tuesday, September 20, 11
44. Iftach Ian Amit | September 2011
Who’s your daddy?
And buddy, and friends, relatives, colleagues...
All rights reserved to Security Art ltd. 2002-2011 14
Tuesday, September 20, 11
45. Iftach Ian Amit | September 2011
Who’s your daddy?
And buddy, and friends, relatives, colleagues...
All rights reserved to Security Art ltd. 2002-2011 14
Tuesday, September 20, 11
46. Iftach Ian Amit | September 2011
Who’s your daddy?
And buddy, and friends, relatives, colleagues...
All rights reserved to Security Art ltd. 2002-2011 14
Tuesday, September 20, 11
47. Iftach Ian Amit | September 2011
All rights reserved to Security Art ltd. 2002-2011 15
Tuesday, September 20, 11
48. Iftach Ian Amit | September 2011
All rights reserved to Security Art ltd. 2002-2011 15
Tuesday, September 20, 11
49. Iftach Ian Amit | September 2011
Select your target wisely
And then craft your payload :-)
All rights reserved to Security Art ltd. 2002-2011 16
Tuesday, September 20, 11
50. Iftach Ian Amit | September 2011
Not as expensive as you think
• ZeuS: $3000-$5000
• SpyEye: $2500-$4000
• Limbo: $500-$1500
All rights reserved to Security Art ltd. 2002-2011 17
Tuesday, September 20, 11
51. Iftach Ian Amit | September 2011
Not as expensive as you think
• ZeuS: $3000-$5000
• SpyEye: $2500-$4000
• Limbo: $500-$1500
All rights reserved to Security Art ltd. 2002-2011 17
Tuesday, September 20, 11
52. Iftach Ian Amit | September 2011
Not as expensive as you think
• ZeuS: $3000-$5000
• SpyEye: $2500-$4000
• Limbo: $500-$1500
All rights reserved to Security Art ltd. 2002-2011 17
Tuesday, September 20, 11
53. Iftach Ian Amit | September 2011
Not as expensive as you think
• ZeuS: $3000-$5000
E!
RE
• SpyEye: $2500-$4000
F
• Limbo: $500-$1500
All rights reserved to Security Art ltd. 2002-2011 17
Tuesday, September 20, 11
54. Iftach Ian Amit | September 2011
Just make sure to pack
Experienced travelers
know the importance
of packing properly
All rights reserved to Security Art ltd. 2002-2011 18
Tuesday, September 20, 11
55. Iftach Ian Amit | September 2011
Just make sure to pack
Experienced travelers
know the importance
of packing properly
All rights reserved to Security Art ltd. 2002-2011 18
Tuesday, September 20, 11
56. Iftach Ian Amit | September 2011
And set measurable goals
• File servers
• Databases
• File types
• Gateways (routes)
• Printers
All rights reserved to Security Art ltd. 2002-2011 19
Tuesday, September 20, 11
57. Iftach Ian Amit | September 2011
From mass infection to APT
Mass infection: APT:
5-6 days before 5-6 months before
detection detection
All rights reserved to Security Art ltd. 2002-2011 20
Tuesday, September 20, 11
58. Iftach Ian Amit | September 2011
From mass infection to APT
Mass infection: APT:
5-6 days before 5-6 months before
detection detection
All rights reserved to Security Art ltd. 2002-2011 20
Tuesday, September 20, 11
59. Iftach Ian Amit | September 2011
From mass infection to APT
Mass infection: APT:
5-6 days before 5-6 months before
detection detection
Frequent updates No* updates
* Almost
All rights reserved to Security Art ltd. 2002-2011 20
Tuesday, September 20, 11
60. Iftach Ian Amit | September 2011
From mass infection to APT
PATIENCE
Mass infection: APT:
5-6 days before 5-6 months before
detection detection
Frequent updates No* updates
* Almost
All rights reserved to Security Art ltd. 2002-2011 21
Tuesday, September 20, 11
61. Iftach Ian Amit | September 2011
Control?
• What happens when you
are so far behind?
Internet
• Just use your friends
(peers)
• Expect a one-way
3rd party
command scheme.
You!
• Exfiltration is a
Target
different animal...
All rights reserved to Security Art ltd. 2002-2011 22
Tuesday, September 20, 11
62. Iftach Ian Amit | September 2011
Control?
• What happens when you
are so far behind?
Internet
• Just use your friends
(peers)
• Expect a one-way
3rd party
command scheme.
You!
• Exfiltration is a
Target
different animal...
All rights reserved to Security Art ltd. 2002-2011 22
Tuesday, September 20, 11
63. Iftach Ian Amit | September 2011
Control?
• What happens when you
are so far behind?
Internet
• Just use your friends
(peers)
• Expect a one-way
3rd party
command scheme.
You!
• Exfiltration is a
Target
different animal...
All rights reserved to Security Art ltd. 2002-2011 22
Tuesday, September 20, 11
64. Iftach Ian Amit | September 2011
Control?
• What happens when you
are so far behind?
Internet
• Just use your friends
(peers)
• Expect a one-way
3rd party
command scheme.
You!
• Exfiltration is a
Target
different animal...
All rights reserved to Security Art ltd. 2002-2011 22
Tuesday, September 20, 11
65. Iftach Ian Amit | September 2011
Control?
• What happens when you
are so far behind?
Internet
• Just use your friends
(peers)
• Expect a one-way
3rd party
command scheme.
You!
• Exfiltration is a
Target
different animal...
All rights reserved to Security Art ltd. 2002-2011 22
Tuesday, September 20, 11
66. Iftach Ian Amit | September 2011
Control?
• What happens when you
are so far behind?
Internet
• Just use your friends
(peers)
• Expect a one-way
3rd party
command scheme.
You!
• Exfiltration is a
Target
different animal...
All rights reserved to Security Art ltd. 2002-2011 22
Tuesday, September 20, 11
67. Iftach Ian Amit | September 2011
Control?
• What happens when you
are so far behind?
Internet
• Just use your friends
(peers)
• Expect a one-way
3rd party
command scheme.
You!
• Exfiltration is a
Target
different animal...
All rights reserved to Security Art ltd. 2002-2011 22
Tuesday, September 20, 11
68. Iftach Ian Amit | September 2011
3. Exfiltration
• Avoiding DLP
• Avoiding IPS/IDS egress filters
• Encryption
• Archiving
• Additional techniques
All rights reserved to Security Art ltd. 2002-2011 23
Tuesday, September 20, 11
69. Iftach Ian Amit | September 2011
All rights reserved to Security Art ltd. 2002-2011 24
Tuesday, September 20, 11
70. Iftach Ian Amit | September 2011
All rights reserved to Security Art ltd. 2002-2011 24
Tuesday, September 20, 11
71. Iftach Ian Amit | September 2011
How about them SSLs?
• Cool.
• Although sometimes may be intercepted
• Pesky content filters...
All rights reserved to Security Art ltd. 2002-2011 25
Tuesday, September 20, 11
72. Iftach Ian Amit | September 2011
-----BEGIN PGP MESSAGE-----
So...
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp
FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf
BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt
/gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS
Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp
Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6
leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO
hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei
SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG
vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5
gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX
/vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19
o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+
uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ
3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O
6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT
YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg
mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is
qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N
0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI=
=jN3t
-----END PGP MESSAGE-----
All rights reserved to Security Art ltd. 2002-2011 26
Tuesday, September 20, 11
73. Iftach Ian Amit | September 2011
Still “too detectable”
All rights reserved to Security Art ltd. 2002-2011 27
Tuesday, September 20, 11
74. Iftach Ian Amit | September 2011
Still “too detectable”
hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp
FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf
BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt
/gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS
Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp
Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6
leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO
hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei
SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG
vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5
gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX
/vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19
o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+
uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ
3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O
6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT
YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg
mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is
qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N
0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI=
=jN3t
All rights reserved to Security Art ltd. 2002-2011 27
Tuesday, September 20, 11
75. Iftach Ian Amit | September 2011
Much better
• Throws in some additional encodings
• And an XOR for old time’s sake
• And we are good to go...
• 0% detection rate
All rights reserved to Security Art ltd. 2002-2011 28
Tuesday, September 20, 11
76. Iftach Ian Amit | September 2011
Resistance is futile
All rights reserved to Security Art ltd. 2002-2011 29
Tuesday, September 20, 11
77. Iftach Ian Amit | September 2011
But you have no network
• They killed 80, 443, 53 and cut the cable to
the interwebs!
• Go old-school!
All rights reserved to Security Art ltd. 2002-2011 30
Tuesday, September 20, 11
78. Iftach Ian Amit | September 2011
Kill some trees
All rights reserved to Security Art ltd. 2002-2011 31
Tuesday, September 20, 11
79. Iftach Ian Amit | September 2011
To shred or not to shred?
All rights reserved to Security Art ltd. 2002-2011 32
Tuesday, September 20, 11
80. Iftach Ian Amit | September 2011
To shred or not to shred?
All rights reserved to Security Art ltd. 2002-2011 32
Tuesday, September 20, 11
81. Iftach Ian Amit | September 2011
Yeah, good ol’e DD...
All rights reserved to Security Art ltd. 2002-2011 33
Tuesday, September 20, 11
82. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
83. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP?
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
84. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
85. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
Target a handset/switch
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
86. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
Target a handset/switch
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
87. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
Target a handset/switch
Set up a public PBX
OR a conference call
OR a voicemail box
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
88. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
Target a handset/switch
Set up a public PBX
OR a conference call
OR a voicemail box
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
89. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
Target a handset/switch Collect your data
Set up a public PBX
OR a conference call
OR a voicemail box
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
90. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
Target a handset/switch Collect your data
Set up a public PBX
OR a conference call
OR a voicemail box
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
91. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
Target a handset/switch Collect your data
Set up a public PBX Encode
OR a conference call
OR a voicemail box
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
92. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
Target a handset/switch Collect your data
Set up a public PBX Encode
OR a conference call
OR a voicemail box
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
93. Iftach Ian Amit | September 2011
Back to hi-tech (?)
ET Phone Home
Got VOIP? Excellent!
Target a handset/switch Collect your data
Set up a public PBX Encode
OR a conference call
Call, leave a message, don’t
OR a voicemail box
expect to be called back...
All rights reserved to Security Art ltd. 2002-2011 34
Tuesday, September 20, 11
94. Iftach Ian Amit | September 2011
Voice exfiltration demo
All rights reserved to Security Art ltd. 2002-2011 35
Tuesday, September 20, 11
95. Iftach Ian Amit | September 2011
Voice exfiltration demo
All rights reserved to Security Art ltd. 2002-2011 35
Tuesday, September 20, 11
96. Iftach Ian Amit | September 2011
Voice exfiltration demo
All rights reserved to Security Art ltd. 2002-2011 35
Tuesday, September 20, 11
97. Iftach Ian Amit | September 2011
Voice exfiltration demo
All rights reserved to Security Art ltd. 2002-2011 35
Tuesday, September 20, 11
98. Iftach Ian Amit | September 2011
Voice exfiltration demo
All rights reserved to Security Art ltd. 2002-2011 35
Tuesday, September 20, 11
99. Iftach Ian Amit | September 2011
Voice exfiltration demo
All rights reserved to Security Art ltd. 2002-2011 35
Tuesday, September 20, 11
100. Iftach Ian Amit | September 2011
All rights reserved to Security Art ltd. 2002-2011 36
Tuesday, September 20, 11
101. Iftach Ian Amit | September 2011
Killing paper isn’t nice
• Fax it!
• Most corporations have email-to-fax
services
• heard of the address
555-7963@fax.corp.com ?
• Just send any document (text, doc, pdf) to it
and off you go with the data...
All rights reserved to Security Art ltd. 2002-2011 37
Tuesday, September 20, 11
102. Iftach Ian Amit | September 2011
Conclusions
• Available controls
• Information flow path mapping
• Asset mapping and monitoring
All rights reserved to Security Art ltd. 2002-2011 38
Tuesday, September 20, 11
103. Iftach Ian Amit | September 2011
Controls
• Start with the
human factor
• Then add
technology
All rights reserved to Security Art ltd. 2002-2011 39
Tuesday, September 20, 11
104. Iftach Ian Amit | September 2011
Controls
• Start with the
human factor
• Then add
technology
All rights reserved to Security Art ltd. 2002-2011 39
Tuesday, September 20, 11
105. Iftach Ian Amit | September 2011
• Where people leave data
• Hint - spend time with developers.
• “Hack” the business process
• Test, test again, and then test. Follow with a
surprise test!
All rights reserved to Security Art ltd. 2002-2011 40
Tuesday, September 20, 11
106. Iftach Ian Amit | September 2011
Map your assets
“be true to
yourself, not to
what you believe
things should look
like”
Old chinese proverb
All rights reserved to Security Art ltd. 2002-2011 41
Tuesday, September 20, 11
107. Iftach Ian Amit | September 2011
And monitor them!
They are YOUR assets
after all
No reason to be
shy about it...
And remember to add
honey...
All rights reserved to Security Art ltd. 2002-2011 42
Tuesday, September 20, 11
108. Iftach Ian Amit | September 2011
2 tips for monitoring
• Pre-infiltration - social media
• Check out SocialNet for Maltego from
packetninjas.net... :-)
• Post-infoltration - ALL your channels
• Yes - VoIP is one of them. Record,
transcribe, feed to DLP. Simple as that.
All rights reserved to Security Art ltd. 2002-2011 43
Tuesday, September 20, 11
109. Iftach Ian Amit | September 2011
Then...
TEST SOME MORE
For hints/guides see: www.pentest-standard.org
All rights reserved to Security Art ltd. 2002-2011 44
Tuesday, September 20, 11
110. Iftach Ian Amit | September 2011
Questions?
Thank you! Whitepapers:
www.security-art.com
Data modulation Exfil POC: Too shy to ask now?
http://code.google.com/p/ iamit@security-art.com
data-sound-poc/
Need your daily chatter?
twitter.com/iiamit
All rights reserved to Security Art ltd. 2002-2011 45
Tuesday, September 20, 11